From 83fcb5aca270c216beba751a1ad1411a4ba59f1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Mon, 30 Dec 2024 13:35:21 +0100
Subject: [PATCH] [add] tandoor

---
 roles/tandoor/defaults/main.json        | 20 ++++++
 roles/tandoor/info.md                   | 11 +++
 roles/tandoor/tasks/main.json           | 91 +++++++++++++++++++++++++
 roles/tandoor/templates/conf.j2         | 48 +++++++++++++
 roles/tandoor/templates/systemd-unit.j2 | 13 ++++
 5 files changed, 183 insertions(+)
 create mode 100644 roles/tandoor/defaults/main.json
 create mode 100644 roles/tandoor/info.md
 create mode 100644 roles/tandoor/tasks/main.json
 create mode 100644 roles/tandoor/templates/conf.j2
 create mode 100644 roles/tandoor/templates/systemd-unit.j2

diff --git a/roles/tandoor/defaults/main.json b/roles/tandoor/defaults/main.json
new file mode 100644
index 0000000..060be6d
--- /dev/null
+++ b/roles/tandoor/defaults/main.json
@@ -0,0 +1,20 @@
+{
+	"var_tandoor_user": "tandoor",
+	"var_tandoor_directory": "/opt/tandoor",
+	"var_tandoor_repository_url": "https://github.com/vabene1111/recipes.git",
+	"var_tandoor_repository_reference": "master",
+	"var_tandoor_database_kind": "sqlite",
+	"var_tandoor_database_data_postgresql_host": "postgresql.example.org",
+	"var_tandoor_database_data_postgresql_port": 5432,
+	"var_tandoor_database_data_postgresql_username": "tandoor_user",
+	"var_tandoor_database_data_postgresql_password": "REPLACE_ME",
+	"var_tandoor_database_data_postgresql_schema": "tandoor",
+	"var_tandoor_authentication_kind": "internal",
+	"var_tandoor_authentication_data_authelia_client_id": "REPLACE_ME",
+	"var_tandoor_authentication_data_authelia_client_secret": "REPLACE_ME",
+	"var_tandoor_authentication_data_authelia_url_base": "authelia.example.org",
+	"var_tandoor_authentication_data_authelia_label": "Authelia",
+	"var_tandoor_secret_key": "REPLACE_ME",
+	"var_tandoor_port": 1256,
+	"var_tandoor_domain": "tandoor.exmaple.org"
+}
diff --git a/roles/tandoor/info.md b/roles/tandoor/info.md
new file mode 100644
index 0000000..b2a9cb2
--- /dev/null
+++ b/roles/tandoor/info.md
@@ -0,0 +1,11 @@
+## Beschreibung
+
+Für Rezepte-Sammlung [Tandoor](https://tandoor.dev/)
+
+
+## Verweise
+
+- [Tandoor-Dokumentation | Installation](https://docs.tandoor.dev/install/manual/)
+- [Tandoor-Dokumentation | Konfiguration](https://docs.tandoor.dev/system/configuration/)
+- [Tandoor-Dokumentation | Allauth](https://docs.tandoor.dev/features/authentication/#allauth)
+https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html
diff --git a/roles/tandoor/tasks/main.json b/roles/tandoor/tasks/main.json
new file mode 100644
index 0000000..6cf3b5d
--- /dev/null
+++ b/roles/tandoor/tasks/main.json
@@ -0,0 +1,91 @@
+[
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"git",
+				"nodejs",
+				"yarnpkg"
+			]
+		}
+	},
+	{
+		"name": "user and directory",
+		"become": true,
+		"ansible.builtin.user": {
+			"name": "{{var_tandoor_user}}",
+			"create_home": true,
+			"home": "{{var_tandoor_directory}}"
+		}
+	},
+	{
+		"name": "sources",
+		"become": true,
+		"become_user": "{{var_tandoor_user}}",
+		"ansible.builtin.git": {
+			"repo": "{{var_tandoor_repository_url}}",
+			"version": "{{var_tandoor_repository_reference}}",
+			"dest": "{{var_tandoor_directory}}"
+		}
+	},
+	{
+		"name": "python requirements",
+		"ansible.builtin.pip": {
+			"virtualenv": "{{var_tandoor_directory}}",
+			"requirements": "{{var_tandoor_directory}}/requirements.txt"
+		}
+	},
+	{
+		"name": "database",
