Initial commit

.cache/roles/Rémi.docker_framadate

+../..
\ No newline at end of file

README.md

+docker_framadate
+================
+
+This role deploys Framadate in a Docker.
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+Variables from default directory :
+* date_url: URL on which Framadate will be listening
+* date_db_root: Database root password
+* date_db_user: Database user
+* date_db_pass: Database password
+* date_admin_user: Framadate Admin user
+* date_admin_pass: Framadate Admin password
+* default_maintenance_email: Framadate Admin e-mail
+
+* Mail configuration (optional, if set, a postfix proxy will be deployed, otherwise a mailhog instance will be deployed for blocking e-mails)
+  * mailname: domain to which the users belong to
+  * mailserver: SMTP server to use for sending e-mails (defaults to smtp.{{ domain }})
+  * smtpport: SMTP server port (defaults to 465)
+  * smtpuser: SMTP username (defaults to smtpuser)
+  * smtppass: SMTP user password (defaults to veryUnsecurePassToBeModified)
+* Backups (for backups to be deployed, host needs to be in maintenance_contract group)
+  * swift parameters for 2 object storage instances where backups should be pushed daily
+  * date_backup_pass : Passphrase for encryption of backups
+
+Dependencies
+------------
+
+This role requires the following Ansible collection :
+* community.docker
+
+This Docker role supposes that Traefik is deployed as an inverseproxy in front of the deployed Dockers.
+The following role is used by Le Filament for deploying Traefik : docker_server (https://sources.le-filament.com/lefilament/ansible-roles/docker_server)
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: docker_framadate }
+      vars:
+         - { date_url: "date.example.org" }
+         - { date_db_root: "veryUnsecureRootPassToBeModified" }
+         - { date_db_user: "framadate" }
+         - { date_db_pass: "veryUnsecurePassToBeModified" }
+         - { date_admin_user: "admin" }
+         - { date_admin_pass: "veryUnsecureAdminPassToBeModified" }
+         - { default_maintenance_email: "maintenance@example.org" }
+
+License
+-------
+
+AGPL-3
+
+Author Information
+------------------
+
+Le Filament (https://le-filament.com)

defaults/main.yml

+---
+# Framadate URL
+date_url: "date.example.org"
+# Framadate DB
+date_db_root: "veryUnsecureRootPassToBeModified"
+date_db_user: "framadate"
+date_db_pass: "veryUnsecurePassToBeModified"
+# Framadate Admin User / Password
+date_admin_user: "admin"
+date_admin_pass: "veryUnsecureAdminPassToBeModified"
+# Framadate Admin e-mail
+default_maintenance_email: "maintenance@example.org"
+# For maintenance only - Backup password
+# date_backup_pass: "veryUnsecureBackupPassToBeModified"
+
+# OPTIONAL - Mailserver, if defined a postfix proxy will be deployed, otherwise MailHog will be deployed
+# mailname: example.org
+# mailserver: smtp.example.org
+# smtpport: 465
+# smtpuser: smtpuser
+# smtppass: veryUnsecurePassToBeModified
+
+# OPTIONAL - For Backups only
+# Parameters for pushing backups to Object Storage - Instance 1
+# swift_odoo_authurl: https://auth.cloud.ovh.net/v3/
+# swift_odoo_authversion: 3
+# swift_odoo_tenantid: "132e1fa"
+# swift_odoo_tenantname: "12312534534"
+# swift_odoo_username: "testuser"
+# swift_odoo_password: "testpassword"
+# swift_odoo_regionname: "GRA"
+# Parameters for pushing backups to Object Storage - Instance 2
+# swift_odoo2_authurl: https://auth.cloud.ovh.net/v3/
+# swift_odoo2_authversion: 3
+# swift_odoo2_tenantid: "12323534ab"
+# swift_odoo2_tenantname: "123124235345"
+# swift_odoo2_username: "testuser"
+# swift_odoo2_password: "testpassword"
+# swift_odoo2_regionname: "DE"
+# Passphrase for backups encryption
+# date_backup_pass: notSecureEnoughPasswordToBeModified

handlers/main.yml

+---
+
+- name: start framadate docker
+  docker_compose:
+    project_src: /home/docker/
+    files: framadate.yaml
+    project_name: framadate
+  async: 120
+  poll: 10
+  when: not ansible_check_mode

