parent
61d690ee9a
commit
cc400eb5ef
20 changed files with 304 additions and 0 deletions
After Width: | Height: | Size: 5.8 KiB |
@ -0,0 +1,43 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
# Version to install |
||||||
|
miniflux_version: 2.0.28 |
||||||
|
# URL of the binary to install |
||||||
|
miniflux_bin_url: https://github.com/miniflux/v2/releases/download/{{ miniflux_version }}/miniflux-linux-amd64 |
||||||
|
# Expected sha1 of the binary |
||||||
|
miniflux_bin_sha1: 9e3ad863c1529d43828748b427f8bfb89b37fc08 |
||||||
|
# Should ansible handle upgrades ? If false, only initial install will be done |
||||||
|
miniflux_manage_upgrade: True |
||||||
|
|
||||||
|
# Top dir where miniflux will be installed |
||||||
|
miniflux_root_dir: /opt/miniflux |
||||||
|
# User account under which miniflux will run |
||||||
|
miniflux_user: miniflux |
||||||
|
|
||||||
|
miniflux_db_server: "{{ pg_server | default('localhost') }}" |
||||||
|
miniflux_db_port: 5432 |
||||||
|
miniflux_db_name: miniflux |
||||||
|
miniflux_db_user: miniflux |
||||||
|
# A random one will be created and stored in the meta sub dir |
||||||
|
# if not defined |
||||||
|
# miniflux_db_pass: S3cR3t. |
||||||
|
|
||||||
|
# Port on which miniflux will bind |
||||||
|
miniflux_port: 8085 |
||||||
|
# List of IP / CIDR for which miniflux_port will be accessible (if ansible manage iptables) |
||||||
|
miniflux_src_ip: [] |
||||||
|
|
||||||
|
# Public URL. Must be adapted if you use a reverse proxy |
||||||
|
miniflux_public_url: http://{{ inventory_hostname }}:{{ miniflux_port }}/ |
||||||
|
|
||||||
|
# Ansible will create a default admin account, you can set the password |
||||||
|
# If not defined, a random one will be created and store in meta/ansible_admin_pass |
||||||
|
# miniflux_admin_pass: p@ssw0rd |
||||||
|
|
||||||
|
# OpenID Connect auth |
||||||
|
miniflux_oidc: False |
||||||
|
# miniflux_oidc_id: miniflux |
||||||
|
# miniflux_oidc_secret: S3cr3T. |
||||||
|
# miniflux_oidc_callback_url: https://flux.example.org/oidc/oidc/callback |
||||||
|
# miniflux_oidc_disco_url: https://sso.example.org/.well-known/openid-configuration |
||||||
|
|
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: restart miniflux |
||||||
|
service: name=miniflux state=restarted |
||||||
|
when: not miniflux_started.changed |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
dependencies: |
||||||
|
- role: postgresql_server |
||||||
|
when: miniflux_db_server in ['localhost', '127.0.0.1'] |
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Compress previous version |
||||||
|
command: tar cf {{ miniflux_root_dir }}/archives/{{ miniflux_current_version }}.tar.zst --use-compress-program=zstd ./ |
||||||
|
args: |
||||||
|
chdir: "{{ miniflux_root_dir }}/archives/{{ miniflux_current_version }}" |
||||||
|
warn: False |
||||||
|
environment: |
||||||
|
ZSTD_CLEVEL: 10 |
||||||
|
tags: miniflux |
@ -0,0 +1,22 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create the archive dir |
||||||
|
file: path={{ miniflux_root_dir }}/archives/{{ miniflux_current_version }} state=directory |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Backup previous version |
||||||
|
copy: src={{ miniflux_root_dir }}/bin/miniflux dest={{ miniflux_root_dir }}/archives/{{ miniflux_current_version }}/ remote_src=True |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Backup the database |
||||||
|
command: > |
||||||
|
/usr/pgsql-13/bin/pg_dump |
||||||
|
--clean |
||||||
|
--host={{ miniflux_db_server }} |
||||||
|
--port={{ miniflux_db_port }} |
||||||
|
--username={{ miniflux_db_user }} |
||||||
|
{{ miniflux_db_name }} |
||||||
|
--file={{ miniflux_root_dir }}/archives/{{ miniflux_current_version }}/{{ miniflux_db_name }}.sql |
||||||
|
environment: |
||||||
|
- PGPASSWORD: "{{ miniflux_db_pass }}" |
||||||
|
tags: miniflux |
@ -0,0 +1,7 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Remove tmp and obsolete files |
||||||
|
file: path={{ item }} state=absent |
||||||
|
loop: |
||||||
|
- "{{ miniflux_root_dir }}/archives/{{ miniflux_current_version }}" |
