From 02a519f0f34f9be19d93d5ca10156110b717d116 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 16:41:13 +0200 Subject: [PATCH 01/16] init rustform role --- roles/rustform/README.md | 38 +++++++++++++++ roles/rustform/defaults/main.yml | 2 + roles/rustform/handlers/main.yml | 10 ++++ roles/rustform/tasks/install.yml | 33 ++++++++++++++ roles/rustform/tasks/main.yml | 10 ++++ roles/rustform/tasks/uninstall.yml | 0 roles/rustform/templates/config.j2 | 26 +++++++++++ roles/rustform/templates/nginx.j2 | 71 +++++++++++++++++++++++++++++ roles/rustform/templates/service.j2 | 10 ++++ roles/rustform/vars/main.yml | 2 + 10 files changed, 202 insertions(+) create mode 100644 roles/rustform/README.md create mode 100644 roles/rustform/defaults/main.yml create mode 100644 roles/rustform/handlers/main.yml create mode 100644 roles/rustform/tasks/install.yml create mode 100644 roles/rustform/tasks/main.yml create mode 100644 roles/rustform/tasks/uninstall.yml create mode 100644 roles/rustform/templates/config.j2 create mode 100644 roles/rustform/templates/nginx.j2 create mode 100644 roles/rustform/templates/service.j2 create mode 100644 roles/rustform/vars/main.yml diff --git a/roles/rustform/README.md b/roles/rustform/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/roles/rustform/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/rustform/defaults/main.yml b/roles/rustform/defaults/main.yml new file mode 100644 index 00000000..580794c4 --- /dev/null +++ b/roles/rustform/defaults/main.yml @@ -0,0 +1,2 @@ +--- +app_port: 3298 \ No newline at end of file diff --git a/roles/rustform/handlers/main.yml b/roles/rustform/handlers/main.yml new file mode 100644 index 00000000..f5ebee04 --- /dev/null +++ b/roles/rustform/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for rustform +- name: reload {{ rev_proxy }} + service: name={{ rev_proxy }} state=reloaded + +- name: restart {{ app_service }} service + service: + name: {{ app_service }} + state: restarted + \ No newline at end of file diff --git a/roles/rustform/tasks/install.yml b/roles/rustform/tasks/install.yml new file mode 100644 index 00000000..1c1bdc99 --- /dev/null +++ b/roles/rustform/tasks/install.yml @@ -0,0 +1,33 @@ +--- + +- name: Copy from binary from the Tower + copy: + src: {{ binary_src }} + dest: {{ binary_location }} + remote_src: true + +- name: Template configuration + template: + src: config.j2 + dest: "{{ app_instance_root }}/config.toml" + +- name: "start service {{ app_service }}" + systemd: + name: "{{ app_service }}" + state: started + enabled: yes + daemon_reload: yes + +- name: nginx configuration + template: + src: nginx.j2 + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + +- name: "enable site for {{ app_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} + + diff --git a/roles/rustform/tasks/main.yml b/roles/rustform/tasks/main.yml new file mode 100644 index 00000000..e773e015 --- /dev/null +++ b/roles/rustform/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- import_tasks: install.yml + when: app_run in ['install', 'reinstall'] + +- import_tasks: upgrade.yml + when: app_run == 'upgrade' + +- import_tasks: uninstall.yml + when: app_run == 'uninstall' \ No newline at end of file diff --git a/roles/rustform/tasks/uninstall.yml b/roles/rustform/tasks/uninstall.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 new file mode 100644 index 00000000..0e6d058f --- /dev/null +++ b/roles/rustform/templates/config.j2 @@ -0,0 +1,26 @@ +port = {{ app_port }} + +[smtp] +mail_from = "{{ mail_from }}" +user = "{{ mail_user }}" +password = "{{ mail_pwd }}" +security = "{{ mail_security }}" +url = "{{ mail_url }}" + +[mosparo] +privatekey = "{{ mosparo_privatkey }}" +publickey = "{{ mosparo_publickey }}" +url = "{{ mosparo_url }}" + + +[clients] + +{% for client in clients %} +[clients.