From: Hamatoma Date: Tue, 19 Aug 2025 14:31:37 +0000 (+0200) Subject: V0.1.4 rocketchat X-Git-Url: https://gitweb.hamatoma.de/?a=commitdiff_plain;h=463d56149a06191757d29b711a117855aed0bcef;p=ansknife.git V0.1.4 rocketchat - new:deno_install.yaml - new: nodejs_install.yaml - new: nodejs_repository.yaml - new: mongodb_repository.yaml - new: mongodb_install.yaml - new: rocketchat_install.yaml - new: templates.apps --- diff --git a/.gitignore b/.gitignore index 5b4f614..4bae853 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .vscode/ .stdusr +.ansible/ diff --git a/CHANGELOG.md b/CHANGELOG.md index ff15207..835ff22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# V0.1.4 rocketchat + +- new:deno_install.yaml +- new: nodejs_install.yaml +- new: nodejs_repository.yaml +- new: mongodb_repository.yaml +- new: mongodb_install.yaml +- new: rocketchat_install.yaml +- new: templates.apps + + +# V0.1.3 php, ssl, sys_fetch + # V0.1.2 Korrekturen, SFTP - 90_wartung: Korrektur Playbookname diff --git a/docu/de/72_rocketchat.md b/docu/de/72_rocketchat.md new file mode 100644 index 0000000..5bde2c3 --- /dev/null +++ b/docu/de/72_rocketchat.md @@ -0,0 +1,16 @@ +# Installation von RocketChat + +# Abhängigkeiten +``` +ansible-playbook playbooks/mongodb_repository.yaml +ansible-playbook playbooks/mongodb_install.yaml +ansible-playbook playbooks/nodejs_repository.yaml +ansible-playbook playbooks/nodejs_install.yaml +ansible-playbook playbooks/deno_install.yaml +# vars/rocketchat.yaml edieren +ansible-playbook playbooks/rocketchat_install.yaml +ansible-playbook ssl_create_certificate.yaml -e domain= +ansible-playbook lets_create_certificate.yaml -e domain= + +``` + diff --git a/playbooks.templates/deno_install.yaml b/playbooks.templates/deno_install.yaml new file mode 100644 index 0000000..dfb2b98 --- /dev/null +++ b/playbooks.templates/deno_install.yaml @@ -0,0 +1,48 @@ +- name: Installs the JavaScript runtime Deno + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + # deno_version: default: latest version will be installed + # deno_base: default: /opt/deno + + hosts: all + vars: + deno_base: "/opt/deno" + # deno_version: if empty, the latest version will be installed + # if set, it will install the specified version + # Example: v2.4.4 + # curl -s https://dl.deno.land/release-latest.txt + deno_version: "" + vars_files: + - ../vars/common.yaml + tasks: + - name: Ensure /opt/downloads directory exists + ansible.builtin.file: + path: /opt/downloads + state: directory + mode: '0755' + - name: Test if directory exists + ansible.builtin.stat: + path: "{{ deno_base }}" + register: deno_dir + - name: Download Deno + # get_url does not work: redirections + ansible.builtin.command: + cmd: "curl -fsSL https://deno.land/install.sh -o /opt/downloads/deno_install.sh" + creates: /opt/downloads/deno_install.sh + - name: ensure deno_install.sh is executable + ansible.builtin.file: + path: /opt/downloads/deno_install.sh + mode: '0755' + - name: Install Deno + ansible.builtin.shell: + cmd: /opt/downloads/deno_install.sh + creates: "{{ deno_base }}/bin/deno" + environment: + DENO_INSTALL: "{{ deno_base }}" + deno_version: "{{ deno_version }}" + when: deno_dir.stat.exists == false + - name: Create symlink for Deno + ansible.builtin.file: + src: "{{ deno_base }}/bin/deno" + dest: /usr/local/bin/deno + state: link + force: true diff --git a/playbooks.templates/mongodb_install.yaml b/playbooks.templates/mongodb_install.yaml new file mode 100644 index 0000000..dda53ff --- /dev/null +++ b/playbooks.templates/mongodb_install.yaml @@ -0,0 +1,19 @@ +- name: Installs a MongoDB database server + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + # see vars/rocketchat.yaml + + hosts: all + vars_files: + - ../vars/common.yaml + tasks: + - name: Install MongoDB package + ansible.builtin.apt: + name: "mongodb-org" + state: present + update_cache: yes + + - name: Ensure MongoDB is started and enabled + service: + name: mongod + state: started + enabled: yes \ No newline at end of file diff --git a/playbooks.templates/mongodb_repository.yaml b/playbooks.templates/mongodb_repository.yaml new file mode 100644 index 0000000..2d50c31 --- /dev/null +++ b/playbooks.templates/mongodb_repository.yaml @@ -0,0 +1,43 @@ +--- +- name: Installs a MongoDB repository for apt + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + # mongodb_version: the wanted version. Default: "8.0" + + hosts: all + vars: + mongodb_version: "8.0" + vars_files: + - ../vars/common.yaml + tasks: + - name: Ensure keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Download MongoDB GPG ASCII key + ansible.builtin.get_url: + url: "https://pgp.mongodb.com/server-{{ mongodb_version }}.asc" + dest: /etc/apt/keyrings/mongodb.asc + mode: '0644' + + - name: Convert MongoDB key to GPG binary format + ansible.builtin.command: + cmd: gpg --dearmor -o /etc/apt/keyrings/mongodb.gpg /etc/apt/keyrings/mongodb.asc + creates: /etc/apt/keyrings/mongodb.gpg + + - name: Ensure MongoDB GPG key has correct permissions + ansible.builtin.file: + path: /etc/apt/keyrings/mongodb.gpg + mode: '0644' + + - name: Add MongoDB repository + ansible.builtin.apt_repository: + # Note: there is no trixie version yet, so we use bookworm + repo: "deb [signed-by=/etc/apt/keyrings/mongodb.gpg] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/{{ mongodb_version }} main" + state: present + filename: mongodb-org + + - name: Update apt cache + ansible.builtin.apt: + update_cache: yes diff --git a/playbooks.templates/nodejs_install.yaml b/playbooks.templates/nodejs_install.yaml new file mode 100644 index 0000000..deb0ddc --- /dev/null +++ b/playbooks.templates/nodejs_install.yaml @@ -0,0 +1,12 @@ +- name: Installs the nodes packages (JavaScript, Node.js, npm, etc.) + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + + hosts: all + vars_files: + - ../vars/common.yaml + tasks: + - name: Install Node.js + ansible.builtin.apt: + name: "{{ item }}" + state: present + with_items: [nodejs, npm] diff --git a/playbooks.templates/nodejs_repository.yaml b/playbooks.templates/nodejs_repository.yaml new file mode 100644 index 0000000..8638100 --- /dev/null +++ b/playbooks.templates/nodejs_repository.yaml @@ -0,0 +1,61 @@ +--- +- name: Installs a node.js repository for apt + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + # nodejs_version: the wanted version. Default: "22.0" + + hosts: all + vars: + nodejs_version: "22" + vars_files: + - ../vars/common.yaml + tasks: + - name: Ensure keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + + - name: Download Node.js GPG ASCII key + ansible.builtin.get_url: + url: "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" + dest: /etc/apt/keyrings/nodejs.asc + mode: '0644' + + - name: Convert Node.js key to GPG binary format + ansible.builtin.command: + cmd: "gpg --dearmor -o /etc/apt/keyrings/nodejs.gpg /etc/apt/keyrings/nodejs.asc" + creates: /etc/apt/keyrings/nodejs.gpg + + - name: Ensure Node.js GPG key has correct permissions + ansible.builtin.file: + path: /etc/apt/keyrings/nodejs.gpg + mode: '0644' + + - name: Add Node.js repository + ansible.builtin.apt_repository: + # Note: there is no trixie version yet, so we use bookworm + repo: "deb [signed-by=/etc/apt/keyrings/nodejs.gpg] https://deb.nodesource.com/node_{{ nodejs_version }}.x nodistro main" + state: present + filename: nodejs + + - name: Preferences for nsolid package + ansible.builtin.copy: + content: | + Package: nsolid + Pin: origin deb.nodesource.com + Pin-Priority: 600 + dest: /etc/apt/preferences.d/nsolid + mode: '0644' + + - name: Preferences for nodejs package + ansible.builtin.copy: + content: | + Package: nodejs + Pin: origin deb.nodesource.com + Pin-Priority: 600 + dest: /etc/apt/preferences.d/nodejs + mode: '0644' + + - name: Update apt cache + ansible.builtin.apt: + update_cache: yes diff --git a/playbooks.templates/rocketchat_install.yaml b/playbooks.templates/rocketchat_install.yaml new file mode 100644 index 0000000..c757f8e --- /dev/null +++ b/playbooks.templates/rocketchat_install.yaml @@ -0,0 +1,99 @@ +- name: Installs a rocketchat server + # needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") + # see vars/rocketchat.yaml + + hosts: all + + vars_files: + - ../vars/common.yaml + - ../vars/rocketchat.yaml + tasks: + - name: Test if deno is installed + ansible.builtin.command: + cmd: deno --version + register: deno_version + ignore_errors: true + - name: Stop if Deno is not installed + ansible.builtin.fail: + msg: "Deno is not installed. Please install Deno first." + when: deno_version.rc != 0 + - name: Test if mongodb is installed + ansible.builtin.stat: + path: '/usr/bin/mongod' + register: file_check + - name: Stop if MongoDB is not installed + ansible.builtin.fail: + msg: "MongoDB is not installed. Please install MongoDB first." + when: file_check.stat.exists == false + - name: Create a use rocketchat + ansible.builtin.user: + name: rocketchat + shell: /bin/bash + home: "{{ rocketchat_base }}" + uid: "{{ rocketchat_user_id }}" + - name: Create a replication set if not exists + ansible.builtin.include_tasks: ../tasks/t_mongodb_replication_set.yaml + - name: Create directories for rocketchat + ansible.builtin.file: + path: "{{ rocketchat_base }}" + state: directory + mode: '0775' + owner: rocketchat + group: www-data + - name: Tests if the directory bundle/programs/server exists + ansible.builtin.stat: + path: "{{ rocketchat_base }}/bundle/programs/server" + register: rocketchat_bundle + - name: Download TAR + # Note: get_url does not work (redirections?) + ansible.builtin.command: "/usr/bin/curl -L https://releases.rocket.chat/{{ rocketchat_version }}/download -o /opt/downloads/rocketchat.tar.gz" + args: + creates: /opt/downloads/rocketchat.tar.gz + - name: Extract rocketchat + ansible.builtin.unarchive: + src: /opt/downloads/rocketchat.tar.gz + dest: "{{ rocketchat_base }}" + remote_src: yes + when: rocketchat_bundle.stat.exists == false + - name: Change ownership of rocketchat files + ansible.builtin.command: + cmd: "chown -R rocketchat:www-data {{ rocketchat_base }}" + - name: Populate the dependencies + # become_user does not work + ansible.builtin.command: + cmd: "sudo -u rocketchat npm install" + args: + chdir: "{{ rocketchat_base }}/bundle/programs/server" + - name: Create a NGINX configuration + ansible.builtin.template: + src: ../templates.apps/nginx/rocketchat.j2 + dest: /etc/nginx/sites-available/{{ rocketchat_domain }} + mode: '0644' + notify: Reload nginx + - name: Create a symbolic link for NGINX + ansible.builtin.file: + src: ../sites-available/{{ rocketchat_domain }} + dest: /etc/nginx/sites-enabled/{{ rocketchat_domain }} + state: link + force: true + - name: Create a systemd service for rocketchat + ansible.builtin.template: + src: ../templates.apps/systemd/rocketchat.service.j2 + dest: /etc/systemd/system/rocketchat.service + mode: '0644' + notify: Reload systemd + - name: Start rocketchat service + ansible.builtin.systemd: + name: rocketchat + state: started + enabled: true + - name: Wait for rocketchat to be available + ansible.builtin.wait_for: + + handlers: + - name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded + - name: Reload systemd + ansible.builtin.command: "systemctl daemon-reload" \ No newline at end of file diff --git a/tasks.templates/t_link_wildcard.yaml b/tasks.templates/t_link_wildcard.yaml index 818c9ed..7d0b433 100644 --- a/tasks.templates/t_link_wildcard.yaml +++ b/tasks.templates/t_link_wildcard.yaml @@ -1,5 +1,5 @@ --- -# Copys files specified by a wildcard pattern from the source directory to the destination directory. +# Copies files specified by a wildcard pattern from the source directory to the destination directory. # needed facts (variables): # - src_dir: source directory # - src_relative: source directory relative link target diff --git a/tasks.templates/t_mongodb_replication_set.yaml b/tasks.templates/t_mongodb_replication_set.yaml new file mode 100644 index 0000000..99bc28f --- /dev/null +++ b/tasks.templates/t_mongodb_replication_set.yaml @@ -0,0 +1,25 @@ +--- +# Tests whether the replication set rs01 exists or create it if not +- name: Test whether the line "replSetName rs01" exists + ansible.builtin.shell: 'grep -q "replSetName: rs01" /etc/mongod.conf' + register: grep_result + failed_when: false + +- name: Insert "replSetName.. rs01" behind "replication" in /etc/mongod.conf + ansible.builtin.lineinfile: + path: /etc/mongod.conf + insertafter: '^#replication' + line: "replication:\n replSetName: rs01" + when: grep_result.rc != 0 + +- name: Restart the mongod service + ansible.builtin.service: + name: mongod + state: restarted + when: grep_result.rc != 0 + +- name: Activate the replication + ansible.builtin.shell: "mongosh --eval 'printjson(rs.initiate())'" + when: grep_result.rc != 0 + + diff --git a/templates.apps/nginx/rocketchat.j2 b/templates.apps/nginx/rocketchat.j2 new file mode 100644 index 0000000..41a8ad0 --- /dev/null +++ b/templates.apps/nginx/rocketchat.j2 @@ -0,0 +1,30 @@ +server { + listen 80; + server_name {{ rocketchat_domain }}; + include snippets/letsencrypt.conf; + root /srv/www/{{ rocketchat_domain }}; + location / { + return 301 https://$server_name$request_uri; # enforce https + } +} + +server { + #listen 443 ssl http2; + listen 443 ssl; + server_name {{ rocketchat_domain }}; + access_log /var/log/nginx/a_rchat.log; + error_log /var/log/nginx/e_rchat.log; + + ssl_certificate /etc/letsencrypt/live/{{ rocketchat_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ rocketchat_domain }}/privkey.pem; + #ssl_certificate /etc/ssl/certs/{{ rocketchat_domain }}.pem; + #ssl_certificate_key /etc/ssl/private/{{ rocketchat_domain }}.key; + location / { + proxy_pass https://127.0.0.1:{{ rocketchat_port }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + diff --git a/templates.apps/rocketchat.service.j2 b/templates.apps/rocketchat.service.j2 new file mode 100644 index 0000000..e2eb1cf --- /dev/null +++ b/templates.apps/rocketchat.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=The Rocket.Chat server +After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service +[Service] +ExecStart=/usr/bin/nodejs {{ rocketchat_base }}/bundle/main.js +StandardOutput=journal +StandardError=journal +SyslogIdentifier=rocketchat +User=rocketchat +Environment="BIND_IP=127.0.0.1" +Environment="RELEASE={{ rocketchat_version }}" +Environment="ROOT_URL=https://{{ rocketchat_domain }}" +Environment="PORT={{ rocketchat_port }}" +Environment="MONGO_URL={{ rocketchat_mongo_url }}" +# remove if first login was successful +Environment="ADMIN_USERNAME={{ rocketchat_admin_username }}" +Environment="ADMIN_NAME={{ rocketchat_admin_name }}" +Environment="ADMIN_PASS={{ rocketchat_admin_pass }}" +Environment="ADMIN_EMAIL={{ rocketchat_admin_email }}" +Environment="APPS_ENGINE_RUNTIME_TIMEOUT={{ rocketchat_timeout_ms }}" +[Install] +WantedBy=multi-user.target diff --git a/templates.apps/systemd/rocketchat.service.j2 b/templates.apps/systemd/rocketchat.service.j2 new file mode 100644 index 0000000..0800645 --- /dev/null +++ b/templates.apps/systemd/rocketchat.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=The Rocket.Chat server +After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service +[Service] +ExecStart=$NODE_PATH {{ rocketchat_base }}/bundle/main.js +StandardOutput=journal +StandardError=journal +SyslogIdentifier=rocketchat +User=rocketchat +Environment="RELEASE={{ rocketchat_version }}" +Environment="ROOT_URL=https://{{ rocketchat_domain }}" +Environment="PORT={{ rocketchat_port }}" +Environment="MONGO_URL={{ rocketchat_mongo_url }}" +# remove if first login was successful +Environment="ADMIN_USERNAME={{ rocketchat_admin_username }}" +Environment="ADMIN_NAME={{ rocketchat_admin_name }}" +Environment="ADMIN_PASS={{ rocketchat_admin_pass }}" +Environment="ADMIN_EMAIL={{ rocketchat_admin_email }}" +Environment="APPS_ENGINE_RUNTIME_TIMEOUT={{ rocketchat_timeout_ms }}" +[Install] +WantedBy=multi-user.target diff --git a/templates.vars/common.yaml b/templates.vars/common.yaml index 1a50880..2472be4 100644 --- a/templates.vars/common.yaml +++ b/templates.vars/common.yaml @@ -13,3 +13,12 @@ postfix_mode: send_only postfix_receipient_email: "mail@example.com" webmaster_email: "web@example.com" seafile_user_id: 261 +pydio_user_id: 262 +rocketchat_user_id: 263 +sys_fetch_directories: + - { "source": "/etc/nginx/sites-available", "target": "backup/nginx/sites" } +sys_fetch_files: + - { "source": "/etc/passwd", "target": "backup/etc/passwd"} + - { "source": "/etc/shadow", "target": "backup/etc/shadow"} + - { "source": "/etc/group", "target": "backup/etc/group"} +