Tyler/Ansible-SnipeIT
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial Commit

Browse source
This commit is contained in:
Tyler Hale 2024-05-15 08:23:37 -06:00
parent 64d337953c
commit 1d1f7735a0
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
10 changed files with 607 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

271
roles/snipeit/tasks/main.yml Normal file
View file

@ -0,0 +1,271 @@
---
# file: roles/snipeit/tasks/main.yml
- name: Install EPEL RPM
package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
disable_gpg_check: True
- name: Install packages
package:
name:
- nginx
- mariadb-server
- php
- php-mysqlnd
- php-json
- php-openssl
- php-pdo
- php-mbstring
- php-curl
- php-ldap
- php-fileinfo
- php-bcmath
- php-xml
- php-exif
- php-gd
- php-sodium
- php-zip
- git
state: latest
- name: Install PyMySQL
pip:
name: pymysql
state: present
- name: Start and enable php
service:
name: php-fpm
state: started
enabled: yes
- name: Start and enable mariadb
service:
name: mariadb
state: started
enabled: yes
- name: Delete anonymous MySQL server user
mysql_user:
user: ""
host_all: yes
state: "absent"
check_implicit_admin: true
login_unix_socket: /var/lib/mysql/mysql.sock
- name: Remove the default MySQL test database
mysql_db:
db: test
state: absent
check_implicit_admin: true
login_unix_socket: /var/lib/mysql/mysql.sock
- name: Creating DB
mysql_db:
name: "{{ snipeit_config_db_database }}"
state: present
encoding: "{{ snipeit_config_db_charset }}"
check_implicit_admin: true
login_unix_socket: /var/lib/mysql/mysql.sock
- name: Creating DB User
mysql_user:
name: "{{ snipeit_config_db_username }}"
password: "{{ snipeit_config_db_password }}"
priv: "{{ snipeit_config_db_database + '.*:ALL' }}"
state: present
check_implicit_admin: true
login_unix_socket: /var/lib/mysql/mysql.sock
- name: Create snipeit user
user:
name: "{{ snipeit_user }}"
shell: /sbin/nologin
comment: "nologin user"
groups: "apache,nginx"
state: present
system: yes
- name: Deploy nginx configuration file
template:
src: "{{ snipeit_nginx_config }}"
dest: "/etc/nginx/conf.d/{{ snipeit_nginx_config_output }}"
notify: Reload nginx
- name: Allow nginx to read config file
sefcontext:
target: "/etc/nginx/conf.d/{{ snipeit_nginx_config_output }}"
seuser: system_u
setype: httpd_config_t
state: present
notify: Restorecon nginx config
- name: Set httpd_unified flag
seboolean:
name: httpd_unified
state: true
persistent: true
- name: Set httpd_can_network_connect flag
seboolean:
name: httpd_can_network_connect
state: true
persistent: true
- name: Set httpd_can_sendmail flag
seboolean:
name: httpd_can_sendmail
state: true
persistent: true
- name: Ensure install directory exists
file:
path: "{{ snipeit_install_path }}"
state: directory
owner: "{{ snipeit_user }}"
group: "root"
- name: Clone the upstream repo
git:
repo: "https://github.com/snipe/snipe-it"
dest: "{{ snipeit_install_path }}"
force: yes
version: master
become_user: "{{ snipeit_user }}"
- name: Set owner to non-privileged user
file:
path: "{{ snipeit_install_path }}"
recurse: yes
owner: "{{ snipeit_user }}"
- name: Update storage directory to allow webserver access
file:
path: "{{ snipeit_install_path }}/storage"
recurse: yes
owner: "{{ snipeit_user }}"
group: apache
mode: '775'
- name: Set storage secontext definition
sefcontext:
target: "{{ snipeit_install_path }}/storage(/.*)?"
seuser: system_u
setype: httpd_sys_rw_content_t
state: present
notify: Restorecon snipeit storage
- name: Update public directory to allow webserver access
file:
path: "{{ snipeit_install_path }}/public"
recurse: yes
owner: "{{ snipeit_user }}"
group: apache
mode: '775'
- name: Set secontext definition
sefcontext:
target: "{{ snipeit_install_path }}/public(/.*)?"
seuser: system_u
setype: httpd_sys_content_t
state: present
notify: Restorecon snipeit public
- name: Update cache directory to allow webserver access
file:
path: "{{ snipeit_install_path }}/bootstrap/cache"
state: directory
recurse: yes
owner: "{{ snipeit_user }}"
group: apache
mode: '775'
- name: Set secontext definition
sefcontext:
target: "{{ snipeit_install_path }}/bootstrap/cache(/.*)?"
seuser: system_u
setype: httpd_sys_rw_content_t
state: present
notify: Restorecon snipeit cache
- name: Download composer
shell: curl -sS https://getcomposer.org/installer | php
args:
chdir: "{{ snipeit_install_path }}"
creates: "{{ snipeit_install_path }}/composer.phar"
register: composer_installed
- name: Install composer
shell: php composer.phar install --no-dev --prefer-source
args:
chdir: "{{ snipeit_install_path }}"
when: composer_installed.changed
- name: Check that .env file exists
stat:
path: "{{ snipeit_install_path }}/.env"
register: stat_result
- name: Capture app_key
block:
- name: Capture existing }/.env" file
slurp:
src: "{{ snipeit_install_path }}/.env"
register: envconfig
- name: Set fact
set_fact:
snipeit_config_app_key: "{{ envconfig['content'] | b64decode | regex_findall('(?<=APP_KEY=).*') | first }}"
when: envconfig['content'] | b64decode | regex_findall('(?<=APP_KEY=).*') != snipeit_config_app_key
when: stat_result.stat.exists
- name: Deploy env file
template:
src: "env.j2"
dest: "{{ snipeit_install_path }}/.env"
notify: Reload nginx
- name: Generate app key for fresh install
shell: "php artisan key:generate --force"
args:
chdir: "{{ snipeit_install_path }}"
when: not stat_result.stat.exists or snipeit_config_app_key == 'ChangeMe' and stat_result.stat.exists
- name: Enable firewall rule for access 80
firewalld:
port: "80/tcp"
permanent: yes
immediate: yes
state: enabled
notify: Reload firewalld
- name: Enable firewall rule for access 443
firewalld:
port: "443/tcp"
permanent: yes
immediate: yes
state: enabled
notify: Reload firewalld
- name: Allow nginx to listen on port 80
seport:
ports: "80"
proto: "tcp"
setype: http_port_t
state: present
- name: Allow nginx to listen on port 443
seport:
ports: "443"
proto: "tcp"
setype: http_port_t
state: present
- name: Start and enable nginx services
service:
name: nginx
state: started
enabled: yes