init

tasks/database.yml

@@ -0,0 +1,20 @@
+---
+- name: "database | Erstelle Datenbank"
+  ansible.builtin.mysql_db:
+    name: "{{ lstu_db }}"
+    state: present
+    login_unix_socket: "{{ mysql_socket }}"
+    login_user: root
+  delegate_to: "{{ database_host }}"
+
+- name: "database | Erstelle Benuzter"
+  ansible.builtin.mysql_user:
+    name: "{{ lstu_db_user }}"
+    password: "{{ lstu_db_password }}"
+    host: "{{ inventory_hostname }}"
+    priv: "{{ lstu_db }}.*:ALL"
+    update_password: on_create
+    state: present
+    login_unix_socket: "{{ mysql_socket }}"
+    login_user: root
+  delegate_to: "{{ database_host }}"

tasks/gateway.yml

@@ -0,0 +1,27 @@
+---
+- name: "gateway | Domain zur Zertifikatsliste hinzufügen"
+  ansible.builtin.lineinfile:
+    path: /etc/dehydrated/domains.txt
+    insertafter: "^# systemausfall"
+    line: "{{ lstu.domain }}"
+  notify: get certificate
+  tags: gateway_cert
+
+- name: "gateway | Kopiere Konfigurations-Snippet"
+  ansible.builtin.copy:
+    src: lstu.conf
+    dest: /etc/nginx/snippets
+    mode: 0644
+
+- name: "gateway | Proxy einrichten"
+  ansible.builtin.template:
+    src: nginx-rp-site.j2
+    dest: "/etc/nginx/sites-available/{{ lstu.domain }}"
+    mode: 0644
+
+- name: "gateway | Seite aktivieren"
+  ansible.builtin.file:
+    src: "/etc/nginx/sites-available/{{ lstu.domain }}"
+    dest: "/etc/nginx/sites-enabled/{{ lstu.domain }}"
+    state: link
+  notify: reload nginx

