remove systemd and use native docker-compose #1
@ -1,12 +1,52 @@
|
|||||||
---
|
---
|
||||||
freshrss_version: latest
|
freshrss_version: latest
|
||||||
freshrss_service_directory: /var/lib/docker/services/freshrss
|
|
||||||
|
|
||||||
freshrss_container_name: freshrss
|
|
||||||
freshrss_image: "xoxys/freshrss:{{ freshrss_version }}"
|
freshrss_image: "xoxys/freshrss:{{ freshrss_version }}"
|
||||||
freshrss_restart_policy: on-failure
|
# @var freshrss_base_url:description: >
|
||||||
freshrss_exposed_port: 80
|
# Specify address of the freshrss instance, used when building absolute urls, e.g. for websub.
|
||||||
freshrss_exposed_ip: 127.0.0.1
|
# @end
|
||||||
|
freshrss_base_url: "http://localhost/"
|
||||||
|
|
||||||
|
freshrss_service_directory: /var/lib/docker/services/freshrss
|
||||||
|
freshrss_container_name: freshrss
|
||||||
|
freshrss_restart_policy: always
|
||||||
|
freshrss_service_stopped: False
|
||||||
|
|
||||||
|
# @var freshrss_networks:example: >
|
||||||
|
# freshrss_networks:
|
||||||
|
# - name: default
|
||||||
|
# # optional network driver, defaults to 'bride'
|
||||||
|
# driver: host
|
||||||
|
# @end
|
||||||
|
freshrss_networks:
|
||||||
|
- name: default
|
||||||
|
|
||||||
|
freshrss_networks_applied:
|
||||||
|
- default
|
||||||
|
|
||||||
|
# @var freshrss_volumes:description: > Define required docker volumes.
|
||||||
|
# @end
|
||||||
|
# @var freshrss_volumes:example: >
|
||||||
|
# freshrss_volumes:
|
||||||
|
# # Instead of the name you could specify a path on the container host system,
|
||||||
|
# # but you also have to enable bind mount for this volume
|
||||||
|
# - name: data
|
||||||
|
# # target location inside the container
|
||||||
|
# dest: /var/www/app/data
|
||||||
|
# # enable bind mount, if false volume will be configured as named volume
|
||||||
|
# # keep in mind you MUST set bind in any case
|
||||||
|
# bind: True
|
||||||
|
# @end
|
||||||
|
freshrss_volumes:
|
||||||
|
- name: data
|
||||||
|
dest: /var/www/app/data
|
||||||
|
bind: False
|
||||||
|
- name: extensions
|
||||||
|
dest: /var/www/app/extensions
|
||||||
|
bind: False
|
||||||
|
|
||||||
|
freshrss_exposed_ports:
|
||||||
|
- "127.0.0.1:8080:8080"
|
||||||
|
|
||||||
freshrss_extra_hosts: []
|
freshrss_extra_hosts: []
|
||||||
|
|
||||||
# @var freshrss_memory_limit: $ "_unset_"
|
# @var freshrss_memory_limit: $ "_unset_"
|
||||||
@ -36,23 +76,18 @@ freshrss_default_password: "freshrss"
