Commit initial

README.md

@@ -0,0 +1,58 @@
+# Role : docker_loomio
+
+
+## Services fournis
+
+Installation de loomio sur un serveur docker_host
+
+
+## Variables
+
+Fournir les variables suivantes. Par exemple :
+
+```yaml
+docker_loomio_fqdn: loomio.example.com
+docker_loomio_name: My Loomio Site
+docker_loomio_version: v2.15.3
+docker_loomio_data_dir: /data1
+docker_loomio_service_id: loomio
+docker_loomio_reply_to: nepasrepondre-loomio@example.com
+docker_loomio_smtp_server: smtp.example.com
+docker_loomio_db_name: loomio
+docker_loomio_db_user: loomiodbuser
+docker_loomio_db_password: mdp_de_loomiodbuser
+docker_loomio_secret_key_base: ici_le_secret_key_base
+docker_loomio_devise_secret: ici_le_devise_secret
+docker_loomio_secret_cookie_token: ici_le_secret_cookie_token
+```
+
+| Option                                      | Valeur par défaut | Description                                                                               |
+|---------------------------------------------|-------------------|-------------------------------------------------------------------------------------------|
+| docker_loomio_fqdn                          |                   | Le nom de domaine pour lequel le service loomio répond                                    |
+| docker_loomio_name                          |                   | Le nom affiché par le service loomio                                                      |
+| docker_loomio_version                       |                   | La version de l'image docker loomio                                                       |
+| docker_loomio_data_dir                      |                   | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service       |
+| docker_loomio_service_id                    |                   | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
+| docker_loomio_reply_to                      |                   | L'adresse d'expéditeur des courriels envoyés par le service                               |
+| docker_loomio_smtp_server                   |                   | L'adresse du serveur smtp par lequel le service envoie les courriels                      |
+| docker_loomio_db_name                       |                   | Nom de la base de données postgres pour loomio                                            |
+| docker_loomio_db_user                       |                   | Nom du user postgres propriétaire de la base de données                                   |
+| docker_loomio_db_password                   |                   | Mot du passe du user postgres                                                             |
+| docker_loomio_secret_key_base               |                   | s'obtient avec docker-compose run app rake secret                                         |
+| docker_loomio_devise_secret                 |                   | s'obtient avec openssl rand -base64 48                                                    |
+| docker_loomio_secret_cookie_token           |                   | s'obtient avec openssl rand -base64 48                                                    |
+| docker_loomio_features_disable_create_user  | false             | Si true, désactive la possibilité de créer un utilisateur sans invitation                 |
+| docker_loomio_features_disable_create_group | false             | Si true, désactive la possibilité pour les utilisateurs de créer des groupes              |
+
+
+## Première installation dans loomio
+
+A la première exécution du playbook, la base de données est initialisée et des valeurs sont proposées pour docker_loomio_secret_key_base, docker_loomio_devise_secret et docker_loomio_secret_cookie_token qu'il suffit de reporter dans les variables ansible.
+
+Après avoir enregistré un premier utilisateur, promouvoir celui-ci en administrateur de l'instance loomio par :
+```
+docker-compose run app rails c
+User.last.update(is_admin: true)
+```
+
+La console d'administration répond à https://docker_loomio_fqdn/admin

defaults/main.yml

@@ -0,0 +1,2 @@
+docker_loomio_features_disable_create_user: false
+docker_loomio_features_disable_create_group: false

handlers/main.yml

@@ -0,0 +1,5 @@
+- name: docker-compose-up
+  shell: |
+    docker-compose up -d
+  args:
+    chdir: /opt/{{ docker_loomio_service_id }}/

meta/main.yml

@@ -0,0 +1,8 @@
+galaxy_info:
+  author: Olivier Navas
+  description: Modèle d'installation Libretic pour loomio
+  license: GPL-3.0-only
+  min_ansible_version: 2.9
+  galaxy_tags: []
+
+dependencies: []

tasks/main.yml

@@ -0,0 +1,46 @@
+- name: docker directory
+  file:
+    path: /opt/{{ docker_loomio_service_id }}/
+    state: directory
+    
+- name: docker data directory
+  file:
+    path: "{{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/"
+    state: directory
+  register: _datadir
+    
+- name: prepare docker-compose.yml
+  template:
+    src: "{{ item }}"
+    dest: /opt/{{ docker_loomio_service_id }}/
+  with_items:
+    - docker-compose.yml
+    - env
+  notify: docker-compose-up
+
+- name: prepare loomio cron tasks
+  template:
+    src: loomio_tasks
+    dest: /etc/cron.hourly/
+    mode: 0755
+
+- name: initialize db
+  shell: |
+    docker-compose up -d db
+    docker-compose run app rake db:setup
+    echo "You can use secret below into docker_loomio_secret_key_base"
+    docker-compose run app rake secret
+    echo "You can use secret below into docker_loomio_devise_secret"
+    openssl rand -base64 48
+    echo "You can use secret below into docker_loomio_secret_cookie_token"
+    openssl rand -base64 48
+    docker-compose down
+  args:
+    chdir: /opt/{{ docker_loomio_service_id }}/
+  when: _datadir.changed
+  register: _shell_result
+
+- debug:
+    var: _shell_result.stdout_lines
+  when: _shell_result is defined
+

