Compare commits

...

3 Commits

Author SHA1 Message Date
Yves G fd86da0db5 miscellaneous fixes 2021-11-04 19:25:36 +01:00
Yves G 6fb26de9ae aur: allow pre-build commands 2021-11-04 19:04:57 +01:00
Yves G d32a9f70e8 updates/fixes + allow some performance tuning 2021-05-04 15:15:44 +02:00
26 changed files with 302 additions and 121 deletions

View File

@ -111,7 +111,7 @@ Last but not least, the machine that will run the Ansible playbook should:
* have a version of Ansible greater than 2.2:
** module `include_role` runs dynamically (available since version 2.4),
** modules `ini_file`, `lineinfile`, `mount`, and `replace` use the `path` parameter (available since version 2.3),
** modules `ldap_attr` and `ldap_entry` are used (available since version 2.3),
** module `ldap_attrs` is used (available since version 3.4),
** module `lineinfile` uses the `firstmatch` parameter (available since version 2.5),
** module `user` uses the `create_home` parameter (available since version 2.5);

View File

@ -82,6 +82,9 @@ fw_portknock_seq: 1 22 333 4444 333 22 1
# The email address associated to root, for commits in the git repository that stores changes to /etc.
git_contact_email: hostmaster@example.org
# Watch new repositories inside the already-watched perimeter by default.
gitea_auto_watch_new_repos: 'true'
# Name of the Gitea (web UI for Git) database in PostgreSQL.
gitea_db: gitea
@ -91,18 +94,83 @@ gitea_db_user: gitea
# Password for the PostgreSQL user who owns the Gitea database.
gitea_db_password: gitea
# Disable Gravatar pictures.
gitea_disable_gravatar: 'false'
# Disable HTTP for Git access.
gitea_disable_http_git: 'false'
# Disable mirrors.
gitea_disable_mirrors: 'true'
# Disable creation of organisations in Gitea (“true” or “false”, as a character string).
gitea_disable_org_creation: 'true'
# Disable self-registration in Gitea (“true” or “false”, as a character string).
gitea_disable_registration: 'false'
# Disable logs by Gitea router.
gitea_disable_router_log: 'false'
# Enable API and Swagger UI.
gitea_enable_api: 'true'
# Enable caching for the web UI.
gitea_enable_cache: 'true'
# Enable email notifications in Gitea (“true” or “false”, as a character string).
gitea_enable_notify_email: 'true'
# Enable OAuth2 provider.
gitea_enable_oauth2_provider: 'false'
# Index repositories.
gitea_enable_repo_indexer: 'true'
# Enable user heat-map.
gitea_enable_user_heatmap: 'true'
# Enable the time-tracking feature.
gitea_enable_timetracking: 'true'
# Available languages.
gitea_i18n: [
{"code": "en-US", "label": "English"},
{"code": "zh-CN", "label": "简体中文"},
{"code": "zh-HK", "label": "繁體中文(香港)"},
{"code": "zh-TW", "label": "繁體中文(台灣)"},
{"code": "de-DE", "label": "Deutsch"},
{"code": "fr-FR", "label": "français"},
{"code": "nl-NL", "label": "Nederlands"},
{"code": "lv-LV", "label": "latviešu"},
{"code": "ru-RU", "label": "русский"},
{"code": "uk-UA", "label": "Українська"},
{"code": "ja-JP", "label": "日本語"},
{"code": "es-ES", "label": "español"},
{"code": "pt-BR", "label": "português do Brasil"},
{"code": "pt-PT", "label": "Português de Portugal"},
{"code": "pl-PL", "label": "polski"},
{"code": "bg-BG", "label": "български"},
{"code": "it-IT", "label": "italiano"},
{"code": "fi-FI", "label": "suomi"},
{"code": "tr-TR", "label": "Türkçe"},
{"code": "cs-CZ", "label": "čeština"},
{"code": "sr-SP", "label": "српски"},
{"code": "sv-SE", "label": "svenska"},
{"code": "ko-KR", "label": "한국어"}
]
# JWT secret for OAuth2
gitea_jwt_secret: az09ZA_az09ZA_az09ZA_az09ZA_az09ZA_az09ZA
# Space-separated list of mime types to accept for attachments (“*/*” means: “anything”).
gitea_mime_attach: 'image/jpeg image/png application/zip application/gzip'
# Notifications refresh in seconds.
gitea_notif_min_timeout: 10
gitea_notif_max_timeout: 60
gitea_notif_timeout_step: 10
