First version of the uffd collection

TODO: The build role should probably be replaced by some intragration as a .build quadlet.

Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>

roles/uffd/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+uffd_podman_network: 'uffd-net'
+
+uffd_conf_dir: '/etc/uffd'
+uffd_static_files_volume: 'uffd-static-files'
+uffd_data_volume: 'uffd-data'
+
+uffd_image_name: 'localhost/uffd:latest'
+
+uffd_nginx_image_name: 'docker.io/library/nginx'
+uffd_nginx_image_tag: 'latest'

roles/uffd/handlers/main.yml

@@ -0,0 +1,38 @@
+---
+- name: 'Reload uffd services'
+  become: true
+  ansible.builtin.service:
+    daemon_reload: true
+
+- name: 'Restart uffd network'
+  become: true
+  ansible.builtin.service:
+    name: '{{ uffd_podman_network }}-network'
+    state: 'restarted'
+
+- name: 'Restart uffd volumes'
+  become: true
+  ansible.builtin.service:
+    name: '{{ item }}-volume'
+    state: 'restarted'
+  loop:
+    - '{{ uffd_static_files_volume }}'
+    - '{{ uffd_data_volume }}'
+
+- name: 'Restart uffd container'
+  become: true
+  ansible.builtin.service:
+    name: 'uffd-app'
+    state: 'restarted'
+
+- name: 'Restart uffd-nginx image'
+  become: true
+  ansible.builtin.service:
+    name: 'uffd-nginx-image.service'
+    state: 'restarted'
+
+- name: 'Restart uffd-nginx container'
+  become: true
+  ansible.builtin.service:
+    name: 'uffd-nginx'
+    state: 'restarted'

roles/uffd/tasks/main.yml

@@ -0,0 +1,110 @@
+---
+- name: 'Install required software'
+  become: true
+  ansible.builtin.apt:
+    name: 'podman'
+    state: 'present'
+
+- name: 'Prepare uffd network'
+  become: true
+  containers.podman.podman_network:
+    name: '{{ uffd_podman_network }}'
+    ipv6: true
+    state: 'quadlet'
+  notify:
+    - 'Reload uffd services'
+    - 'Restart uffd network'
+
+- name: 'Prepare uffd volumes'
+  become: true
+  containers.podman.podman_volume:
+    name: '{{ item }}'
+    state: 'quadlet'
+  loop:
+    - '{{ uffd_static_files_volume }}'
+    - '{{ uffd_data_volume }}'
+  notify:
+    - 'Reload uffd services'
+    - 'Restart uffd volumes'
+
+- name: 'Create uffd config directory'
+  become: true
+  ansible.builtin.file:
+    path: '{{ uffd_conf_dir }}'
+    state: 'directory'
+    mode: 'u=rwx,g=rx,o=rx'
+
+- name: 'Generate uffd configuration'
+  become: true
+  ansible.builtin.template:
+    src: 'uffd.cfg.j2'
+    dest: '{{ uffd_conf_dir }}/uffd.cfg'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+  notify: 'Restart uffd container'
+
+- name: 'Create uffd container'
+  become: true
+  containers.podman.podman_container:
+    name: 'uffd-app'
+    image: '{{ uffd_image_name }}'
+    network: '{{ uffd_podman_network }}.network'
+    state: 'quadlet'
+    volume:
+      - '{{ uffd_static_files_volume }}.volume:/var/www/uffd'
+      - '{{ uffd_data_volume }}.volume:/var/lib/uffd'
+      - '{{ uffd_conf_dir }}/uffd.cfg:/etc/uffd/uffd.cfg:ro'
+    env:
+      UFFD_INITIAL_ADMIN_USER: '{{ uffd_initial_admin_user }}'
+      UFFD_INITIAL_ADMIN_PW: '{{ uffd_initial_admin_pw }}'
+      UFFD_INITIAL_ADMIN_MAIL: '{{ uffd_initial_admin_mail }}'
+    ports: []
+    quadlet_options: |
+      [Install]
+      WantedBy=default.target
+  notify:
+    - 'Reload uffd services'
+    - 'Restart uffd container'
+
+- name: 'Define uffd-nginx image'
+  become: true
+  containers.podman.podman_image:
+    name: '{{ uffd_nginx_image_name }}:{{ uffd_nginx_image_tag }}'
+    quadlet_filename: 'uffd-nginx'
+    state: 'quadlet'
+  notify:
+    - 'Reload uffd services'
+    - 'Restart uffd-nginx image'
+
+- name: 'Write uffd-nginx config'
+  become: true
+  ansible.builtin.template:
+    src: 'nginx.conf.j2'
+    dest: '{{ uffd_conf_dir }}/nginx.conf'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+  notify:
+    - 'Restart uffd-nginx container'
+
+- name: 'Create uffd-nginx container'
+  become: true
+  containers.podman.podman_container:
+    name: 'uffd-nginx'
+    image: 'uffd-nginx.image'
+    network: '{{ uffd_podman_network }}.network'
+    state: 'quadlet'
+    volume:
+      - '{{ uffd_static_files_volume }}.volume:/var/www/uffd'
+      - '{{ uffd_conf_dir }}/nginx.conf:/etc/nginx/conf.d/default.conf:ro'
+    ports: []
+    quadlet_options: |
+      [Install]
+      WantedBy=default.target
+      [Unit]
+      Requires=uffd-app.service
+      After=uffd-app.service
+  notify:
+    - 'Reload uffd services'
+    - 'Restart uffd-nginx container'

roles/uffd/templates/nginx.conf.j2

@@ -0,0 +1,13 @@
+server {
+    listen          80;
+    server_name     _;
+
+    location / {
+        uwsgi_pass  uffd-app:3031;
+        include     uwsgi_params;
+    }
+
+    location /static {
+        alias       /var/www/uffd/static;
+    }
+}

roles/uffd/templates/uffd.cfg.j2

@@ -0,0 +1,31 @@
+FLASK_ENV = "production"
+SQLALCHEMY_DATABASE_URI = "sqlite:////var/lib/uffd/db.sqlite"
+SECRET_KEY = "{{ uffd_secret_key }}"
+
+MAIL_FROM_ADDRESS = "{{ uffd_mail_from_address }}"
+MAIL_SERVER = "{{ uffd_mail_server }}"
+MAIL_PORT = "{{ uffd_mail_port }}"
+MAIL_USE_STARTTLS = "{{ uffd_mail_use_starttls }}"
+MAIL_USERNAME = "{{ uffd_mail_username }}"
+MAIL_PASSWORD = "{{ uffd_mail_password }}"
+
+MFA_RP_NAME = "{{ uffd_mfa_rp_name }}"
+FOOTER_LINKS= [{"url": "{{ uffd_footer_links_url }}", "title": "{{ uffd_footer_links_title }}"}]
+DEFAULT_PAGE_SERVICES = "{{ uffd_default_page_services }}"
+SITE_TITLE = '{{ uffd_site_title }}'
+ORGANISATION_NAME = '{{ uffd_organisation_name }}'
+ORGANISATION_CONTACT = '{{ uffd_organisation_contact }}'
+
+SERVICES=[
+{% for service in uffd_services %}
+    {
+        'title': '{{ service.title }}',
+        'subtitle': '{{ service.subtitle }}',
+        'description': '{{ service.description }}',
+        'url': '{{ service.url }}',
+        'logo_url': '{{ service.logo_url }}',
+        'required_group': '{{ service.required_group }}',
+    },
+{% endfor %}
+]
+