espe/infrastructure
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[upd]

Browse source
This commit is contained in:
roydfalk 2024-06-05 22:15:46 +02:00
parent 35f5ad5393
commit 9febbd7dbd
11 changed files with 306 additions and 133 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
roles/backend-and-lighttpd/templates/conf.j2 Normal file
View file

@ -0,0 +1,47 @@
$HTTP["host"] == "{{domain}}" {
server.name = "{{domain}}"
# Anfragen auf Port 80 über IPv4
$SERVER["socket"] == ":80" {
# auf HTTPS umleiten
url.redirect = ("^/(.*)" => "https://{{domain}}/$1")
}
# Anfragen auf Port 80 über IPv6
$SERVER["socket"] == "[::]:80" {
# auf HTTPS umleiten
url.redirect = ("^/(.*)" => "https://{{domain}}/$1")
}
# Anfragen auf Port 443 über IPv4
$SERVER["socket"] == ":443" {
# mit dem SSL-Kram beglücken
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/{{domain}}.pem"
ssl.privkey = "/etc/ssl/keys/{{domain}}.pem"
ssl.ca-file = "/etc/ssl/fullchains/{{domain}}.pem"
}
# Anfragen auf Port 443 über IPv6
$SERVER["socket"] == "[::]:443" {
# mit dem SSL-Kram beglücken
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/{{domain}}.pem"
ssl.privkey = "/etc/ssl/keys/{{domain}}.pem"
ssl.ca-file = "/etc/ssl/fullchains/{{domain}}.pem"
}
$HTTP["url"] =~ "^/" {
proxy.server = (
"" => (
"" => (
"host" => "localhost",
"port" => {{port}}
)
)
)
proxy.header = (
"upgrade" => "enable"
)
}
}

25
roles/backend-and-nginx/templates/conf.j2 Normal file
View file

@ -0,0 +1,25 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name {{domain}};
listen 80;
listen [::]:80;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/{{domain}}.pem;
ssl_certificate_key /etc/ssl/private/{{domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
location / {
proxy_pass http://localhost:{{port}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