+		"ansible.builtin.shell": {
+			"environment": "VIRTUAL_ENV={{var_tandoor_directory}}",
+			"cmd": "bin/python3 manage.py migrate"
+		}
+	},
+	{
+		"name": "static files",
+		"ansible.builtin.shell": {
+			"environment": "VIRTUAL_ENV={{var_tandoor_directory}}",
+			"cmd": "bin/python3 manage.py collectstatic --no-input"
+		}
+	},
+	{
+		"name": "static files",
+		"ansible.builtin.shell": {
+			"environment": "VIRTUAL_ENV={{var_tandoor_directory}}",
+			"cmd": "bin/python3 manage.py collectstatic_js_reverse"
+		}
+	},
+	{
+		"name": "frontend stuff",
+		"ansible.builtin.shell": {
+			"chdir": "{{var_tandoor_directory}}/vue",
+			"cmd": "yarn install && yarn build"
+		}
+	},
+	{
+		"name": "configuration",
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "{{var_tandoor_directory}}/.env"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"ansible.builtin.template": {
+			"src": "systemd-unit.js",
+			"dest": "/etc/systemd/system/tandoor.service"
+		}
+	},
+	{
+		"name": "start",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"enabled": true,
+			"state": "started",
+			"name": "tandoor"
+		}
+	}
+]
diff --git a/roles/tandoor/templates/conf.j2 b/roles/tandoor/templates/conf.j2
new file mode 100644
index 0000000..70a44da
--- /dev/null
+++ b/roles/tandoor/templates/conf.j2
@@ -0,0 +1,48 @@
+{% if var_tandoor_database_kind == 'sqlite' %}
+DB_ENGINE=django.db.backends.sqlite3
+{% endif %}
+
+{% if var_tandoor_database_kind == 'postgresql' %}
+DB_ENGINE=django.db.backends.postgresql
+POSTGRES_HOST={{var_tandoor_database_data_postgresql_host}}
+POSTGRES_DB={{var_tandoor_database_data_postgresql_schema}}
+POSTGRES_PORT={{var_tandoor_database_data_postgresql_port | string}}
+POSTGRES_USER={{var_tandoor_database_data_postgresql_username}}
+POSTGRES_PASSWORD={{var_tandoor_database_data_postgresql_password}}
+{% endif %}
+
+{% if var_tandoor_authentication_kind == 'internal' %}
+ENABLE_SIGNUP=1
+REMOTE_USER_AUTH=0
+{% endif %}
+
+{% if var_tandoor_authentication_kind == 'authelia' %}
+ENABLE_SIGNUP=0
+REMOTE_USER_AUTH=1
+SOCIALACCOUNT_PROVIDERS = {
+    "openid_connect": {
+        "OAUTH_PKCE_ENABLED": False,
+        "APPS": [
+            {
+                "provider_id": "authelia",
+                "name": "{{var_tandoor_authentication_data_authelia_label}}",
+                "client_id": "{{var_tandoor_authentication_data_authelia_client_id}}",
+                "secret": "{{var_tandoor_authentication_data_authelia_client_secret}}",
+                "settings": {
+                    "server_url": "{{var_tandoor_authentication_data_authelia_url_base}}",
+                    "token_auth_method": "client_secret_basic",
+                    "oauth_pkce_enabled": False,
+                },
+            },
+        ]
+    }
+}
+{% endif %}
+
+SECRET_KEY={{var_tandoor_secret_key}}
+
+ALLOWED_HOSTS={{var_tandoor_domain}}
+TANDOOR_PORT={{var_tandoor_port | string}}
+
+ENABLE_METRICS=0
+ENABLE_PDF_EXPORT=0
diff --git a/roles/tandoor/templates/systemd-unit.j2 b/roles/tandoor/templates/systemd-unit.j2
new file mode 100644
index 0000000..03a79bd
--- /dev/null
+++ b/roles/tandoor/templates/systemd-unit.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Tandoor
+After=multi-user.target
+
+[Service]
+WorkingDirectory={{var_tandoor_directory}}
+User={{var_tandoor_user}}
+# Environment="VIRTUAL_ENV={{var_tandoor_directory}}"
+ExecStart="{{var_tandoor_directory}}/bin/python3 manage.py runserver"
+SyslogIdentifier=tandoor
+
+[Install]
+WantedBy=multi-user.target