diff --git a/playbooks/02-xmpp-server.yaml b/playbooks/02-xmpp-server.yaml index dd94b39..4b95d8a 100644 --- a/playbooks/02-xmpp-server.yaml +++ b/playbooks/02-xmpp-server.yaml @@ -50,138 +50,29 @@ - php-xml - postgresql - nginx + - certbot - ejabberd - git - python3-certbot-nginx - python3-psycopg2 state: present - - name: Installing Movim App - block: - - name: Cloning - ansible.builtin.git: - repo: https://github.com/movim/movim.git - dest: "{{ movim.path }}" - version: "{{ movim.version }}" - rescue: - - name: Fetching - ansible.builtin.command: - argv: - - git - - fetch - chdir: "{{ movim.path }}" - become: true - become_user: "{{ www.user }}" - - name: Checking Out - ansible.builtin.command: - argv: - - git - - checkout - - "{{ movim.version }}" - chdir: "{{ movim.path }}" - become: true - become_user: "{{ www.user }}" - always: - - name: Setting Mode and Ownershp - ansible.builtin.file: - path: "{{ movim.path }}" - state: directory - owner: "{{ www.user }}" - group: "{{ www.group }}" - recurse: true - mode: "755" + - name: "Ensure movim database is present and accessible" + ansible.builtin.include_tasks: + file: tasks/chat/database.yml - - name: Installing Movim dependanciens - community.general.composer: - working_dir: "{{ movim.path }}" - command: install - become: true - become_user: "{{ www.user }}" + - name: "Ensure movim version is installed - v{{ movim.version }}" + ansible.builtin.include_tasks: + file: tasks/chat/movim.yml - - name: Create Database User - community.postgresql.postgresql_user: - user: movim - password: movim - state: present - become_user: "{{ postgres.user }}" - become: true + - name: "Ensure ejabberd is configured" + ansible.builtin.include_tasks: + file: tasks/chat/ejabberd.yml - - name: Create Database - community.postgresql.postgresql_db: - name: movim - owner: movim - state: present - become_user: "{{ postgres.user }}" - become: true + - name: "Ensure nginx is configured" + ansible.builtin.include_tasks: + file: tasks/chat/nginx.yml - - name: Setting-Up Movim execution environment - ansible.builtin.blockinfile: - path: "{{ movim.path }}/.env" - block: | - # Database configuration - DB_DRIVER=pgsql - DB_HOST=127.0.0.1 - DB_PORT=5432 - DB_DATABASE=movim - DB_USERNAME=movim - DB_PASSWORD=movim - - # Daemon configuration - DAEMON_URL=https://chat.trans13nrv.eu.org/ # Public URL of your Movim instance - DAEMON_PORT=8080 # Port on which the daemon will listen - DAEMON_INTERFACE=127.0.0.1 # Interface on which the daemon will listen, must be an IP - DAEMON_DEBUG=false - DAEMON_VERBOSE=false - - owner: "{{ www.user }}" - group: "{{ www.group }}" - create: true - mode: "600" - - - name: Migrating Database - community.general.composer: - command: "movim:migrate" - working_dir: "{{ movim.path }}" - become: true - become_user: "{{ www.user }}" - - - name: Setting-Up Movim demon service - ansible.builtin.blockinfile: - path: /etc/systemd/system/movim.service - block: | - [Unit] - Description=Movim daemon - After=nginx.service network.target local-fs.target - - [Service] - User=www-data - Type=simple - Environment=PUBLIC_URL=https://chat.trans13nrv.eu.org/ - Environment=WS_PORT=8080 - EnvironmentFile=-/etc/default/movim - ExecStart=/usr/bin/php daemon.php start - WorkingDirectory={{ movim.path }} - StandardOutput=syslog - SyslogIdentifier=movim - PIDFile=/run/movim.pid - Restart=on-failure - RestartSec=10 - - [Install] - WantedBy=multi-user.target - owner: "{{ root.user }}" - group: "{{ root.group }}" - mode: "644" - create: true - - - name: Reload SystemD daemon - ansible.builtin.command: - argv: - - systemctl - - daemon-reload - - - name: Enable and start Movim Damon Service - ansible.builtin.systemd_service: - service: movim.service - enabled: true - state: started + - name: "Ensure X512 certs are presents" + ansible.builtin.include_tasks: + file: tasks/chat/tls.yml \ No newline at end of file diff --git a/playbooks/tasks/chat/database.yml b/playbooks/tasks/chat/database.yml new file mode 100644 index 0000000..8ee7471 --- /dev/null +++ b/playbooks/tasks/chat/database.yml @@ -0,0 +1,16 @@ +--- +- name: Ensure database user Exists + community.postgresql.postgresql_user: + user: movim + password: movim + state: present + become_user: "{{ postgres.user }}" + become: true + +- name: Ensure database exists + community.postgresql.postgresql_db: + name: movim + owner: movim + state: present + become_user: "{{ postgres.user }}" + become: true diff --git a/playbooks/tasks/ejabberd/ejabberd.yaml b/playbooks/tasks/chat/ejabberd.yml similarity index 100% rename from playbooks/tasks/ejabberd/ejabberd.yaml rename to playbooks/tasks/chat/ejabberd.yml diff --git