Working systemd tasks

This commit is contained in:
sfigato 2021-02-25 19:56:31 +01:00
parent 02ced8d4ef
commit 2d7ab9bedc
Signed by: blallo
GPG Key ID: 0CBE577C9B72DC3F
16 changed files with 226 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/.vagrant/

31
Vagrantfile vendored Normal file
View File

@ -0,0 +1,31 @@
# This guide is optimized for Vagrant 1.7 and above.
# Although versions 1.6.x should behave very similarly, it is recommended
# to upgrade instead of disabling the requirement below.
Vagrant.require_version ">= 1.7.0"
Vagrant.configure(2) do |config|
config.vm.box = "debian/buster64"
config.vm.define "debiantest" do |m|
m.vm.hostname = "debiantest"
m.vm.network :private_network, ip: "192.168.123.2", libvirt__dhcp_enabled: false
m.vm.synced_folder ".", "/vagrant", disabled: true
end
# Disable the new default behavior introduced in Vagrant 1.7, to
# ensure that all Vagrant machines will use the same SSH key pair.
# See https://github.com/mitchellh/vagrant/issues/5005
config.ssh.insert_key = false
config.vm.provider :libvirt do |lv|
lv.cpus = 2
lv.memory = 1024
end
config.vm.provision "ansible" do |ansible|
ansible.become = true
ansible.verbose = "v"
ansible.playbook = "playbook.yml"
ansible.inventory_path = "inventory"
end
end

3
ansible.cfg Normal file
View File

@ -0,0 +1,3 @@
[defaults]
roles_path = ../:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
ansible_python_interpreter = /usr/bin/python3

7
defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
ansible_bibliogram_port: "10407"
ansible_bibliogram_with_docker: false
ansible_bibliogram_with_systemd: false
ansible_bibliogram_backup_frequency: "daily"
ansible_bibliogram_root_directory: "/var/www/bibliogram"
ansible_bibliogram_tor_enabled: false

12
handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Restart service
systemd:
name: bibliogram.service
state: restarted
daemon_reload: yes
- name: Restart timer
systemd:
name: bibliogram-upgrade.timer
state: restarted
daemon_reload: yes

1
inventory Normal file
View File

@ -0,0 +1 @@
debiantest

8
playbook.yml Normal file
View File

@ -0,0 +1,8 @@
---
- hosts: debiantest
gather_facts: yes
vars_files:
- ./test/vars.yml
roles:
- ansible-bibliogram

11
tasks/docker.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Grab official docker image and start it
docker_container:
image: cloudrac3r/bibliogram
registry: docker.io
restart: always
pull: yes
volumes:
- "db:/app/db"
ports:
- "10407:{{ ansible_bibliogram_port }}"

11
tasks/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Fail if ansible_bibliogram_base_url is not set
fail:
msg: "Variable ansible_bibliogram_base_url is mandatory"
when: ansible_bibliogram_base_url is not defined
- include_tasks: docker.yml
when: ansible_bibliogram_with_docker
- include_tasks: systemd.yml
when: ansible_bibliogram_with_systemd

87
tasks/systemd.yml Normal file
View File

@ -0,0 +1,87 @@
---
- name: Ensure bibliogram user exists
ansible.builtin.user:
name: bibliogram
state: present
system: yes
- name: Ensure dependencies are present
apt:
name:
- npm
- git
- sudo
state: present
- name: Ensure the repo is present
git:
repo: https://git.sr.ht/~cadence/bibliogram
dest: "{{ ansible_bibliogram_root_directory }}"
ignore_errors: yes
- name: Fix the root directory permissions
file:
path: "{{ ansible_bibliogram_root_directory }}"
state: directory
owner: bibliogram
group: www-data
recurse: yes
- name: Ensure the upgrade script is present
template:
src: upgrade.sh.j2
dest: /usr/local/bin/upgrade_bibliogram.sh
mode: 0755
owner: bibliogram
group: www-data
register: upgrade_script
- name: Run upgrade script
shell: sudo -u bibliogram /usr/local/bin/upgrade_bibliogram.sh
when: upgrade_script is defined and upgrade_script.changed
- name: Ensure the configuration is present
template:
src: config.js.j2
dest: "{{ ansible_bibliogram_root_directory }}/config.js"
mode: 0644
owner: bibliogram
group: www-data
- name: Ensure the service unit is present
template:
src: bibliogram.service.j2
dest: /etc/systemd/system/bibliogram.service
mode: 0600
owner: root
group: root
notify: Restart service
- name: Ensure the upgrade service unit is present
template:
src: bibliogram-upgrade.service.j2
dest: /etc/systemd/system/bibliogram-upgrade.service
mode: 0600
owner: root
group: root
- name: Ensure the timer is present
template:
src: bibliogram-upgrade.timer.j2
dest: /etc/systemd/system/bibliogram-upgrade.timer
mode: 0600
owner: root
group: root
notify: Restart timer
- name: Ensure the service unit is enabled and started
systemd:
name: bibliogram.service
state: started
enabled: yes
- name: Ensure the timer is enabled and started
systemd:
name: bibliogram-upgrade.timer
state: started
enabled: yes

View File

@ -0,0 +1,8 @@
[Unit]
Description=Upgrade bibliogram
[Service]
WorkingDirectory={{ ansible_bibliogram_root_directory }}
ExecStart=/usr/local/bin/upgrade_bibliogram.sh
User=bibliogram
Group=www-data

View File

@ -0,0 +1,9 @@
[Unit]
Description=Start upgrade of bibliogram
[Timer]
OnCalendar={{ ansible_bibliogram_backup_frequency }}
Persistent=True
[Install]
WantedBy=timers.target

View File

@ -0,0 +1,11 @@
[Unit]
Description=Run bibliogram
[Service]
WorkingDirectory={{ ansible_bibliogram_root_directory }}
ExecStart=/usr/bin/npm run start
User=bibliogram
Group=www-data
[Install]
WantedBy=multi-user.target

6
templates/config.js.j2 Normal file
View File

@ -0,0 +1,6 @@
module.exports = {
website_origin: "{{ ansible_bibliogram_base_url }}",
tor: {
enabled: {{ ansible_bibliogram_tor_enabled | to_json }}
}
}

16
templates/upgrade.sh.j2 Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
cd {{ ansible_bibliogram_root_directory }}
commit="Save $RANDOM"
git add .
git stash save "${commit}"
git pull
git stash apply "${commit}"
cd {{ ansible_bibliogram_root_directory }}
{% if ansible_bibliogram_tor_enabled %}
npm install
{% else %}
npm install --no-optional
{% endif %}

4
test/vars.yml Normal file
View File

@ -0,0 +1,4 @@
---
ansible_bibliogram_base_url: "http://debiantest:10407"
ansible_bibliogram_with_systemd: true
ansible_bibliogram_tor_enabled: true