templates/docker-compose.yml

@@ -0,0 +1,93 @@
+# {{ ansible_managed }}
+
+version: '3.1'
+
+services:
+  app:
+    image: loomio/loomio:{{ docker_loomio_version }}
+    restart: unless-stopped
+    expose:
+      - 3000
+    env_file: ./env
+    volumes:
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/import:/import
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
+    depends_on:
+      - db
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.{{ docker_loomio_service_id }}.entrypoints=web"
+      - "traefik.http.routers.{{ docker_loomio_service_id }}.rule=Host(`{{ docker_loomio_fqdn }}`)"
+      - "traefik.http.services.{{ docker_loomio_service_id }}.loadbalancer.server.port=3000"
+    networks:
+      - traefik
+      - loomio
+
+  worker:
+    image: loomio/loomio:{{ docker_loomio_version }}
+    restart: always
+    networks:
+      - loomio
+      - traefik
+    env_file: ./env
+    environment:
+      - TASK=worker
+    volumes:
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
+    depends_on:
+      - db
+      - redis
+
+  channels:
+    image: loomio/loomio_channel_server
+    restart: unless-stopped
+    env_file: ./env
+    depends_on:
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.{{ docker_loomio_service_id }}-channels.entrypoints=web"
+      - "traefik.http.routers.{{ docker_loomio_service_id }}-channels.rule=Host(`{{ docker_loomio_fqdn }}`) && PathPrefix(`/socket.io/`)"
+      - "traefik.http.services.{{ docker_loomio_service_id }}-channels.loadbalancer.server.port=5000"
+    networks:
+      - loomio
+      - traefik
+
+  db:
+    image: postgres:14
+    restart: unless-stopped
+    networks:
+      - loomio
+    healthcheck:
+      test: "pg_isready -U {{ docker_loomio_db_user }} && psql -U {{ docker_loomio_db_user }} --list"       
+    volumes:
+      - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/db_data:/var/lib/postgresql/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      POSTGRES_PASSWORD: "{{ docker_loomio_db_password }}"
+      POSTGRES_DB: "{{ docker_loomio_db_name }}"
+      POSTGRES_USER: "{{ docker_loomio_db_user }}"
+
+  redis:
+    image: redis:5.0
+    restart: unless-stopped
+    networks:
+      - loomio
+
+networks:
+  traefik:
+    external: true
+  loomio:
+    internal: true

