From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/psitransfer/defaults/main.yml                | 22 +++++++
 roles/psitransfer/handlers/main.yml                |  4 ++
 roles/psitransfer/tasks/main.yml                   | 76 ++++++++++++++++++++++
 .../etc/systemd/system/psitransfer.service.j2      | 36 ++++++++++
 .../psitransfer/config.production.js.j2            | 12 ++++
 roles/psitransfer/vars/main.yml                    | 33 ++++++++++
 6 files changed, 183 insertions(+)
 create mode 100644 roles/psitransfer/defaults/main.yml
 create mode 100644 roles/psitransfer/handlers/main.yml
 create mode 100644 roles/psitransfer/tasks/main.yml
 create mode 100644 roles/psitransfer/templates/etc/systemd/system/psitransfer.service.j2
 create mode 100644 roles/psitransfer/templates/var/lib/psitransfer/psitransfer/config.production.js.j2
 create mode 100644 roles/psitransfer/vars/main.yml

(limited to 'roles/psitransfer')

diff --git a/roles/psitransfer/defaults/main.yml b/roles/psitransfer/defaults/main.yml
new file mode 100644
index 0000000..e43067f
--- /dev/null
+++ b/roles/psitransfer/defaults/main.yml
@@ -0,0 +1,22 @@
+psitransfer_version: 2.1.2
+psitransfer_port: 8080
+
+psitransfer_server_name: '{{ ansible_fqdn }}'
+psitransfer_server_aliases: '{{ cnames }}'
+
+psitransfer_upload_cidrs: []
+psitransfer_admin_cidrs: []
+
+psitransfer_retentions:
+  one-time: one time download
+  3600: 1 hour
+  86400: 1 day
+  604800: 1 week
+  2419200: 1 month
+  4838400: 2 months
+
+psitransfer_default_retention: 604800
+
+psitransfer_max_file_size: 1 GB
+psitransfer_max_bucket_size: 5 GB
+psitransfer_max_preview_size: 32 MB
diff --git a/roles/psitransfer/handlers/main.yml b/roles/psitransfer/handlers/main.yml
new file mode 100644
index 0000000..9c64c79
--- /dev/null
+++ b/roles/psitransfer/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart psitransfer
+  systemd:
+    name: psitransfer
+    state: restarted
diff --git a/roles/psitransfer/tasks/main.yml b/roles/psitransfer/tasks/main.yml
new file mode 100644
index 0000000..8526465
--- /dev/null
+++ b/roles/psitransfer/tasks/main.yml
@@ -0,0 +1,76 @@
+- name: install nodejs
+  dnf:
+    name: nodejs
+    state: present
+
+- name: create local user
+  user:
+    name: '{{ psitransfer_user }}'
+    system: yes
+    home: '{{ psitransfer_home }}'
+    shell: /sbin/nologin
+    create_home: no
+
+- name: create directories
+  file:
+    path: '{{ item }}'
+    owner: '{{ psitransfer_user }}'
+    group: '{{ psitransfer_user }}'
+    mode: 0700
+    state: directory
+  loop:
+    - '{{ psitransfer_home }}'
+    - '{{ psitransfer_install_dir }}'
+    - '{{ psitransfer_data_dir }}'
+
+- name: extract tarball
+  unarchive:
+    src: '{{ psitransfer_url }}'
+    remote_src: yes
+    dest: '{{ psitransfer_install_dir }}'
+    owner: '{{ psitransfer_user }}'
+    group: '{{ psitransfer_user }}'
+    extra_opts:
+      - '--strip-components=1'
+
+- name: install npm dependencies
+  npm:
+    path: '{{ psitransfer_install_dir }}'
+    production: yes
+  become: yes
+  become_user: '{{ psitransfer_user }}'
+
+- name: create systemd unit
+  template:
+    src: etc/systemd/system/psitransfer.service.j2
+    dest: /etc/systemd/system/psitransfer.service
+  register: psitransfer_unit
+  notify: restart psitransfer
+
+- name: reload systemd daemons
+  systemd:
+    daemon_reload: yes
+  when: psitransfer_unit.changed
+
+- name: generate config file
+  template:
+    src: '{{ psitransfer_install_dir[1:] }}/config.production.js.j2'
+    dest: '{{ psitransfer_install_dir }}/config.production.js'
+    owner: '{{ psitransfer_user }}'
