Merge branch 'humhub_role' into 'master'

add role humhub See merge request !15

Merge branch 'humhub_role' into 'master'
add role humhub See merge request !15
acbe200f · Julien Gomes Dias · 9e6cb6a2 · 4a2c1512 · acbe200f · acbe200f
Commit acbe200f authored Jul 04, 2022 by Julien Gomes Dias
--- a/roles/humhub/.travis.yml
+++ b/roles/humhub/.travis.yml
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
--- a/roles/humhub/README.md
+++ b/roles/humhub/README.md
+# HUMHUB
+
+Humhub is a company internal social network
+
+## Requirements
+- PHP >=7.4
+
+## Example Playbook
+
+```yaml
+- role: humhub
+  description: test humhub
+  app_domain: humhub.example.com
+  app_instance_id: humhub
+  app_user: www-humhub
+  clear_app_user_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ
+  app_user_password: $6$$du/QXTiclJ1/Ns0RXJCXy6WBx7aN2gTMqJOzrWvzgYp3dQO.1j.pHngnbb8lBHZwIMu6JVuVRxCtrBnP1ts6D1
+  php_version: 7.4
+  restic_password: "1582369652dezs5z2d4"
+  database_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ
+```
+### License
+
+GPLV3
--- a/roles/humhub/defaults/main.yml
+++ b/roles/humhub/defaults/main.yml
+---
+app_version: 1.10.3
+
+app_user_chrooted: "yes"
+
+php_composer: "no"
+python3: "no"
+app_wsgi: "no"
+
+#
+# smtp default parameters
+#
+
+smtp_security: STARTTLS
+smtp_host: false
+smtp_user: null
+smtp_pass: null
+smtp_port: 587
--- a/roles/humhub/handlers/main.yml
+++ b/roles/humhub/handlers/main.yml
+---
+# handlers file for humhub
+- name: php-fpm reload humhub
+  service: name=php{{ php_version }}-fpm state=reloaded
+- name: nginx reload humhub
+  service: name=nginx state=reloaded
--- a/roles/humhub/meta/main.yml
+++ b/roles/humhub/meta/main.yml
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/roles/humhub/tasks/install.yml
+++ b/roles/humhub/tasks/install.yml
+---
+
+- import_role:
+    name: _web_app
+
+- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}"
+  template:
+    src: "{{ rev_proxy }}_app.j2"
+    dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf"
+  when: app_wsgi == "no"
+  notify: "nginx reload humhub"
+  tags:
+    - garradin_rev_proxy
+
+- name: "Configuration of Humhub (common)"
+  template:
+    src: "common_php.j2"
+    dest: "{{ app_instance_root }}/protected/config/common.php"
+  tags:
+    - humhub_common
+    - humhub_conf
+
+- name: Check if app folder exists
+  stat:
+    path: "{{ app_instance_root }}"
+  register: app_folder
+
+- name: Check if data folder exists
+  stat:
+    path: "{{ app_data }}"
+  register: data_folder
+  tags: "data_setup"
+
+- name: "dir {{ app_data }}"
+  file:
+    path: "{{ app_data }}"
+    state: directory
+    mode: 0700
+    group: "www-data"
+    owner: "{{ app_user }}"
+  when: data_folder.stat.exists == false and app_folder.stat.exists
+  tags: "data_setup"
+  notify: "php-fpm reload humhub"
+
+- name: Import Backup Role
+  import_role:
+    name: _app_backup
+
+- name: "Cron Humhub - queue"
+  cron:
+    name: "Cron Humhub - queue"
+    job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii queue/run >/dev/null 2>&1"
+
+- name: "Cron Humhub - cron"
+  cron:
+    name: "Cron Humhub - cron"
+    job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii cron/run >/dev/null 2>&1"
--- a/roles/humhub/tasks/main.yml
+++ b/roles/humhub/tasks/main.yml
+---
+
+- import_tasks: install.yml
+  when: app_run in ['install', 'reinstall']
+
+#- import_tasks: upgrade.yml
+#  when: app_run == 'upgrade'
+
+- import_tasks: uninstall.yml
+  when: app_run == 'uninstall'
\ No newline at end of file
--- a/roles/humhub/tasks/uninstall.yml
+++ b/roles/humhub/tasks/uninstall.yml
+---
+- import_role:
+    name: _web_app
\ No newline at end of file
--- a/roles/humhub/templates/common_php.j2
+++ b/roles/humhub/templates/common_php.j2
+<?php
+/**
+ * This file provides to overwrite the default HumHub / Yii configuration by your local common (Console and Web) environments
+ * @see http://www.yiiframework.com/doc-2.0/guide-concept-configurations.html
+ * @see http://docs.humhub.org/admin-installation-configuration.html
+ * @see http://docs.humhub.org/dev-environment.html
+ */
+return [
+
+    'components' => [
+        'cache' => [
+            'class' => 'yii\redis\Cache',
+            'redis' => [
+                'hostname' => 'localhost',
+                'port' => 6379,
+                'database' => 0,
+            ]
+        ],
