Browse Source

First commit

master
Mablr 1 year ago
commit
e86513aeb8
Signed by: mablr GPG Key ID: 7568670EF499017A
15 changed files with 331 additions and 0 deletions
  1. +38
    -0
      README.md
  2. +16
    -0
      defaults/main.yml
  3. +6
    -0
      handlers/main.yml
  4. +11
    -0
      meta/main.yml
  5. +10
    -0
      tasks/main.yml
  6. +31
    -0
      tasks/nginx.yml
  7. +8
    -0
      tasks/prepare.yml
  8. +53
    -0
      tasks/rss-bridge.yml
  9. +83
    -0
      templates/config.ini.php.j2
  10. +37
    -0
      templates/nginx.conf.j2
  11. +25
    -0
      templates/nginx_vhost.conf.j2
  12. +4
    -0
      templates/whitelist.txt.j2
  13. +2
    -0
      tests/inventory
  14. +5
    -0
      tests/test.yml
  15. +2
    -0
      vars/main.yml

+ 38
- 0
README.md View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

+ 16
- 0
defaults/main.yml View File

@ -0,0 +1,16 @@
---
# defaults file for rss-bridge
rssb_requirements:
- nginx
- php-fpm
- php-xml
- php-mbstring
- php-curl
- php-json
rssb_path: /var/www/rssb/
rssb_domain: rssb.example.com
rssb_bridges: []
rssb_auth: "false"
rssb_username: ""
rssb_password: ""
rssb_email: ""

+ 6
- 0
handlers/main.yml View File

@ -0,0 +1,6 @@
---
# handlers file for rss-bridge
- name: restart nginx
systemd:
name: nginx
state: restarted

+ 11
- 0
meta/main.yml View File

@ -0,0 +1,11 @@
galaxy_info:
author: Mablr
description: rss-bridge role
license: GPL-3.0-only
min_ansible_version: 2.8
platforms:
- name: Debian
versions:
- buster
galaxy_tags: [rss, bridge, nginx, php]

+ 10
- 0
tasks/main.yml View File

@ -0,0 +1,10 @@
---
# tasks file for rss-bridge
- include_tasks: prepare.yml
tags: prepare
- include_tasks: nginx.yml
tags: nginx
- include_tasks: rss-bridge.yml
tags: rss-bridge

+ 31
- 0
tasks/nginx.yml View File

@ -0,0 +1,31 @@
---
# tasks file for rss-bridge
- name: nginx | configure nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: 0640
notify: restart nginx
tags:
- nginx-config
- name: nginx | configure vhost
template:
src: nginx_vhost.conf.j2
dest: /etc/nginx/sites-available/rssb
owner: root
group: root
mode: 0640
tags:
- nginx-vhost-create
- name: nginx | enable vhost
file:
src: /etc/nginx/sites-available/rssb
dest: /etc/nginx/sites-enabled/rssb
state: link
notify: restart nginx
tags:
- nginx-vhost-enable

+ 8
- 0
tasks/prepare.yml View File

@ -0,0 +1,8 @@
---
# tasks file for rss-bridge
- name: prepare | install rss-bridge requirements
apt:
name: "{{ rssb_requirements }}"
state: present
tags:
- rss-bridge-requirements

+ 53
- 0
tasks/rss-bridge.yml View File

@ -0,0 +1,53 @@
---
# tasks file for rss-bridge
- name: rss-bridge | get latest tag
# cf https://gist.github.com/lukechilds/a83e1d7127b78fef38c2914c4ececc3c
shell: |
/usr/bin/curl --silent 'https://api.github.com/repos/RSS-Bridge/rss-bridge/releases/latest' |\
/bin/grep 'tag_name' |\
/bin/sed -E 's/.*\"([^\"]+)\".*/\1/'
args:
executable: /bin/bash
register: rssb_latest_version
tags:
- rss-bridge-version
- name: rss-bridge | clone git repo
git:
repo: "https://github.com/RSS-Bridge/rss-bridge"
dest: "{{ rssb_path }}"
force: yes
version: "{{ rssb_latest_version.stdout }}"
tags:
- rss-bridge-clone
- name: rss-bridge | update rss-bridge config
template:
src: config.ini.php.j2
dest: "{{ rssb_path }}config.ini.php"
owner: www-data
group: www-data
mode: 0640
tags:
- rss-bridge-config
- name: rss-bridge | update bridge whitelist
template:
src: whitelist.txt.j2
dest: "{{ rssb_path }}whitelist.txt"
owner: www-data
group: www-data
mode: 0640
tags:
- rss-bridge-whitelist
- name: rss-bridge | adjust webdir ownership
file:
path: "{{ rssb_path }}"
state: directory
recurse: yes
owner: www-data
group: www-data
tags:
- rss-bridge-ownership

+ 83
- 0
templates/config.ini.php.j2 View File

@ -0,0 +1,83 @@
; <?php exit; ?> DO NOT REMOVE THIS LINE
; This file contains the default settings for RSS-Bridge. Do not change this
; file, it will be replaced on the next update of RSS-Bridge! You can specify
; your own configuration in 'config.ini.php' (copy this file).
[system]
; Defines the timezone used by RSS-Bridge
; Find a list of supported timezones at
; https://www.php.net/manual/en/timezones.php
; timezone = "UTC" (default)
timezone = "UTC"
[cache]
; Defines the cache type used by RSS-Bridge
; "file" = FileCache (default)
type = "file"
; Allow users to specify custom timeout for specific requests.
; true = enabled
; false = disabled (default)
custom_timeout = false
[admin]
; Advertise an email address where people can reach the administrator.
; This address is displayed on the main page, visible to everyone!
; "" = Disabled (default)
email = "{{ rssb_email }}"
[proxy]
; Sets the proxy url (i.e. "tcp://192.168.0.0:32")
; "" = Proxy disabled (default)
url = ""
; Sets the proxy name that is shown on the bridge instead of the proxy url.
; "" = Show proxy url
name = "Hidden proxy name"
; Allow users to disable proxy usage for specific requests.
; true = enabled
; false = disabled (default)
by_bridge = false
[authentication]
; Enables authentication for all requests to this RSS-Bridge instance.
;
; Warning: You'll have to upgrade existing feeds after enabling this option!
;
; true = enabled
; false = disabled (default)
enable = {{ rssb_auth }}
; The username for authentication. Insert this name when prompted for login.
username = "{{ rssb_username }}"
; The password for authentication. Insert this password when prompted for login.
; Use a strong password to prevent others from guessing your login!
password = "{{ rssb_password }}"
[error]
; Defines how error messages are returned by RSS-Bridge
;
; "feed" = As part of the feed (default)
; "http" = As HTTP error message
; "none" = No errors are reported
output = "feed"
; Defines how often an error must occur before it is reported to the user
report_limit = 1
; --- Cache specific configuration ---------------------------------------------
[SQLiteCache]
file = "cache.sqlite"
[MemcachedCache]
host = "localhost"
port = 11211

+ 37
- 0
templates/nginx.conf.j2 View File

@ -0,0 +1,37 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
set_real_ip_from 127.0.0.1;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.2.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 128;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
resolver {{ nginx_resolver|default('127.0.0.1') }};
resolver_timeout 10s;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

+ 25
- 0
templates/nginx_vhost.conf.j2 View File

@ -0,0 +1,25 @@
server {
listen 80;
listen [::]:80;
root {{ rssb_path }};
index index.php;
server_name {{ rssb_domain }};
location / {
try_files $uri $uri/ =404;
}
location ~ /\. {
deny all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
add_header Content-Security-Policy "default-src 'self';";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
}

+ 4
- 0
templates/whitelist.txt.j2 View File

@ -0,0 +1,4 @@
# Ansible managed
{% for bridge in rssb_bridges %}
{{ bridge }}
{% endfor %}

+ 2
- 0
tests/inventory View File

@ -0,0 +1,2 @@
localhost

+ 5
- 0
tests/test.yml View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- rss-bridge

+ 2
- 0
vars/main.yml View File

@ -0,0 +1,2 @@
---
# vars file for rss-bridge

Loading…
Cancel
Save