[framadate][unsafe] PEP-CRANS compliance

roles/framadate/README.md

@@ -0,0 +1,20 @@
+# Framadate
+
+Ce rôle installe un serveur framadate.
+
+## Variables
+
+  - glob_framadate:
+    - contact: Adresse mail de contact de l'administrateur
+    - automatic_response: Adresse mail utilisée pour répondre au clients du
+      serveur
+    - smtp_server: le serveur smtp a utilisé pour envoyer les mails
+    - hostname: le nom de domaine du serveur
+    - repo: le repo git où est stocké le code source de framadate
+    - versoin: le commit dans lequel on se place
+    - admin_username: le nom d'utilisateur de l'administrateur
+    - admin_password: le mot de l'administrateur
+    - db_password: le mot de passe de la base de données
+  - loc_framadate:
+    - path: le chemin où on installe framadate
+

roles/framadate/tasks/main.yml

@@ -19,15 +19,15 @@
 
 - name: Clone framadate project
   git:
-    repo: "{{ framadate.repo }}"
+    repo: "{{ glob_framadate.repo }}"
-    dest: "{{ framadate.path }}"
+    dest: "{{ loc_framadate.path }}"
-    version: "{{ framadate.version }}"
+    version: "{{ glob_framadate.version }}"
 
 # Cet item là raises forcement un changed à cause du recurse: true
 # https://github.com/ansible/ansible/issues/32636
 - name: Set perms on framadate code
   file:
-    path: "{{ framadate.path }}"
+    path: "{{ loc_framadate.path }}"
     state: directory
     owner: www-data
     group: www-data
@@ -36,7 +36,7 @@
 - name: Install Framadate dependencies
   composer:
     command: install
-    working_dir: "{{ framadate.path }}"
+    working_dir: "{{ loc_framadate.path }}"
   become: true
   become_user: www-data
   register: composer_result
@@ -45,29 +45,29 @@
 
 - name: Create log file
   file:
-    path: "{{ framadate.path }}/admin/stdout.log"
+    path: "{{ loc_framadate.path }}/admin/stdout.log"
     owner: www-data
     mode: 0600
 
 - name: Configure framadate
   template:
-    src: config.php.j2
+    src: framadate/app/inc/config.php.j2
-    dest: "{{ framadate.path }}/app/inc/config.php"
+    dest: "{{ loc_framadate.path }}/app/inc/config.php"
     owner: www-data
     group: www-data
 
 - name: Configure admin password
   htpasswd:
     path: /etc/nginx/.htpasswd
-    name: "{{ framadate.admin_username }}"
+    name: "{{ glob_framadate.admin_username }}"
-    password: "{{ framadate.admin_password }}"
+    password: "{{ glob_framadate.admin_password }}"
     owner: root
     group: www-data
     mode: 0640
 
 - name: Configure nginx site
   template:
-    src: nginx-site.j2
+    src: nginx/sites-available/framadate.j2
     dest: /etc/nginx/sites-available/framadate
   notify: restart nginx
 
@@ -88,7 +88,7 @@
   mysql_user:
     login_unix_socket: /var/run/mysqld/mysqld.sock
     name: framadate
-    password: "{{ framadate.db_password }}"
+    password: "{{ glob_framadate.db_password }}"
     priv: 'framadate.*:ALL'
     state: present
 

roles/framadate/templates/framadate/app/inc/config.php.j2

@@ -25,16 +25,16 @@
 // Fully qualified domain name of your webserver.
 // If this is unset or empty, the servername is determined automatically.
 // You *have to set this* if you are running Framadate behind a reverse proxy.
-// const APP_URL = 'framadate.crans.org';
+// const APP_URL = '{{ glob_framadate.hostname }}';
 
 // Application name
 const NOMAPPLICATION = 'Framadate';
 
 // Database administrator email
-const ADRESSEMAILADMIN = 'contact@crans.org';
+const ADRESSEMAILADMIN = '{{ glob_framadate.contact }}';
 
 // Email for automatic responses (you should set it to "no-reply")
-const ADRESSEMAILREPONSEAUTO = 'no-reply@crans.org';
+const ADRESSEMAILREPONSEAUTO = '{{ glob_framadate.automatic_response }}';
 
 // Database server name, leave empty to use a socket
 const DB_CONNECTION_STRING = 'mysql:host=localhost;dbname=framadate;port=3306';
@@ -43,7 +43,7 @@ const DB_CONNECTION_STRING = 'mysql:host=localhost;dbname=framadate;port=3306';
 const DB_USER= 'framadate';
 
 // Database password
-const DB_PASSWORD = '{{ framadate.db_password }}';
+const DB_PASSWORD = '{{ glob_framadate.db_password }}';
 
 // Table name prefix
 const TABLENAME_PREFIX = 'fd_';
@@ -92,7 +92,7 @@ $config = [
     /* general config */
     'use_smtp' => true,                     // use email for polls creation/modification/responses notification
     'smtp_options' => [
-        'host' => 'smtp.crans.org',              // SMTP server (you could add many servers (main and backup for example) : use ";" like separator
+        'host' => '{{ glob_framadate.smtp_server }}',              // SMTP server (you could add many servers (main and backup for example) : use ";" like separator
         'auth' => false,                    // Enable SMTP authentication
         'username' => '',                   // SMTP username
         'password' => '',                   // SMTP password

roles/framadate/templates/nginx/sites-available/framadate.j2

@@ -4,12 +4,12 @@ server {
     listen 80;
     listen [::]:80;
 
-    server_name framadate.crans.org;
+    server_name {{ glob_framadate.hostname }};
 
     add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
     add_header Referrer-Policy "strict-origin";
 
-    root {{ framadate.path }};
+    root {{ loc_framadate.path }};
 
     index index.php;
 

roles/framadate/templates/update-motd.d/05-service.j2

@@ -1,3 +1,3 @@
 #!/usr/bin/tail +14
 {{ ansible_header | comment }}
-> Framadate a été déployé sur cette machine. Voir {{ framadate.path }}.
+> Framadate a été déployé sur cette machine. Voir {{ loc_framadate.path }}.