๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/rest-server/tasks/install.yml

163 lines
4.2 KiB

2 years ago
- name: install dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- apache2-utils
- py3-passlib
- fuse
- restic
- libcap
- name: install rest-server
include_tasks: tasks/install_packages.yml
vars:
package:
- rest-server
- rest-server-openrc
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
dir: "{{ rest_server_data_dir }}"
notify: restart rest-server
- name: create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
loop:
- "{{ rest_server_conf_dir }}"
- "{{ rest_server_data_dir }}"
- name: create password directory
file:
path: "{{ rest_server_passwd_dir }}"
state: directory
mode: 0700
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
- name: edit service config
lineinfile:
path: /etc/conf.d/rest-server
regexp: "^{{ item.name | upper }}="
line: "{{ item.name | upper }}=\"{{ item.value }}\""
notify: restart rest-server
loop:
- name: rest_user
value: "{{ rest_server_user }}"
- name: rest_group
value: "{{ rest_server_group }}"
- name: rest_server_path
value: "{{ rest_server_data_dir }}"
- name: rest_server_opts
value: "{{ [('--append-only' if (rest_server_append_mode | d(false) == true) else ''),
'--listen :' ~ rest_server_port,
(('--max-size ' ~ (rest_server_max_size | quote)) if (rest_server_max_size is defined) else ''),
('--private-repos' if (rest_server_private_repos | d(false) == true) else ''),
('--tls' if host_tls else ''),
(('--tls-key ' ~ (rest_server_tls_key_file | quote)) if host_tls else ''),
(('--tls-cert ' ~ (rest_server_tls_cert_file | quote)) if host_tls else '')
] | select() | list | join(' ') }}"
- name: add logging to init script
lineinfile:
path: /etc/init.d/rest-server
line: "start_stop_daemon_args=\"--stdout-logger logger --stderr-logger logger\""
insertafter: "^pidfile="
firstmatch: yes
notify: restart rest-server
- name: add setcap to init script
lineinfile:
path: /etc/init.d/rest-server
line: "\tsetcap 'cap_net_bind_service=+ep' /usr/bin/rest-server"
insertafter: '^start_pre\(\)'
firstmatch: yes
notify: restart rest-server
- block:
- name: deploy ECC cert
include_role:
name: certs
vars:
common:
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
post_hook: service rest-server restart
notify: restart rest-server
ecc: yes
certs:
- id: rest-server-ecc
cert: "{{ rest_server_tls_cert_file }}"
key: "{{ rest_server_tls_key_file }}"
when: host_tls
- name: initialize htpasswd
file:
path: "{{ rest_server_data_dir }}/.htpasswd"
state: touch
mode: 0400
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
modification_time: preserve
access_time: preserve
notify: restart rest-server
- name: template maintenance script
template:
src: maintenance.j2
dest: "{{ rest_server_conf_dir }}/maintenance.sh"
mode: 0500
force: no
lstrip_blocks: yes
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
- name: create cron job for maintenance script
cron:
name: rest-server-maintenance
minute: "{{ rest_server_maintenance_schedule.minute | d(0) }}"
hour: "{{ rest_server_maintenance_schedule.hour | d(5) }}"
weekday: "{{ rest_server_maintenance_schedule.weekday | d(6) }}"
job: "{{ rest_server_conf_dir }}/maintenance.sh"
user: "{{ rest_server_user }}"
- name: flush handlers
meta: flush_handlers
- name: setup extra backup repositories
include_role:
name: rest-server
vars:
function: add_repo
repo: "{{ rp }}"
loop: "{{ rest_server_backup_repos | d([]) }}"
loop_control:
loop_var: rp
- name: enable and start rest-server
service:
name: rest-server
enabled: yes
state: started