+        'db' => [
+            'dsn' => 'mysql:host=localhost;dbname={{ database_name }}',
+            'username' => '{{ database_user }}',
+            'password' => '{{ database_password }}',
+        ],
+    ],
+
+    'modules' => [
+        'file' => [
+            'imageMaxResolution' => '1920x1080',
+            'imageJpegQuality' => 75,
+            'imagePngCompressionLevel' => 9,
+            'imageWebpQuality' => 75,
+        ],
+        'user' => [
+            'minimumUsernameLength' => 1
+        ]
+    ],
+
+    'aliases' => [
+        '@filestore' => '{{ app_data }}'
+    ]
+
+];
\ No newline at end of file
--- a/roles/humhub/templates/nginx_app.j2
+++ b/roles/humhub/templates/nginx_app.j2
+upstream php-handler{{ app_instance_id }} {
+    server unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
+}
+
+
+map $http_user_agent $log_ua {
+  ~Monit 0;
+  default 1;
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ app_domain | mandatory }};
+  # enforce https
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ app_domain }};
+
+  ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
+
+  # Add headers to serve security related headers
+  # Before enabling Strict-Transport-Security headers please read into this
+  # topic first.
+  # add_header Strict-Transport-Security "max-age=15768000;
+  # includeSubDomains; preload;";
+  #
+  # WARNING: Only add the preload option once you read about
+  # the consequences in https://hstspreload.org/. This option
+  # will add the domain to a hardcoded list that is shipped
+  # in all major browsers and getting removed from this list
+  # could take several months.
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag
+  add_header X-Download-Options noopen;
+  add_header X-Permitted-Cross-Domain-Policies none;
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua;
+  error_log {{ www_log }}/{{ app_instance_id }}/error.log;
+
+  include {{ app_instance_www_root }}/nginx/*.conf;
+
+
+  # set max upload size
+  client_max_body_size 512M;
+  fastcgi_buffers 64 4K;
+
+  # Enable gzip but do not remove ETag headers
+  gzip on;
+  gzip_vary on;
+  gzip_comp_level 4;
+  gzip_min_length 256;
+  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+  location / {
+
+    # Path to source
+    alias {{ app_instance_www_root }}/;
+
+    if ($scheme = http) {
+      rewrite ^ https://$server_name$request_uri? permanent;
+    }
+
+    index  index.php index.html ;
+    try_files $uri $uri/ /index.php?$args;
+
+    location ~ \.php$ {
+      if (!-e $request_filename) {
+        rewrite ^/?(.*)$ /_route.php?/$1 last;
+        break;
+      }
+      fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
+      fastcgi_index index.php;
+      include fastcgi_params;
+      fastcgi_param REMOTE_USER $remote_user;
+      fastcgi_param PATH_INFO $fastcgi_path_info;
+      fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+
+    location ~ ^/(protected|framework|themes/\w+/views|\.|uploads/file) {
+      deny all;
+    }
+
+    location ~ ^/(assets|static|themes|uploads) {
+      expires 10d;
+      add_header Cache-Control "public, no-transform";
+    }
+
+    # Increase size limit
+    client_max_body_size 2M;
+  }  
+
+}
--- a/roles/humhub/tests/inventory
+++ b/roles/humhub/tests/inventory
+localhost
+
--- a/roles/humhub/tests/test.yml
+++ b/roles/humhub/tests/test.yml
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - humhub
--- a/roles/humhub/vars/main.yml
+++ b/roles/humhub/vars/main.yml
+---
+app_program: "Humub"
+
+app_src_root_name: "humhub-{{ app_version }}"
+packages_list: [ "redis", "php{{ php_version }}-bz2", "php{{ php_version }}-redis", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-imagick", "php{{ php_version }}-curl", "php{{ php_version }}-bz2", "php{{ php_version }}-gd", "php{{ php_version }}-intl", "php{{ php_version }}-mysql", "php{{ php_version }}-zip", "php{{ php_version }}-apcu-bc", "php{{ php_version }}-apcu", "php{{ php_version }}-xml", "php{{ php_version }}-ldap" ]
+
+app_src: "https://www.humhub.com/download/package/humhub-{{ app_version }}.tar.gz"
+php_version: "7.4"
+
+app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data"
+
+app_group: "{{ app_user }}"
+
+database_type: "mysql"
+#database_name: "{{ app_instance_id }}_db"
+#database_user: "{{ app_instance_id }}_usr"
+#database_password: "{{ app_instance_id }}_pwd"