|
|||||||
# @end
|
# @end
|
||||||
# @var freshrss_salt: $ "_unset_"
|
# @var freshrss_salt: $ "_unset_"
|
||||||
|
|
||||||
# @var freshrss_base_url:description: >
|
|
||||||
# Specify address of the freshrss instance, used when building
|
|
||||||
# absolute urls, e.g. for websub.
|
|
||||||
# @end
|
|
||||||
freshrss_base_url: "http://localhost/"
|
|
||||||
freshrss_language: "en"
|
freshrss_language: "en"
|
||||||
freshrss_title: "FreshRSS"
|
freshrss_title: "FreshRSS"
|
||||||
# @var freshrss_meta_description: $ "_unset_"
|
# @var freshrss_meta_description: $ "_unset_"
|
||||||
freshrss_allow_anonymous: "false"
|
freshrss_allow_anonymous: False
|
||||||
freshrss_allow_anonymous_refresh: "false"
|
freshrss_allow_anonymous_refresh: False
|
||||||
freshrss_auth_type: "form"
|
freshrss_auth_type: "form"
|
||||||
freshrss_api_enabled: "false"
|
freshrss_api_enabled: False
|
||||||
freshrss_unsafe_autologin_enabled: "false"
|
freshrss_unsafe_autologin_enabled: False
|
||||||
freshrss_simplepie_syslog_enabled: "true"
|
freshrss_simplepie_syslog_enabled: True
|
||||||
freshrss_pubsubhubbub_enabled: "false"
|
freshrss_pubsubhubbub_enabled: False
|
||||||
freshrss_allow_robots: "false"
|
freshrss_allow_robots: False
|
||||||
freshrss_allow_referrer: "false"
|
freshrss_allow_referrer: False
|
||||||
freshrss_limits_cookie_duration: "2592000"
|
freshrss_limits_cookie_duration: "2592000"
|
||||||
freshrss_limits_cache_duration: "800"
|
freshrss_limits_cache_duration: "800"
|
||||||
freshrss_limits_timeout: "15"
|
freshrss_limits_timeout: "15"
|
||||||
@ -74,16 +109,14 @@ freshrss_limits_max_registrations: "1"
|
|||||||
freshrss_extensions_enabled:
|
freshrss_extensions_enabled:
|
||||||
- "Tumblr-GDPR"
|
- "Tumblr-GDPR"
|
||||||
|
|
||||||
freshrss_db_type: pgsql
|
freshrss_db_type: sqlite
|
||||||
freshrss_db_server: localhost
|
freshrss_db_server: localhost
|
||||||
freshrss_db_port: 5432
|
freshrss_db_port: 5432
|
||||||
freshrss_db_name: freshrss
|
freshrss_db_name: freshrss
|
||||||
freshrss_db_user: pgfreshrss
|
freshrss_db_user: freshrss
|
||||||
freshrss_db_password: secure
|
freshrss_db_password: secure
|
||||||
|
|
||||||
# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type.
|
# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type.
|
||||||
freshrss_db_ssl_mode: disable
|
freshrss_db_ssl_mode: disable
|
||||||
# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type.
|
# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type.
|
||||||
freshrss_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
|
freshrss_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
freshrss_docker_compose_bin: /usr/local/bin/docker-compose
|
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Restart container
|
|
||||||
systemd:
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: yes
|
|
||||||
name: freshrss
|
|
||||||
listen: __freshrss_restart
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
@ -1,33 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: Converge (Stage 1)
|
- name: Converge
|
||||||
hosts: all
|
|
||||||
roles:
|
|
||||||
- role: xoxys.python3
|
|
||||||
- role: xoxys.docker_engine
|
|
||||||
|
|
||||||
- name: Converge (Stage 2)
|
|
||||||
hosts: all
|
hosts: all
|
||||||
vars:
|
vars:
|
||||||
postgres_repository_enabled: True
|
dockerengine_packages_extra:
|
||||||
postgres_connection_addresses:
|
- epel-release
|
||||||
- "{{ ansible_docker0.ipv4.address }}"
|
- python-pip
|
||||||
postgres_users:
|
|
||||||
- name: "pgfreshrss"
|
|
||||||
password: "secure"
|
|
||||||
priv: ALL
|
|
||||||
db: "freshrss"
|
|
||||||
postgres_dbs:
|
|
||||||
- name: "freshrss"
|
|
||||||
postgres_hba_entries_extra:
|
|
||||||
- contype: host
|
|
||||||
databases:
|
|
||||||
- all
|
|
||||||
users:
|
|
||||||
- all
|
|
||||||
address: "172.18.0.0/16"