templates/env

@@ -0,0 +1,151 @@
+# this is the hostname of your app eg: loomio.org
+CANONICAL_HOST={{ docker_loomio_fqdn }}
+
+# the human name of the app (Default Loomio)
+SITE_NAME={{ docker_loomio_name }}
+
+# reply-to in email notifications
+REPLY_HOSTNAME={{ docker_loomio_reply_to }}
+
+# channels
+CHANNELS_URI=wss://{{ docker_loomio_fqdn }}
+
+# uncomment this if you want a default subdomain of www (eg: www.loomio.org)
+# DEFAULT_SUBDOMAIN=www
+
+# smtp settings
+SUPPORT_EMAIL={{ docker_loomio_reply_to }}
+
+#SMTP_AUTH=
+SMTP_DOMAIN={{ docker_loomio_fqdn }}
+SMTP_SERVER={{ docker_loomio_smtp_server }}
+#SMTP_PORT=587
+#SMTP_USERNAME=smtpusername
+#SMTP_PASSWORD=smtppassword
+#SMTP_USE_SSL=1
+# to disable SSL comment out line rather than changing to 0
+
+# helper bot is the account which welcomes people to their groups.
+HELPER_BOT_EMAIL={{ docker_loomio_reply_to }}
+RAILS_ENV=production
+
+# Number of webserver processes and threads
+# threads are per worker. See https://github.com/puma/puma
+PUMA_WORKERS=2
+MIN_THREADS=12
+MAX_THREADS=12
+
+# Force all connections to be https
+FORCE_SSL=1
+
+# Enable rate limiting on group creation, other POST actions
+USE_RACK_ATTACK=1
+RACK_ATTACK_RATE_MULTPLIER=5
+RACK_ATTACK_TIME_MULTPLIER=1
+
+# Postgres
+#POSTGRES_PASSWORD={{ docker_loomio_db_password }}
+#POSTGRES_DB={{ docker_loomio_db_name }}
+#POSTGRES_USER={{ docker_loomio_db_user }}
+DATABASE_URL=postgresql://{{ docker_loomio_db_user }}:{{ docker_loomio_db_password }}@db/{{ docker_loomio_db_name }}
+
+
+# Redis URL
+REDIS_URL=redis://redis:6379/0
+
+# attachment storage service
+# local will keep attachments on the server's disk under ./storage
+# for cloud storage (recommended) try amazon, digitalocean or s3_compatible
+
+ACTIVE_STORAGE_SERVICE=local 
+
+# stoage.yml for reference
+# amazon:
+#   service: S3
+#   access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
+#   secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
+#   bucket: <%= ENV['AWS_BUCKET'] %>
+#   region: <%= ENV['AWS_REGION'] %>
+#
+# digitalocean:
+#   service: S3
+#   endpoint: <%= ENV['DO_ENDPOINT'] %>
+#   access_key_id: <%= ENV['DO_ACCESS_KEY_ID'] %>
+#   secret_access_key: <%= ENV['DO_SECRET_ACCESS_KEY'] %>
+#   bucket: <%= ENV['DO_BUCKET'] %>
+#   region: ignored
+# 
+# s3_compatible:
+#   service: S3
+#   endpoint: <%= ENV.fetch('STORAGE_ENDPOINT', '') %>
+#   access_key_id: <%= ENV.fetch('STORAGE_ACCESS_KEY_ID', '') %>
+#   secret_access_key: <%= ENV.fetch('STORAGE_SECRET_ACCESS_KEY', '') %>
+#   region: <%= ENV.fetch('STORAGE_REGION', '') %>
+#   bucket: <%= ENV.fetch('STORAGE_BUCKET_NAME', '') %>
+#   force_path_style: <%= ENV.fetch('STORAGE_FORCE_PATH_STYLE', false) %>
+
+# Send catch up email (missed yesterday) weekly
+# EMAIL_CATCH_UP_WEEKLY=1
+
+# subscribe on participation default for new users
+# uncomment this to change "subscribe on participation" to be false for new users
+# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
+
+# Uncomment these to disable features
+# FEATURES_DISABLE_CREATE_USER=1     # users must be invited
+{% if docker_loomio_features_disable_create_user is true %}
+FEATURES_DISABLE_CREATE_USER=1
+{% endif %}
+# FEATURES_DISABLE_CREATE_GROUP=1    # users cannot create groups
+{% if docker_loomio_features_disable_create_group is true %}
+FEATURES_DISABLE_CREATE_GROUP=1
+{% endif %}
+# FEATURES_DISABLE_PUBLIC_GROUPS=1   # disable /explore
+# FEATURES_DISABLE_HELP_LINK=1       # disable the help link
+# MAX_PENDING_INVITATIONS=100        # maximum unaccepted invitations a group have have
+# FEATURES_VOTE_REACTIONS=1          # allow reactions to votes
+
+# Enable search engines to index public content
+# ALLOW_ROBOTS=1
+
+# SAML SSO
+# SAML_APP_KEY=1 # just a flag, keep value as 1
+# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
+
+# Sentry DSN
+# SENTRY_PUBLIC_DSN=https://1234567890@sentry.io/123
+
+# monitoring with Posthog
+# POSTHOG_HOST=https://posthog.example.com
+# POSTHOG_KEY=phc_1234567890
+
+# Disable login via email (usually when you have enabled SSO of some kind)
+# FEATURES_DISABLE_EMAIL_LOGIN=1
+
+# oauth providers, to let your users login using external accounts
+# FACEBOOK_APP_KEY=REPLACE
+# FACEBOOK_APP_SECRET=REPLACE
+# TWITTER_APP_KEY=REPLACE
+# TWITTER_APP_SECRET=REPLACE
+# GOOGLE_APP_KEY=REPLACE
+# GOOGLE_APP_SECRET=REPLACE
+
+# Theme images
+# images should be a multiple of 32px tall.
+# THEME_ICON_SRC=/files/icon.png
+# THEME_APP_LOGO_SRC=/files/logo.svg
+# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
+# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
+
+# used in emails. use rgb or hsl values, not hex
+# THEME_PRIMARY_COLOR=rgb(255,167,38)
+# THEME_ACCENT_COLOR=rgb(0,188,212)
+# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
+# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
+
+# tell clients to reload when the server is upgraded
+LOOMIO_SYSTEM_RELOAD=1
+
+SECRET_KEY_BASE={{ docker_loomio_secret_key_base }}
+DEVISE_SECRET={{ docker_loomio_devise_secret }}
+SECRET_COOKIE_TOKEN={{ docker_loomio_secret_cookie_token }}

templates/loomio_tasks

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /opt/{{ docker_loomio_service_id }}/
+docker-compose exec loomio-worker bundle exec rake loomio:hourly_tasks > daily_tasks.log 2>&1