meta/main.yml

+---
+galaxy_info:
+  author: Rémi
+  description: Role for deploying Framadate on Docker
+  company: Le Filament (https://le-filament.com)
+  license: AGPL-3.0-or-later
+  min_ansible_version: 2.1
+  platforms:
+    - name: Ubuntu
+      versions:
+        - 18.04
+        - 20.04
+  galaxy_tags:
+    - framadate

tasks/main.yml

+---
+
+## Install Framadate docker
+- name: Install framadate docker
+  template:
+    src: framadate.yaml.j2
+    dest: /home/docker/framadate.yaml
+    owner: root
+    group: root
+    mode: '0400'
+  notify:
+    - start framadate docker
+
+## Backup Framadate section
+- name: Install Framadate backup compose file
+  template:
+    src: backup.yaml.j2
+    dest: /home/docker/backups/backup-framadate.yaml
+    owner: root
+    group: root
+    mode: '0400'
+  when: inventory_hostname in groups['maintenance_contract']
+
+- name: Install Framadate backup2 compose file
+  template:
+    src: backup2.yaml.j2
+    dest: /home/docker/backups/backup2-framadate.yaml
+    owner: root
+    group: root
+    mode: '0400'
+  when: inventory_hostname in groups['maintenance_contract']
+
+- name: Copy docker file for mysql duplicity
+  copy:
+    src: ../docker_nextcloud/files/Dockerfile-backup
+    dest: /home/docker/backups/Dockerfile-mysql
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname in groups['maintenance_contract']
+
+- name: add cron job to run backup every day
+  cron:
+    name: backup framadate
+    minute: "03"
+    hour: "3"
+    job: /usr/local/bin/docker-compose -f /home/docker/backups/backup-framadate.yaml run --rm backup_framadate
+  when: inventory_hostname in groups['maintenance_contract']
+
+- name: add cron job to run backup2 every day
+  cron:
+    name: backup2 framadate
+    minute: "23"
+    hour: "5"
+    job: /usr/local/bin/docker-compose -f /home/docker/backups/backup2-framadate.yaml run --rm backup_framadate
+  when: inventory_hostname in groups['maintenance_contract']

templates/backup.yaml.j2

+version: "2.1"
+services:
+    backup_framadate:
+        build:
+            context: .
+            dockerfile: Dockerfile-mysql
+        image: filament/duplicity:mysql
+        hostname: backup-framadate
+        environment:
+            DST: "swift://framadate_{{ inventory_hostname|lower }}"
+            MYSQL_DATABASE: "{{ date_db_user }}"
+            MYSQL_HOST: "db"
+            MYSQL_PASSWORD: "{{ date_db_pass }}"
+            MYSQL_USER: "{{ date_db_user }}"
+            PASSPHRASE: "{{ date_backup_pass | default(date_db_pass) }}"
+            SWIFT_USERNAME: "{{ swift_odoo_username }}"
+            SWIFT_PASSWORD: "{{ swift_odoo_password }}"
+            SWIFT_AUTHURL: "{{ swift_odoo_authurl }}"
+            SWIFT_AUTHVERSION: {{ swift_odoo_authversion }}
+            SWIFT_TENANTNAME: "{{ swift_odoo_tenantname }}"
+            SWIFT_TENANTID: "{{ swift_odoo_tenantid }}"
+            SWIFT_REGIONNAME: "{{ swift_odoo_regionname }}"
+            JOB_300_WHAT: "backup --full-if-older-than 6D"
+            JOB_302_WHAT: "dup remove-all-but-n-full 5 --force $$DST $$@"
+            JOB_302_WHEN: "daily"
+        networks:
+            - framadate_default
+            - public
+        command:
+            - /etc/periodic/daily/jobrunner
+
+networks:
+    framadate_default:
+        external: true
+    public:
+        driver_opts:
+            encrypted: 1

