.vscode/
.stdusr
+.ansible/
+# V0.1.4 rocketchat
+
+- new:deno_install.yaml
+- new: nodejs_install.yaml
+- new: nodejs_repository.yaml
+- new: mongodb_repository.yaml
+- new: mongodb_install.yaml
+- new: rocketchat_install.yaml
+- new: templates.apps
+
+
+# V0.1.3 php, ssl, sys_fetch
+
# V0.1.2 Korrekturen, SFTP
- 90_wartung: Korrektur Playbookname
--- /dev/null
+# Installation von RocketChat
+
+# Abhängigkeiten
+```
+ansible-playbook playbooks/mongodb_repository.yaml
+ansible-playbook playbooks/mongodb_install.yaml
+ansible-playbook playbooks/nodejs_repository.yaml
+ansible-playbook playbooks/nodejs_install.yaml
+ansible-playbook playbooks/deno_install.yaml
+# vars/rocketchat.yaml edieren
+ansible-playbook playbooks/rocketchat_install.yaml
+ansible-playbook ssl_create_certificate.yaml -e domain=
+ansible-playbook lets_create_certificate.yaml -e domain=
+
+```
+
--- /dev/null
+- name: Installs the JavaScript runtime Deno
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # deno_version: default: latest version will be installed
+ # deno_base: default: /opt/deno
+
+ hosts: all
+ vars:
+ deno_base: "/opt/deno"
+ # deno_version: if empty, the latest version will be installed
+ # if set, it will install the specified version
+ # Example: v2.4.4
+ # curl -s https://dl.deno.land/release-latest.txt
+ deno_version: ""
+ vars_files:
+ - ../vars/common.yaml
+ tasks:
+ - name: Ensure /opt/downloads directory exists
+ ansible.builtin.file:
+ path: /opt/downloads
+ state: directory
+ mode: '0755'
+ - name: Test if directory exists
+ ansible.builtin.stat:
+ path: "{{ deno_base }}"
+ register: deno_dir
+ - name: Download Deno
+ # get_url does not work: redirections
+ ansible.builtin.command:
+ cmd: "curl -fsSL https://deno.land/install.sh -o /opt/downloads/deno_install.sh"
+ creates: /opt/downloads/deno_install.sh
+ - name: ensure deno_install.sh is executable
+ ansible.builtin.file:
+ path: /opt/downloads/deno_install.sh
+ mode: '0755'
+ - name: Install Deno
+ ansible.builtin.shell:
+ cmd: /opt/downloads/deno_install.sh
+ creates: "{{ deno_base }}/bin/deno"
+ environment:
+ DENO_INSTALL: "{{ deno_base }}"
+ deno_version: "{{ deno_version }}"
+ when: deno_dir.stat.exists == false
+ - name: Create symlink for Deno
+ ansible.builtin.file:
+ src: "{{ deno_base }}/bin/deno"
+ dest: /usr/local/bin/deno
+ state: link
+ force: true
--- /dev/null
+- name: Installs a MongoDB database server
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # see vars/rocketchat.yaml
+
+ hosts: all
+ vars_files:
+ - ../vars/common.yaml
+ tasks:
+ - name: Install MongoDB package
+ ansible.builtin.apt:
+ name: "mongodb-org"
+ state: present
+ update_cache: yes
+
+ - name: Ensure MongoDB is started and enabled
+ service:
+ name: mongod
+ state: started
+ enabled: yes
\ No newline at end of file
--- /dev/null
+---
+- name: Installs a MongoDB repository for apt
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # mongodb_version: the wanted version. Default: "8.0"
+
+ hosts: all
+ vars:
+ mongodb_version: "8.0"
+ vars_files:
+ - ../vars/common.yaml
+ tasks:
+ - name: Ensure keyrings directory exists
+ ansible.builtin.file:
+ path: /etc/apt/keyrings
+ state: directory
+ mode: '0755'
+
+ - name: Download MongoDB GPG ASCII key
+ ansible.builtin.get_url:
+ url: "https://pgp.mongodb.com/server-{{ mongodb_version }}.asc"
+ dest: /etc/apt/keyrings/mongodb.asc
+ mode: '0644'
+
+ - name: Convert MongoDB key to GPG binary format
+ ansible.builtin.command:
+ cmd: gpg --dearmor -o /etc/apt/keyrings/mongodb.gpg /etc/apt/keyrings/mongodb.asc
+ creates: /etc/apt/keyrings/mongodb.gpg
+
+ - name: Ensure MongoDB GPG key has correct permissions
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/mongodb.gpg
+ mode: '0644'
+
+ - name: Add MongoDB repository
+ ansible.builtin.apt_repository:
+ # Note: there is no trixie version yet, so we use bookworm
+ repo: "deb [signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/{{ mongodb_version }} main"
+ state: present
+ filename: mongodb-org
+
+ - name: Update apt cache
+ ansible.builtin.apt:
+ update_cache: yes
--- /dev/null
+- name: Installs the nodes packages (JavaScript, Node.js, npm, etc.)
