diff --git a/group_vars/seafile.yaml b/group_vars/seafile.yaml new file mode 100644 index 0000000..2ca71ba --- /dev/null +++ b/group_vars/seafile.yaml @@ -0,0 +1,160 @@ +--- + +# version to install +seafile_install_version: '6.0.5' + +# names, files and directory locations +seafile_user: seafile +seafile_user_home: /home/seafile +seafile_org_name: LILiK +seafile_server_name: '{{ seafile_org_name }}' +seafile_ip_or_domain: seafile.lilik.it +seafile_service_url: https://{{ seafile_ip_or_domain }} + +seafile_quota_enable: false +seafile_quota_default: 2 + +seafile_history_keepall: true # set to false to enable keep_days limit +seafile_history_keep_days: 30 + +seafile_max_upload_size_enable: false # set to true to enable max +seafile_max_upload_size: 200 # MB +seafile_max_download_dir_size_enable: false # set to true to enable max +seafile_max_download_dir_size: 200 # MB + +seafile_email_enable: enable +seafile_email_use_tls: false +#seafile_email_host: smtp.myisp.example +seafile_email_user: '{{ seafile_seahub_admin_email }}' +seafile_email_password: '' +seafile_email_port: 25 +seafile_default_from_email: '{{ seafile_email_user }}' +seafile_server_email: '{{ seafile_email_user }}' + +seafile_time_zone: 'Europe/Brussels' +seafile_site_base: 'http://{{ seafile_ip_or_domain }}/' +seafile_site_name: '{{ seafile_org_name }}' # used in email notifications +seafile_site_title: '{{ seafile_org_name }}' +seafile_site_root: '/' +seafile_cloud_mode: true +seafile_logo_path: 'custom/ginsys_seafile_logo.png' + +seafile_fastcgi_enabled: true + +# webdav settings +seafile_webdav_enabled: true +seafile_webdav_fastcgi: true +seafile_webdav_path: /dav + +# seahub settings +seafile_seahub_admin_email: zolfa@lilik.it +seafile_seahub_admin_password: zolfa + +# database settings +seafile_backend: mysql +#mysql configuration +# +seafile_db_user: 'seafile' +seafile_db_host: 127.0.0.1 +seafile_db_name: + ccnet: 'sf_ccnet' + seafile: 'sf_seafile' + seahub: 'sf_seahub' + +mysql_bind_address: '{{ seafile_db_host }}' +mysql_db: +- name: '{{ seafile_db_name.ccnet }}' + replicate: no +- name: '{{ seafile_db_name.seafile }}' + replicate: no +- name: '{{ seafile_db_name.seahub }}' + replicate: no +mysql_users: +- name: '{{ seafile_db_user }}' + pass: '{{ seafile_db_pass }}' + priv: > + {{ seafile_db_name.ccnet ~ ".*:ALL/" ~ + seafile_db_name.seafile ~ ".*:ALL/" ~ + seafile_db_name.seahub ~ ".*:ALL" }} + +#mysql_root_db_pass: dark +#seafile_db_pass: pippopippo + +#nginx configuration +# +nginx_max_clients: 128 +nginx_http_params: + sendfile: "on" + tcp_nopush: "on" + tcp_nodelay: "on" + keepalive_timeout: "65" + access_log: "/var/log/nginx/access.log" + error_log: "/var/log/nginx/error.log" + types_hash_max_size: 2048 + +letsencrypt: true +letsencrypt_acme_dir: "https://acme-v01.api.letsencrypt.org/directory" + +nginx_sites: + - server: + file_name: '{{ seafile_ip_or_domain }}' + server_name: '{{ seafile_ip_or_domain }}' + listen: 80 + use_for_challenge: True + location: + - name: / + rewrite: ^ https://$http_host$request_uri? permanent + - server: + file_name: '{{ seafile_ip_or_domain }}-ssl' + server_name: '{{ seafile_ip_or_domain }}' + listen: 443 + ssl: "on" + ssl_certificate_key: /etc/ssl/private/{{ seafile_ip_or_domain }}.key + ssl_certificate: /etc/ssl/private/{{ seafile_ip_or_domain }}.crt + letsencrypt: + ssl_certificate_req: /etc/ssl/private/{{ seafile_ip_or_domain }}.csr + ssl_org: LILiK + ssl_email: "zolfa@lilik.it" + ssl_cn: '{{ seafile_ip_or_domain }}' + location: + - name: / + fastcgi_pass: 127.0.0.1:{{ seafile_fastcgi_port }} + "fastcgi_param SCRIPT_FILENAME": $document_root$fastcgi_script_name + "fastcgi_param PATH_INFO": $fastcgi_script_name + "fastcgi_param SERVER_PROTOCOL": $server_protocol + "fastcgi_param QUERY_STRING": $query_string + "fastcgi_param REQUEST_METHOD": $request_method + "fastcgi_param CONTENT_TYPE": $content_type + "fastcgi_param CONTENT_LENGTH": $content_length + "fastcgi_param SERVER_ADDR": $server_addr + "fastcgi_param SERVER_PORT": $server_port + "fastcgi_param SERVER_NAME": $server_name + "fastcgi_param HTTPS": on + "fastcgi_param HTTP_SCHEME": https + access_log: /var/log/nginx/seahub.access.log + error_log: /var/log/nginx/seahub.error.log + - name: /seafhttp + rewrite: ^/seafhttp(.*)$ $1 break + proxy_pass: http://127.0.0.1:{{ seafile_httpserver_port }} + client_max_body_size: 0 + - name: /media + root: '{{ seafile_latest_dir }}/seahub' + - name: '{{ seafile_webdav_path }}' + fastcgi_pass: 127.0.0.1:{{ seafile_webdav_port }} + "fastcgi_param SCRIPT_FILENAME": $document_root$fastcgi_script_name + "fastcgi_param PATH_INFO": $fastcgi_script_name + "fastcgi_param SERVER_PROTOCOL": $server_protocol + "fastcgi_param QUERY_STRING": $query_string + "fastcgi_param REQUEST_METHOD": $request_method + "fastcgi_param CONTENT_TYPE": $content_type + "fastcgi_param CONTENT_LENGTH": $content_length + "fastcgi_param SERVER_ADDR": $server_addr + "fastcgi_param SERVER_PORT": $server_port + "fastcgi_param SERVER_NAME": $server_name + "fastcgi_param HTTPS": off + "fastcgi_param HTTP_SCHEME": http + client_max_body_size: 50m + access_log: /var/log/nginx/seafdav.access.log + error_log: /var/log/nginx/seafdav.error.log + + diff --git a/seafile.yaml b/seafile.yaml new file mode 100644 index 0000000..cc33e1c --- /dev/null +++ b/seafile.yaml @@ -0,0 +1,24 @@ +--- +- hosts: biff + roles: + - role: lxc_guest + vm_name: seafile + vm_size: 5G + distro: stretch +- hosts: seafile + tasks: + - name: generate random password for seafile mysql user + gen_passwd: length=16 + register: random_seafile_db_pass + - debug: + var: random_seafile_db_pass.passwd + vars: + seafile_db_pass: "{{ random_seafile_db_pass.passwd }}" + +- hosts: seafile + vars_files: + - group_vars/seafile.yaml + roles: + - role: nginx + - role: seafile.mysql + - role: seafile