@ -0,0 +1,139 @@ | |||
#! /bin/sh | |||
### BEGIN INIT INFO | |||
# Provides: znc | |||
# Required-Start: $remote_fs $syslog | |||
# Required-Stop: $remote_fs $syslog | |||
# Default-Start: 2 3 4 5 | |||
# Default-Stop: 0 1 6 | |||
# Short-Description: ZNC IRC bouncer | |||
# Description: ZNC is an IRC bouncer | |||
### END INIT INFO | |||
PATH=/sbin:/usr/sbin:/bin:/usr/bin | |||
DESC="ZNC daemon" | |||
NAME=znc | |||
DAEMON=/usr/local/bin/$NAME | |||
DATADIR=/var/lib/znc | |||
DAEMON_ARGS="--datadir=$DATADIR" | |||
PIDDIR=/var/run/znc | |||
PIDFILE=$PIDDIR/$NAME.pid | |||
SCRIPTNAME=/etc/init.d/$NAME | |||
USER=znc | |||
GROUP=znc | |||
# Exit if the package is not installed | |||
[ -x "$DAEMON" ] || exit 0 | |||
# Read configuration variable file if it is present | |||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME | |||
# Load the VERBOSE setting and other rcS variables | |||
. /lib/init/vars.sh | |||
# Define LSB log_* functions. | |||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present | |||
# and status_of_proc is working. | |||
. /lib/lsb/init-functions | |||
# | |||
# Function that starts the daemon/service | |||
# | |||
do_start() | |||
{ | |||
# Return | |||
# 0 if daemon has been started | |||
# 1 if daemon was already running | |||
# 2 if daemon could not be started | |||
if [ ! -d $PIDDIR ] | |||
then | |||
mkdir $PIDDIR | |||
fi | |||
chown $USER:$GROUP $PIDDIR | |||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1 | |||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2 | |||
} | |||
# | |||
# Function that stops the daemon/service | |||
# | |||
do_stop() | |||
{ | |||
# Return | |||
# 0 if daemon has been stopped | |||
# 1 if daemon was already stopped | |||
# 2 if daemon could not be stopped | |||
# other if a failure occurred | |||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER | |||
RETVAL="$?" | |||
[ "$RETVAL" = 2 ] && return 2 | |||
# Wait for children to finish too if this is a daemon that forks | |||
# and if the daemon is only ever run from this initscript. | |||
# If the above conditions are not satisfied then add some other code | |||
# that waits for the process to drop all resources that could be | |||
# needed by services started subsequently. A last resort is to | |||
# sleep for some time. | |||
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER | |||
[ "$?" = 2 ] && return 2 | |||
# Many daemons don't delete their pidfiles when they exit. | |||
rm -f $PIDFILE | |||
return "$RETVAL" | |||
} | |||
# | |||
# Function that sends a SIGHUP to the daemon/service | |||
# | |||
do_reload() { | |||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER | |||
return 0 | |||
} | |||
case "$1" in | |||
start) | |||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" | |||
do_start | |||
case "$?" in | |||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |||
esac | |||
;; | |||
stop) | |||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" | |||
do_stop | |||
case "$?" in | |||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |||
esac | |||
;; | |||
status) | |||
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? | |||
;; | |||
reload) | |||
log_daemon_msg "Reloading $DESC" "$NAME" | |||
do_reload | |||
log_end_msg $? | |||
;; | |||
restart) | |||
log_daemon_msg "Restarting $DESC" "$NAME" | |||
do_stop | |||
case "$?" in | |||
0|1) | |||
do_start | |||
case "$?" in | |||
0) log_end_msg 0 ;; | |||
1) log_end_msg 1 ;; # Old process is still running | |||
*) log_end_msg 1 ;; # Failed to start | |||
esac | |||
;; | |||
*) | |||
# Failed to stop | |||
log_end_msg 1 | |||
;; | |||
esac | |||
