Added role server/firefox-sync

roles/server/firefox-sync/defaults/main.yml

@@ -0,0 +1,27 @@
+---
+
+remote_repository_url: "https://github.com/Zocker1999NET/syncserver"
+remote_repository_version: master
+
+# domain: firefox.example
+system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+
+service_name: "{{ domain }}.service"
+socket_name: "{{ domain }}.socket"
+
+user_directory: "{{ global_webservers_directory }}/{{ domain }}"
+installation_directory: "{{ user_directory }}/sync"
+local_binary_directory: "{{ installation_directory }}/local/bin"
+configuration_file_path: "{{ user_directory }}/configuration.ini"
+pid_file_path: "{{ user_directory }}/pid"
+socket_directory: "{{ global_socket_directory }}/{{ domain }}"
+socket_path: "{{ socket_directory }}/socket"
+
+database_user: "{{ system_user }}"
+# database_pass from mysql/database
+# database_name from mysql/database
+
+secret: "{{ lookup('password', 'credentials/' + inventory_hostname + '/' + domain + '/secret chars=digits,ascii_letters length=80') }}"
+
+systemd_service_conf: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
+systemd_socket_conf: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"

roles/server/firefox-sync/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: restart firefox-sync
+  systemd:
+    state: restarted
+    name: "{{ service_name }}"
+    enabled: yes

roles/server/firefox-sync/meta/main.yml

@@ -0,0 +1,14 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - name: misc/handlers
+  - name: misc/system_user
+    # system_user
+  - name: mysql/database
+    # database_user
+  - role: nginx/proxy
+    # domain
+    backend_socket: "{{ socket_path }}"
+    upstream_name: "{{ socket_name }}"

roles/server/firefox-sync/tasks/main.yml

@@ -0,0 +1,60 @@
+---
+
+- name: Install required dependencies
+  apt:
+    state: present
+    name:
+      - git-core
+      - g++
+      - python-dev
+      - python-virtualenv
+
+- name: Clone git repository
+  become_user: "{{ system_user }}"
+  git:
+    clone: yes
+    dest: "{{ installation_directory }}"
+    force: no
+    repo: "{{ remote_repository_url }}"
+    update: yes
+    version: "{{ remote_repository_version }}"
+
+- name: Build project
+  become_user: "{{ system_user }}"
+  make:
+    chdir: "{{ installation_directory }}"
+    target: build
+  notify: restart firefox-sync
+
+- name: Configure firefox sync server
+  template:
+    src: syncserver.ini
+    dest: "{{ configuration_file_path }}"
+    owner: "root"
+    group: "{{ system_user }}"
+    mode: "u=rw,g=r,o="
+  notify: restart firefox-sync
+
+- name: Configure socket directory
+  file:
+    state: directory
+    path: "{{ socket_directory }}"
+    owner: "{{ system_user }}"
+    group: "{{ nginx_system_user }}"
+    mode: "u=rwx,g=rx,o="
+
+- name: Register socket for firefox sync server
+  template:
+    src: "firefox.socket"
+    dest: "{{ global_systemd_configuration_directory }}/{{ socket_name }}"
+  notify:
+    - reload systemd
+    - restart firefox-sync
+
+- name: Register service for firefox sync server
+  template:
+    src: "firefox.service"
+    dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
+  notify:
+    - reload systemd
+    - restart firefox-sync

roles/server/firefox-sync/templates/firefox.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=firefox sync server at {{ domain }}
+Requires=mariadb.service
+Requires={{ socket_name }}
+After=network.target
+
+[Service]
+PIDFile={{ pid_file_path }}
+User={{ system_user }}
+Group={{ system_user }}
+WorkingDirectory={{ installation_directory }}
+ExecStart={{ local_binary_directory }}/gunicorn --pid {{ pid_file_path | quote }} --bind unix:{{ socket_path | quote }} --threads 2 --paste {{ configuration_file_path | quote }}
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

roles/server/firefox-sync/templates/firefox.socket

@@ -0,0 +1,11 @@
+[Unit]
+Description=firefox sync server socket at {{ domain }}
+
+[Socket]
+ListenStream={{ socket_path }}
+SocketUser={{ system_user }}
+SocketGroup={{ nginx_system_user }}
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target

roles/server/firefox-sync/templates/syncserver.ini

@@ -0,0 +1,43 @@
+[server:main]
+use = egg:gunicorn
+workers = 2
+timeout = 60
+
+[app:main]
+use = egg:syncserver
+
+[syncserver]
+# This must be edited to point to the public URL of your server,
+# i.e. the URL as seen by Firefox.
+public_url = https://{{ domain }}/
+
+# By default, syncserver will accept identity assertions issued by
+# any BrowserID issuer.  The line below restricts it to accept assertions
+# from just the production Firefox Account servers.  If you are hosting
+# your own account server, put its public URL here instead.
+identity_provider = https://accounts.firefox.com/
+
+# This defines the database in which to store all server data.
+#sqluri = sqlite:////tmp/syncserver.db
+sqluri = pymysql://{{ database_user | urlencode }}:{{ database_pass | urlencode }}@127.0.0.1/{{ database_name | urlencode }}
+
+# This is a secret key used for signing authentication tokens.
+# It should be long and randomly-generated.
+# The following command will give a suitable value on *nix systems:
+#
+#    head -c 20 /dev/urandom | sha1sum
+#
+# If not specified then the server will generate a temporary one at startup.
+secret = {{ secret }}
+
+# Set this to "false" to disable new-user signups on the server.
+# Only requests by existing accounts will be honoured.
+allow_new_users = false
+
+# Set this to "true" to work around a mismatch between public_url and
+# the application URL as seen by python, which can happen in certain reverse-
+# proxy hosting setups.  It will overwrite the WSGI environ dict with the
+# details from public_url.  This could have security implications if e.g.
+# you tell the app that it's on HTTPS but it's really on HTTP, so it should
+# only be used as a last resort and after careful checking of server config.
+force_wsgi_environ = false