Compare commits
3 Commits
6247e9c521
...
fd86da0db5
Author | SHA1 | Date |
---|---|---|
Yves G | fd86da0db5 | |
Yves G | 6fb26de9ae | |
Yves G | d32a9f70e8 |
|
@ -111,7 +111,7 @@ Last but not least, the machine that will run the Ansible playbook should:
|
|||
* have a version of Ansible greater than 2.2:
|
||||
** module `include_role` runs dynamically (available since version 2.4),
|
||||
** modules `ini_file`, `lineinfile`, `mount`, and `replace` use the `path` parameter (available since version 2.3),
|
||||
** modules `ldap_attr` and `ldap_entry` are used (available since version 2.3),
|
||||
** module `ldap_attrs` is used (available since version 3.4),
|
||||
** module `lineinfile` uses the `firstmatch` parameter (available since version 2.5),
|
||||
** module `user` uses the `create_home` parameter (available since version 2.5);
|
||||
|
||||
|
|
101
group_vars/all
101
group_vars/all
|
@ -82,6 +82,9 @@ fw_portknock_seq: 1 22 333 4444 333 22 1
|
|||
# The email address associated to root, for commits in the git repository that stores changes to /etc.
|
||||
git_contact_email: hostmaster@example.org
|
||||
|
||||
# Watch new repositories inside the already-watched perimeter by default.
|
||||
gitea_auto_watch_new_repos: 'true'
|
||||
|
||||
# Name of the Gitea (web UI for Git) database in PostgreSQL.
|
||||
gitea_db: gitea
|
||||
|
||||
|
@ -91,18 +94,83 @@ gitea_db_user: gitea
|
|||
# Password for the PostgreSQL user who owns the Gitea database.
|
||||
gitea_db_password: gitea
|
||||
|
||||
# Disable Gravatar pictures.
|
||||
gitea_disable_gravatar: 'false'
|
||||
|
||||
# Disable HTTP for Git access.
|
||||
gitea_disable_http_git: 'false'
|
||||
|
||||
# Disable mirrors.
|
||||
gitea_disable_mirrors: 'true'
|
||||
|
||||
# Disable creation of organisations in Gitea (“true” or “false”, as a character string).
|
||||
gitea_disable_org_creation: 'true'
|
||||
|
||||
# Disable self-registration in Gitea (“true” or “false”, as a character string).
|
||||
gitea_disable_registration: 'false'
|
||||
|
||||
# Disable logs by Gitea router.
|
||||
gitea_disable_router_log: 'false'
|
||||
|
||||
# Enable API and Swagger UI.
|
||||
gitea_enable_api: 'true'
|
||||
|
||||
# Enable caching for the web UI.
|
||||
gitea_enable_cache: 'true'
|
||||
|
||||
# Enable email notifications in Gitea (“true” or “false”, as a character string).
|
||||
gitea_enable_notify_email: 'true'
|
||||
|
||||
# Enable OAuth2 provider.
|
||||
gitea_enable_oauth2_provider: 'false'
|
||||
|
||||
# Index repositories.
|
||||
gitea_enable_repo_indexer: 'true'
|
||||
|
||||
# Enable user heat-map.
|
||||
gitea_enable_user_heatmap: 'true'
|
||||
|
||||
# Enable the time-tracking feature.
|
||||
gitea_enable_timetracking: 'true'
|
||||
|
||||
# Available languages.
|
||||
gitea_i18n: [
|
||||
{"code": "en-US", "label": "English"},
|
||||
{"code": "zh-CN", "label": "简体中文"},
|
||||
{"code": "zh-HK", "label": "繁體中文(香港)"},
|
||||
{"code": "zh-TW", "label": "繁體中文(台灣)"},
|
||||
{"code": "de-DE", "label": "Deutsch"},
|
||||
{"code": "fr-FR", "label": "français"},
|
||||
{"code": "nl-NL", "label": "Nederlands"},
|
||||
{"code": "lv-LV", "label": "latviešu"},
|
||||
{"code": "ru-RU", "label": "русский"},
|
||||
{"code": "uk-UA", "label": "Українська"},
|
||||
{"code": "ja-JP", "label": "日本語"},
|
||||
{"code": "es-ES", "label": "español"},
|
||||
{"code": "pt-BR", "label": "português do Brasil"},
|
||||
{"code": "pt-PT", "label": "Português de Portugal"},
|
||||
{"code": "pl-PL", "label": "polski"},
|
||||
{"code": "bg-BG", "label": "български"},
|
||||
{"code": "it-IT", "label": "italiano"},
|
||||
{"code": "fi-FI", "label": "suomi"},
|
||||
{"code": "tr-TR", "label": "Türkçe"},
|
||||
{"code": "cs-CZ", "label": "čeština"},
|
||||
{"code": "sr-SP", "label": "српски"},
|
||||
{"code": "sv-SE", "label": "svenska"},
|
||||
{"code": "ko-KR", "label": "한국어"}
|
||||
]
