From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/invidious/tasks/database.yml | 69 ++++++++++++++++++++++ roles/invidious/tasks/main.yml | 116 +++++++++++++++++++++++++++++++++++++ 2 files changed, 185 insertions(+) create mode 100644 roles/invidious/tasks/database.yml create mode 100644 roles/invidious/tasks/main.yml (limited to 'roles/invidious/tasks') diff --git a/roles/invidious/tasks/database.yml b/roles/invidious/tasks/database.yml new file mode 100644 index 0000000..d8a44e1 --- /dev/null +++ b/roles/invidious/tasks/database.yml @@ -0,0 +1,69 @@ +- name: create postgresql database + postgresql_db: + name: '{{ invidious_db_name }}' + state: present + delegate_to: "{{ postgresql_host.split('.')[0] }}" + become: True + become_user: postgres + +- name: create postgresql user + postgresql_user: + name: '{{ invidious_db_user }}' + db: '{{ invidious_db_name }}' + password: '{{ invidious_db_password }}' + priv: ALL + state: present + environment: + PGOPTIONS: "-c password_encryption=scram-sha-256" + delegate_to: "{{ postgresql_host.split('.')[0] }}" + become: True + become_user: postgres + +- name: check if database schema is initialized + postgresql_query: + login_user: '{{ invidious_db_user }}' + login_password: '{{ invidious_db_password }}' + login_host: '{{ invidious_db_host }}' + db: '{{ invidious_db_name }}' + query: SELECT 1 FROM channels LIMIT 1 + register: invidious_check_db + failed_when: false + +- name: initialize database schema + postgresql_query: + login_user: '{{ invidious_db_user }}' + login_password: '{{ invidious_db_password }}' + login_host: '{{ invidious_db_host }}' + db: '{{ invidious_db_name }}' + path_to_script: '{{ invidious_install_dir }}/config/sql/{{ item }}.sql' + as_single_query: yes + loop: '{{ invidious_schema_files }}' + when: + - invidious_check_db.msg is defined + - invidious_check_db.msg is search('relation "channels" does not exist') + +- name: create pgpass file + copy: + content: | + {{ invidious_db_host }}:*:{{ invidious_db_name }}:{{ invidious_db_user }}:{{ invidious_db_password }} + dest: '{{ invidious_home }}/.pgpass' + mode: 0600 + owner: '{{ invidious_user }}' + group: '{{ invidious_user }}' + +- name: generate database cleanup script + template: + src: '{{ invidious_home[1:] }}/invidious-db-cleanup.sh.j2' + dest: '{{ invidious_home }}/invidious-db-cleanup.sh' + mode: 0555 + +- name: set up invidious-db-cleanup timer + include_role: + name: systemd_timer + vars: + timer_name: invidious-db-cleanup + timer_description: Prune invidious database + timer_after: network.target + timer_user: '{{ invidious_user }}' + timer_on_calendar: '{{ invidious_db_cleanup_on_calendar }}' + timer_exec: '{{ invidious_home }}/invidious-db-cleanup.sh' diff --git a/roles/invidious/tasks/main.yml b/roles/invidious/tasks/main.yml new file mode 100644 index 0000000..4a2cf0c --- /dev/null +++ b/roles/invidious/tasks/main.yml @@ -0,0 +1,116 @@ +- name: install dependencies + dnf: + name: '{{ invidious_packages }}' + state: present + +- name: create crystal directory + file: + path: '{{ invidious_crystal_install_dir }}' + state: directory + +- name: download crystal-lang + unarchive: + src: '{{ invidious_crystal_url }}' + dest: '{{ invidious_crystal_install_dir }}' + remote_src: yes + extra_opts: --strip-components=1 + +- name: create local user + user: + name: '{{ invidious_user }}' + system: yes + home: '{{ invidious_home }}' + shell: /sbin/nologin + create_home: no + +- name: create home home directory + file: + path: '{{ invidious_home }}' + owner: '{{ invidious_user }}' + group: '{{ invidious_user }}' + mode: 0755 + state: directory + +- name: clone repo + git: + repo: '{{ invidious_git_repo }}' + dest: '{{ invidious_install_dir }}' + version: '{{ invidious_version }}' + update: yes + force: yes + become: yes + become_user: '{{ invidious_user }}' + register: invidious_git + +- name: build invidious + command: + cmd: '{{ item }}' + chdir: '{{ invidious_install_dir }}' + environment: + PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:{{ invidious_crystal_install_dir }}/bin + loop: + - shards install --production + - crystal build src/invidious.cr -Ddisable_quic --release + when: invidious_git.changed + become: yes + become_user: '{{ invidious_user }}' + +- name: create systemd unit + template: + src: etc/systemd/system/invidious.service.j2 + dest: /etc/systemd/system/invidious.service + register: invidious_unit + notify: restart invidious + +- name: reload systemd daemons + systemd: + daemon_reload: yes + when: invidious_unit.changed + +- name: generate config file + template: + src: '{{ invidious_install_dir[1:] }}/config/config.yml.j2' + dest: '{{ invidious_install_dir }}/config/config.yml' + owner: '{{ invidious_user }}' + group: '{{ invidious_user }}' + mode: 0600 + notify: restart invidious + +- import_tasks: database.yml + +- name: allow apache to connect to invidious port + seport: + ports: '{{ invidious_port }}' + proto: tcp + setype: http_port_t + state: present + tags: selinux + +- name: start invidious + systemd: + name: invidious + enabled: yes + state: started + +- name: generate update script + template: + src: '{{ invidious_home[1:] }}/invidious-update.sh.j2' + dest: '{{ invidious_home }}/invidious-update.sh' + mode: 0555 + +- name: create invidious-update timer + include_role: + name: systemd_timer + vars: + timer_name: invidious-update + timer_description: Update invidious + timer_after: network.target + timer_on_calendar: '{{ invidious_update_on_calendar }}' + timer_exec: '{{ invidious_home }}/invidious-update.sh' + +- name: restart invidious daily at 3:30am + cron: + name: restart invidious + minute: 30 + hour: 3 + job: systemctl restart invidious -- cgit