[ini]

.editorconfig

@@ -0,0 +1,27 @@
+# see https://EditorConfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = tab
+indent_style = tab
+tab_width = 4
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+curly_bracket_next_line = false
+indent_brace_style = K&R
+spaces_around_operators = true
+spaces_around_brackets = false
+quote_type = double
+
+[*.y{,a}ml{,lint}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+indent_style = space
+indent_size = 2
+

.gitignore

@@ -0,0 +1 @@
+/.geany

.gitlab-ci.yml

@@ -0,0 +1,5 @@
+syntaxcheck:
+    image: docker.io/library/alpine:3.18
+    script:
+        - apk update && apk add bash python3
+        - tools/check-json-syntax

README.md

@@ -0,0 +1,3 @@
+# Ansible Collection - linke.espe
+
+Documentation for the collection.

galaxy.yml

@@ -0,0 +1,69 @@
+### REQUIRED
+# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
+# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
+# underscores or numbers and cannot contain consecutive underscores
+namespace: linke
+
+# The name of the collection. Has the same character restrictions as 'namespace'
+name: espe
+
+# The version of the collection. Must be compatible with semantic versioning
+version: 1.0.0
+
+# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
+readme: README.md
+
+# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
+# @nicks:irc/im.site#channel'
+authors:
+- Royd Falk <roydfalk@folksprak.org>
+
+
+### OPTIONAL but strongly recommended
+# A short summary description of the collection
+description: "Sammlung von Rollen für Espe"
+
+# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
+# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
+license:
+- GPL-3.0-or-later
+
+# The path to the license file for the collection. This path is relative to the root of the collection. This key is
+# mutually exclusive with 'license'
+license_file: ''
+
+# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
+# requirements as 'namespace' and 'name'
+tags: []
+
+# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
+# collection label 'namespace.name'. The value is a version range
+# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
+# range specifiers can be set and are separated by ','
+dependencies: {}
+
+# The URL of the originating SCM repository
+# repository: http://example.com/repository
+
+# The URL to any online docs
+# documentation: http://docs.example.com
+
+# The URL to the homepage of the collection/project
+# homepage: http://example.com
+
+# The URL to the collection issue tracker
+# issues: http://example.com/issue/tracker
+
+# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
+# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
+# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
+# and '.git' are always filtered. Mutually exclusive with 'manifest'
+build_ignore: []
+
+# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
+# list of MANIFEST.in style
+# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
+# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
+# with 'build_ignore'
+# manifest: null
+

meta/runtime.yml

@@ -0,0 +1,52 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+# requires_ansible: '>=2.9.10'
+
+# Content that Ansible needs to load from another location or that has
+# been deprecated/removed
+# plugin_routing:
+#   action:
+#     redirected_plugin_name:
+#       redirect: ns.col.new_location
+#     deprecated_plugin_name:
+#       deprecation:
+#         removal_version: "4.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#     removed_plugin_name:
+#       tombstone:
+#         removal_version: "2.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#   become:
+#   cache:
+#   callback:
+#   cliconf:
+#   connection:
+#   doc_fragments:
+#   filter:
+#   httpapi:
+#   inventory:
+#   lookup:
+#   module_utils:
+#   modules:
+#   netconf:
+#   shell:
+#   strategy:
+#   terminal:
+#   test:
+#   vars:
+
+# Python import statements that Ansible needs to load from another location
+# import_redirection:
+#   ansible_collections.ns.col.plugins.module_utils.old_location:
+#     redirect: ansible_collections.ns.col.plugins.module_utils.new_location
+
+# Groups of actions/modules that take a common set of options
+# action_groups:
+#   group_name:
+#     - module1
+#     - module2

plugins/README.md

@@ -0,0 +1,31 @@
+# Collections Plugins Directory
+
+This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that
+is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that
+would contain module utils and modules respectively.
+
+Here is an example directory of the majority of plugins currently supported by Ansible:
+
+```
+└── plugins
+    ├── action
+    ├── become
+    ├── cache
+    ├── callback
+    ├── cliconf
+    ├── connection
+    ├── filter
+    ├── httpapi
+    ├── inventory
+    ├── lookup
+    ├── module_utils
+    ├── modules
+    ├── netconf
+    ├── shell
+    ├── strategy
+    ├── terminal
+    ├── test
+    └── vars
+```
+
+A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.16/plugins/plugins.html).