|
||||
|
||||
# JWT secret for OAuth2
|
||||
gitea_jwt_secret: az09ZA_az09ZA_az09ZA_az09ZA_az09ZA_az09ZA
|
||||
|
||||
# Space-separated list of mime types to accept for attachments (“*/*” means: “anything”).
|
||||
gitea_mime_attach: 'image/jpeg image/png application/zip application/gzip'
|
||||
|
||||
# Notifications refresh in seconds.
|
||||
gitea_notif_min_timeout: 10
|
||||
gitea_notif_max_timeout: 60
|
||||
gitea_notif_timeout_step: 10
|
||||
|
||||
# A random salt-string for internal encryption (change it!).
|
||||
gitea_security_secret: '!#@FDEWREWR&*('
|
||||
|
||||
|
@ -249,22 +317,24 @@ ldap_virtual_user_gid: 65534
|
|||
# These settings are enforced at each run. Examples:
|
||||
# — gecos: the full name that typically appears on the login screen;
|
||||
# — http://directory.fedoraproject.org/docs/389ds/design/shadow-account-support.html.
|
||||
ldap_users_attrs: '[
|
||||
{"uid": "you", "attr": "gecos", "value": "Y-O. Udel"},
|
||||
{"uid": "you", "attr": "shadowLastChange", "value": "16000"},
|
||||
{"uid": "you", "attr": "shadowMax", "value": "99999"},
|
||||
{"uid": "you", "attr": "shadowWarning", "value": "7"},
|
||||
{"uid": "me", "attr": "gecos", "value": "M. Ellen"},
|
||||
{"uid": "me", "attr": "shadowLastChange", "value": "16000"},
|
||||
{"uid": "me", "attr": "shadowMax", "value": "99999"},
|
||||
{"uid": "me", "attr": "shadowWarning", "value": "7"}
|
||||
]'
|
||||
ldap_users_attrs:
|
||||
- {uid: "you", attr: "gecos", value: "Y-O. Udel"}
|
||||
- {uid: "you", attr: "shadowLastChange", value: "16000"}
|
||||
- {uid: "you", attr: "shadowMax", value: "99999"}
|
||||
- {uid: "you", attr: "shadowWarning", value: "7"}
|
||||
- {uid: "me", attr: "gecos", value: "M. Ellen"}
|
||||
- {uid: "me", attr: "shadowLastChange", value: "16000"}
|
||||
- {uid: "me", attr: "shadowMax", value: "99999"}
|
||||
- {uid: "me", attr: "shadowWarning", value: "7"}
|
||||
|
||||
# Login name and password of the LibreOffice OnLine web services’ administrator.
|
||||
# Usefulness not clear; it doesn’t hurt to use the same values as in “nextcloud_admin_user” and “nextcloud_admin_password”…
|
||||
loolwsd_admin_user: nextcloud_admin
|
||||
loolwsd_admin_password: nextcloud_admin
|
||||
|
||||
# Language used by LibreOffice OnLine (LOOL), either 2 or 5 characters, packaged with CollaboraOnline.
|
||||
loolwsd_lang: en
|
||||
|
||||
# LibreOffice OnLine’s description: “The maximum percentage of system memory consumed
|
||||
# by all of the LibreOffice Online, after which we start cleaning up idle documents”.
|
||||
loolwsd_maxmem_asdouble: '80.0'
|
||||
|
@ -293,6 +363,9 @@ mail_ignore_ip: '2001:860:e2ef::f503:0:2'
|
|||
# All local mail destinations, which include managed domains, as well as host names.
|
||||
mail_local_domains: 'home dmz localhost example.org *.example.org *.local'
