From 2feefdb5f1a66d35e844904f2a1ac0effdeb0cef Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Wed, 17 Apr 2019 13:37:19 +0200
Subject: [PATCH] create tt-rss role

---
 defaults/main.yml                  |  21 ++++
 handlers/main.yml                  |   2 +
 meta/main.yml                      |   4 +
 tasks/main.yml                     |  53 +++++++++
 templates/config.php.j2            | 165 +++++++++++++++++++++++++++++
 templates/fail2ban/tt-rss.local.j2 |   7 ++
 6 files changed, 252 insertions(+)
 create mode 100644 templates/config.php.j2
 create mode 100644 templates/fail2ban/tt-rss.local.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index e69de29..fc55b45 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,21 @@
+---
+# defaults file for tt-rss
+# Database user
+ttrss_db_user: ttrss
+# Database password, please change when using the role
+ttrss_db_password: ttrss
+# Database name
+ttrss_db_name: ttrss
+
+# Path to the folder, where Tiny Tiny RSS will be installed
+ttrss_install_path: "/usr/share/nginx/html/tt-rss"
+#  URL PATH of the Tiny Tiny RSS installation, change only when you know what you do
+ttrss_url_path: "http://{{ ansible_default_ipv4.address }}/{{ ttrss_install_path | basename }}/"
+# Enable gzip out to improve wire performance, This requires PHP Zlib extension on the server
+# Set to True or False
+ttrss_enable_gzip: true
+# Sets log destination for Tiny Tiny RSS
+# syslog - logs to system log
+# sql - logs to database, can be seen in Preferences -> System
+# '' - uses PHP logging, usually the http server error log
+ttrss_log_destination: "syslog"
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
index e69de29..fcd2f38 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Restart tt-rss daemon
+  service: name=tt-rss state=restarted
\ No newline at end of file
diff --git a/meta/main.yml b/meta/main.yml
index e69de29..05d6d34 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -0,0 +1,4 @@
+dependencies: 
+          - nginx
+          - php 
+          - mariadb
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index e69de29..e1db1d8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,53 @@
+
+- name: install tt-rss
+  become: yes
+  pacman:
+    name: tt-rss
+    state: present
+
+
+- name: "Ensure database is present"
+  become: yes
+  mysql_db: 
+    name: "{{ ttrss_db_name }}"
+    collation: utf8_general_ci
+    encoding: utf8
+    target: /usr/share/webapps/tt-rss/schema/ttrss_schema_mysql.sql
+    state: import
+
+- name: "Ensure db user is present"
+  become: yes
+  mysql_user: 
+    name: "{{ ttrss_db_user }}"
+    host: localhost
+    password: "{{ ttrss_db_password }}"
+    priv: "{{ ttrss_db_name }}.*:ALL"
+    state: present
+
+
+- name: link tt-rss folder to WWW
+  become: yes
+  file:
+    src: /usr/share/webapps/tt-rss 
+    dest: "{{ttrss_install_path}}"
+    state: link
+
+- name: Ensure config.php is present
+  template:
+    src: config.php.j2
+    dest: /etc/webapps/tt-rss/config.php
+  become: yes
+
+- name: copy failtoban config
+  template:
+    src: fail2ban/tt-rss.local.j2
+    dest: /etc/fail2ban/jail.d/tt-rss.local
+  notify: restart fail2ban
+  become: yes
+
+- name: enable daemon
+  service:
+    name: tt-rss # required. Name of the service.
+    enabled: true # not required. Whether the service should start on boot. B(At least one of state and enabled are required.)
+    state: started # not required. choices: reloaded;restarted;started;stopped. C(started)/C(stopped) are idempotent actions that will not run commands unless necessary.  C(restarted) will always bounce the service.  C(reloaded) will always reload. B(At least one of state and enabled are required.) Note that reloaded will start the service if it is not already started, even if your chosen init system wouldn't normally.
