From 5b9545010a1941d31e93562c80dab564c526ea91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 13:35:11 +0100 Subject: [PATCH 01/24] [add] postgresql-for-tandoor --- .../postgresql-for-tandoor/defaults/main.json | 5 ++ roles/postgresql-for-tandoor/tasks/main.json | 50 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 roles/postgresql-for-tandoor/defaults/main.json create mode 100644 roles/postgresql-for-tandoor/tasks/main.json diff --git a/roles/postgresql-for-tandoor/defaults/main.json b/roles/postgresql-for-tandoor/defaults/main.json new file mode 100644 index 0000000..93f9536 --- /dev/null +++ b/roles/postgresql-for-tandoor/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_postgresql_for_tandoor_username": "tandoor_user", + "var_postgresql_for_tandoor_password": "REPLACE_ME", + "var_postgresql_for_tandoor_schema": "tandoor" +} diff --git a/roles/postgresql-for-tandoor/tasks/main.json b/roles/postgresql-for-tandoor/tasks/main.json new file mode 100644 index 0000000..286d466 --- /dev/null +++ b/roles/postgresql-for-tandoor/tasks/main.json @@ -0,0 +1,50 @@ +[ + { + "name": "packages", + "become": true, + "ansible.builtin.apt": { + "update_cache": true, + "pkg": [ + "acl", + "python3-psycopg2", + "libpq-dev" + ] + } + }, + { + "name": "user", + "become": true, + "become_user": "tandoor", + "community.tandoorql.tandoorql_user": { + "state": "present", + "name": "{{var_postgresql_for_tandoor_username}}", + "password": "{{var_postgresql_for_tandoor_password}}" + }, + "environment": { + "PGOPTIONS": "-c password_encryption=scram-sha-256" + } + }, + { + "name": "schema", + "become": true, + "become_user": "tandoor", + "community.tandoorql.tandoorql_db": { + "state": "present", + "name": "{{var_postgresql_for_tandoor_schema}}", + "owner": "{{var_postgresql_for_tandoor_username}}" + } + }, + { + "name": "rights", + "become": true, + "become_user": "tandoor", + "community.tandoorql.tandoorql_privs": { + "state": "present", + "db": "{{var_postgresql_for_tandoor_schema}}", + "objs": "ALL_IN_SCHEMA", + "roles": "{{var_postgresql_for_tandoor_username}}", + "privs": "ALL", + "grant_option": true + } + } +] From 83fcb5aca270c216beba751a1ad1411a4ba59f1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 13:35:21 +0100 Subject: [PATCH 02/24] [add] tandoor --- roles/tandoor/defaults/main.json | 20 ++++++ roles/tandoor/info.md | 11 +++ roles/tandoor/tasks/main.json | 91 +++++++++++++++++++++++++ roles/tandoor/templates/conf.j2 | 48 +++++++++++++ roles/tandoor/templates/systemd-unit.j2 | 13 ++++ 5 files changed, 183 insertions(+) create mode 100644 roles/tandoor/defaults/main.json create mode 100644 roles/tandoor/info.md create mode 100644 roles/tandoor/tasks/main.json create mode 100644 roles/tandoor/templates/conf.j2 create mode 100644 roles/tandoor/templates/systemd-unit.j2 diff --git a/roles/tandoor/defaults/main.json b/roles/tandoor/defaults/main.json new file mode 100644 index 0000000..060be6d --- /dev/null +++ b/roles/tandoor/defaults/main.json @@ -0,0 +1,20 @@ +{ + "var_tandoor_user": "tandoor", + "var_tandoor_directory": "/opt/tandoor", + "var_tandoor_repository_url": "https://github.com/vabene1111/recipes.git", + "var_tandoor_repository_reference": "master", + "var_tandoor_database_kind": "sqlite", + "var_tandoor_database_data_postgresql_host": "postgresql.example.org", + "var_tandoor_database_data_postgresql_port": 5432, + "var_tandoor_database_data_postgresql_username": "tandoor_user", + "var_tandoor_database_data_postgresql_password": "REPLACE_ME", + "var_tandoor_database_data_postgresql_schema": "tandoor", + "var_tandoor_authentication_kind": "internal", + "var_tandoor_authentication_data_authelia_client_id": "REPLACE_ME", + "var_tandoor_authentication_data_authelia_client_secret": "REPLACE_ME", + "var_tandoor_authentication_data_authelia_url_base": "authelia.example.org", + "var_tandoor_authentication_data_authelia_label": "Authelia", + "var_tandoor_secret_key": "REPLACE_ME", + "var_tandoor_port": 1256, + "var_tandoor_domain": "tandoor.exmaple.org" +} diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md new file mode 100644 index 0000000..b2a9cb2 --- /dev/null +++ b/roles/tandoor/info.md @@ -0,0 +1,11 @@ +## Beschreibung + +Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/) + + +## Verweise + +- [Tandoor-Dokumentation | Installation](https://docs.tandoor.dev/install/manual/) +- [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/) +- [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth) +https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json new file mode 100644 index 0000000..6cf3b5d --- /dev/null +++ b/roles/tandoor/tasks/main.json @@ -0,0 +1,91 @@ +[ + { + "name": "packages", + "become": true, + "ansible.builtin.apt": { + "update_cache": true, + "pkg": [ + "git", + "nodejs", + "yarnpkg" + ] + } + }, + { + "name": "user and directory", + "become": true, + "ansible.builtin.user": { + "name": "{{var_tandoor_user}}", + "create_home": true, + "home": "{{var_tandoor_directory}}" + } + }, + { + "name": "sources", + "become": true, + "become_user": "{{var_tandoor_user}}", + "ansible.builtin.git": { + "repo": "{{var_tandoor_repository_url}}", + "version": "{{var_tandoor_repository_reference}}", + "dest": "{{var_tandoor_directory}}" + } + }, + { + "name": "python requirements", + "ansible.builtin.pip": { + "virtualenv": "{{var_tandoor_directory}}", + "requirements": "{{var_tandoor_directory}}/requirements.txt" + } + }, + { + "name": "database", + "ansible.builtin.shell": { + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "cmd": "bin/python3 manage.py migrate" + } + }, + { + "name": "static files", + "ansible.builtin.shell": { + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "cmd": "bin/python3 manage.py collectstatic --no-input" + } + }, + { + "name": "static files", + "ansible.builtin.shell": { + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "cmd": "bin/python3 manage.py collectstatic_js_reverse" + } + }, + { + "name": "frontend stuff", + "ansible.builtin.shell": { + "chdir": "{{var_tandoor_directory}}/vue", + "cmd": "yarn install && yarn build" + } + }, + { + "name": "configuration", + "ansible.builtin.template": { + "src": "conf.j2", + "dest": "{{var_tandoor_directory}}/.env" + } + }, + { + "name": "systemd