initial commit

9 files changed, 190 insertions, 0 deletions

diff --git a/roles/gathio/defaults/main.yml b/roles/gathio/defaults/main.yml
new file mode 100644
index 0000000..817e2e3
--- /dev/null
+++ b/roles/gathio/defaults/main.yml
@@ -0,0 +1,5 @@
+gathio_version: master
+gathio_user: gathio
+gathio_port: 8080
+gathio_from_address: 'events-noreply@{{ email_domain }}'
+gathio_domain: '{{ ansible_fqdn }}:{{ gathio_port }}'
diff --git a/roles/gathio/handlers/main.yml b/roles/gathio/handlers/main.yml
new file mode 100644
index 0000000..fdafc98
--- /dev/null
+++ b/roles/gathio/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart gathio
+  systemd:
+    name: gathio
+    state: restarted
diff --git a/roles/gathio/meta/main.yml b/roles/gathio/meta/main.yml
new file mode 100644
index 0000000..8c1c42e
--- /dev/null
+++ b/roles/gathio/meta/main.yml
@@ -0,0 +1,6 @@
+dependencies:
+  - role: yum
+    yum_repositories:
+      - epel
+      - mongodb-6.0
+    tags: yum
diff --git a/roles/gathio/tasks/main.yml b/roles/gathio/tasks/main.yml
new file mode 100644
index 0000000..17abbcf
--- /dev/null
+++ b/roles/gathio/tasks/main.yml
@@ -0,0 +1,102 @@
+- name: install packages
+  dnf:
+    name: '{{ gathio_packages }}'
+    state: present
+
+- name: create SELinux policy for mongodb
+  include_role:
+    name: selinux_policy
+    apply:
+      tags: selinux
+  vars:
+    selinux_policy_name: mongodb_custom
+    selinux_policy_te: '{{ gathio_mongodb_selinux_policy_te }}'
+  tags: selinux
+
+- name: enable mongodb
+  systemd:
+    name: mongod
+    state: started
+    enabled: yes
+
+- name: create gathio user
+  user:
+    name: '{{ gathio_user }}'
+    system: yes
+    home: '{{ gathio_home }}'
+    shell: /sbin/nologin
+    create_home: no
+
+- name: create gathio home
+  file:
+    path: '{{ gathio_home }}'
+    owner: '{{ gathio_user }}'
+    group: '{{ gathio_user }}'
+    mode: 0755
+    state: directory
+
+- name: disable npm package lock
+  lineinfile:
+    regexp: ^package-lock=
+    line: package-lock=false
+    path: '{{ gathio_home }}/.npmrc'
+    create: yes
+    owner: '{{ gathio_user }}'
+    group: '{{ gathio_user }}'
+    mode: 0600
+    state: present
+
+- name: clone gathio repository
+  git:
+    repo: '{{ gathio_git_repo }}'
+    dest: '{{ gathio_install_dir }}'
+    version: '{{ gathio_version }}'
+    force: yes
+    update: yes
+  become: yes
+  become_user: '{{ gathio_user }}'
+  register: gathio_git
+  notify: restart gathio
+
+- name: install npm dependencies
+  npm:
+    path: '{{ gathio_install_dir }}'
+    production: yes
+    no_optional: no
+  become: yes
+  become_user: '{{ gathio_user }}'
+  when: gathio_git.changed
+  notify: restart gathio
+
+- name: generate gathio configuration
+  template:
+    src: '{{ gathio_install_dir[1:] }}/config/{{ item }}.j2'
+    dest: '{{ gathio_install_dir }}/config/{{ item }}'
+    owner: '{{ gathio_user }}'
+    group: '{{ gathio_user }}'
+    mode: 0440
+  loop:
+    - api.js
+    - database.js
+    - domain.js
+  notify: restart gathio
+
+- name: create gathio systemd unit
+  template:
+    src: etc/systemd/system/gathio.service.j2
+    dest: /etc/systemd/system/gathio.service
+  register: gathio_unit
+  notify: restart gathio
+
+- name: reload systemd daemons
+  systemd:
+    daemon_reload: yes
+  when: gathio_unit.changed
+
+- name: open firewall ports
+  firewalld:
+    port: '{{ gathio_port }}/tcp'
+    permanent: yes
+    immediate: yes
+    state: enabled
+  tags: firewalld
diff --git a/roles/gathio/templates/etc/systemd/system/gathio.service.j2 b/roles/gathio/templates/etc/systemd/system/gathio.service.j2
new file mode 100644
index 0000000..dcf5812
--- /dev/null
+++ b/roles/gathio/templates/etc/systemd/system/gathio.service.j2
@@ -0,0 +1,34 @@
+[Unit]
+Description=gathio event manager
+After=network.target
+AssertPathExists={{ gathio_install_dir }}
+
+[Service]
+Type=simple
+Environment="NODE_ENV=production"
+EnvironmentFile=-/etc/sysconfig/gathio
+ExecStart=/usr/bin/node start.js
+WorkingDirectory={{ gathio_install_dir }}
+User={{ gathio_user }}
+Group={{ gathio_user }}
+Restart=on-failure
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+# for details
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
+
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2
new file mode 100644
index 0000000..9ccbd8c
--- /dev/null
+++ b/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2
@@ -0,0 +1,6 @@
+module.exports = {
+    'smtpServer': '127.0.0.1',
+    'smtpPort': '25',
+    'smtpUsername': '',
+    'smtpPassword': ''
+};
diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2
new file mode 100644
index 0000000..120fc64
--- /dev/null
+++ b/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2
@@ -0,0 +1,3 @@
+module.exports = {
+  'url' : 'mongodb://localhost:27017/gathio'
+};
diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2
new file mode 100644
index 0000000..0815294
--- /dev/null
+++ b/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2
@@ -0,0 +1,10 @@
+module.exports = {
+  'domain' : '{{ gathio_domain }}' ,
+  'port': '{{ gathio_port }}',
+  'email': '{{ gathio_from_address }}',
+  'mailService': 'nodemailer',
+  'sitename': 'gathio',
+  'isFederated': false,
+  'logo_url': '',
+  'showKofi': false,
+};
diff --git a/roles/gathio/vars/main.yml b/roles/gathio/vars/main.yml
new file mode 100644
index 0000000..68f584b
--- /dev/null
+++ b/roles/gathio/vars/main.yml
@@ -0,0 +1,20 @@
+gathio_packages:
+  - mongodb-org
+  - nodejs
+  - git
+
+gathio_git_repo: https://github.com/lowercasename/gathio
+gathio_home: /var/lib/gathio
+gathio_install_dir: '{{ gathio_home }}/gathio'
+
+gathio_mongodb_selinux_policy_te: |
+  require {
+    type sysctl_fs_t;
+    type var_lib_nfs_t;
+    type mongod_t;
+    class dir search;
+  }
+
+  #============= mongod_t ==============
+  allow mongod_t sysctl_fs_t:dir search;
+  allow mongod_t var_lib_nfs_t:dir search;