{{ client.id }}] + mail = "{{ client.email }}" + subject = "{{ client.subject }}" + domain = "{{ client.domain }}" + mosparo = {{ client.mosparo }} +{% endfor%} + + diff --git a/roles/rustform/templates/nginx.j2 b/roles/rustform/templates/nginx.j2 new file mode 100644 index 00000000..71c9f4e1 --- /dev/null +++ b/roles/rustform/templates/nginx.j2 @@ -0,0 +1,71 @@ +server { + listen 80; + listen [::]:80; + server_name {{ app_domain }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ app_domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag + add_header X-Download-Options noopen; + add_header Strict-Transport-Security "max-age=15768000"; + + + access_log /mnt/vdb/log/nginx/{{ app_instance_id }}/access.log combined if=$log_ua; + error_log /mnt/vdb/log/nginx/{{ app_instance_id }}/error.log; + + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) + location ~ /\. { + deny all; + } + + # When site is in maintenance a maintenance.html file si present in root + # All the site is in 503 + if (-f $document_root/maintenance.html) { + return 503; + } + + # error 503 redirect to mainteance.html + error_page 503 @maintenance; + location @maintenance { + rewrite ^(.*)$ /maintenance.html break; + } + + location / { + proxy_pass http://localhost:{{ app_port }}/ ; + } +} diff --git a/roles/rustform/templates/service.j2 b/roles/rustform/templates/service.j2 new file mode 100644 index 00000000..277bb329 --- /dev/null +++ b/roles/rustform/templates/service.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=service d'envoi de mail à partir d'un formulaire +ConditionFileIsExecutable={{ binary_location }} + +[Service] +ExecStart={{ binary_location }} +WorkingDirectory={{ app_instance_root }} + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/rustform/vars/main.yml b/roles/rustform/vars/main.yml new file mode 100644 index 00000000..7c66ce3c --- /dev/null +++ b/roles/rustform/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for rustform -- GitLab From f59b60e5c1a8df71008717b2ef1812608159af60 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 16:49:56 +0200 Subject: [PATCH 02/16] Let's encrypt rustform role --- roles/rustform/tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/rustform/tasks/install.yml b/roles/rustform/tasks/install.yml index 1c1bdc99..3f2a29ac 100644 --- a/roles/rustform/tasks/install.yml +++ b/roles/rustform/tasks/install.yml @@ -1,5 +1,9 @@ --- +- name: Create LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + - name: Copy from binary from the Tower copy: src: {{ binary_src }} -- GitLab From 7920a2742a520b37cca594af78d63e3c7e44bd89 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:03:48 +0200 Subject: [PATCH 03/16] idem --- roles/rustform/defaults/main.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/rustform/defaults/main.yml b/roles/rustform/defaults/main.yml index 580794c4..1686a84f 100644 --- a/roles/rustform/defaults/main.yml +++ b/roles/rustform/defaults/main.yml @@ -1,2 +1,19 @@ --- -app_port: 3298 \ No newline at end of file +app_port: 3200 +binary_src: ./rust_form +binary_location: /usr/local/bin/rust_form + + +clients: + 0: + id: site_paquerette + email: paq@example.com + subject: Test + domain: paq.domain + mosparo: true + 1: + id: site_test + email: test@example.com + subject: Test + domain: test.domain + mosparo: false \ No newline at end of file -- GitLab From f95aa312e9c3cab0148d00b890894bed24369161 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:08:48 +0200 Subject: [PATCH 04/16] idem --- roles/rustform/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/rustform/tasks/install.yml b/roles/rustform/tasks/install.yml index 3f2a29ac..b9066815 100644 --- a/roles/rustform/tasks/install.yml +++ b/roles/rustform/tasks/install.yml @@ -6,8 +6,8 @@ - name: Copy from binary from the Tower copy: - src: {{ binary_src }} - dest: {{ binary_location }} + src: "{{ binary_src }}" + dest: "{{ binary_location }}" remote_src: true - name: Template configuration -- GitLab From 68c684927254ee466d19bcf3e15b64f2b7db4909 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:09:35 +0200 Subject: [PATCH 05/16] add upgrade empty file --- roles/rustform/tasks/upgrade.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/rustform/tasks/upgrade.yml diff --git a/roles/rustform/tasks/upgrade.yml b/roles/rustform/tasks/upgrade.yml new file mode 100644 index 00000000..e69de29b -- GitLab From 8f3f23d3b672c7dd9e62e18d54ad777471ebb844 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:10:49 +0200 Subject: [PATCH 06/16] linter correction --- roles/rustform/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/rustform/handlers/main.yml b/roles/rustform/handlers/main.yml index f5ebee04..404fdcbe 100644 --- a/roles/rustform/handlers/main.yml +++ b/roles/rustform/handlers/main.yml @@ -5,6 +5,6 @@ - name: restart {{ app_service }} service service: - name: {{ app_service }} + name: "{{ app_service }}" state: restarted \ No newline at end of file -- GitLab From 971e5f1fc809f2ae7158b179e328c4f4703e7a4a Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:17:31 +0200 Subject: [PATCH 07/16] add app_instance_root vars --- roles/rustform/defaults/main.yml | 3 +++ roles/rustform/tasks/install.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/rustform/defaults/main.yml b/roles/rustform/defaults/main.yml index 1686a84f..3bf6fda5 100644 --- a/roles/rustform/defaults/main.yml +++ b/roles/rustform/defaults/main.yml @@ -1,4 +1,7 @@ --- +app_program: RustForm +app_instance_root: "{{ www_root }}/{{ app_instance_id }}" +app_instance_www_root: "{{ app_instance_root }}" app_port: 3200 binary_src: ./rust_form binary_location: /usr/local/bin/rust_form diff --git a/roles/rustform/tasks/install.yml b/roles/rustform/tasks/install.yml index b9066815..5f3b6134 100644 --- a/roles/rustform/tasks/install.yml +++ b/roles/rustform/tasks/install.yml @@ -8,7 +8,7 @@ copy: src: "{{ binary_src }}" dest: "{{ binary_location }}" - remote_src: true + remote_src: false - name: Template configuration template: -- GitLab From 36ef34aee06cb5883fd15aea6e21e1d0bb515729 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:21:03 +0200 Subject: [PATCH 08/16] add default vars as empty string --- roles/rustform/templates/config.j2 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index 0e6d058f..bdc26463 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -1,16 +1,16 @@ port = {{ app_port }} [smtp] -mail_from = "{{ mail_from }}" -user = "{{ mail_user }}" -password = "{{ mail_pwd }}" -security = "{{ mail_security }}" -url = "{{ mail_url }}" +mail_from = "{{ mail_from | "" }}" +user = "{{ mail_user | "" }}" +password = "{{ mail_pwd | "" }}" +security = "{{ mail_security | "" }}" +url = "{{ mail_url | "" }}" [mosparo] -privatekey = "{{ mosparo_privatkey }}" -publickey = "{{ mosparo_publickey }}" -url = "{{ mosparo_url }}" +privatekey = "{{ mosparo_privatkey | "" }}" +publickey = "{{ mosparo_publickey | "" }}" +url = "{{ mosparo_url | "" }}" [clients] -- GitLab From 8537b5a12dbeeb611d7bc5fdf75a60d22d3a18f8 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:22:50 +0200 Subject: [PATCH 09/16] idemsq --- roles/rustform/templates/config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index bdc26463..ea9f210a 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -21,6 +21,6 @@ url = "{{ mosparo_url | "" }}" subject = "{{ client.subject }}" domain = "{{ client.domain }}" mosparo = {{ client.mosparo }} -{% endfor%} +{% endfor %} -- GitLab From 40faf409a099c69a63116923cda4fe1e59cea327 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 9 Oct 2023 17:28:40 +0200 Subject: [PATCH 10/16] idemsc --- roles/rustform/defaults/main.