From 0cb0bdf997c3d1166607419721bb2df408b28c7e Mon Sep 17 00:00:00 2001
From: Brian Lee <git@blee.tube>
Date: Tue, 18 Jul 2023 16:11:18 -0700
Subject: [PATCH] Initialize repo for Wiki.js role.

---
 .gitignore                       |  0
 README.md                        | 53 ++++++++++++++++++++++++++++++++
 defaults/main.yml                | 29 +++++++++++++++++
 docs/PODMAN.md                   | 18 +++++++++++
 docs/POSTGRES.md                 | 38 +++++++++++++++++++++++
 docs/examples/postgres-backup.sh | 14 +++++++++
 tasks/main.yml                   | 23 ++++++++++++++
 tasks/podman.yml                 | 32 +++++++++++++++++++
 tasks/systemd.yml                | 24 +++++++++++++++
 tests/inventory                  |  2 ++
 tests/test.yml                   |  6 ++++
 11 files changed, 239 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 defaults/main.yml
 create mode 100644 docs/PODMAN.md
 create mode 100644 docs/POSTGRES.md
 create mode 100755 docs/examples/postgres-backup.sh
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/podman.yml
 create mode 100644 tasks/systemd.yml
 create mode 100644 tests/inventory
 create mode 100644 tests/test.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..df42b2a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,53 @@
+# Ansible Role: wikijs
+
+This Ansible Role installs a rootless [wikijs](https://docs.requarks.io/guide/intro) container using Podman. It is intended to be composed with separate roles for Podman, database, and web proxy.
+
+## Requirements
+
+* [podman](docs/PODMAN.md)
+* [containers.podman](https://github.com/containers/ansible-podman-collections)
+
+## Dependencies
+
+* [postgresql](docs/POSTGRES.md) (optional)
+* [nginx_conf](docs/examples/nginx_conf.yml) (optional)
+
+## Role Variables
+
+See the role [defaults](defaults/main.yml) and the wikijs [environment variable](https://docs.requarks.io/install/docker) documentation. For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
+
+## Example Playbook
+
+```yaml
+- hosts: wikijs
+  roles:
+    - role: nginxinc.nginx_core.nginx
+      become: true
+    - role: anxs.postgresql
+      become: true
+    - role: alvistack.podman
+      become: true
+    - role: bleetube.wikijs
+      tags: wikijs
+  tasks:
+    - import_tasks: nginx_conf.yml
+      become: true
+```
+
+## Systemd
+
+```
+systemctl --user status container-wikijs.service
+```
+
+## Upgrades
+
+Configure `wikijs_version`.
+
+```bash
+ansible-playbook playbooks/wikijs.yml --tags wikijs
+```
+
+## Backups
+
+See the [postgres example](docs/examples/postgres-backup.sh).
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..1f7801e
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,29 @@
+---
+wikijs_ports:
+  - "{{ wikijs_http_port|default(3000) }}:3000"
+# - "{{ wikijs_https_port|default(3443) }}:3443"
+
+wikijs_data_dir: /var/lib/wikijs
+wikijs_volumes:
+ - "{{ wikijs_data_dir }}:/wiki/data/content"
+#- ./wikijs/content:/wiki/data/content
+#- /var/run/postgresql:/var/run/postgresql
+
+# Vars for wikijs container
+wikijs_image: ghcr.io/requarks/wiki
+wikijs_name: wikijs
+wikijs_version: 2
+
+# https://docs.requarks.io/install/docker
+wikijs_config:
+  DB_TYPE: sqlite
+  DB_FILEPATH: /wiki/data/database.sqlite
+# DB_TYPE: postgres
+# DB_HOST: host.containers.internal
+# DB_PORT: 5432
+# DB_NAME: wikijs
+# DB_USER: wikijs
+# DB_PASS: ''
+# DB_SSL: false
+# DB_SSL_CA:
+# DB_PASS_FILE:
\ No newline at end of file
diff --git a/docs/PODMAN.md b/docs/PODMAN.md
new file mode 100644
index 0000000..f644338
--- /dev/null
+++ b/docs/PODMAN.md
@@ -0,0 +1,18 @@
+# Podman
+
+Example using [alvistack/ansible-role-podman](https://github.com/alvistack/ansible-role-podman):
+
+
+```yaml
+- hosts: podman
+  become: true
+
+  roles:
+    - alvistack.podman
+
+  tasks:
+    - name: "Ensure loginctl enable-linger is set for {{ sysadmin_username }}"
+      command:
+        cmd: "loginctl enable-linger {{ sysadmin_username }}"
+        creates: "/var/lib/systemd/linger/{{ sysadmin_username }}"
+```
\ No newline at end of file
diff --git a/docs/POSTGRES.md b/docs/POSTGRES.md
new file mode 100644
index 0000000..1434e7b
--- /dev/null
+++ b/docs/POSTGRES.md
@@ -0,0 +1,38 @@
+# PostgreSQL
+
+This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_wikijs_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [anxs.postgresql](https://github.com/ANXS/postgresql)
+
+## Example Playbook
+
+```yaml
+  roles:
+    - anxs.postgresql
+```
+
+## Example Variables
+
+```yaml
+postgresql_users:
+  - name: wikijs
+    pass: "{{ lookup('ansible.builtin.env', 'WIKIJS_POSTGRES_PASSWORD') }}"
+    encrypted: yes
+    state: present
+
+postgresql_databases:
+  - name: wikijs
+    owner: wikijs
+    state: present
+```
+
+In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to  separate secret stores from the repository.
