.gitignore

@@ -10,3 +10,4 @@ hz_token
 
 # IDE
 .idea
+.vscode

README.md

@@ -2,8 +2,8 @@
 
 *Proposition of **minimal** ansible roles, to host and maintain services on premise or in the cloud.* 
 
-Supported systems : **Ubuntu 20.04 LTS**
-partially : **debian 9**
+Supported systems : **Ubuntu 20.04+ LTS**
+partially : **debian 10+**
 
 Principles :
 

roles/_app_backup/templates/app_backup_postgres_docker.j2

@@ -4,6 +4,6 @@ when = everyday at {{ backup_app_service_conf_time | mandatory }}
 cd {{ backup_prod_dir }}/{{ app_instance_id }}
 rm {{ backup_prod_dir }}/{{ app_instance_id }}/{{ database_docker_name }}.sql
 chmod 777 {{ backup_prod_dir }}/{{ app_instance_id }}
-/usr/bin/docker run --rm --link {{ database_docker_name }}:db --net {{ database_docker_network }} -v {{ backup_prod_dir }}/{{ app_instance_id }}:/backup -e PGPASSWORD={{ database_password }} {{ postgres_docker_image }} pg_dumpall -h db -U postgres -f /backup/{{ database_docker_name }}_all.sql
+/usr/bin/docker run --rm --link {{ database_docker_name }}:db --net {{ database_docker_network }} -v {{ backup_prod_dir }}/{{ app_instance_id }}:/backup -e PGPASSWORD={{ database_password }} {{ postgres_docker_image }} pg_dumpall -h db -U {{ database_user | default("postgres") }} -f /backup/{{ database_docker_name }}_all.sql
 
 rc=$?; if [[ $rc != 0 ]]; then fatal "sql" ; fi
\ No newline at end of file

roles/adm_instance/scripts/install_composer.sh

@@ -11,8 +11,7 @@ then
     exit 1
 fi
 
-# La dernière version de composer qui supporte PHP 5.6 est 2.2.12
-php composer-setup.php --quiet  --version=2.2.12
+php composer-setup.php
 RESULT=$?
 rm composer-setup.php
 exit $RESULT

roles/adm_instance/tasks/main.yml

@@ -17,7 +17,7 @@
   - import_tasks: configure.yml
 
   - import_tasks: developt.yml
-    when: install_type == "dev"
+    when: env != "production"
 
   - name: "Enlève le mode maintenance"
     file:

roles/adm_instance/tasks/postinstall.yml

@@ -7,9 +7,25 @@
     tags:
       - postinstall
 
-  - name: "installs php requirements using 5.6 composer"
+  - name: "remove composer.lock directory"          
+    file:                                                    
+      path: "{{ app_instance_root }}/composer.lock"          
+      state: absent                                          
+    tags:     
+      - postinstall
+
+  - name: "installs php requirements using composer"
+    become_user: "{{ run_user }}"
+    command: "/usr/bin/php{{ php_version }} /usr/local/bin/composer -n update"
+    args:
+      chdir: "{{ app_instance_root }}/"
+    tags:
+      - never
+      - update_composer   
+
+  - name: "installs php requirements using composer"
     become_user: "{{ run_user }}"
-    command: /usr/bin/php5.6 /usr/local/bin/composer -n install
+    command: "/usr/bin/php{{ php_version }} /usr/local/bin/composer -n install"
     args:
       chdir: "{{ app_instance_root }}/"
     tags:
@@ -36,3 +52,13 @@
     tags:
       - postinstall
 
+  - name: "Cron de mise à jour des contacts sendinblue avec les membres actifs"
+    cron:
+      name: "Supprime et recrée les membres actifs dans sendinblue une fois par mois"
+      day: "14"
+      hour: "4"
+      minute: "30"
+      job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/bo_adm1/cron/updateMembres_Sendinblue.php"
+    tags:
+      - postinstall
+

roles/adm_instance/vars/main.yml

@@ -4,5 +4,4 @@
   database_type: "mysql"
   app_user_chrooted: no
   var_tar_files: var_files.tar.gz
-  install_type: "production"
 

roles/base_server/tasks/main.yml

 ---
-- import_role:
-    name: install_restic
-  tags:
-    - install_restic
 
 - import_tasks: base_packages.yml
 
@@ -10,6 +6,11 @@
 
 - import_tasks: local_settings.yml
 
+- import_role:
+    name: install_restic
+  tags:
+    - install_restic
+
 - import_tasks: base_backup.yml
 
 - import_tasks: base_restic.yml
@@ -37,4 +38,4 @@
   when: st_h_box_host is defined
   tags:
     - storagebox
-  
\ No newline at end of file
+  

roles/collabora_online_instance/defaults/main.yml

@@ -19,7 +19,7 @@
 
   app_instance_root: "{{ base_root_opt }}"
 
