commit 5531bd56ea775ca87ef3ebe431a07601a5844840 Author: Jim Martens Date: Mon Jan 4 21:52:44 2021 +0100 Initial commit uberspace ansible diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9922bfe --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# ---> Ansible +*.retry +hosts +*_vars.yml + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4ed90b9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,208 @@ +Apache License + +Version 2.0, January 2004 + +http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, +AND DISTRIBUTION + + 1. Definitions. + + + +"License" shall mean the terms and conditions for use, reproduction, and distribution +as defined by Sections 1 through 9 of this document. + + + +"Licensor" shall mean the copyright owner or entity authorized by the copyright +owner that is granting the License. + + + +"Legal Entity" shall mean the union of the acting entity and all other entities +that control, are controlled by, or are under common control with that entity. +For the purposes of this definition, "control" means (i) the power, direct +or indirect, to cause the direction or management of such entity, whether +by contract or otherwise, or (ii) ownership of fifty percent (50%) or more +of the outstanding shares, or (iii) beneficial ownership of such entity. + + + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions +granted by this License. + + + +"Source" form shall mean the preferred form for making modifications, including +but not limited to software source code, documentation source, and configuration +files. + + + +"Object" form shall mean any form resulting from mechanical transformation +or translation of a Source form, including but not limited to compiled object +code, generated documentation, and conversions to other media types. + + + +"Work" shall mean the work of authorship, whether in Source or Object form, +made available under the License, as indicated by a copyright notice that +is included in or attached to the work (an example is provided in the Appendix +below). + + + +"Derivative Works" shall mean any work, whether in Source or Object form, +that is based on (or derived from) the Work and for which the editorial revisions, +annotations, elaborations, or other modifications represent, as a whole, an +original work of authorship. For the purposes of this License, Derivative +Works shall not include works that remain separable from, or merely link (or +bind by name) to the interfaces of, the Work and Derivative Works thereof. + + + +"Contribution" shall mean any work of authorship, including the original version +of the Work and any modifications or additions to that Work or Derivative +Works thereof, that is intentionally submitted to Licensor for inclusion in +the Work by the copyright owner or by an individual or Legal Entity authorized +to submit on behalf of the copyright owner. For the purposes of this definition, +"submitted" means any form of electronic, verbal, or written communication +sent to the Licensor or its representatives, including but not limited to +communication on electronic mailing lists, source code control systems, and +issue tracking systems that are managed by, or on behalf of, the Licensor +for the purpose of discussing and improving the Work, but excluding communication +that is conspicuously marked or otherwise designated in writing by the copyright +owner as "Not a Contribution." + + + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf +of whom a Contribution has been received by Licensor and subsequently incorporated +within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this +License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable copyright license to reproduce, prepare +Derivative Works of, publicly display, publicly perform, sublicense, and distribute +the Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of this License, +each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) patent +license to make, have made, use, offer to sell, sell, import, and otherwise +transfer the Work, where such license applies only to those patent claims +licensable by such Contributor that are necessarily infringed by their Contribution(s) +alone or by combination of their Contribution(s) with the Work to which such +Contribution(s) was submitted. If You institute patent litigation against +any entity (including a cross-claim or counterclaim in a lawsuit) alleging +that the Work or a Contribution incorporated within