From b46cf2027341c5faf34b945952eaaa1a578b8910 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Sat, 8 Aug 2020 09:49:57 -0500
Subject: Added miniflux role.

---
 miniflux/defaults/main.yaml         |  7 +++++
 miniflux/files/miniflux.service     | 13 +++++++++
 miniflux/handlers/main.yaml         |  5 ++++
 miniflux/tasks/main.yaml            | 53 +++++++++++++++++++++++++++++++++++++
 miniflux/templates/miniflux.conf.j2 | 10 +++++++
 miniflux/templates/nginx.conf.j2    | 30 +++++++++++++++++++++
 miniflux/templates/setup_db.psql.j2 |  5 ++++
 7 files changed, 123 insertions(+)
 create mode 100644 miniflux/defaults/main.yaml
 create mode 100644 miniflux/files/miniflux.service
 create mode 100644 miniflux/handlers/main.yaml
 create mode 100644 miniflux/tasks/main.yaml
 create mode 100644 miniflux/templates/miniflux.conf.j2
 create mode 100644 miniflux/templates/nginx.conf.j2
 create mode 100644 miniflux/templates/setup_db.psql.j2

(limited to 'miniflux')

diff --git a/miniflux/defaults/main.yaml b/miniflux/defaults/main.yaml
new file mode 100644
index 0000000..3550b30
--- /dev/null
+++ b/miniflux/defaults/main.yaml
@@ -0,0 +1,7 @@
+---
+
+miniflux_port: "8555"
+miniflux_admin_pass: "admin"
+miniflux_arch: "armv8"
+miniflux_version: "2.0.22"
+miniflux_url: "https://github.com/miniflux/miniflux/releases/download/{{miniflux_version}}/miniflux-linux-{{miniflux_arch}}"
diff --git a/miniflux/files/miniflux.service b/miniflux/files/miniflux.service
new file mode 100644
index 0000000..7a21748
--- /dev/null
+++ b/miniflux/files/miniflux.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Miniflux Feed Reader
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/miniflux.conf
+User=miniflux
+ExecStart=/usr/local/bin/miniflux
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/miniflux/handlers/main.yaml b/miniflux/handlers/main.yaml
new file mode 100644
index 0000000..5273dfd
--- /dev/null
+++ b/miniflux/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+
+- name: restart miniflux service
+  become: yes
+  systemd: name="miniflux.service" state="restarted" daemon_reload="yes"
diff --git a/miniflux/tasks/main.yaml b/miniflux/tasks/main.yaml
new file mode 100644
index 0000000..ba76c17
--- /dev/null
+++ b/miniflux/tasks/main.yaml
@@ -0,0 +1,53 @@
+---
+
+- name: add miniflux user
+  become: yes
+  user: name="miniflux" system="yes" create_home="no"
+
+- name: download miniflux
+  become: yes
+  get_url:
+    url: "{{miniflux_url}}"
+    dest: "/usr/local/bin/miniflux"
+    owner: "root"
+    group: "root"
+    mode: "0755"
+
+- name: configure miniflux
+  become: yes
+  template:
+    src: "miniflux.conf.j2"
+    dest: "/etc/miniflux.conf"
+    owner: "root"
+    group: "root"
+    mode: "0755"
+  notify: restart miniflux service
+
+- name: install miniflux schema file
+  become: yes
+  template:
+    src: "setup_db.psql.j2"
+    dest: "/tmp/setup_db_miniflux.psql"
+    owner: "postgres"
+    group: "postgres"
+    mode: "0600"
+
+- name: install pleroma psql
+  become: yes
+  become_user: "postgres"
+  command: "psql -f /tmp/setup_db_miniflux.psql"
+  changed_when: false
+
+- name: install systemd service
+  become: yes
+  copy:
+    src: "miniflux.service"
+    dest: "/lib/systemd/system/miniflux.service"
+    owner: "root"
+    group: "root"
+    mode: "0755"
+  notify: restart miniflux service
+
+- name: ensure service is started
+  become: yes
+  systemd: name="miniflux.service" enabled="yes" state="started"
diff --git a/miniflux/templates/miniflux.conf.j2 b/miniflux/templates/miniflux.conf.j2
new file mode 100644
index 0000000..ac9c32f
--- /dev/null
+++ b/miniflux/templates/miniflux.conf.j2
@@ -0,0 +1,10 @@
+# See https://miniflux.app/docs/
+
+LISTEN_ADDR={{miniflux_listen}}
+
+DATABASE_URL=user=miniflux password={{miniflux_db_pass}} dbname=miniflux sslmode=disable
+RUN_MIGRATIONS=1
+
+CREATE_ADMIN=1
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD={{miniflux_admin_pass}}
diff --git a/miniflux/templates/nginx.conf.j2 b/miniflux/templates/nginx.conf.j2
new file mode 100644
index 0000000..b0e4c32
--- /dev/null
+++ b/miniflux/templates/nginx.conf.j2
@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    # listen [::]:443 ssl ipv6only=on;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location / {
+        proxy_pass {{nginx_proxy_pass}};
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/miniflux/templates/setup_db.psql.j2 b/miniflux/templates/setup_db.psql.j2
new file mode 100644
index 0000000..f1867e7
--- /dev/null
+++ b/miniflux/templates/setup_db.psql.j2
@@ -0,0 +1,5 @@
+CREATE USER miniflux WITH ENCRYPTED PASSWORD '{{miniflux_db_pass}}';
+CREATE DATABASE miniflux WITH OWNER miniflux;
+\c miniflux;
+--Extensions made by miniflux that need superuser access
+CREATE EXTENSION IF NOT EXISTS hstore;
-- 
cgit v1.2.3