140 lines
3.5 KiB
YAML
140 lines
3.5 KiB
YAML
|
---
|
||
|
# file: roles/vikunja/tasks/main.yml
|
||
|
|
||
|
- name: Install vikunja
|
||
|
package:
|
||
|
name: "https://dl.vikunja.io/vikunja/0.23.0/vikunja-0.23.0-x86_64.rpm"
|
||
|
state: present
|
||
|
disable_gpg_check: True
|
||
|
|
||
|
- name: Install nginx
|
||
|
package:
|
||
|
name: nginx
|
||
|
state: present
|
||
|
|
||
|
- name: Deploy vikunja configuration file
|
||
|
template:
|
||
|
src: "config.yml.j2"
|
||
|
dest: "/etc/vikunja/config.yml"
|
||
|
notify: Restart vikunja
|
||
|
|
||
|
- name: Start and enable vikunja services
|
||
|
service:
|
||
|
name: vikunja
|
||
|
state: started
|
||
|
enabled: yes
|
||
|
|
||
|
- name: Install mariadb packages
|
||
|
package:
|
||
|
name:
|
||
|
- mariadb-server
|
||
|
state: latest
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Install PyMySQL
|
||
|
pip:
|
||
|
name: pymysql
|
||
|
state: present
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Start and enable mariadb
|
||
|
service:
|
||
|
name: mariadb
|
||
|
state: started
|
||
|
enabled: yes
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Delete anonymous MySQL server user
|
||
|
mysql_user:
|
||
|
user: ""
|
||
|
host_all: yes
|
||
|
state: "absent"
|
||
|
check_implicit_admin: true
|
||
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Remove the default MySQL test database
|
||
|
mysql_db:
|
||
|
db: test
|
||
|
state: absent
|
||
|
check_implicit_admin: true
|
||
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Creating Vikunja DB
|
||
|
mysql_db:
|
||
|
name: "{{ vikunja_config_database_database }}"
|
||
|
state: present
|
||
|
encoding: utf8
|
||
|
check_implicit_admin: true
|
||
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Creating Vikunja DB User
|
||
|
mysql_user:
|
||
|
name: "{{ vikunja_config_database_user }}"
|
||
|
password: "{{ vikunja_config_database_password }}"
|
||
|
priv: "{{ vikunja_config_database_database + '.*:ALL' }}"
|
||
|
state: present
|
||
|
check_implicit_admin: true
|
||
|
login_unix_socket: /var/lib/mysql/mysql.sock
|
||
|
when: vikunja_config_database_type == "mysql"
|
||
|
|
||
|
- name: Deploy nginx configuration file
|
||
|
template:
|
||
|
src: "{{ vikunja_nginx_config }}"
|
||
|
dest: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
|
||
|
notify: Reload nginx
|
||
|
|
||
|
- name: Allow nginx to read files in output dir
|
||
|
sefcontext:
|
||
|
target: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
|
||
|
setype: httpd_config_t
|
||
|
state: present
|
||
|
|
||
|
- name: Apply new SELinux file context to filesystem
|
||
|
command: "restorecon -irv /etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
|
||
|
|
||
|
- name: Set selinuxuser_execmod flag
|
||
|
seboolean:
|
||
|
name: selinuxuser_execmod
|
||
|
state: true
|
||
|
persistent: true
|
||
|
|
||
|
- name: Set httpd_can_network_connect flag
|
||
|
seboolean:
|
||
|
name: httpd_can_network_connect
|
||
|
state: true
|
||
|
persistent: true
|
||
|
|
||
|
- name: Enable firewall rule for access
|
||
|
firewalld:
|
||
|
port: "{{ vikunja_port }}"
|
||
|
permanent: yes
|
||
|
immediate: yes
|
||
|
state: enabled
|
||
|
notify: Reload firewalld
|
||
|
when: vikunja_access_ip == ""
|
||
|
|
||
|
- name: "Enable firewall rule for access from Access IP"
|
||
|
firewalld:
|
||
|
rich_rule: 'rule family="ipv4" source address={{ vikunja_access_ip }} port port={{ vikunja_port.split("/").0 }} protocol={{ vikunja_port.split("/").1 }} accept'
|
||
|
permanent: yes
|
||
|
state: enabled
|
||
|
immediate: yes
|
||
|
notify: Reload firewalld
|
||
|
when: vikunja_access_ip != ""
|
||
|
|
||
|
- name: Allow nginx to listen on port
|
||
|
seport:
|
||
|
ports: "{{ vikunja_port.split('/').0 }}"
|
||
|
proto: "{{ vikunja_port.split('/').1 }}"
|
||
|
setype: http_port_t
|
||
|
state: present
|
||
|
|
||
|
- name: Start and enable nginx services
|
||
|
service:
|
||
|
name: nginx
|
||
|
state: started
|
||
|
enabled: yes
|