unit", + "ansible.builtin.template": { + "src": "systemd-unit.js", + "dest": "/etc/systemd/system/tandoor.service" + } + }, + { + "name": "start", + "become": true, + "ansible.builtin.systemd_service": { + "enabled": true, + "state": "started", + "name": "tandoor" + } + } +] diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2 new file mode 100644 index 0000000..70a44da --- /dev/null +++ b/roles/tandoor/templates/conf.j2 @@ -0,0 +1,48 @@ +{% if var_tandoor_database_kind == 'sqlite' %} +DB_ENGINE=django.db.backends.sqlite3 +{% endif %} + +{% if var_tandoor_database_kind == 'postgresql' %} +DB_ENGINE=django.db.backends.postgresql +POSTGRES_HOST={{var_tandoor_database_data_postgresql_host}} +POSTGRES_DB={{var_tandoor_database_data_postgresql_schema}} +POSTGRES_PORT={{var_tandoor_database_data_postgresql_port | string}} +POSTGRES_USER={{var_tandoor_database_data_postgresql_username}} +POSTGRES_PASSWORD={{var_tandoor_database_data_postgresql_password}} +{% endif %} + +{% if var_tandoor_authentication_kind == 'internal' %} +ENABLE_SIGNUP=1 +REMOTE_USER_AUTH=0 +{% endif %} + +{% if var_tandoor_authentication_kind == 'authelia' %} +ENABLE_SIGNUP=0 +REMOTE_USER_AUTH=1 +SOCIALACCOUNT_PROVIDERS = { + "openid_connect": { + "OAUTH_PKCE_ENABLED": False, + "APPS": [ + { + "provider_id": "authelia", + "name": "{{var_tandoor_authentication_data_authelia_label}}", + "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", + "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", + "settings": { + "server_url": "{{var_tandoor_authentication_data_authelia_url_base}}", + "token_auth_method": "client_secret_basic", + "oauth_pkce_enabled": False, + }, + }, + ] + } +} +{% endif %} + +SECRET_KEY={{var_tandoor_secret_key}} + +ALLOWED_HOSTS={{var_tandoor_domain}} +TANDOOR_PORT={{var_tandoor_port | string}} + +ENABLE_METRICS=0 +ENABLE_PDF_EXPORT=0 diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2 new file mode 100644 index 0000000..03a79bd --- /dev/null +++ b/roles/tandoor/templates/systemd-unit.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=Tandoor +After=multi-user.target + +[Service] +WorkingDirectory={{var_tandoor_directory}} +User={{var_tandoor_user}} +# Environment="VIRTUAL_ENV={{var_tandoor_directory}}" +ExecStart="{{var_tandoor_directory}}/bin/python3 manage.py runserver" +SyslogIdentifier=tandoor + +[Install] +WantedBy=multi-user.target From bacbc78b2e1f59ee6b0f486af92154e2fb883b8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 13:35:31 +0100 Subject: [PATCH 03/24] [add] tandoor-and-nginx --- roles/tandoor-and-nginx/defaults/main.json | 5 +++ roles/tandoor-and-nginx/info.md | 4 ++ roles/tandoor-and-nginx/tasks/main.json | 35 ++++++++++++++++++ roles/tandoor-and-nginx/templates/conf.j2 | 43 ++++++++++++++++++++++ roles/tandoor-and-nginx/vardef.json | 19 ++++++++++ 5 files changed, 106 insertions(+) create mode 100644 roles/tandoor-and-nginx/defaults/main.json create mode 100644 roles/tandoor-and-nginx/info.md create mode 100644 roles/tandoor-and-nginx/tasks/main.json create mode 100644 roles/tandoor-and-nginx/templates/conf.j2 create mode 100644 roles/tandoor-and-nginx/vardef.json diff --git a/roles/tandoor-and-nginx/defaults/main.json b/roles/tandoor-and-nginx/defaults/main.json new file mode 100644 index 0000000..bdfe332 --- /dev/null +++ b/roles/tandoor-and-nginx/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_tandoor_and_nginx_domain": "tandoor.example.org", + "var_tandoor_and_nginx_port": 1256, + "var_tandoor_and_nginx_tls_mode": "force" +} diff --git a/roles/tandoor-and-nginx/info.md b/roles/tandoor-and-nginx/info.md new file mode 100644 index 0000000..f8798d6 --- /dev/null +++ b/roles/tandoor-and-nginx/info.md @@ -0,0 +1,4 @@ +## Verweise + +- [Tandoor-Dokumentation | nginx](https://docs.tandoor.dev/install/manual/#nginx) + diff --git a/roles/tandoor-and-nginx/tasks/main.json b/roles/tandoor-and-nginx/tasks/main.json new file mode 100644 index 0000000..5519556 --- /dev/null +++ b/roles/tandoor-and-nginx/tasks/main.json @@ -0,0 +1,35 @@ +[ + { + "name": "deactivate default site", + "become": true, + "ansible.builtin.file": { + "state": "absent", + "dest": "/etc/nginx/sites-enabled/default" + } + }, + { + "name": "emplace configuration | data", + "become": true, + "ansible.builtin.template": { + "src": "conf.j2", + "dest": "/etc/nginx/sites-available/{{var_tandoor_and_nginx_domain}}" + } + }, + { + "name": "emplace configuration | link", + "become": true, + "ansible.builtin.file": { + "state": "link", + "src": "/etc/nginx/sites-available/{{var_tandoor_and_nginx_domain}}", + "dest": "/etc/nginx/sites-enabled/{{var_tandoor_and_nginx_domain}}" + } + }, + { + "name": "restart nginx", + "become": true, + "ansible.builtin.systemd_service": { + "state": "restarted", + "name": "nginx" + } + } +] diff --git a/roles/tandoor-and-nginx/templates/conf.j2 b/roles/tandoor-and-nginx/templates/conf.j2 new file mode 100644 index 0000000..1fb4ab3 --- /dev/null +++ b/roles/tandoor-and-nginx/templates/conf.j2 @@ -0,0 +1,43 @@ +{% macro tandoor_common() %} + location /static/ { + alias /var/www/recipes/staticfiles; + } + + location /media/ { + alias /var/www/recipes/mediafiles; + } + + location / { + proxy_set_header Host $http_host; + proxy_pass http://unix:/var/www/recipes/recipes.sock; + proxy_set_header X-Forwarded-Proto $scheme; + } +{% endmacro %} + +server { + listen 80; + listen [::]:80; + + server_name {{var_tandoor_and_nginx_domain}}; + +{% if var_tandoor_and_nginx_tls_mode == 'force' %} + return 301 https://$http_host$request_uri; +{% else %} +{{ tandoor_common() }} +{% endif %} +} + +{% if var_tandoor_and_nginx_tls_mode != 'disable' %} +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name {{var_tandoor_and_nginx_domain}}; + + ssl_certificate_key /etc/ssl/private/{{var_tandoor_and_nginx_domain}}.pem; + ssl_certificate /etc/ssl/fullchains/{{var_tandoor_and_nginx_domain}}.pem; + include /etc/nginx/ssl-hardening.conf; + +{{ tandoor_common() }} +} +{% endif %} diff --git a/roles/tandoor-and-nginx/vardef.json b/roles/tandoor-and-nginx/vardef.json new file mode 100644 index 0000000..882b53b --- /dev/null +++ b/roles/tandoor-and-nginx/vardef.json @@ -0,0 +1,19 @@ +{ + "domain": { + "mandatory": false, + "type": "string" + }, + "port": { + "mandatory": false, + "type": "integer" + }, + "tls_mode": { + "mandatory": false, + "type": "string", + "options": [ + "disable", + "enable", + "force" + ] + } +} From 4319326513d21b8c4a44b55dfe44e2124bb07fb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 14:55:58 +0100 Subject: [PATCH 04/24] [task-230] [mod] install path --- roles/tandoor/tasks/main.json | 16 ++++++++-------- roles/tandoor/templates/systemd-unit.j2 | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 6cf3b5d..bf34ddf 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -27,41 +27,41 @@ "ansible.builtin.git": { "repo": "{{var_tandoor_repository_url}}", "version": "{{var_tandoor_repository_reference}}", - "dest": "{{var_tandoor_directory}}" + "dest": "{{var_tandoor_directory}}/program" } }, { "name": "python requirements", "ansible.builtin.pip": { - "virtualenv": "{{var_tandoor_directory}}", - "requirements": "{{var_tandoor_directory}}/requirements.txt" + "virtualenv": "{{var_tandoor_directory}}/program", + "requirements": "{{var_tandoor_directory}}/program/requirements.txt" } }, { "name": "database", "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py migrate" } }, { "name": "static files", "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic --no-input" } }, { "name": "static files", "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}", + "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic_js_reverse" } }, { "name": "frontend stuff", "ansible.builtin.shell": { - "chdir": "{{var_tandoor_directory}}/vue", + "chdir": "{{var_tandoor_directory}}/program/vue", "cmd": "yarn install && yarn build" } }, @@ -69,7 +69,7 @@ "name": "configuration", "ansible.builtin.template": { "src": "conf.j2", - "dest": "{{var_tandoor_directory}}/.env" + "dest": "{{var_tandoor_directory}}/program/.env" } }, { diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2 index 03a79bd..ca1ec13 100644 --- a/roles/tandoor/templates/systemd-unit.j2 +++ b/roles/tandoor/templates/systemd-unit.j2 @@ -3,10 +3,10 @@ Description=Tandoor After=multi-user.target [Service] -WorkingDirectory={{var_tandoor_directory}} +WorkingDirectory={{var_tandoor_directory}}/program User={{var_tandoor_user}} -# Environment="VIRTUAL_ENV={{var_tandoor_directory}}" -ExecStart="{{var_tandoor_directory}}/bin/python3 manage.py runserver" +# Environment="VIRTUAL_ENV={{var_tandoor_directory}}/program" +ExecStart="{{var_tandoor_directory}}/program/bin/python3 manage.py runserver" SyslogIdentifier=tandoor [Install] From b2a6c20c9440987a925e6095e253b5089584340c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 14:59:39 +0100 Subject: [PATCH 05/24] [task-230] [mod] tandoor: fix pip install --- roles/tandoor/tasks/main.json | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index bf34ddf..b8f0637 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -34,6 +34,7 @@ "name": "python requirements", "ansible.builtin.pip": { "virtualenv": "{{var_tandoor_directory}}/program", + "virtualenv_command": "/usr/bin/python3 -m venv", "requirements": "{{var_tandoor_directory}}/program/requirements.txt" } }, From 5a1eb1a764bba7f116a6b4cdb16315d319439aec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 15:09:22 +0100 Subject: [PATCH 06/24] [task-230] [mod] tandoor: fix pip install --- roles/tandoor/tasks/main.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index b8f0637..ede6626 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -6,6 +6,7 @@ "update_cache": true, "pkg": [ "git", + "python3-venv", "nodejs", "yarnpkg" ] @@ -34,7 +35,7 @@ "name": "python requirements", "ansible.builtin.pip": { "virtualenv": "{{var_tandoor_directory}}/program", - "virtualenv_command": "/usr/bin/python3 -m venv", + "virtualenv_python": "python3", "requirements": "{{var_tandoor_directory}}/program/requirements.txt" } }, From a6a746023050da04e17fe8a898ba31c3e9bcd2c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 17:02:04 +0100 Subject: [PATCH 07/24] [task-230] [mod] tandoor: create venv --- roles/tandoor/tasks/main.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index ede6626..00f94c9 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -31,6 +31,13 @@ "dest": "{{var_tandoor_directory}}/program" } }, + { + "name": "venv", + "ansible.builtin.command": { + "chdir": "{{var_tandoor_directory}}", + "cmd": "python3 -m venv program" + } + }, { "name": "python requirements", "ansible.builtin.pip": { From 5d7019fdeeae886997afeea0a4ca0fb155beb12e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Mon, 30 Dec 2024 17:04:03 +0100 Subject: [PATCH 08/24] =?UTF-8?q?[task-230]=20[mod]=20become-Parameter=20e?= =?UTF-8?q?rg=C3=A4nzt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/tandoor/tasks/main.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 00f94c9..6497c7f 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -33,6 +33,8 @@ }, { "name": "venv", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.command": { "chdir": "{{var_tandoor_directory}}", "cmd": "python3 -m venv program" @@ -40,6 +42,8 @@ }, { "name": "python requirements", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.pip": { "virtualenv": "{{var_tandoor_directory}}/program", "virtualenv_python": "python3", @@ -48,6 +52,8 @@ }, { "name": "database", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py migrate" @@ -55,6 +61,8 @@ }, { "name": "static files", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic --no-input" @@ -62,6 +70,8 @@ }, { "name": "static files", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic_js_reverse" @@ -69,6 +79,8 @@ }, { "name": "frontend stuff", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { "chdir": "{{var_tandoor_directory}}/program/vue", "cmd": "yarn install && yarn build" @@ -76,6 +88,8 @@ }, { "name": "configuration", + "become": true, + "become_user": "{{var_tandoor_user}}", "ansible.builtin.template": { "src": "conf.j2", "dest": "{{var_tandoor_directory}}/program/.env" @@ -83,6 +97,7 @@ }, { "name": "systemd unit", + "become": true, "ansible.builtin.template": { "src": "systemd-unit.js", "dest": "/etc/systemd/system/tandoor.service" From 9b473372db1d1c15a3d5ed218dbdfe464036191a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:17:26 +0100 Subject: [PATCH 09/24] =?UTF-8?q?[task-230]=20[mod]=20tandoor:=20Abh=C3=A4?