|
|
||||||
auth_method: md5
|
|
||||||
freshrss_db_server: "{{ ansible_docker0.ipv4.address }}"
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: xoxys.postgres
|
- role: xoxys.docker_engine
|
||||||
- role: xoxys.freshrss_docker
|
- role: xoxys.freshrss_docker
|
||||||
|
@ -1,15 +1,5 @@
|
|||||||
---
|
---
|
||||||
- src: https://gitea.rknet.org/ansible/xoxys.python3.git
|
|
||||||
name: xoxys.python3
|
|
||||||
scm: git
|
|
||||||
version: master
|
|
||||||
|
|
||||||
- src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git
|
- src: https://gitea.rknet.org/ansible/xoxys.docker_engine.git
|
||||||
name: xoxys.docker_engine
|
name: xoxys.docker_engine
|
||||||
scm: git
|
scm: git
|
||||||
version: master
|
version: refactoring
|
||||||
|
|
||||||
- src: https://gitea.rknet.org/ansible/xoxys.postgres.git
|
|
||||||
name: xoxys.postgres
|
|
||||||
scm: git
|
|
||||||
version: master
|
|
||||||
|
@ -17,12 +17,12 @@ def test_freshrss_running(host):
|
|||||||
|
|
||||||
def test_freshrss_socket(host):
|
def test_freshrss_socket(host):
|
||||||
# Verify the socket is listening for HTTP traffic
|
# Verify the socket is listening for HTTP traffic
|
||||||
assert host.socket("tcp://127.0.0.1:80").is_listening
|
assert host.socket("tcp://127.0.0.1:8080").is_listening
|
||||||
|
|
||||||
|
|
||||||
def test_freshrss_conn_error(host):
|
def test_freshrss_conn_error(host):
|
||||||
code = int(host.run("curl -s -w '%{http_code}' http://localhost/ -o /dev/null").stdout)
|
code = int(host.run("curl -s -w '%{http_code}' http://127.0.0.1:8080/ -o /dev/null").stdout)
|
||||||
body = host.run("curl -sX GET http://localhost/").stdout
|
body = host.run("curl -sX GET http://127.0.0.1:8080/").stdout
|
||||||
|
|
||||||
assert code == 200
|
assert code == 200
|
||||||
assert "FreshRSS" in body
|
assert "FreshRSS" in body
|
||||||
|
@ -1,4 +1,2 @@
|
|||||||
---
|
---
|
||||||
- include_tasks: prepare.yml
|
|
||||||
- include_tasks: setup.yml
|
- include_tasks: setup.yml
|
||||||
- include_tasks: post.yml
|
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Ensure freshrss service is up and running
|
|
||||||
systemd:
|
|
||||||
state: started
|
|
||||||
daemon_reload: yes
|
|
||||||
enabled: yes
|
|
||||||
name: freshrss
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure service directory exists
|
|
||||||
file:
|
|
||||||
path: "{{ freshrss_service_directory }}"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
@ -1,20 +1,28 @@
|
|||||||
---
|
---
|
||||||
- block:
|
- block:
|
||||||
|
- name: Ensure service directory exists
|
||||||
|
file:
|
||||||
|
path: "{{ freshrss_service_directory }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Deploy compose file to '{{ freshrss_service_directory }}'
|
- name: Deploy compose file to '{{ freshrss_service_directory }}'
|
||||||
template:
|
template:
|
||||||
src: "services/freshrss-compose.yml.j2"
|
src: "services/freshrss-compose.yml.j2"
|
||||||
dest: "{{ freshrss_service_directory }}/docker-compose.yml"
|
dest: "{{ freshrss_service_directory }}/docker-compose.yml"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0640
|
||||||
validate: "{{ freshrss_docker_compose_bin }} -f %s config -q"
|
validate: "docker-compose -f %s config -q"
|
||||||
notify: __freshrss_restart
|
|
||||||
|
|
||||||
- name: Create systemd unit files
|
- name: Ensure service is up and running
|
||||||
template:
|
docker_compose:
|
||||||
src: "etc/systemd/system/freshrss.service.j2"
|
project_src: "{{ freshrss_service_directory }}"
|
||||||
dest: "/etc/systemd/system/freshrss.service"
|
pull: yes
|
||||||
mode: 0644
|
remove_orphans: yes
|
||||||
notify: __freshrss_restart
|
stopped: "{{ freshrss_service_stopped }}"
|
||||||
|
state: present
|
||||||
|
# temp. disable changes; breaks idempotency for whatever reason
|
||||||