|
||||
|
||||
# Maximum number of SPAM-filter workers.
|
||||
mail_max_spam_workers: 5
|
||||
|
||||
# The ISP’s smarthost (which listens on port 25).
|
||||
mail_smtp_smarthost: smtp.bbox.fr
|
||||
|
||||
|
@ -426,6 +499,12 @@ nginx_loglevel: info
|
|||
# Administrator password for PostgreSQL.
|
||||
pgpassword: PostgreSQL
|
||||
|
||||
# Maximum number of PHP-handling processes.
|
||||
php_max_workers: 5
|
||||
|
||||
# Maximum number of requests a PHP-handling process can handle before being reset (0: never reset).
|
||||
php_worker_max_reqs: 0
|
||||
|
||||
# Maximum number of bytes in a Privatebin paste (or image).
|
||||
privatebin_bytes_limit: 10485760
|
||||
|
||||
|
@ -460,7 +539,7 @@ prosody_db_password: prosody
|
|||
sane_drivers: epson2
|
||||
|
||||
# Space-separated list of pacman mirrors to use.
|
||||
software_mirrors: 'archlinux.de-labrusse.fr mirror.archlinux.ikoula.com'
|
||||
software_mirrors: 'mirror.archlinux.ikoula.com archlinux.vi-di.fr'
|
||||
|
||||
# Software that will get removed if present, on next run of the playbook (JSON list).
|
||||
software_to_del: '["dhcpcd"]'
|
||||
|
|
|
@ -15,7 +15,8 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: '["dehydrated-git"]'
|
||||
packages:
|
||||
- dehydrated-git
|
||||
aur_user: git
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
||||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||||
|
||||
# mandatory parameters: pkg_name and aur_user
|
||||
# mandatory parameters: pkg_name, pre_cmd, aur_user
|
||||
|
||||
- name: AUR → {{pkg_name}} → read current version
|
||||
shell: |
|
||||
|
@ -40,6 +40,20 @@
|
|||
- name: AUR → {{pkg_name}} → work with the recipe
|
||||
block:
|
||||
|
||||
- name: AUR → {{pkg_name}} → run custom pre-processing commands
|
||||
shell: "{{pre_cmd}}"
|
||||
args:
|
||||
chdir: /var/tmp/{{aurjson.json.results[0].PackageBase}}
|
||||
warn: false
|
||||
when: pre_cmd
|
||||
register: debugCustom
|
||||
|
||||
- name: AUR → {{pkg_name}} → see custom pre-processing commands’ result
|
||||
debug:
|
||||
var: debugCustom
|
||||
when: pre_cmd
|
||||
changed_when: false
|
||||
|
||||
- name: AUR → {{pkg_name}} → read the real version
|
||||
command: >
|
||||
bash -c
|
||||
|
|
|
@ -18,8 +18,9 @@
|
|||
- name: AUR → installation
|
||||
include_tasks: install.yml
|
||||
vars:
|
||||
pkg_name: "{{item}}"
|
||||
with_items: "{{pkg_names}}"
|
||||
pkg_name: "{{(item is mapping) | ternary(item.pkg, item)}}"
|
||||
pre_cmd: "{{(item is mapping) | ternary(item.pre, '')}}"
|
||||
with_items: "{{packages}}"
|
||||
always:
|
||||
- name: AUR → remove base-devel and dependencies
|
||||
shell: |
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
copy:
|
||||
content: |
|
||||
location = / {
|
||||
rewrite ^ $scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
|
||||
rewrite ^ $proxy_scheme://{{net_soa}}{{http_pfx_dotclear}} redirect;
|
||||
}
|
||||
location {{http_pfx_dotclear}} {
|
||||
alias {{dotclear_root}};
|
||||
|
|
|
@ -106,7 +106,7 @@
|
|||
content: |
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/shared_sockets/spamd
|
||||
ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/shared_sockets/spamd --max-children={{mail_max_spam_workers}}
|
||||
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
|
@ -171,13 +171,13 @@
|
|||
with_items: "{{mail_alias_memberships}}"
|
||||
|
||||
- name: declare existing aliases’ members
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "cn={{item.alias}},ou=Aliases,{{ldap_root}}"
|
||||
name: rfc822MailMember
|
||||
values: "{{item.member}}"
|
||||
attributes:
|
||||
rfc822MailMember: "{{item.member}}"
