Commit initial
This commit is contained in:
commit
a08ce003e3
8 changed files with 366 additions and 0 deletions
58
README.md
Normal file
58
README.md
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# Role : docker_loomio
|
||||||
|
|
||||||
|
|
||||||
|
## Services fournis
|
||||||
|
|
||||||
|
Installation de loomio sur un serveur docker_host
|
||||||
|
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
Fournir les variables suivantes. Par exemple :
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
docker_loomio_fqdn: loomio.example.com
|
||||||
|
docker_loomio_name: My Loomio Site
|
||||||
|
docker_loomio_version: v2.15.3
|
||||||
|
docker_loomio_data_dir: /data1
|
||||||
|
docker_loomio_service_id: loomio
|
||||||
|
docker_loomio_reply_to: nepasrepondre-loomio@example.com
|
||||||
|
docker_loomio_smtp_server: smtp.example.com
|
||||||
|
docker_loomio_db_name: loomio
|
||||||
|
docker_loomio_db_user: loomiodbuser
|
||||||
|
docker_loomio_db_password: mdp_de_loomiodbuser
|
||||||
|
docker_loomio_secret_key_base: ici_le_secret_key_base
|
||||||
|
docker_loomio_devise_secret: ici_le_devise_secret
|
||||||
|
docker_loomio_secret_cookie_token: ici_le_secret_cookie_token
|
||||||
|
```
|
||||||
|
|
||||||
|
| Option | Valeur par défaut | Description |
|
||||||
|
|---------------------------------------------|-------------------|-------------------------------------------------------------------------------------------|
|
||||||
|
| docker_loomio_fqdn | | Le nom de domaine pour lequel le service loomio répond |
|
||||||
|
| docker_loomio_name | | Le nom affiché par le service loomio |
|
||||||
|
| docker_loomio_version | | La version de l'image docker loomio |
|
||||||
|
| docker_loomio_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
|
||||||
|
| docker_loomio_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
|
||||||
|
| docker_loomio_reply_to | | L'adresse d'expéditeur des courriels envoyés par le service |
|
||||||
|
| docker_loomio_smtp_server | | L'adresse du serveur smtp par lequel le service envoie les courriels |
|
||||||
|
| docker_loomio_db_name | | Nom de la base de données postgres pour loomio |
|
||||||
|
| docker_loomio_db_user | | Nom du user postgres propriétaire de la base de données |
|
||||||
|
| docker_loomio_db_password | | Mot du passe du user postgres |
|
||||||
|
| docker_loomio_secret_key_base | | s'obtient avec docker-compose run app rake secret |
|
||||||
|
| docker_loomio_devise_secret | | s'obtient avec openssl rand -base64 48 |
|
||||||
|
| docker_loomio_secret_cookie_token | | s'obtient avec openssl rand -base64 48 |
|
||||||
|
| docker_loomio_features_disable_create_user | false | Si true, désactive la possibilité de créer un utilisateur sans invitation |
|
||||||
|
| docker_loomio_features_disable_create_group | false | Si true, désactive la possibilité pour les utilisateurs de créer des groupes |
|
||||||
|
|
||||||
|
|
||||||
|
## Première installation dans loomio
|
||||||
|
|
||||||
|
A la première exécution du playbook, la base de données est initialisée et des valeurs sont proposées pour docker_loomio_secret_key_base, docker_loomio_devise_secret et docker_loomio_secret_cookie_token qu'il suffit de reporter dans les variables ansible.
