Initial Commit

2024-04-17 09:40:56 -06:00 · 2024-04-17 09:40:56 -06:00 · ca53dd092c
commit ca53dd092c
parent 02dc8cb267
9 changed files with 613 additions and 0 deletions
--- a/roles/vikunja/tasks/main.yml
+++ b/roles/vikunja/tasks/main.yml
@ -0,0 +1,139 @@
+---
+# file: roles/vikunja/tasks/main.yml
+
+- name: Install vikunja
+  package:
+    name: "https://dl.vikunja.io/vikunja/0.23.0/vikunja-0.23.0-x86_64.rpm"
+    state: present
+    disable_gpg_check: True
+
+- name: Install nginx
+  package:
+    name: nginx
+    state: present
+
+- name: Deploy vikunja configuration file
+  template:
+    src: "config.yml.j2"
+    dest: "/etc/vikunja/config.yml"
+  notify: Restart vikunja
+
+- name: Start and enable vikunja services
+  service:
+    name: vikunja
+    state: started
+    enabled: yes
+  
+- name: Install mariadb packages
+  package:
+    name:
+      - mariadb-server
+    state: latest
+  when: vikunja_config_database_type == "mysql"
+
+- name: Install PyMySQL
+  pip:
+    name: pymysql
+    state: present
+  when: vikunja_config_database_type == "mysql"
+
+- name: Start and enable mariadb
+  service:
+    name: mariadb
+    state: started
+    enabled: yes
+  when: vikunja_config_database_type == "mysql"
+
+- name: Delete anonymous MySQL server user
+  mysql_user:
+    user: ""
+    host_all: yes
+    state: "absent"
+    check_implicit_admin: true
+    login_unix_socket: /var/lib/mysql/mysql.sock
+  when: vikunja_config_database_type == "mysql"
+
+- name: Remove the default MySQL test database
+  mysql_db:
+    db: test
+    state: absent
+    check_implicit_admin: true
+    login_unix_socket: /var/lib/mysql/mysql.sock
+  when: vikunja_config_database_type == "mysql"
+
+- name: Creating Vikunja DB
+  mysql_db:
+    name: "{{ vikunja_config_database_database }}"
+    state: present
+    encoding: utf8
+    check_implicit_admin: true
+    login_unix_socket: /var/lib/mysql/mysql.sock
+  when: vikunja_config_database_type == "mysql"
+
+- name: Creating Vikunja DB User
+  mysql_user:
+    name: "{{ vikunja_config_database_user }}"
+    password: "{{ vikunja_config_database_password }}"
+    priv: "{{ vikunja_config_database_database + '.*:ALL' }}"
+    state: present
+    check_implicit_admin: true
+    login_unix_socket: /var/lib/mysql/mysql.sock
+  when: vikunja_config_database_type == "mysql"
+
+- name: Deploy nginx configuration file
+  template:
+    src: "{{ vikunja_nginx_config }}"
+    dest: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
+  notify: Reload nginx
+
+- name: Allow nginx to read files in output dir
+  sefcontext:
+    target: "/etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
+    setype: httpd_config_t
+    state: present
+
+- name: Apply new SELinux file context to filesystem
+  command: "restorecon -irv /etc/nginx/conf.d/{{ vikunja_nginx_config_output }}"
+
+- name: Set selinuxuser_execmod flag
+  seboolean:
+    name:  selinuxuser_execmod
+    state: true
+    persistent: true
+
+- name: Set httpd_can_network_connect flag
+  seboolean:
+    name: httpd_can_network_connect
+    state: true
+    persistent: true
+
+- name: Enable firewall rule for access
+  firewalld:
+    port: "{{ vikunja_port }}"
+    permanent: yes
+    immediate: yes
+    state: enabled
+  notify: Reload firewalld
+  when: vikunja_access_ip == ""
+
+- name: "Enable firewall rule for access from Access IP"
+  firewalld:
+    rich_rule: 'rule family="ipv4" source address={{ vikunja_access_ip }} port port={{ vikunja_port.split("/").0 }} protocol={{ vikunja_port.split("/").1 }} accept'
+    permanent: yes
+    state: enabled
+    immediate: yes
+  notify: Reload firewalld
+  when: vikunja_access_ip != ""
+
+- name: Allow nginx to listen on port
+  seport:
+    ports: "{{ vikunja_port.split('/').0 }}"
+    proto: "{{ vikunja_port.split('/').1 }}"
+    setype: http_port_t
+    state: present
+
+- name: Start and enable nginx services
+  service:
+    name: nginx
+    state: started
+    enabled: yes