banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Added role server/linx

Browse Source
dehydrated
Felix Stupp 5 years ago
parent 8b75c49917
commit ff054f4a04
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7
7 changed files with 267 additions and 0 deletions
Show Stats Download Patch File Download Diff File

33
roles/server/linx/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,33 @@
---
#domain: "lynx.localhost"
binary_architecture: "linux-amd64"
system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
service_name: "{{ domain }}.service"
user_directory: "{{ global_webservers_directory }}/{{ domain }}"
installation_directory: "{{ user_directory }}/bin"
binary_path: "{{ installation_directory }}/linx-server"
configuration_directory: "{{ user_directory }}/configuration"
configuration_file: "{{ configuration_directory }}/config.ini"
auth_codes_file: "{{ configuration_directory }}/auth_codes"
data_directory: "{{ user_directory }}/data"
files_directory: "{{ data_directory }}/files"
meta_directory: "{{ data_directory }}/meta"
# TODO Bind to socket path
bind_port: 12840
#!socket_directory: "{{ user_directory }}/socket"
#!socket_path: "{{ socket_directory }}/socket"
auth_code: "{{ lookup('password', 'credentials/' + inventory_hostname + '/' + domain + '/auth_code chars=digits,ascii_letters length=80') }}"
force_random_filenames: no
max_size: "{{ 4 * 1024 * 1024 * 1024 }}"
max_expiry: 0
site_name: "Linx {{ domain }}"
selif_path: "files"
client_additional_body_size: "{{ 16 * 1024 }}"
client_max_body_size: "{{ max_size + client_additional_body_size }}"
update_script_path: "{{ update_scripts_directory }}/{{ domain }}"

7
roles/server/linx/handlers/main.yml
Unescape Escape View File

@ -0,0 +1,7 @@
---
- name: restart linx
systemd:
state: restarted
name: "{{ service_name }}"
enabled: yes

18
roles/server/linx/meta/main.yml
Unescape Escape View File

@ -0,0 +1,18 @@
---
allow_duplicates: yes
dependencies:
- role: misc/handlers
- role: misc/system_user
# system_user
# user_directory
user_directory_mode: "u=rx,g=rx,o="
- role: misc/backup_files
# domain
backup_directory: "{{ data_directory }}"
- role: nginx/proxy
# domain
backend_port: "{{ bind_port }}"
additional_directives: |
client_max_body_size {{ client_max_body_size }};

93
roles/server/linx/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,93 @@
---
- name: Create required read only directories
file:
state: directory
path: "{{ item }}"
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=rx,g=rx,o="
loop:
- "{{ configuration_directory }}"
- "{{ installation_directory }}"
- "{{ data_directory }}"
- name: Create required data directories
file:
state: directory
path: "{{ item }}"
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=rwx,g=rx,o="
loop:
- "{{ files_directory }}"
- "{{ meta_directory }}"
# - "{{ socket_directory }}"
- name: Install auto update script for linx
template:
src: "update.sh"
dest: "{{ update_script_path }}"
owner: root
group: root
mode: "u=rwx,g=rx,o=r"
- name: Download linx
command: "{{ update_script_path }}"
args:
chdir: "{{ installation_directory }}"
creates: "{{ binary_path }}"
notify:
- restart linx
- name: Configure linx
template:
src: "config.ini"
dest: "{{ configuration_file }}"
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=r,g=r,o="
notify:
- restart linx
# TODO Move to helper script
# TODO Implement proper change detection / renew hash on auth_code change
# TODO Set mode of resulting file correctly
- name: Create auth code file
file:
state: touch
path: "{{ auth_codes_file }}"
owner: "{{ system_user }}"
group: "{{ system_user }}"
mode: "u=rw,g=,o="
- name: Register auth code for uploading to linx
become_user: "{{ system_user }}"
shell: >-
echo {{ auth_code | quote }}
| {{ installation_directory | quote }}/linx-genkey
| grep --only-matching --perl-regexp '(?<=\s)[^\s]+='
> {{ auth_codes_file | quote }}
args:
chdir: "{{ user_directory }}"
# creates: "{{ auth_codes_file }}"
notify:
- restart linx
- name: Register service for linx
template:
src: "linx.service"
dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
owner: root
group: root
mode: "u=rw,g=r,o="
notify:
- reload systemd
- restart linx
- name: Enable auto update of linx
cron:
hour: 2
minute: 0
job: "{{ update_script_path }}"
name: "update linx for {{ domain }}"
state: present