tasks/lstu.yml

@@ -0,0 +1,114 @@
+- name: "lstu | Ermittle aktuellen Tag"
+  ansible.builtin.shell:
+    cmd: curl -s "{{ lstu_api_url }}" | jq '.[]' | jq -r '.name' | head -1
+    warn: false
+  changed_when: false
+  register: latest_tag
+
+- name: "lstu | Erstelle Verzeichnisse"
+  ansible.builtin.file:
+    path: "{{ lstu.path }}"
+    state: directory
+    owner: "{{ lstu_user }}"
+    group:  "{{ lstu_user }}"
+    mode: 0755
+    recurse: true
+
+- name: "lstu | Klone Git"
+  ansible.builtin.git:
+    repo: "{{ lstu_git_url }}"
+    dest: "{{ lstu.path }}"
+    force: true
+    version: "{{ latest_tag.stdout }}"
+
+- name: "lstu | Kopiere Konfiguration"
+  ansible.builtin.copy:
+    src: "{{ lstu.path }}/lstu.conf.template"
+    dest: "{{ lstu.path }}/lstu.conf"
+    mode: 0640
+    remote_src: true
+    force: false
+  register: configuration
+
+- name: "lstu | Installiere Abhängigkeiten"
+  ansible.builtin.shell:
+    #cmd: carton install --deployment  --without=test --without=sqlite --without=postgresql --without=ldap --without=htpasswd --without=cache
+    cmd: carton install --without=test --without=sqlite --without=postgresql --without=ldap --without=htpasswd --without=cache
+    chdir: "{{ lstu.path }}"
+  when: configuration.changed
+
+- name: "lstu | set ownership"
+  ansible.builtin.file:
+    path: "{{ lstu.path }}"
+    owner: "{{ lstu_user }}"
+    group: "{{ lstu_user }}"
+    recurse: true
+
+ 
+- name: "lstu | edit config"
+  ansible.builtin.lineinfile: 
+    path="{{ lstu.path }}/lstu.conf"
+    regexp="{{ item.regexp }}"
+    line="{{ item.line }}"
+    state=present
+    backup=no
+    backrefs=no
+  loop:
+    - { regexp: '^\s*#contact.*$', line: "    contact => '{{ lstu.contact }}'," }
+    - { regexp: '^\s*#dbtype.*$', line: "    dbtype => 'mysql'," }
+    - { regexp: '^\s*listen\s*=>.*$', line: "        listen => ['http://0.0.0.0:8080']," }
+    - { regexp: '^\s*#proxy\s*=>.*$', line: "        proxy => 1," }
+    - { regexp: '^\s*#really_delete_urls\s*=>.*$', line: "        really_delete_urls =>  1," }
+    - { regexp: '^\s*#secret\s*=>.*$', line: "        secret => ['{{ lstu_cookie_secret }}']," }
+    - { regexp: '^\s*#adminpwd\s*=>.*$', line: "        adminpwd => '{{ lstu.admin_passwd }}'," }
+  tags: lstu_conf
+
+- name: "lstu | edit config (db)"
+  ansible.builtin.blockinfile:
+    path: "{{ lstu.path }}/lstu.conf"
+    insertbefore: '^\s*#mysqldb.*$'
+    block: |
+      mysqldb => {
+         database => '{{ lstu_db }}',
+         host     => '{{ database_host }}',
+         # optional, default is 3306
+         #port     => 3306,
+         user     => '{{ lstu_db_user }}',
+         pwd      => '{{ lstu_db_password }}',
+         # optional, default is 5 (set to 0 to disable persistent connections)
+         #max_connections => 5,
+      },
+
+
+- name: "lstu | Kopiere systemd-Unit"
+  ansible.builtin.template:
+    src: lstu.service.j2
+    dest: "/etc/systemd/system/{{ lstu_service }}"
+    mode: 0644
+  notify: restart lstu
+
+- name: "lstu | Prüfe Theme-Verzeichnis"
+  ansible.builtin.stat:
+    path: "{{ lstu.path }}/themes/{{ lstu_theme }}"
+  register: theme
+
+
+# - name: "lstu | Kopiere Update-Skript"
+  # ansible.builtin.template:
+    # src: lstu-updater.j2
+    # dest: "/usr/local/bin/lstu-updater"
+    # mode: 0755
+
+# - name: "lstu | Cron für Auto-Updates"
+  # ansible.builtin.cron:
+    # name: lstu Aktualisierungen
+    # hour: "3"
+    # minute: "3"
+    # job: "chronic /usr/local/bin/lstu-updater"
+
+- name: "lstu | Monit-Überwachung"
+  ansible.builtin.template:
+    src: monit.j2
+    dest: /etc/monit/conf-available/lstu
+    mode: 0644
+  notify: reload monit

tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- import_tasks: packages.yml
+  tags: packages
+  
+- import_tasks: user.yml
+  tags: user
+
+- import_tasks: database.yml
+  tags: database
+
+- import_tasks: lstu.yml
+  tags: lstu
+
+- import_tasks: gateway.yml
+  tags: gateway
+  delegate_to: "{{ gateway_host }}"

tasks/packages.yml

@@ -0,0 +1,18 @@
+---
+- name: "packages: Abhängigkeiten installieren"
+  ansible.builtin.apt:
+    pkg:
+      - carton
+      - curl
+      - monit
+      - make
+      - build-essential
+      - libssl-dev
+      - zlib1g-dev
+      - libpng-dev
+      - libmariadbd-dev
+      - jq
+      - libmojo-sqlite-perl
+      - libdbd-mysql-perl
+      - git
+    update_cache: yes   

tasks/user.yml

@@ -0,0 +1,6 @@
+---
+- name: "user: Systemkonto anlegen"
+  ansible.builtin.user:
+    name: "{{ lstu_user }}"
+    shell: /bin/bash
+    password_lock: true