diff options
Diffstat (limited to 'roles/hastebin')
-rw-r--r-- | roles/hastebin/defaults/main.yml | 9 | ||||
-rw-r--r-- | roles/hastebin/files/var/lib/hastebin/haste-server/static/index.html | 70 | ||||
-rw-r--r-- | roles/hastebin/handlers/main.yml | 4 | ||||
-rw-r--r-- | roles/hastebin/tasks/main.yml | 119 | ||||
-rw-r--r-- | roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 | 35 | ||||
-rw-r--r-- | roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 | 32 | ||||
-rw-r--r-- | roles/hastebin/vars/main.yml | 30 |
7 files changed, 299 insertions, 0 deletions
diff --git a/roles/hastebin/defaults/main.yml b/roles/hastebin/defaults/main.yml new file mode 100644 index 0000000..adbe279 --- /dev/null +++ b/roles/hastebin/defaults/main.yml @@ -0,0 +1,9 @@ +hastebin_version: master +hastebin_server_aliases: [] +hastebin_letsencrypt: no +hastebin_upload_cidrs: [] +hastebin_port: 8080 + +hastebin_expire_days: 0 + +hastebin_user: hastebin diff --git a/roles/hastebin/files/var/lib/hastebin/haste-server/static/index.html b/roles/hastebin/files/var/lib/hastebin/haste-server/static/index.html new file mode 100644 index 0000000..e7d71c1 --- /dev/null +++ b/roles/hastebin/files/var/lib/hastebin/haste-server/static/index.html @@ -0,0 +1,70 @@ +<html> + + <head> + + <title>hastebin</title> + <meta charset="utf-8" /> + <link rel="stylesheet" type="text/css" href="solarized_dark.css"/> + <link rel="stylesheet" type="text/css" href="application.css"/> + + <script type="text/javascript" src="jquery.min.js"></script> + <script type="text/javascript" src="highlight.min.js"></script> + <script type="text/javascript" src="application.min.js"></script> + + <meta name="robots" content="noindex,nofollow"/> + + <script type="text/javascript"> + var app = null; + // Handle pops + var handlePop = function(evt) { + var path = evt.target.location.pathname; + if (path === '/') { app.newDocument(true); } + else { app.loadDocument(path.substring(1, path.length)); } + }; + // Set up the pop state to handle loads, skipping the first load + // to make chrome behave like others: + // http://code.google.com/p/chromium/issues/detail?id=63040 + setTimeout(function() { + window.onpopstate = function(evt) { + try { handlePop(evt); } catch(err) { /* not loaded yet */ } + }; + }, 1000); + // Construct app and load initial path + $(function() { + app = new haste('hastebin', { twitter: false }); + handlePop({ target: window }); + }); + </script> + + </head> + + <body> + <ul id="messages"></ul> + + <div id="key"> + <div id="pointer" style="display:none;"></div> + <!--- + <div id="box1"> + <a href="/about.md" class="logo"></a> + </div> + ---> + <div id="box2"> + <button class="save function button-picture">Save</button> + <button class="new function button-picture">New</button> + <button class="duplicate function button-picture">Duplicate & Edit</button> + <button class="raw function button-picture">Just Text</button> + <button class="twitter function button-picture">Twitter</button> + </div> + <div id="box3" style="display:none;"> + <div class="label"></div> + <div class="shortcut"></div> + </div> + </div> + + <div id="linenos"></div> + <pre id="box" style="display:none;" class="hljs" tabindex="0"><code></code></pre> + <textarea spellcheck="false" style="display:none;"></textarea> + + </body> + +</html> diff --git a/roles/hastebin/handlers/main.yml b/roles/hastebin/handlers/main.yml new file mode 100644 index 0000000..2dd7dad --- /dev/null +++ b/roles/hastebin/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart hastebin + systemd: + name: hastebin + state: restarted diff --git a/roles/hastebin/tasks/main.yml b/roles/hastebin/tasks/main.yml new file mode 100644 index 0000000..75f4cba --- /dev/null +++ b/roles/hastebin/tasks/main.yml @@ -0,0 +1,119 @@ +- name: install packages + dnf: + name: '{{ hastebin_packages }}' + state: present + +- name: create local user + user: + name: '{{ hastebin_user }}' + system: yes + home: '{{ hastebin_home }}' + shell: /sbin/nologin + create_home: no + +- name: create home directory + file: + path: '{{ item }}' + owner: '{{ hastebin_user }}' + group: '{{ hastebin_user }}' + mode: 0700 + state: directory + loop: + - '{{ hastebin_home }}' + - '{{ hastebin_data_dir }}' + +- name: disable npm package lock + lineinfile: + regexp: ^package-lock= + line: package-lock=false + path: '{{ hastebin_home }}/.npmrc' + create: yes + owner: '{{ hastebin_user }}' + group: '{{ hastebin_user }}' + mode: 0600 + state: present + +- name: clone git repository + git: + repo: '{{ hastebin_git_repo }}' + dest: '{{ hastebin_install_dir }}' + version: '{{ hastebin_version }}' + force: yes + update: yes + become: yes + become_user: '{{ hastebin_user }}' + register: hastebin_git + notify: restart hastebin + +- name: install npm dependencies + npm: + path: '{{ hastebin_install_dir }}' + production: yes + no_optional: yes + become: yes + become_user: '{{ hastebin_user }}' + when: hastebin_git.changed + notify: restart hastebin + +- name: create systemd unit + template: + src: etc/systemd/system/hastebin.service.j2 + dest: /etc/systemd/system/hastebin.service + register: hastebin_unit + notify: restart hastebin + +- name: reload systemd daemons + systemd: + daemon_reload: yes + when: hastebin_unit.changed + +- name: generate config file + template: + src: '{{ hastebin_install_dir[1:] }}/config.js.j2' + dest: '{{ hastebin_install_dir }}/config.js' + owner: '{{ hastebin_user }}' + group: '{{ hastebin_user }}' + mode: 0600 + notify: restart hastebin + +- name: copy custom index.html + copy: + src: '{{ hastebin_install_dir[1:] }}/static/index.html' + dest: '{{ hastebin_install_dir }}/static/index.html' + owner: '{{ hastebin_user }}' + group: '{{ hastebin_user }}' + mode: 0644 + +- name: download jquery + get_url: + url: '{{ hastebin_jquery_url }}' + dest: '{{ hastebin_install_dir }}/static/jquery.min.js' + owner: '{{ hastebin_user }}' + group: '{{ hastebin_user }}' + mode: 0644 + +- name: start hastebin + systemd: + name: hastebin + enabled: yes + state: started + +- name: set http_port_t selinux context for hastebin port + seport: + ports: '{{ hastebin_port }}' + proto: tcp + setype: http_port_t + state: present + tags: selinux + +- name: create hastebin-cleanup timer + include_role: + name: systemd_timer + vars: + timer_name: hastebin-cleanup + timer_description: Delete expired hastebin files + timer_after: nss-user-lookup.target + timer_on_calendar: daily + timer_user: '{{ hastebin_user }}' + timer_exec: find {{ hastebin_data_dir }} -type f -mtime +{{ hastebin_expire_days }} -exec rm -v {} + + timer_enabled: '{{ true if hastebin_expire_days > 0 else false }}' diff --git a/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 b/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 new file mode 100644 index 0000000..22a2a2d --- /dev/null +++ b/roles/hastebin/templates/etc/systemd/system/hastebin.service.j2 @@ -0,0 +1,35 @@ +[Unit] +Description=hastebin paste server +After=network.target +AssertPathExists={{ hastebin_install_dir }} + +[Service] +Type=simple +Environment="LISTEN_ADDRESS=127.0.0.1" +Environment="NODE_ENV=production" +EnvironmentFile=-/etc/sysconfig/hastebin +ExecStart=/usr/bin/node server.js +WorkingDirectory={{ hastebin_install_dir }} +User={{ hastebin_user }} +Group={{ hastebin_user }} +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap + +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 b/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 new file mode 100644 index 0000000..dcd7668 --- /dev/null +++ b/roles/hastebin/templates/var/lib/hastebin/haste-server/config.js.j2 @@ -0,0 +1,32 @@ +{ + "host": "127.0.0.1", + "port": {{ hastebin_port }}, + "keyLength": 10, + "maxLength": 400000, + "staticMaxAge": 86400, + "recompressStaticAssets": true, + "logging": [ + { + "level": "verbose", + "type": "Console", + "colorize": false + } + ], + "keyGenerator": { + "type": "random" + }, + "rateLimits": { + "categories": { + "normal": { + "totalRequests": 500, + "every": 60000 + } + } + }, + "storage": { + "type": "file", + "path": "{{ hastebin_data_dir }}" + }, + "documents": { + } +} diff --git a/roles/hastebin/vars/main.yml b/roles/hastebin/vars/main.yml new file mode 100644 index 0000000..cfb474b --- /dev/null +++ b/roles/hastebin/vars/main.yml @@ -0,0 +1,30 @@ +hastebin_packages: + - git + - nodejs + +hastebin_home: /var/lib/hastebin +hastebin_install_dir: '{{ hastebin_home }}/haste-server' +hastebin_data_dir: '{{ hastebin_home }}/data' +hastebin_git_repo: https://github.com/toptal/haste-server +hastebin_keytab: /var/lib/gssproxy/clients/{{ hastebin_user }}.keytab + +hastebin_jquery_url: https://code.jquery.com/jquery-1.7.1.min.js + +hastebin_archive_shell: >- + TIMESTAMP=$(date +%Y%m%d%H%M%S); + tar czf "hastebin-${TIMESTAMP}.tar.gz" + --transform "s|^\.|hastebin-${TIMESTAMP}|" + -C "{{ hastebin_data_dir }}" . + +hastebin_apache_config: | + {{ apache_proxy_config }} + ProxyPass / http://127.0.0.1:{{ hastebin_port }}/ + ProxyPassReverse / http://127.0.0.1:{{ hastebin_port }}/ + + <Location /documents> + <Limit POST PUT DELETE> + {% for cidr in hastebin_upload_cidrs %} + Require ip {{ cidr }} + {% endfor %} + </Limit> + </Location> |