a/playbooks/tasks/chat/movim.yml b/playbooks/tasks/chat/movim.yml new file mode 100644 index 0000000..5e1a2d3 --- /dev/null +++ b/playbooks/tasks/chat/movim.yml @@ -0,0 +1,152 @@ +--- +- name: Check Whether movim is present + ansible.builtin.stat: + path: "{{ movim.path }}" + register: "movim_dir" + +- name: Check whether movim is installed + ansible.builtin.set_fact: + movim_is_installed: "{{ movim_dir.stat is defined and movim_dir.stat.isdir }}" + +- name: Guess current version + block: + - name: Check movim installed tag + when: movim_is_installed + register: "movim_installed_tag" + ansible.builtin.shell: + argv: + - git + - describe + - --tags + chdir: "{{ movim.path }}" + become: true + become_user: "{{ www.user }}" + + - name: Register current movim version + ansible.builtin.set_fact: + movim_installed_version: "{{ movim_installed_tag.stdout | regex_replace('^v(\\d+)\\.(\\d+)\\.(\\d+)$', '\\1.\\2.\\3') }}" + +- name: Installing + when: not movim_is_installed + block: + - name: Cloning + ansible.builtin.git: + repo: https://github.com/movim/movim.git + dest: "{{ movim.path }}" + version: "v{{ movim.version }}" + + - name: Setting Mode and Ownershp + ansible.builtin.file: + path: "{{ movim.path }}" + state: directory + owner: "{{ www.user }}" + group: "{{ www.group }}" + recurse: true + mode: "755" + +- name: Updating + when: movim_is_installed and movim.version is version(movim_installed_version, ">", "semver") + block: + - name: Fetching + ansible.builtin.shell: + argv: + - git + - fetch + chdir: "{{ movim.path }}" + become: true + become_user: "{{ www.user }}" + - name: Checking Out + ansible.builtin.shell: + argv: + - git + - checkout + - "v{{ movim.version }}" + chdir: "{{ movim.path }}" + become: true + become_user: "{{ www.user }}" + +- name: Installing or updating Movim dependanciens + community.general.composer: + working_dir: "{{ movim.path }}" + command: install + become: true + become_user: "{{ www.user }}" + +- name: Setting-Up Movim execution environment + ansible.builtin.blockinfile: + path: "{{ movim.path }}/.env" + block: | + # Database configuration + DB_DRIVER=pgsql + DB_HOST=127.0.0.1 + DB_PORT=5432 + DB_DATABASE=movim + DB_USERNAME=movim + DB_PASSWORD=movim + + # Daemon configuration + DAEMON_URL=https://chat.trans13nrv.eu.org/ # Public URL of your Movim instance + DAEMON_PORT=8080 # Port on which the daemon will listen + DAEMON_INTERFACE=127.0.0.1 # Interface on which the daemon will listen, must be an IP + DAEMON_DEBUG=false + DAEMON_VERBOSE=false + + owner: "{{ www.user }}" + group: "{{ www.group }}" + create: true + mode: "600" + +- name: Migrating Database + community.general.composer: + command: "movim:migrate" + working_dir: "{{ movim.path }}" + become: true + become_user: "{{ www.user }}" + +- name: Setting-Up Movim demon service + ansible.builtin.blockinfile: + path: /etc/systemd/system/movim.service + block: | + [Unit] + Description=Movim daemon + After=nginx.service network.target local-fs.target + + [Service] + User=www-data + Type=simple + Environment=PUBLIC_URL=https://chat.trans13nrv.eu.org/ + Environment=WS_PORT=8080 + EnvironmentFile=-/etc/default/movim + ExecStart=/usr/bin/php daemon.php start + WorkingDirectory={{ movim.path }} + StandardOutput=syslog + SyslogIdentifier=movim + PIDFile=/run/movim.pid + Restart=on-failure + RestartSec=10 + + [Install] + WantedBy=multi-user.target + owner: "{{ root.user }}" + group: "{{ root.group }}" + mode: "644" + create: true + +- name: Reload SystemD daemon + ansible.builtin.shell: + argv: + - systemctl + - daemon-reload + +- name: Enable and start Movim Damon Service + when: not movim_is_installed + ansible.builtin.systemd_service: + service: movim.service + enabled: true + state: started + +- name: Enable and start Movim Damon Service + ansible.builtin.systemd_service: + service: movim.service + state: restarted + when: movim_is_installed diff --git a/playbooks/tasks/chat/nginx.yml b/playbooks/tasks/chat/nginx.yml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/tasks/ejabberd/templates/ejabberd.yaml.j2 b/playbooks/tasks/chat/templates/ejabberd.yaml.j2 similarity index 100% rename from playbooks/tasks/ejabberd/templates/ejabberd.yaml.j2 rename to playbooks/tasks/chat/templates/ejabberd.yaml.j2 diff --git a/playbooks/tasks/chat/tls.yml b/playbooks/tasks/chat/tls.yml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/vars.yml b/playbooks/vars.yml index 68d6ad4..e47a21a 100644 --- a/playbooks/vars.yml +++ b/playbooks/vars.yml @@ -15,7 +15,7 @@ www: user: www-data group: www-data movim: - version: v0.24.1 + version: "0.24.1" path: /var/www/chat.trans13nrv.eu.org postgres: user: postgres \ No newline at end of file