templates/backup2.yaml.j2

+version: "2.1"
+services:
+    backup_framadate:
+        build:
+            context: .
+            dockerfile: Dockerfile-mysql
+        image: filament/duplicity:mysql
+        hostname: backup-framadate
+        environment:
+            DST: "swift://framadate_{{ inventory_hostname|lower }}"
+            MYSQL_DATABASE: "{{ date_db_user }}"
+            MYSQL_HOST: "db"
+            MYSQL_PASSWORD: "{{ date_db_pass }}"
+            MYSQL_USER: "{{ date_db_user }}"
+            PASSPHRASE: "{{ date_backup_pass | default(date_db_pass) }}"
+            SWIFT_USERNAME: "{{ swift_odoo2_username }}"
+            SWIFT_PASSWORD: "{{ swift_odoo2_password }}"
+            SWIFT_AUTHURL: "{{ swift_odoo2_authurl }}"
+            SWIFT_AUTHVERSION: {{ swift_odoo2_authversion }}
+            SWIFT_TENANTNAME: "{{ swift_odoo2_tenantname }}"
+            SWIFT_TENANTID: "{{ swift_odoo2_tenantid }}"
+            SWIFT_REGIONNAME: "{{ swift_odoo2_regionname }}"
+            JOB_300_WHAT: "backup --full-if-older-than 6D"
+            JOB_302_WHAT: "dup remove-all-but-n-full 5 --force $$DST $$@"
+            JOB_302_WHEN: "daily"
+        networks:
+            - framadate_default
+            - public
+        command:
+            - /etc/periodic/daily/jobrunner
+
+networks:
+    framadate_default:
+        external: true
+    public:
+        driver_opts:
+            encrypted: 1

templates/framadate.yaml.j2

+version: '3'
+services:
+    smtp:
+{% if mailname is defined %}
+        image: tecnativa/postfix-relay
+        volumes:
+            - smtp:/var/spool/postfix
+        networks:
+            default:
+            public:
+        environment:
+            MAILNAME: "{{ mailname }}"
+            MAIL_RELAY_HOST: "{{ mailserver }}"
+            MAIL_RELAY_PORT: "{{ smtpport }}"
+            MAIL_RELAY_USER: "{{ smtpuser }}"
+            MAIL_RELAY_PASS: "{{ smtppass }}"
+            MAIL_CANONICAL_DOMAINS: "{{ mailname }}"
+            MAIL_NON_CANONICAL_DEFAULT: "{{ mailname }}"
+{% else %}
+        image: mailhog/mailhog
+        networks:
+            default:
+            inverseproxy_smtp:
+        labels:
+            traefik.docker.network: "inverseproxy_smtp"
+            traefik.enable: "true"
+            traefik.http.routers.framadatesmtp.middlewares: "auth@file, smtp-stripprefix@file"
+            traefik.http.routers.framadatesmtp.rule: "Host(`{{ date_url }}`) && PathPrefix(`/smtp/`)"
+            traefik.http.routers.framadatesmtp.service: "framadatesmtp"
+            traefik.http.services.framadatesmtp.loadbalancer.server.port: "8025"
+{% endif %}
+        container_name: framadate_smtp
+        restart: unless-stopped
+
+    db:
+        container_name: framadate_db
+        image: mariadb:10.4
+        environment:
+            - MYSQL_ROOT_PASSWORD={{ date_db_root }}
+            - MYSQL_USER={{ date_db_user }}
+            - MYSQL_PASSWORD={{ date_db_pass }}
+            - MYSQL_DATABASE={{ date_db_user }}
+        restart: unless-stopped
+        volumes:
+            - mysql:/var/lib/mysql:z
+
+    framadate:
+        container_name: framadate
+        image: lefilament/framadate:latest
+        depends_on:
+            - db
+            - smtp
+        environment:
+            - APP_NAME=Framadate
+            - DOMAIN={{ date_url }}
+            - ADMIN_MAIL={{ default_maintenance_email }}
+            - MYSQL_USER={{ date_db_user }}
+            - MYSQL_PASSWORD={{ date_db_pass }}
+            - MYSQL_DB={{ date_db_user }}
+            - MYSQL_HOST=db
+            - MYSQL_PORT=3306
+            - ADMIN_USER={{ date_admin_user }}
+            - ADMIN_PASSWORD={{ date_admin_pass }}
+{% if mailname is defined %}
+            - DISABLE_SMTP=true # FIXME there is a TLS connection issue between Framadate and postfix relay
+            #- SMTP_SERVER=smtp:25
+{% else %}
+            - SMTP_SERVER=smtp:1025
+{% endif %}
+        restart: unless-stopped
+        networks:
+            default:
+            inverseproxy_shared:
+        labels:
+            traefik.enable: "true"
+            traefik.http.routers.framadate.rule: "Host(`{{ date_url }}`)"
+            traefik.http.routers.framadate.service: "framadate"
+            traefik.http.services.framadate.loadbalancer.server.port: "80"
+
+networks:
+    default:
+        internal: true
+        driver_opts:
+            encrypted: 1
+    inverseproxy_shared:
+        external: true
+{% if mailname is defined %}
+    public:
+{% else %}
+    inverseproxy_smtp:
+        external: true
+{% endif %}
+
+volumes:
+    mysql:
+{% if mailname is defined %}
+    smtp:
+{% endif %}