From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/gathio/defaults/main.yml | 5 + roles/gathio/handlers/main.yml | 4 + roles/gathio/meta/main.yml | 6 ++ roles/gathio/tasks/main.yml | 102 +++++++++++++++++++++ .../templates/etc/systemd/system/gathio.service.j2 | 34 +++++++ .../var/lib/gathio/gathio/config/api.js.j2 | 6 ++ .../var/lib/gathio/gathio/config/database.js.j2 | 3 + .../var/lib/gathio/gathio/config/domain.js.j2 | 10 ++ roles/gathio/vars/main.yml | 20 ++++ 9 files changed, 190 insertions(+) create mode 100644 roles/gathio/defaults/main.yml create mode 100644 roles/gathio/handlers/main.yml create mode 100644 roles/gathio/meta/main.yml create mode 100644 roles/gathio/tasks/main.yml create mode 100644 roles/gathio/templates/etc/systemd/system/gathio.service.j2 create mode 100644 roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2 create mode 100644 roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2 create mode 100644 roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2 create mode 100644 roles/gathio/vars/main.yml (limited to 'roles/gathio') diff --git a/roles/gathio/defaults/main.yml b/roles/gathio/defaults/main.yml new file mode 100644 index 0000000..817e2e3 --- /dev/null +++ b/roles/gathio/defaults/main.yml @@ -0,0 +1,5 @@ +gathio_version: master +gathio_user: gathio +gathio_port: 8080 +gathio_from_address: 'events-noreply@{{ email_domain }}' +gathio_domain: '{{ ansible_fqdn }}:{{ gathio_port }}' diff --git a/roles/gathio/handlers/main.yml b/roles/gathio/handlers/main.yml new file mode 100644 index 0000000..fdafc98 --- /dev/null +++ b/roles/gathio/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart gathio + systemd: + name: gathio + state: restarted diff --git a/roles/gathio/meta/main.yml b/roles/gathio/meta/main.yml new file mode 100644 index 0000000..8c1c42e --- /dev/null +++ b/roles/gathio/meta/main.yml @@ -0,0 +1,6 @@ +dependencies: + - role: yum + yum_repositories: + - epel + - mongodb-6.0 + tags: yum diff --git a/roles/gathio/tasks/main.yml b/roles/gathio/tasks/main.yml new file mode 100644 index 0000000..17abbcf --- /dev/null +++ b/roles/gathio/tasks/main.yml @@ -0,0 +1,102 @@ +- name: install packages + dnf: + name: '{{ gathio_packages }}' + state: present + +- name: create SELinux policy for mongodb + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: mongodb_custom + selinux_policy_te: '{{ gathio_mongodb_selinux_policy_te }}' + tags: selinux + +- name: enable mongodb + systemd: + name: mongod + state: started + enabled: yes + +- name: create gathio user + user: + name: '{{ gathio_user }}' + system: yes + home: '{{ gathio_home }}' + shell: /sbin/nologin + create_home: no + +- name: create gathio home + file: + path: '{{ gathio_home }}' + owner: '{{ gathio_user }}' + group: '{{ gathio_user }}' + mode: 0755 + state: directory + +- name: disable npm package lock + lineinfile: + regexp: ^package-lock= + line: package-lock=false + path: '{{ gathio_home }}/.npmrc' + create: yes + owner: '{{ gathio_user }}' + group: '{{ gathio_user }}' + mode: 0600 + state: present + +- name: clone gathio repository + git: + repo: '{{ gathio_git_repo }}' + dest: '{{ gathio_install_dir }}' + version: '{{ gathio_version }}' + force: yes + update: yes + become: yes + become_user: '{{ gathio_user }}' + register: gathio_git + notify: restart gathio + +- name: install npm dependencies + npm: + path: '{{ gathio_install_dir }}' + production: yes + no_optional: no + become: yes + become_user: '{{ gathio_user }}' + when: gathio_git.changed + notify: restart gathio + +- name: generate gathio configuration + template: + src: '{{ gathio_install_dir[1:] }}/config/{{ item }}.j2' + dest: '{{ gathio_install_dir }}/config/{{ item }}' + owner: '{{ gathio_user }}' + group: '{{ gathio_user }}' + mode: 0440 + loop: + - api.js + - database.js + - domain.js + notify: restart gathio + +- name: create gathio systemd unit + template: + src: etc/systemd/system/gathio.service.j2 + dest: /etc/systemd/system/gathio.service + register: gathio_unit + notify: restart gathio + +- name: reload systemd daemons + systemd: + daemon_reload: yes + when: gathio_unit.changed + +- name: open firewall ports + firewalld: + port: '{{ gathio_port }}/tcp' + permanent: yes + immediate: yes + state: enabled + tags: firewalld diff --git a/roles/gathio/templates/etc/systemd/system/gathio.service.j2 b/roles/gathio/templates/etc/systemd/system/gathio.service.j2 new file mode 100644 index 0000000..dcf5812 --- /dev/null +++ b/roles/gathio/templates/etc/systemd/system/gathio.service.j2 @@ -0,0 +1,34 @@ +[Unit] +Description=gathio event manager +After=network.target +AssertPathExists={{ gathio_install_dir }} + +[Service] +Type=simple +Environment="NODE_ENV=production" +EnvironmentFile=-/etc/sysconfig/gathio +ExecStart=/usr/bin/node start.js +WorkingDirectory={{ gathio_install_dir }} +User={{ gathio_user }} +Group={{ gathio_user }} +Restart=on-failure + +# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# for details +DevicePolicy=closed +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap + +ProtectSystem=full +ProtectHome=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2 new file mode 100644 index 0000000..9ccbd8c --- /dev/null +++ b/roles/gathio/templates/var/lib/gathio/gathio/config/api.js.j2 @@ -0,0 +1,6 @@ +module.exports = { + 'smtpServer': '127.0.0.1', + 'smtpPort': '25', + 'smtpUsername': '', + 'smtpPassword': '' +}; diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2 new file mode 100644 index 0000000..120fc64 --- /dev/null +++ b/roles/gathio/templates/var/lib/gathio/gathio/config/database.js.j2 @@ -0,0 +1,3 @@ +module.exports = { + 'url' : 'mongodb://localhost:27017/gathio' +}; diff --git a/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2 b/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2 new file mode 100644 index 0000000..0815294 --- /dev/null +++ b/roles/gathio/templates/var/lib/gathio/gathio/config/domain.js.j2 @@ -0,0 +1,10 @@ +module.exports = { + 'domain' : '{{ gathio_domain }}' , + 'port': '{{ gathio_port }}', + 'email': '{{ gathio_from_address }}', + 'mailService': 'nodemailer', + 'sitename': 'gathio', + 'isFederated': false, + 'logo_url': '', + 'showKofi': false, +}; diff --git a/roles/gathio/vars/main.yml b/roles/gathio/vars/main.yml new file mode 100644 index 0000000..68f584b --- /dev/null +++ b/roles/gathio/vars/main.yml @@ -0,0 +1,20 @@ +gathio_packages: + - mongodb-org + - nodejs + - git + +gathio_git_repo: https://github.com/lowercasename/gathio +gathio_home: /var/lib/gathio +gathio_install_dir: '{{ gathio_home }}/gathio' + +gathio_mongodb_selinux_policy_te: | + require { + type sysctl_fs_t; + type var_lib_nfs_t; + type mongod_t; + class dir search; + } + + #============= mongod_t ============== + allow mongod_t sysctl_fs_t:dir search; + allow mongod_t var_lib_nfs_t:dir search; -- cgit