;; | |||
*) | |||
echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2 | |||
exit 3 | |||
;; | |||
esac | |||
: |
@ -0,0 +1,2 @@ | |||
- name: restart znc | |||
service: name=znc state=restarted |
@ -0,0 +1 @@ | |||
- include: znc.yml tags=znc |
@ -0,0 +1,65 @@ | |||
# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon | |||
- name: Install znc dependencies | |||
apt: pkg={{ item }} state=installed | |||
with_items: | |||
- automake | |||
- build-essential | |||
- checkinstall | |||
- g++ | |||
- libperl-dev | |||
- libsasl2-dev | |||
- libssl-dev | |||
- libtool | |||
- openssl | |||
- pkg-config | |||
- python3-dev | |||
- swig | |||
- name: Download znc release | |||
get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz | |||
- name: Decompress znc source | |||
command: tar xzf /root/znc-{{ znc_version }}.tar.gz chdir=/root creates=/root/znc-{{ znc_version }}/configure | |||
- name: Build and install znc | |||
shell: ./configure --enable-python && make && make install executable=/bin/bash chdir=/root/znc-{{ znc_version }} creates=/usr/local/bin/znc | |||
notify: restart znc | |||
- name: Create znc group | |||
group: name=znc state=present | |||
- name: Create znc user | |||
user: name=znc state=present home=/var/lib/znc system=yes group=znc shell=/usr/sbin/nologin | |||
- name: Copy znc init file into place | |||
copy: src=etc_init.d_znc dest=/etc/init.d/znc mode=0755 | |||
- name: Create a combined version of the private key with public cert and intermediate + root CAs | |||
shell: cat /etc/ssl/private/wildcard_private.key /etc/ssl/certs/wildcard_combined.pem > | |||
/var/lib/znc/znc.pem creates=/var/lib/znc/znc.pem | |||
notify: restart znc | |||
- name: Ensure znc user and group can read cert | |||
file: path=/var/lib/znc/znc.pem group=znc owner=znc mode=640 | |||
notify: restart znc | |||
- name: Check for existing config file | |||
command: cat /var/lib/znc/configs/znc.conf | |||
register: znc_config | |||
ignore_errors: True | |||
changed_when: False # never report as "changed" | |||
- name: Create znc config directory | |||
file: state=directory path=/var/lib/znc/configs group=znc owner=znc | |||
- name: Copy znc configuration file into place | |||
template: src=var_lib_znc_configs_znc.conf.j2 dest=/var/lib/znc/configs/znc.conf owner=znc group=znc | |||
when: znc_config.rc != 0 | |||
notify: restart znc | |||
- name: Set firewall rule for znc | |||
ufw: rule=allow port=6697 proto=tcp | |||
- name: Ensure znc is a system service | |||
service: name=znc state=started enabled=true |
@ -0,0 +1,84 @@ | |||
// WARNING | |||
// | |||
// Do NOT edit this file while ZNC is running! | |||
// Use webadmin or *controlpanel instead. | |||
// | |||
// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash. | |||
// Also check http://en.znc.in/wiki/Configuration | |||
AnonIPLimit = 10 | |||
ConnectDelay = 5 | |||
LoadModule = webadmin | |||
LoadModule = fail2ban | |||
LoadModule = lastseen | |||
LoadModule = partyline | |||
MaxBufferSize = 500 | |||
Motd = Connected to ZNC | |||
PidFile = /var/run/znc/znc.pid | |||
ProtectWebSessions = true | |||
SSLCertFile = /var/lib/znc/znc.pem | |||
ServerThrottle = 30 | |||
Skin = _default_ | |||
StatusPrefix = * | |||
Version = 1.0 | |||
<Listener listener0> | |||
AllowIRC = true | |||
AllowWeb = false | |||
IPv4 = true | |||
IPv6 = true | |||
Port = 6697 | |||
SSL = true | |||
</Listener> | |||
<Listener listener1> | |||
AllowIRC = false | |||
AllowWeb = true | |||
IPv4 = true | |||
IPv6 = true | |||
Port = 6643 | |||
SSL = false | |||
</Listener> | |||
<User {{ irc_nick }}> | |||
Admin = true | |||
Allow = * | |||