# A random salt-string for internal encryption (change it!).
gitea_security_secret: '!#@FDEWREWR&*('
@ -249,22 +317,24 @@ ldap_virtual_user_gid: 65534
# These settings are enforced at each run. Examples:
# — gecos: the full name that typically appears on the login screen;
# — http://directory.fedoraproject.org/docs/389ds/design/shadow-account-support.html.
ldap_users_attrs: '[
{"uid": "you", "attr": "gecos", "value": "Y-O. Udel"},
{"uid": "you", "attr": "shadowLastChange", "value": "16000"},
{"uid": "you", "attr": "shadowMax", "value": "99999"},
{"uid": "you", "attr": "shadowWarning", "value": "7"},
{"uid": "me", "attr": "gecos", "value": "M. Ellen"},
{"uid": "me", "attr": "shadowLastChange", "value": "16000"},
{"uid": "me", "attr": "shadowMax", "value": "99999"},
{"uid": "me", "attr": "shadowWarning", "value": "7"}
]'
ldap_users_attrs:
- {uid: "you", attr: "gecos", value: "Y-O. Udel"}
- {uid: "you", attr: "shadowLastChange", value: "16000"}
- {uid: "you", attr: "shadowMax", value: "99999"}
- {uid: "you", attr: "shadowWarning", value: "7"}
- {uid: "me", attr: "gecos", value: "M. Ellen"}
- {uid: "me", attr: "shadowLastChange", value: "16000"}
- {uid: "me", attr: "shadowMax", value: "99999"}
- {uid: "me", attr: "shadowWarning", value: "7"}
# Login name and password of the LibreOffice OnLine web services administrator.
# Usefulness not clear; it doesnt hurt to use the same values as in “nextcloud_admin_user” and “nextcloud_admin_password”…
loolwsd_admin_user: nextcloud_admin
loolwsd_admin_password: nextcloud_admin
# Language used by LibreOffice OnLine (LOOL), either 2 or 5 characters, packaged with CollaboraOnline.
loolwsd_lang: en
# LibreOffice OnLines description: “The maximum percentage of system memory consumed
# by all of the LibreOffice Online, after which we start cleaning up idle documents”.
loolwsd_maxmem_asdouble: '80.0'
@ -293,6 +363,9 @@ mail_ignore_ip: '2001:860:e2ef::f503:0:2'
# All local mail destinations, which include managed domains, as well as host names.
mail_local_domains: 'home dmz localhost example.org *.example.org *.local'
# Maximum number of SPAM-filter workers.
mail_max_spam_workers: 5
# The ISPs smarthost (which listens on port 25).
mail_smtp_smarthost: smtp.bbox.fr
@ -426,6 +499,12 @@ nginx_loglevel: info
# Administrator password for PostgreSQL.
pgpassword: PostgreSQL
# Maximum number of PHP-handling processes.
php_max_workers: 5
# Maximum number of requests a PHP-handling process can handle before being reset (0: never reset).
php_worker_max_reqs: 0
# Maximum number of bytes in a Privatebin paste (or image).
privatebin_bytes_limit: 10485760
@ -460,7 +539,7 @@ prosody_db_password: prosody
sane_drivers: epson2
# Space-separated list of pacman mirrors to use.
software_mirrors: 'archlinux.de-labrusse.fr mirror.archlinux.ikoula.com'
software_mirrors: 'mirror.archlinux.ikoula.com archlinux.vi-di.fr'
# Software that will get removed if present, on next run of the playbook (JSON list).
software_to_del: '["dhcpcd"]'

View File

@ -15,7 +15,8 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: '["dehydrated-git"]'
packages:
- dehydrated-git
aur_user: git
### UPSTREAM END ⇒ ###

View File

@ -3,7 +3,7 @@
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
# mandatory parameters: pkg_name and aur_user
# mandatory parameters: pkg_name, pre_cmd, aur_user
- name: AUR → {{pkg_name}} → read current version
shell: |
@ -40,6 +40,20 @@
- name: AUR → {{pkg_name}} → work with the recipe
block:
- name: AUR → {{pkg_name}} → run custom pre-processing commands
shell: "{{pre_cmd}}"
args:
chdir: /var/tmp/{{aurjson.json.results[0].PackageBase}}
warn: false
when: pre_cmd
register: debugCustom
- name: AUR → {{pkg_name}} → see custom pre-processing commands result
debug:
var: debugCustom
when: pre_cmd
changed_when: false
- name: AUR → {{pkg_name}} → read the real version
command: >
bash -c