the Work constitutes direct +or contributory patent infringement, then any patent licenses granted to You +under this License for that Work shall terminate as of the date such litigation +is filed. + +4. Redistribution. You may reproduce and distribute copies of the Work or +Derivative Works thereof in any medium, with or without modifications, and +in Source or Object form, provided that You meet the following conditions: + +(a) You must give any other recipients of the Work or Derivative Works a copy +of this License; and + +(b) You must cause any modified files to carry prominent notices stating that +You changed the files; and + +(c) You must retain, in the Source form of any Derivative Works that You distribute, +all copyright, patent, trademark, and attribution notices from the Source +form of the Work, excluding those notices that do not pertain to any part +of the Derivative Works; and + +(d) If the Work includes a "NOTICE" text file as part of its distribution, +then any Derivative Works that You distribute must include a readable copy +of the attribution notices contained within such NOTICE file, excluding those +notices that do not pertain to any part of the Derivative Works, in at least +one of the following places: within a NOTICE text file distributed as part +of the Derivative Works; within the Source form or documentation, if provided +along with the Derivative Works; or, within a display generated by the Derivative +Works, if and wherever such third-party notices normally appear. The contents +of the NOTICE file are for informational purposes only and do not modify the +License. You may add Your own attribution notices within Derivative Works +that You distribute, alongside or as an addendum to the NOTICE text from the +Work, provided that such additional attribution notices cannot be construed +as modifying the License. + +You may add Your own copyright statement to Your modifications and may provide +additional or different license terms and conditions for use, reproduction, +or distribution of Your modifications, or for any such Derivative Works as +a whole, provided Your use, reproduction, and distribution of the Work otherwise +complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any +Contribution intentionally submitted for inclusion in the Work by You to the +Licensor shall be under the terms and conditions of this License, without +any additional terms or conditions. Notwithstanding the above, nothing herein +shall supersede or modify the terms of any separate license agreement you +may have executed with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade names, +trademarks, service marks, or product names of the Licensor, except as required +for reasonable and customary use in describing the origin of the Work and +reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or agreed to +in writing, Licensor provides the Work (and each Contributor provides its +Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied, including, without limitation, any warranties +or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR +A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness +of using or redistributing the Work and assume any risks associated with Your +exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, whether +in tort (including negligence), contract, or otherwise, unless required by +applicable law (such as deliberate and grossly negligent acts) or agreed to +in writing, shall any Contributor be liable to You for damages, including +any direct, indirect, special, incidental, or consequential damages of any +character arising as a result of this License or out of the use or inability +to use the Work (including but not limited to damages for loss of goodwill, +work stoppage, computer failure or malfunction, or any and all other commercial +damages or losses), even if such Contributor has been advised of the possibility +of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing the Work +or Derivative Works thereof, You may choose to offer, and charge a fee for, +acceptance of support, warranty, indemnity, or other liability obligations +and/or rights consistent with this License. However, in accepting such obligations, +You may act only on Your own behalf and on Your sole responsibility, not on +behalf of any other Contributor, and only if You agree to indemnify, defend, +and hold each Contributor harmless for any liability incurred by, or claims +asserted