Merge pull request #2225 from holta/cleaner-gitea-etc

Cleaner Gitea playbook, update roles/nginx/README.md, etc

roles/gitea/README.rst

@@ -2,7 +2,7 @@
 Gitea README
 ============
 
-This Ansible role installs Gitea - a self-hosted Git service written in Go.
+This Ansible role installs Gitea — a self-hosted Git service written in Go.
 
 Using It
 --------

roles/gitea/defaults/main.yml

@@ -7,7 +7,8 @@
 # Using @coolaj86's script as a template
 # https://git.coolaj86.com/coolaj86/gitea-installer.sh
 
-# Information needed to install Gitea
+# Info needed to install Gitea:
+
 gitea_version: 1.10.3
 iset_suffixes:
   i386: 386
@@ -20,7 +21,7 @@ gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown')
 gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
 gitea_integrity_url: "{{ gitea_download_url }}.asc"
 
-gitea_root_directory: /library/gitea
+gitea_root_directory: "{{ content_base }}/gitea"    # /library/gitea
 gitea_subdirectories:
   - bin
   - custom
@@ -31,19 +32,9 @@ gitea_subdirectories:
 gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}"
 gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc"
 
-gitea_link_path: "{{ gitea_root_directory }}/gitea"
-
-# Information needed to verify Gitea
+# Info needed to verify Gitea
 gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
 
-# Information needed to run Gitea
-gitea_user: gitea
-gitea_home: "/home/{{ gitea_user }}"    # SSH credentials stored here
-gitea_run_directory: "{{ gitea_root_directory }}"
-
-gitea_url: /gitea
-gitea_port: 61734    # leet for GITEA
-
 # Data locations
 gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db"
 gitea_repo_root: "{{ gitea_root_directory }}/data/repositories"
@@ -55,3 +46,14 @@ gitea_log_root: "{{ gitea_root_directory }}/log"
 # Extra configuration
 gitea_display_name: Internet-in-a-Box Gitea
 skip_install_screen: true    # lowercase for Gitea's own /etc/gitea/app.ini
+
+gitea_link_path: "{{ gitea_root_directory }}/gitea"
+
+# Info needed to run Gitea:
+
+gitea_user: gitea
+gitea_home: "/home/{{ gitea_user }}"    # SSH credentials stored here
+gitea_run_directory: "{{ gitea_root_directory }}"
+
+gitea_url: /gitea
+gitea_port: 61734    # leet for GITEA

roles/gitea/tasks/apache.yml

@@ -0,0 +1,12 @@
+- name: Enable http://box{{ gitea_url }} via Apache    # http://box/gitea
+  command: a2ensite gitea.conf
+  when: gitea_enabled | bool
+
+- name: Disable http://box{{ gitea_url }} via Apache    # http://box/gitea
+  command: a2dissite gitea.conf
+  when: not gitea_enabled
+
+- name: Restart '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted

roles/gitea/tasks/enable.yml

@@ -1,69 +0,0 @@
-- name: Enable & Restart 'gitea' systemd service
-  systemd:
-    name: gitea
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: gitea_enabled | bool
-
-- name: Disable & Restart 'gitea' systemd service
-  systemd:
-    name: gitea
-    enabled: no
-    state: stopped
-  when: not gitea_enabled
-
-# Apache
-
-- name: Enable http://box{{ gitea_url }} via Apache    # i.e. http://box/gitea
-  command: a2ensite gitea.conf
-  when: apache_install and gitea_enabled
-
-- name: Disable http://box{{ gitea_url }} via Apache
-  command: a2dissite gitea.conf
-  when: apache_install and not gitea_enabled
-
-- name: Restart Apache systemd service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
-    state: restarted
-  when: apache_enabled | bool
-
-# NGINX
-
-- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
-  template:
-    src: gitea-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"
-  when: nginx_install and gitea_enabled
-
-- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
-  file:
-    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"
-    state: absent
-  when: nginx_install and not gitea_enabled
-
-- name: Restart 'nginx' systemd service
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_enabled | bool
-
-
-- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: gitea
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Gitea
-    - option: description
-      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
-    - option: gitea_run_directory
-      value: "{{ gitea_run_directory }}"
-    - option: gitea_url
-      value: "{{ gitea_url }}"
-    - option: gitea_enabled
-      value: "{{ gitea_enabled }}"

roles/gitea/tasks/install.yml

@@ -1,4 +1,4 @@
-# Prepare to install Gitea: create user and directory structure
+# 1. Prepare to install Gitea: create user and directory structure
 
