From 98a86d021fd77c34e44e9554fa09a53933c80574 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 5 Aug 2020 19:57:27 +0200
Subject: [PATCH] [framadate][unsafe] PEP-CRANS compliance
---
roles/framadate/README.md | 20 ++++++++++++++++
roles/framadate/tasks/main.yml | 24 +++++++++----------
.../{ => framadate/app/inc}/config.php.j2 | 10 ++++----
.../sites-available/framadate.j2} | 4 ++--
.../templates/update-motd.d/05-service.j2 | 2 +-
5 files changed, 40 insertions(+), 20 deletions(-)
create mode 100644 roles/framadate/README.md
rename roles/framadate/templates/{ => framadate/app/inc}/config.php.j2 (90%)
rename roles/framadate/templates/{nginx-site.j2 => nginx/sites-available/framadate.j2} (95%)
diff --git a/roles/framadate/README.md b/roles/framadate/README.md
new file mode 100644
index 00000000..87367b76
--- /dev/null
+++ b/roles/framadate/README.md
@@ -0,0 +1,20 @@
+# Framadate
+
+Ce rôle installe un serveur framadate.
+
+## Variables
+
+ - glob_framadate:
+ - contact: Adresse mail de contact de l'administrateur
+ - automatic_response: Adresse mail utilisée pour répondre au clients du
+ serveur
+ - smtp_server: le serveur smtp a utilisé pour envoyer les mails
+ - hostname: le nom de domaine du serveur
+ - repo: le repo git où est stocké le code source de framadate
+ - versoin: le commit dans lequel on se place
+ - admin_username: le nom d'utilisateur de l'administrateur
+ - admin_password: le mot de l'administrateur
+ - db_password: le mot de passe de la base de données
+ - loc_framadate:
+ - path: le chemin où on installe framadate
+
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 843694ec..71098df7 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -19,15 +19,15 @@
- name: Clone framadate project
git:
- repo: "{{ framadate.repo }}"
- dest: "{{ framadate.path }}"
- version: "{{ framadate.version }}"
+ repo: "{{ glob_framadate.repo }}"
+ dest: "{{ loc_framadate.path }}"
+ version: "{{ glob_framadate.version }}"
# Cet item là raises forcement un changed à cause du recurse: true
# https://github.com/ansible/ansible/issues/32636
- name: Set perms on framadate code
file:
- path: "{{ framadate.path }}"
+ path: "{{ loc_framadate.path }}"
state: directory
owner: www-data
group: www-data
@@ -36,7 +36,7 @@
- name: Install Framadate dependencies
composer:
command: install
- working_dir: "{{ framadate.path }}"
+ working_dir: "{{ loc_framadate.path }}"
become: true
become_user: www-data
register: composer_result
@@ -45,29 +45,29 @@
- name: Create log file
file:
- path: "{{ framadate.path }}/admin/stdout.log"
+ path: "{{ loc_framadate.path }}/admin/stdout.log"
owner: www-data
mode: 0600
- name: Configure framadate
template:
- src: config.php.j2
- dest: "{{ framadate.path }}/app/inc/config.php"
+ src: framadate/app/inc/config.php.j2
+ dest: "{{ loc_framadate.path }}/app/inc/config.php"
owner: www-data
group: www-data
- name: Configure admin password
htpasswd:
path: /etc/nginx/.htpasswd
- name: "{{ framadate.admin_username }}"
- password: "{{ framadate.admin_password }}"
+ name: "{{ glob_framadate.admin_username }}"
+ password: "{{ glob_framadate.admin_password }}"
owner: root
group: www-data
mode: 0640
- name: Configure nginx site
template:
- src: nginx-site.j2
+ src: nginx/sites-available/framadate.j2
dest: /etc/nginx/sites-available/framadate
notify: restart nginx
@@ -88,7 +88,7 @@
mysql_user:
login_unix_socket: /var/run/mysqld/mysqld.sock
name: framadate
- password: "{{ framadate.db_password }}"
+ password: "{{ glob_framadate.db_password }}"
priv: 'framadate.*:ALL'
state: present
diff --git a/roles/framadate/templates/config.php.j2 b/roles/framadate/templates/framadate/app/inc/config.php.j2
similarity index 90%
rename from roles/framadate/templates/config.php.j2
rename to roles/framadate/templates/framadate/app/inc/config.php.j2
index defd4fc3..a85086f6 100644
--- a/roles/framadate/templates/config.php.j2
+++ b/roles/framadate/templates/framadate/app/inc/config.php.j2
@@ -25,16 +25,16 @@
// Fully qualified domain name of your webserver.
// If this is unset or empty, the servername is determined automatically.
// You *have to set this* if you are running Framadate behind a reverse proxy.
-// const APP_URL = 'framadate.crans.org';
+// const APP_URL = '{{ glob_framadate.hostname }}';
// Application name
const NOMAPPLICATION = 'Framadate';
// Database administrator email
-const ADRESSEMAILADMIN = 'contact@crans.org';
+const ADRESSEMAILADMIN = '{{ glob_framadate.contact }}';
// Email for automatic responses (you should set it to "no-reply")
-const ADRESSEMAILREPONSEAUTO = 'no-reply@crans.org';
+const ADRESSEMAILREPONSEAUTO = '{{ glob_framadate.automatic_response }}';
// Database server name, leave empty to use a socket
const DB_CONNECTION_STRING = 'mysql:host=localhost;dbname=framadate;port=3306';
@@ -43,7 +43,7 @@ const DB_CONNECTION_STRING = 'mysql:host=localhost;dbname=framadate;port=3306';
const DB_USER= 'framadate';
// Database password
-const DB_PASSWORD = '{{ framadate.db_password }}';
+const DB_PASSWORD = '{{ glob_framadate.db_password }}';
// Table name prefix
const TABLENAME_PREFIX = 'fd_';
@@ -92,7 +92,7 @@ $config = [
/* general config */
'use_smtp' => true, // use email for polls creation/modification/responses notification
'smtp_options' => [
- 'host' => 'smtp.crans.org', // SMTP server (you could add many servers (main and backup for example) : use ";" like separator
+ 'host' => '{{ glob_framadate.smtp_server }}', // SMTP server (you could add many servers (main and backup for example) : use ";" like separator
'auth' => false, // Enable SMTP authentication
'username' => '', // SMTP username
'password' => '', // SMTP password
diff --git a/roles/framadate/templates/nginx-site.j2 b/roles/framadate/templates/nginx/sites-available/framadate.j2
similarity index 95%
rename from roles/framadate/templates/nginx-site.j2
rename to roles/framadate/templates/nginx/sites-available/framadate.j2
index de485e81..d6db7085 100644
--- a/roles/framadate/templates/nginx-site.j2
+++ b/roles/framadate/templates/nginx/sites-available/framadate.j2
@@ -4,12 +4,12 @@ server {
listen 80;
listen [::]:80;
- server_name framadate.crans.org;
+ server_name {{ glob_framadate.hostname }};
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
add_header Referrer-Policy "strict-origin";
- root {{ framadate.path }};
+ root {{ loc_framadate.path }};
index index.php;
diff --git a/roles/framadate/templates/update-motd.d/05-service.j2 b/roles/framadate/templates/update-motd.d/05-service.j2
index d0598362..71c63f9d 100755
--- a/roles/framadate/templates/update-motd.d/05-service.j2
+++ b/roles/framadate/templates/update-motd.d/05-service.j2
@@ -1,3 +1,3 @@
#!/usr/bin/tail +14
{{ ansible_header | comment }}
-�[0m> �[38;5;82mFramadate�[0m a été déployé sur cette machine. Voir �[38;5;6m{{ framadate.path }}�[0m.
+�[0m> �[38;5;82mFramadate�[0m a été déployé sur cette machine. Voir �[38;5;6m{{ loc_framadate.path }}�[0m.
--
GitLab