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+
+ hosts: all
+ vars_files:
+ - ../vars/common.yaml
+ tasks:
+ - name: Install Node.js
+ ansible.builtin.apt:
+ name: "{{ item }}"
+ state: present
+ with_items: [nodejs, npm]
--- /dev/null
+---
+- name: Installs a node.js repository for apt
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # nodejs_version: the wanted version. Default: "22.0"
+
+ hosts: all
+ vars:
+ nodejs_version: "22"
+ vars_files:
+ - ../vars/common.yaml
+ tasks:
+ - name: Ensure keyrings directory exists
+ ansible.builtin.file:
+ path: /etc/apt/keyrings
+ state: directory
+ mode: '0755'
+
+ - name: Download Node.js GPG ASCII key
+ ansible.builtin.get_url:
+ url: "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key"
+ dest: /etc/apt/keyrings/nodejs.asc
+ mode: '0644'
+
+ - name: Convert Node.js key to GPG binary format
+ ansible.builtin.command:
+ cmd: "gpg --dearmor -o /etc/apt/keyrings/nodejs.gpg /etc/apt/keyrings/nodejs.asc"
+ creates: /etc/apt/keyrings/nodejs.gpg
+
+ - name: Ensure Node.js GPG key has correct permissions
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/nodejs.gpg
+ mode: '0644'
+
+ - name: Add Node.js repository
+ ansible.builtin.apt_repository:
+ # Note: there is no trixie version yet, so we use bookworm
+ repo: "deb [signed-by=/etc/apt/keyrings/nodejs.gpg] https://deb.nodesource.com/node_{{ nodejs_version }}.x nodistro main"
+ state: present
+ filename: nodejs
+
+ - name: Preferences for nsolid package
+ ansible.builtin.copy:
+ content: |
+ Package: nsolid
+ Pin: origin deb.nodesource.com
+ Pin-Priority: 600
+ dest: /etc/apt/preferences.d/nsolid
+ mode: '0644'
+
+ - name: Preferences for nodejs package
+ ansible.builtin.copy:
+ content: |
+ Package: nodejs
+ Pin: origin deb.nodesource.com
+ Pin-Priority: 600
+ dest: /etc/apt/preferences.d/nodejs
+ mode: '0644'
+
+ - name: Update apt cache
+ ansible.builtin.apt:
+ update_cache: yes
--- /dev/null
+- name: Installs a rocketchat server
+ # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com")
+ # see vars/rocketchat.yaml
+
+ hosts: all
+
+ vars_files:
+ - ../vars/common.yaml
+ - ../vars/rocketchat.yaml
+ tasks:
+ - name: Test if deno is installed
+ ansible.builtin.command:
+ cmd: deno --version
+ register: deno_version
+ ignore_errors: true
+ - name: Stop if Deno is not installed
+ ansible.builtin.fail:
+ msg: "Deno is not installed. Please install Deno first."