13
roles/server/linx/templates/config.ini
Unescape Escape View File

@ -0,0 +1,13 @@
bind = 127.0.0.1:{{ bind_port }}
sitename = {{ site_name }}
siteurl = https://{{ domain }}/
selifpath = {{ selif_path }}
maxsize = {{ max_size }}
maxexpiry = {{ max_expiry }}
realip = true
nologs = false
force-random-filename = {{ force_random_filenames | ternary('true', 'false') }}
authfile = {{ auth_codes_file }}
remoteauthfile = {{ auth_codes_file }}
filespath = {{ files_directory }}
metapath = {{ meta_directory }}

24
roles/server/linx/templates/linx.service
Unescape Escape View File

@ -0,0 +1,24 @@
[Unit]
Description=Linx on {{ domain }}
After=syslog.target
After=network.target
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User={{ system_user }}
Group={{ system_user }}
WorkingDirectory={{ installation_directory }}
ExecStart={{ binary_path | quote }} -config {{ configuration_file | quote }}
Restart=always
Environment="USER={{ system_user }}"
Environment="HOME={{ user_directory }}"
[Install]
WantedBy=multi-user.target

79
roles/server/linx/templates/update.sh
Unescape Escape View File

@ -0,0 +1,79 @@
#!/bin/bash
set -euxo pipefail;
# Constants
readonly ARCHITECTURE={{ binary_architecture | quote }};
readonly BINARIES=( "cleanup" "genkey" "server" );
readonly BIN_DIR={{ installation_directory | quote }};
readonly PREFIX="linx";
readonly SYSTEM_USER={{ system_user | quote }};
# Helper building filenames
function getFile() {
echo "$PREFIX-$2-$1_$ARCHITECTURE";
}
# Helper modifing owners and permissions
function correctPermissions() {
chown --no-dereference "root":"$SYSTEM_USER" "$1";
chmod u=rwx,g=rx,o= "$1";
}
# Check newest version installed
installed="$(
(ls "$BIN_DIR" |
grep --only-matching --perl-regexp '(?<=-)v\d+(\.\d+)*(?=_)' |
sort --version-sort --reverse --unique |
head --lines=1) ||
true
)";
# Check version from upstream
version="$(
curl --silent https://github.com/andreimarcu/linx-server/releases.atom |
grep --only-matching --perl-regexp '(?<=/releases/tag/)v\d+(\.\d+)*(?=")' |
head --lines=1
)";
# Check for missing version numbers
if [[ -z "$installed" ]]; then
installed="v0";
fi
if [[ -z "$version" ]]; then
error "Missing version available";
exit 2;
fi
# Check if version is already installed
if [[ "$installed" = "$version" ]]; then
exit 0;
fi
# Remove version and redownloading (only applies on fallback)
for binary in "${BINARIES[@]}"; do
fileName="$(getFile "$version" "$binary")";
filePath="$BIN_DIR/$fileName";
url="https://github.com/andreimarcu/linx-server/releases/download/$version/$fileName";
rm --force "$filePath";
wget --quiet --output-document="$filePath" "$url";
correctPermissions "$filePath";
done
# Relink new binaries
for binary in "${BINARIES[@]}"; do
toLinkPath="$BIN_DIR/$(getFile "$version" "$binary")";
linkPath="$BIN_DIR/$PREFIX-$binary";
ln --force --symbolic "$toLinkPath" "$linkPath";
correctPermissions "$linkPath";
done
# Remove old version
for binary in "${BINARIES[@]}"; do
fileName="$(getFile "$installed" "$binary")";
rm --force "$BIN_DIR/$fileName";
done
# Restart service
if systemctl is-enabled {{ service_name | quote }}; then
systemctl restart {{ service_name | quote }};
fi
Write Preview
Loading…
Cancel
Save