diff --git a/README.md b/README.md index 64970a9..fbac6f4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![MIT License](https://raw.githubusercontent.com/roles-ansible/ansible_role_etebase/main/.github/license.svg)](https://github.com/roles-ansible/ansible_role_etebase/blob/main/LICENSE) + Ansible role EteBase - EteSync 2.0 Server Backend =================================================== Ansible role to Setup and Confugure Etebase - The Backend from EteSync 2.0 -> https://github.com/etesync/server @@ -5,3 +7,61 @@ Ansible role to Setup and Confugure Etebase - The Backend from EteSync 2.0 -> ht ``` WORK IN PROGRESS!!! ``` + + Details +--------- +This Ansible role installs and configures etebase, the backend of etesync. A piece of software to securely sync your contacts, calendars, tasks and notes! +In this Ansible role, a separate user is created for etebase. The latest release of etebase is downloaded to the home of this user. A configuration is created. The specified Python dependencies are installed in a venv. And optionally etebase can be started automatically via a systemd service and uvicorn. +What this Ansible role does not create are users in Etebase. And the configuration for the web server is not created either. + + Default Variables +----------- +| variable | value | description | +| -------- | ----- | ----------- | +| etebase__user | 'etebase' | The Unix User for etebase | +| etebase__group | 'etebase' | The Unix Group for etebase | +| etebase__user_home | '/var/lib/etebase' | Etebase User Home | +| etebase__shell | '/bin/false' | Default Shell of Etebase User | +| etebase__venv | "{{ etebase__user_home }}/venv" | Etebase venv path | +| etebase__socket | '/tmp/etebase_server.sock' | Etebase Socket path *(only if ``etebase__systemd_setup`` is set to ``true``)* | +| etebase__package_state | 'present' | Set to ``latest`` to upgrade all etebase required system and pip packages to the latest version | +| etebase__version | 'latest' | Etebase Release Tag | +| etebase__secrets_dir | "{{ etebase__user_home }}/secrets" | Path to store etebase secrets | +| etebase__collectstatic | true | Generate static files for etebase | +| etebase__restart_webserver | false | Set to ``true`` to restart the webserver on config change *(etebase__systemd_setup needed)*| +| etebase__webserver_service | 'nginx.service' | Which systemd unit should be restartet for the webserver | +| etebase__systemd_setup | false | Set to ``true`` to start etebase as systemd unit with the systemd socket configured above | +| submodules_versioncheck | false | should we do a simple version check for this ansible role | + + + Options for etebase-server.ini +------------------------------ + +| variable | value | description | +| -------- | ----- | ----------- | +| etebase__global_secret_file | '{{ etebase__secrets_dir }}/secret.txt' | path of secret.txt +| etebase__global_debug | false | Set debug to true | +| etebase__global_static_root | "{{ etebase__user_home }}/static_root" | Path of static root | +| etebase__global_media_root: "{{ etebase__user_home }}/media_root" +| etebase__global_extra | '' | Variable for aditional parameter in the ``[global]`` section of the config file | +| etebase__allowed_hosts_allowed_host1 | '\*' | The allowed Host for this etebase server | +| etebase__allowed_hosts_extra | '' |Variable for aditional parameter in the ``[allowed_hosts]`` section of the config file | +| etebase__database_engine | 'django.db.backends.sqlite3' | Databse Engine | +| etebase__database_name | "{{ etebase__secrets_dir }}/etebase.db.sqlite3" | Path of the sqlite3 database | +| etebase__database_extra | '' | Variable for aditional parametet in the ``[database]`` section of the config file | +| etebase__database_options_extra | '' | Variable for aditional parameter in the ``[database_options]`` section of the config file | +| etebase__ldap_extra | '' | Variable for aditional parameter in the ``[ldap]`` section of the config file | +| etebase__config_extra | '' |Variable for aditional parameter at the end of the config file | + + Additional Information +------------------------ +You find more information about the webserver config at [github.com/etesync/server/wiki/Production-setup-using-Nginx](https://github.com/etesync/server/wiki/Production-setup-using-Nginx). Please remember the value you used for the ``etebase__socket`` variable, if you used this role to start the [unicorn](https://www.uvicorn.org/) ASGI server via systemd. For this you have to set ``etebase__systemd_setup`` to ``true``. + +You have to create a admin User by yourself. To do this, log in manually as priviledged user, change to the ``etebase__user_home``. Enter the downloaded etebase code direcotory and run the 'python3 ./manage.py createsuperuser' command: +```bash +cd /var/lib/etebase/ +ls etebase_* +cd etebase_v0.10.0 # example versiom +/var/lib/etebase/venv/bin/python3 ./manage.py createsuperuser +``` + diff --git a/tasks/configure.yml b/tasks/configure.yml index 5eed4d6..78d5b06 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -21,7 +21,7 @@ with_items: - "{{ etebase__global_static_root }}" -- name: "Create mediac data directorys" +- name: "Create media data directorys" become: true ansible.builtin.file: path: "{{ item }}" diff --git a/tasks/filepermissions.yml b/tasks/filepermissions.yml new file mode 100644 index 0000000..440aaac --- /dev/null +++ b/tasks/filepermissions.yml @@ -0,0 +1,27 @@ +--- +- name: "Make sure static data is set properly" + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + group: "{{ etebase__group }}" + owner: "{{ etebase__user }}" + recurse: true + mode: 'u=rwX,g=rX,o=rX' + with_items: + - "{{ etebase__global_static_root }}" + +- name: "Set and cleanup file permissions again" + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + group: "{{ etebase__group }}" + owner: "{{ etebase__user }}" + recurse: true + mode: 'u=rwX,g=rX,o=' + with_items: + - "{{ etebase__global_media_root }}" + - "{{ etebase__secrets_dir }}" + - "{{ etebase__venv }}" + - "{{ etebase__user_home }}/etebase_{{ etebase_version_target }}" diff --git a/tasks/main.yml b/tasks/main.yml index ad5628d..d343fce 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,3 +24,6 @@ - name: Setup Systemd Service ansible.builtin.include_tasks: systemd.yml when: etebase__systemd_setup | bool + +- name: Cleanup file permissions + ansible.builtin.include_tasks: filepermissions.yml diff --git a/tasks/migrate.yml b/tasks/migrate.yml index f626ea8..df147f7 100644 --- a/tasks/migrate.yml +++ b/tasks/migrate.yml @@ -10,7 +10,7 @@ - name: Print output of python3 manage.py migrate ansible.builtin.debug: verbosity: 1 - msg: "{{ _etebase_migrate.result }}" + msg: "{{ _etebase_migrate.stdout }}" - name: Create static files become: true @@ -23,7 +23,7 @@ - name: Print output of python3 manage.py collectstatic ansible.builtin.debug: verbosity: 1 - msg: "{{ _etebase_collectstatic.result }}" + msg: "{{ _etebase_collectstatic.stdout }}" - name: "Fix File Permissions for secret directory" become: true @@ -51,8 +51,5 @@ - name: Print hint how to create admin User ansible.builtin.debug: - msg: | - To create a admin user, run - 'cd {{ etebase__user_home }}/etebase_{{ etebase_version_target }}; - {{ etebase__venv }}/bin/python3 ./manage.py createsuperuser' - as priviledged user. + # yamllint disable-line rule:line-length + msg: "To create a admin user, run 'cd {{ etebase__user_home }}/etebase_{{ etebase_version_target }}; {{ etebase__venv }}/bin/python3 ./manage.py createsuperuser' as priviledged user."