71
roles/backend/defaults/main.json
View file

@ -1,38 +1,37 @@
{ {
"var_linke_espe_backend_directory": "/opt/espe/backend", "var_espe_backend_directory": "/opt/espe/backend",
"var_linke_espe_backend_git_reference": "master", "var_espe_backend_git_reference": "master",
"var_linke_espe_backend_conf_general_verbosity": "notice", "var_espe_backend_verbosity": "notice",
"var_linke_espe_backend_conf_general_verification_secret": "REPLACE_ME", "var_espe_backend_verification_secret": "REPLACE_ME",
"var_linke_espe_backend_conf_server_port": 7979, "var_espe_backend_port": 7979,
"var_linke_espe_backend_conf_database_kind": "sqlite", "var_espe_backend_database_kind": "sqlite",
"var_linke_espe_backend_conf_database_data_sqlite_path": "data.sqlite", "var_espe_backend_database_data_sqlite_path": "data.sqlite",
"var_linke_espe_backend_conf_database_data_postgresql_host": "postgresql.example.org", "var_espe_backend_database_data_postgresql_host": "postgresql.example.org",
"var_linke_espe_backend_conf_database_data_postgresql_port": 5432, "var_espe_backend_database_data_postgresql_port": 5432,
"var_linke_espe_backend_conf_database_data_postgresql_username": "espe_user", "var_espe_backend_database_data_postgresql_username": "espe_user",
"var_linke_espe_backend_conf_database_data_postgresql_password": "REPLACE_ME", "var_espe_backend_database_data_postgresql_password": "REPLACE_ME",
"var_linke_espe_backend_conf_database_data_postgresql_schema": "espe", "var_espe_backend_database_data_postgresql_schema": "espe",
"var_linke_espe_backend_conf_email_sending_kind": "regular", "var_espe_backend_smtp_host": "smtp.example.org",
"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_host": "smtp.example.org", "var_espe_backend_smtp_port": 587,
"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_port": 587, "var_espe_backend_smtp_username": "REPLACE_ME",
"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_username": "REPLACE_ME", "var_espe_backend_smtp_password": "REPLACE_ME",
"var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_password": "REPLACE_ME", "var_espe_backend_email_sending_kind": "regular",
"var_linke_espe_backend_conf_email_sending_data_regular_smtp_sender": "espe@example.org", "var_espe_backend_email_sending_data_regular_smtp_sender": "espe@example.org",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_host": "smtp.example.org", "var_espe_backend_email_sending_data_redirect_smtp_sender": "espe@example.org",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_port": 587, "var_espe_backend_email_sending_data_redirect_smtp_target": "espe-admin@example.org",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_username": "REPLACE_ME", "var_espe_backend_organisation_name": "Example",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_password": "REPLACE_ME", "var_espe_backend_organisation_domain": "example.org",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_sender": "espe@example.org", "var_espe_backend_prefix_for_veiled_email_addresses": "member-",
"var_linke_espe_backend_conf_email_sending_data_redirect_smtp_target": "espe-admin@example.org", "var_espe_backend_facultative_membership_number": false,
"var_linke_espe_backend_conf_settings_target_domain": "example.org", "var_espe_backend_frontend_url_base": null,
"var_linke_espe_backend_conf_settings_frontend_url_base": null, "var_espe_backend_login_url": null,
"var_linke_espe_backend_conf_settings_login_url": null, "var_espe_backend_password_policy_minimum_length": 8,
"var_linke_espe_backend_conf_settings_password_policy_minimum_length": 8, "var_espe_backend_password_policy_maximum_length": 240,
"var_linke_espe_backend_conf_settings_password_policy_maximum_length": 240, "var_espe_backend_password_policy_must_contain_letter": true,
"var_linke_espe_backend_conf_settings_password_policy_must_contain_letter": true, "var_espe_backend_password_policy_must_contain_number": true,
"var_linke_espe_backend_conf_settings_password_policy_must_contain_number": true, "var_espe_backend_password_policy_must_contain_special_character": true,
"var_linke_espe_backend_conf_settings_password_policy_must_contain_special_character": true, "var_espe_backend_name_index_veil": true,
"var_linke_espe_backend_conf_settings_name_index_veil": true, "var_espe_backend_name_index_salt": "REPLACE_ME",
"var_linke_espe_backend_conf_settings_name_index_salt": "REPLACE_ME", "var_espe_backend_admins": [],
"var_linke_espe_backend_conf_admins": [], "var_espe_backend_output_authelia": null
"var_linke_espe_backend_conf_output_authelia": null
} }

10
roles/backend/tasks/main.json
View file

@ -4,7 +4,7 @@
"delegate_to": "localhost", "delegate_to": "localhost",
"ansible.builtin.git": { "ansible.builtin.git": {
"repo": "dl-cloud-gitlab:espe/backend", "repo": "dl-cloud-gitlab:espe/backend",
"version": "{{var_linke_espe_backend_git_reference}}", "version": "{{var_espe_backend_git_reference}}",
"dest": "/tmp/espe-backend-repo" "dest": "/tmp/espe-backend-repo"
} }
}, },
@ -21,18 +21,14 @@
"delegate_to": "localhost", "delegate_to": "localhost",
"ansible.builtin.command": { "ansible.builtin.command": {
"chdir": "/tmp/espe-backend-repo", "chdir": "/tmp/espe-backend-repo",
"cmd": "tools/deploy {{ansible_host}} {{var_linke_espe_backend_directory}}" "cmd": "tools/deploy {{ansible_host}} {{var_espe_backend_directory}}"
} }
}, },
{ {
"name": "conf", "name": "conf",
"ansible.builtin.template": { "ansible.builtin.template": {
"src": "conf.json.j2", "src": "conf.json.j2",
"dest": "{{var_linke_espe_backend_directory}}/conf.json" "dest": "{{var_espe_backend_directory}}/conf.json"
} }
},
{
"name": "initialize database",
"when": "var_linke_espe_backend_backup_path == None",
} }
] ]

