Compare commits
1 Commits
112fd6053d
...
fd86da0db5
Author | SHA1 | Date |
---|---|---|
Yves G | fd86da0db5 |
|
@ -111,7 +111,7 @@ Last but not least, the machine that will run the Ansible playbook should:
|
|||
* have a version of Ansible greater than 2.2:
|
||||
** module `include_role` runs dynamically (available since version 2.4),
|
||||
** modules `ini_file`, `lineinfile`, `mount`, and `replace` use the `path` parameter (available since version 2.3),
|
||||
** modules `ldap_attr` and `ldap_entry` are used (available since version 2.3),
|
||||
** module `ldap_attrs` is used (available since version 3.4),
|
||||
** module `lineinfile` uses the `firstmatch` parameter (available since version 2.5),
|
||||
** module `user` uses the `create_home` parameter (available since version 2.5);
|
||||
|
||||
|
|
|
@ -317,22 +317,24 @@ ldap_virtual_user_gid: 65534
|
|||
# These settings are enforced at each run. Examples:
|
||||
# — gecos: the full name that typically appears on the login screen;
|
||||
# — http://directory.fedoraproject.org/docs/389ds/design/shadow-account-support.html.
|
||||
ldap_users_attrs: '[
|
||||
{"uid": "you", "attr": "gecos", "value": "Y-O. Udel"},
|
||||
{"uid": "you", "attr": "shadowLastChange", "value": "16000"},
|
||||
{"uid": "you", "attr": "shadowMax", "value": "99999"},
|
||||
{"uid": "you", "attr": "shadowWarning", "value": "7"},
|
||||
{"uid": "me", "attr": "gecos", "value": "M. Ellen"},
|
||||
{"uid": "me", "attr": "shadowLastChange", "value": "16000"},
|
||||
{"uid": "me", "attr": "shadowMax", "value": "99999"},
|
||||
{"uid": "me", "attr": "shadowWarning", "value": "7"}
|
||||
]'
|
||||
ldap_users_attrs:
|
||||
- {uid: "you", attr: "gecos", value: "Y-O. Udel"}
|
||||
- {uid: "you", attr: "shadowLastChange", value: "16000"}
|
||||
- {uid: "you", attr: "shadowMax", value: "99999"}
|
||||
- {uid: "you", attr: "shadowWarning", value: "7"}
|
||||
- {uid: "me", attr: "gecos", value: "M. Ellen"}
|
||||
- {uid: "me", attr: "shadowLastChange", value: "16000"}
|
||||
- {uid: "me", attr: "shadowMax", value: "99999"}
|
||||
- {uid: "me", attr: "shadowWarning", value: "7"}
|
||||
|
||||
# Login name and password of the LibreOffice OnLine web services’ administrator.
|
||||
# Usefulness not clear; it doesn’t hurt to use the same values as in “nextcloud_admin_user” and “nextcloud_admin_password”…
|
||||
loolwsd_admin_user: nextcloud_admin
|
||||
loolwsd_admin_password: nextcloud_admin
|
||||
|
||||
# Language used by LibreOffice OnLine (LOOL), either 2 or 5 characters, packaged with CollaboraOnline.
|
||||
loolwsd_lang: en
|
||||
|
||||
# LibreOffice OnLine’s description: “The maximum percentage of system memory consumed
|
||||
# by all of the LibreOffice Online, after which we start cleaning up idle documents”.
|
||||
loolwsd_maxmem_asdouble: '80.0'
|
||||
|
@ -537,7 +539,7 @@ prosody_db_password: prosody
|
|||
sane_drivers: epson2
|
||||
|
||||
# Space-separated list of pacman mirrors to use.
|
||||
software_mirrors: 'archlinux.de-labrusse.fr mirror.archlinux.ikoula.com'
|
||||
software_mirrors: 'mirror.archlinux.ikoula.com archlinux.vi-di.fr'
