- name: install dependencies include_tasks: tasks/install_packages.yml vars: package: - apache2-utils - py3-passlib - fuse - restic - libcap - name: install rest-server include_tasks: tasks/install_packages.yml vars: package: - rest-server - rest-server-openrc - name: create user and group include_tasks: tasks/create_user.yml vars: user: name: "{{ rest_server_user }}" group: "{{ rest_server_group }}" dir: "{{ rest_server_data_dir }}" notify: restart rest-server - name: create directories file: path: "{{ item }}" state: directory owner: "{{ rest_server_user }}" group: "{{ rest_server_group }}" loop: - "{{ rest_server_conf_dir }}" - "{{ rest_server_data_dir }}" - name: create password directory file: path: "{{ rest_server_passwd_dir }}" state: directory mode: 0700 owner: "{{ rest_server_user }}" group: "{{ rest_server_group }}" - name: edit service config lineinfile: path: /etc/conf.d/rest-server regexp: "^{{ item.name | upper }}=" line: "{{ item.name | upper }}=\"{{ item.value }}\"" notify: restart rest-server loop: - name: rest_user value: "{{ rest_server_user }}" - name: rest_group value: "{{ rest_server_group }}" - name: rest_server_path value: "{{ rest_server_data_dir }}" - name: rest_server_opts value: "{{ [('--append-only' if (rest_server_append_mode | d(false) == true) else ''), '--listen :' ~ rest_server_port, (('--max-size ' ~ (rest_server_max_size | quote)) if (rest_server_max_size is defined) else ''), ('--private-repos' if (rest_server_private_repos | d(false) == true) else ''), ('--tls' if host_tls else ''), (('--tls-key ' ~ (rest_server_tls_key_file | quote)) if host_tls else ''), (('--tls-cert ' ~ (rest_server_tls_cert_file | quote)) if host_tls else '') ] | select() | list | join(' ') }}" - name: add logging to init script lineinfile: path: /etc/init.d/rest-server line: "start_stop_daemon_args=\"--stdout-logger logger --stderr-logger logger\"" insertafter: "^pidfile=" firstmatch: yes notify: restart rest-server - name: add setcap to init script lineinfile: path: /etc/init.d/rest-server line: "\tsetcap 'cap_net_bind_service=+ep' /usr/bin/rest-server" insertafter: '^start_pre\(\)' firstmatch: yes notify: restart rest-server - block: - name: deploy ECC cert include_role: name: certs vars: common: owner: "{{ rest_server_user }}" group: "{{ rest_server_group }}" post_hook: service rest-server restart notify: restart rest-server ecc: yes certs: - id: rest-server-ecc cert: "{{ rest_server_tls_cert_file }}" key: "{{ rest_server_tls_key_file }}" when: host_tls - name: initialize htpasswd file: path: "{{ rest_server_data_dir }}/.htpasswd" state: touch mode: 0400 owner: "{{ rest_server_user }}" group: "{{ rest_server_group }}" modification_time: preserve access_time: preserve notify: restart rest-server - name: template maintenance script template: src: maintenance.j2 dest: "{{ rest_server_conf_dir }}/maintenance.sh" mode: 0500 force: no lstrip_blocks: yes owner: "{{ rest_server_user }}" group: "{{ rest_server_group }}" - name: create cron job for maintenance script cron: name: rest-server-maintenance minute: "{{ rest_server_maintenance_schedule.minute | d(0) }}" hour: "{{ rest_server_maintenance_schedule.hour | d(5) }}" weekday: "{{ rest_server_maintenance_schedule.weekday | d(6) }}" job: "{{ rest_server_conf_dir }}/maintenance.sh" user: "{{ rest_server_user }}" - name: flush handlers meta: flush_handlers - name: setup extra backup repositories include_role: name: rest-server vars: function: add_repo repo: "{{ rp }}" loop: "{{ rest_server_backup_repos | d([]) }}" loop_control: loop_var: rp - name: enable and start rest-server service: name: rest-server enabled: yes state: started