View File

@ -18,8 +18,9 @@
- name: AUR → installation
include_tasks: install.yml
vars:
pkg_name: "{{item}}"
with_items: "{{pkg_names}}"
pkg_name: "{{(item is mapping) | ternary(item.pkg, item)}}"
pre_cmd: "{{(item is mapping) | ternary(item.pre, '')}}"
with_items: "{{packages}}"
always:
- name: AUR → remove base-devel and dependencies
shell: |

View File

@ -46,7 +46,7 @@
copy:
content: |
location = / {
rewrite ^ $scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
rewrite ^ $proxy_scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
}
location {{http_pfx_dotclear}} {
alias {{dotclear_root}};

View File

@ -106,7 +106,7 @@
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/shared_sockets/spamd
ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/shared_sockets/spamd --max-children={{mail_max_spam_workers}}
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
PrivateTmp=true
PrivateDevices=true
@ -171,13 +171,13 @@
with_items: "{{mail_alias_memberships}}"
- name: declare existing aliases members
ldap_attr:
ldap_attrs:
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
bind_dn: "cn=root,{{ldap_root}}"
bind_pw: "{{ldap_rootpw}}"
dn: "cn={{item.alias}},ou=Aliases,{{ldap_root}}"
name: rfc822MailMember
values: "{{item.member}}"
attributes:
rfc822MailMember: "{{item.member}}"
state: present
with_items: "{{mail_alias_memberships}}"

View File

@ -15,10 +15,8 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"ldap-account-manager"
]
packages:
- ldap-account-manager
aur_user: git
### UPSTREAM END ⇒ ###

View File

@ -51,6 +51,6 @@
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: Gitea
msg: Motion
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers

View File

@ -15,11 +15,9 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"php-zmq",
"movim"
]
packages:
- php-zmq
- movim
aur_user: git
register: software

View File

@ -200,15 +200,23 @@
notify:
- restart nginx.service
- name: set the php-fpm socket path
- name: set the php-fpm settings
lineinfile:
path: /etc/php/php-fpm.d/www.conf
regexp: '^;*listen\s*='
line: 'listen = /run/shared_sockets/php-fpm'
regexp: '^;*{{item.key}}\s*='
line: '{{item.key}} = {{item.value}}'
with_dict:
listen: /run/shared_sockets/php-fpm
pm: dynamic
'pm.max_children': '{{php_max_workers}}'
'pm.start_servers': 1
'pm.min_spare_servers': 1
'pm.max_spare_servers': '{{php_max_workers}}'
'pm.max_requests': '{{php_worker_max_reqs}}'
notify:
- restart php-fpm.service
- name: remove useless user/group specs
- name: disable useless user/group specs
lineinfile:
path: /etc/php/php-fpm.d/www.conf
backrefs: true

View File

@ -19,6 +19,7 @@ server {
access_log /var/log/nginx/http_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "http";
set $proxy_https "off";
set $proxy_port "80";
include inc.d/{{nickname}}_php-full.inc;
@ -32,6 +33,7 @@ server {
access_log /var/log/nginx/https_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "https";
set $proxy_https "on";
set $proxy_port "443";
include inc.d/{{nickname}}_php-full.inc;
@ -46,6 +48,7 @@ server {
access_log /var/log/nginx/https_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "https";
set $proxy_https "on";
set $proxy_port "443";
include inc.d/{{nickname}}_php-full.inc;

View File

@ -26,22 +26,20 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"lua52-event",
"lua52-lpty",
"prosody-mod-auth-imap-hg",
"prosody-mod-auto-accept-subscriptions-hg",
"prosody-mod-filter-chatstates-hg",
"prosody-mod-http-upload-external-hg",
"prosody-mod-offline-email-hg",
"prosody-mod-smacks",
"prosody-mod-throttle_presence"
]
packages:
- lua52-event
- lua52-lpty
- prosody-mod-auth-imap-hg
- prosody-mod-auto-accept-subscriptions-hg
- prosody-mod-filter-chatstates-hg
- prosody-mod-http-upload-external-hg
- prosody-mod-offline-email-hg
- prosody-mod-smacks
- prosody-mod-throttle_presence
aur_user: git
# "prosody-mod-log-auth",
# "prosody-mod-mam-archive",
# "prosody-mod-mam-muc",
# - prosody-mod-log-auth
# - prosody-mod-mam-archive
# - prosody-mod-mam-muc
### UPSTREAM END ⇒ ###
- name: merge upstream