= =?UTF-8?q?ngigkeiten=20installieren?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/tandoor/tasks/main.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 6497c7f..99d7a64 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -6,7 +6,11 @@ "update_cache": true, "pkg": [ "git", + "gcc", + "libldap2-dev", + "libsasl2-dev", "python3-venv", + "python3-dev", "nodejs", "yarnpkg" ] From 8ab3117ba8bf76c547578c42ac9a8c71c097711b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:21:29 +0100 Subject: [PATCH 10/24] [task-230] [mod] tandoor: env-Variablen richtig setzen --- roles/tandoor/tasks/main.json | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 99d7a64..08aa5fd 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -58,8 +58,10 @@ "name": "database", "become": true, "become_user": "{{var_tandoor_user}}", + "environment": { + "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", + }, "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py migrate" } }, @@ -67,8 +69,10 @@ "name": "static files", "become": true, "become_user": "{{var_tandoor_user}}", + "environment": { + "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", + }, "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic --no-input" } }, @@ -76,8 +80,10 @@ "name": "static files", "become": true, "become_user": "{{var_tandoor_user}}", + "environment": { + "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", + }, "ansible.builtin.shell": { - "environment": "VIRTUAL_ENV={{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic_js_reverse" } }, From 43c35f062092cfa051fc39480b98742b44ff16fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:23:17 +0100 Subject: [PATCH 11/24] =?UTF-8?q?[task-230]=20[mod]=20tandoor:=20richtiges?= =?UTF-8?q?=20Verzeichnis=20ausw=C3=A4hlen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/tandoor/tasks/main.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 08aa5fd..b05ccf0 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -62,6 +62,7 @@ "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", }, "ansible.builtin.shell": { + "chdir": "{{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py migrate" } }, @@ -73,6 +74,7 @@ "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", }, "ansible.builtin.shell": { + "chdir": "{{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic --no-input" } }, @@ -84,6 +86,7 @@ "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", }, "ansible.builtin.shell": { + "chdir": "{{var_tandoor_directory}}/program", "cmd": "bin/python3 manage.py collectstatic_js_reverse" } }, From f80e6ee661c587f17c4aab79eb25f179909484b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:34:24 +0100 Subject: [PATCH 12/24] [task-230] [mod] tandoor: Befehle in Schleife zusammengefasst [fix] yarn-Befehl korrigiert --- roles/tandoor/tasks/main.json | 35 ++++++++--------------------------- 1 file changed, 8 insertions(+), 27 deletions(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index b05ccf0..14e48f7 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -55,39 +55,20 @@ } }, { - "name": "database", + "name": "initialize", "become": true, "become_user": "{{var_tandoor_user}}", "environment": { "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", }, + "loop": [ + "migrate", + "collectstatic --no-input", + "collectstatic_js_reverse" + ], "ansible.builtin.shell": { "chdir": "{{var_tandoor_directory}}/program", - "cmd": "bin/python3 manage.py migrate" - } - }, - { - "name": "static files", - "become": true, - "become_user": "{{var_tandoor_user}}", - "environment": { - "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", - }, - "ansible.builtin.shell": { - "chdir": "{{var_tandoor_directory}}/program", - "cmd": "bin/python3 manage.py collectstatic --no-input" - } - }, - { - "name": "static files", - "become": true, - "become_user": "{{var_tandoor_user}}", - "environment": { - "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", - }, - "ansible.builtin.shell": { - "chdir": "{{var_tandoor_directory}}/program", - "cmd": "bin/python3 manage.py collectstatic_js_reverse" + "cmd": "bin/python3 manage.py {{item}}" } }, { @@ -96,7 +77,7 @@ "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { "chdir": "{{var_tandoor_directory}}/program/vue", - "cmd": "yarn install && yarn build" + "cmd": "yarnpkg install && yarnpkg build" } }, { From e740be07f4cf1866606414cf443671a4b9b8660e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:37:47 +0100 Subject: [PATCH 13/24] [taks-230] [fix] tandoor: Daten nur holen, falls noch nicht da --- roles/tandoor/tasks/main.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 14e48f7..c76daed 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -33,7 +33,8 @@ "repo": "{{var_tandoor_repository_url}}", "version": "{{var_tandoor_repository_reference}}", "dest": "{{var_tandoor_directory}}/program" - } + }, + "creates": "{{var_tandoor_directory}}/program" }, { "name": "venv", From 2971154dba98a75f71a8e3127fdc98a168366372 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:40:26 +0100 Subject: [PATCH 14/24] [taks-230] [fix] tandoor: git-Aufruf --- roles/tandoor/tasks/main.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index c76daed..5e1df10 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -32,9 +32,10 @@ "ansible.builtin.git": { "repo": "{{var_tandoor_repository_url}}", "version": "{{var_tandoor_repository_reference}}", - "dest": "{{var_tandoor_directory}}/program" - }, - "creates": "{{var_tandoor_directory}}/program" + "single_branch": true, + "dest": "{{var_tandoor_directory}}/program", + "force": true + } }, { "name": "venv", From 173d7790f6b2a9bbaf2cb2489e8d9d99516a091b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 13:56:40 +0100 Subject: [PATCH 15/24] [taks-230] [fix] tandoor: systemd-unit-Einsatz --- roles/tandoor/tasks/main.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 5e1df10..06bef7e 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -95,7 +95,7 @@ "name": "systemd unit", "become": true, "ansible.builtin.template": { - "src": "systemd-unit.js", + "src": "systemd-unit.j2", "dest": "/etc/systemd/system/tandoor.service" } }, From 6ce4717a456307e6d180ac8df610e91dcd218898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Tue, 31 Dec 2024 14:21:14 +0100 Subject: [PATCH 16/24] [taks-230] [fix] tandoor: systemd-unit-Zeilen --- roles/tandoor/templates/systemd-unit.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2 index ca1ec13..57d815c 100644 --- a/roles/tandoor/templates/systemd-unit.j2 +++ b/roles/tandoor/templates/systemd-unit.j2 @@ -5,8 +5,8 @@ After=multi-user.target [Service] WorkingDirectory={{var_tandoor_directory}}/program User={{var_tandoor_user}} -# Environment="VIRTUAL_ENV={{var_tandoor_directory}}/program" -ExecStart="{{var_tandoor_directory}}/program/bin/python3 manage.py runserver" +Environment=VIRTUAL_ENV={{var_tandoor_directory}}/program +ExecStart={{var_tandoor_directory}}/program/bin/python3 {{var_tandoor_directory}}/program/manage.py runserver SyslogIdentifier=tandoor [Install] From 46a1a987512cb6ed6757eab497345c4f90421d2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Wed, 8 Jan 2025 20:10:56 +0100 Subject: [PATCH 17/24] [task-230] [fix] tandoor stuff --- roles/tandoor-and-nginx/defaults/main.json | 4 ++-- roles/tandoor-and-nginx/templates/conf.j2 | 14 +++++++------- roles/tandoor/defaults/main.json | 1 - roles/tandoor/tasks/main.json | 1 + roles/tandoor/templates/conf.j2 | 3 ++- roles/tandoor/templates/systemd-unit.j2 | 15 +++++++++------ 6 files changed, 21 insertions(+), 17 deletions(-) diff --git a/roles/tandoor-and-nginx/defaults/main.json b/roles/tandoor-and-nginx/defaults/main.json index bdfe332..f3c0a1a 100644 --- a/roles/tandoor-and-nginx/defaults/main.json +++ b/roles/tandoor-and-nginx/defaults/main.json @@ -1,5 +1,5 @@ { "var_tandoor_and_nginx_domain": "tandoor.example.org", - "var_tandoor_and_nginx_port": 1256, - "var_tandoor_and_nginx_tls_mode": "force" + "var_tandoor_and_nginx_tls_mode": "force", + "var_tandoor_and_nginx_directory": "/opt/tandoor" } diff --git a/roles/tandoor-and-nginx/templates/conf.j2 b/roles/tandoor-and-nginx/templates/conf.j2 index 1fb4ab3..31c5568 100644 --- a/roles/tandoor-and-nginx/templates/conf.j2 +++ b/roles/tandoor-and-nginx/templates/conf.j2 @@ -1,15 +1,15 @@ {% macro tandoor_common() %} - location /static/ { - alias /var/www/recipes/staticfiles; + location /static { + alias {{var_tandoor_and_nginx_directory}}/program/staticfiles; } - - location /media/ { - alias /var/www/recipes/mediafiles; + + location /media { + alias {{var_tandoor_and_nginx_directory}}/program/mediafiles; } - + location / { proxy_set_header Host $http_host; - proxy_pass http://unix:/var/www/recipes/recipes.sock; + proxy_pass http://unix:{{var_tandoor_and_nginx_directory}}/program/recipes.sock; proxy_set_header X-Forwarded-Proto $scheme; } {% endmacro %} diff --git a/roles/tandoor/defaults/main.json b/roles/tandoor/defaults/main.json index 060be6d..224657a 100644 --- a/roles/tandoor/defaults/main.json +++ b/roles/tandoor/defaults/main.json @@ -15,6 +15,5 @@ "var_tandoor_authentication_data_authelia_url_base": "authelia.example.org", "var_tandoor_authentication_data_authelia_label": "Authelia", "var_tandoor_secret_key": "REPLACE_ME", - "var_tandoor_port": 1256, "var_tandoor_domain": "tandoor.exmaple.org" } diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 06bef7e..8ee1648 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -11,6 +11,7 @@ "libsasl2-dev", "python3-venv", "python3-dev", + "gunicorn", "nodejs", "yarnpkg" ] diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2 index 70a44da..85a8cdb 100644 --- a/roles/tandoor/templates/conf.j2 +++ b/roles/tandoor/templates/conf.j2 @@ -42,7 +42,8 @@ SOCIALACCOUNT_PROVIDERS = { SECRET_KEY={{var_tandoor_secret_key}} ALLOWED_HOSTS={{var_tandoor_domain}} -TANDOOR_PORT={{var_tandoor_port | string}} ENABLE_METRICS=0 ENABLE_PDF_EXPORT=0 + +DEBUG=0 diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2 index 57d815c..ae79624 100644 --- a/roles/tandoor/templates/systemd-unit.j2 +++ b/roles/tandoor/templates/systemd-unit.j2 @@ -1,13 +1,16 @@ [Unit] -Description=Tandoor -After=multi-user.target +Description=Tandoor (gunicorn daemon) +After=network.target [Service] -WorkingDirectory={{var_tandoor_directory}}/program +Type=simple +Restart=always +RestartSec=3 User={{var_tandoor_user}} -Environment=VIRTUAL_ENV={{var_tandoor_directory}}/program -ExecStart={{var_tandoor_directory}}/program/bin/python3 {{var_tandoor_directory}}/program/manage.py runserver -SyslogIdentifier=tandoor +Group=www-data +WorkingDirectory={{var_tandoor_directory}}/program +EnvironmentFile={{var_tandoor_directory}}/program/.env +ExecStart={{var_tandoor_directory}}/program/bin/gunicorn --error-logfile {{var_tandoor_directory}}/program/gunicorn_err.log --log-level info --capture-output --bind unix:{{var_tandoor_directory}}/program/recipes.sock recipes.wsgi:application [Install] WantedBy=multi-user.target From f426927df1ad8f16aa094f8a2d5d0f20eb21671b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Wed, 8 Jan 2025 21:59:45 +0100 Subject: [PATCH 18/24] [task-230] [mod] tandoor: admin user and auth stuff --- roles/tandoor/defaults/main.json | 5 +++- roles/tandoor/info.md | 6 ++++- roles/tandoor/tasks/main.json | 36 +++++++++++++++++-------- roles/tandoor/templates/systemd-unit.j2 | 2 +- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/roles/tandoor/defaults/main.json b/roles/tandoor/defaults/main.json index 224657a..d44b357 100644 --- a/roles/tandoor/defaults/main.json +++ b/roles/tandoor/defaults/main.json @@ -12,8 +12,11 @@ "var_tandoor_authentication_kind": "internal", "var_tandoor_authentication_data_authelia_client_id": "REPLACE_ME", "var_tandoor_authentication_data_authelia_client_secret": "REPLACE_ME", - "var_tandoor_authentication_data_authelia_url_base": "authelia.example.org", + "var_tandoor_authentication_data_authelia_url_base": "https://authelia.example.org", "var_tandoor_authentication_data_authelia_label": "Authelia", "var_tandoor_secret_key": "REPLACE_ME", + "var_tandoor_admin_username": "admin", + "var_tandoor_admin_password": "REPLACE_ME", + "var_tandoor_admin_email": "admin@tandoor.example.org", "var_tandoor_domain": "tandoor.exmaple.org" } diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md index b2a9cb2..a3e9653 100644 --- a/roles/tandoor/info.md +++ b/roles/tandoor/info.md @@ -8,4 +8,8 @@ Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/) - [Tandoor-Dokumentation | Installation](https://docs.tandoor.dev/install/manual/) - [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/) - [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth) -https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html + + +## ToDo + +- E-Mail diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 8ee1648..16e1f5e 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -7,11 +7,11 @@ "pkg": [ "git", "gcc", + "libpq-dev", "libldap2-dev", "libsasl2-dev", "python3-venv", "python3-dev", - "gunicorn", "nodejs", "yarnpkg" ] @@ -57,12 +57,22 @@ "requirements": "{{var_tandoor_directory}}/program/requirements.txt" } }, + { + "name": "configuration", + "become": true, + "become_user": "{{var_tandoor_user}}", + "ansible.builtin.template": { + "src": "conf.j2", + "dest": "{{var_tandoor_directory}}/program/.env", + "mode": "644" + } + }, { "name": "initialize", "become": true, "become_user": "{{var_tandoor_user}}", "environment": { - "VIRTUAL_ENV": "{{var_tandoor_directory}}/program", + "VIRTUAL_ENV": "{{var_tandoor_directory}}/program" }, "loop": [ "migrate", @@ -74,6 +84,19 @@ "cmd": "bin/python3 manage.py {{item}}" } }, + { + "name": "admin account", + "become": true, + "become_user": "{{var_tandoor_user}}", + "environment": { + "VIRTUAL_ENV": "{{var_tandoor_directory}}/program" + }, + "ansible.builtin.shell": { + "chdir": "{{var_tandoor_directory}}/program", + "cmd": "DJANGO_SUPERUSER_PASSWORD={{var_tandoor_admin_password}} bin/python3 manage.py createsuperuser --no-input --username {{var_tandoor_admin_username}} --email {{var_tandoor_admin_email}}" + } + }, + { "name": "frontend stuff", "become": true, @@ -83,15 +106,6 @@ "cmd": "yarnpkg install && yarnpkg build" } }, - { - "name": "configuration", - "become": true, - "become_user": "{{var_tandoor_user}}", - "ansible.builtin.template": { - "src": "conf.j2", - "dest": "{{var_tandoor_directory}}/program/.env" - } - }, { "name": "systemd unit", "become": true, diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2 index ae79624..ad9dfc8 100644 --- a/roles/tandoor/templates/systemd-unit.j2 +++ b/roles/tandoor/templates/systemd-unit.j2 @@ -10,7 +10,7 @@ User={{var_tandoor_user}} Group=www-data WorkingDirectory={{var_tandoor_directory}}/program EnvironmentFile={{var_tandoor_directory}}/program/.env -ExecStart={{var_tandoor_directory}}/program/bin/gunicorn --error-logfile {{var_tandoor_directory}}/program/gunicorn_err.log --log-level info --capture-output --bind unix:{{var_tandoor_directory}}/program/recipes.sock recipes.wsgi:application +ExecStart={{var_tandoor_directory}}/program/bin/gunicorn --capture-output --bind unix:{{var_tandoor_directory}}/program/recipes.sock recipes.wsgi:application [Install] WantedBy=multi-user.target From 52c675f6e3f75863a1047108b3fd27493f48d9a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Wed, 8 Jan 2025 22:00:01 +0100 Subject: [PATCH 19/24] [task-230] [add] authelia-for-tandoor --- roles/authelia-for-tandoor/defaults/main.json | 5 +++ roles/authelia-for-tandoor/info.md | 9 +++++ roles/authelia-for-tandoor/tasks/main.json | 33 +++++++++++++++++++ .../templates/authelia-client-conf.json.j2 | 17 ++++++++++ 4 files changed, 64 insertions(+) create mode 100644 roles/authelia-for-tandoor/defaults/main.json create mode 100644 roles/authelia-for-tandoor/info.md create mode 100644 roles/authelia-for-tandoor/tasks/main.json create mode 100644 roles/authelia-for-tandoor/templates/authelia-client-conf.json.j2 diff --git a/roles/authelia-for-tandoor/defaults/main.json b/roles/authelia-for-tandoor/defaults/main.json new file mode 100644 index 0000000..ac1e5c6 --- /dev/null +++ b/roles/authelia-for-tandoor/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_authelia_for_tandoor_tandoor_url_base": "https://tandoor.example.org", + "var_authelia_for_tandoor_client_id": "tandoor", + "var_authelia_for_tandoor_client_secret": "REPLACE_ME" +} diff --git a/roles/authelia-for-tandoor/info.md b/roles/authelia-for-tandoor/info.md new file mode 100644 index 0000000..5b61b6b --- /dev/null +++ b/roles/authelia-for-tandoor/info.md @@ -0,0 +1,9 @@ +## Beschreibung + +Um [Tandoor](../tandoor) gegen [Authelia](../authelia) authentifizieren zu lassen + + +## Verweise + +- [allauth | OpenID Connect](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html) +- [Tandoor-Dokumentation | Configuration Example for Authelia](https://docs.tandoor.dev/features/authentication/#configuration-example-for-authelia) diff --git a/roles/authelia-for-tandoor/tasks/main.json b/roles/authelia-for-tandoor/tasks/main.json new file mode 100644 index 0000000..0b83858 --- /dev/null +++ b/roles/authelia-for-tandoor/tasks/main.json @@ -0,0 +1,33 @@ +[ + { + "name": "configuration | compute client secret hash", + "become": true, + "ansible.builtin.shell": { + "cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_tandoor_client_secret}} | cut --delimiter=' ' --fields='2-'" + }, + "register": "temp_authelia_for_tandoor_client_secret_hashed" + }, + { + "name": "configuration | emplace", + "become": true, + "ansible.builtin.template": { + "src": "authelia-client-conf.json.j2", + "dest": "/etc/authelia/conf.d/clients/tandoor.json" + } + }, + { + "name": "configuration | apply", + "become": true, + "ansible.builtin.command": { + "cmd": "/usr/bin/authelia-conf-compose" + } + }, + { + "name": "restart service", + "become": true, + "ansible.builtin.systemd_service": { + "state": "restarted", + "name": "authelia" + } + } +] diff --git a/roles/authelia-for-tandoor/templates/authelia-client-conf.json.j2 b/roles/authelia-for-tandoor/templates/authelia-client-conf.json.j2 new file mode 100644 index 0000000..7a2137e --- /dev/null +++ b/roles/authelia-for-tandoor/templates/authelia-client-conf.json.j2 @@ -0,0 +1,17 @@ +{ + "client_id": "{{var_authelia_for_tandoor_client_id}}", + "client_secret": "{{temp_authelia_for_tandoor_client_secret_hashed.stdout}}", + "client_name": "Tandoor", + "public": false, + "authorization_policy": "one_factor", + "redirect_uris": [ + "{{var_authelia_for_tandoor_tandoor_url_base}}/accounts/oidc/authelia/login/callback/" + ], + "scopes": [ + "openid", + "email", + "profile" + ], + "userinfo_signed_response_alg": "none", + "token_endpoint_auth_method": "client_secret_basic" +} From 