|
||||
state: present
|
||||
with_items: "{{mail_alias_memberships}}"
|
||||
|
||||
|
|
|
@ -15,10 +15,8 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"ldap-account-manager"
|
||||
]
|
||||
packages:
|
||||
- ldap-account-manager
|
||||
aur_user: git
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
|
|
|
@ -51,6 +51,6 @@
|
|||
- name: commit local changes
|
||||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
||||
vars:
|
||||
msg: Gitea
|
||||
msg: Motion
|
||||
### ⇐ LOCAL COMMIT ###
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -15,11 +15,9 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"php-zmq",
|
||||
"movim"
|
||||
]
|
||||
packages:
|
||||
- php-zmq
|
||||
- movim
|
||||
aur_user: git
|
||||
register: software
|
||||
|
||||
|
|
|
@ -200,15 +200,23 @@
|
|||
notify:
|
||||
- restart nginx.service
|
||||
|
||||
- name: set the php-fpm socket path
|
||||
- name: set the php-fpm settings
|
||||
lineinfile:
|
||||
path: /etc/php/php-fpm.d/www.conf
|
||||
regexp: '^;*listen\s*='
|
||||
line: 'listen = /run/shared_sockets/php-fpm'
|
||||
regexp: '^;*{{item.key}}\s*='
|
||||
line: '{{item.key}} = {{item.value}}'
|
||||
with_dict:
|
||||
listen: /run/shared_sockets/php-fpm
|
||||
pm: dynamic
|
||||
'pm.max_children': '{{php_max_workers}}'
|
||||
'pm.start_servers': 1
|
||||
'pm.min_spare_servers': 1
|
||||
'pm.max_spare_servers': '{{php_max_workers}}'
|
||||
'pm.max_requests': '{{php_worker_max_reqs}}'
|
||||
notify:
|
||||
- restart php-fpm.service
|
||||
|
||||
- name: remove useless user/group specs
|
||||
- name: disable useless user/group specs
|
||||
lineinfile:
|
||||
path: /etc/php/php-fpm.d/www.conf
|
||||
backrefs: true
|
||||
|
|
|
@ -19,6 +19,7 @@ server {
|
|||
access_log /var/log/nginx/http_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "http";
|
||||
set $proxy_https "off";
|
||||
set $proxy_port "80";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
@ -32,6 +33,7 @@ server {
|
|||
access_log /var/log/nginx/https_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "https";
|
||||
set $proxy_https "on";
|
||||
set $proxy_port "443";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
@ -46,6 +48,7 @@ server {
|
|||
access_log /var/log/nginx/https_access.log proxy_log;
|
||||
set_real_ip_from unix:;
|
||||
real_ip_header proxy_protocol;
|
||||
set $proxy_scheme "https";
|
||||
set $proxy_https "on";
|
||||
set $proxy_port "443";
|
||||
include inc.d/{{nickname}}_php-full.inc;
|
||||
|
|
|
@ -26,22 +26,20 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"lua52-event",
|
||||
"lua52-lpty",
|
||||
"prosody-mod-auth-imap-hg",
|
||||
"prosody-mod-auto-accept-subscriptions-hg",
|
||||
"prosody-mod-filter-chatstates-hg",
|
||||
"prosody-mod-http-upload-external-hg",
|
||||
"prosody-mod-offline-email-hg",
|
||||
"prosody-mod-smacks",
|
||||
"prosody-mod-throttle_presence"
|
||||
]
|
||||
packages:
|
||||
- lua52-event
|
||||
- lua52-lpty
|
||||
- prosody-mod-auth-imap-hg
|
||||
- prosody-mod-auto-accept-subscriptions-hg
|
||||
- prosody-mod-filter-chatstates-hg
|
||||
- prosody-mod-http-upload-external-hg
|
||||
- prosody-mod-offline-email-hg
|
||||
- prosody-mod-smacks
|
||||
- prosody-mod-throttle_presence
|
||||
aur_user: git
|
||||
# "prosody-mod-log-auth",
|
||||
# "prosody-mod-mam-archive",
|
||||
# "prosody-mod-mam-muc",
|
||||
# - prosody-mod-log-auth
|
||||
# - prosody-mod-mam-archive
|
||||
# - prosody-mod-mam-muc
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
- name: merge upstream
|
||||
|
|
|
@ -15,10 +15,8 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"wallabag"
