Initialize repository for Snort role.

LICENSE

@@ -0,0 +1,17 @@
+MIT No Attribution License
+
+Copyright (c) 2023 Brian Lee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the “Software”), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

README.md

@@ -0,0 +1,46 @@
+# Ansible Role: snort
+
+This Ansible Role builds and installs the [snort](https://github.com/v0l/snort) Typescript frontend assets. It is intended to be composed with a separate role for the web proxy configuration.
+
+Tested on:
+
+* Archlinux
+* Ubuntu 22.04
+
+## Requirements
+
+* [ansible-role-nodejs](https://github.com/bleetube/ansible-role-nodejs) 
+
+`requirements.yml`:
+
+```yaml
+roles:
+  - src: https://github.com/bleetube/ansible-role-nodejs
+    name: bleetube.nodejs
+```
+
+It will set up node, npm, yarn, and n using the nodesource Debian repositories.
+
+## Dependencies
+
+* [nginx_conf](docs/examples/nginx_conf.yml) (optional)
+
+## Role Variables
+
+See the role [defaults](defaults/main.yml). For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
+
+## Example Playbook
+
+This role should not be run as root.
+
+```yaml
+- hosts: snort
+  roles:
+    - role: nginxinc.nginx_core.nginx
+      become: true
+    - role: bleetube.snort
+      tags: snort
+  tasks:
+    - import_tasks: nginx_conf.yml
+      become: true
+```

defaults/main.yml

@@ -0,0 +1,7 @@
+---
+node_version: 16
+snort_root_path: /var/www/snort
+snort_repository_url: https://github.com/v0l/snort.git
+snort_version: main # follow main branch
+snort_devmode: no
+snort_repository_path: "{{ ansible_env.HOME }}/src/snort"

docs/examples/nginx.conf

@@ -0,0 +1 @@
+--- # WIP

tasks/install.yml

@@ -0,0 +1,23 @@
+---
+- name: Ensure requirements using yarn
+  ansible.builtin.command:
+    cmd: yarn
+    chdir: "{{ snort_repository_path }}"
+  when: snort_devmode or git_repository.changed
+
+- name: Build the frontend assets using yarn build
+  ansible.builtin.command:
+    cmd: yarn build
+    chdir: "{{ snort_repository_path }}"
+  when: snort_devmode or git_repository.changed
+
+- name: Copy frontend assets for the web proxy to serve directly
+  ansible.builtin.copy:
+    src: "{{ snort_repository_path }}/{{ item }}"
+    dest: "{{ snort_root_path }}"
+    remote_src: yes
+  become: yes
+  loop:
+    - packages/app/build/
+    - packages/app/public/
+    

tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Assert that we are not logged in as root
+  assert:
+    that:
+      - ansible_user_id != 'root'
+    fail_msg: "This role builds Javascript assets and should not be run as root. It will escalate privileges as needed."
+
+- import_tasks: setup.yml
+- import_tasks: install.yml

tasks/setup.yml

@@ -0,0 +1,23 @@
+---
+- name: Ensure root path
+  ansible.builtin.file:
+    path:  "{{ snort_root_path }}"
+    state: directory
+    mode: '0755'
+  become: yes
+
+- name: Clone git repository
+  ansible.builtin.git:
+    repo: "{{ snort_repository_url }}"
+    dest: "{{ snort_repository_path }}"
+    version: "{{ snort_version }}"
+    force: true
+  register: git_repository
+  when: not snort_devmode
+
+- name: "Ensure node is version {{ node_version }}"
+  ansible.builtin.command:
+    cmd: "n {{ node_version }}"
+    chdir: "{{ snort_repository_path }}"
+  when: snort_devmode or git_repository.changed
+  become: yes

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  remote_user: root
+  connection: local
+  roles:
+    - peertube