5a7f10561c6b93ce27c294cad70242c24526de93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Wed, 8 Jan 2025 22:56:02 +0100 Subject: [PATCH 20/24] [task-230] [fix] tandoor: authelia --- roles/tandoor/info.md | 1 + roles/tandoor/templates/conf.j2 | 19 +------------------ 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md index a3e9653..4c7603f 100644 --- a/roles/tandoor/info.md +++ b/roles/tandoor/info.md @@ -8,6 +8,7 @@ Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/) - [Tandoor-Dokumentation | Installation](https://docs.tandoor.dev/install/manual/) - [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/) - [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth) +- https://docs.djangoproject.com/en/5.1/ref/django-admin/#envvar-DJANGO_SUPERUSER_PASSWORD ## ToDo diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2 index 85a8cdb..463470c 100644 --- a/roles/tandoor/templates/conf.j2 +++ b/roles/tandoor/templates/conf.j2 @@ -19,24 +19,7 @@ REMOTE_USER_AUTH=0 {% if var_tandoor_authentication_kind == 'authelia' %} ENABLE_SIGNUP=0 REMOTE_USER_AUTH=1 -SOCIALACCOUNT_PROVIDERS = { - "openid_connect": { - "OAUTH_PKCE_ENABLED": False, - "APPS": [ - { - "provider_id": "authelia", - "name": "{{var_tandoor_authentication_data_authelia_label}}", - "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", - "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", - "settings": { - "server_url": "{{var_tandoor_authentication_data_authelia_url_base}}", - "token_auth_method": "client_secret_basic", - "oauth_pkce_enabled": False, - }, - }, - ] - } -} +SOCIALACCOUNT_PROVIDERS={"openid_connect": {"OAUTH_PKCE_ENABLED": false, "APPS": [{"provider_id": "authelia", "name": "{{var_tandoor_authentication_data_authelia_label}}", "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", "settings": {"server_url":"{{var_tandoor_authentication_data_authelia_url_base}}", "token_auth_method": "client_secret_basic", "oauth_pkce_enabled": false}}]}} {% endif %} SECRET_KEY={{var_tandoor_secret_key}} From 9a86117869f256e05fba81cf0fefd42a27e42c81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Sat, 11 Jan 2025 15:45:08 +0100 Subject: [PATCH 21/24] [task-230] [fix] role:postgresql-for-tandoor --- roles/authelia-for-tandoor/info.md | 1 + roles/postgresql-for-tandoor/tasks/main.json | 6 +++--- roles/tandoor/info.md | 2 ++ roles/tandoor/templates/conf.j2 | 4 +++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/authelia-for-tandoor/info.md b/roles/authelia-for-tandoor/info.md index 5b61b6b..cd33051 100644 --- a/roles/authelia-for-tandoor/info.md +++ b/roles/authelia-for-tandoor/info.md @@ -7,3 +7,4 @@ Um [Tandoor](../tandoor) gegen [Authelia](../authelia) authentifizieren zu lasse - [allauth | OpenID Connect](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html) - [Tandoor-Dokumentation | Configuration Example for Authelia](https://docs.tandoor.dev/features/authentication/#configuration-example-for-authelia) +- https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/authelia.html diff --git a/roles/postgresql-for-tandoor/tasks/main.json b/roles/postgresql-for-tandoor/tasks/main.json index 286d466..0bb0903 100644 --- a/roles/postgresql-for-tandoor/tasks/main.json +++ b/roles/postgresql-for-tandoor/tasks/main.json @@ -15,7 +15,7 @@ "name": "user", "become": true, "become_user": "tandoor", - "community.tandoorql.tandoorql_user": { + "community.postgresql.postgresql_user": { "state": "present", "name": "{{var_postgresql_for_tandoor_username}}", "password": "{{var_postgresql_for_tandoor_password}}" @@ -28,7 +28,7 @@ "name": "schema", "become": true, "become_user": "tandoor", - "community.tandoorql.tandoorql_db": { + "community.postgresql.postgresql_db": { "state": "present", "name": "{{var_postgresql_for_tandoor_schema}}", "owner": "{{var_postgresql_for_tandoor_username}}" @@ -38,7 +38,7 @@ "name": "rights", "become": true, "become_user": "tandoor", - "community.tandoorql.tandoorql_privs": { + "community.postgresql.postgresql_privs": { "state": "present", "db": "{{var_postgresql_for_tandoor_schema}}", "objs": "ALL_IN_SCHEMA", diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md index 4c7603f..e2ced18 100644 --- a/roles/tandoor/info.md +++ b/roles/tandoor/info.md @@ -9,6 +9,8 @@ Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/) - [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/) - [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth) - https://docs.djangoproject.com/en/5.1/ref/django-admin/#envvar-DJANGO_SUPERUSER_PASSWORD +- [allauth-Dokumentation | OpenID Connect](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html) +- [allauth-Dokumentation | Authelia](https://docs.allauth.org/en/latest/socialaccount/providers/authelia.html) ## ToDo diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2 index 463470c..e9f5ae6 100644 --- a/roles/tandoor/templates/conf.j2 +++ b/roles/tandoor/templates/conf.j2 @@ -19,7 +19,9 @@ REMOTE_USER_AUTH=0 {% if var_tandoor_authentication_kind == 'authelia' %} ENABLE_SIGNUP=0 REMOTE_USER_AUTH=1 -SOCIALACCOUNT_PROVIDERS={"openid_connect": {"OAUTH_PKCE_ENABLED": false, "APPS": [{"provider_id": "authelia", "name": "{{var_tandoor_authentication_data_authelia_label}}", "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", "settings": {"server_url":"{{var_tandoor_authentication_data_authelia_url_base}}", "token_auth_method": "client_secret_basic", "oauth_pkce_enabled": false}}]}} +SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid +# SOCIALACCOUNT_PROVIDERS={"openid_connect": {"OAUTH_PKCE_ENABLED": false, "APPS": [{"provider_id": "authelia", "name": "{{var_tandoor_authentication_data_authelia_label}}", "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", "settings": {"server_url":"{{var_tandoor_authentication_data_authelia_url_base}}", "token_auth_method": "client_secret_basic", "oauth_pkce_enabled": false}}]}} +SOCIALACCOUNT_PROVIDERS={"openid_connect": {"APPS": [{"provider_id": "authelia", "name": "{{var_tandoor_authentication_data_authelia_label}}", "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", "settings": {"server_url": "{{var_tandoor_authentication_data_authelia_url_base}}/.well-known/openid-configuration"}}]}} {% endif %} SECRET_KEY={{var_tandoor_secret_key}} From 41ece50aa2a97de177dcd153497c5ccfe35e3900 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Sat, 11 Jan 2025 15:47:48 +0100 Subject: [PATCH 22/24] [task-230] [fix] role:postgresql-for-tandoor --- roles/postgresql-for-tandoor/tasks/main.