AltNick = {{ irc_nick }}_ | |||
AppendTimestamp = false | |||
AutoClearChanBuffer = true | |||
Buffer = 5000 | |||
ChanModes = +stn | |||
DenyLoadMod = false | |||
DenySetBindHost = false | |||
Ident = {{ irc_ident }} | |||
JoinTries = 10 | |||
LoadModule = controlpanel | |||
LoadModule = perform | |||
LoadModule = block_motd | |||
LoadModule = clientnotify | |||
MaxNetworks = 1 | |||
MultiClients = true | |||
Nick = {{ irc_nick }} | |||
PrependTimestamp = true | |||
QuitMsg = {{ irc_quitmsg }} | |||
RealName = {{ irc_realname }} | |||
TimestampFormat = [%H:%M:%S] | |||
Timezone = {{ irc_timezone }} | |||
<Pass password> | |||
Method = sha256 | |||
Hash = {{ irc_password_hash }} | |||
Salt = {{ irc_password_salt }} | |||
</Pass> | |||
<Network freenode> | |||
BindHost = 0.0.0.0 | |||
FloodBurst = 4 | |||
FloodRate = 1.00 | |||
IRCConnectEnabled = true | |||
LoadModule = kickrejoin | |||
LoadModule = nickserv | |||
LoadModule = savebuff | |||
Server = chat.freenode.net +6697 | |||
</Network> | |||
</User> |
@ -0,0 +1,6 @@ | |||
- name: import wallabag sql | |||
shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1 | |||
notify: remove install folder | |||
- name: remove install folder | |||
file: path=/var/www/wallabag/install state=absent |
@ -0,0 +1 @@ | |||
- include: wallabag.yml tags=wallabag |
@ -0,0 +1,79 @@ | |||
- name: Determine whether wallabag is configured | |||
stat: path=/var/www/wallabag/inc/poche/config.inc.php | |||
register: wallabag_config | |||
- name: Clone wallabag | |||
git: repo=https://github.com/wallabag/wallabag.git | |||
dest=/var/www/wallabag | |||
version={{ wallabag_version }} | |||
accept_hostkey=yes | |||
- name: Remove wallabag 'install' directory if its configuration file is there | |||
file: name=/var/www/wallabag/install state=absent | |||
when: wallabag_config.stat.exists == True | |||
- name: Install wallabag dependencies | |||
apt: pkg={{ item }} state=present | |||
with_items: | |||
- php5 | |||
- php5-curl | |||
- php5-mcrypt | |||
- php5-pgsql | |||
- php5-tidy | |||
- name: Create database user for wallabag | |||
postgresql_user: login_host=localhost | |||
login_user={{ db_admin_username }} | |||
login_password="{{ db_admin_password }}" | |||
name={{ wallabag_db_username }} | |||
password="{{ wallabag_db_password }}" | |||
state=present | |||
- name: Create database for wallabag | |||
postgresql_db: login_host=localhost | |||
login_user={{ db_admin_username }} | |||
login_password="{{ db_admin_password }}" | |||
name={{ wallabag_db_database }} | |||
state=present | |||
owner={{ wallabag_db_username }} | |||
notify: import wallabag sql | |||
- name: Build Composer | |||
shell: curl -sS https://getcomposer.org/installer | php | |||
chdir=/root | |||
creates=/root/composer.phar | |||
- name: Initialize composer | |||
command: php /root/composer.phar install | |||
chdir=/var/www/wallabag | |||
creates=/var/www/wallabag/vendor/autoload.php | |||
- name: Set wallabag permissions | |||
file: owner=www-data | |||
group=www-data | |||
path=/var/www/wallabag | |||
recurse=yes | |||
state=directory | |||
- name: Create the configuration file | |||
template: src=var_www_wallabag_inc_poche_config.inc.php.j2 | |||
dest=/var/www/wallabag/inc/poche/config.inc.php | |||
owner=www-data | |||
group=www-data | |||
- name: Rename existing Apache wallabag virtualhost | |||
command: mv /etc/apache2/sites-available/wallabag /etc/apache2/sites-available/wallabag.conf removes=/etc/apache2/sites-available/wallabag | |||
- name: Remove old sites-enabled/wallabag symlink (new one will be created by a2ensite) | |||