roles/backend/defaults/main.json

@@ -0,0 +1,38 @@
+{
+	"var_linke_espe_backend_directory": "/opt/espe/backend",
+	"var_linke_espe_backend_git_reference": "master",
+	"var_linke_espe_backend_conf_general_verbosity": "notice",
+	"var_linke_espe_backend_conf_general_verification_secret": "REPLACE_ME",
+	"var_linke_espe_backend_conf_server_port": 7979,
+	"var_linke_espe_backend_conf_database_kind": "sqlite",
+	"var_linke_espe_backend_conf_database_data_sqlite_path": "data.sqlite",
+	"var_linke_espe_backend_conf_database_data_postgresql_host": "postgresql.example.org",
+	"var_linke_espe_backend_conf_database_data_postgresql_port": 5432,
+	"var_linke_espe_backend_conf_database_data_postgresql_username": "espe_user",
+	"var_linke_espe_backend_conf_database_data_postgresql_password": "REPLACE_ME",
+	"var_linke_espe_backend_conf_database_data_postgresql_schema": "espe",
+	"var_linke_espe_backend_conf_email_sending_kind": "regular",
+	"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_host": "smtp.example.org",
+	"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_port": 587,
+	"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_username": "REPLACE_ME",
+	"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_password": "REPLACE_ME",
+	"var_linke_espe_backend_conf_email_sending_data_regular_smtp_sender": "espe@example.org",
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_host": "smtp.example.org",
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_port": 587,
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_username": "REPLACE_ME",
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_password": "REPLACE_ME",
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_sender": "espe@example.org",
+	"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_target": "espe-admin@example.org",
+	"var_linke_espe_backend_conf_settings_target_domain": "example.org",
+	"var_linke_espe_backend_conf_settings_frontend_url_base": null,
+	"var_linke_espe_backend_conf_settings_login_url": null,
+	"var_linke_espe_backend_conf_settings_password_policy_minimum_length": 8,
+	"var_linke_espe_backend_conf_settings_password_policy_maximum_length": 240,
+	"var_linke_espe_backend_conf_settings_password_policy_must_contain_letter": true,
+	"var_linke_espe_backend_conf_settings_password_policy_must_contain_number": true,
+	"var_linke_espe_backend_conf_settings_password_policy_must_contain_special_character": true,
+	"var_linke_espe_backend_conf_settings_name_index_veil": true,
+	"var_linke_espe_backend_conf_settings_name_index_salt": "REPLACE_ME",
+	"var_linke_espe_backend_conf_admins": [],
+	"var_linke_espe_backend_conf_output_authelia": null
+}

roles/backend/tasks/main.json

@@ -0,0 +1,38 @@
+[
+	{
+		"name": "program | fetch",
+		"delegate_to": "localhost",
+		"ansible.builtin.git": {
+			"repo": "dl-cloud-gitlab:espe/backend",
+			"version": "{{var_linke_espe_backend_git_reference}}",
+			"dest": "/tmp/espe-backend-repo"
+		}
+	},
+	{
+		"name": "program | build",
+		"delegate_to": "localhost",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/espe-backend-repo",
+			"cmd": "tools/build --output-directory=/tmp/espe-backend-build"
+		}
+	},
+	{
+		"name": "program | deploy",
+		"delegate_to": "localhost",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/espe-backend-repo",
+			"cmd": "tools/deploy {{ansible_host}} {{var_linke_espe_backend_directory}}"
+		}
+	},
+	{
+		"name": "conf",
+		"ansible.builtin.template": {
+			"src": "conf.json.j2",
+			"dest": "{{var_linke_espe_backend_directory}}/conf.json"
+		}
+	},
+	{
+		"name": "initialize database",
+		"when": "var_linke_espe_backend_backup_path == None",
+	}
+]