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/roles/rustform/defaults/main.yml b/roles/rustform/defaults/main.yml index 3bf6fda5..7b6caed2 100644 --- a/roles/rustform/defaults/main.yml +++ b/roles/rustform/defaults/main.yml @@ -8,15 +8,5 @@ binary_location: /usr/local/bin/rust_form clients: - 0: - id: site_paquerette - email: paq@example.com - subject: Test - domain: paq.domain - mosparo: true - 1: - id: site_test - email: test@example.com - subject: Test - domain: test.domain - mosparo: false \ No newline at end of file + - {id: site_paquerette, email: paq@example.com, subject: Test, domain: paq.domain, mosparo: true} + - {id: site_test, email: test@example.com, subject: Test, domain: test.domain, mosparo: false} \ No newline at end of file -- GitLab From 6df85cae93222a09cdaf25d23f60eaa73abd42da Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Tue, 10 Oct 2023 10:05:21 +0200 Subject: [PATCH 11/16] =?UTF-8?q?faire=20en=20sorte=20que=20=C3=A7a=20fonc?= =?UTF-8?q?tionne?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/rustform/defaults/main.yml | 5 +++-- roles/rustform/tasks/install.yml | 11 +++++++++++ roles/rustform/templates/config.j2 | 18 +++++++++--------- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/roles/rustform/defaults/main.yml b/roles/rustform/defaults/main.yml index 7b6caed2..ce9c1ddd 100644 --- a/roles/rustform/defaults/main.yml +++ b/roles/rustform/defaults/main.yml @@ -5,8 +5,9 @@ app_instance_www_root: "{{ app_instance_root }}" app_port: 3200 binary_src: ./rust_form binary_location: /usr/local/bin/rust_form - +app_service: "{{ app_instance_id }}" +rev_proxy: nginx clients: - {id: site_paquerette, email: paq@example.com, subject: Test, domain: paq.domain, mosparo: true} - - {id: site_test, email: test@example.com, subject: Test, domain: test.domain, mosparo: false} \ No newline at end of file + - {id: site_test, email: test@example.com, subject: Test, domain: test.domain, mosparo: false} diff --git a/roles/rustform/tasks/install.yml b/roles/rustform/tasks/install.yml index 5f3b6134..78ffed09 100644 --- a/roles/rustform/tasks/install.yml +++ b/roles/rustform/tasks/install.yml @@ -1,5 +1,10 @@ --- +- name: create directory + file: + path: "{{ app_instance_root }}" + state: directory + - name: Create LetsEncrypt certificate import_role: name: _letsencrypt_certificate @@ -9,12 +14,18 @@ src: "{{ binary_src }}" dest: "{{ binary_location }}" remote_src: false + mode: '0755' - name: Template configuration template: src: config.j2 dest: "{{ app_instance_root }}/config.toml" +- name: systemd configuration + template: + src: service.j2 + dest: "/etc/systemd/system/{{ app_instance_id }}.service" + - name: "start service {{ app_service }}" systemd: name: "{{ app_service }}" diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index ea9f210a..c384639b 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -1,16 +1,16 @@ port = {{ app_port }} [smtp] -mail_from = "{{ mail_from | "" }}" -user = "{{ mail_user | "" }}" -password = "{{ mail_pwd | "" }}" -security = "{{ mail_security | "" }}" -url = "{{ mail_url | "" }}" +mail_from = "{{ mail_from | default('') }}" +user = "{{ mail_user | default('') }}" +password = "{{ mail_pwd | default('') }}" +security = "{{ mail_security | default('') }}" +url = "{{ mail_url | default('') }}" [mosparo] -privatekey = "{{ mosparo_privatkey | "" }}" -publickey = "{{ mosparo_publickey | "" }}" -url = "{{ mosparo_url | "" }}" +privatekey = "{{ mosparo_privatkey | default('') }}" +publickey = "{{ mosparo_publickey | default('') }}" +url = "{{ mosparo_url | default('') }}" [clients] @@ -20,7 +20,7 @@ url = "{{ mosparo_url | "" }}" mail = "{{ client.email }}" subject = "{{ client.subject }}" domain = "{{ client.domain }}" - mosparo = {{ client.mosparo }} + mosparo = "{{ client.mosparo }}" {% endfor %} -- GitLab From 71b78474b97e369a023fa33967c7512e97d1f552 Mon Sep 17 00:00:00 2001 From: Tobias Date: Tue, 10 Oct 2023 08:28:37 +0000 Subject: [PATCH 12/16] Update README.md --- roles/rustform/README.md | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/roles/rustform/README.md b/roles/rustform/README.md index 225dd44b..ef5d1381 100644 --- a/roles/rustform/README.md +++ b/roles/rustform/README.md @@ -1,17 +1,25 @@ -Role Name -========= +# RustForm -A brief description of the role goes here. +Install [RustForm](https://git.paquerette.eu/paquerette/developpements/rust-form) in the server. + +## Files created + +This role create the following files :  + + - **/etc/nginx/site-available/INSTANCE_ID.conf** + - **/usr/local/bin/rust_form** + - **/etc/systemd/system/INSTANCE_ID.service** + - Requirements ------------ -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + - Compile rust_form and download binary Role Variables -------------- -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + Dependencies ------------ -- GitLab From 2103fee3bf9345daf2c18d889b7ea81f5dc04d21 Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Wed, 11 Oct 2023 08:48:46 +0200 Subject: [PATCH 13/16] improve documentation --- roles/nextcloud_instance/readme.md | 39 ++++++++++++++++++------------ roles/postgres_server/readme.md | 0 2 files changed, 23 insertions(+), 16 deletions(-) create mode 100644 roles/postgres_server/readme.md diff --git a/roles/nextcloud_instance/readme.md b/roles/nextcloud_instance/readme.md index c93e4d8c..1902b8e0 100644 --- a/roles/nextcloud_instance/readme.md +++ b/roles/nextcloud_instance/readme.md @@ -1,32 +1,39 @@ # Nextcloud -## Create a volume +## Files created -Requires hetzner cloud api : -Ref : https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/index.html#plugins-in-hetzner-hcloud - -sudo pip install cloud -ansible-galaxy collection install hetzner.hcloud - -./play.py vps11.paquerette.eu nc_tel install -e "hcloud_token=rUJSKemnDGElZiHF" --apply-tags=volumes +## Files modified -## Créer un volume +## Create new instance : Custom steps -Il est requis d'avoir l'API de hetzner (cloud) +### Create a volume -`sudo pip install cloud` +#### Why using volume ? +We choose to use volume for Nextcloud data storage. This has the following benefits :  -`ansible-galaxy collection install hetzner.hcloud` + - We use small VPS, this allow us to have nextcloud with big storage + - Changing space for client is only increasing storage volume + - Removing client is easier by removing volume + +#### How-To -`./play.py vps11.paquerette.eu nc_tel install -e "hcloud_token=rUJSKemnDGElZiHF" --apply-tags=volume` +Requires hetzner cloud api : +Ref : https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/index.html#plugins-in-hetzner-hcloud -## Créer une instance +sudo pip install cloud +ansible-galaxy collection install hetzner.hcloud +./play.py vps11.paquerette.eu nc_tel install -e "hcloud_token=MY_TOKEN" --apply-tags=volumes -## Mettre à jour une instance +## Update instance 1. Prévenir les clients concernés par un message sur un canal de leur choix 2. Vérifier les sauvegardes 3. Modifier les variables `app_version` et `app_old_version` pour les faire correspondre `app_old_version` à la version actuelle de `app_version` puis mettre dernière version voulu sur `app_version`. 