85
roles/backend/templates/conf.json.j2
View file

@ -1,56 +1,56 @@
{ {
"general": { "general": {
"verbosity": "{{var_linke_espe_backend_conf_general_verbosity}}", "verbosity": "{{var_espe_backend_verbosity}}",
"verification_secret": "{{var_linke_espe_backend_conf_general_verification_secret}}" "verification_secret": "{{var_espe_backend_verification_secret}}"
}, },
"server": { "server": {
"port": {{var_linke_espe_backend_conf_server_port | string}} "port": {{var_espe_backend_port | string}}
}, },
"database": { "database": {
{% if var_linke_espe_backend_conf_database_kind == 'sqlite' %} {% if var_espe_backend_database_kind == 'sqlite' %}
"kind": "sqlite", "kind": "sqlite",
"data": { "data": {
"path": "{{var_linke_espe_backend_conf_database_data_sqlite_path}}" "path": "{{var_espe_backend_database_data_sqlite_path}}"
} }
{% endif %} {% endif %}
{% if var_linke_espe_backend_conf_database_kind == 'postgresql' %} {% if var_espe_backend_database_kind == 'postgresql' %}
"kind": "postgresql", "kind": "postgresql",
"data": { "data": {
"host": "{{var_linke_espe_backend_conf_database_data_postgresql_host}}" "host": "{{var_espe_backend_database_data_postgresql_host}}"
"port": {{var_linke_espe_backend_conf_database_data_postgresql_port | string}}, "port": {{var_espe_backend_database_data_postgresql_port | string}},
"username": "{{var_linke_espe_backend_conf_database_data_postgresql_username}}", "username": "{{var_espe_backend_database_data_postgresql_username}}",
"password": "{{var_linke_espe_backend_conf_database_data_postgresql_password}}", "password": "{{var_espe_backend_database_data_postgresql_password}}",
"schema": "{{var_linke_espe_backend_conf_database_data_postgresql_schema}}" "schema": "{{var_espe_backend_database_data_postgresql_schema}}"
} }
{% endif %} {% endif %}
}, },
"email_sending": { "email_sending": {
{% if var_linke_espe_backend_conf_database_kind == 'regular' %} {% if var_espe_backend_database_kind == 'regular' %}
"kind": "regular", "kind": "regular",
"data": { "data": {
"smtp_credentials": { "smtp_credentials": {
"host": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_host}}", "host": "{{var_espe_backend_smtp_host}}",
"port": {{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_port | string}}, "port": {{var_espe_backend_smtp_port | string}},
"username": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_username}}", "username": "{{var_espe_backend_smtp_username}}",
"password": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_credentials_password}}" "password": "{{var_espe_backend_smtp_password}}"
}, },
"sender": "{{var_linke_espe_backend_conf_email_sending_data_regular_smtp_sender}}" "sender": "{{var_espe_backend_email_sending_data_regular_smtp_sender}}"
} }
{% endif %} {% endif %}
{% if var_linke_espe_backend_conf_database_kind == 'redirect' %} {% if var_espe_backend_database_kind == 'redirect' %}
"kind": "redirect", "kind": "redirect",
"data": { "data": {
"smtp_credentials": { "smtp_credentials": {
"host": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_host}}", "host": "{{var_espe_backend_smtp_host}}",
"port": {{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_port | string}}, "port": {{var_espe_backend_smtp_port | string}},