|
||||||
|
|
||||||
|
Après avoir enregistré un premier utilisateur, promouvoir celui-ci en administrateur de l'instance loomio par :
|
||||||
|
```
|
||||||
|
docker-compose run app rails c
|
||||||
|
User.last.update(is_admin: true)
|
||||||
|
```
|
||||||
|
|
||||||
|
La console d'administration répond à https://docker_loomio_fqdn/admin
|
2
defaults/main.yml
Normal file
2
defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
docker_loomio_features_disable_create_user: false
|
||||||
|
docker_loomio_features_disable_create_group: false
|
5
handlers/main.yml
Normal file
5
handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
- name: docker-compose-up
|
||||||
|
shell: |
|
||||||
|
docker-compose up -d
|
||||||
|
args:
|
||||||
|
chdir: /opt/{{ docker_loomio_service_id }}/
|
8
meta/main.yml
Normal file
8
meta/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: Olivier Navas
|
||||||
|
description: Modèle d'installation Libretic pour loomio
|
||||||
|
license: GPL-3.0-only
|
||||||
|
min_ansible_version: 2.9
|
||||||
|
galaxy_tags: []
|
||||||
|
|
||||||
|
dependencies: []
|
46
tasks/main.yml
Normal file
46
tasks/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
- name: docker directory
|
||||||
|
file:
|
||||||
|
path: /opt/{{ docker_loomio_service_id }}/
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: docker data directory
|
||||||
|
file:
|
||||||
|
path: "{{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/"
|
||||||
|
state: directory
|
||||||
|
register: _datadir
|
||||||
|
|
||||||
|
- name: prepare docker-compose.yml
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: /opt/{{ docker_loomio_service_id }}/
|
||||||
|
with_items:
|
||||||
|
- docker-compose.yml
|
||||||
|
- env
|
||||||
|
notify: docker-compose-up
|
||||||
|
|
||||||
|
- name: prepare loomio cron tasks
|
||||||
|
template:
|
||||||
|
src: loomio_tasks
|
||||||
|
dest: /etc/cron.hourly/
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: initialize db
|
||||||
|
shell: |
|
||||||
|
docker-compose up -d db
|
||||||
|
docker-compose run app rake db:setup
|
||||||
|
echo "You can use secret below into docker_loomio_secret_key_base"
|
||||||
|
docker-compose run app rake secret
|
||||||
|
echo "You can use secret below into docker_loomio_devise_secret"
|
||||||
|
openssl rand -base64 48
|
||||||
|
echo "You can use secret below into docker_loomio_secret_cookie_token"
|
||||||
|
openssl rand -base64 48
|
||||||
|
docker-compose down
|
||||||
|
args:
|
||||||
|
chdir: /opt/{{ docker_loomio_service_id }}/
|
||||||
|
when: _datadir.changed
|
||||||
|
register: _shell_result
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: _shell_result.stdout_lines
|
||||||
|
when: _shell_result is defined
|
||||||
|
|
93
templates/docker-compose.yml
Normal file
93
templates/docker-compose.yml
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
version: '3.1'
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: loomio/loomio:{{ docker_loomio_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
expose:
|
||||||
|
- 3000
|
||||||
|
env_file: ./env
|
||||||
|
volumes:
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/import:/import
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
- "traefik.http.routers.{{ docker_loomio_service_id }}.entrypoints=web"
|
||||||
|
- "traefik.http.routers.{{ docker_loomio_service_id }}.rule=Host(`{{ docker_loomio_fqdn }}`)"
|
||||||
|
- "traefik.http.services.{{ docker_loomio_service_id }}.loadbalancer.server.port=3000"
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
- loomio
|
||||||
|
|
||||||
|
worker:
|
||||||
|
image: loomio/loomio:{{ docker_loomio_version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- loomio
|
||||||
|
- traefik
|
||||||
|
env_file: ./env
|
||||||
|
environment:
|
||||||
|
- TASK=worker
|
||||||
|
volumes:
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
|
||||||
|
channels:
|
||||||
|
image: loomio/loomio_channel_server
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: ./env
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
- "traefik.http.routers.{{ docker_loomio_service_id }}-channels.entrypoints=web"
|
||||||
|
- "traefik.http.routers.{{ docker_loomio_service_id }}-channels.rule=Host(`{{ docker_loomio_fqdn }}`) && PathPrefix(`/socket.io/`)"
|
||||||
|
- "traefik.http.services.{{ docker_loomio_service_id }}-channels.loadbalancer.server.port=5000"
|
||||||
|
networks:
|
||||||
|
- loomio
|
||||||
|
- traefik
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:14
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- loomio
|
||||||
|
healthcheck:
|
||||||
|
test: "pg_isready -U {{ docker_loomio_db_user }} && psql -U {{ docker_loomio_db_user }} --list"
|
||||||
|
volumes:
|
||||||
|
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/db_data:/var/lib/postgresql/data
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ docker_loomio_db_password }}"
|
||||||
|
POSTGRES_DB: "{{ docker_loomio_db_name }}"
|
||||||
|
POSTGRES_USER: "{{ docker_loomio_db_user }}"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:5.0
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- loomio
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
|
loomio:
|
||||||
|
internal: true
|
151
templates/env
Normal file
151
templates/env
Normal file
|
@ -0,0 +1,151 @@
|
||||||
|
# this is the hostname of your app eg: loomio.org
|
||||||
|
CANONICAL_HOST={{ docker_loomio_fqdn }}
|
||||||
|
|
||||||
|
# the human name of the app (Default Loomio)
|
||||||
|
SITE_NAME={{ docker_loomio_name }}
|
||||||
|
|
||||||
|
# reply-to in email notifications
|
||||||
|
REPLY_HOSTNAME={{ docker_loomio_reply_to }}
|
||||||
|
|
||||||
|
# channels
|
||||||
|
CHANNELS_URI=wss://{{ docker_loomio_fqdn }}
|
||||||
|
|
||||||
|
# uncomment this if you want a default subdomain of www (eg: www.loomio.org)
|
||||||
|
# DEFAULT_SUBDOMAIN=www
|
||||||
|
|
||||||
|
# smtp settings
|
||||||
|
SUPPORT_EMAIL={{ docker_loomio_reply_to }}
|
||||||
|
|
||||||
|
#SMTP_AUTH=
|
||||||
|
SMTP_DOMAIN={{ docker_loomio_fqdn }}
|
||||||
|
SMTP_SERVER={{ docker_loomio_smtp_server }}
|
||||||
|
#SMTP_PORT=587
|
||||||
|
#SMTP_USERNAME=smtpusername
|
||||||
|
#SMTP_PASSWORD=smtppassword
|
||||||
|
#SMTP_USE_SSL=1
|
||||||
|
# to disable SSL comment out line rather than changing to 0
|
||||||
|
|
||||||
|
# helper bot is the account which welcomes people to their groups.
|
||||||
|
HELPER_BOT_EMAIL={{ docker_loomio_reply_to }}
|
||||||
|
RAILS_ENV=production
|
||||||
|
|
||||||
|
# Number of webserver processes and threads
|
||||||
|
# threads are per worker. See https://github.com/puma/puma
|
||||||
|
PUMA_WORKERS=2
|
||||||
|
MIN_THREADS=12
|
||||||
|
MAX_THREADS=12
|
||||||
|
|
||||||
|
# Force all connections to be https
|
||||||
|
FORCE_SSL=1
|
||||||
|
|
||||||
|
# Enable rate limiting on group creation, other POST actions
|
||||||
|
USE_RACK_ATTACK=1
|
||||||
|
RACK_ATTACK_RATE_MULTPLIER=5
|
||||||
|
RACK_ATTACK_TIME_MULTPLIER=1
|
||||||
|
|
||||||
|
# Postgres
|
||||||
|
#POSTGRES_PASSWORD={{ docker_loomio_db_password }}
|
||||||
|
#POSTGRES_DB={{ docker_loomio_db_name }}
|
||||||
|
#POSTGRES_USER={{ docker_loomio_db_user }}
|
||||||
|
DATABASE_URL=postgresql://{{ docker_loomio_db_user }}:{{ docker_loomio_db_password }}@db/{{ docker_loomio_db_name }}
|
||||||
|
|
||||||
|
|
||||||
|
# Redis URL
|
||||||
|
REDIS_URL=redis://redis:6379/0
|
||||||
|
|
||||||
|
# attachment storage service
|
||||||
|
# local will keep attachments on the server's disk under ./storage
|
||||||
|
# for cloud storage (recommended) try amazon, digitalocean or s3_compatible
|
||||||
|
|
||||||
|
ACTIVE_STORAGE_SERVICE=local
|
||||||
|
|
||||||
|
# stoage.yml for reference
|
||||||
|
# amazon:
|
||||||
|
# service: S3
|
||||||
|
# access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
|
||||||
|
# secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
|
||||||
|
# bucket: <%= ENV['AWS_BUCKET'] %>
|
||||||
|
# region: <%= ENV['AWS_REGION'] %>
|
||||||
|
#
|
||||||
|
# digitalocean:
|
||||||
|
# service: S3
|
||||||
|
# endpoint: <%= ENV['DO_ENDPOINT'] %>
|
||||||
|
# access_key_id: <%= ENV['DO_ACCESS_KEY_ID'] %>
|
||||||
|
# secret_access_key: <%= ENV['DO_SECRET_ACCESS_KEY'] %>
|
||||||
|
# bucket: <%= ENV['DO_BUCKET'] %>
|
||||||
|
# region: ignored
|
||||||
|
#
|
||||||
|
# s3_compatible:
|
||||||
|
# service: S3
|
||||||
|
# endpoint: <%= ENV.fetch('STORAGE_ENDPOINT', '') %>
|
||||||
|
# access_key_id: <%= ENV.fetch('STORAGE_ACCESS_KEY_ID', '') %>
|
||||||
|
# secret_access_key: <%= ENV.fetch('STORAGE_SECRET_ACCESS_KEY', '') %>
|
||||||
|
# region: <%= ENV.fetch('STORAGE_REGION', '') %>
|
