commit a08ce003e30d4e9b38615900b9b31aced313aba3 Author: Olivier Navas Date: Sun Jan 1 18:47:35 2023 +0100 Commit initial diff --git a/README.md b/README.md new file mode 100644 index 0000000..ba33b62 --- /dev/null +++ b/README.md @@ -0,0 +1,58 @@ +# Role : docker_loomio + + +## Services fournis + +Installation de loomio sur un serveur docker_host + + +## Variables + +Fournir les variables suivantes. Par exemple : + +```yaml +docker_loomio_fqdn: loomio.example.com +docker_loomio_name: My Loomio Site +docker_loomio_version: v2.15.3 +docker_loomio_data_dir: /data1 +docker_loomio_service_id: loomio +docker_loomio_reply_to: nepasrepondre-loomio@example.com +docker_loomio_smtp_server: smtp.example.com +docker_loomio_db_name: loomio +docker_loomio_db_user: loomiodbuser +docker_loomio_db_password: mdp_de_loomiodbuser +docker_loomio_secret_key_base: ici_le_secret_key_base +docker_loomio_devise_secret: ici_le_devise_secret +docker_loomio_secret_cookie_token: ici_le_secret_cookie_token +``` + +| Option | Valeur par défaut | Description | +|---------------------------------------------|-------------------|-------------------------------------------------------------------------------------------| +| docker_loomio_fqdn | | Le nom de domaine pour lequel le service loomio répond | +| docker_loomio_name | | Le nom affiché par le service loomio | +| docker_loomio_version | | La version de l'image docker loomio | +| docker_loomio_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service | +| docker_loomio_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik | +| docker_loomio_reply_to | | L'adresse d'expéditeur des courriels envoyés par le service | +| docker_loomio_smtp_server | | L'adresse du serveur smtp par lequel le service envoie les courriels | +| docker_loomio_db_name | | Nom de la base de données postgres pour loomio | +| docker_loomio_db_user | | Nom du user postgres propriétaire de la base de données | +| docker_loomio_db_password | | Mot du passe du user postgres | +| docker_loomio_secret_key_base | | s'obtient avec docker-compose run app rake secret | +| docker_loomio_devise_secret | | s'obtient avec openssl rand -base64 48 | +| docker_loomio_secret_cookie_token | | s'obtient avec openssl rand -base64 48 | +| docker_loomio_features_disable_create_user | false | Si true, désactive la possibilité de créer un utilisateur sans invitation | +| docker_loomio_features_disable_create_group | false | Si true, désactive la possibilité pour les utilisateurs de créer des groupes | + + +## Première installation dans loomio + +A la première exécution du playbook, la base de données est initialisée et des valeurs sont proposées pour docker_loomio_secret_key_base, docker_loomio_devise_secret et docker_loomio_secret_cookie_token qu'il suffit de reporter dans les variables ansible. + +Après avoir enregistré un premier utilisateur, promouvoir celui-ci en administrateur de l'instance loomio par : +``` +docker-compose run app rails c +User.last.update(is_admin: true) +``` + +La console d'administration répond à https://docker_loomio_fqdn/admin diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..9400163 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +docker_loomio_features_disable_create_user: false +docker_loomio_features_disable_create_group: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..76589bd --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,5 @@ +- name: docker-compose-up + shell: | + docker-compose up -d + args: + chdir: /opt/{{ docker_loomio_service_id }}/ diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..b921c69 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,8 @@ +galaxy_info: + author: Olivier Navas + description: Modèle d'installation Libretic pour loomio + license: GPL-3.0-only + min_ansible_version: 2.9 + galaxy_tags: [] + +dependencies: [] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..4620870 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,46 @@ +- name: docker directory + file: + path: /opt/{{ docker_loomio_service_id }}/ + state: directory + +- name: docker data directory + file: + path: "{{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/" + state: directory + register: _datadir + +- name: prepare docker-compose.yml + template: + src: "{{ item }}" + dest: /opt/{{ docker_loomio_service_id }}/ + with_items: + - docker-compose.yml + - env + notify: docker-compose-up + +- name: prepare loomio cron tasks + template: + src: loomio_tasks + dest: /etc/cron.hourly/ + mode: 0755 + +- name: initialize db + shell: | + docker-compose up -d db + docker-compose run app rake db:setup + echo "You can use secret below into docker_loomio_secret_key_base" + docker-compose run app rake secret + echo "You can use secret below into docker_loomio_devise_secret" + openssl rand -base64 48 + echo "You can use secret below into docker_loomio_secret_cookie_token" + openssl rand -base64 48 + docker-compose down + args: + chdir: /opt/{{ docker_loomio_service_id }}/ + when: _datadir.changed + register: _shell_result + +- debug: + var: _shell_result.stdout_lines + when: _shell_result is defined + diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml new file mode 100644 index 0000000..9d2e3d4 --- /dev/null +++ b/templates/docker-compose.yml @@ -0,0 +1,93 @@ +# {{ ansible_managed }} + +version: '3.1' + +services: + app: + image: loomio/loomio:{{ docker_loomio_version }} + restart: unless-stopped + expose: + - 3000 + env_file: ./env + volumes: + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/import:/import + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp + depends_on: + - db + - redis + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.{{ docker_loomio_service_id }}.entrypoints=web" + - "traefik.http.routers.{{ docker_loomio_service_id }}.rule=Host(`{{ docker_loomio_fqdn }}`)" + - "traefik.http.services.{{ docker_loomio_service_id }}.loadbalancer.server.port=3000" + networks: + - traefik + - loomio + + worker: + image: loomio/loomio:{{ docker_loomio_version }} + restart: always + networks: + - loomio + - traefik + env_file: ./env + environment: + - TASK=worker + volumes: + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp + depends_on: + - db + - redis + + channels: + image: loomio/loomio_channel_server + restart: unless-stopped + env_file: ./env + depends_on: + - redis + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.{{ docker_loomio_service_id }}-channels.entrypoints=web" + - "traefik.http.routers.{{ docker_loomio_service_id }}-channels.rule=Host(`{{ docker_loomio_fqdn }}`) && PathPrefix(`/socket.io/`)" + - "traefik.http.services.{{ docker_loomio_service_id }}-channels.loadbalancer.server.port=5000" + networks: + - loomio + - traefik + + db: + image: postgres:14 + restart: unless-stopped + networks: + - loomio + healthcheck: + test: "pg_isready -U {{ docker_loomio_db_user }} && psql -U {{ docker_loomio_db_user }} --list" + volumes: + - {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/db_data:/var/lib/postgresql/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + POSTGRES_PASSWORD: "{{ docker_loomio_db_password }}" + POSTGRES_DB: "{{ docker_loomio_db_name }}" + POSTGRES_USER: "{{ docker_loomio_db_user }}" + + redis: + image: redis:5.0 + restart: unless-stopped + networks: + - loomio + +networks: + traefik: + external: true + loomio: + internal: true diff --git a/templates/env b/templates/env new file mode 100644 index 0000000..7cdd27c --- /dev/null +++ b/templates/env @@ -0,0 +1,151 @@ +# this is the hostname of your app eg: loomio.org +CANONICAL_HOST={{ docker_loomio_fqdn }} + +# the human name of the app (Default Loomio) +SITE_NAME={{ docker_loomio_name }} + +# reply-to in email notifications +REPLY_HOSTNAME={{ docker_loomio_reply_to }} + +# channels +CHANNELS_URI=wss://{{ docker_loomio_fqdn }} + +# uncomment this if you want a default subdomain of www (eg: www.loomio.org) +# DEFAULT_SUBDOMAIN=www + +# smtp settings +SUPPORT_EMAIL={{ docker_loomio_reply_to }} + +#SMTP_AUTH= +SMTP_DOMAIN={{ docker_loomio_fqdn }} +SMTP_SERVER={{ docker_loomio_smtp_server }} +#SMTP_PORT=587 +#SMTP_USERNAME=smtpusername +#SMTP_PASSWORD=smtppassword +#SMTP_USE_SSL=1 +# to disable SSL comment out line rather than changing to 0 + +# helper bot is the account which welcomes people to their groups. +HELPER_BOT_EMAIL={{ docker_loomio_reply_to }} +RAILS_ENV=production + +# Number of webserver processes and threads +# threads are per worker. See https://github.com/puma/puma +PUMA_WORKERS=2 +MIN_THREADS=12 +MAX_THREADS=12 + +# Force all