|
||||
]
|
||||
packages:
|
||||
- wallabag
|
||||
aur_user: git
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
|
|
|
@ -51,6 +51,12 @@
|
|||
notify:
|
||||
- restart dovecot.service
|
||||
|
||||
- name: create the configuration directory
|
||||
file:
|
||||
name: /etc/dovecot
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: main configuration
|
||||
template:
|
||||
src: templates/dovecot.conf.j2
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
owner: '{{gitea_user}}'
|
||||
recurse: true
|
||||
with_items:
|
||||
- /etc/gitea
|
||||
- /var/lib/gitea
|
||||
- /var/log/gitea
|
||||
|
||||
|
@ -61,8 +62,15 @@
|
|||
- {s: null, o: RUN_USER, v: '{{gitea_user}}'}
|
||||
- {s: null, o: RUN_MODE, v: prod}
|
||||
- {s: repository, o: ROOT, v: /var/lib/gitea/repos}
|
||||
- {s: repository, o: DISABLE_HTTP_GIT, v: '{{gitea_disable_http_git}}'}
|
||||
- {s: repository, o: DISABLE_MIRRORS, v: '{{gitea_disable_mirrors}}'}
|
||||
- {s: repository.editor, o: LINE_WRAP_EXTENSIONS, v: '.txt,.md,.markdown,.mdown,.mkd,.adoc,.asciidoc,'}
|
||||
- {s: ui, o: SHOW_USER_EMAIL, v: 'false'}
|
||||
- {s: ui, o: USE_SERVICE_WORKER, v: '{{gitea_enable_cache}}'}
|
||||
- {s: ui.meta, o: MIN_TIMEOUT, v: '{{gitea_notif_min_timeout}}s'}
|
||||
- {s: ui.meta, o: MAX_TIMEOUT, v: '{{gitea_notif_max_timeout}}s'}
|
||||
- {s: ui.meta, o: TIMEOUT_STEP, v: '{{gitea_notif_timeout_step}}s'}
|
||||
- {s: ui.meta, o: EVENT_SOURCE_UPDATE_TIME, v: '{{gitea_notif_min_timeout}}s'}
|
||||
- {s: server, o: PROTOCOL, v: unix}
|
||||
- {s: server, o: DOMAIN, v: '{{net_soa}}'}
|
||||
- {s: server, o: ROOT_URL, v: 'https://{{net_soa}}{{http_pfx_gitea}}/'}
|
||||
|
@ -73,6 +81,7 @@
|
|||
- {s: server, o: SSH_PORT, v: 2222}
|
||||
- {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/.ssh}
|
||||
- {s: server, o: MINIMUM_KEY_SIZE_CHECK, v: 'true'}
|
||||
- {s: server, o: DISABLE_ROUTER_LOG, v: '{{gitea_disable_router_log}}'}
|
||||
- {s: server, o: LFS_START_SERVER, v: 'false'}
|
||||
- {s: ssh.minimum_key_sizes, o: ECDSA, v: '-1'}
|
||||
- {s: ssh.minimum_key_sizes, o: DSA, v: '-1'}
|
||||
|
@ -82,7 +91,8 @@
|
|||
- {s: database, o: USER, v: '{{gitea_db_user}}'}
|
||||
- {s: database, o: PASSWD, v: '{{gitea_db_password}}'}
|
||||
- {s: database, o: LOG_SQL, v: 'false'}
|
||||
- {s: indexer, o: REPO_INDEXER_ENABLED, v: 'true'}
|
||||
- {s: indexer, o: ISSUE_INDEXER_TYPE, v: 'db'}
|
||||
- {s: indexer, o: REPO_INDEXER_ENABLED, v: '{{gitea_enable_repo_indexer}}'}
|
||||
- {s: admin, o: DISABLE_REGULAR_ORG_CREATION, v: '{{gitea_disable_org_creation}}'}
|
||||
- {s: security, o: INSTALL_LOCK, v: 'true'}
|
||||
- {s: security, o: SECRET_KEY, v: '{{gitea_security_secret}}'}
|
||||
|
@ -93,19 +103,66 @@
|
|||
- {s: service, o: ENABLE_REVERSE_PROXY_AUTHENTICATION, v: 'true'}
|
||||
- {s: service, o: ENABLE_REVERSE_PROXY_AUTO_REGISTRATION, v: 'true'}
|
||||
- {s: service, o: DEFAULT_KEEP_EMAIL_PRIVATE, v: 'true'}
|
||||
- {s: service, o: ENABLE_USER_HEATMAP, v: '{{gitea_enable_user_heatmap}}'}
|
||||
- {s: service, o: ENABLE_TIMETRACKING, v: '{{gitea_enable_timetracking}}'}
|
||||
- {s: service, o: NO_REPLY_ADDRESS, v: masked.invalid}
|
||||
- {s: service, o: AUTO_WATCH_NEW_REPOS, v: '{{gitea_auto_watch_new_repos}}'}
|
||||
- {s: mailer, o: ENABLED, v: 'true'}
|
||||
- {s: mailer, o: FROM, v: 'git@{{net_soa}}'}
|
||||
- {s: mailer, o: USE_SENDMAIL, v: 'true'}
|
||||
- {s: mailer, o: MAILER_TYPE, v: 'sendmail'}
|
||||
- {s: cache, o: ENABLED, v: '{{gitea_enable_cache}}'}
|
||||
- {s: cache.last_commit, o: ENABLED, v: '{{gitea_enable_cache}}'}
|
||||