command: rm /etc/apache2/sites-enabled/wallabag removes=/etc/apache2/sites-enabled/wallabag | |||
- name: Configure the Apache HTTP server for wallabag | |||
template: src=etc_apache2_sites-available_wallabag.j2 | |||
dest=/etc/apache2/sites-available/wallabag.conf | |||
owner=root | |||
group=root | |||
- name: Enable the wallabag site | |||
command: a2ensite wallabag.conf | |||
creates=/etc/apache2/sites-enabled/wallabag.conf | |||
notify: restart apache |
@ -0,0 +1,31 @@ | |||
<VirtualHost *:80> | |||
ServerName {{ wallabag_domain }} | |||
Redirect permanent / https://{{ wallabag_domain }}/ | |||
</VirtualHost> | |||
<VirtualHost *:443> | |||
ServerName {{ wallabag_domain }} | |||
SSLEngine on | |||
SSLProtocol ALL -SSLv2 -SSLv3 | |||
SSLHonorCipherOrder On | |||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS | |||
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt | |||
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key | |||
SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem | |||
Header add Strict-Transport-Security "max-age=15768000; includeSubdomains" | |||
DocumentRoot /var/www/wallabag | |||
Options -Indexes | |||
ErrorLog /var/log/apache2/wallabag.info-error_log | |||
CustomLog /var/log/apache2/wallabag.info-access_log common | |||
<Directory /var/www/wallabag> | |||
AllowOverride All | |||
Order allow,deny | |||
allow from all | |||
DirectoryIndex index.php | |||
</Directory> | |||
</VirtualHost> |
@ -0,0 +1,58 @@ | |||
<?php | |||
/** | |||
* wallabag, self hostable application allowing you to not miss any content anymore | |||
* | |||
* @category wallabag | |||
* @author Nicolas Lœuillet <nicolas@loeuillet.org> | |||
* @copyright 2013 | |||
* @license http://www.wtfpl.net/ see COPYING file | |||
*/ | |||
define ('SALT', '{{ wallabag_salt }}'); # put a strong string here | |||
define ('LANG', 'en_EN.utf8'); | |||
define ('STORAGE', 'postgres'); # postgres, mysql or sqlite | |||
define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located | |||
# only for postgres & mysql | |||
define ('STORAGE_SERVER', 'localhost'); | |||
define ('STORAGE_DB', '{{ wallabag_db_database }}'); | |||
define ('STORAGE_USER', '{{ wallabag_db_username }}'); | |||
define ('STORAGE_PASSWORD', '{{ wallabag_db_password }}'); | |||
################################################################################# | |||
# Do not trespass unless you know what you are doing | |||
################################################################################# | |||
// Change this if not using the standart port for SSL - i.e you server is behind sslh | |||
define ('SSL_PORT', 443); | |||
define ('MODE_DEMO', FALSE); | |||
define ('DEBUG_POCHE', FALSE); | |||
define ('DOWNLOAD_PICTURES', FALSE); | |||
define ('CONVERT_LINKS_FOOTNOTES', FALSE); | |||
define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); | |||
define ('SHARE_TWITTER', TRUE); | |||
define ('SHARE_MAIL', TRUE); | |||
define ('SHARE_SHAARLI', FALSE); | |||
define ('SHAARLI_URL', 'http://myshaarliurl.com'); | |||
define ('FLATTR', TRUE); | |||
define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url='); | |||
define ('NOT_FLATTRABLE', '0'); | |||
define ('FLATTRABLE', '1'); | |||
define ('FLATTRED', '2'); | |||
define ('ABS_PATH', 'assets/'); | |||
define ('DEFAULT_THEME', 'baggy'); | |||
define ('THEME', ROOT . '/themes'); | |||
define ('LOCALE', ROOT . '/locale'); | |||
define ('CACHE', ROOT . '/cache'); | |||
define ('PAGINATION', '10'); | |||
//limit for download of articles during import | |||
define ('IMPORT_LIMIT', 5); | |||
//delay between downloads (in sec) | |||
define ('IMPORT_DELAY', 5); |