dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: bdbca4a90e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bdbca4a90e'
${ noResults }
ansible-playbooks/roles/rest-server/tasks/install.yml

162 lines
4.2 KiB
Raw Blame History

- name: install dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- apache2-utils
- py3-passlib
- fuse
- restic
- libcap
- name: install rest-server
include_tasks: tasks/install_packages.yml
vars:
package:
- rest-server
- rest-server-openrc
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
dir: "{{ rest_server_data_dir }}"
notify: restart rest-server
- name: create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
loop:
- "{{ rest_server_conf_dir }}"
- "{{ rest_server_data_dir }}"
- name: create password directory
file:
path: "{{ rest_server_passwd_dir }}"
state: directory
mode: 0700
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
- name: edit service config
lineinfile:
path: /etc/conf.d/rest-server
regexp: "^{{ item.name | upper }}="
line: "{{ item.name | upper }}=\"{{ item.value }}\""
notify: restart rest-server
loop:
- name: rest_user
value: "{{ rest_server_user }}"
- name: rest_group
value: "{{ rest_server_group }}"
- name: rest_server_path
value: "{{ rest_server_data_dir }}"
- name: rest_server_opts
value: "{{ [('--append-only' if (rest_server_append_mode | d(false) == true) else ''),
'--listen :' ~ rest_server_port,
(('--max-size ' ~ (rest_server_max_size | quote)) if (rest_server_max_size is defined) else ''),
('--private-repos' if (rest_server_private_repos | d(false) == true) else ''),
('--tls' if host_tls else ''),
(('--tls-key ' ~ (rest_server_tls_key_file | quote)) if host_tls else ''),
(('--tls-cert ' ~ (rest_server_tls_cert_file | quote)) if host_tls else '')
] | select() | list | join(' ') }}"
- name: add logging to init script
lineinfile:
path: /etc/init.d/rest-server
line: "start_stop_daemon_args=\"--stdout-logger logger --stderr-logger logger\""
insertafter: "^pidfile="
firstmatch: yes
notify: restart rest-server
- name: add setcap to init script
lineinfile:
path: /etc/init.d/rest-server
line: "\tsetcap 'cap_net_bind_service=+ep' /usr/bin/rest-server"
insertafter: '^start_pre\(\)'
firstmatch: yes
notify: restart rest-server
- block:
- name: deploy ECC cert
include_role:
name: certs
vars:
common:
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
post_hook: service rest-server restart
notify: restart rest-server
ecc: yes
certs:
- id: rest-server-ecc
cert: "{{ rest_server_tls_cert_file }}"
key: "{{ rest_server_tls_key_file }}"
when: host_tls
- name: initialize htpasswd
file:
path: "{{ rest_server_data_dir }}/.htpasswd"
state: touch
mode: 0400
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
modification_time: preserve
access_time: preserve
notify: restart rest-server
- name: template maintenance script
template:
src: maintenance.j2
dest: "{{ rest_server_conf_dir }}/maintenance.sh"
mode: 0500
force: no
lstrip_blocks: yes
owner: "{{ rest_server_user }}"
group: "{{ rest_server_group }}"
- name: create cron job for maintenance script
cron:
name: rest-server-maintenance
minute: "{{ rest_server_maintenance_schedule.minute | d(0) }}"
hour: "{{ rest_server_maintenance_schedule.hour | d(5) }}"
weekday: "{{ rest_server_maintenance_schedule.weekday | d(6) }}"
job: "{{ rest_server_conf_dir }}/maintenance.sh"
user: "{{ rest_server_user }}"
- name: flush handlers
meta: flush_handlers
- name: setup extra backup repositories
include_role:
name: rest-server
vars:
function: add_repo
repo: "{{ rp }}"
loop: "{{ rest_server_backup_repos | d([]) }}"
loop_control:
loop_var: rp
- name: enable and start rest-server
service:
name: rest-server
enabled: yes
state: started