diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/ttrss/tasks | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/ttrss/tasks')
-rw-r--r-- | roles/ttrss/tasks/database.yml | 26 | ||||
-rw-r--r-- | roles/ttrss/tasks/freeipa.yml | 46 | ||||
-rw-r--r-- | roles/ttrss/tasks/main.yml | 96 |
3 files changed, 168 insertions, 0 deletions
diff --git a/roles/ttrss/tasks/database.yml b/roles/ttrss/tasks/database.yml new file mode 100644 index 0000000..ca20eeb --- /dev/null +++ b/roles/ttrss/tasks/database.yml @@ -0,0 +1,26 @@ +- name: create database + postgresql_db: + name: '{{ ttrss_db_name }}' + state: present + delegate_to: "{{ postgresql_inventory_host }}" + become: yes + become_user: postgres + +- name: create database user + postgresql_user: + name: '{{ ttrss_user }}' + db: '{{ ttrss_db_name }}' + priv: ALL + state: present + delegate_to: "{{ postgresql_inventory_host }}" + become: yes + become_user: postgres + +- name: update database schema + command: php {{ ttrss_home }}/update.php --update-schema=force-yes + become: yes + become_user: apache + environment: + GSS_USE_PROXY: 'yes' + register: ttrss_update_schema + changed_when: ttrss_update_schema.stdout is not search('Database schema is already at latest version') diff --git a/roles/ttrss/tasks/freeipa.yml b/roles/ttrss/tasks/freeipa.yml new file mode 100644 index 0000000..a8d4ddf --- /dev/null +++ b/roles/ttrss/tasks/freeipa.yml @@ -0,0 +1,46 @@ +- name: create user + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ ttrss_user }}' + loginshell: /sbin/nologin + homedir: '{{ ttrss_home }}' + givenname: TinyTinyRSS + sn: Service Account + state: present + run_once: yes + +- name: retrieve user keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: '{{ ttrss_user }}' + keytab_path: '{{ ttrss_keytab }}' + +- name: configure gssproxy for kerberized postgres + include_role: + name: gssproxy_client + vars: + gssproxy_name: ttrss + gssproxy_section: service/php-fpm + gssproxy_client_keytab: '{{ ttrss_keytab }}' + gssproxy_cred_usage: initiate + gssproxy_euid: apache + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ ttrss_access_group }}' + nonposix: yes + state: present + run_once: yes + +- name: create admin group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ ttrss_admin_group }}' + nonposix: yes + state: present + run_once: yes diff --git a/roles/ttrss/tasks/main.yml b/roles/ttrss/tasks/main.yml new file mode 100644 index 0000000..13cd9b0 --- /dev/null +++ b/roles/ttrss/tasks/main.yml @@ -0,0 +1,96 @@ +- name: install packages + dnf: + name: '{{ ttrss_packages }}' + state: present + +- name: create webroot + file: + path: '{{ ttrss_home }}' + state: directory + +- name: clone git repository + git: + repo: '{{ ttrss_git_repo }}' + dest: '{{ ttrss_home }}' + version: '{{ ttrss_version }}' + update: yes + +- name: set httpd_sys_rw_content_t selinux context for writable directories + sefcontext: + target: '{{ ttrss_home }}/{{ item }}(/.*)?' + setype: httpd_sys_rw_content_t + state: present + loop: '{{ ttrss_writable_dirs }}' + register: ttrss_writeable_sefcontext + +- name: apply selinux context to writeable directories + command: 'restorecon -R {{ ttrss_home }}/{{ item }}' + when: ttrss_writeable_sefcontext.results[index].changed + loop: '{{ ttrss_writable_dirs }}' + loop_control: + index_var: index + +- name: set permissions on writable directories + file: + path: '{{ ttrss_home }}/{{ item }}' + mode: 0775 + owner: root + group: apache + setype: httpd_sys_rw_content_t + loop: '{{ ttrss_writable_dirs }}' + +- import_tasks: freeipa.yml + tags: freeipa + +- name: create auth_freeipa plugin directory + file: + path: '{{ ttrss_home }}/plugins.local/auth_freeipa' + state: directory + +- name: download auth_freeipa plugin + get_url: + url: '{{ ttrss_freeipa_plugin_url }}' + dest: '{{ ttrss_home }}/plugins.local/auth_freeipa/init.php' + +- name: generate config file + template: + src: '{{ ttrss_home[1:] }}/config.php.j2' + dest: '{{ ttrss_home }}/config.php' + +- import_tasks: database.yml + tags: database + +- name: generate systemd unit for updating feeds + template: + src: etc/systemd/system/ttrss.service.j2 + dest: /etc/systemd/system/ttrss.service + register: ttrss_unit + +- name: reload systemd units + systemd: + name: ttrss + state: restarted + daemon_reload: yes + when: ttrss_unit.changed + +- name: start background feed updates + systemd: + name: ttrss + enabled: yes + state: started + +- name: generate update script + template: + src: 'usr/local/sbin/ttrss-update.sh.j2' + dest: '/usr/local/sbin/ttrss-update.sh' + mode: 0555 + +- name: create ttrss-update timer + include_role: + name: systemd_timer + vars: + timer_name: ttrss-update + timer_description: Update ttrss + timer_after: network.target + timer_on_calendar: '{{ ttrss_update_on_calendar }}' + timer_exec: /usr/local/sbin/ttrss-update.sh |