From 719c88a9301a8abd82e8ac746b67733c0c8625ab Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Mon, 17 May 2021 08:42:09 -0500
Subject: [PATCH 1/3] lokole - create /lokole/state

---
 roles/lokole/tasks/install.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index bc97ad982..9d61f628e 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -77,6 +77,19 @@
     path: "{{ lokole_run_directory }}"
     #mode: a+x    # Not nec, given above 'state: directory'
 
+# lets try to catch settings.env creation at registration time
+# can't tell if the routine doesn't like settings.env being missing
+- name: mkdir /lokole
+  file:
+    state: directory
+    path: /lokole
+
+- name: Link {{ lokole_run_directory }} to /lokole/state
+  file:
+    state: link
+    path: /lokole/state
+    src: "{{ lokole_run_directory }}"
+
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template:
     src: webapp_secrets.sh.j2

From a85418df12208d4f2b1a62b45ae06ac7e6c388e5 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 18 May 2021 06:29:05 -0500
Subject: [PATCH 2/3] Lokole system user

---
 roles/lokole/defaults/main.yml              |  3 ++-
 roles/lokole/tasks/install.yml              | 16 ++++++++++++----
 roles/lokole/templates/celery.service.j2    |  2 +-
 roles/lokole/templates/settings.env.j2      |  7 +++++++
 roles/lokole/templates/webapp_secrets.sh.j2 |  2 +-
 5 files changed, 23 insertions(+), 7 deletions(-)
 create mode 100644 roles/lokole/templates/settings.env.j2

diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml
index 030f4fbd3..57ebf510e 100644
--- a/roles/lokole/defaults/main.yml
+++ b/roles/lokole/defaults/main.yml
@@ -22,8 +22,9 @@ lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 # Info needed to run Lokole:
 lokole_user: lokole
 lokole_url: /lokole
+lokole_uid: "2000"
 lokole_run_directory: /home/{{ lokole_user }}/state
-lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
+lokole_domain_socket: "/run/lokole_gunicorn.sock"
 lokole_sim_type: LocalOnly
 
 lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}"    # http://box.lan/lokole
diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index 9d61f628e..40332fa33 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -71,6 +71,14 @@
   with_items:
     - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
 
+- name: Create system {{ lokole_user }} user
+  ansible.builtin.user:
+    state: present
+    name: "{{ lokole_user }}"
+    system: yes
+    uid: "{{ lokole_uid }}"
+    home: /home/{{ lokole_user }}
+
 - name: mkdir {{ lokole_run_directory }}
   file:
     state: directory
@@ -79,15 +87,15 @@
 
 # lets try to catch settings.env creation at registration time
 # can't tell if the routine doesn't like settings.env being missing
-- name: mkdir /lokole
+- name: mkdir /{{ lokole_user }}
   file:
     state: directory
-    path: /lokole
+    path: /{{ lokole_user }}
 
 - name: Link {{ lokole_run_directory }} to /lokole/state
   file:
     state: link
-    path: /lokole/state
+    path: "{{ lokole_user }}/state"
     src: "{{ lokole_run_directory }}"
 
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
@@ -102,7 +110,7 @@
     dest: "{{ lokole_run_directory }}/webapp.sh"
     mode: a+x
 
-- name: Create admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
+- name: Create Lokole admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
   shell: |
     . {{ lokole_run_directory }}/webapp_secrets.sh
     {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
diff --git a/roles/lokole/templates/celery.service.j2 b/roles/lokole/templates/celery.service.j2
index e1393892b..49a2dd64b 100644
--- a/roles/lokole/templates/celery.service.j2
+++ b/roles/lokole/templates/celery.service.j2
@@ -6,7 +6,7 @@ Before=celerybeat.service
 
 [Service]
 Type=simple
-ExecStart={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
+ExecStart={{ lokole_venv }}/bin/celery --uid={{ lokole_uid }} --gid={{ lokole_uid }} --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecStop=/bin/kill TERM $MAINPID
 
diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2
new file mode 100644
index 000000000..81ab2f417
--- /dev/null
+++ b/roles/lokole/templates/settings.env.j2
@@ -0,0 +1,7 @@
+OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
+OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
+OPWEN_APP_ROOT='{{ lokole_url }}/'
+OPWEN_MAX_UPLOAD_SIZE_MB=10
+OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
+OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
+OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}'
diff --git a/roles/lokole/templates/webapp_secrets.sh.j2 b/roles/lokole/templates/webapp_secrets.sh.j2
index 18471d95b..fc8a51b7e 100644
--- a/roles/lokole/templates/webapp_secrets.sh.j2
+++ b/roles/lokole/templates/webapp_secrets.sh.j2
@@ -1,6 +1,6 @@
 export OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
 export OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
-export OPWEN_APP_ROOT='{{ lokole_url }}'
+export OPWEN_APP_ROOT='{{ lokole_url }}/'
 export OPWEN_MAX_UPLOAD_SIZE_MB=10
 export OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
 export OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'

From 38c6ce9d7042821e5a16f6b6699cd6091b524e76 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 18 May 2021 10:16:40 -0500
Subject: [PATCH 3/3] don't link for diagnostics

---
 roles/lokole/tasks/install.yml | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index 40332fa33..638be3181 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -87,16 +87,20 @@
 
 # lets try to catch settings.env creation at registration time
 # can't tell if the routine doesn't like settings.env being missing
-- name: mkdir /{{ lokole_user }}
+- name: mkdir /{{ lokole_user }}/state for registration testing
   file:
     state: directory
-    path: /{{ lokole_user }}
+    path: /{{ lokole_user }}/state
 
-- name: Link {{ lokole_run_directory }} to /lokole/state
-  file:
-    state: link
-    path: "{{ lokole_user }}/state"
-    src: "{{ lokole_run_directory }}"
+- name: Install dummy target for registration testing fake
+  template:
+    src: settings.env.j2
+    dest: "/{{ lokole_user }}/state/settings.env"
+
+- name: Install dummy target for registration testing run
+  template:
+    src: settings.env.j2
+    dest: "{{ lokole_run_directory }}/settings.env"
 
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template: