Inital commit

README.md

@@ -0,0 +1,4 @@
+Uptime Kuma
+===========
+
+This role installs [Uptime Kuma](https://github.com/louislam/uptime-kuma), a self hosted monitoring tool.

defaults/main.yml

@@ -0,0 +1,10 @@
+---
+uptimekuma_github_api_url: https://api.github.com/repos/louislam/uptime-kuma/releases/latest
+uptimekuma_git_url: https://github.com/louislam/uptime-kuma.git
+
+uptimekuma_home: /opt/uptime-kuma
+uptimekuma_user: uptimekuma
+uptimekuma_user_home: /var/lib/uptimekuma
+
+uptimekuma_service: uptime-kuma.service
+uptimekuma_version_file: "{{ uptimekuma_home }}/.version"

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart uptime-kuma
+  systemd:
+    name: "{{ uptimekuma_service }}"
+    daemon_reload: true
+    state: restarted

meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  author: Sense.Lab e.V. admins
+  description: Role to install Uptime Kuma
+  license: GPLv3
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Debian
+      versions:
+        - bullseye

tasks/install.yml

@@ -0,0 +1,80 @@
+---
+- name: "Install | Configure git safe.directory"
+  ansible.builtin.command:
+    cmd: "git config --global --add safe.directory {{ uptimekuma_home }}"
+
+- name: "install | Create group"
+  group:
+    name: "{{ uptimekuma_user }}"
+    state: present
+
+- name: "install | create system account"
+  user:
+    name: "{{ uptimekuma_user }}"
+    group: "{{ uptimekuma_user }}"
+    home: "{{ uptimekuma_user_home }}"
+    shell: /bin/bash
+    password_lock: yes
+    system: yes
+
+- name: "install | Check for latest version"
+  shell:
+    cmd: curl -sL "{{ uptimekuma_github_api_url }}" | jq -r ".tag_name"
+  changed_when: false
+  register: latest_version
+
+- name: "install | Get Git Repository"
+  git:
+    repo: "{{ uptimekuma_git_url }}"
+    dest: "{{ uptimekuma_home }}"
+    version: "{{ latest_version.stdout }}"
+    force: yes
+
+- name: "install | Copy version file (needed for update script)"
+  template:
+    src: version.j2
+    dest: "{{ uptimekuma_version_file }}"
+    owner: "{{ uptimekuma_user }}"
+    group: "{{ uptimekuma_user }}"
+
+- name: "install | Change ownership"
+  file:
+    path: "{{ uptimekuma_home }}"
+    state: directory
+    owner: "{{ uptimekuma_user }}"
+    group: "{{ uptimekuma_user }}"
+    recurse: true
+
+- name: "install | Install npm packages"
+  command:
+    cmd: npm run setup
+    chdir: "{{ uptimekuma_home }}"
+  become: true
+  become_user: "{{ uptimekuma_user }}"
+  notify: restart uptime-kuma
+
+- name: "install | Copy systemd services file"
+  template:
+    src: uptime-kuma.service.j2
+    dest: "/etc/systemd/system/{{ uptimekuma_service }}"
+  notify: restart uptime-kuma
+
+- name: "install | Enable systemd service"
+  systemd:
+    name: uptime-kuma
+    enabled: true
+    daemon_reload: true
+    state: started
+
+- name: "install | Copy update script"
+  template:
+    src: uptime-kuma-updater.j2
+    dest: /usr/local/bin/uptime-kuma-updater
+    mode: "0755"
+
+- name: "install | Add cron job for updates"
+  cron:
+    name: Update Uptime Kuma
+    job: uptime-kuma-updater upgrade
+    hour: "01"
+    minute: "30"

tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- import_tasks: packages.yml
+  tags: packages
+
+- import_tasks: install.yml
+  tags: install

tasks/packages.yml

@@ -0,0 +1,19 @@
+---
+- name: "packages | Add nodesource apt key"
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+    keyring: /etc/apt/trusted.gpg.d/nodesource.gpg
+
+- name: "packages | Add nodesource repository"
+  apt_repository:
+    repo: "deb https://deb.nodesource.com/node_14.x {{ ansible_distribution_release }} main"
+    state: present
+
+- name: "packages | Install apt packages"
+  apt:
+    default_release: "{{ ansible_distribution_release }}-backports"
+    state: latest
+    pkg:
+      - nodejs
+
+

templates/nginx.j2

@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    server_name {{ uptimekuma_domain }};
+    include snippets/letsencrypt.conf;
+    location / { return 301 https://$http_host$request_uri; }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{ uptimekuma_domain }};
+    ssl_certificate /var/lib/dehydrated/certs/{{ uptimekuma_domain }}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/{{ uptimekuma_domain }}/privkey.pem;
+    include /etc/nginx/snippets/add_headers.conf;
+
+    location / {
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   Host $host;
+    proxy_http_version 1.1;
+    proxy_set_header   Upgrade $http_upgrade;
+    proxy_set_header   Connection "upgrade";
+    proxy_pass         http://{{ inventory_hostname }}:{{ uptimekuma_port }};
+    }
+}

templates/uptime-kuma-updater.j2

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# Update script for Uptime Kuma
+# {{ ansible_managed }}
+
+set -eu
+
+USER={{ uptimekuma_user }}
+PROJECT_URL={{ uptimekuma_github_api_url }}
+INSTALL_PATH={{ uptimekuma_home }}
+UPTIME_KUMA_SERVICE={{ uptimekuma_service }}
+VERSION_FILE={{ uptimekuma_version_file }}
+
+get_latest_version() {
+    curl -sL "$PROJECT_URL" | jq -r ".tag_name"
+}
+
+get_installed_version() {
+    # return the currently installed version (or empty, if not installed)
+    cat "$VERSION_FILE" 2>/dev/null || true
+}
+
+if [ $# -gt 0 ]; then
+    ACTION=$1
+    shift
+else
+    ACTION=status
+fi
+
+case "$ACTION" in
+    status)
+        printf 'Currently installed version:\t%s\n' "$(get_installed_version)"
+        printf 'Latest available version:\t%s\n' "$(get_latest_version)"
+        ;;
+    upgrade)
+        wanted_version=${1:-latest}
+        [ "$wanted_version" = "latest" ] && wanted_version=$(get_latest_version)
+        if [ "$wanted_version" = "$(get_installed_version)" ]; then
+            echo "Version '$wanted_version' is already installed. Nothing needs to be done."
+        else
+            echo "Update Uptime Kuma to latest version '$wanted_version' ..."
+            cd "$INSTALL_PATH"
+            systemctl stop "$UPTIME_KUMA_SERVICE"
+            sudo -u "$USER" git fetch --all
+            sudo -u "$USER" git checkout "$(get_latest_version)" --force
+            sudo -u "$USER" npm install --production
+            sudo -u "$USER" npm run download-dist
+            sudo -u "$USER" echo "$(get_latest_version)" > "$VERSION_FILE"
+            systemctl start "$UPTIME_KUMA_SERVICE"
+        fi
+        ;;
+    help|--help)
+        echo "Syntax: $(basename "$0") ACTION"
+        echo "    upgrade [VERSION]       - upgrade to the specified version (default: latest)"
+        echo "    status                  - output the currently installed and latest available version"
+        echo
+        ;;
+    *)
+        "$0" help >&2
+        exit 1
+        ;;
+esac

templates/uptime-kuma.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Uptime-Kuma - A free and open source uptime monitoring solution
+Documentation=https://github.com/louislam/uptime-kuma
+After=network.target
+
+[Service]
+Type=simple
+User={{ uptimekuma_user }}
+Environment=HOST=0.0.0.0
+Environment=PORT={{ uptimekuma_port }}
+WorkingDirectory={{ uptimekuma_home }}
+ExecStart=/usr/bin/npm run start-server
+Restart=on-failure
+
+# Hardening to improve security
+ProtectControlGroups=true
+ProtectHome=true
+ProtectSystem=strict
+PrivateMounts=true
+PrivateTmp=true
+ReadWritePaths={{ uptimekuma_home }}
+
+[Install]
+WantedBy=multi-user.target

templates/version.j2

@@ -0,0 +1 @@
+{{ latest_version.stdout }}