||||||
|
# bucket: <%= ENV.fetch('STORAGE_BUCKET_NAME', '') %>
|
||||||
|
# force_path_style: <%= ENV.fetch('STORAGE_FORCE_PATH_STYLE', false) %>
|
||||||
|
|
||||||
|
# Send catch up email (missed yesterday) weekly
|
||||||
|
# EMAIL_CATCH_UP_WEEKLY=1
|
||||||
|
|
||||||
|
# subscribe on participation default for new users
|
||||||
|
# uncomment this to change "subscribe on participation" to be false for new users
|
||||||
|
# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
|
||||||
|
|
||||||
|
# Uncomment these to disable features
|
||||||
|
# FEATURES_DISABLE_CREATE_USER=1 # users must be invited
|
||||||
|
{% if docker_loomio_features_disable_create_user is true %}
|
||||||
|
FEATURES_DISABLE_CREATE_USER=1
|
||||||
|
{% endif %}
|
||||||
|
# FEATURES_DISABLE_CREATE_GROUP=1 # users cannot create groups
|
||||||
|
{% if docker_loomio_features_disable_create_group is true %}
|
||||||
|
FEATURES_DISABLE_CREATE_GROUP=1
|
||||||
|
{% endif %}
|
||||||
|
# FEATURES_DISABLE_PUBLIC_GROUPS=1 # disable /explore
|
||||||
|
# FEATURES_DISABLE_HELP_LINK=1 # disable the help link
|
||||||
|
# MAX_PENDING_INVITATIONS=100 # maximum unaccepted invitations a group have have
|
||||||
|
# FEATURES_VOTE_REACTIONS=1 # allow reactions to votes
|
||||||
|
|
||||||
|
# Enable search engines to index public content
|
||||||
|
# ALLOW_ROBOTS=1
|
||||||
|
|
||||||
|
# SAML SSO
|
||||||
|
# SAML_APP_KEY=1 # just a flag, keep value as 1
|
||||||
|
# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
|
||||||
|
|
||||||
|
# Sentry DSN
|
||||||
|
# SENTRY_PUBLIC_DSN=https://1234567890@sentry.io/123
|
||||||
|
|
||||||
|
# monitoring with Posthog
|
||||||
|
# POSTHOG_HOST=https://posthog.example.com
|
||||||
|
# POSTHOG_KEY=phc_1234567890
|
||||||
|
|
||||||
|
# Disable login via email (usually when you have enabled SSO of some kind)
|
||||||
|
# FEATURES_DISABLE_EMAIL_LOGIN=1
|
||||||
|
|
||||||
|
# oauth providers, to let your users login using external accounts
|
||||||
|
# FACEBOOK_APP_KEY=REPLACE
|
||||||
|
# FACEBOOK_APP_SECRET=REPLACE
|
||||||
|
# TWITTER_APP_KEY=REPLACE
|
||||||
|
# TWITTER_APP_SECRET=REPLACE
|
||||||
|
# GOOGLE_APP_KEY=REPLACE
|
||||||
|
# GOOGLE_APP_SECRET=REPLACE
|
||||||
|
|
||||||
|
# Theme images
|
||||||
|
# images should be a multiple of 32px tall.
|
||||||
|
# THEME_ICON_SRC=/files/icon.png
|
||||||
|
# THEME_APP_LOGO_SRC=/files/logo.svg
|
||||||
|
# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
|
||||||
|
# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
|
||||||
|
|
||||||
|
# used in emails. use rgb or hsl values, not hex
|
||||||
|
# THEME_PRIMARY_COLOR=rgb(255,167,38)
|
||||||
|
# THEME_ACCENT_COLOR=rgb(0,188,212)
|
||||||
|
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
|
||||||
|
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
|
||||||
|
|
||||||
|
# tell clients to reload when the server is upgraded
|
||||||
|
LOOMIO_SYSTEM_RELOAD=1
|
||||||
|
|
||||||
|
SECRET_KEY_BASE={{ docker_loomio_secret_key_base }}
|
||||||
|
DEVISE_SECRET={{ docker_loomio_devise_secret }}
|
||||||
|
SECRET_COOKIE_TOKEN={{ docker_loomio_secret_cookie_token }}
|
3
templates/loomio_tasks
Normal file
3
templates/loomio_tasks
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
cd /opt/{{ docker_loomio_service_id }}/
|
||||||
|
docker-compose exec loomio-worker bundle exec rake loomio:hourly_tasks > daily_tasks.log 2>&1
|
Loading…
Reference in a new issue