connections to be https +FORCE_SSL=1 + +# Enable rate limiting on group creation, other POST actions +USE_RACK_ATTACK=1 +RACK_ATTACK_RATE_MULTPLIER=5 +RACK_ATTACK_TIME_MULTPLIER=1 + +# Postgres +#POSTGRES_PASSWORD={{ docker_loomio_db_password }} +#POSTGRES_DB={{ docker_loomio_db_name }} +#POSTGRES_USER={{ docker_loomio_db_user }} +DATABASE_URL=postgresql://{{ docker_loomio_db_user }}:{{ docker_loomio_db_password }}@db/{{ docker_loomio_db_name }} + + +# Redis URL +REDIS_URL=redis://redis:6379/0 + +# attachment storage service +# local will keep attachments on the server's disk under ./storage +# for cloud storage (recommended) try amazon, digitalocean or s3_compatible + +ACTIVE_STORAGE_SERVICE=local + +# stoage.yml for reference +# amazon: +# service: S3 +# access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> +# secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> +# bucket: <%= ENV['AWS_BUCKET'] %> +# region: <%= ENV['AWS_REGION'] %> +# +# digitalocean: +# service: S3 +# endpoint: <%= ENV['DO_ENDPOINT'] %> +# access_key_id: <%= ENV['DO_ACCESS_KEY_ID'] %> +# secret_access_key: <%= ENV['DO_SECRET_ACCESS_KEY'] %> +# bucket: <%= ENV['DO_BUCKET'] %> +# region: ignored +# +# s3_compatible: +# service: S3 +# endpoint: <%= ENV.fetch('STORAGE_ENDPOINT', '') %> +# access_key_id: <%= ENV.fetch('STORAGE_ACCESS_KEY_ID', '') %> +# secret_access_key: <%= ENV.fetch('STORAGE_SECRET_ACCESS_KEY', '') %> +# region: <%= ENV.fetch('STORAGE_REGION', '') %> +# bucket: <%= ENV.fetch('STORAGE_BUCKET_NAME', '') %> +# force_path_style: <%= ENV.fetch('STORAGE_FORCE_PATH_STYLE', false) %> + +# Send catch up email (missed yesterday) weekly +# EMAIL_CATCH_UP_WEEKLY=1 + +# subscribe on participation default for new users +# uncomment this to change "subscribe on participation" to be false for new users +# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1 + +# Uncomment these to disable features +# FEATURES_DISABLE_CREATE_USER=1 # users must be invited +{% if docker_loomio_features_disable_create_user is true %} +FEATURES_DISABLE_CREATE_USER=1 +{% endif %} +# FEATURES_DISABLE_CREATE_GROUP=1 # users cannot create groups +{% if docker_loomio_features_disable_create_group is true %} +FEATURES_DISABLE_CREATE_GROUP=1 +{% endif %} +# FEATURES_DISABLE_PUBLIC_GROUPS=1 # disable /explore +# FEATURES_DISABLE_HELP_LINK=1 # disable the help link +# MAX_PENDING_INVITATIONS=100 # maximum unaccepted invitations a group have have +# FEATURES_VOTE_REACTIONS=1 # allow reactions to votes + +# Enable search engines to index public content +# ALLOW_ROBOTS=1 + +# SAML SSO +# SAML_APP_KEY=1 # just a flag, keep value as 1 +# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356 + +# Sentry DSN +# SENTRY_PUBLIC_DSN=https://1234567890@sentry.io/123 + +# monitoring with Posthog +# POSTHOG_HOST=https://posthog.example.com +# POSTHOG_KEY=phc_1234567890 + +# Disable login via email (usually when you have enabled SSO of some kind) +# FEATURES_DISABLE_EMAIL_LOGIN=1 + +# oauth providers, to let your users login using external accounts +# FACEBOOK_APP_KEY=REPLACE +# FACEBOOK_APP_SECRET=REPLACE +# TWITTER_APP_KEY=REPLACE +# TWITTER_APP_SECRET=REPLACE +# GOOGLE_APP_KEY=REPLACE +# GOOGLE_APP_SECRET=REPLACE + +# Theme images +# images should be a multiple of 32px tall. +# THEME_ICON_SRC=/files/icon.png +# THEME_APP_LOGO_SRC=/files/logo.svg +# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png +# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png + +# used in emails. use rgb or hsl values, not hex +# THEME_PRIMARY_COLOR=rgb(255,167,38) +# THEME_ACCENT_COLOR=rgb(0,188,212) +# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255) +# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255) + +# tell clients to reload when the server is upgraded +LOOMIO_SYSTEM_RELOAD=1 + +SECRET_KEY_BASE={{ docker_loomio_secret_key_base }} +DEVISE_SECRET={{ docker_loomio_devise_secret }} +SECRET_COOKIE_TOKEN={{ docker_loomio_secret_cookie_token }} diff --git a/templates/loomio_tasks b/templates/loomio_tasks new file mode 100644 index 0000000..4b58b0c --- /dev/null +++ b/templates/loomio_tasks @@ -0,0 +1,3 @@ +#!/bin/bash +cd /opt/{{ docker_loomio_service_id }}/ +docker-compose exec loomio-worker bundle exec rake loomio:hourly_tasks > daily_tasks.log 2>&1