Commit acbe200f authored by Julien Gomes Dias's avatar Julien Gomes Dias
Browse files

Merge branch 'humhub_role' into 'master'

add role humhub

See merge request !15
parents 9e6cb6a2 4a2c1512
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
# HUMHUB
Humhub is a company internal social network
## Requirements
- PHP >=7.4
## Example Playbook
```yaml
- role: humhub
description: test humhub
app_domain: humhub.example.com
app_instance_id: humhub
app_user: www-humhub
clear_app_user_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ
app_user_password: $6$$du/QXTiclJ1/Ns0RXJCXy6WBx7aN2gTMqJOzrWvzgYp3dQO.1j.pHngnbb8lBHZwIMu6JVuVRxCtrBnP1ts6D1
php_version: 7.4
restic_password: "1582369652dezs5z2d4"
database_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ
```
### License
GPLV3
---
app_version: 1.10.3
app_user_chrooted: "yes"
php_composer: "no"
python3: "no"
app_wsgi: "no"
#
# smtp default parameters
#
smtp_security: STARTTLS
smtp_host: false
smtp_user: null
smtp_pass: null
smtp_port: 587
---
# handlers file for humhub
- name: php-fpm reload humhub
service: name=php{{ php_version }}-fpm state=reloaded
- name: nginx reload humhub
service: name=nginx state=reloaded
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
---
- import_role:
name: _web_app
- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}"
template:
src: "{{ rev_proxy }}_app.j2"
dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf"
when: app_wsgi == "no"
notify: "nginx reload humhub"
tags:
- garradin_rev_proxy
- name: "Configuration of Humhub (common)"
template:
src: "common_php.j2"
dest: "{{ app_instance_root }}/protected/config/common.php"
tags:
- humhub_common
- humhub_conf
- name: Check if app folder exists
stat:
path: "{{ app_instance_root }}"
register: app_folder
- name: Check if data folder exists
stat:
path: "{{ app_data }}"
register: data_folder
tags: "data_setup"
- name: "dir {{ app_data }}"
file:
path: "{{ app_data }}"
state: directory
mode: 0700
group: "www-data"
owner: "{{ app_user }}"
when: data_folder.stat.exists == false and app_folder.stat.exists
tags: "data_setup"
notify: "php-fpm reload humhub"
- name: Import Backup Role
import_role:
name: _app_backup
- name: "Cron Humhub - queue"
cron:
name: "Cron Humhub - queue"
job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii queue/run >/dev/null 2>&1"
- name: "Cron Humhub - cron"
cron:
name: "Cron Humhub - cron"
job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii cron/run >/dev/null 2>&1"
---
- import_tasks: install.yml
when: app_run in ['install', 'reinstall']
#- import_tasks: upgrade.yml
# when: app_run == 'upgrade'
- import_tasks: uninstall.yml
when: app_run == 'uninstall'
\ No newline at end of file
---
- import_role:
name: _web_app
\ No newline at end of file
<?php
/**
* This file provides to overwrite the default HumHub / Yii configuration by your local common (Console and Web) environments
* @see http://www.yiiframework.com/doc-2.0/guide-concept-configurations.html
* @see http://docs.humhub.org/admin-installation-configuration.html
* @see http://docs.humhub.org/dev-environment.html
*/
return [
'components' => [
'cache' => [
'class' => 'yii\redis\Cache',
'redis' => [
'hostname' => 'localhost',
'port' => 6379,
'database' => 0,
]
],
'db' => [
'dsn' => 'mysql:host=localhost;dbname={{ database_name }}',
'username' => '{{ database_user }}',
'password' => '{{ database_password }}',
],
],
'modules' => [
'file' => [
'imageMaxResolution' => '1920x1080',
'imageJpegQuality' => 75,
'imagePngCompressionLevel' => 9,
'imageWebpQuality' => 75,
],
'user' => [
'minimumUsernameLength' => 1
]
],
'aliases' => [
'@filestore' => '{{ app_data }}'
]
];
\ No newline at end of file
upstream php-handler{{ app_instance_id }} {
server unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
}
map $http_user_agent $log_ua {
~Monit 0;
default 1;
}
server {
listen 80;
listen [::]:80;
server_name {{ app_domain | mandatory }};
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ app_domain }};
ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Strict-Transport-Security "max-age=15768000";
access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua;
error_log {{ www_log }}/{{ app_instance_id }}/error.log;
include {{ app_instance_www_root }}/nginx/*.conf;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
# Path to source
alias {{ app_instance_www_root }}/;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.php index.html ;
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
if (!-e $request_filename) {
rewrite ^/?(.*)$ /_route.php?/$1 last;
break;
}
fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
location ~ ^/(protected|framework|themes/\w+/views|\.|uploads/file) {
deny all;
}
location ~ ^/(assets|static|themes|uploads) {
expires 10d;
add_header Cache-Control "public, no-transform";
}
# Increase size limit
client_max_body_size 2M;
}
}
---
- hosts: localhost
remote_user: root
roles:
- humhub
---
app_program: "Humub"
app_src_root_name: "humhub-{{ app_version }}"
packages_list: [ "redis", "php{{ php_version }}-bz2", "php{{ php_version }}-redis", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-imagick", "php{{ php_version }}-curl", "php{{ php_version }}-bz2", "php{{ php_version }}-gd", "php{{ php_version }}-intl", "php{{ php_version }}-mysql", "php{{ php_version }}-zip", "php{{ php_version }}-apcu-bc", "php{{ php_version }}-apcu", "php{{ php_version }}-xml", "php{{ php_version }}-ldap" ]
app_src: "https://www.humhub.com/download/package/humhub-{{ app_version }}.tar.gz"
php_version: "7.4"
app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data"
app_group: "{{ app_user }}"
database_type: "mysql"
#database_name: "{{ app_instance_id }}_db"
#database_user: "{{ app_instance_id }}_usr"
#database_password: "{{ app_instance_id }}_pwd"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment