diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c1a0118 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.vagrant/ diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..131b0ac --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,31 @@ +# This guide is optimized for Vagrant 1.7 and above. +# Although versions 1.6.x should behave very similarly, it is recommended +# to upgrade instead of disabling the requirement below. +Vagrant.require_version ">= 1.7.0" + +Vagrant.configure(2) do |config| + + config.vm.box = "debian/buster64" + + config.vm.define "debiantest" do |m| + m.vm.hostname = "debiantest" + m.vm.network :private_network, ip: "192.168.123.2", libvirt__dhcp_enabled: false + m.vm.synced_folder ".", "/vagrant", disabled: true + end + # Disable the new default behavior introduced in Vagrant 1.7, to + # ensure that all Vagrant machines will use the same SSH key pair. + # See https://github.com/mitchellh/vagrant/issues/5005 + config.ssh.insert_key = false + + config.vm.provider :libvirt do |lv| + lv.cpus = 2 + lv.memory = 1024 + end + + config.vm.provision "ansible" do |ansible| + ansible.become = true + ansible.verbose = "v" + ansible.playbook = "playbook.yml" + ansible.inventory_path = "inventory" + end +end diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..b877f17 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +roles_path = ../:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles +ansible_python_interpreter = /usr/bin/python3 diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..af7b273 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,7 @@ +--- +ansible_bibliogram_port: "10407" +ansible_bibliogram_with_docker: false +ansible_bibliogram_with_systemd: false +ansible_bibliogram_backup_frequency: "daily" +ansible_bibliogram_root_directory: "/var/www/bibliogram" +ansible_bibliogram_tor_enabled: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..2217deb --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Restart service + systemd: + name: bibliogram.service + state: restarted + daemon_reload: yes + +- name: Restart timer + systemd: + name: bibliogram-upgrade.timer + state: restarted + daemon_reload: yes diff --git a/inventory b/inventory new file mode 100644 index 0000000..edb98dc --- /dev/null +++ b/inventory @@ -0,0 +1 @@ +debiantest diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..0448317 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,8 @@ +--- +- hosts: debiantest + gather_facts: yes + vars_files: + - ./test/vars.yml + + roles: + - ansible-bibliogram diff --git a/tasks/docker.yml b/tasks/docker.yml new file mode 100644 index 0000000..31c0cda --- /dev/null +++ b/tasks/docker.yml @@ -0,0 +1,11 @@ +--- +- name: Grab official docker image and start it + docker_container: + image: cloudrac3r/bibliogram + registry: docker.io + restart: always + pull: yes + volumes: + - "db:/app/db" + ports: + - "10407:{{ ansible_bibliogram_port }}" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c071522 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Fail if ansible_bibliogram_base_url is not set + fail: + msg: "Variable ansible_bibliogram_base_url is mandatory" + when: ansible_bibliogram_base_url is not defined + +- include_tasks: docker.yml + when: ansible_bibliogram_with_docker + +- include_tasks: systemd.yml + when: ansible_bibliogram_with_systemd diff --git a/tasks/systemd.yml b/tasks/systemd.yml new file mode 100644 index 0000000..4009400 --- /dev/null +++ b/tasks/systemd.yml @@ -0,0 +1,87 @@ +--- +- name: Ensure bibliogram user exists + ansible.builtin.user: + name: bibliogram + state: present + system: yes + +- name: Ensure dependencies are present + apt: + name: + - npm + - git + - sudo + state: present + +- name: Ensure the repo is present + git: + repo: https://git.sr.ht/~cadence/bibliogram + dest: "{{ ansible_bibliogram_root_directory }}" + ignore_errors: yes + +- name: Fix the root directory permissions + file: + path: "{{ ansible_bibliogram_root_directory }}" + state: directory + owner: bibliogram + group: www-data + recurse: yes + +- name: Ensure the upgrade script is present + template: + src: upgrade.sh.j2 + dest: /usr/local/bin/upgrade_bibliogram.sh + mode: 0755 + owner: bibliogram + group: www-data + register: upgrade_script + +- name: Run upgrade script + shell: sudo -u bibliogram /usr/local/bin/upgrade_bibliogram.sh + when: upgrade_script is defined and upgrade_script.changed + +- name: Ensure the configuration is present + template: + src: config.js.j2 + dest: "{{ ansible_bibliogram_root_directory }}/config.js" + mode: 0644 + owner: bibliogram + group: www-data + +- name: Ensure the service unit is present + template: + src: bibliogram.service.j2 + dest: /etc/systemd/system/bibliogram.service + mode: 0600 + owner: root + group: root + notify: Restart service + +- name: Ensure the upgrade service unit is present + template: + src: bibliogram-upgrade.service.j2 + dest: /etc/systemd/system/bibliogram-upgrade.service + mode: 0600 + owner: root + group: root + +- name: Ensure the timer is present + template: + src: bibliogram-upgrade.timer.j2 + dest: /etc/systemd/system/bibliogram-upgrade.timer + mode: 0600 + owner: root + group: root + notify: Restart timer + +- name: Ensure the service unit is enabled and started + systemd: + name: bibliogram.service + state: started + enabled: yes + +- name: Ensure the timer is enabled and started + systemd: + name: bibliogram-upgrade.timer + state: started + enabled: yes diff --git a/templates/bibliogram-upgrade.service.j2 b/templates/bibliogram-upgrade.service.j2 new file mode 100644 index 0000000..2ea33fb --- /dev/null +++ b/templates/bibliogram-upgrade.service.j2 @@ -0,0 +1,8 @@ +[Unit] +Description=Upgrade bibliogram + +[Service] +WorkingDirectory={{ ansible_bibliogram_root_directory }} +ExecStart=/usr/local/bin/upgrade_bibliogram.sh +User=bibliogram +Group=www-data diff --git a/templates/bibliogram-upgrade.timer.j2 b/templates/bibliogram-upgrade.timer.j2 new file mode 100644 index 0000000..8f58957 --- /dev/null +++ b/templates/bibliogram-upgrade.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Start upgrade of bibliogram + +[Timer] +OnCalendar={{ ansible_bibliogram_backup_frequency }} +Persistent=True + +[Install] +WantedBy=timers.target diff --git a/templates/bibliogram.service.j2 b/templates/bibliogram.service.j2 new file mode 100644 index 0000000..b7755fd --- /dev/null +++ b/templates/bibliogram.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Run bibliogram + +[Service] +WorkingDirectory={{ ansible_bibliogram_root_directory }} +ExecStart=/usr/bin/npm run start +User=bibliogram +Group=www-data + +[Install] +WantedBy=multi-user.target diff --git a/templates/config.js.j2 b/templates/config.js.j2 new file mode 100644 index 0000000..60ad6cd --- /dev/null +++ b/templates/config.js.j2 @@ -0,0 +1,6 @@ +module.exports = { + website_origin: "{{ ansible_bibliogram_base_url }}", + tor: { + enabled: {{ ansible_bibliogram_tor_enabled | to_json }} + } +} diff --git a/templates/upgrade.sh.j2 b/templates/upgrade.sh.j2 new file mode 100755 index 0000000..b7b8d97 --- /dev/null +++ b/templates/upgrade.sh.j2 @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +cd {{ ansible_bibliogram_root_directory }} +commit="Save $RANDOM" +git add . +git stash save "${commit}" +git pull +git stash apply "${commit}" + +cd {{ ansible_bibliogram_root_directory }} + +{% if ansible_bibliogram_tor_enabled %} + npm install +{% else %} + npm install --no-optional +{% endif %} diff --git a/test/vars.yml b/test/vars.yml new file mode 100644 index 0000000..ac3c8a2 --- /dev/null +++ b/test/vars.yml @@ -0,0 +1,4 @@ +--- +ansible_bibliogram_base_url: "http://debiantest:10407" +ansible_bibliogram_with_systemd: true +ansible_bibliogram_tor_enabled: true