 - name: Shut down existing Gitea instance (if we're reinstalling)
   systemd:
@@ -16,11 +16,11 @@
     name: gitea
     comment: Gitea daemon account
     groups: gitea
-    home: "{{ gitea_home }}"
+    home: "{{ gitea_home }}"    # /home/gitea
 
 - name: Create Gitea directory structure
   file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
     state: directory
     owner: gitea
     group: gitea
@@ -28,21 +28,22 @@
 
 - name: Make directories data, indexers, and log writable
   file:
-    path: "{{ gitea_root_directory }}/{{ item }}"
+    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
     mode: '0750'
   with_items:
     - data
     - indexers
     - log
 
-# Download, verify, and link Gitea binary
+
+# 2. Download, verify, and link Gitea binary
 
 - name: Fail if we detect unknown architecture
   fail:
     msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
   when: gitea_iset_suffix == "unknown"
 
-- name: Download Gitea binary
+- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }}
   get_url:
     url: "{{ gitea_download_url }}"
     dest: "{{ gitea_install_path }}"
@@ -69,14 +70,15 @@
     group: gitea
     state: link
 
-# Configure Gitea
+
+# 3. Configure Gitea
 
 # For security reasons, the Gitea developers recommend removing group write
 # permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of 
 # Gitea. User gitea needs write permissions during the first run but not 
 # subsequent runs.
 
-- name: Create Gitea config directory
+- name: mkdir /etc/gitea
   file:
     state: directory
     path: /etc/gitea
@@ -84,7 +86,7 @@
     group: gitea
     mode: '0770'
 
-- name: Create app.ini
+- name: Install /etc/gitea/app.ini from template
   template:
     src: app.ini.j2
     dest: /etc/gitea/app.ini
@@ -92,7 +94,8 @@
     group: gitea
     mode: '0664'
 
-# Create systemd service & prepare Apache for http://box/gitea
+
+# 4. Create systemd service & prepare Apache for http://box/gitea
 
 - name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
   template:
@@ -103,7 +106,7 @@
     - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
 
 
-# RECORD Gitea AS INSTALLED
+# 5. RECORD Gitea AS INSTALLED
 
 - name: "Set 'gitea_installed: True'"
   set_fact:

roles/gitea/tasks/main.yml

@@ -1,7 +1,67 @@
-- name: Install Gitea {{ gitea_version }} if gitea_install
-  include_tasks: install.yml
-  when: gitea_install and not (gitea_installed is defined)
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Enable Gitea {{ gitea_version }} if gitea_install
-  include_tasks: enable.yml
-  when: gitea_install or gitea_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "gitea_install is sameas true" (boolean not string etc)
+  assert:
+    that: gitea_install is sameas true
+    fail_msg: "PLEASE SET 'gitea_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "gitea_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: gitea_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'gitea_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: gitea_installed is undefined
+
+
+- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
+  systemd:
+    name: gitea
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
+  when: gitea_enabled | bool
+
+- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
+  systemd:
+    name: gitea
+    enabled: no
+    state: stopped
+  when: not gitea_enabled
+
+- name: Enable/Disable/Restart Apache if primary
+  include_tasks: apache.yml
+  when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool
+
+
+- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
+    section: gitea
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Gitea
+    - option: description
+      value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
+    - option: gitea_run_directory
+      value: "{{ gitea_run_directory }}"
+    - option: gitea_url
+      value: "{{ gitea_url }}"
+    - option: gitea_enabled
+      value: "{{ gitea_enabled }}"

roles/gitea/tasks/nginx.yml

@@ -0,0 +1,16 @@
+- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
+  template:
+    src: gitea-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
+  when: gitea_enabled | bool
+
+- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
+  file:
+    path: "{{ nginx_conf_dir }}/gitea-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not gitea_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted

roles/lokole/tasks/main.yml

@@ -19,12 +19,12 @@
     quiet: yes
 
 
-- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined
+- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
   include_tasks: install.yml
   when: lokole_installed is undefined
 
 
-- name: Enable & Restart 'lokole' systemd service
+- name: Enable & Restart 'lokole' systemd service, if lokole_enabled
   systemd:
     name: lokole
     daemon_reload: yes
@@ -32,7 +32,7 @@
     state: restarted
   when: lokole_enabled | bool
 
-- name: Disable & Stop 'lokole' systemd service
+- name: Disable & Stop 'lokole' systemd service, if not lokole_enabled
   systemd:
     name: lokole
     enabled: no

roles/nginx/README.md

@@ -1,6 +1,6 @@
 ### Transition to NGINX
 
-1. Initial testing strategy (December 2019 - January 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below.
+1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below.
 
    Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below.
 
@@ -10,13 +10,14 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2020-01-24:
+3. Current state of IIAB App/Service migrations as of 2020-02-01:
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
       * captiveportal
+      * IIAB documentation (http://box/info)
       * osm-vector-maps
-      * RACHEL-like modules
+      * OER2Go/RACHEL modules
       * usb-lib
 
    2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing).
@@ -31,13 +32,13 @@
       * wordpress
 
    3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/0-init/tasks/main.yml#L40-L44](../0-init/tasks/main.yml#L40-L44) for a list of these IIAB Apps/Services, that auto-enable Apache.
-      * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
       * elgg
       * lokole
       * moodle
       * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119))
       * nodered
 
-   4. Not Yet Dealt With!
+   4. These each run their own web server, i.e. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
+      * calibre (menu goes directly to port 8080)
       * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120))
       * kalite (menu goes directly to ports 8006-8008)

roles/osm-vector-maps/tasks/enable-or-disable.yml.deprecated

@@ -1,32 +0,0 @@
-# This depends on iiab-admin-console which is not yet installed
-#- name: Run the script that does osm-vector-maps housekeeping
-#  shell: /usr/bin/iiab-update-map
-
-- name: Copy countries.json (geojson) to {{ vector_map_path }}/maplist/assets
-  copy:
-    src: countries.json
-    dest: "{{ vector_map_path }}/maplist/assets"    # /library/www/osm-vector-maps
-
-#  It is too complicated to use a single file for both iiab and admin-console
-- name: Copy map_functions.js (duplicated JavaScript) to {{ vector_map_path }}/maplist/assets
-  copy:
-    src: map_functions.js
-    dest: "{{ vector_map_path }}/maplist/assets"    # /library/www/osm-vector-maps
-
-- name: Install {{ vector_map_path }}/maplist/index.html from template, for test page http://box/maps/maplist
-  template:
-    src: index.html
-    dest: "{{ vector_map_path }}/maplist/index.html"    # /library/www/osm-vector-maps
-
-#- name: Does the {{ vector_map_path }}/index.html redirect already exist?
-#  stat:
-#    path: "{{ vector_map_path }}/index.html"
-#  register: osm_redirect
-
-#Copy the redirect to the test page -- delete this later if more than one map
-- name: Install {{ vector_map_path }}/index.html redirect for http://box/maps -> http://box/osm-vector-maps
-  copy:
-    force: no
-    src: test-index.redirect
-    dest: "{{ vector_map_path }}/index.html"    # /library/www/osm-vector-maps
-  #when: not osm_redirect.stat.exists

roles/osm-vector-maps/tasks/main.yml

@@ -24,9 +24,6 @@
   when: osm_vector_maps_installed is undefined
 
 
-#- name: Install countries.json, map_functions.js & 2 index.html's under-or-in {{ vector_map_path }}/maplist    # /library/www/osm-vector-maps
-#  include_tasks: enable-or-disable.yml
-
 - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled
   include_tasks: nginx.yml
   when: nginx_enabled | bool