- name: Include service variables include_vars: services.yaml - name: Install apt packages apt: pkg: - libyaml-dev - name: Install python packages pip: name: - itsdangerous==2.0.1 - flask - flask-login - flask-oidc - Flask-SQLAlchemy - MarkupSafe - Pillow - docker-compose - waitress extra_args: --break-system-packages - name: fix dumb flask oidc scheme bug lineinfile: path: /usr/local/lib/python3.9/dist-packages/flask_oidc/__init__.py regex: " flow\\.redirect_uri = url_for\\('_oidc_callback', _external=True\\)" line: " flow.redirect_uri = url_for('_oidc_callback', _external=True, _scheme='https')" backup: yes - name: Set mode /usr/local/lib/ (python libraries) file: path: /usr/local/lib/ mode: 'a+rX' recurse: true - name: Clone repositories git: repo: https://github.com/FAUSheppy/{{ item }}.git dest: "/var/www/{{ item }}" become: yes become_user: www-data with_items: - python-flask-picture-factory - simple-log-server - soundlib-interface - name: Ensure Ownership to www-data file: path: /var/www/{{ item }}/ owner: www-data group: www-data recurse: true with_items: - python-flask-picture-factory - simple-log-server - soundlib-interface - name: Deploy OIDC config (config) template: src: oidc_config.json.j2 dest: "/var/www/{{ item }}/oidc.json" owner: www-data group: www-data with_items: - python-flask-picture-factory - simple-log-server - soundlib-interface - name: SLS Config copy: src: sls_config.py dest: /var/www/simple-log-server/config.py owner: www-data group: www-data - name: Deploy OIDC config (client secrets) template: src: oidc_client_secrets.json.j2 dest: "/var/www/{{ item }}/oidc_client_secrets.json" owner: www-data group: www-data with_items: - python-flask-picture-factory - simple-log-server - soundlib-interface - name: OAuth2Proxy directories file: path: "/opt/oauth2proxy/{{ item }}/" state: directory recurse: yes with_items: - python-flask-picture-factory - simple-log-server - soundlib-interface - name: Deploy OAuth2Proxy compose files template: src: oauth-standalone-docker-compose.yaml dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml" with_items: - simple-log-server - soundlib-interface - python-flask-picture-factory - name: Template Systemd Units template: src: "waitress-systemd-unit.j2" dest: "/etc/systemd/system/{{ item.name }}.service" with_items: - { name : "python-flask-picture-factory", path : "/var/www/python-flask-picture-factory", external_oidc : true } - { name : "serien-ampel", path : "/var/www/serien-ampel" } - { name : "simple-log-server", path : "/var/www/simple-log-server", external_oidc : true } - { name : "soundlib-interface", path : "/var/www/soundlib-interface", external_oidc : true } notify: - daemon reload - systemctl restart image-factory - systemctl restart serien-ampel - systemctl restart simple-log-server - systemctl restart soundlib-interface - meta: flush_handlers - name: Deploy OAuth2Proxy community.docker.docker_compose: project_src: /opt/oauth2proxy/{{ item }}/ pull: true with_items: - soundlib-interface - simple-log-server - python-flask-picture-factory - name: Enable and Start Systemd Units systemd: name: "{{ item }}" enabled: yes state: started with_items: - python-flask-picture-factory - serien-ampel - simple-log-server - soundlib-interface - name: event poller cronjob cron: user: sheppy hour: "*" minute: "*" name: Poll Notifications from Dispatch (signal) job: "/home/sheppy/signal-http-gateway/signal-query-dispatch.py --target {{ event_dispatcher_address }} --user {{ event_dispatcher_user }} --password {{ event_dispatcher_pass }} --signal-cli-bin /home/sheppy/signal-cli/bin/signal-cli"