+  become: yes
diff --git a/templates/config.php.j2 b/templates/config.php.j2
new file mode 100644
index 0000000..5e659b4
--- /dev/null
+++ b/templates/config.php.j2
@@ -0,0 +1,165 @@
+<?php
+	// *******************************************
+	// *** Database configuration (important!) ***
+	// *******************************************
+	define('DB_TYPE', 'mysql');
+	define('DB_HOST', 'localhost');
+	define('DB_USER', '{{ ttrss_db_user}}');
+	define('DB_NAME', '{{ttrss_db_name}}');
+	define('DB_PASS', '{{ ttrss_db_password }}');
+	define('DB_PORT', '5432');
+	define('MYSQL_CHARSET', 'UTF8');
+	// Connection charset for MySQL. If you have a legacy database and/or experience
+	// garbage unicode characters with this option, try setting it to a blank string.
+	// ***********************************
+	// *** Basic settings (important!) ***
+	// ***********************************
+	define('SELF_URL_PATH', '{{ ttrss_url_path }}');
+	// Full URL of your tt-rss installation. This should be set to the
+	// location of tt-rss directory, e.g. http://example.org/tt-rss/
+	// You need to set this option correctly otherwise several features
+	// including PUSH, bookmarklets and browser integration will not work properly.
+	define('FEED_CRYPT_KEY', '');
+	// Key used for encryption of passwords for password-protected feeds
+	// in the database. A string of 24 random characters. If left blank, encryption
+	// is not used. Requires mcrypt functions.
+	// Warning: changing this key will make your stored feed passwords impossible
+	// to decrypt.
+	
+	define('SINGLE_USER_MODE', false);
+	// Operate in single user mode, disables all functionality related to
+	// multiple users and authentication. Enabling this assumes you have
+	// your tt-rss directory protected by other means (e.g. http auth).
+	define('SIMPLE_UPDATE_MODE', false);
+	// Enables fallback update mode where tt-rss tries to update feeds in
+	// background while tt-rss is open in your browser. 
+	// If you don't have a lot of feeds and don't want to or can't run 
+	// background processes while not running tt-rss, this method is generally 
+	// viable to keep your feeds up to date.
+	// Still, there are more robust (and recommended) updating methods 
+	// available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
+	// *****************************
+	// *** Files and directories ***
+	// *****************************
+	define('PHP_EXECUTABLE', '/usr/bin/php');
+	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss 
+	// programs and update daemon. Do not try to use CGI binary here, it won't work. 
+	// If you see HTTP headers being displayed while running tt-rss scripts, 
+	// then most probably you are using the CGI binary. If you are unsure what to 
+	// put in here, ask your hosting provider.
+	define('LOCK_DIRECTORY', 'lock');
+	// Directory for lockfiles, must be writable to the user you run
+	// daemon process or cronjobs under.
+	define('CACHE_DIR', 'cache');
+	// Local cache directory for RSS feed content.
+	define('ICONS_DIR', "feed-icons");
+	define('ICONS_URL', "feed-icons");
+	// Local and URL path to the directory, where feed favicons are stored.
+	// Unless you really know what you're doing, please keep those relative
+	// to tt-rss main directory.
+	// **********************
+	// *** Authentication ***
+	// **********************
+	// Please see PLUGINS below to configure various authentication modules.
+	define('AUTH_AUTO_CREATE', true);
+	// Allow authentication modules to auto-create users in tt-rss internal
+	// database when authenticated successfully.
+	define('AUTH_AUTO_LOGIN', true);
+	// Automatically login user on remote or other kind of externally supplied
+	// authentication, otherwise redirect to login form as normal.
+	// If set to true, users won't be able to set application language
+	// and settings profile.
+	// *********************
+	// *** Feed settings ***
+	// *********************
+	define('FORCE_ARTICLE_PURGE', 0);
+	// When this option is not 0, users ability to control feed purging
+	// intervals is disabled and all articles (which are not starred) 
+	// older than this amount of days are purged.
+	// *** PubSubHubbub settings ***
+	define('PUBSUBHUBBUB_HUB', '');
+	// URL to a PubSubHubbub-compatible hub server. If defined, "Published
+	// articles" generated feed would automatically become PUSH-enabled.