-  loolwsd_log_dest: "{{ base_prod_path }}/log/loolwsd"
+  coolwsd_log_dest: "{{ base_prod_path }}/log/coolwsd"
   # fatal, critical, error, warning, notice, information, debug, trace
   collabora_log_level: "error"
 

roles/collabora_online_instance/tasks/main.yml

@@ -6,10 +6,10 @@
   - import_role:
       name: _letsencrypt_certificate
 
-  - name: "log dest {{ loolwsd_log_dest }}"
+  - name: "log dest {{ coolwsd_log_dest }}"
     file:
       state: directory
-      path: "{{ loolwsd_log_dest }}"
+      path: "{{ coolwsd_log_dest }}"
       mode: "0777"
 
   - name: "apt key for collabora - paquerette"
@@ -26,9 +26,9 @@
       state: present
       update_cache: yes
 
-  - name: "install loolwsd"
+  - name: "install coolwsd"
     apt:
-      name: loolwsd
+      name: coolwsd
       state: latest
       update_cache: yes
 
@@ -41,28 +41,28 @@
   - name: "copy letsencrypt cert.pem"
     copy:
       src: "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem"
-      dest: "/etc/loolwsd/cert.pem"
+      dest: "/etc/coolwsd/cert.pem"
       mode: "0744"
       remote_src: yes
 
   - name: "copy letsencrypt privkey.pem"
     copy:
       src: "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem"
-      dest: "/etc/loolwsd/key.pem"
+      dest: "/etc/coolwsd/key.pem"
       mode: "0744"
       remote_src: yes
 
   - name: "copy letsencrypt chain.pem"
     copy:
       src: "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem"
-      dest: "/etc/loolwsd/chain.pem"
+      dest: "/etc/coolwsd/chain.pem"
       mode: "0744"
       remote_src: yes
 
   - name: "copy letsencrypt fullchain.pem"
     copy:
       src: "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem"
-      dest: "/etc/loolwsd/ca-chain.cert.pem"
+      dest: "/etc/coolwsd/ca-chain.cert.pem"
       mode: "0744"
       remote_src: yes
 
@@ -86,23 +86,23 @@
       minute: "{{ renew_cert_copy_minute }}"
       job: "{{ base_prod_options }}/collabora/collabora-renew-cert.sh"
 
-  - name: "template for loolwsd.xml"
+  - name: "template for coolwsd.xml"
     template:
-      src: loolwsd_xml.j2
-      dest: "/etc/loolwsd/loolwsd.xml"
+      src: coolwsd_xml.j2
+      dest: "/etc/coolwsd/coolwsd.xml"
       backup: yes
 
-  - name: Replace lool log file destination in service.
+  - name: Replace cool log file destination in service.
     replace:
-      path: /lib/systemd/system/loolwsd.service
+      path: /lib/systemd/system/coolwsd.service
       regexp: '\/var\/log.*$'
       replace: '/mnt/vdb/log'
 
-  - name: "reload and restart loolwsd service"
+  - name: "reload and restart coolwsd service"
     systemd:
       state: restarted
       daemon_reload: yes
-      name: loolwsd
+      name: coolwsd
 
   - name: "template nginx_collabora.j2 {{ collabora_domain }}"
     template:

roles/collabora_online_instance/templates/loolwsd_xml.j2 → roles/collabora_online_instance/templates/coolwsd_xml.j2

@@ -5,12 +5,12 @@
 
     <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
 
-    <tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/var/cache/loolwsd"></tile_cache_path>
+    <tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/var/cache/coolwsd"></tile_cache_path>
     <sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
     <lo_template_path desc="Path to a LibreOffice installation tree to be copied (linked) into the jails for child processes. Should be on the same file system as systemplate." type="path" relative="false" default="/opt/collaboraoffice6.0"></lo_template_path>
     <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
 
-    <server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default="">{{ collabora_domain }}</server_name>
+    <server_name desc="Hostname:port of the server running coolwsd. If empty, it's derived from the request." type="string" default="">{{ collabora_domain }}</server_name>
     <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
 
     <memproportion desc="The maximum percentage of system memory consumed by all of the LibreOffice Online, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
@@ -43,7 +43,7 @@
         <color type="bool">true</color>
         <level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">{{ collabora_log_level }}</level>
         <file enable="true">
-            <property name="path" desc="Log file path.">{{ loolwsd_log_dest }}/loolwsd.log</property>
+            <property name="path" desc="Log file path.">{{ coolwsd_log_dest }}/coolwsd.log</property>
             <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
             <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
             <property name="compress" desc="Enable/disable log file compression.">true</property>
@@ -61,7 +61,7 @@
     <loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
 
     <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
-        <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
+        <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/cooltrace-%.gz" compress="true" snapshot="false"></path>
         <filter>
             <message desc="Regex pattern of messages to exclude"></message>
         </filter>
@@ -72,7 +72,7 @@
 
     <net desc="Network settings">
       <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
-      <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
+      <listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
       <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
       <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
         <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
@@ -81,15 +81,15 @@
         <host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
         <host desc="The IPv6 loopback (localhost) address.">::1</host>
       </post_allow>
-      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
+      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
     </net>
 
     <ssl desc="SSL settings">
         <enable type="bool" default="true">true</enable>
-        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
-        <cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
-        <key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
-        <ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
+        <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
+        <cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
+        <key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path>
+        <ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path>
         <cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
         <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
             <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
@@ -131,10 +131,10 @@
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
         <username desc="The username of the admin console. Ignored if PAM is enabled."></username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password>
     </admin_console>
 
     <monitors desc="Addresses of servers we connect to on start for monitoring">
     </monitors>
 
-</config>
\ No newline at end of file
+</config>

roles/collabora_online_instance/templates/letsencrypt_cert_collabora.j2

@@ -2,15 +2,15 @@
 
 # Copy certificates files from lestencrypt to /etc/loowsd after renew of {{ collabora_domain }}
 
-cp "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem" "/etc/loolwsd/cert.pem"
-chmod 0744 "/etc/loolwsd/cert.pem"
+cp "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem" "/etc/coolwsd/cert.pem"
+chmod 0744 "/etc/coolwsd/cert.pem"
 
-cp "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem" "/etc/loolwsd/key.pem"
-chmod 0744 "/etc/loolwsd/key.pem"
+cp "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem" "/etc/coolwsd/key.pem"
+chmod 0744 "/etc/coolwsd/key.pem"
 
-cp "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem" "/etc/loolwsd/chain.pem"
-chmod 0744 "/etc/loolwsd/chain.pem"
+cp "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem" "/etc/coolwsd/chain.pem"
+chmod 0744 "/etc/coolwsd/chain.pem"
 
-cp "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem" "/etc/loolwsd/ca-chain.cert.pem"
-chmod 0744 "/etc/loolwsd/ca-chain.cert.pem"
+cp "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem" "/etc/coolwsd/ca-chain.cert.pem"
+chmod 0744 "/etc/coolwsd/ca-chain.cert.pem"
 

roles/collabora_online_instance/templates/nginx_collabora.j2

@@ -12,7 +12,7 @@ server {
     error_log {{ www_log | mandatory }}/{{ collabora_domain }}/error.log;
 
     # static files
-    location ^~ /loleaflet {
+    location ^~ /browser {
         proxy_pass https://localhost:{{ collabora_port | mandatory}};
         proxy_set_header Host $http_host;
     }
@@ -30,7 +30,7 @@ server {
     }
 
    # main websocket
-   location ~ ^/lool/(.*)/ws$ {
+   location ~ ^/cool/(.*)/ws$ {
        proxy_pass https://localhost:{{ collabora_port }};
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
@@ -39,13 +39,13 @@ server {
    }
 
    # download, presentation and image upload
-   location ~ ^/lool {
+   location ~ ^/(c|l)ool {
        proxy_pass https://localhost:{{ collabora_port }};
        proxy_set_header Host $http_host;
    }
 
    # Admin Console websocket
-   location ^~ /lool/adminws {
+   location ^~ /cool/adminws {
        proxy_pass https://localhost:{{ collabora_port }};
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";

roles/etherpad/.travis.yml

+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file

roles/etherpad/README.md

+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/etherpad/defaults/main.yml

+---
+# defaults file for etherpad
+app_version: 1.1.14
+
+app_user_chrooted: "yes"
+
+smtp_security: STARTTLS
+smtp_host: false
+smtp_user: null
+smtp_pass: null
+smtp_port: 587
+
+
+app_backup_data: "yes"
+
+etherpad_port: 9001
\ No newline at end of file

roles/etherpad/handlers/main.yml

+---
+# handlers file for etherpad
+- name: reload nginx web_app - Etherpad
+  service: name=nginx state=reloaded
+
+- name: reload php-fpm web_app - Etherpad
+  service: name=php{{ php_version }}-fpm state=reloaded
+
+  
\ No newline at end of file

roles/etherpad/meta/main.yml

+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/etherpad/tasks/install.yml

+---
+# tasks file for etherpad
+
+- name: "Install abiword for export features"
+  apt:
+    name: "abiword"
+    state: latest
+    update_cache: yes
+  tags: 
+    - abiword
+
+- import_role:
+    name: _web_app
+
+- name: "etherpad configuration for {{ app_domain }}"
+  template:
+    src: "app_etherpad.j2"
+    dest: "{{ app_instance_root }}/settings.json"
+  register: etherpad_conf
+
+- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}"
+  template:
+    src: "{{ rev_proxy }}_app.j2"
+    dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf"
+  when: app_wsgi == "no"
+  notify: reload {{ rev_proxy }} web_app
+  tags:
+    - etherpad_rev_proxy
+
+- name: "template etherpad_service.j2 {{ app_instance_id }}"
+  template:
+    src: etherpad_service.j2
+    dest: "/lib/systemd/system/{{ app_service }}"
+
+- name: "install dependencies and set permissions correctly"
+  shell: "cd {{ app_instance_root }} && src/bin/installDeps.sh"
+  become_user: "{{ app_user }}"
+
+- name: "start and enable service {{ app_service }}"
+  systemd:
+    name: "{{ app_service }}"
+    state: started
+    enabled: yes
+    daemon_reload: yes

roles/etherpad/tasks/main.yml

+---
+- import_tasks: install.yml
+  when: app_run in ['install', 'reinstall', 'upgrade']
+
+- import_tasks: uninstall.yml
+  when: app_run == 'uninstall'
\ No newline at end of file