+
+## PG 15
+
+I'm temporarily using this branch to get PG15:
+
+```yaml
+# - src: https://github.com/ANXS/postgresql
+  - src: https://github.com/VladDm93/postgresql
+    version: postgres-14-15-support
+    name: anxs.postgresql
+```
\ No newline at end of file
diff --git a/docs/examples/postgres-backup.sh b/docs/examples/postgres-backup.sh
new file mode 100755
index 0000000..58e0b17
--- /dev/null
+++ b/docs/examples/postgres-backup.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+TARGET=example
+TIMESTAMP=$(date +%m-%d-%Y)
+
+# wikijs files
+rsync --delete-after -ta ${TARGET}:/var/compose/wikijs $HOME/archive/${TARGET}/
+
+# wikijs postgresql
+BACKUP_DIR=$HOME/archive/${TARGET}/postgresql
+DUMP_FILE=/var/lib/postgresql/wikijs_${TIMESTAMP}.dump.bz2
+ssh root@${TARGET} "doas -u postgres /usr/bin/pg_dump -Fc wikijs | /usr/bin/bzip2 > ${DUMP_FILE}"
+mkdir -p $HOME/archive/${TARGET}/postgresql/
+rsync -tav ${TARGET}:${DUMP_FILE} $HOME/archive/${TARGET}/postgresql/
+ssh root@${TARGET} rm -v ${DUMP_FILE}
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..8b42121
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Assert that we are not logged in as root
+  assert:
+    that:
+      - ansible_user_id != 'root'
+    fail_msg: "Podman containers are rootless, so please do not run this role as root."
+
+- debug:
+    var: wikijs_data_dir
+- name: Assert that a data is configured.
+  assert:
+    that:
+      - wikijs_data_dir != ''
+    fail_msg: "Please set wikijs_data_dir to a valid directory."
+
+- name: Ensure wikijs data dir exists.
+  file:
+    path: "{{ wikijs_data_dir }}"
+    state: directory
+    mode: '0755'
+
+- import_tasks: podman.yml
+- import_tasks: systemd.yml
\ No newline at end of file
diff --git a/tasks/podman.yml b/tasks/podman.yml
new file mode 100644
index 0000000..d4a131f
--- /dev/null
+++ b/tasks/podman.yml
@@ -0,0 +1,32 @@
+---
+#- name: Wiki.js | Build image
+#  register: podman_image_output
+#  containers.podman.podman_image:
+#    name: requarks/wiki
+#    path: ~/src/wiki
+#    tag: "wikijs-{{ wikijs_version }}"
+#    validate_certs: true
+#    pull: false
+#    state: build
+#    build:
+#      file: ~/src/wiki/dev/containers/Dockerfile
+
+#- ansible.builtin.debug:
+#    var: podman_image_output
+
+# https://github.com/requarks/wiki/blob/main/dev/build/Dockerfile
+- name: Wiki.js | Create container
+  containers.podman.podman_container:
+    debug: no 
+    image: "{{ wikijs_image }}:{{ wikijs_version }}"
+    image_strict: yes
+    recreate: yes
+    state: present
+    name: "{{ wikijs_name }}"
+    env: "{{ wikijs_config }}"
+    volume: "{{ wikijs_volumes }}"
+    ports: "{{ wikijs_ports }}"
+  register: podman_output
+
+- ansible.builtin.debug:
+    var: podman_output
\ No newline at end of file
diff --git a/tasks/systemd.yml b/tasks/systemd.yml
new file mode 100644
index 0000000..e3607d5
--- /dev/null
+++ b/tasks/systemd.yml
@@ -0,0 +1,24 @@
+---
+- name: Wiki.js | Generate systemd unit file for the container(s)
+  containers.podman.podman_generate_systemd:
+    name: wikijs
+    dest: ~/.config/systemd/user/
+    restart_policy: on-failure
+    restart_sec: 60
+
+- name: Wiki.js | Ensure container(s) are enabled in systemd, but stop it now because we wanted to use "recreate" in the podman_container task before this.
+  ansible.builtin.systemd:
+    name: container-wikijs
+    scope: user
+    daemon_reload: true
+    state: stopped
+    enabled: true
+
+- name: Wiki.js | Start the container(s) with systemd, so systemd will know the state of the container(s) moving forward.
+  ansible.builtin.systemd:
+    name: container-wikijs
+    scope: user
+    state: started
+  register: systemd_result
+  until: systemd_result is succeeded
+  retries: 1
diff --git a/tests/inventory b/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..f271f63
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  remote_user: root
+  connection: local
+  roles:
+    - wikijs