"username": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_username}}", "username": "{{var_espe_backend_smtp_username}}",
"password": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_credentials_password}}" "password": "{{var_espe_backend_smtp_password}}"
}, },
"sender": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_sender}}", "sender": "{{var_espe_backend_email_sending_data_redirect_smtp_sender}}",
"target": "{{var_linke_espe_backend_conf_email_sending_data_redirect_smtp_target}}" "target": "{{var_espe_backend_email_sending_data_redirect_smtp_target}}"
} }
{% endif %} {% endif %}
{% if var_linke_espe_backend_conf_database_kind == 'drop' %} {% if var_espe_backend_database_kind == 'drop' %}
"kind": "drop", "kind": "drop",
"data": { "data": {
} }
@ -62,25 +62,32 @@
"lifetime": 86400 "lifetime": 86400
}, },
"settings": { "settings": {
"target_domain": "{{var_linke_espe_backend_conf_settings_target_domain}}", "organisation": {
"frontend_url_base": {{var_linke_espe_backend_conf_settings_frontend_url_base | json}}, "name": "{{var_espe_backend_settings_organisation_name}}",
"login_url": {{var_linke_espe_backend_conf_settings_login_url | json}}, "domain": "{{var_espe_backend_settings_organisation_domain}}"
"prefix_for_nominal_email_addresses": "mitglied-", },
"facultative_membership_number": false, "misc": {
"prefix_for_veiled_email_addresses": "{{var_espe_backend_settings_prefix_for_veiled_email_addresses}}",
"facultative_membership_number": {{var_espe_backend_settings_facultative_membership_number | json}}
},
"password_policy": { "password_policy": {
"minimum_length": {{var_linke_espe_backend_conf_settings_password_policy_minimum_length | string}}, "minimum_length": {{var_espe_backend_settings_password_policy_minimum_length | string}},
"maximum_length": {{var_linke_espe_backend_conf_settings_password_policy_maximum_length | string}}, "maximum_length": {{var_espe_backend_settings_password_policy_maximum_length | string}},
"must_contain_letter": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_letter | json}}, "must_contain_letter": {{var_espe_backend_settings_password_policy_must_contain_letter | json}},
"must_contain_number": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_number | json}}, "must_contain_number": {{var_espe_backend_settings_password_policy_must_contain_number | json}},
"must_contain_special_character": {{var_linke_espe_backend_conf_settings_password_policy_must_contain_special_character | json}} "must_contain_special_character": {{var_espe_backend_settings_password_policy_must_contain_special_character | json}}
}, },
"name_index": { "name_index": {
"veil": {{var_linke_espe_backend_conf_settings_name_index_veil | json}}, "veil": {{var_espe_backend_settings_name_index_veil | json}},
"salt": "{{var_linke_espe_backend_conf_settings_name_index_salt}}" "salt": "{{var_espe_backend_settings_name_index_salt}}"
},
"connections": {
"frontend_url_base": {{var_espe_backend_settings_frontend_url_base | json}},
"login_url": {{var_espe_backend_settings_login_url | json}}
} }
}, },
"admins": {{var_linke_espe_backend_conf_admins | json}}, "admins": {{var_espe_backend_admins | json}},
"output": { "output": {
"authelia": {{var_linke_espe_backend_conf_output_authelia | json}} "authelia": {{var_espe_backend_output_authelia | json}}
} }
} }