roles/backend/templates/conf.json.j2

@@ -0,0 +1,86 @@
+{
+	"general": {
+		"verbosity": "{{var_linke_espe_backend_conf_general_verbosity}}",
+		"verification_secret": "{{var_linke_espe_backend_conf_general_verification_secret}}"
+	},
+	"server": {
+		"port": {{var_linke_espe_backend_conf_server_port | string}}
+	},
+	"database": {
+{% if var_linke_espe_backend_conf_database_kind == 'sqlite' %}
+		"kind": "sqlite",
+		"data": {
+			"path": "{{var_linke_espe_backend_conf_database_data_sqlite_path}}"
+		}
+{% endif %}
+{% if var_linke_espe_backend_conf_database_kind == 'postgresql' %}
+		"kind": "postgresql",
+		"data": {
+			"host": "{{var_linke_espe_backend_conf_database_data_postgresql_host}}"
+			"port": {{var_linke_espe_backend_conf_database_data_postgresql_port | string}},
+			"username": "{{var_linke_espe_backend_conf_database_data_postgresql_username}}",
+			"password": "{{var_linke_espe_backend_conf_database_data_postgresql_password}}",
+			"schema": "{{var_linke_espe_backend_conf_database_data_postgresql_schema}}"
+		}
+{% endif %}
+	},
+	"email_sending": {
+{% if var_linke_espe_backend_conf_database_kind == 'regular' %}
+		"kind": "regular",
+		"data": {
+			"smtp_credentials": {
+				"host": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_host}}",
+				"port": {{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_port | string}},
+				"username": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_username}}",
+				"password": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_password}}"
+			},
+			"sender": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_sender}}"
+		}
+{% endif %}
+{% if var_linke_espe_backend_conf_database_kind == 'redirect' %}
+		"kind": "redirect",
+		"data": {
+			"smtp_credentials": {
+				"host": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_host}}",
+				"port": {{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_port | string}},
+				"username": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_username}}",
+				"password": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_password}}"
+			},
+			"sender": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_sender}}",
+			"target": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_target}}"
+		}
+{% endif %}
+{% if var_linke_espe_backend_conf_database_kind == 'drop' %}
+		"kind": "drop",
+		"data": {
+		}
+{% endif %}
+	},
+	"session_management": {
+		"in_memory": false,
+		"drop_all_at_start": false,
+		"lifetime": 86400
+	},
+	"settings": {
+		"target_domain": "{{var_linke_espe_backend_conf_settings_target_domain}}",
+		"frontend_url_base": {{var_linke_espe_backend_conf_settings_frontend_url_base | json}},
+		"login_url": {{var_linke_espe_backend_conf_settings_login_url | json}},
+		"prefix_for_nominal_email_addresses": "mitglied-",
+		"facultative_membership_number": false,
+		"password_policy": {
+			"minimum_length": {{var_linke_espe_backend_conf_settings_password_policy_minimum_length | string}},
+			"maximum_length": {{var_linke_espe_backend_conf_settings_password_policy_maximum_length | string}},
+			"must_contain_letter": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_letter | json}},
+			"must_contain_number": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_number | json}},
+			"must_contain_special_character": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_special_character | json}}
+		},
+		"name_index": {
+			"veil": {{var_linke_espe_backend_conf_settings_name_index_veil | json}},
+			"salt": "{{var_linke_espe_backend_conf_settings_name_index_salt}}"
+		}
+	},
+	"admins": {{var_linke_espe_backend_conf_admins | json}},
+	"output": {
+		"authelia": {{var_linke_espe_backend_conf_output_authelia | json}}
+	}
+}

roles/backend/vardef.json

@@ -0,0 +1,182 @@
+{
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"git_reference": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_general_verbosity": {
+		"type": "string",
+		"options": [
+			"debug",
+			"info",
+			"notice",
+			"warning",
+			"error"
+		],
+		"mandatory": false
+	},
+	"conf_general_verification_secret": {
+		"type": "string",
+		"mandatory": true
+	},
+	"conf_server_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_database_kind": {
+		"type": "string",
+		"options": [
+			"sqlite"
+		],
+		"mandatory": false
+	},
+	"conf_database_data_sqlite_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_database_data_postgresql_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_database_data_postgresql_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_database_data_postgresql_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_database_data_postgresql_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_database_data_postgresql_schema": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_kind": {
+		"type": "string",
+		"options": [
+			"regular",
+			"redirect",
+			"drop"
+		],
+		"mandatory": false
+	},
+	"conf_email_sending_data_regular_smtp_credentials_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_regular_smtp_credentials_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_email_sending_data_regular_smtp_credentials_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_regular_smtp_credentials_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_regular_smtp_sender": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_credentials_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_credentials_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_credentials_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_credentials_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_sender": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_email_sending_data_redirect_smtp_target": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_settings_target_domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_settings_frontend_url_base": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_settings_login_url": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"conf_settings_password_policy_minimum_length": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_settings_password_policy_maximum_length": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"conf_settings_password_policy_must_contain_letter": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"conf_settings_password_policy_must_contain_number": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"conf_settings_password_policy_must_contain_special_character": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"conf_settings_name_index_veil": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"conf_settings_name_index_salt": {
+		"type": "string",
+		"mandatory": true
+	},
+	"conf_admins": {
+		"type": "array",
+		"items": {
+			"type": "object",
+			"properties": {
+				"name": {
+					"type": "string"
+				},
+				"password_image": {
+					"type": "string"
+				},
+				"email_address": {
+					"type": "string"
+				}
+			},
+			"required": [
+				"name",
+				"password_image",
+				"email_address"
+			]
+		},
+		"mandatory": false
+	},
+	"conf_output_authelia": {
+		"nullable": true,
+		"type": "string"
+	}
+}