- {s: session, o: PROVIDER, v: file}
|
||||
- {s: session, o: COOKIE_SECURE, v: 'true'}
|
||||
- {s: picture, o: DISABLE_GRAVATAR, v: '{{gitea_disable_gravatar}}'}
|
||||
- {s: attachment, o: ALLOWED_TYPES, v: '{{gitea_mime_attach | replace(" ", "|")}}'}
|
||||
- {s: log, o: ROOT_PATH, v: /var/log/gitea/}
|
||||
- {s: log, o: MODE, v: console}
|
||||
- {s: log, o: ROUTER_LOG_LEVEL, v: Warn}
|
||||
- {s: log, o: LEVEL, v: Warn}
|
||||
- {s: log.console, o: LEVEL, v: Warn}
|
||||
- {s: cron, o: ENABLED, v: 'true'}
|
||||
- {s: cron, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.update_mirrors, o: ENABLED, v: 'false'}
|
||||
- {s: cron.update_mirrors, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.repo_health_check, o: ENABLED, v: 'false'}
|
||||
- {s: cron.repo_health_check, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.repo_health_check, o: SCHEDULE, v: '@every 168h'}
|
||||
- {s: cron.check_repo_stats, o: ENABLED, v: 'true'}
|
||||
- {s: cron.check_repo_stats, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.check_repo_stats, o: SCHEDULE, v: '@every 168h'}
|
||||
- {s: cron.archive_cleanup, o: ENABLED, v: 'false'}
|
||||
- {s: cron.archive_cleanup, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.archive_cleanup, o: SCHEDULE, v: '@every 168h'}
|
||||
- {s: cron.sync_external_users, o: ENABLED, v: 'false'}
|
||||
- {s: cron.sync_external_users, o: RUN_AT_START, v: 'false'}
|
||||
- {s: cron.deleted_branches_cleanup, o: ENABLED, v: 'false'}
|
||||
- {s: cron.deleted_branches_cleanup, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.update_migration_poster_id, o: ENABLED, v: 'false'}
|
||||
- {s: cron.update_migration_poster_id, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.delete_inactive_accounts, o: ENABLED, v: 'false'}
|
||||
- {s: cron.delete_inactive_accounts, o: RUN_AT_START, v: 'false'}
|
||||
- {s: cron.delete_repo_archives, o: ENABLED, v: 'false'}
|
||||
- {s: cron.delete_repo_archives, o: RUN_AT_START, v: 'false'}
|
||||
- {s: cron.git_gc_repos, o: ENABLED, v: 'false'}
|
||||
- {s: cron.git_gc_repos, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.resync_all_sshkeys, o: ENABLED, v: 'false'}
|
||||
- {s: cron.resync_all_sshkeys, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.resync_all_hooks, o: ENABLED, v: 'false'}
|
||||
- {s: cron.resync_all_hooks, o: RUN_AT_START, v: 'false'}
|
||||
- {s: cron.reinit_missing_repos, o: ENABLED, v: 'false'}
|
||||
- {s: cron.reinit_missing_repos, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.delete_missing_repos, o: ENABLED, v: 'false'}
|
||||
- {s: cron.delete_missing_repos, o: RUN_AT_START, v: 'true'}
|
||||
- {s: cron.delete_generated_repository_avatars, o: ENABLED, v: 'false'}
|
||||
- {s: cron.delete_generated_repository_avatars, o: RUN_AT_START, v: 'true'}
|
||||
- {s: api, o: ENABLE_SWAGGER, v: '{{gitea_enable_api}}'}
|
||||
- {s: oauth2, o: ENABLE, v: '{{gitea_enable_oauth2_provider}}'}
|
||||
- {s: oauth2, o: JWT_SECRET, v: '{{gitea_jwt_secret}}'}
|
||||
- {s: i18n, o: LANGS, v: '{{gitea_i18n | map(attribute="code") | join(",")}}'}
|
||||
- {s: i18n, o: NAMES, v: '{{gitea_i18n | map(attribute="label") | join(",")}}'}
|
||||
- {s: markup.asciidoc, o: ENABLED, v: 'true'}
|
||||
- {s: markup.asciidoc, o: RENDER_COMMAND, v: 'asciidoctor --out-file=- -'}
|
||||
- {s: markup.asciidoc, o: RENDER_COMMAND, v: 'asciidoctor --backend=html5 --no-header-footer --attribute source-highlighter=highlightjs --out-file=- -'}
|
||||
- {s: other, o: SHOW_FOOTER_VERSION, v: 'false'}
|
||||
- {s: other, o: SHOW_FOOTER_TEMPLATE_LOAD_TIME, v: 'false'}
|
||||
notify:
|
||||
|
|
|
@ -6,6 +6,13 @@
|
|||
# WARNING: This file may be used inside a mounted chroot.
|
||||
# The running system should not be assumed to be the target system.
|
||||
|
||||
- name: set hostname (needed by etckeeper)
|
||||
copy:
|
||||
content: |
|
||||
{{hostname}}
|
||||
dest: "{{chroot}}/etc/hostname"
|
||||
mode: 0644
|
||||
|
||||
### INIT ⇒ ###
|
||||
- name: init EtcKeeper
|
||||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=init.yml
|
||||
|
@ -74,13 +81,6 @@
|
|||
mode: 0644
|
||||
|
||||
# Host names
|
||||
- name: set hostname
|
||||
copy:
|
||||
content: |
|
||||
{{hostname}}
|
||||
dest: "{{chroot}}/etc/hostname"
|
||||
mode: 0644
|
||||
|
||||
- name: set the hosts file
|
||||
copy:
|
||||
src: files/hosts
|
||||
|
|
|
@ -26,10 +26,13 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"collabora-online-server-nodocker"
|
||||
]
|
||||
packages:
|
||||
- pkg: collabora-online-server-nodocker
|
||||
pre: |
|
||||
LANG=C sed -ri '
|
||||
s/^(_I18N_EREGEX=).*$/\1{{loolwsd_lang}}/
|
||||
' PKGBUILD
|
||||
cat PKGBUILD
|
||||
aur_user: git
|
||||
|
||||
- name: create the nextcloud user
|
||||
|
@ -89,8 +92,10 @@
|
|||
with_dict:
|
||||
server_name: '{{net_soa}}:443'
|
||||
memproportion: '{{loolwsd_maxmem_asdouble}}'
|
||||
'enable\s[^>]*browser': 'false'
|
||||
'enable\s[^>]*SSL[^>]*between loolwsd and the network': 'false'
|
||||
termination: 'true'
|
||||
'as_scheme\s[^>]*SSL': 'false'
|
||||
'enable\s[^>]*SSL[^>]*between storage and loolwsd': 'false'
|
||||
username: '{{loolwsd_admin_user}}'
|
||||
password: '{{loolwsd_admin_password}}'
|
||||
notify:
|
||||
|
@ -105,33 +110,37 @@
|
|||
notify:
|
||||
- restart loolwsd.service
|
||||
|
||||
- name: ensure ownership of the nextcloud home directory
|
||||
file:
|
||||
path: "{{nextcloud_data}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
recurse: true
|
||||
- name: ensure Nextcloud ownership
|
||||
block:
|
||||
|
||||
- name: ensure ownership of the nextcloud configuration directory
|
||||
file:
|
||||
path: "{{nextcloud_conf}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
mode: 0750
|
||||
- name: ensure Nextcloud ownership: prepare file
|
||||
shell: >
|
||||
sed -r '
|
||||
/%[CL]/ d;
|
||||
s#%S/nextcloud#{{nextcloud_data}}#g;
|
||||
s#%t#/var/tmp#g;
|
||||
s/([[:blank:]]+nextcloud){2}$/ {{nextcloud_user}} {{nextcloud_user}}/
|
||||
'
|
||||
</usr/lib/tmpfiles.d/nextcloud.conf
|
||||
>/tmp/nextcloud.conf
|
||||
changed_when: false
|
||||
|
||||
- name: create extra directories
|
||||
file:
|
||||
path: "{{item}}"
|
||||
state: directory
|
||||
owner: "{{nextcloud_user}}"
|
||||
group: "{{nextcloud_user}}"
|
||||
mode: 0750
|
||||
with_items:
|
||||
- /var/tmp/nextcloud
|
||||
- "{{nextcloud_data}}/data"
|
||||
- "{{nextcloud_data}}/apps"
|
||||
- name: ensure Nextcloud ownership: install file
|
||||
copy:
|
||||
src: /tmp/nextcloud.conf
|
||||
dest: /etc/tmpfiles.d/nextcloud.conf
|
||||
remote_src: true
|
||||
|
||||
always:
|
||||
- name: ensure Nextcloud ownership: cleanup
|
||||
file:
|
||||
path: /tmp/nextcloud.conf
|
||||
state: absent
|
||||
changed_when: false
|
||||
|
||||
- name: ensure Nextcloud ownership: apply
|
||||
command: systemd-tmpfiles --create
|
||||
changed_when: false
|
||||
|
||||
- name: send initial configuration
|
||||
copy:
|
||||
|
@ -328,9 +337,12 @@
|
|||
dbpassword: "'{{nextcloud_db_password}}'"
|
||||
dbtype: "'pgsql'"
|
||||
dbuser: "'{{nextcloud_db_user}}'"
|
||||