||||||
|
tags: miniflux |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Deploy configuration |
||||||
|
template: src=miniflux.conf.j2 dest={{ miniflux_root_dir }}/etc/miniflux.conf group={{ miniflux_user }} mode=640 |
||||||
|
tags: miniflux |
@ -0,0 +1,17 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create needed directories |
||||||
|
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||||
|
loop: |
||||||
|
- dir: "{{ miniflux_root_dir }}/bin" |
||||||
|
- dir: "{{ miniflux_root_dir }}/etc" |
||||||
|
group: "{{ miniflux_user }}" |
||||||
|
mode: 750 |
||||||
|
- dir: "{{ miniflux_root_dir }}/tmp" |
||||||
|
- dir: "{{ miniflux_root_dir }}/meta" |
||||||
|
mode: 700 |
||||||
|
- dir: "{{ miniflux_root_dir }}/archives" |
||||||
|
mode: 700 |
||||||
|
- dir: "{{ miniflux_root_dir }}/backup" |
||||||
|
mode: 700 |
||||||
|
tags: miniflux |
@ -0,0 +1,29 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Detect installed version |
||||||
|
block: |
||||||
|
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||||
|
vars: |
||||||
|
- root_dir: "{{ miniflux_root_dir }}" |
||||||
|
- version: "{{ miniflux_version }}" |
||||||
|
- set_fact: miniflux_install_mode={{ (install_mode == 'upgrade' and not miniflux_manage_upgrade) | ternary('none',install_mode) }} |
||||||
|
- set_fact: miniflux_current_version={{ current_version | default('') }} |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- when: miniflux_db_pass is not defined |
||||||
|
name: Generate a random pass for the database |
||||||
|
block: |
||||||
|
- import_tasks: ../includes/get_rand_pass.yml |
||||||
|
vars: |
||||||
|
- pass_file: "{{ miniflux_root_dir }}/meta/ansible_dbpass" |
||||||
|
- set_fact: miniflux_db_pass={{ rand_pass }} |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- when: miniflux_admin_pass is not defined |
||||||
|
name: Generate a random pass for the admin account |
||||||
|
block: |
||||||
|
- import_tasks: ../includes/get_rand_pass.yml |
||||||
|
vars: |
||||||
|
- pass_file: "{{ miniflux_root_dir }}/meta/ansible_admin_pass" |
||||||
|
- set_fact: miniflux_admin_pass={{ rand_pass }} |
||||||
|
tags: miniflux |
@ -0,0 +1,69 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Install needed tools |
||||||
|
package: |
||||||
|
name: |
||||||
|
- tar |
||||||
|
- zstd |
||||||
|
- postgresql13 |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Download miniflux |
||||||
|
get_url: |
||||||
|
url: "{{ miniflux_bin_url }}" |
||||||
|
dest: "{{ miniflux_root_dir }}/bin/miniflux" |
||||||
|
checksum: sha1:{{ miniflux_bin_sha1 }} |
||||||
|
mode: 755 |
||||||
|
when: miniflux_install_mode != 'none' |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Install systemd unit |
||||||
|
template: src=miniflux.service.j2 dest=/etc/systemd/system/miniflux.service |
||||||
|
register: miniflux_unit |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Reload systemd |
||||||
|
systemd: daemon_reload=True |
||||||
|
when: miniflux_unit.changed |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Create the PostgreSQL role |
||||||
|
postgresql_user: |
||||||
|
db: postgres |
||||||
|
name: "{{ miniflux_db_user }}" |
||||||
|
password: "{{ miniflux_db_pass }}" |
||||||
|
login_host: "{{ miniflux_db_server }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ pg_admin_pass }}" |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Create the PostgreSQL database |
||||||
|
postgresql_db: |
||||||
|
name: "{{ miniflux_db_name }}" |
||||||
|
encoding: UTF-8 |
||||||
|
lc_collate: C |
||||||
|
lc_ctype: C |
||||||
|
template: template0 |
||||||
|
owner: "{{ miniflux_db_user }}" |
||||||
|
login_host: "{{ miniflux_db_server }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ pg_admin_pass }}" |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Enable required PostgreSQL extensions |
||||||
|
postgresql_ext: |
||||||
|
name: "{{ item }}" |
||||||
|
db: "{{ miniflux_db_name }}" |
||||||
|
login_host: "{{ miniflux_db_server }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ pg_admin_pass }}" |