+ when: deno_version.rc != 0
+ - name: Test if mongodb is installed
+ ansible.builtin.stat:
+ path: '/usr/bin/mongod'
+ register: file_check
+ - name: Stop if MongoDB is not installed
+ ansible.builtin.fail:
+ msg: "MongoDB is not installed. Please install MongoDB first."
+ when: file_check.stat.exists == false
+ - name: Create a use rocketchat
+ ansible.builtin.user:
+ name: rocketchat
+ shell: /bin/bash
+ home: "{{ rocketchat_base }}"
+ uid: "{{ rocketchat_user_id }}"
+ - name: Create a replication set if not exists
+ ansible.builtin.include_tasks: ../tasks/t_mongodb_replication_set.yaml
+ - name: Create directories for rocketchat
+ ansible.builtin.file:
+ path: "{{ rocketchat_base }}"
+ state: directory
+ mode: '0775'
+ owner: rocketchat
+ group: www-data
+ - name: Tests if the directory bundle/programs/server exists
+ ansible.builtin.stat:
+ path: "{{ rocketchat_base }}/bundle/programs/server"
+ register: rocketchat_bundle
+ - name: Download TAR
+ # Note: get_url does not work (redirections?)
+ ansible.builtin.command: "/usr/bin/curl -L https://releases.rocket.chat/{{ rocketchat_version }}/download -o /opt/downloads/rocketchat.tar.gz"
+ args:
+ creates: /opt/downloads/rocketchat.tar.gz
+ - name: Extract rocketchat
+ ansible.builtin.unarchive:
+ src: /opt/downloads/rocketchat.tar.gz
+ dest: "{{ rocketchat_base }}"
+ remote_src: yes
+ when: rocketchat_bundle.stat.exists == false
+ - name: Change ownership of rocketchat files
+ ansible.builtin.command:
+ cmd: "chown -R rocketchat:www-data {{ rocketchat_base }}"
+ - name: Populate the dependencies
+ # become_user does not work
+ ansible.builtin.command:
+ cmd: "sudo -u rocketchat npm install"
+ args:
+ chdir: "{{ rocketchat_base }}/bundle/programs/server"
+ - name: Create a NGINX configuration
+ ansible.builtin.template:
+ src: ../templates.apps/nginx/rocketchat.j2
+ dest: /etc/nginx/sites-available/{{ rocketchat_domain }}
+ mode: '0644'
+ notify: Reload nginx
+ - name: Create a symbolic link for NGINX
+ ansible.builtin.file:
+ src: ../sites-available/{{ rocketchat_domain }}
+ dest: /etc/nginx/sites-enabled/{{ rocketchat_domain }}
+ state: link
+ force: true
+ - name: Create a systemd service for rocketchat
+ ansible.builtin.template:
+ src: ../templates.apps/systemd/rocketchat.service.j2
+ dest: /etc/systemd/system/rocketchat.service
+ mode: '0644'
+ notify: Reload systemd
+ - name: Start rocketchat service
+ ansible.builtin.systemd:
+ name: rocketchat
+ state: started
+ enabled: true
+ - name: Wait for rocketchat to be available
+ ansible.builtin.wait_for:
+
+ handlers:
+ - name: Reload nginx
+ ansible.builtin.service:
+ name: nginx
+ state: reloaded
+ - name: Reload systemd
+ ansible.builtin.command: "systemctl daemon-reload"
\ No newline at end of file
---
-# Copys files specified by a wildcard pattern from the source directory to the destination directory.
+# Copies files specified by a wildcard pattern from the source directory to the destination directory.