default_phone_region: "'{{locales_default | truncate(2, True, '', 0) | upper}}'"
|
||||
filelocking.enabled: 'false'
|
||||
localstorage.allowsymlinks: 'true'
|
||||
log.condition: " array ( )"
|
||||
log_type: "'syslog'"
|
||||
loglevel: 1
|
||||
mail_domain: "'{{net_soa}}'"
|
||||
mail_smtphost: "'{{DMZ}}'"
|
||||
mail_smtpmode: "'smtp'"
|
||||
|
|
|
@ -33,12 +33,26 @@
|
|||
msg: php
|
||||
### ⇐ UPSTREAM END ###
|
||||
|
||||
- name: enable PHP extension imagick
|
||||
- name: enable PHP extensions
|
||||
lineinfile:
|
||||
path: /etc/php/conf.d/imagick.ini
|
||||
path: /etc/php/conf.d/{{item}}.ini
|
||||
backrefs: true
|
||||
regexp: '^;*(extension=imagick)\s*$'
|
||||
regexp: '^;\s*(extension\s*=\s*{{item}}).*$'
|
||||
line: '\1'
|
||||
with_items:
|
||||
- apcu
|
||||
- geoip
|
||||
- imagick
|
||||
|
||||
- name: alter PHP APCu configuration lines
|
||||
lineinfile:
|
||||
path: /etc/php/conf.d/apcu.ini
|
||||
regexp: '^;*{{item.name}}\s*='
|
||||
line: '{{item.name}}={{item.value}}'
|
||||
with_items:
|
||||
- {name: 'apc.enable_cli', value: 1}
|
||||
notify:
|
||||
- restart php-fpm.service (front)
|
||||
|
||||
- name: activate PHP extensions
|
||||
lineinfile:
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
- name: enable and start cups
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
name: org.cups.cupsd.service
|
||||
name: cups.service
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
|
|
|
@ -15,10 +15,8 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"privatebin"
|
||||
]
|
||||
packages:
|
||||
- privatebin
|
||||
aur_user: git
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
|
|
|
@ -19,10 +19,8 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"pyruse"
|
||||
]
|
||||
packages:
|
||||
- pyruse
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
- name: merge upstream
|
||||
|
|
|
@ -226,13 +226,12 @@
|
|||
with_items: "{{ldap_virtual_users}}"
|
||||
|
||||
- name: all users’ properties LDIF
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "uid={{item.uid}},ou=Users,{{ldap_root}}"
|
||||
name: "{{item.attr}}"
|
||||
values: "{{item.value}}"
|
||||
attributes: '{"{{item.attr}}": "{{item.value}}"}'
|
||||
state: exact
|
||||
with_items: "{{ldap_users_attrs}}"
|
||||
|
||||
|
@ -250,13 +249,13 @@
|
|||
with_items: "{{ldap_system_groups}}"
|
||||
|
||||
- name: declare existing groups’ members
|
||||
ldap_attr:
|
||||
ldap_attrs:
|
||||
server_uri: ldapi://%2Frun%2Fshared_sockets%2Fldapi/
|
||||
bind_dn: "cn=root,{{ldap_root}}"
|
||||
bind_pw: "{{ldap_rootpw}}"
|
||||
dn: "cn={{item.group}},ou=Groups,{{ldap_root}}"
|
||||
name: memberuid
|
||||
values: "{{item.member}}"
|
||||
attributes:
|
||||
memberuid: "{{item.member}}"
|
||||
state: present
|
||||
with_items: "{{ldap_system_group_members}}"
|
||||
|
||||
|
|
|
@ -5,3 +5,4 @@
|
|||
|
||||
dependencies:
|
||||
- role: cleanupdate
|
||||
- role: dmz_nginx
|
||||
|
|
|
@ -22,15 +22,13 @@
|
|||
name: aur.inc
|
||||
allow_duplicates: true
|
||||
vars:
|
||||
pkg_names: |
|
||||
[
|
||||
"lua51-lualdap-git",
|
||||
"ssowat-git"
|
||||
]
|
||||
packages:
|
||||
- lua51-lualdap-git
|
||||
- ssowat-git
|
||||
aur_user: git
|
||||
# USUALLY NOT UP-TO-DATE… :-(
|
||||
# "nginx-mainline-mod-ndk",
|
||||
# "nginx-mainline-mod-lua",
|
||||
# - nginx-mainline-mod-ndk
|
||||
# - nginx-mainline-mod-lua
|
||||
|
||||
### UPSTREAM END ⇒ ###
|
||||
- name: merge upstream
|
||||
|
|
Loading…
Reference in New Issue