[mod] role:espe_frontend:add variables for registration defaults

roles/espe_backend-and-nginx/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_espe_backend_and_nginx_domain": "espe.example.org",
+	"var_espe_backend_and_nginx_port": 4916,
+	"var_espe_backend_and_nginx_tls": true
+}

roles/espe_backend-and-nginx/tasks/main.json

@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_espe_backend_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_espe_backend_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_espe_backend_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]

roles/espe_backend-and-nginx/templates/conf.j2

@@ -4,19 +4,21 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
-	server_name {{domain}};
+	server_name {{var_espe_backend_and_nginx_domain}};
 	
 	listen 80;
 	listen [::]:80;
+{% if var_espe_backend_and_nginx_tls %}
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate /etc/ssl/certs/{{domain}}.pem;
-	ssl_certificate_key /etc/ssl/private/{{domain}}.pem;
+	ssl_certificate /etc/ssl/certs/{{var_espe_backend_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_espe_backend_and_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
+{% endif %}
 	
 	location / {
-		proxy_pass http://localhost:{{port}};
+		proxy_pass http://localhost:{{var_espe_backend_and_nginx_port | string}};
 		proxy_set_header Host $host;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

roles/espe_backend/templates/conf.json.j2

@@ -25,7 +25,7 @@
 {% endif %}
 	},
 	"email_sending": {
-{% if var_espe_backend_database_kind == 'regular' %}
+{% if var_espe_backend_email_sending_kind == 'regular' %}
 		"kind": "regular",
 		"data": {
 			"smtp_credentials": {
@@ -37,7 +37,7 @@
 			"sender": "{{var_espe_backend_email_sending_data_regular_smtp_sender}}"
 		}
 {% endif %}
-{% if var_espe_backend_database_kind == 'redirect' %}
+{% if var_espe_backend_email_sending_kind == 'redirect' %}
 		"kind": "redirect",
 		"data": {
 			"smtp_credentials": {

roles/espe_backend/templates/systemd_unit.j2

@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 WorkingDirectory={{var_espe_backend_directory}}
-ExecStart=./espe serve
+ExecStart={{var_espe_backend_directory}}/espe serve
 Type=simple
 Restart=always
 User={{var_espe_backend_user}}

roles/espe_frontend-and-nginx/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_espe_frontend_and_nginx_domain": "zackeneule.example.org",
+	"var_espe_frontend_and_nginx_directory": "/opt/zackeneule",
+	"var_espe_frontend_and_nginx_tls": true
+}

roles/espe_frontend-and-nginx/tasks/main.json

@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_espe_frontend_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_espe_frontend_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_espe_frontend_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]

roles/espe_frontend-and-nginx/templates/conf.j2

@@ -1,14 +1,16 @@
 server {
-	server_name {{domain}};
+	server_name {{var_espe_frontend_and_nginx_domain}};
 	
 	listen 80;
 	listen [::]:80;
+{% if var_espe_frontend_and_nginx_tls %}
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate /etc/ssl/certs/{{domain}}.pem;
-	ssl_certificate_key /etc/ssl/private/{{domain}}.pem;
+	ssl_certificate /etc/ssl/certs/{{var_espe_frontend_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_espe_frontend_and_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
+{% endif %}
 	
-	root {{directory}};
+	root {{var_espe_frontend_and_nginx_directory}};
 }

roles/espe_frontend/defaults/main.json

@@ -0,0 +1,12 @@
+{
+	"var_espe_frontend_git_reference": "master",
+	"var_espe_frontend_directory": "/opt/zackeneule",
+	"var_espe_frontend_user": "root",
+	"var_espe_frontend_title": "Zackeneule",
+	"var_espe_frontend_backend_scheme": "https",
+	"var_espe_frontend_backend_host": "espe.example.org",
+	"var_espe_frontend_backend_port": 4916,
+	"var_espe_frontend_backend_path_base": "",
+	"var_espe_frontend_registration_default_email_address": "both",
+	"var_espe_frontend_registration_default_email_redirect": true
+}

roles/espe_frontend/tasks/main.json

@@ -0,0 +1,53 @@
+[
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"git",
+				"make",
+				"nodejs"
+			]
+		}
+	},
+	{
+		"name": "directory",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "directory",
+			"owner": "{{var_espe_frontend_user}}"
+		}
+	},
+	{
+		"name": "program | fetch",
+		"ansible.builtin.git": {
+			"repo": "https://gitlab.die-linke.cloud/espe/frontend",
+			"version": "{{var_espe_frontend_git_reference}}",
+			"dest": "/tmp/espe-frontend-repo"
+		}
+	},
+	{
+		"name": "program | build",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/espe-frontend-repo",
+			"cmd": "tools/build"
+		}
+	},
+	{
+		"name": "program | deploy",
+		"become": true,
+		"ansible.builtin.shell": {
+			"cmd": "cp --recursive --update /tmp/espe-frontend-repo/build/* {{var_espe_frontend_directory}}/ && chown --recursive {{var_espe_frontend_user}} {{var_espe_frontend_directory}}"
+		}
+	},
+	{
+		"name": "conf",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.json.j2",
+			"dest": "{{var_espe_frontend_directory}}/conf.json",
+			"owner": "{{var_espe_frontend_user}}"
+		}
+	}
+]

roles/espe_frontend/templates/conf.json.j2

@@ -0,0 +1,15 @@
+{
+	"backend": {
+		"scheme": "{{var_espe_frontend_backend_scheme}}",
+		"host": "{{var_espe_frontend_backend_host}}",
+		"port": {{var_espe_frontend_backend_port | string}},
+		"path_base": "{{var_espe_frontend_backend_path_base}}"
+	},
+	"settings" : {
+		"title": "{{var_espe_frontend_title}}",
+		"registration_defaults": {
+			"email_address": "{{var_espe_frontend_registration_default_email_address}}",
+			"email_redirect": {{var_espe_frontend_registration_default_email_redirect | to_json}}"
+		}
+	}
+}

roles/espe_frontend/vardef.json

@@ -0,0 +1,47 @@
+{
+	"git_reference": {
+		"type": "string",
+		"mandatory": false
+	},
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"user": {
+		"type": "string",
+		"mandatory": false
+	},
+	"title": {
+		"type": "string",
+		"mandatory": false
+	},
+	"backend_scheme": {
+		"type": "string",
+		"mandatory": false
+	},
+	"backend_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"backend_port": {
+		"type": "string",
+		"mandatory": false
+	},
+	"backend_path_base": {
+		"type": "string",
+		"mandatory": false
+	},
+	"registration_default_email_address": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"none",
+			"only_veiled",
+			"both"
+		]
+	},
+	"registration_default_email_redirect": {
+		"type": "boolean",
+		"mandatory": false
+	}
+}