|
||||
|
||||
# Software that will get removed if present, on next run of the playbook (JSON list).
|
||||
software_to_del: '["dhcpcd"]'
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
copy:
|
||||
content: |
|
||||
location = / {
|
||||
rewrite ^ $scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
|
||||
rewrite ^ $proxy_scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
|
||||
}
|
||||
location {{http_pfx_dotclear}} {
|
||||
alias {{dotclear_root}};
|
||||
|
|
|
@ -171,13 +171,13 @@
|
|||
with_items: "{{mail_alias_memberships}}"
|
||||
|
||||
- name: declare existing aliases’ members
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "cn={{item.alias}},ou=Aliases,{{ldap_root}}"
|
||||
name: rfc822MailMember
|
||||
values: "{{item.member}}"
|
||||
attributes:
|
||||
rfc822MailMember: "{{item.member}}"
|
||||
state: present
|
||||
with_items: "{{mail_alias_memberships}}"
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ server {
|
|||
access_log /var/log/nginx/http_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "http";
|
||||
set $proxy_https "off";
|
||||
set $proxy_port "80";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
@ -32,6 +33,7 @@ server {
|
|||
access_log /var/log/nginx/https_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "https";
|
||||
set $proxy_https "on";
|
||||
set $proxy_port "443";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
@ -46,6 +48,7 @@ server {
|
|||
access_log /var/log/nginx/https_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "https";
|
||||
set $proxy_https "on";
|
||||
set $proxy_port "443";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
|
|
@ -51,6 +51,12 @@
|
|||
notify:
|
||||
- restart dovecot.service
|
||||
|
||||
- name: create the configuration directory
|
||||
file:
|
||||
name: /etc/dovecot
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: main configuration
|
||||
template:
|
||||
src: templates/dovecot.conf.j2
|
||||
|
|
|
@ -6,6 +6,13 @@
|
|||
# WARNING: This file may be used inside a mounted chroot.
|
||||
# The running system should not be assumed to be the target system.
|
||||
|
||||
- name: set hostname (needed by etckeeper)
|
||||
copy:
|
||||
content: |
|
||||
{{hostname}}
|
||||
dest: "{{chroot}}/etc/hostname"
|
||||
mode: 0644
|
||||
|
||||
### INIT ⇒ ###
|
||||
- name: init EtcKeeper
|
||||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=init.yml
|
||||
|
@ -74,13 +81,6 @@
|
|||
mode: 0644
|
||||
|
||||
# Host names
|
||||
- name: set hostname
|
||||
copy:
|
||||
content: |
|
||||
{{hostname}}
|
||||
dest: "{{chroot}}/etc/hostname"
|
||||
mode: 0644
|
||||
|
||||
- name: set the hosts file
|
||||
copy:
|
||||
src: files/hosts
|
||||
|
|
|
@ -12,11 +12,11 @@
|
|||
- name: restart socat-unix-to-tcp4@-run-shared_sockets-motion_control.socket\x3alocalhost\x3a1080.service
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
name: socat-unix-to-tcp4@-run-shared_sockets-motion_control.socket\\x3alocalhost\\x3a1080.service
|
||||
name: socat-unix-to-tcp4@-run-shared_sockets-motion_control.socket\x3alocalhost\x3a1080.service
|
||||
state: restarted
|
||||
|
||||
- name: restart socat-unix-to-tcp4@-run-shared_sockets-motion_stream.socket\x3alocalhost\x3a1081.service
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
name: socat-unix-to-tcp4@-run-shared_sockets-motion_stream.socket\\x3alocalhost\\x3a1081.service
|
||||
name: socat-unix-to-tcp4@-run-shared_sockets-motion_stream.socket\x3alocalhost\x3a1081.service
|
||||
state: restarted
|
||||
|
|
|
@ -27,7 +27,12 @@
|
|||
allow_duplicates: true
|
||||
vars:
|
||||
packages:
|
||||
- collabora-online-server-nodocker
|
||||
- pkg: collabora-online-server-nodocker
|
||||
pre: |
|
||||
LANG=C sed -ri '
|
||||
s/^(_I18N_EREGEX=).*$/\1{{loolwsd_lang}}/
|
||||
' PKGBUILD
|
||||
cat PKGBUILD
|
||||
aur_user: git
|
||||
|
||||
- name: create the nextcloud user
|
||||
|
@ -87,8 +92,10 @@