roles/database/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_linke_espe_database_git_reference": "master",
+	"var_linke_espe_database_revision": "r4",
+	"var_linke_espe_database_backup_path": null
+}

roles/database/tasks/main.json

@@ -0,0 +1,23 @@
+[
+	{
+		"name": "fetch",
+		"delegate_to": "localhost",
+		"ansible.builtin.git": {
+			"repo": "dl-cloud-gitlab:espe/backend",
+			"version": "{{var_linke_espe_database_git_reference}}",
+			"dest": "/tmp/espe-database-repo"
+		}
+	},
+	{
+		"name": "build",
+		"delegate_to": "localhost",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/espe-database-repo",
+			"cmd": "tools/build {{var_linke_espe_database_revision}} > /tmp/espe-db-init.sql"
+		}
+	},
+	{
+		"name": "initialize",
+		"when": "var_linke_espe_database_backup_path == None",
+	}
+]

roles/database/vardef.json

@@ -0,0 +1,17 @@
+{
+	"git_reference": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"revision": {
+		"nullable": false,
+		"type": "string",
+		"mandatory": true
+	},
+	"backup_path": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	}
+}

roles/postgresql-for-espe/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_postgresql_for_espe_username": "espe_user",
+	"var_postgresql_for_espe_password": "REPLACE_ME",
+	"var_postgresql_for_espe_schema": "espe"
+}

roles/postgresql-for-espe/tasks/main.json

@@ -0,0 +1,49 @@
+[
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"acl",
+				"python3-psycopg2"
+			]
+		}
+	},
+	{
+		"name": "user",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_user": {
+			"state": "present",
+			"name": "{{var_postgresql_for_espe_username}}",
+			"password": "{{var_postgresql_for_espe_password}}"
+		},
+		"environment": {
+			"PGOPTIONS": "-c password_encryption=scram-sha-256"
+		}
+	},
+	{
+		"name": "schema",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_db": {
+			"state": "present",
+			"name": "{{var_postgresql_for_espe_schema}}",
+			"owner": "{{var_postgresql_for_espe_username}}"
+		}
+	},
+	{
+		"name": "rights",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_privs": {
+			"state": "present",
+			"db": "{{var_postgresql_for_espe_schema}}",
+			"objs": "ALL_IN_SCHEMA",
+			"roles": "{{var_postgresql_for_espe_username}}",
+			"privs": "ALL",
+			"grant_option": true
+		}
+	}
+]

tools/check-json-syntax

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+## consts
+
+dir_base="."
+
+
+## exec
+
+flaws=0
+for path in $(find ${dir_base} -name "*.json")
+do
+	echo "-- ${path}"
+	python3 -m json.tool ${path} > /dev/null || ((flaws+=1))
+done
+test ${flaws} -eq 0

tools/rename-roll

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+## consts
+
+dir_base="linke/standard"
+
+
+## args
+
+name_from=$1 && shift
+name_to=$1 && shift
+
+
+## vars
+
+var_from=$(echo ${name_from} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g")
+var_to=$(echo ${name_to} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g")
+
+
+## exec
+
+git mv ${dir_roles}/roles/${name_from} ${dir_roles}/roles/${name_to}
+find ${dir_base} -type f -exec sed --in-place --expression="s|var_${var_from}_|var_${var_to}_|g" {} \;
+find ${dir_base} -type f -exec sed --in-place --expression="s|roles/${name_from}|roles/${name_to}|g" {} \;