Commit initial
This commit is contained in:
commit
a08ce003e3
8 changed files with 366 additions and 0 deletions
58
README.md
Normal file
58
README.md
Normal file
|
@ -0,0 +1,58 @@
|
|||
# Role : docker_loomio
|
||||
|
||||
|
||||
## Services fournis
|
||||
|
||||
Installation de loomio sur un serveur docker_host
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
Fournir les variables suivantes. Par exemple :
|
||||
|
||||
```yaml
|
||||
docker_loomio_fqdn: loomio.example.com
|
||||
docker_loomio_name: My Loomio Site
|
||||
docker_loomio_version: v2.15.3
|
||||
docker_loomio_data_dir: /data1
|
||||
docker_loomio_service_id: loomio
|
||||
docker_loomio_reply_to: nepasrepondre-loomio@example.com
|
||||
docker_loomio_smtp_server: smtp.example.com
|
||||
docker_loomio_db_name: loomio
|
||||
docker_loomio_db_user: loomiodbuser
|
||||
docker_loomio_db_password: mdp_de_loomiodbuser
|
||||
docker_loomio_secret_key_base: ici_le_secret_key_base
|
||||
docker_loomio_devise_secret: ici_le_devise_secret
|
||||
docker_loomio_secret_cookie_token: ici_le_secret_cookie_token
|
||||
```
|
||||
|
||||
| Option | Valeur par défaut | Description |
|
||||
|---------------------------------------------|-------------------|-------------------------------------------------------------------------------------------|
|
||||
| docker_loomio_fqdn | | Le nom de domaine pour lequel le service loomio répond |
|
||||
| docker_loomio_name | | Le nom affiché par le service loomio |
|
||||
| docker_loomio_version | | La version de l'image docker loomio |
|
||||
| docker_loomio_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
|
||||
| docker_loomio_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
|
||||
| docker_loomio_reply_to | | L'adresse d'expéditeur des courriels envoyés par le service |
|
||||
| docker_loomio_smtp_server | | L'adresse du serveur smtp par lequel le service envoie les courriels |
|
||||
| docker_loomio_db_name | | Nom de la base de données postgres pour loomio |
|
||||
| docker_loomio_db_user | | Nom du user postgres propriétaire de la base de données |
|
||||
| docker_loomio_db_password | | Mot du passe du user postgres |
|
||||
| docker_loomio_secret_key_base | | s'obtient avec docker-compose run app rake secret |
|
||||
| docker_loomio_devise_secret | | s'obtient avec openssl rand -base64 48 |
|
||||
| docker_loomio_secret_cookie_token | | s'obtient avec openssl rand -base64 48 |
|
||||
| docker_loomio_features_disable_create_user | false | Si true, désactive la possibilité de créer un utilisateur sans invitation |
|
||||
| docker_loomio_features_disable_create_group | false | Si true, désactive la possibilité pour les utilisateurs de créer des groupes |
|
||||
|
||||
|
||||
## Première installation dans loomio
|
||||
|
||||
A la première exécution du playbook, la base de données est initialisée et des valeurs sont proposées pour docker_loomio_secret_key_base, docker_loomio_devise_secret et docker_loomio_secret_cookie_token qu'il suffit de reporter dans les variables ansible.
|
||||
|
||||
Après avoir enregistré un premier utilisateur, promouvoir celui-ci en administrateur de l'instance loomio par :
|
||||
```
|
||||
docker-compose run app rails c
|
||||
User.last.update(is_admin: true)
|
||||
```
|
||||
|
||||
La console d'administration répond à https://docker_loomio_fqdn/admin
|
2
defaults/main.yml
Normal file
2
defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
docker_loomio_features_disable_create_user: false
|
||||
docker_loomio_features_disable_create_group: false
|
5
handlers/main.yml
Normal file
5
handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
- name: docker-compose-up
|
||||
shell: |
|
||||
docker-compose up -d
|
||||
args:
|
||||
chdir: /opt/{{ docker_loomio_service_id }}/
|
8
meta/main.yml
Normal file
8
meta/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
galaxy_info:
|
||||
author: Olivier Navas
|
||||
description: Modèle d'installation Libretic pour loomio
|
||||
license: GPL-3.0-only
|
||||
min_ansible_version: 2.9
|
||||
galaxy_tags: []
|
||||
|
||||
dependencies: []
|
46
tasks/main.yml
Normal file
46
tasks/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
- name: docker directory
|
||||
file:
|
||||
path: /opt/{{ docker_loomio_service_id }}/
|
||||
state: directory
|
||||
|
||||
- name: docker data directory
|
||||
file:
|
||||
path: "{{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/"
|
||||
state: directory
|
||||
register: _datadir
|
||||
|
||||
- name: prepare docker-compose.yml
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: /opt/{{ docker_loomio_service_id }}/
|
||||
with_items:
|
||||
- docker-compose.yml
|
||||
- env
|
||||
notify: docker-compose-up
|
||||
|
||||
- name: prepare loomio cron tasks
|
||||
template:
|
||||
src: loomio_tasks
|
||||
dest: /etc/cron.hourly/
|
||||
mode: 0755
|
||||
|
||||
- name: initialize db
|
||||
shell: |
|
||||
docker-compose up -d db
|
||||
docker-compose run app rake db:setup
|
||||
echo "You can use secret below into docker_loomio_secret_key_base"
|
||||
docker-compose run app rake secret
|
||||
echo "You can use secret below into docker_loomio_devise_secret"
|
||||
openssl rand -base64 48
|
||||
echo "You can use secret below into docker_loomio_secret_cookie_token"
|
||||
openssl rand -base64 48
|
||||
docker-compose down
|
||||
args:
|
||||
chdir: /opt/{{ docker_loomio_service_id }}/
|
||||
when: _datadir.changed
|
||||
register: _shell_result
|
||||
|
||||
- debug:
|
||||
var: _shell_result.stdout_lines
|
||||
when: _shell_result is defined
|
||||
|
93
templates/docker-compose.yml
Normal file
93
templates/docker-compose.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
version: '3.1'
|
||||
|
||||
services:
|
||||
app:
|
||||
image: loomio/loomio:{{ docker_loomio_version }}
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 3000
|
||||
env_file: ./env
|
||||
volumes:
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/import:/import
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.http.routers.{{ docker_loomio_service_id }}.entrypoints=web"
|
||||
- "traefik.http.routers.{{ docker_loomio_service_id }}.rule=Host(`{{ docker_loomio_fqdn }}`)"
|
||||
- "traefik.http.services.{{ docker_loomio_service_id }}.loadbalancer.server.port=3000"
|
||||
networks:
|
||||
- traefik
|
||||
- loomio
|
||||
|
||||
worker:
|
||||
image: loomio/loomio:{{ docker_loomio_version }}
|
||||
restart: always
|
||||
networks:
|
||||
- loomio
|
||||
- traefik
|
||||
env_file: ./env
|
||||
environment:
|
||||
- TASK=worker
|
||||
volumes:
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/uploads:/loomio/public/system
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/storage:/loomio/storage
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/files:/loomio/public/files
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/plugins:/loomio/plugins/docker
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/tmp:/loomio/tmp
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
|
||||
channels:
|
||||
image: loomio/loomio_channel_server
|
||||
restart: unless-stopped
|
||||
env_file: ./env
|
||||
depends_on:
|
||||
- redis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.http.routers.{{ docker_loomio_service_id }}-channels.entrypoints=web"
|
||||
- "traefik.http.routers.{{ docker_loomio_service_id }}-channels.rule=Host(`{{ docker_loomio_fqdn }}`) && PathPrefix(`/socket.io/`)"
|
||||
- "traefik.http.services.{{ docker_loomio_service_id }}-channels.loadbalancer.server.port=5000"
|
||||
networks:
|
||||
- loomio
|
||||
- traefik
|
||||
|
||||
db:
|
||||
image: postgres:14
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- loomio
|
||||
healthcheck:
|
||||
test: "pg_isready -U {{ docker_loomio_db_user }} && psql -U {{ docker_loomio_db_user }} --list"
|
||||
volumes:
|
||||
- {{ docker_loomio_data_dir }}/{{ docker_loomio_service_id }}/db_data:/var/lib/postgresql/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
POSTGRES_PASSWORD: "{{ docker_loomio_db_password }}"
|
||||
POSTGRES_DB: "{{ docker_loomio_db_name }}"
|
||||
POSTGRES_USER: "{{ docker_loomio_db_user }}"
|
||||
|
||||
redis:
|
||||
image: redis:5.0
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- loomio
|
||||
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
loomio:
|
||||
internal: true
|
151
templates/env
Normal file
151
templates/env
Normal file
|
@ -0,0 +1,151 @@
|
|||
# this is the hostname of your app eg: loomio.org
|
||||
CANONICAL_HOST={{ docker_loomio_fqdn }}
|
||||
|
||||
# the human name of the app (Default Loomio)
|
||||
SITE_NAME={{ docker_loomio_name }}
|
||||
|
||||
# reply-to in email notifications
|
||||
REPLY_HOSTNAME={{ docker_loomio_reply_to }}
|
||||
|
||||
# channels
|
||||
CHANNELS_URI=wss://{{ docker_loomio_fqdn }}
|
||||
|
||||
# uncomment this if you want a default subdomain of www (eg: www.loomio.org)
|
||||
# DEFAULT_SUBDOMAIN=www
|
||||
|
||||
# smtp settings
|
||||
SUPPORT_EMAIL={{ docker_loomio_reply_to }}
|
||||
|
||||
#SMTP_AUTH=
|
||||
SMTP_DOMAIN={{ docker_loomio_fqdn }}
|
||||
SMTP_SERVER={{ docker_loomio_smtp_server }}
|
||||
#SMTP_PORT=587
|
||||
#SMTP_USERNAME=smtpusername
|
||||
#SMTP_PASSWORD=smtppassword
|
||||
#SMTP_USE_SSL=1
|
||||
# to disable SSL comment out line rather than changing to 0
|
||||
|
||||
# helper bot is the account which welcomes people to their groups.
|
||||
HELPER_BOT_EMAIL={{ docker_loomio_reply_to }}
|
||||
RAILS_ENV=production
|
||||
|
||||
# Number of webserver processes and threads
|
||||
# threads are per worker. See https://github.com/puma/puma
|
||||
PUMA_WORKERS=2
|
||||
MIN_THREADS=12
|
||||
MAX_THREADS=12
|
||||
|
||||
# Force all connections to be https
|
||||
FORCE_SSL=1
|
||||
|
||||
# Enable rate limiting on group creation, other POST actions
|
||||
USE_RACK_ATTACK=1
|
||||
RACK_ATTACK_RATE_MULTPLIER=5
|
||||
RACK_ATTACK_TIME_MULTPLIER=1
|
||||
|
||||
# Postgres
|
||||
#POSTGRES_PASSWORD={{ docker_loomio_db_password }}
|
||||
#POSTGRES_DB={{ docker_loomio_db_name }}
|
||||
#POSTGRES_USER={{ docker_loomio_db_user }}
|
||||
DATABASE_URL=postgresql://{{ docker_loomio_db_user }}:{{ docker_loomio_db_password }}@db/{{ docker_loomio_db_name }}
|
||||
|
||||
|
||||
# Redis URL
|
||||
REDIS_URL=redis://redis:6379/0
|
||||
|
||||
# attachment storage service
|
||||
# local will keep attachments on the server's disk under ./storage
|
||||
# for cloud storage (recommended) try amazon, digitalocean or s3_compatible
|
||||
|
||||
ACTIVE_STORAGE_SERVICE=local
|
||||
|
||||
# stoage.yml for reference
|
||||
# amazon:
|
||||
# service: S3
|
||||
# access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %>
|
||||
# secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
|
||||