|
changed_when: False
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
#jinja2:lstrip_blocks: True
|
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
[Unit]
|
|
||||||
Description=FreshRSS feed aggregator
|
|
||||||
Requires=docker.service network-online.target
|
|
||||||
After=docker.service network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
WorkingDirectory={{ freshrss_service_directory }}
|
|
||||||
Type=simple
|
|
||||||
TimeoutStartSec=15min
|
|
||||||
Restart={{ freshrss_restart_policy }}
|
|
||||||
|
|
||||||
ExecStartPre={{ freshrss_docker_compose_bin }} pull --quiet --ignore-pull-failures
|
|
||||||
ExecStart={{ freshrss_docker_compose_bin }} up --remove-orphans
|
|
||||||
|
|
||||||
ExecStop={{ freshrss_docker_compose_bin }} down --remove-orphans
|
|
||||||
|
|
||||||
ExecReload={{ freshrss_docker_compose_bin }} pull --quiet --ignore-pull-failures
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,21 +1,34 @@
|
|||||||
#jinja2:lstrip_blocks: True
|
#jinja2:lstrip_blocks: True
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
version: '2.1'
|
version: '2.4'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
freshrss:
|
freshrss:
|
||||||
container_name: {{ freshrss_container_name }}
|
container_name: {{ freshrss_container_name }}
|
||||||
image: {{ freshrss_image }}
|
image: {{ freshrss_image }}
|
||||||
restart: unless-stopped
|
restart: {{ freshrss_restart_policy }}
|
||||||
|
{% if freshrss_exposed_ports | default([]) %}
|
||||||
ports:
|
ports:
|
||||||
- {{ freshrss_exposed_ip + ':' if freshrss_exposed_ip is defined else '' }}{{ freshrss_exposed_port }}:8080
|
{% for port in freshrss_exposed_ports %}
|
||||||
|
- {{ port | quote }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if freshrss_volumes | default([]) %}
|
||||||
volumes:
|
volumes:
|
||||||
- extensions:/var/www/app/extensions
|
{% for volume in freshrss_volumes %}
|
||||||
- data:/var/www/app/data
|
- "{{ volume.name }}:{{ volume.dest }}"
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if freshrss_networks_applied | default([]) %}
|
||||||
|
networks:
|
||||||
|
{% for network in freshrss_networks_applied %}
|
||||||
|
- {{ network }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if freshrss_extra_hosts | default([]) %}
|
{% if freshrss_extra_hosts | default([]) %}
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
{% for host in freshrss_extra_hosts %}
|
{% for host in freshrss_extra_hosts %}
|
||||||
- {{ '"' + host + '"' }}
|
- {{ host | quote }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
environment:
|
environment:
|
||||||
@ -31,15 +44,15 @@ services:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
- FRESHRSS_DEFAULT_USER={{ freshrss_default_user }}
|
- FRESHRSS_DEFAULT_USER={{ freshrss_default_user }}
|
||||||
- FRESHRSS_DEFAULT_PASSWORD={{ freshrss_default_password }}
|
- FRESHRSS_DEFAULT_PASSWORD={{ freshrss_default_password }}
|
||||||
- FRESHRSS_ALLOW_ANONYMOUS={{ freshrss_allow_anonymous }}
|
- FRESHRSS_ALLOW_ANONYMOUS={{ freshrss_allow_anonymous | bool | lower }}
|
||||||
- FRESHRSS_ALLOW_ANONYMOUS_REFRESH={{ freshrss_allow_anonymous_refresh }}
|
- FRESHRSS_ALLOW_ANONYMOUS_REFRESH={{ freshrss_allow_anonymous_refresh | bool | lower }}
|
||||||
- FRESHRSS_AUTH_TYPE={{ freshrss_auth_type }}
|
- FRESHRSS_AUTH_TYPE={{ freshrss_auth_type }}
|
||||||
- FRESHRSS_API_ENABLED={{ freshrss_api_enabled }}
|
- FRESHRSS_API_ENABLED={{ freshrss_api_enabled | bool | lower }}
|
||||||
- FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED={{ freshrss_unsafe_autologin_enabled }}
|
- FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED={{ freshrss_unsafe_autologin_enabled | bool | lower }}
|
||||||
- FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED={{ freshrss_simplepie_syslog_enabled }}
|
- FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED={{ freshrss_simplepie_syslog_enabled | bool | lower }}
|
||||||
- FRESHRSS_PUBSUBHUBBUB_ENABLED={{ freshrss_pubsubhubbub_enabled }}
|
- FRESHRSS_PUBSUBHUBBUB_ENABLED={{ freshrss_pubsubhubbub_enabled | bool | lower }}
|
||||||
- FRESHRSS_ALLOW_ROBOTS={{ freshrss_allow_robots }}
|
- FRESHRSS_ALLOW_ROBOTS={{ freshrss_allow_robots | bool | lower }}
|
||||||
- FRESHRSS_ALLOW_REFERRER={{ freshrss_allow_referrer }}
|
- FRESHRSS_ALLOW_REFERRER={{ freshrss_allow_referrer | bool | lower }}
|
||||||
- FRESHRSS_LIMITS_COOKIE_DURATION={{ freshrss_limits_cookie_duration }}
|
- FRESHRSS_LIMITS_COOKIE_DURATION={{ freshrss_limits_cookie_duration }}
|
||||||
- FRESHRSS_LIMITS_CACHE_DURATION={{ freshrss_limits_cache_duration }}
|
- FRESHRSS_LIMITS_CACHE_DURATION={{ freshrss_limits_cache_duration }}
|
||||||
- FRESHRSS_LIMITS_TIMEOUT={{ freshrss_limits_timeout }}
|
- FRESHRSS_LIMITS_TIMEOUT={{ freshrss_limits_timeout }}
|
||||||
@ -68,18 +81,20 @@ services:
|
|||||||
{% if freshrss_curlopt_proxyuserpwd is defined and freshrss_curlopt_proxyuserpwd %}
|
{% if freshrss_curlopt_proxyuserpwd is defined and freshrss_curlopt_proxyuserpwd %}
|
||||||
- FRESHRSS_CURLOPT_PROXYUSERPWD={{ freshrss_curlopt_proxyuserpwd }}
|
- FRESHRSS_CURLOPT_PROXYUSERPWD={{ freshrss_curlopt_proxyuserpwd }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- FRESHRSS_DB_TYPE=pgsql
|
- FRESHRSS_DB_TYPE={{ freshrss_db_type }}
|
||||||
|
{% if freshrss_db_type != "sqlite" %}
|
||||||
{% if freshrss_db_type == "pgsql" %}
|
{% if freshrss_db_type == "pgsql" %}
|
||||||
- FRESHRSS_DB_HOST={{ freshrss_db_server }};sslmode={{ freshrss_db_ssl_mode }}
|
- FRESHRSS_DB_HOST={{ freshrss_db_server }};sslmode={{ freshrss_db_ssl_mode }}
|
||||||
|
- FRESHRSS_POSTGRES_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }}
|
||||||
{% else %}
|
{% else %}
|
||||||
- FRESHRSS_DB_HOST={{ freshrss_db_server }}
|
- FRESHRSS_DB_HOST={{ freshrss_db_server }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- FRESHRSS_POSTGRES_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }}
|
|
||||||
- FRESHRSS_DB_PORT={{ freshrss_db_port }}
|
- FRESHRSS_DB_PORT={{ freshrss_db_port }}
|
||||||
- FRESHRSS_DB_USER={{ freshrss_db_user }}
|
- FRESHRSS_DB_USER={{ freshrss_db_user }}
|
||||||
- FRESHRSS_DB_PASSWORD={{ freshrss_db_password }}
|
- FRESHRSS_DB_PASSWORD={{ freshrss_db_password }}
|
||||||
- FRESHRSS_DB_BASE={{ freshrss_db_name }}
|
- FRESHRSS_DB_BASE={{ freshrss_db_name }}
|
||||||
- FRESHRSS_DB_PREFIX=freshrss_
|
- FRESHRSS_DB_PREFIX=freshrss_
|
||||||
|
{% endif %}
|
||||||
- FRESHRSS_EXTENSIONS_ENABLED={{ freshrss_extensions_enabled | join(',') }}
|
- FRESHRSS_EXTENSIONS_ENABLED={{ freshrss_extensions_enabled | join(',') }}
|
||||||
{% if freshrss_memory_limit is defined %}
|
{% if freshrss_memory_limit is defined %}
|
||||||
mem_limit: {{ freshrss_memory_limit }}
|
mem_limit: {{ freshrss_memory_limit }}
|
||||||
@ -115,9 +130,18 @@ services:
|
|||||||
{% if freshrss_pids_limit is defined %}
|
{% if freshrss_pids_limit is defined %}
|
||||||
pids_limit: {{ freshrss_pids_limit }}
|
pids_limit: {{ freshrss_pids_limit }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if freshrss_volumes | default([]) | rejectattr("bind") | list | length > 0 %}
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
extensions:
|
{% for volume in freshrss_volumes | rejectattr("bind") %}
|
||||||
driver: local
|
{{ volume.name }}:
|
||||||
data:
|
{% endfor %}
|
||||||
driver: local
|
{% endif %}
|
||||||
|
{% if freshrss_networks | default([]) | length > 0 %}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
{% for network in freshrss_networks %}
|
||||||
|
{{ network.name }}:
|
||||||
|
driver: {{ network.backend | default("bridge") }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user