4. Lancer la commande de mise à jour (en remplaçant les éléments) -`./play.py SERVEUR NOMINSTANCE upgrade` \ No newline at end of file +`./play.py SERVEUR NOMINSTANCE upgrade` + +## TODO improve role + + - [ ] improve documentation + - [ ] Create strong admin password \ No newline at end of file diff --git a/roles/postgres_server/readme.md b/roles/postgres_server/readme.md new file mode 100644 index 00000000..e69de29b -- GitLab From 5a895ed739d89e50b9e95c09c33855348d9bfb76 Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Wed, 11 Oct 2023 22:21:04 +0200 Subject: [PATCH 14/16] improve doc and config template --- roles/rustform/README.md | 61 ++++++++++++++++-------------- roles/rustform/templates/config.j2 | 10 +++-- 2 files changed, 39 insertions(+), 32 deletions(-) diff --git a/roles/rustform/README.md b/roles/rustform/README.md index ef5d1381..d4ffe8dc 100644 --- a/roles/rustform/README.md +++ b/roles/rustform/README.md @@ -6,41 +6,46 @@ Install [RustForm](https://git.paquerette.eu/paquerette/developpements/rust-form This role create the following files :  - - **/etc/nginx/site-available/INSTANCE_ID.conf** - - **/usr/local/bin/rust_form** - - **/etc/systemd/system/INSTANCE_ID.service** - - + - **/etc/nginx/site-available/{{ app_instance_id }}.conf** + - **{{ binary_location }}** + - **/etc/systemd/system/{{ app_instance_id }}.service** + - **{{ app_instance_root}} -Requirements ------------- +## Files modified - - Compile rust_form and download binary +## Role dependency -Role Variables --------------- +- _letsencrypt_certificate +## Role Variables +### Default -Dependencies ------------- + - app_program: RustForm + - app_instance_root: "{{ www_root }}/{{ app_instance_id }}" + - app_instance_www_root: "{{ app_instance_root }}" + - app_port: 3200 + - binary_src: ./rust_form + - binary_location: /usr/local/bin/rust_form + - app_service: "{{ app_instance_id }}" + - rev_proxy: nginx -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. +### host_vars -Example Playbook ----------------- + - app_instance_id + - app_domain + - mosparo : + - privatekey: MY_PRIVATE_KEY + - publickey: MY_PUBLIC_KEY + - url: URL + - clients: + - {id: site_paquerette, email: paq@example.com, subject: Test, domain: paq.domain, mosparo: true} + - {id: site_test, email: test@example.com, subject: Test, domain: test.domain, mosparo: false} + +## Role dependencies -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + - _letsencrypt_certificate + +## Custom informations - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). + - You must compile and download binary before using role. \ No newline at end of file diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index c384639b..f1697d38 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -7,11 +7,13 @@ password = "{{ mail_pwd | default('') }}" security = "{{ mail_security | default('') }}" url = "{{ mail_url | default('') }}" -[mosparo] -privatekey = "{{ mosparo_privatkey | default('') }}" -publickey = "{{ mosparo_publickey | default('') }}" -url = "{{ mosparo_url | default('') }}" +{% if mosparo %} +[mosparo] +privatekey = "{{ mosparo.privatkey }}" +publickey = "{{ mosparo.publickey }}" +url = "{{ mosparo.url }}" +{% endif %} [clients] -- GitLab From be88258577a9a91746cc94797b61a7493cbe8ef6 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Wed, 11 Oct 2023 23:18:08 +0200 Subject: [PATCH 15/16] fix wrong config and improve documentation --- roles/rustform/README.md | 36 +++++++++++++++++++++--------- roles/rustform/templates/config.j2 | 15 +++++++------ roles/rustform/templates/nginx.j2 | 2 +- 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/roles/rustform/README.md b/roles/rustform/README.md index d4ffe8dc..9b817812 100644 --- a/roles/rustform/README.md +++ b/roles/rustform/README.md @@ -32,15 +32,26 @@ This role create the following files :  ### host_vars - - app_instance_id - - app_domain - - mosparo : - - privatekey: MY_PRIVATE_KEY - - publickey: MY_PUBLIC_KEY - - url: URL - - clients: - - {id: site_paquerette, email: paq@example.com, subject: Test, domain: paq.domain, mosparo: true} - - {id: site_test, email: test@example.com, subject: Test, domain: test.domain, mosparo: false} +```yaml + app_instance_id + app_domain + mosparo : + privatekey: MY_PRIVATE_KEY + publickey: MY_PUBLIC_KEY + url: URL + clients: + - id: CLIENT_ID + email: "EMAIL@DOMAIN.TLD + subject: "SUBJECT PROMPT" + domain: "WEBSITE_DOMAIN" + mosparo: true/fals + mail: + from: MAIL@FROM.TLD + user: USER + pwd: "MY_STRONG_PASSWORD" + security: starttls + port: 587 + url: mail.server.tld ## Role dependencies @@ -48,4 +59,9 @@ This role create the following files :  ## Custom informations - - You must compile and download binary before using role. \ No newline at end of file + - You must compile and download binary before using role. + +## TODO + +- [ ] remove duplicate value like app_domain +- [ ] set more default values like mail port and security diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index f1697d38..d65f6733 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -1,16 +1,17 @@ port = {{ app_port }} [smtp] -mail_from = "{{ mail_from | default('') }}" -user = "{{ mail_user | default('') }}" -password = "{{ mail_pwd | default('') }}" -security = "{{ mail_security | default('') }}" -url = "{{ mail_url | default('') }}" +mail_from = "{{ mail.from}}" +user = "{{ mail.user }}" +password = "{{ mail.pwd }}" +security = "{{ mail.security }}" +port = {{ mail.port }} +url = "{{ mail.url }}" {% if mosparo %} [mosparo] -privatekey = "{{ mosparo.privatkey }}" +privatekey = "{{ mosparo.privatekey }}" publickey = "{{ mosparo.publickey }}" url = "{{ mosparo.url }}" {% endif %} @@ -22,7 +23,7 @@ url = "{{ mosparo.url }}" mail = "{{ client.email }}" subject = "{{ client.subject }}" domain = "{{ client.domain }}" - mosparo = "{{ client.mosparo }}" + mosparo = {{ client.mosparo }} {% endfor %} diff --git a/roles/rustform/templates/nginx.j2 b/roles/rustform/templates/nginx.j2 index 71c9f4e1..c419f9d8 100644 --- a/roles/rustform/templates/nginx.j2 +++ b/roles/rustform/templates/nginx.j2 @@ -32,7 +32,7 @@ server { add_header Strict-Transport-Security "max-age=15768000"; - access_log /mnt/vdb/log/nginx/{{ app_instance_id }}/access.log combined if=$log_ua; + access_log /mnt/vdb/log/nginx/{{ app_instance_id }}/access.log; error_log /mnt/vdb/log/nginx/{{ app_instance_id }}/error.log; -- GitLab From e2972853866edcbb644afaf305ed48a4f87eccb4 Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Thu, 9 Nov 2023 14:36:05 +0100 Subject: [PATCH 16/16] don't use empty var --- roles/rustform/templates/config.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/rustform/templates/config.j2 b/roles/rustform/templates/config.j2 index d65f6733..e8e2908b 100644 --- a/roles/rustform/templates/config.j2 +++ b/roles/rustform/templates/config.j2 @@ -1,12 +1,19 @@ port = {{ app_port }} [smtp] +<<<<<<< HEAD mail_from = "{{ mail.from}}" user = "{{ mail.user }}" password = "{{ mail.pwd }}" security = "{{ mail.security }}" port = {{ mail.port }} url = "{{ mail.url }}" +mail_from = "{{ mail.from }}" +user = "{{ mail.user }}" +password = "{{ mail.pwd }}" +security = "{{ mail.security }}" +url = "{{ mail.url }}" +>>>>>>> b4e5402 (don't use empty var) {% if mosparo %} -- GitLab