||||||
|
loop: |
||||||
|
- hstore |
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
- name: Install backup hooks |
||||||
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/miniflux mode=700 |
||||||
|
loop: |
||||||
|
- pre |
||||||
|
- post |
||||||
|
tags: miniflux |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Handle miniflux port in the firewall |
||||||
|
iptables_raw: |
||||||
|
name: miniflux_port |
||||||
|
state: "{{ (miniflux_src_ip | length > 0) | ternary('present','absent') }}" |
||||||
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ miniflux_port }} -s {{ miniflux_src_ip | join(',') }} -j ACCEPT" |
||||||
|
tags: firewall,miniflux |
@ -0,0 +1,16 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- include: user.yml |
||||||
|
- include: directories.yml |
||||||
|
- include: facts.yml |
||||||
|
- include: archive_pre.yml |
||||||
|
when: miniflux_install_mode == 'upgrade' |
||||||
|
- include: install.yml |
||||||
|
- include: conf.yml |
||||||
|
- include: iptables.yml |
||||||
|
when: iptables_manage | default(True) |
||||||
|
- include: services.yml |
||||||
|
- include: write_version.yml |
||||||
|
- include: archive_post.yml |
||||||
|
when: miniflux_install_mode == 'upgrade' |
||||||
|
- include: cleanup.yml |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Start and enable the service |
||||||
|
service: name=miniflux state=started enabled=True |
||||||
|
register: miniflux_started |
||||||
|
tags: miniflux |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create user |
||||||
|
user: name={{ miniflux_user }} system=True shell=/sbin/nologin home={{ miniflux_root_dir }} |
||||||
|
tags: miniflux |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Write installed version |
||||||
|
copy: content={{ miniflux_version }} dest={{ miniflux_root_dir }}/meta/ansible_version |
||||||
|
tags: miniflux |
@ -0,0 +1,17 @@ |
|||||||
|
DATABASE_URL="host={{ miniflux_db_server }} port={{ miniflux_db_port }} user={{ miniflux_db_user }} password='{{ miniflux_db_pass }}' dbname={{ miniflux_db_name }} sslmode=disable" |
||||||
|
LISTEN_ADDR=0.0.0.0 |
||||||
|
PORT={{ miniflux_port }} |
||||||
|
BASE_URL={{ miniflux_public_url }} |
||||||
|
RUN_MIGRATIONS=1 |
||||||
|
CREATE_ADMIN=1 |
||||||
|
ADMIN_USERNAME=admin |
||||||
|
ADMIN_PASSWORD={{ miniflux_admin_pass | quote }} |
||||||
|
PROXY_IMAGES=all |
||||||
|
{% if miniflux_oidc %} |
||||||
|
OAUTH2_PROVIDER=oidc |
||||||
|
OAUTH2_CLIENT_ID={{ miniflux_oidc_id | quote }} |
||||||
|
OAUTH2_CLIENT_SECRET={{ minifluxçoidc_secret | quote }} |
||||||
|
OAUTH2_REDIRECT_URL={{ miniflux_oidc_callback_url }} |
||||||
|
OAUTH2_OIDC_DISCOVERY_ENDPOINT={{ miniflux_oidc_disco_url }} |
||||||
|
OAUTH2_USER_CREATION=1 |
||||||
|
{% endif %} |
@ -0,0 +1,23 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Miniflux Feed Reader |
||||||
|
After=network.target postgresql.service |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=simple |
||||||
|
EnvironmentFile={{ miniflux_root_dir }}/etc/miniflux.conf |
||||||
|
User={{ miniflux_user }} |
||||||
|
ExecStart={{ miniflux_root_dir }}/bin/miniflux |
||||||
|
Restart=always |
||||||
|
NoNewPrivileges=true |
||||||
|
PrivateDevices=true |
||||||
|
ProtectControlGroups=true |
||||||
|
ProtectHome=true |
||||||
|
ProtectKernelModules=true |
||||||
|
ProtectKernelTunables=true |
||||||
|
ProtectSystem=strict |
||||||
|
RestrictRealtime=true |
||||||
|
ReadWritePaths=/run |
||||||
|
PrivateTmp=true |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
@ -0,0 +1,3 @@ |
|||||||
|
#!/bin/bash -e |
||||||
|
|
||||||
|
rm -f {{ miniflux_root_dir }}/backup/* |
@ -0,0 +1,9 @@ |
|||||||
|
#!/bin/bash -e |
||||||
|
|
||||||
|
PGPASSWORD='{{ miniflux_db_pass }}' /usr/pgsql-13/bin/pg_dump \ |
||||||
|
--clean \ |
||||||
|
--username={{ miniflux_db_user | quote }} \ |
||||||
|
--host={{ miniflux_db_server | quote }} \ |
||||||
|
{{ miniflux_db_name | quote }} | \ |
||||||
|
zstd -c > {{ miniflux_root_dir }}/backup/{{ miniflux_db_name | quote }}.sql.zst |
||||||
|
|
Loading…
Reference in new issue