96
roles/backend/vardef.json
View file

@ -7,7 +7,7 @@
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_general_verbosity": { "verbosity": {
"type": "string", "type": "string",
"options": [ "options": [
"debug", "debug",
@ -18,46 +18,62 @@
], ],
"mandatory": false "mandatory": false
}, },
"conf_general_verification_secret": { "verification_secret": {
"type": "string", "type": "string",
"mandatory": true "mandatory": true
}, },
"conf_server_port": { "port": {
"type": "integer", "type": "integer",
"mandatory": false "mandatory": false
}, },
"conf_database_kind": { "database_kind": {
"type": "string", "type": "string",
"options": [ "options": [
"sqlite" "sqlite"
], ],
"mandatory": false "mandatory": false
}, },
"conf_database_data_sqlite_path": { "database_data_sqlite_path": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_database_data_postgresql_host": { "database_data_postgresql_host": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_database_data_postgresql_port": { "database_data_postgresql_port": {
"type": "integer", "type": "integer",
"mandatory": false "mandatory": false
}, },
"conf_database_data_postgresql_username": { "database_data_postgresql_username": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_database_data_postgresql_password": { "database_data_postgresql_password": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_database_data_postgresql_schema": { "database_data_postgresql_schema": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_kind": { "smtp_host": {
"type": "string",
"mandatory": false
},
"smtp_port": {
"type": "integer",
"mandatory": false
},
"smtp_username": {
"type": "string",
"mandatory": false
},
"smtp_password": {
"type": "string",
"mandatory": false
},
"email_sending_kind": {
"type": "string", "type": "string",
"options": [ "options": [
"regular", "regular",
@ -66,93 +82,73 @@
], ],
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_regular_smtp_credentials_host": { "email_sending_data_regular_smtp_sender": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_regular_smtp_credentials_port": { "email_sending_data_redirect_smtp_sender": {
"type": "integer",
"mandatory": false
},
"conf_email_sending_data_regular_smtp_credentials_username": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_regular_smtp_credentials_password": { "email_sending_data_redirect_smtp_target": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_regular_smtp_sender": { "settings_organisation_name": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_redirect_smtp_credentials_host": { "settings_organisation_domain": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_redirect_smtp_credentials_port": { "settings_prefix_for_veiled_email_addresses": {
"type": "integer",
"mandatory": false
},
"conf_email_sending_data_redirect_smtp_credentials_username": {
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_redirect_smtp_credentials_password": { "settings_facultative_membership_number": {
"type": "string", "type": "boolean",
"mandatory": false "mandatory": false
}, },
"conf_email_sending_data_redirect_smtp_sender": { "settings_frontend_url_base": {
"type": "string",
"mandatory": false
},
"conf_email_sending_data_redirect_smtp_target": {
"type": "string",
"mandatory": false
},
"conf_settings_target_domain": {
"type": "string",
"mandatory": false
},
"conf_settings_frontend_url_base": {
"nullable": true, "nullable": true,
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_settings_login_url": { "settings_login_url": {
"nullable": true, "nullable": true,
"type": "string", "type": "string",
"mandatory": false "mandatory": false
}, },
"conf_settings_password_policy_minimum_length": { "settings_password_policy_minimum_length": {
"type": "integer", "type": "integer",
"mandatory": false "mandatory": false
}, },
"conf_settings_password_policy_maximum_length": { "settings_password_policy_maximum_length": {
"type": "integer", "type": "integer",
"mandatory": false "mandatory": false
}, },
"conf_settings_password_policy_must_contain_letter": { "settings_password_policy_must_contain_letter": {
"type": "boolean", "type": "boolean",
"mandatory": false "mandatory": false
}, },
"conf_settings_password_policy_must_contain_number": { "settings_password_policy_must_contain_number": {
"type": "boolean", "type": "boolean",
"mandatory": false "mandatory": false
}, },
"conf_settings_password_policy_must_contain_special_character": { "settings_password_policy_must_contain_special_character": {
"type": "boolean", "type": "boolean",
"mandatory": false "mandatory": false
}, },
"conf_settings_name_index_veil": { "settings_name_index_veil": {
"type": "boolean", "type": "boolean",
"mandatory": false "mandatory": false
}, },
"conf_settings_name_index_salt": { "settings_name_index_salt": {
"type": "string", "type": "string",
"mandatory": true "mandatory": true
}, },
"conf_admins": { "admins": {
"type": "array", "type": "array",
"items": { "items": {
"type": "object", "type": "object",
@ -175,7 +171,7 @@
}, },
"mandatory": false "mandatory": false
}, },
"conf_output_authelia": { "output_authelia": {
"nullable": true, "nullable": true,
"type": "string" "type": "string"
} }

34
roles/frontend-and-lighttpd/templates/conf.j2 Normal file
View file

@ -0,0 +1,34 @@
$HTTP["host"] == "{{domain}}" {
server.name = "{{domain}}"
server.document-root = "{{directory}}"
# Anfragen auf Port 80 über IPv4
$SERVER["socket"] == ":80" {
# auf HTTPS umleiten
url.redirect = ("^/(.*)" => "https://{{domain}}/$1")
}
# Anfragen auf Port 80 über IPv6
$SERVER["socket"] == "[::]:80" {
# auf HTTPS umleiten
url.redirect = ("^/(.*)" => "https://{{domain}}/$1")
}
# Anfragen auf Port 443 über IPv4
$SERVER["socket"] == ":443" {
# mit dem SSL-Kram beglücken
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/{{domain}}.pem"
ssl.privkey = "/etc/ssl/keys/{{domain}}.pem"
ssl.ca-file = "/etc/ssl/fullchains/{{domain}}.pem"
}
# Anfragen auf Port 443 über IPv6
$SERVER["socket"] == "[::]:443" {
# mit dem SSL-Kram beglücken
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/{{domain}}.pem"
ssl.privkey = "/etc/ssl/keys/{{domain}}.pem"
ssl.ca-file = "/etc/ssl/fullchains/{{domain}}.pem"
}
}

14
roles/frontend-and-nginx/templates/conf.j2 Normal file
View file

@ -0,0 +1,14 @@
server {
server_name {{domain}};
listen 80;
listen [::]:80;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/{{domain}}.pem;
ssl_certificate_key /etc/ssl/private/{{domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
root {{directory}};
}

4
roles/postgresql-for-espe/defaults/main.json
View file

@ -1,5 +1,7 @@
{ {
"var_postgresql_for_espe_username": "espe_user", "var_postgresql_for_espe_username": "espe_user",
"var_postgresql_for_espe_password": "REPLACE_ME", "var_postgresql_for_espe_password": "REPLACE_ME",
"var_postgresql_for_espe_schema": "espe" "var_postgresql_for_espe_schema": "espe",
"var_postgresql_for_espe_git_reference": "master",
"var_postgresql_for_espe_revision": "r4"
} }

35
roles/postgresql-for-espe/tasks/main.json
View file

@ -46,4 +46,39 @@
"grant_option": true "grant_option": true
} }
} }
{
"name": "structure | fetch",
"delegate_to": "localhost",
"ansible.builtin.git": {
"repo": "dl-cloud-gitlab:espe/datamodel",
"version": "{{var_postgresql_for_espe_git_reference}}",
"dest": "/tmp/espe-datamodel-repo"
}
},
{
"name": "structure | build",
"delegate_to": "localhost",
"ansible.builtin.command": {
"chdir": "/tmp/espe-datamodel-repo",
"cmd": "tools/build {{var_postgresql_for_espe_revision}} database:postgresql > /tmp/espe.sql"
}
},
{
"name": "structure | transfer",
"ansible.builtin.copy": {
"src": "/tmp/espe.sql",
"dest": "/tmp/espe.sql"
}
},
{
"name": "structure | apply",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_query": {
"db": "{{var_postgresql_for_espe_schema}}",
"login_user": "{{var_postgresql_for_espe_username}}",
"login_password": "{{var_postgresql_for_espe_password}}",
"query": "{{lookup('ansible.builtin.file','/tmp/espe.sql')}}"
}
}
] ]

18
roles/postgresql-for-espe/vardef.json Normal file
View file

@ -0,0 +1,18 @@
{
"username": {
"type": "string",
"mandatory": false
},
"password": {
"type": "string",
"mandatory": true
},
"schema": {
"type": "string",
"mandatory": false
},
"git_reference": {
"type": "string",
"mandatory": false
}
}