commit fefeb6a5eb8979e5bc229c61a5441207717f7b68 Author: Christian Fraß Date: Wed Aug 21 20:55:06 2024 +0200 [ini] diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..e82584a --- /dev/null +++ b/.editorconfig @@ -0,0 +1,27 @@ +# see https://EditorConfig.org + +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_size = tab +indent_style = tab +tab_width = 4 +insert_final_newline = true +max_line_length = 80 +trim_trailing_whitespace = true +curly_bracket_next_line = false +indent_brace_style = K&R +spaces_around_operators = true +spaces_around_brackets = false +quote_type = double + +[*.y{,a}ml{,lint}] +indent_style = space +indent_size = 2 + +[*.md] +indent_style = space +indent_size = 2 + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6d94939 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.geany diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..108f165 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,5 @@ +syntaxcheck: + image: docker.io/library/alpine:3.18 + script: + - apk update && apk add bash python3 + - tools/check-json-syntax diff --git a/README.md b/README.md new file mode 100644 index 0000000..2b34470 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Ansible Collection - linke.arc + +Documentation for the collection. diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..9a38573 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,69 @@ +### REQUIRED +# The namespace of the collection. This can be a company/brand/organization or product namespace under which all +# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with +# underscores or numbers and cannot contain consecutive underscores +namespace: linke + +# The name of the collection. Has the same character restrictions as 'namespace' +name: arc + +# The version of the collection. Must be compatible with semantic versioning +version: 1.0.0 + +# The path to the Markdown (.md) readme file. This path is relative to the root of the collection +readme: README.md + +# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) +# @nicks:irc/im.site#channel' +authors: +- Royd Falk + + +### OPTIONAL but strongly recommended +# A short summary description of the collection +description: "Sammlung von Rollen für ARC" + +# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only +# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' +license: +- GPL-3.0-or-later + +# The path to the license file for the collection. This path is relative to the root of the collection. This key is +# mutually exclusive with 'license' +license_file: '' + +# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character +# requirements as 'namespace' and 'name' +tags: [] + +# Collections that this collection requires to be installed for it to be usable. The key of the dict is the +# collection label 'namespace.name'. The value is a version range +# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version +# range specifiers can be set and are separated by ',' +dependencies: {} + +# The URL of the originating SCM repository +# repository: http://example.com/repository + +# The URL to any online docs +# documentation: http://docs.example.com + +# The URL to the homepage of the collection/project +# homepage: http://example.com + +# The URL to the collection issue tracker +# issues: http://example.com/issue/tracker + +# A list of file glob-like patterns used to filter any files or directories that should not be included in the build +# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This +# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', +# and '.git' are always filtered. Mutually exclusive with 'manifest' +build_ignore: [] + +# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a +# list of MANIFEST.in style +# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key +# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive +# with 'build_ignore' +# manifest: null + diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..20f709e --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,52 @@ +--- +# Collections must specify a minimum required ansible version to upload +# to galaxy +# requires_ansible: '>=2.9.10' + +# Content that Ansible needs to load from another location or that has +# been deprecated/removed +# plugin_routing: +# action: +# redirected_plugin_name: +# redirect: ns.col.new_location +# deprecated_plugin_name: +# deprecation: +# removal_version: "4.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# removed_plugin_name: +# tombstone: +# removal_version: "2.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# become: +# cache: +# callback: +# cliconf: +# connection: +# doc_fragments: +# filter: +# httpapi: +# inventory: +# lookup: +# module_utils: +# modules: +# netconf: +# shell: +# strategy: +# terminal: +# test: +# vars: + +# Python import statements that Ansible needs to load from another location +# import_redirection: +# ansible_collections.ns.col.plugins.module_utils.old_location: +# redirect: ansible_collections.ns.col.plugins.module_utils.new_location + +# Groups of actions/modules that take a common set of options +# action_groups: +# group_name: +# - module1 +# - module2 diff --git a/plugins/README.md b/plugins/README.md new file mode 100644 index 0000000..34cd30a --- /dev/null +++ b/plugins/README.md @@ -0,0 +1,31 @@ +# Collections Plugins Directory + +This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that +is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that +would contain module utils and modules respectively. + +Here is an example directory of the majority of plugins currently supported by Ansible: + +``` +└── plugins + ├── action + ├── become + ├── cache + ├── callback + ├── cliconf + ├── connection + ├── filter + ├── httpapi + ├── inventory + ├── lookup + ├── module_utils + ├── modules + ├── netconf + ├── shell + ├── strategy + ├── terminal + ├── test + └── vars +``` + +A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.14/plugins/plugins.html). diff --git a/roles/arc_core/defaults/main.json b/roles/arc_core/defaults/main.json new file mode 100644 index 0000000..1f1d82e --- /dev/null +++ b/roles/arc_core/defaults/main.json @@ -0,0 +1,8 @@ +{ + "var_arc_core_user": "authelia", + "var_arc_core_directory": "/opt/arc", + "var_arc_core_server_host": "::", + "var_arc_core_server_port": 7463, + "var_arc_core_authentication_hash_salt": "REPLACE_ME", + "var_arc_core_authelia_usersfile_path": "/var/authelia/users.yaml" +} diff --git a/roles/arc_core/info.md b/roles/arc_core/info.md new file mode 100644 index 0000000..6a1e975 --- /dev/null +++ b/roles/arc_core/info.md @@ -0,0 +1,4 @@ +## Beschreibung + +- zum Aufsetzen von [ARC](https://gitlab.die-linke.cloud/misc/arc) + diff --git a/roles/arc_core/tasks/main.json b/roles/arc_core/tasks/main.json new file mode 100644 index 0000000..4a1272a --- /dev/null +++ b/roles/arc_core/tasks/main.json @@ -0,0 +1,78 @@ +[ + { + "name": "packages", + "become": true, + "ansible.builtin.apt": { + "update_cache": true, + "pkg": [ + "git", + "make", + "rsync", + "nodejs" + ] + } + }, + { + "name": "user and directory", + "become": true, + "ansible.builtin.user": { + "name": "{{var_arc_core_user}}", + "create_home": true, + "home": "{{var_arc_core_directory}}" + } + }, + { + "name": "program | fetch", + "become": true, + "become_user": "{{var_arc_core_user}}", + "ansible.builtin.git": { + "repo": "https://gitlab.die-linke.cloud/arc/core", + "version": "{{var_arc_core_git_reference}}", + "dest": "/tmp/arc-core-repo" + } + }, + { + "name": "program | build", + "become": true, + "become_user": "{{var_arc_core_user}}", + "ansible.builtin.command": { + "chdir": "/tmp/arc-core-repo", + "cmd": "tools/build" + } + }, + { + "name": "program | deploy", + "become": true, + "become_user": "{{var_arc_core_user}}", + "ansible.builtin.command": { + "chdir": "/tmp/arc-core-repo", + "cmd": "tools/deploy localhost --target-directory={{var_arc_core_directory}}" + } + }, + { + "name": "configuration", + "become": true, + "become_user": "{{var_arc_core_user}}", + "ansible.builtin.template": { + "src": "conf.json.j2", + "dest": "{{var_arc_core_directory}}/conf.json" + } + }, + { + "name": "systemd unit", + "become": true, + "ansible.builtin.template": { + "src": "systemd_unit.j2", + "dest": "/etc/systemd/system/arc.service" + } + }, + { + "name": "run", + "become": true, + "ansible.builtin.systemd_service": { + "name": "arc", + "enabled": true, + "state": "restarted" + } + } +] diff --git a/roles/arc_core/templates/conf.json.j2 b/roles/arc_core/templates/conf.json.j2 new file mode 100644 index 0000000..91d638d --- /dev/null +++ b/roles/arc_core/templates/conf.json.j2 @@ -0,0 +1,15 @@ +{ + "version": 1, + "server": { + "host": "{{var_arc_core_server_host}}", + "port": {{var_arc_core_server_port | string}} + }, + "authentication": { + "timestamp_tolerance": 2.0, + "hash_salt": "{{var_arc_core_authentication_hash_salt}}" + }, + "authelia": { + "usersfile_path": "{{var_arc_core_authelia_usersfile_path}}" + } +} + diff --git a/roles/arc_core/templates/systemd_unit.j2 b/roles/arc_core/templates/systemd_unit.j2 new file mode 100644 index 0000000..3fa49d7 --- /dev/null +++ b/roles/arc_core/templates/systemd_unit.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=ARC +After=network.target + +[Service] +WorkingDirectory={{var_arc_core_directory}} +ExecStart={{var_arc_core_directory}}/arc +Type=simple +Restart=always +User={{var_arc_core_user}} + +[Install] +WantedBy=default.target +RequiredBy=network.target diff --git a/roles/arc_core/vardef.json b/roles/arc_core/vardef.json new file mode 100644 index 0000000..e35cf9c --- /dev/null +++ b/roles/arc_core/vardef.json @@ -0,0 +1,26 @@ +{ + "user": { + "mandatory": false, + "type": "string" + }, + "directory": { + "mandatory": false, + "type": "string" + }, + "server_host": { + "mandatory": false, + "type": "string" + }, + "server_port": { + "mandatory": false, + "type": "integer" + }, + "authentication_hash_salt": { + "mandatory": true, + "type": "string" + }, + "authelia_usersfile_path": { + "mandatory": false, + "type": "string" + } +} diff --git a/tools/check-json-syntax b/tools/check-json-syntax new file mode 100755 index 0000000..d85209b --- /dev/null +++ b/tools/check-json-syntax @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +## consts + +dir_base="." + + +## exec + +flaws=0 +for path in $(find ${dir_base} -name "*.json") +do + echo "-- ${path}" + python3 -m json.tool ${path} > /dev/null || ((flaws+=1)) +done +test ${flaws} -eq 0 diff --git a/tools/rename-roll b/tools/rename-roll new file mode 100755 index 0000000..5d6e078 --- /dev/null +++ b/tools/rename-roll @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +## consts + +dir_base="linke/standard" + + +## args + +name_from=$1 && shift +name_to=$1 && shift + + +## vars + +var_from=$(echo ${name_from} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g") +var_to=$(echo ${name_to} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g") + + +## exec + +git mv ${dir_roles}/roles/${name_from} ${dir_roles}/roles/${name_to} +find ${dir_base} -type f -exec sed --in-place --expression="s|var_${var_from}_|var_${var_to}_|g" {} \; +find ${dir_base} -type f -exec sed --in-place --expression="s|roles/${name_from}|roles/${name_to}|g" {} \;