against, such Contributor by reason of your accepting any such warranty +or additional liability. END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + +To apply the Apache License to your work, attach the following boilerplate +notice, with the fields enclosed by brackets "[]" replaced with your own identifying +information. (Don't include the brackets!) The text should be enclosed in +the appropriate comment syntax for the file format. We also recommend that +a file or class name and description of purpose be included on the same "printed +page" as the copyright notice for easier identification within third-party +archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); + +you may not use this file except in compliance with the License. + +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software + +distributed under the License is distributed on an "AS IS" BASIS, + +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + +See the License for the specific language governing permissions and + +limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f809329 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# Uberspace set up playbooks + +Contains ansible playbooks to set up Uberspaces. + +## Requirements + +A freshly created Uberspace 7. + +Technical dependencies on host machine (Python 2.7 or 3.5+): + +* python / python3 +* python-pip / python3-pip +* python-apt / python3-apt + +Technical dependencies on managed machines: + +* python / python3 + +Install further dependencies on the host machine: ``pip install -r requirements.txt`` + +## Usage + +After cloning the repo to your ansible host, copy ``hosts.example`` to +``hosts`` and fill the file appropriately. If you use Python 3 on the managed +machine, you probably need to adapt the ``ansible_python_interpreter`` +variable. + +Furthermore, you have to copy the ``*_vars.yml.example`` files and +update the variable values. + +All playbooks expect a fresh Uberspace (login via SSH key). + diff --git a/general_vars.yml.example b/general_vars.yml.example new file mode 100644 index 0000000..bd1ca59 --- /dev/null +++ b/general_vars.yml.example @@ -0,0 +1,2 @@ +--- +uberspace_user: yourUberspaceUser diff --git a/hosts.example b/hosts.example new file mode 100644 index 0000000..cc85c61 --- /dev/null +++ b/hosts.example @@ -0,0 +1,2 @@ +[uberspace] +username.uber.space ansible_python_interpreter=/usr/bin/python3 diff --git a/postgres.yml b/postgres.yml new file mode 100644 index 0000000..b0cff54 --- /dev/null +++ b/postgres.yml @@ -0,0 +1,11 @@ +--- +- name: Set up PostgreSQL + hosts: uberspace + vars_files: + - general_vars.yml + - postgres_vars.yml + remote_user: "{{ uberspace_user }}" + become: yes + become_user: root + roles: + - postgres diff --git a/postgres_vars.yml.example b/postgres_vars.yml.example new file mode 100644 index 0000000..c8f0d27 --- /dev/null +++ b/postgres_vars.yml.example @@ -0,0 +1,5 @@ +--- +postgres_user: exampleUser +postgres_password: passwordAtLeast64CharactersLength +postgres_port: openPortInUberspaceFirewall +postgres_version: 13.1 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..9c0e5e7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +docker +passlib diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..767d444 --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload supervisorctl + command: supervisorctl reread +- name: update supervisorctl + command: supervisorctl update + diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml new file mode 100644 index 0000000..df58353 --- /dev/null +++ b/roles/postgres/defaults/main.yml @@ -0,0 +1,2 @@ +--- +postgres_version: 13.1 diff --git a/roles/postgres/handlers/main.yml b/roles/postgres/handlers/main.yml new file mode 100644 index 0000000..7cb47c4 --- /dev/null +++ b/roles/postgres/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart postgres + command: supervisorctl restart postgresql diff --git a/roles/postgres/meta/main.yml b/roles/postgres/meta/main.yml new file mode 100644 index 0000000..fdda41b --- /dev/null +++ b/roles/postgres/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: common diff --git a/roles/postgres/tasks/compile.yml b/roles/postgres/tasks/compile.yml new file mode 100644 index 0000000..b8d7279 --- /dev/null +++ b/roles/postgres/tasks/compile.yml @@ -0,0 +1,18 @@ +--- +- name: create directory for download + file: + path: ~/postgres + state: directory + mode: '0755' +- name: download PostgreSQL and extract archive + unarchive: + src: https://download.postgresql.org/pub/source/v{{ postgres_version }}/postgresql-{{ postgres_version }}.tar.gz + dest: ~/postgres + remote_src: yes +- name: configure PostgreSQL + command: cd ~/postgres/postgresql-{{ postgres_version }} && ./configure --prefix=$HOME/opt/postgresql/ --with-python PYTHON=/usr/bin/python3 +- name: make PostgreSQL + command: cd ~/postgres/postgresql-{{ postgres_version }} && make world +- name: install PostgreSQL + command: cd ~/postgres/postgresql-{{ postgres_version }} && make install-world + diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..7ea16f4 --- /dev/null +++ b/roles/postgres/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- include: compile.yml +- include: profile.yml +- include: setup.yml +- include: service.yml diff --git a/roles/postgres/tasks/profile.yml b/roles/postgres/tasks/profile.yml new file mode 100644 index 0000000..aae6ac7 --- /dev/null +++ b/roles/postgres/tasks/profile.yml @@ -0,0 +1,21 @@ +--- +- name: copy profile file to home dir + template: + src: postgres_profile.j2 + dest: ~/.postgres_profile + mode: 0644 +- name: include postgres profile in bash_profile + lineinfile: + path: ~/.bash_profile + line: source ~/.postgres_profile + insertafter: EOF +- name: copy environment var file to home dir + template: + src: postgres_env.j2 + dest: ~/.postgres_vars + mode: 0644 +- name: include postgres vars in bashrc + lineinfile: + path: ~/.bashrc + line: source ~/.postgres_vars + insertafter: EOF diff --git a/roles/postgres/tasks/service.yml b/roles/postgres/tasks/service.yml new file mode 100644 index 0000000..f4705f5 --- /dev/null +++ b/roles/postgres/tasks/service.yml @@ -0,0 +1,11 @@ +--- +- name: create service + template: + src: postgres_service.j2 + dest: ~/etc/services.d/postgresql.ini + mode: 0644 + notify: + - reload supervisorctl + - update supervisorctl +- name: Flush handlers + meta: flush_handlers diff --git a/roles/postgres/tasks/setup.yml b/roles/postgres/tasks/setup.yml new file mode 100644 index 0000000..e8f9254 --- /dev/null +++ b/roles/postgres/tasks/setup.yml @@ -0,0 +1,27 @@ +--- +- name: create pgpass file + template: + src: pgpass.j2 + dest: ~/.pgpass + mode: 0600 +- name: create temporary password file + template: + src: pgpass_temp.j2 + dest: ~/.pgpass_temp + mode: 0600 +- name: setup database cluster + command: initdb --pwfile ~/pgpass.temp --auth=scram-sha-256 -E UTF8 -D ~/opt/postgresql/data/ +- name: delete temporary password file + file: + path: ~/.pgpass_temp + state: absent +- name: update port + lineinfile: + path: ~/opt/postgresql/data/postgresql.conf + regexp: '^port =' + line: port = {{ postgres_port }} +- name: update unix socket directories + lineinfile: + path: ~/opt/postgresql/data/postgresql.conf + regexp: '^unix_socket_directories' + line: unix_socket_directories = '/home/{{ uberspace_user }}/tmp' # comma-separated list of directories diff --git a/roles/postgres/templates/pgpass.j2 b/roles/postgres/templates/pgpass.j2 new file mode 100644 index 0000000..23c6b3c --- /dev/null +++ b/roles/postgres/templates/pgpass.j2 @@ -0,0 +1,2 @@ +#hostname:port:database:username:password (min 64 characters) +*:*:*:{{ uberspace_user }}:{{ postgres_password }} diff --git a/roles/postgres/templates/pgpass_temp.j2 b/roles/postgres/templates/pgpass_temp.j2 new file mode 100644 index 0000000..40c5a79 --- /dev/null +++ b/roles/postgres/templates/pgpass_temp.j2 @@ -0,0 +1 @@ +{{ postgres_password }} diff --git a/roles/postgres/templates/postgres_env.j2 b/roles/postgres/templates/postgres_env.j2 new file mode 100644 index 0000000..fb0be5d --- /dev/null +++ b/roles/postgres/templates/postgres_env.j2 @@ -0,0 +1,2 @@ +export PGHOST=localhost +export PGPORT={{ postgres_port }} diff --git a/roles/postgres/templates/postgres_profile.j2 b/roles/postgres/templates/postgres_profile.j2 new file mode 100644 index 0000000..87a94e1 --- /dev/null +++ b/roles/postgres/templates/postgres_profile.j2 @@ -0,0 +1,4 @@ +export PATH=$HOME/opt/postgresql/bin/:$PATH +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/opt/postgresql/lib +export PGPASSFILE=$HOME/.pgpass + diff --git a/roles/postgres/templates/postgres_service.j2 b/roles/postgres/templates/postgres_service.j2 new file mode 100644 index 0000000..51b2d99 --- /dev/null +++ b/roles/postgres/templates/postgres_service.j2 @@ -0,0 +1,4 @@ +[program:postgresql] +command=%(ENV_HOME)s/opt/postgresql/bin/postgres -D %(ENV_HOME)s/opt/postgresql/data/ +autostart=yes +autorestart=yes