roles: Add miniflux for stack0-cld0

5 files changed, 155 insertions, 0 deletions

diff --git a/playbooks/site.yml b/playbooks/site.yml
index 25c39c3..dd11097 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -45,6 +45,11 @@
     - role: cgit
       tags: role_cgit
 
+- hosts: stack0-cld0
+  roles:
+    - role: miniflux
+      tags: role_miniflux
+
 - hosts: servers
   roles:
     - role: httpd
diff --git a/roles/miniflux/defaults/main.yml b/roles/miniflux/defaults/main.yml
new file mode 100644
index 0000000..2fd6108
--- /dev/null
+++ b/roles/miniflux/defaults/main.yml
@@ -0,0 +1,7 @@
+miniflux_user: _miniflux
+miniflux_group: _miniflux
+miniflux_db_user: miniflux
+miniflux_db_name: miniflux
+
+miniflux_listenaddr: 0.0.0.0
+miniflux_port: 8010
diff --git a/roles/miniflux/meta/main.yml b/roles/miniflux/meta/main.yml
new file mode 100644
index 0000000..3ffef7b
--- /dev/null
+++ b/roles/miniflux/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+  - role: postgres
+    tags: dependency
diff --git a/roles/miniflux/tasks/main.yml b/roles/miniflux/tasks/main.yml
new file mode 100644
index 0000000..3964835
--- /dev/null
+++ b/roles/miniflux/tasks/main.yml
@@ -0,0 +1,47 @@
+- name: install miniflux
+  package:
+    name: miniflux
+    state: present
+
+- name: include postgres user
+  include_role:
+    name: postgres
+    tasks_from: create_user
+  vars:
+    postgres_db_user: "{{ miniflux_db_user }}"
+
+- name: include postgres db
+  include_role:
+    name: postgres
+    tasks_from: create_db
+  vars:
+    postgres_db_user: "{{ miniflux_db_user }}"
+    postgres_db_name: "{{ miniflux_db_name}}{{ item }}"
+  loop:
+    - ""
+    - 2
+
+- name: enable hstore extension for postgres
+  command: psql -U postgres miniflux -c "create extension hstore"
+  register: result
+  failed_when: result.rc != 0 and "already exists" not in result.stderr
+
+- name: generate configuration
+  template:
+    src: miniflux.conf.j2
+    dest: /etc/miniflux.conf
+    owner: "{{ miniflux_user }}"
+    owner: "{{ miniflux_group }}"
+    mode: 0640
+
+- name: run postgres migrations
+  shell: |
+    psql -U postgres -c "ALTER USER miniflux WITH SUPERUSER"
+    miniflux -c /etc/miniflux.conf -migrate
+    psql -U postgres -c "ALTER USER miniflux WITH NOSUPERUSER"
+
+- name: restart and enable miniflux
+  service:
+    name: miniflux
+    state: restarted
+    enabled: true
diff --git a/roles/miniflux/templates/miniflux.conf.j2 b/roles/miniflux/templates/miniflux.conf.j2
new file mode 100644
index 0000000..2decf40
--- /dev/null
+++ b/roles/miniflux/templates/miniflux.conf.j2
@@ -0,0 +1,93 @@
+
+# miniflux configuration file
+# wrote for migration version : 34
+# managed by Ansible
+
+DEBUG=0
+DATABASE_URL=user=miniflux password= dbname=miniflux sslmode=disable
+
+# WORKER_POOL_SIZE Number of background workers (default: 5)
+WORKER_POOL_SIZE=5
+
+# POLLING_FREQUENCY Refresh interval in minutes for feeds
+# (default: 60)
+POLLING_FREQUENCY=60
+
+# BATCH_SIZE Number of feeds to send to the queue for each interval
+# (default: 10)
+BATCH_SIZE=10
+
+# DATABASE_MAX_CONNS Maximum number of database connections
+# (default: 20)
+DATABASE_MAX_CONNS=20
+
+# DATABASE_MIN_CONNS Minimum number of database connections 
+# (default: 1)
+DATABASE_MIN_CONNS=1
+
+# CLEANUP_ARCHIVE_READ_DAYS Number of days after which marking read
+# items as removed (default: 60)
+CLEANUP_ARCHIVE_READ_DAYS=60
+
+# LISTEN_ADDR Address to listen on (use absolute path for Unix socket)
+# (default: 127.0.0.1:8080)
+LISTEN_ADDR={{ miniflux_listenaddr }}:{{ miniflux_port }}
+
+# PORT Override LISTEN_ADDR to 0.0.0.0:$PORT (PaaS) (default: None)
+
+# BASE_URL Base URL to generate HTML links and base path for cookies
+# default: http://localhost/)
+BASE_URL=https://miniflux.{{ __global_domain_name }}/
+
+# CLEANUP_FREQUENCY_HOURS Cleanup job frequency in hours, remove old
+# sessions and archive read entries (default: 24)
+CLEANUP_FREQUENCY_HOURS=24
+
+# HTTPS Forces cookies to use secure flag and send HSTS headers
+(default: None)
+
+# DISABLE_HSTS Disable HTTP Strict Transport Security header if HTTPS
+# is set (default: None)
+
+# DISABLE_HTTP_SERVICE Disable HTTP service (default: None)
+
+# DISABLE_SCHEDULER_SERVICE Disable scheduler service (default: None)
+
+# CERT_FILE Path to SSL certificate (default: None)
+
+# KEY_FILE Path to SSL private key (default: None)
+
+# CERT_DOMAIN Use Let's Encrypt to get automatically a certificate for
+# this domain (default: None)
+
+# CERT_CACHE Let's Encrypt cache directory (default: /tmp/cert_cache)
+
+# OAUTH2_PROVIDER OAuth2 provider to use, at this time only google is
+# supported (default: None)
+
+# OAUTH2_CLIENT_ID OAuth2 client ID (default: None)
+
+# OAUTH2_CLIENT_SECRET OAuth2 client secret (default: None)
+
+# OAUTH2_REDIRECT_URL OAuth2 redirect URL (default: None)
+
+# OAUTH2_USER_CREATION Set to 1 to authorize OAuth2 user creation
+# (default: None)
+
+# RUN_MIGRATIONS Set to 1 to run database migrations (default: None)
+
+# CREATE_ADMIN Set to 1 to create an admin user from environment
+# variables (default: None)
+
+# ADMIN_USERNAME Admin user login, used only if CREATE_ADMIN is
+# enabled (default: None)
+
+# ADMIN_PASSWORD Admin user password, used only if CREATE_ADMIN is
+# enabled (default: None)
+
+# POCKET_CONSUMER_KEY Pocket consumer API key for all users
+# (default: None)
+
+# PROXY_IMAGES Avoids mixed content warnings for external images:
+# http-only, all, or none (default: http-only)
+