101 lines
3.2 KiB
YAML
101 lines
3.2 KiB
YAML
|
- name: Install FreshRSS
|
||
|
|
hosts: nuculabs
|
||
|
|
become: true
|
||
|
|
become_method: sudo
|
||
|
|
vars_files:
|
||
|
|
- variables.yaml
|
||
|
|
tasks:
|
||
|
|
# Create necessary directories.
|
||
|
|
- name: "Create directories"
|
||
|
|
block:
|
||
|
|
- name: Create base directory
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: "{{ fresh_rss.base_directory }}"
|
||
|
|
state: directory
|
||
|
|
mode: "0755"
|
||
|
|
ignore_errors: true
|
||
|
|
- name: Create data directory
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: "{{ fresh_rss.base_directory }}/{{ fresh_rss.data_directory }}"
|
||
|
|
state: directory
|
||
|
|
mode: "0755"
|
||
|
|
ignore_errors: true
|
||
|
|
- name: Create extensions directory
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: "{{ fresh_rss.base_directory }}/{{ fresh_rss.extensions_directory }}"
|
||
|
|
state: directory
|
||
|
|
mode: "0755"
|
||
|
|
ignore_errors: true
|
||
|
|
- name: Setup SELinux
|
||
|
|
block:
|
||
|
|
- name: Ensure Udica is installed
|
||
|
|
ansible.builtin.package:
|
||
|
|
name: udica
|
||
|
|
state: present
|
||
|
|
- name: Ensure container-selinux is installed
|
||
|
|
ansible.builtin.package:
|
||
|
|
name: container-selinux
|
||
|
|
state: present
|
||
|
|
- name: Copy freshrss cil
|
||
|
|
ansible.builtin.copy:
|
||
|
|
src: ./templates/selinux/freshrss.cil
|
||
|
|
dest: /tmp/freshrss.cil
|
||
|
|
mode: "0644"
|
||
|
|
- name: Load freshrss CIL policy
|
||
|
|
ansible.builtin.command:
|
||
|
|
argv:
|
||
|
|
- semodule
|
||
|
|
- -i
|
||
|
|
- /tmp/freshrss.cil
|
||
|
|
- /usr/share/udica/templates/base_container.cil
|
||
|
|
- /usr/share/udica/templates/net_container.cil
|
||
|
|
when: setup_selinux
|
||
|
|
- name: Setup Container
|
||
|
|
block:
|
||
|
|
- name: Ensure Podman is installed
|
||
|
|
ansible.builtin.package:
|
||
|
|
name: podman
|
||
|
|
state: present
|
||
|
|
- name: Pull image
|
||
|
|
containers.podman.podman_image:
|
||
|
|
name: "{{ fresh_rss.container_image }}"
|
||
|
|
state: present
|
||
|
|
- name: "Copy container"
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: ./templates/container/freshrss.container.j2
|
||
|
|
dest: /etc/containers/systemd/freshrss.container
|
||
|
|
mode: "0644"
|
||
|
|
- name: Reload systemd
|
||
|
|
ansible.builtin.command:
|
||
|
|
cmd: systemctl daemon-reload
|
||
|
|
- name: Stop service
|
||
|
|
ansible.builtin.systemd_service:
|
||
|
|
name: freshrss.service
|
||
|
|
state: stopped
|
||
|
|
enabled: true
|
||
|
|
- name: Enable service
|
||
|
|
ansible.builtin.systemd_service:
|
||
|
|
name: freshrss.service
|
||
|
|
state: started
|
||
|
|
enabled: true
|
||
|
|
- name: Setup firewall
|
||
|
|
block:
|
||
|
|
- name: Create firewalld service
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: ./templates/firewall/freshrss.xml.j2
|
||
|
|
dest: /etc/firewalld/services/freshrss.xml
|
||
|
|
mode: "0644"
|
||
|
|
- name: Reload firewalld
|
||
|
|
ansible.builtin.command:
|
||
|
|
argv:
|
||
|
|
- firewall-cmd
|
||
|
|
- --reload
|
||
|
|
- name: Enable firewalld service
|
||
|
|
ansible.posix.firewalld:
|
||
|
|
service: freshrss
|
||
|
|
state: enabled
|
||
|
|
permanent: true
|
||
|
|
immediate: true
|
||
|
|
offline: true
|
||
|
|
when: setup_firewall
|