+    group: '{{ psitransfer_user }}'
+    mode: 0600
+  notify: restart psitransfer
+
+- name: start psitransfer
+  systemd:
+    name: psitransfer
+    enabled: yes
+    state: started
+
+- name: set http_port_t selinux context on psitransfer port
+  seport:
+    ports: '{{ psitransfer_port }}'
+    proto: tcp
+    setype: http_port_t
+    state: present
+  tags: selinux
diff --git a/roles/psitransfer/templates/etc/systemd/system/psitransfer.service.j2 b/roles/psitransfer/templates/etc/systemd/system/psitransfer.service.j2
new file mode 100644
index 0000000..6bb8c97
--- /dev/null
+++ b/roles/psitransfer/templates/etc/systemd/system/psitransfer.service.j2
@@ -0,0 +1,36 @@
+[Unit]
+Description=Psitransfer File Sharing
+After=network.target
+AssertPathExists={{ psitransfer_install_dir }}
+
+[Service]
+Type=simple
+Environment="PSITRANSFER_IFACE=127.0.0.1"
+Environment="PSITRANSFER_PORT={{ psitransfer_port }}"
+Environment=NODE_ENV=production
+EnvironmentFile=-/etc/sysconfig/psitransfer
+ExecStart=/usr/bin/node app.js
+WorkingDirectory={{ psitransfer_install_dir }}
+User={{ psitransfer_user }}
+Group={{ psitransfer_user }}
+Restart=on-failure
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+# for details
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap
+
+ProtectSystem=full
+ProtectHome=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/psitransfer/templates/var/lib/psitransfer/psitransfer/config.production.js.j2 b/roles/psitransfer/templates/var/lib/psitransfer/psitransfer/config.production.js.j2
new file mode 100644
index 0000000..c489f87
--- /dev/null
+++ b/roles/psitransfer/templates/var/lib/psitransfer/psitransfer/config.production.js.j2
@@ -0,0 +1,12 @@
+module.exports = {
+  "uploadAppPath": "/upload",
+  "uploadDir": "{{ psitransfer_data_dir }}",
+  "retentions": {{ psitransfer_retentions | to_json }},
+  "defaultRetention": "{{ psitransfer_default_retention }}",
+  "maxFileSize": {{ psitransfer_max_file_size | human_to_bytes }},
+  "maxBucketSize": {{ psitransfer_max_bucket_size | human_to_bytes }},
+  "maxPreviewSize": {{ psitransfer_max_preview_size | human_to_bytes }},
+  {% if psitransfer_admin_password is defined %}
+  "adminPass": "{{ psitransfer_admin_password }}"
+  {% endif %}
+};
diff --git a/roles/psitransfer/vars/main.yml b/roles/psitransfer/vars/main.yml
new file mode 100644
index 0000000..d6007fa
--- /dev/null
+++ b/roles/psitransfer/vars/main.yml
@@ -0,0 +1,33 @@
+psitransfer_home: /var/lib/psitransfer
+psitransfer_install_dir: '{{ psitransfer_home }}/psitransfer'
+psitransfer_data_dir: '{{ psitransfer_home }}/data'
+psitransfer_user: psitransfer
+psitransfer_url: https://github.com/psi-4ward/psitransfer/releases/download/v{{ psitransfer_version }}/psitransfer-v{{ psitransfer_version }}.tar.gz
+
+psitransfer_archive_shell: >-
+  TIMESTAMP=$(date +%Y%m%d%H%M%S);
+  tar czf "psitransfer-${TIMESTAMP}.tar.gz"
+  --transform "s|^\.|psitransfer-${TIMESTAMP}|"
+  -C {{ psitransfer_data_dir | quote }} .
+
+psitransfer_apache_config: |
+  {{ apache_proxy_config }}
+  ProxyPass        / http://127.0.0.1:{{ psitransfer_port }}/
+  ProxyPassReverse / http://127.0.0.1:{{ psitransfer_port }}/
+
+  RewriteEngine on
+  RewriteCond %{HTTP:Upgrade} websocket [NC]
+  RewriteCond %{HTTP:Connection} upgrade [NC]
+  RewriteRule ^/?(.*) "ws://127.0.0.1:{{ psitransfer_port }}/$1" [P,L]
+
+  <Location /upload>
+    {% for cidr in psitransfer_upload_cidrs %}
+    Require ip {{ cidr }}
+    {% endfor %}
+  </Location>
+
+  <Location /admin>
+    {% for cidr in psitransfer_admin_cidrs %}
+    Require ip {{ cidr }}
+    {% endfor %}
+  </Location>
-- 
cgit