+	define('PUBSUBHUBBUB_ENABLED', false);
+	// Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss
+	// won't try to subscribe to PUSH feed updates.
+	// ****************************
+	// *** Sphinx search plugin ***
+	// ****************************
+	define('SPHINX_SERVER', 'localhost:9312');
+	// Hostname:port combination for the Sphinx server.
+	define('SPHINX_INDEX', 'ttrss, delta');
+	// Index name in Sphinx configuration. You can specify multiple indexes
+	// as a comma-separated string.
+	// Example configuration files are available on tt-rss wiki.
+	// ***********************************
+	// *** Self-registrations by users ***
+	// ***********************************
+	define('ENABLE_REGISTRATION', false);
+	// Allow users to register themselves. Please be aware that allowing
+	// random people to access your tt-rss installation is a security risk
+	// and potentially might lead to data loss or server exploit. Disabled
+	// by default.
+	define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
+	// Email address to send new user notifications to.
+	define('REG_MAX_USERS', 10);
+	// Maximum amount of users which will be allowed to register on this
+	// system. 0 - no limit.
+	// **********************************
+	// *** Cookies and login sessions ***
+	// **********************************
+	
+	define('SESSION_COOKIE_LIFETIME', 86400);
+	// Default lifetime of a session (e.g. login) cookie. In seconds, 
+	// 0 means cookie will be deleted when browser closes.
+	// *********************************
+	// *** Email and digest settings ***
+	// *********************************
+	define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+	define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
+	// Name, address and subject for sending outgoing mail. This applies
+	// to password reset notifications, digest emails and any other mail.
+	define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+	// Subject line for email digests
+	define('SMTP_SERVER', '');
+	// Hostname:port combination to send outgoing mail (i.e. localhost:25). 
+	// Blank - use system MTA.
+	
+	define('SMTP_LOGIN', '');
+	define('SMTP_PASSWORD', '');
+	// These two options enable SMTP authentication when sending
+	// outgoing mail. Only used with SMTP_SERVER.
+	define('SMTP_SECURE', '');
+	// Used to select a secure SMTP connection. Allowed values: ssl, tls,
+	// or empty.
+	
+	// ***************************************
+	// *** Other settings (less important) ***
+	// ***************************************
+	define('CHECK_FOR_UPDATES', true);
+	// Check for updates automatically if running Git version
+ 
+	define('ENABLE_GZIP_OUTPUT', {{ ttrss_enable_gzip}});
+	// Selectively gzip output to improve wire performance. This requires
+	// PHP Zlib extension on the server.
+	// Enabling this can break tt-rss in several httpd/php configurations,
+	// if you experience weird errors and tt-rss failing to start, blank pages
+	// after login, or content encoding errors, disable it.
+	define('PLUGINS', 'auth_internal, note');
+	// Comma-separated list of plugins to load automatically for all users.
+	// System plugins have to be specified here. Please enable at least one
+	// authentication plugin here (auth_*).
+	// Users may enable other user plugins from Preferences/Plugins but may not
+	// disable plugins specified in this list.
+	// Disabling auth_internal in this list would automatically disable
+	// reset password link on the login form.
+	
+	define('LOG_DESTINATION', '{{ ttrss_log_destination }}');
+	// Log destination to use. Possible values: sql (uses internal logging
+	// you can read in Preferences -> System), syslog - logs to system log.
+	// Setting this to blank uses PHP logging (usually to http server 
+	// error.log).
+	define('CONFIG_VERSION', 26);
+	// Expected config version. Please update this option in config.php
+	// if necessary (after migrating all new options from this file).
+	// vim:ft=php
\ No newline at end of file
diff --git a/templates/fail2ban/tt-rss.local.j2 b/templates/fail2ban/tt-rss.local.j2
new file mode 100644
index 0000000..4af3c1c
--- /dev/null
+++ b/templates/fail2ban/tt-rss.local.j2
@@ -0,0 +1,7 @@
+[tt-rss]
+enabled  = true
+port     = http,https
+filter   = tt-rss
+logpath  = {{ nginx_error_log.split(" ")[0] }}
+findtime  = 3600
+maxretry = 5