View File

@ -15,10 +15,8 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"wallabag"
]
packages:
- wallabag
aur_user: git
### UPSTREAM END ⇒ ###

View File

@ -51,6 +51,12 @@
notify:
- restart dovecot.service
- name: create the configuration directory
file:
name: /etc/dovecot
state: directory
mode: 0755
- name: main configuration
template:
src: templates/dovecot.conf.j2

View File

@ -48,6 +48,7 @@
owner: '{{gitea_user}}'
recurse: true
with_items:
- /etc/gitea
- /var/lib/gitea
- /var/log/gitea
@ -61,8 +62,15 @@
- {s: null, o: RUN_USER, v: '{{gitea_user}}'}
- {s: null, o: RUN_MODE, v: prod}
- {s: repository, o: ROOT, v: /var/lib/gitea/repos}
- {s: repository, o: DISABLE_HTTP_GIT, v: '{{gitea_disable_http_git}}'}
- {s: repository, o: DISABLE_MIRRORS, v: '{{gitea_disable_mirrors}}'}
- {s: repository.editor, o: LINE_WRAP_EXTENSIONS, v: '.txt,.md,.markdown,.mdown,.mkd,.adoc,.asciidoc,'}
- {s: ui, o: SHOW_USER_EMAIL, v: 'false'}
- {s: ui, o: USE_SERVICE_WORKER, v: '{{gitea_enable_cache}}'}
- {s: ui.meta, o: MIN_TIMEOUT, v: '{{gitea_notif_min_timeout}}s'}
- {s: ui.meta, o: MAX_TIMEOUT, v: '{{gitea_notif_max_timeout}}s'}
- {s: ui.meta, o: TIMEOUT_STEP, v: '{{gitea_notif_timeout_step}}s'}
- {s: ui.meta, o: EVENT_SOURCE_UPDATE_TIME, v: '{{gitea_notif_min_timeout}}s'}
- {s: server, o: PROTOCOL, v: unix}
- {s: server, o: DOMAIN, v: '{{net_soa}}'}
- {s: server, o: ROOT_URL, v: 'https://{{net_soa}}{{http_pfx_gitea}}/'}
@ -73,6 +81,7 @@
- {s: server, o: SSH_PORT, v: 2222}
- {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/.ssh}
- {s: server, o: MINIMUM_KEY_SIZE_CHECK, v: 'true'}
- {s: server, o: DISABLE_ROUTER_LOG, v: '{{gitea_disable_router_log}}'}
- {s: server, o: LFS_START_SERVER, v: 'false'}
- {s: ssh.minimum_key_sizes, o: ECDSA, v: '-1'}
- {s: ssh.minimum_key_sizes, o: DSA, v: '-1'}
@ -82,7 +91,8 @@
- {s: database, o: USER, v: '{{gitea_db_user}}'}
- {s: database, o: PASSWD, v: '{{gitea_db_password}}'}
- {s: database, o: LOG_SQL, v: 'false'}
- {s: indexer, o: REPO_INDEXER_ENABLED, v: 'true'}
- {s: indexer, o: ISSUE_INDEXER_TYPE, v: 'db'}
- {s: indexer, o: REPO_INDEXER_ENABLED, v: '{{gitea_enable_repo_indexer}}'}
- {s: admin, o: DISABLE_REGULAR_ORG_CREATION, v: '{{gitea_disable_org_creation}}'}
- {s: security, o: INSTALL_LOCK, v: 'true'}
- {s: security, o: SECRET_KEY, v: '{{gitea_security_secret}}'}
@ -93,19 +103,66 @@
- {s: service, o: ENABLE_REVERSE_PROXY_AUTHENTICATION, v: 'true'}
- {s: service, o: ENABLE_REVERSE_PROXY_AUTO_REGISTRATION, v: 'true'}
- {s: service, o: DEFAULT_KEEP_EMAIL_PRIVATE, v: 'true'}
- {s: service, o: ENABLE_USER_HEATMAP, v: '{{gitea_enable_user_heatmap}}'}
- {s: service, o: ENABLE_TIMETRACKING, v: '{{gitea_enable_timetracking}}'}
- {s: service, o: NO_REPLY_ADDRESS, v: masked.invalid}
- {s: service, o: AUTO_WATCH_NEW_REPOS, v: '{{gitea_auto_watch_new_repos}}'}
- {s: mailer, o: ENABLED, v: 'true'}
- {s: mailer, o: FROM, v: 'git@{{net_soa}}'}
- {s: mailer, o: USE_SENDMAIL, v: 'true'}
- {s: mailer, o: MAILER_TYPE, v: 'sendmail'}
- {s: cache, o: ENABLED, v: '{{gitea_enable_cache}}'}
- {s: cache.last_commit, o: ENABLED, v: '{{gitea_enable_cache}}'}
- {s: session, o: PROVIDER, v: file}
