From c8617e45cc5b7625bb62b307baebf9194d98917c Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Tue, 5 Feb 2019 12:42:05 +0100
Subject: [PATCH] Add CodiMD container

---
 codimd.yml                                    |  7 +++++
 hosts                                         |  1 +
 roles/codimd/README.md                        |  7 +++++
 roles/codimd/handlers/main.yml                |  5 ++++
 roles/codimd/tasks/0_apt_dependencies.yml     | 20 ++++++++++++++
 roles/codimd/tasks/1_user_group.yml           | 27 +++++++++++++++++++
 roles/codimd/tasks/main.yml                   | 20 ++++++++++++++
 roles/codimd/templates/apt/nodejs             |  7 +++++
 .../templates/systemd/codimd.service.j2       | 19 +++++++++++++
 9 files changed, 113 insertions(+)
 create mode 100644 codimd.yml
 create mode 100644 roles/codimd/README.md
 create mode 100644 roles/codimd/handlers/main.yml
 create mode 100644 roles/codimd/tasks/0_apt_dependencies.yml
 create mode 100644 roles/codimd/tasks/1_user_group.yml
 create mode 100644 roles/codimd/tasks/main.yml
 create mode 100644 roles/codimd/templates/apt/nodejs
 create mode 100644 roles/codimd/templates/systemd/codimd.service.j2

diff --git a/codimd.yml b/codimd.yml
new file mode 100644
index 0000000..1d83c7d
--- /dev/null
+++ b/codimd.yml
@@ -0,0 +1,7 @@
+---
+# Install CodiMD on corresponding containers
+- hosts: codimd
+  roles:
+   - debian-backports
+   - codimd
+
diff --git a/hosts b/hosts
index 2e9e5ef..cd7d86b 100644
--- a/hosts
+++ b/hosts
@@ -5,6 +5,7 @@ horus               ansible_host=10.128.0.1
 
 [ovh-container]
 matrix-riot-web     ansible_host=10.128.0.53
+codimd              ansible_host=10.128.0.55
 services-bdd.adm.auro.re
 phabricator.adm.auro.re
 horus-wiki          ansible_host=10.128.0.51
diff --git a/roles/codimd/README.md b/roles/codimd/README.md
new file mode 100644
index 0000000..68e69fd
--- /dev/null
+++ b/roles/codimd/README.md
@@ -0,0 +1,7 @@
+# Rôle CodiMD
+
+Ce rôle Ansible permet d'installer CodiMD.
+
+Il doit être exécuté en tant que super-utilisateur
+(option `-b` pour `--become`).
+
diff --git a/roles/codimd/handlers/main.yml b/roles/codimd/handlers/main.yml
new file mode 100644
index 0000000..4c2230e
--- /dev/null
+++ b/roles/codimd/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+# Reload systemd daemons when a service file changes
+- name: Reload systemd daemons
+  command: systemctl daemon-reload
+
diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml
new file mode 100644
index 0000000..8089199
--- /dev/null
+++ b/roles/codimd/tasks/0_apt_dependencies.yml
@@ -0,0 +1,20 @@
+---
+# For NodeJS package
+- name: Configure NodeJS pin
+  when: ansible_distribution == 'Debian' and ansible_distribution_release == 'stretch'
+  template:
+    src: 'apt/nodejs'
+    dest: '/etc/apt/preferences.d/nodejs'
+    mode: 0644
+
+# Install CodiMD dependencies
+- name: Install required packages
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - git
+    - nodejs
+    - npm
+
diff --git a/roles/codimd/tasks/1_user_group.yml b/roles/codimd/tasks/1_user_group.yml
new file mode 100644
index 0000000..7e257b3
--- /dev/null
+++ b/roles/codimd/tasks/1_user_group.yml
@@ -0,0 +1,27 @@
+---
+# Security #1
+- name: Create CodiMD system group
+  group:
+    name: codimd
+    system: yes
+    state: present
+
+# Security #2
+- name: Create CodiMD user
+  user:
+    name: codimd
+    group: codimd
+    home: '/var/local/codimd'
+    comment: CodiMD
+    system: yes
+    state: present
+
+# Security #3
+- name: Secure CodiMD home directory
+  file:
+    path: '/var/local/codimd'
+    state: directory
+    owner: codimd
+    group: codimd
+    mode: 0750
+
diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml
new file mode 100644
index 0000000..f0913da
--- /dev/null
+++ b/roles/codimd/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+# Install APT dependencies
+- include_tasks: 0_apt_dependencies.yml
+
+# Create CodiMD user and group
+- include_tasks: 1_user_group.yml
+
+# Download CodiMD
+- name: Clone CodiMD project
+  git:
+    repo: "https://github.com/hackmdio/codimd.git"
+    dest: /var/local/codimd/codimd
+    version: "1.2.1"
+  become: true
+  become_user: codimd
+
+# TODO Configurer et créer un service
+# https://github.com/hackmdio/codimd#instructions
+# https://github.com/hackmdio/codimd#configuration-files
+
diff --git a/roles/codimd/templates/apt/nodejs b/roles/codimd/templates/apt/nodejs
new file mode 100644
index 0000000..cd89d4c
--- /dev/null
+++ b/roles/codimd/templates/apt/nodejs
@@ -0,0 +1,7 @@
+# /etc/apt/preferences.d/dokuwiki
+# Deployed with Aurore Ansible !
+
+Package: node* libuv1*
+Pin: release a=stretch-backports
+Pin-Priority: 600
+
diff --git a/roles/codimd/templates/systemd/codimd.service.j2 b/roles/codimd/templates/systemd/codimd.service.j2
new file mode 100644
index 0000000..a34bf4a
--- /dev/null
+++ b/roles/codimd/templates/systemd/codimd.service.j2
@@ -0,0 +1,19 @@
+# /etc/systemd/system/etherpad-lite.service
+# Deployed with Aurore Ansible !
+
+[Unit]
+Description=Etherpad-lite, the collaborative editor.
+After=syslog.target network-online.target mysql.service postgresql.service
+Conflicts=shutdown.target
+
+[Service]
+Type=simple
+User=etherpad
+Group=etherpad
+WorkingDirectory=/var/local/etherpad/etherpad-lite
+ExecStart=/usr/bin/nodejs /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+