diff --git a/README.md b/README.md index fd23f2a..69dc54a 100644 --- a/README.md +++ b/README.md @@ -16,9 +16,13 @@ Role Variables | Variable | Description | Default | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | -| docker_user | The user who is going to manage/run the Docker Compose services | deploy | +| cryptpad_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} | +| cryptpad_install_path | The location where the service should be deployed | /home/{{ cryptpad_install_user }} | +| cryptpad_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | | | cryptpad_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost | | cryptpad_safe_virtual_host | See above, and: this additonal domain is used together with `cryptpad_virtual_host` for additional security and must not be the same! More docs are in the `config.js` template | | +| cryptpad_http_address | The address under which this instance can be found | 127.0.0.1 | +| cryptpad_exposed_port | The port under which this instance connects to the host | 3000 | | cryptpad_http_unsafe_origin_url | The URL of the public entrypoint URL, e.g. `https://pad.example.tld` | https:// + $cryptpad_virtual_host | | cryptpad_http_safe_origin_url | The URL of the safe public URL, e.g. `https://pad-sandbox.example.tld` | | | cryptpad_admin_email | An email address that will be published on the `/contact.html` page | | diff --git a/defaults/main.yml b/defaults/main.yml index 9050ece..9a51d83 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,12 @@ --- # defaults file for jotbe.cryptpad-docker +cryptpad_install_user: '{{ ansible_user }}' # This user must be present on the host +cryptpad_install_path: '/home/{{ cryptpad_install_user }}' +cryptpad_multitenant_label: cryptpad_http_address: 127.0.0.1 +cryptpad_exposed_port: 3000 cryptpad_http_unsafe_origin_url: https://{{ cryptpad_virtual_host }} cryptpad_http_safe_origin_url: https://{{ cryptpad_safe_virtual_host }} -cryptpad_block_daily_check: no \ No newline at end of file +cryptpad_block_daily_check: no +# Internal variables +cryptpad_multitenant_postfix: "{{ '_' + cryptpad_multitenant_label if (cryptpad_multitenant_label) else '' }}" diff --git a/tasks/main.yml b/tasks/main.yml index d0d15d9..fa41e6d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,21 +2,21 @@ # tasks file for jotbe.cryptpad-docker - name: Ensure Docker Compose project directory exists file: - path: /home/{{ docker_user }}/cryptpad + path: "{{ cryptpad_install_path }}/cryptpad" state: directory - owner: '{{ docker_user }}' - group: '{{ docker_user }}' + owner: '{{ cryptpad_install_user }}' + group: '{{ cryptpad_install_user }}' - name: Provide docker-compose.yml template: src: templates/docker-compose.cryptpad.yml.j2 - dest: /home/{{ docker_user }}/cryptpad/docker-compose.yml - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ cryptpad_install_path }}/cryptpad/docker-compose.yml" + owner: "{{ cryptpad_install_user }}" + group: "{{ cryptpad_install_user }}" mode: '0644' - name: Output docker-compose.yml - shell: cat /home/{{ docker_user }}/cryptpad/docker-compose.yml + shell: cat {{ cryptpad_install_path }}/cryptpad/docker-compose.yml register: output - debug: @@ -24,9 +24,9 @@ - name: Provide env vars copy: - dest: /home/{{ docker_user }}/cryptpad/.env - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ cryptpad_install_path }}/cryptpad/.env" + owner: "{{ cryptpad_install_user }}" + group: "{{ cryptpad_install_user }}" mode: '0640' content: | VERSION=v3.24.0 @@ -36,28 +36,28 @@ - name: Ensure cryptpad config directory exists file: - path: /home/{{ docker_user }}/cryptpad/data/config + path: "{{ cryptpad_install_path }}/cryptpad/data/config" state: directory - owner: '{{ docker_user }}' - group: '{{ docker_user }}' + owner: '{{ cryptpad_install_user }}' + group: '{{ cryptpad_install_user }}' - name: Provide cryptpad config template: src: templates/config.js.j2 - dest: /home/{{ docker_user }}/cryptpad/data/config/config.js - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ cryptpad_install_path }}/cryptpad/data/config/config.js" + owner: "{{ cryptpad_install_user }}" + group: "{{ cryptpad_install_user }}" mode: '0644' - name: "docker-compose: Teardown existing cryptpad service" docker_compose: - project_src: "/home/{{ docker_user }}/cryptpad/" + project_src: "{{ cryptpad_install_path }}/cryptpad/" state: absent tags: ['never', 'teardown'] - name: "docker-compose: Start cryptpad service" docker_compose: - project_src: "/home/{{ docker_user }}/cryptpad/" + project_src: "{{ cryptpad_install_path }}/cryptpad/" pull: yes register: output tags: service_start diff --git a/templates/docker-compose.cryptpad.yml.j2 b/templates/docker-compose.cryptpad.yml.j2 index 46c7352..1a270e1 100644 --- a/templates/docker-compose.cryptpad.yml.j2 +++ b/templates/docker-compose.cryptpad.yml.j2 @@ -3,25 +3,26 @@ services: cryptpad: image: "promasu/cryptpad:${VERSION}" - hostname: cryptpad + container_name: cryptpad{{ cryptpad_multitenant_postfix }} + hostname: cryptpad{{ cryptpad_multitenant_postfix }} labels: - "traefik.enable=true" - - "traefik.port=3000" + - "traefik.port={{ cryptpad_exposed_port }}" - "traefik.docker.network=traefik_public" - - "traefik.http.routers.cryptpad.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)" - - "traefik.http.routers.cryptpad.entrypoints=websecure" - - "traefik.http.routers.cryptpad.tls=true" - - "traefik.http.routers.cryptpad.tls.certresolver=defaultresolver" - - "traefik.http.middlewares.cryptpad-headers.headers.SSLRedirect=true" - - "traefik.http.middlewares.cryptpad-headers.headers.browserXSSFilter=true" - - "traefik.http.middlewares.cryptpad-headers.headers.contentTypeNosniff=true" - - "traefik.http.middlewares.cryptpad-headers.headers.forceSTSHeader=true" - - "traefik.http.middlewares.cryptpad-headers.headers.STSSeconds=315360000" - - "traefik.http.middlewares.cryptpad-headers.headers.STSIncludeSubdomains=true" - - "traefik.http.middlewares.cryptpad-headers.headers.STSPreload=true" - - "traefik.http.middlewares.cryptpad-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" - - "traefik.http.routers.cryptpad.middlewares=cryptpad-headers" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.entrypoints=websecure" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls=true" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls.certresolver=defaultresolver" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.SSLRedirect=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.browserXSSFilter=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.contentTypeNosniff=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.forceSTSHeader=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSSeconds=315360000" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSPreload=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.middlewares=cryptpad{{ cryptpad_multitenant_postfix }}-headers" - "traefik.frontend.passHostHeader=true" environment: - USE_SSL=${USE_SSL}