- {s: session, o: COOKIE_SECURE, v: 'true'}
- {s: picture, o: DISABLE_GRAVATAR, v: '{{gitea_disable_gravatar}}'}
- {s: attachment, o: ALLOWED_TYPES, v: '{{gitea_mime_attach | replace(" ", "|")}}'}
- {s: log, o: ROOT_PATH, v: /var/log/gitea/}
- {s: log, o: MODE, v: console}
- {s: log, o: ROUTER_LOG_LEVEL, v: Warn}
- {s: log, o: LEVEL, v: Warn}
- {s: log.console, o: LEVEL, v: Warn}
- {s: cron, o: ENABLED, v: 'true'}
- {s: cron, o: RUN_AT_START, v: 'true'}
- {s: cron.update_mirrors, o: ENABLED, v: 'false'}
- {s: cron.update_mirrors, o: RUN_AT_START, v: 'true'}
- {s: cron.repo_health_check, o: ENABLED, v: 'false'}
- {s: cron.repo_health_check, o: RUN_AT_START, v: 'true'}
- {s: cron.repo_health_check, o: SCHEDULE, v: '@every 168h'}
- {s: cron.check_repo_stats, o: ENABLED, v: 'true'}
- {s: cron.check_repo_stats, o: RUN_AT_START, v: 'true'}
- {s: cron.check_repo_stats, o: SCHEDULE, v: '@every 168h'}
- {s: cron.archive_cleanup, o: ENABLED, v: 'false'}
- {s: cron.archive_cleanup, o: RUN_AT_START, v: 'true'}
- {s: cron.archive_cleanup, o: SCHEDULE, v: '@every 168h'}
- {s: cron.sync_external_users, o: ENABLED, v: 'false'}
- {s: cron.sync_external_users, o: RUN_AT_START, v: 'false'}
- {s: cron.deleted_branches_cleanup, o: ENABLED, v: 'false'}
- {s: cron.deleted_branches_cleanup, o: RUN_AT_START, v: 'true'}
- {s: cron.update_migration_poster_id, o: ENABLED, v: 'false'}
- {s: cron.update_migration_poster_id, o: RUN_AT_START, v: 'true'}
- {s: cron.delete_inactive_accounts, o: ENABLED, v: 'false'}
- {s: cron.delete_inactive_accounts, o: RUN_AT_START, v: 'false'}
- {s: cron.delete_repo_archives, o: ENABLED, v: 'false'}
- {s: cron.delete_repo_archives, o: RUN_AT_START, v: 'false'}
- {s: cron.git_gc_repos, o: ENABLED, v: 'false'}
- {s: cron.git_gc_repos, o: RUN_AT_START, v: 'true'}
- {s: cron.resync_all_sshkeys, o: ENABLED, v: 'false'}
- {s: cron.resync_all_sshkeys, o: RUN_AT_START, v: 'true'}
- {s: cron.resync_all_hooks, o: ENABLED, v: 'false'}
- {s: cron.resync_all_hooks, o: RUN_AT_START, v: 'false'}
- {s: cron.reinit_missing_repos, o: ENABLED, v: 'false'}
- {s: cron.reinit_missing_repos, o: RUN_AT_START, v: 'true'}
- {s: cron.delete_missing_repos, o: ENABLED, v: 'false'}
- {s: cron.delete_missing_repos, o: RUN_AT_START, v: 'true'}
- {s: cron.delete_generated_repository_avatars, o: ENABLED, v: 'false'}
- {s: cron.delete_generated_repository_avatars, o: RUN_AT_START, v: 'true'}
- {s: api, o: ENABLE_SWAGGER, v: '{{gitea_enable_api}}'}
- {s: oauth2, o: ENABLE, v: '{{gitea_enable_oauth2_provider}}'}
- {s: oauth2, o: JWT_SECRET, v: '{{gitea_jwt_secret}}'}
- {s: i18n, o: LANGS, v: '{{gitea_i18n | map(attribute="code") | join(",")}}'}
- {s: i18n, o: NAMES, v: '{{gitea_i18n | map(attribute="label") | join(",")}}'}
- {s: markup.asciidoc, o: ENABLED, v: 'true'}
- {s: markup.asciidoc, o: RENDER_COMMAND, v: 'asciidoctor --out-file=- -'}
- {s: markup.asciidoc, o: RENDER_COMMAND, v: 'asciidoctor --backend=html5 --no-header-footer --attribute source-highlighter=highlightjs --out-file=- -'}
- {s: other, o: SHOW_FOOTER_VERSION, v: 'false'}
- {s: other, o: SHOW_FOOTER_TEMPLATE_LOAD_TIME, v: 'false'}
notify:

View File

@ -6,6 +6,13 @@
# WARNING: This file may be used inside a mounted chroot.
# The running system should not be assumed to be the target system.
- name: set hostname (needed by etckeeper)
copy:
content: |
{{hostname}}
dest: "{{chroot}}/etc/hostname"
mode: 0644
### INIT ⇒ ###
- name: init EtcKeeper
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=init.yml
@ -74,13 +81,6 @@
mode: 0644
# Host names
- name: set hostname
copy:
content: |
{{hostname}}
dest: "{{chroot}}/etc/hostname"
mode: 0644
- name: set the hosts file
copy:
src: files/hosts

View File

@ -26,10 +26,13 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"collabora-online-server-nodocker"
]
packages:
- pkg: collabora-online-server-nodocker
pre: |
LANG=C sed -ri '
s/^(_I18N_EREGEX=).*$/\1{{loolwsd_lang}}/
' PKGBUILD
cat PKGBUILD
aur_user: git
- name: create the nextcloud user
@ -89,8 +92,10 @@
with_dict:
server_name: '{{net_soa}}:443'
memproportion: '{{loolwsd_maxmem_asdouble}}'
'enable\s[^>]*browser': 'false'
'enable\s[^>]*SSL[^>]*between loolwsd and the network': 'false'
termination: 'true'
'as_scheme\s[^>]*SSL': 'false'
'enable\s[^>]*SSL[^>]*between storage and loolwsd': 'false'
username: '{{loolwsd_admin_user}}'
password: '{{loolwsd_admin_password}}'
notify:
@ -105,33 +110,37 @@
notify:
- restart loolwsd.service
- name: ensure ownership of the nextcloud home directory
file:
path: "{{nextcloud_data}}"
state: directory
owner: "{{nextcloud_user}}"
group: "{{nextcloud_user}}"
recurse: true
- name: ensure Nextcloud ownership
block:
- name: ensure ownership of the nextcloud configuration directory
file:
path: "{{nextcloud_conf}}"
state: directory
owner: "{{nextcloud_user}}"
group: "{{nextcloud_user}}"
mode: 0750
- name: ensure Nextcloud ownership: prepare file
shell: >
sed -r '
/%[CL]/ d;
s#%S/nextcloud#{{nextcloud_data}}#g;
s#%t#/var/tmp#g;
s/([[:blank:]]+nextcloud){2}$/ {{nextcloud_user}} {{nextcloud_user}}/
'
</usr/lib/tmpfiles.d/nextcloud.conf
>/tmp/nextcloud.conf
changed_when: false
- name: create extra directories
file:
path: "{{item}}"
state: directory
owner: "{{nextcloud_user}}"
group: "{{nextcloud_user}}"
mode: 0750
with_items:
- /var/tmp/nextcloud
- "{{nextcloud_data}}/data"
- "{{nextcloud_data}}/apps"
- name: ensure Nextcloud ownership: install file
copy:
src: /tmp/nextcloud.conf
dest: /etc/tmpfiles.d/nextcloud.conf
remote_src: true
always:
- name: ensure Nextcloud ownership: cleanup
file:
path: /tmp/nextcloud.conf
state: absent
changed_when: false
- name: ensure Nextcloud ownership: apply
command: systemd-tmpfiles --create
changed_when: false
- name: send initial configuration
copy:
@ -328,9 +337,12 @@
dbpassword: "'{{nextcloud_db_password}}'"
dbtype: "'pgsql'"
dbuser: "'{{nextcloud_db_user}}'"
default_phone_region: "'{{locales_default | truncate(2, True, '', 0) | upper}}'"
filelocking.enabled: 'false'
localstorage.allowsymlinks: 'true'
log.condition: " array ( )"
log_type: "'syslog'"
loglevel: 1
mail_domain: "'{{net_soa}}'"
mail_smtphost: "'{{DMZ}}'"
mail_smtpmode: "'smtp'"

View File

@ -33,12 +33,26 @@
msg: php
### ⇐ UPSTREAM END ###
- name: enable PHP extension imagick
- name: enable PHP extensions
lineinfile:
path: /etc/php/conf.d/imagick.ini
path: /etc/php/conf.d/{{item}}.ini
backrefs: true
regexp: '^;*(extension=imagick)\s*$'
regexp: '^;\s*(extension\s*=\s*{{item}}).*$'
line: '\1'
with_items:
- apcu
- geoip
- imagick
- name: alter PHP APCu configuration lines
lineinfile:
path: /etc/php/conf.d/apcu.ini
regexp: '^;*{{item.name}}\s*='
line: '{{item.name}}={{item.value}}'
with_items:
- {name: 'apc.enable_cli', value: 1}
notify:
- restart php-fpm.service (front)
- name: activate PHP extensions
lineinfile:

View File

@ -42,7 +42,7 @@
- name: enable and start cups
systemd:
daemon_reload: true
name: org.cups.cupsd.service
name: cups.service
enabled: true
state: started

View File

@ -15,10 +15,8 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"privatebin"
]
packages:
- privatebin
aur_user: git
### UPSTREAM END ⇒ ###

View File

@ -19,10 +19,8 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"pyruse"
]
packages:
- pyruse
### UPSTREAM END ⇒ ###
- name: merge upstream

View File

@ -226,13 +226,12 @@
with_items: "{{ldap_virtual_users}}"
- name: all users properties LDIF
ldap_attr:
ldap_attrs:
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
bind_dn: "cn=root,{{ldap_root}}"
bind_pw: "{{ldap_rootpw}}"
dn: "uid={{item.uid}},ou=Users,{{ldap_root}}"
name: "{{item.attr}}"
values: "{{item.value}}"
attributes: '{"{{item.attr}}": "{{item.value}}"}'
state: exact
with_items: "{{ldap_users_attrs}}"
@ -250,13 +249,13 @@
with_items: "{{ldap_system_groups}}"
- name: declare existing groups members
ldap_attr:
ldap_attrs:
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
bind_dn: "cn=root,{{ldap_root}}"
bind_pw: "{{ldap_rootpw}}"
dn: "cn={{item.group}},ou=Groups,{{ldap_root}}"
name: memberuid
values: "{{item.member}}"
attributes:
memberuid: "{{item.member}}"
state: present
with_items: "{{ldap_system_group_members}}"

View File

@ -5,3 +5,4 @@
dependencies:
- role: cleanupdate
- role: dmz_nginx

View File

@ -22,15 +22,13 @@
name: aur.inc
allow_duplicates: true
vars:
pkg_names: |
[
"lua51-lualdap-git",
"ssowat-git"
]
packages:
- lua51-lualdap-git
- ssowat-git
aur_user: git
# USUALLY NOT UP-TO-DATE… :-(
# "nginx-mainline-mod-ndk",
# "nginx-mainline-mod-lua",
# - nginx-mainline-mod-ndk
# - nginx-mainline-mod-lua
### UPSTREAM END ⇒ ###
- name: merge upstream

View File

@ -46,15 +46,15 @@
- init
- cleanupdate
- postinstall
- ldap
- iodine
- ddclient_HE_example
- ddclient_FreeDNS_example
- dmz_nginx
- ssowat
- ldap
- php
- ssh
- transmission
- dmz_nginx
- dmz_exim
- dmz_haproxy
- dmz_ihmgit_front