# bucket: <%= ENV['AWS_BUCKET'] %>
|
||||
# region: <%= ENV['AWS_REGION'] %>
|
||||
#
|
||||
# digitalocean:
|
||||
# service: S3
|
||||
# endpoint: <%= ENV['DO_ENDPOINT'] %>
|
||||
# access_key_id: <%= ENV['DO_ACCESS_KEY_ID'] %>
|
||||
# secret_access_key: <%= ENV['DO_SECRET_ACCESS_KEY'] %>
|
||||
# bucket: <%= ENV['DO_BUCKET'] %>
|
||||
# region: ignored
|
||||
#
|
||||
# s3_compatible:
|
||||
# service: S3
|
||||
# endpoint: <%= ENV.fetch('STORAGE_ENDPOINT', '') %>
|
||||
# access_key_id: <%= ENV.fetch('STORAGE_ACCESS_KEY_ID', '') %>
|
||||
# secret_access_key: <%= ENV.fetch('STORAGE_SECRET_ACCESS_KEY', '') %>
|
||||
# region: <%= ENV.fetch('STORAGE_REGION', '') %>
|
||||
# bucket: <%= ENV.fetch('STORAGE_BUCKET_NAME', '') %>
|
||||
# force_path_style: <%= ENV.fetch('STORAGE_FORCE_PATH_STYLE', false) %>
|
||||
|
||||
# Send catch up email (missed yesterday) weekly
|
||||
# EMAIL_CATCH_UP_WEEKLY=1
|
||||
|
||||
# subscribe on participation default for new users
|
||||
# uncomment this to change "subscribe on participation" to be false for new users
|
||||
# EMAIL_ON_PARTICIPATION_DEFAULT_FALSE=1
|
||||
|
||||
# Uncomment these to disable features
|
||||
# FEATURES_DISABLE_CREATE_USER=1 # users must be invited
|
||||
{% if docker_loomio_features_disable_create_user is true %}
|
||||
FEATURES_DISABLE_CREATE_USER=1
|
||||
{% endif %}
|
||||
# FEATURES_DISABLE_CREATE_GROUP=1 # users cannot create groups
|
||||
{% if docker_loomio_features_disable_create_group is true %}
|
||||
FEATURES_DISABLE_CREATE_GROUP=1
|
||||
{% endif %}
|
||||
# FEATURES_DISABLE_PUBLIC_GROUPS=1 # disable /explore
|
||||
# FEATURES_DISABLE_HELP_LINK=1 # disable the help link
|
||||
# MAX_PENDING_INVITATIONS=100 # maximum unaccepted invitations a group have have
|
||||
# FEATURES_VOTE_REACTIONS=1 # allow reactions to votes
|
||||
|
||||
# Enable search engines to index public content
|
||||
# ALLOW_ROBOTS=1
|
||||
|
||||
# SAML SSO
|
||||
# SAML_APP_KEY=1 # just a flag, keep value as 1
|
||||
# SAML_IDP_METADATA_URL=https://saml-metadata-url-provided-by-your-SSO-provider.com/12356
|
||||
|
||||
# Sentry DSN
|
||||
# SENTRY_PUBLIC_DSN=https://1234567890@sentry.io/123
|
||||
|
||||
# monitoring with Posthog
|
||||
# POSTHOG_HOST=https://posthog.example.com
|
||||
# POSTHOG_KEY=phc_1234567890
|
||||
|
||||
# Disable login via email (usually when you have enabled SSO of some kind)
|
||||
# FEATURES_DISABLE_EMAIL_LOGIN=1
|
||||
|
||||
# oauth providers, to let your users login using external accounts
|
||||
# FACEBOOK_APP_KEY=REPLACE
|
||||
# FACEBOOK_APP_SECRET=REPLACE
|
||||
# TWITTER_APP_KEY=REPLACE
|
||||
# TWITTER_APP_SECRET=REPLACE
|
||||
# GOOGLE_APP_KEY=REPLACE
|
||||
# GOOGLE_APP_SECRET=REPLACE
|
||||
|
||||
# Theme images
|
||||
# images should be a multiple of 32px tall.
|
||||
# THEME_ICON_SRC=/files/icon.png
|
||||
# THEME_APP_LOGO_SRC=/files/logo.svg
|
||||
# THEME_EMAIL_HEADER_LOGO_SRC=/files/logo_128h.png
|
||||
# THEME_EMAIL_FOOTER_LOGO_SRC=/files/logo_64h.png
|
||||
|
||||
# used in emails. use rgb or hsl values, not hex
|
||||
# THEME_PRIMARY_COLOR=rgb(255,167,38)
|
||||
# THEME_ACCENT_COLOR=rgb(0,188,212)
|
||||
# THEME_TEXT_ON_PRIMARY_COLOR=rgb(255,255,255)
|
||||
# THEME_TEXT_ON_ACCENT_COLOR=rgb(255,255,255)
|
||||
|
||||
# tell clients to reload when the server is upgraded
|
||||
LOOMIO_SYSTEM_RELOAD=1
|
||||
|
||||
SECRET_KEY_BASE={{ docker_loomio_secret_key_base }}
|
||||
DEVISE_SECRET={{ docker_loomio_devise_secret }}
|
||||
SECRET_COOKIE_TOKEN={{ docker_loomio_secret_cookie_token }}
|
3
templates/loomio_tasks
Normal file
3
templates/loomio_tasks
Normal file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
cd /opt/{{ docker_loomio_service_id }}/
|
||||
docker-compose exec loomio-worker bundle exec rake loomio:hourly_tasks > daily_tasks.log 2>&1
|
Loading…
Reference in a new issue