# needed facts (variables):
# - src_dir: source directory
# - src_relative: source directory relative link target
--- /dev/null
+---
+# Tests whether the replication set rs01 exists or create it if not
+- name: Test whether the line "replSetName rs01" exists
+ ansible.builtin.shell: 'grep -q "replSetName: rs01" /etc/mongod.conf'
+ register: grep_result
+ failed_when: false
+
+- name: Insert "replSetName.. rs01" behind "replication" in /etc/mongod.conf
+ ansible.builtin.lineinfile:
+ path: /etc/mongod.conf
+ insertafter: '^#replication'
+ line: "replication:\n replSetName: rs01"
+ when: grep_result.rc != 0
+
+- name: Restart the mongod service
+ ansible.builtin.service:
+ name: mongod
+ state: restarted
+ when: grep_result.rc != 0
+
+- name: Activate the replication
+ ansible.builtin.shell: "mongosh --eval 'printjson(rs.initiate())'"
+ when: grep_result.rc != 0
+
+
--- /dev/null
+server {
+ listen 80;
+ server_name {{ rocketchat_domain }};
+ include snippets/letsencrypt.conf;
+ root /srv/www/{{ rocketchat_domain }};
+ location / {
+ return 301 https://$server_name$request_uri; # enforce https
+ }
+}
+
+server {
+ #listen 443 ssl http2;
+ listen 443 ssl;
+ server_name {{ rocketchat_domain }};
+ access_log /var/log/nginx/a_rchat.log;
+ error_log /var/log/nginx/e_rchat.log;
+
+ ssl_certificate /etc/letsencrypt/live/{{ rocketchat_domain }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ rocketchat_domain }}/privkey.pem;
+ #ssl_certificate /etc/ssl/certs/{{ rocketchat_domain }}.pem;
+ #ssl_certificate_key /etc/ssl/private/{{ rocketchat_domain }}.key;
+ location / {
+ proxy_pass https://127.0.0.1:{{ rocketchat_port }};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+
--- /dev/null
+[Unit]
+Description=The Rocket.Chat server
+After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
+[Service]
+ExecStart=/usr/bin/nodejs {{ rocketchat_base }}/bundle/main.js
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=rocketchat
+User=rocketchat
+Environment="BIND_IP=127.0.0.1"
+Environment="RELEASE={{ rocketchat_version }}"
+Environment="ROOT_URL=https://{{ rocketchat_domain }}"
+Environment="PORT={{ rocketchat_port }}"
+Environment="MONGO_URL={{ rocketchat_mongo_url }}"
+# remove if first login was successful
+Environment="ADMIN_USERNAME={{ rocketchat_admin_username }}"
+Environment="ADMIN_NAME={{ rocketchat_admin_name }}"
+Environment="ADMIN_PASS={{ rocketchat_admin_pass }}"
+Environment="ADMIN_EMAIL={{ rocketchat_admin_email }}"
+Environment="APPS_ENGINE_RUNTIME_TIMEOUT={{ rocketchat_timeout_ms }}"
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=The Rocket.Chat server
+After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
+[Service]
+ExecStart=$NODE_PATH {{ rocketchat_base }}/bundle/main.js
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=rocketchat
+User=rocketchat
+Environment="RELEASE={{ rocketchat_version }}"
+Environment="ROOT_URL=https://{{ rocketchat_domain }}"
+Environment="PORT={{ rocketchat_port }}"
+Environment="MONGO_URL={{ rocketchat_mongo_url }}"
+# remove if first login was successful
+Environment="ADMIN_USERNAME={{ rocketchat_admin_username }}"
+Environment="ADMIN_NAME={{ rocketchat_admin_name }}"
+Environment="ADMIN_PASS={{ rocketchat_admin_pass }}"
+Environment="ADMIN_EMAIL={{ rocketchat_admin_email }}"
+Environment="APPS_ENGINE_RUNTIME_TIMEOUT={{ rocketchat_timeout_ms }}"
+[Install]
+WantedBy=multi-user.target
postfix_receipient_email: "mail@example.com"
webmaster_email: "web@example.com"
seafile_user_id: 261
+pydio_user_id: 262
+rocketchat_user_id: 263
+sys_fetch_directories:
+ - { "source": "/etc/nginx/sites-available", "target": "backup/nginx/sites" }
+sys_fetch_files:
+ - { "source": "/etc/passwd", "target": "backup/etc/passwd"}
+ - { "source": "/etc/shadow", "target": "backup/etc/shadow"}
+ - { "source": "/etc/group", "target": "backup/etc/group"}
+
projects / ansknife.git / commitdiff