|
|||
with_dict:
|
||||
server_name: '{{net_soa}}:443'
|
||||
memproportion: '{{loolwsd_maxmem_asdouble}}'
|
||||
'enable\s[^>]*browser': 'false'
|
||||
'enable\s[^>]*SSL[^>]*between loolwsd and the network': 'false'
|
||||
termination: 'true'
|
||||
'as_scheme\s[^>]*SSL': 'false'
|
||||
'enable\s[^>]*SSL[^>]*between storage and loolwsd': 'false'
|
||||
username: '{{loolwsd_admin_user}}'
|
||||
password: '{{loolwsd_admin_password}}'
|
||||
notify:
|
||||
|
@ -103,33 +110,37 @@
|
|||
notify:
|
||||
- restart loolwsd.service
|
||||
|
||||
- name: ensure ownership of the nextcloud home directory
|
||||
file:
|
||||
path: "{{nextcloud_data}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
recurse: true
|
||||
- name: ensure Nextcloud ownership
|
||||
block:
|
||||
|
||||
- name: ensure ownership of the nextcloud configuration directory
|
||||
file:
|
||||
path: "{{nextcloud_conf}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
mode: 0750
|
||||
- name: ensure Nextcloud ownership: prepare file
|
||||
shell: >
|
||||
sed -r '
|
||||
/%[CL]/ d;
|
||||
s#%S/nextcloud#{{nextcloud_data}}#g;
|
||||
s#%t#/var/tmp#g;
|
||||
s/([[:blank:]]+nextcloud){2}$/ {{nextcloud_user}} {{nextcloud_user}}/
|
||||
'
|
||||
</usr/lib/tmpfiles.d/nextcloud.conf
|
||||
>/tmp/nextcloud.conf
|
||||
changed_when: false
|
||||
|
||||
- name: create extra directories
|
||||
file:
|
||||
path: "{{item}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
mode: 0750
|
||||
with_items:
|
||||
- /var/tmp/nextcloud
|
||||
- "{{nextcloud_data}}/data"
|
||||
- "{{nextcloud_data}}/apps"
|
||||
- name: ensure Nextcloud ownership: install file
|
||||
copy:
|
||||
src: /tmp/nextcloud.conf
|
||||
dest: /etc/tmpfiles.d/nextcloud.conf
|
||||
remote_src: true
|
||||
|
||||
always:
|
||||
- name: ensure Nextcloud ownership: cleanup
|
||||
file:
|
||||
path: /tmp/nextcloud.conf
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
- name: ensure Nextcloud ownership: apply
|
||||
command: systemd-tmpfiles --create
|
||||
changed_when: false
|
||||
|
||||
- name: send initial configuration
|
||||
copy:
|
||||
|
|
|
@ -33,12 +33,26 @@
|
|||
msg: php
|
||||
### ⇐ UPSTREAM END ###
|
||||
|
||||
- name: enable PHP extension imagick
|
||||
- name: enable PHP extensions
|
||||
lineinfile:
|
||||
path: /etc/php/conf.d/imagick.ini
|
||||
path: /etc/php/conf.d/{{item}}.ini
|
||||
backrefs: true
|
||||
regexp: '^;*(extension=imagick)\s*$'
|
||||
regexp: '^;\s*(extension\s*=\s*{{item}}).*$'
|
||||
line: '\1'
|
||||
with_items:
|
||||
- apcu
|
||||
- geoip
|
||||
- imagick
|
||||
|
||||
- name: alter PHP APCu configuration lines
|
||||
lineinfile:
|
||||
path: /etc/php/conf.d/apcu.ini
|
||||
regexp: '^;*{{item.name}}\s*='
|
||||
line: '{{item.name}}={{item.value}}'
|
||||
with_items:
|
||||
- {name: 'apc.enable_cli', value: 1}
|
||||
notify:
|
||||
- restart php-fpm.service (front)
|
||||
|
||||
- name: activate PHP extensions
|
||||
lineinfile:
|
||||
|
|
|
@ -226,13 +226,12 @@
|
|||
with_items: "{{ldap_virtual_users}}"
|
||||
|
||||
- name: all users’ properties LDIF
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "uid={{item.uid}},ou=Users,{{ldap_root}}"
|
||||
name: "{{item.attr}}"
|
||||
values: "{{item.value}}"
|
||||
attributes: '{"{{item.attr}}": "{{item.value}}"}'
|
||||
state: exact
|
||||
with_items: "{{ldap_users_attrs}}"
|
||||
|
||||
|
@ -250,13 +249,13 @@
|
|||
with_items: "{{ldap_system_groups}}"
|
||||
|
||||
- name: declare existing groups’ members
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "cn={{item.group}},ou=Groups,{{ldap_root}}"
|
||||
name: memberuid
|
||||
values: "{{item.member}}"
|
||||
attributes:
|
||||
memberuid: "{{item.member}}"
|
||||
state: present
|
||||
with_items: "{{ldap_system_group_members}}"
|
||||
|
||||
|
|
|
@ -5,3 +5,4 @@
|
|||
|
||||
dependencies:
|
||||
- role: cleanupdate
|
||||
- role: dmz_nginx
|
||||
|
|
Loading…
Reference in New Issue