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postgresql-for-tandoor/tasks/main.json b/roles/postgresql-for-tandoor/tasks/main.json index 0bb0903..e92a715 100644 --- a/roles/postgresql-for-tandoor/tasks/main.json +++ b/roles/postgresql-for-tandoor/tasks/main.json @@ -27,7 +27,7 @@ { "name": "schema", "become": true, - "become_user": "tandoor", + "become_user": "postgres", "community.postgresql.postgresql_db": { "state": "present", "name": "{{var_postgresql_for_tandoor_schema}}", @@ -37,7 +37,7 @@ { "name": "rights", "become": true, - "become_user": "tandoor", + "become_user": "postgres", "community.postgresql.postgresql_privs": { "state": "present", "db": "{{var_postgresql_for_tandoor_schema}}", From 59ea4e256c591170a762441072bc388ca2e42815 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Sat, 11 Jan 2025 15:49:53 +0100 Subject: [PATCH 23/24] [task-230] [fix] role:postgresql-for-tandoor --- roles/postgresql-for-tandoor/tasks/main.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postgresql-for-tandoor/tasks/main.json b/roles/postgresql-for-tandoor/tasks/main.json index e92a715..abd0400 100644 --- a/roles/postgresql-for-tandoor/tasks/main.json +++ b/roles/postgresql-for-tandoor/tasks/main.json @@ -14,7 +14,7 @@ { "name": "user", "become": true, - "become_user": "tandoor", + "become_user": "postgres", "community.postgresql.postgresql_user": { "state": "present", "name": "{{var_postgresql_for_tandoor_username}}", From eaa5f240469b251361bb0aea93de62bdae9a8f4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Sun, 12 Jan 2025 10:05:20 +0100 Subject: [PATCH 24/24] [task-230] [mod] kleine Anpassungen --- roles/authelia-for-tandoor/info.md | 4 +--- roles/tandoor/defaults/main.json | 5 +++++ roles/tandoor/info.md | 4 ++-- roles/tandoor/tasks/main.json | 12 +++++++++++- roles/tandoor/templates/conf.j2 | 8 ++++++++ 5 files changed, 27 insertions(+), 6 deletions(-) diff --git a/roles/authelia-for-tandoor/info.md b/roles/authelia-for-tandoor/info.md index cd33051..d9c0efb 100644 --- a/roles/authelia-for-tandoor/info.md +++ b/roles/authelia-for-tandoor/info.md @@ -5,6 +5,4 @@ Um [Tandoor](../tandoor) gegen [Authelia](../authelia) authentifizieren zu lasse ## Verweise -- [allauth | OpenID Connect](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html) -- [Tandoor-Dokumentation | Configuration Example for Authelia](https://docs.tandoor.dev/features/authentication/#configuration-example-for-authelia) -- https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/authelia.html +- [allauth-Dokumentation | Authelia](https://django-allauth.readthedocs.io/en/latest/socialaccount/providers/authelia.html) diff --git a/roles/tandoor/defaults/main.json b/roles/tandoor/defaults/main.json index d44b357..ea267ea 100644 --- a/roles/tandoor/defaults/main.json +++ b/roles/tandoor/defaults/main.json @@ -14,6 +14,11 @@ "var_tandoor_authentication_data_authelia_client_secret": "REPLACE_ME", "var_tandoor_authentication_data_authelia_url_base": "https://authelia.example.org", "var_tandoor_authentication_data_authelia_label": "Authelia", + "var_tandoor_smtp_host": "smtp.example.org", + "var_tandoor_smtp_port": 587, + "var_tandoor_smtp_username": "tandoor@smtp.example.org", + "var_tandoor_smtp_password": "REPLACE_ME", + "var_tandoor_notification_sender": "notification@tandoor.example.org", "var_tandoor_secret_key": "REPLACE_ME", "var_tandoor_admin_username": "admin", "var_tandoor_admin_password": "REPLACE_ME", diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md index e2ced18..dc339bf 100644 --- a/roles/tandoor/info.md +++ b/roles/tandoor/info.md @@ -8,11 +8,11 @@ Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/) - [Tandoor-Dokumentation | Installation](https://docs.tandoor.dev/install/manual/) - [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/) - [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth) -- https://docs.djangoproject.com/en/5.1/ref/django-admin/#envvar-DJANGO_SUPERUSER_PASSWORD +- [Django-Dokumentation | Variable `DJANGO_SUPERUSER_PASSWORD`](https://docs.djangoproject.com/en/5.1/ref/django-admin/#envvar-DJANGO_SUPERUSER_PASSWORD) - [allauth-Dokumentation | OpenID Connect](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html) - [allauth-Dokumentation | Authelia](https://docs.allauth.org/en/latest/socialaccount/providers/authelia.html) ## ToDo -- E-Mail +- Idempotenz diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json index 16e1f5e..b9ee618 100644 --- a/roles/tandoor/tasks/main.json +++ b/roles/tandoor/tasks/main.json @@ -98,7 +98,7 @@ }, { - "name": "frontend stuff", + "name": "frontend stuff | core", "become": true, "become_user": "{{var_tandoor_user}}", "ansible.builtin.shell": { @@ -106,6 +106,16 @@ "cmd": "yarnpkg install && yarnpkg build" } }, + { + "name": "frontend stuff | link", + "become": true, + "become_user": "{{var_tandoor_user}}", + "ansible.builtin.file": { + "type": "link", + "src": "{{var_tandoor_directory}}/program/cookbook/static/vue", + "dest": "{{var_tandoor_directory}}/program/staticfiles/vue", + } + }, { "name": "systemd unit", "become": true, diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2 index e9f5ae6..4837105 100644 --- a/roles/tandoor/templates/conf.j2 +++ b/roles/tandoor/templates/conf.j2 @@ -24,6 +24,14 @@ SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid SOCIALACCOUNT_PROVIDERS={"openid_connect": {"APPS": [{"provider_id": "authelia", "name": "{{var_tandoor_authentication_data_authelia_label}}", "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}", "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}", "settings": {"server_url": "{{var_tandoor_authentication_data_authelia_url_base}}/.well-known/openid-configuration"}}]}} {% endif %} +EMAIL_HOST={{var_tandoor_smtp_host}} +EMAIL_PORT={{var_tandoor_smtp_port | string}} +EMAIL_HOST_USER={{var_tandoor_smtp_username}} +EMAIL_HOST_PASSWORD={{var_tandoor_smtp_password}} +EMAIL_USE_TLS=1 +EMAIL_USE_SSL=0 +DEFAULT_FROM_EMAIL={{var_tandoor_notification_sender}} + SECRET_KEY={{var_tandoor_secret_key}} ALLOWED_HOSTS={{var_tandoor_domain}}