Add support for Debian

Vagrantfile

@@ -0,0 +1,31 @@
+# This guide is optimized for Vagrant 1.7 and above.
+# Although versions 1.6.x should behave very similarly, it is recommended
+# to upgrade instead of disabling the requirement below.
+Vagrant.require_version ">= 1.7.0"
+
+Vagrant.configure(2) do |config|
+
+  config.vm.box = "debian/bullseye64"
+
+  config.vm.define "debiantest" do |m|
+    m.vm.hostname = "debiantest"
+    m.vm.network :private_network, ip: "192.168.123.2", libvirt__dhcp_enabled: false
+    m.vm.synced_folder ".", "/vagrant", disabled: true
+  end
+  # Disable the new default behavior introduced in Vagrant 1.7, to
+  # ensure that all Vagrant machines will use the same SSH key pair.
+  # See https://github.com/mitchellh/vagrant/issues/5005
+  config.ssh.insert_key = false
+
+  config.vm.provider :libvirt do |lv|
+    lv.cpus = 2
+    lv.memory = 1024
+  end
+
+  config.vm.provision "ansible" do |ansible|
+    ansible.become = true
+    ansible.verbose = "v"
+    ansible.playbook = "playbook.yml"
+    ansible.inventory_path = "inventory"
+  end
+end

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+roles_path = ../

defaults/main.yml

@@ -3,7 +3,7 @@ selfoss_default_install_dir: /var/www/selfoss
 selfoss_install_dir: "{{ selfoss_default_install_dir }}"
 __selfoss_url: "{{ selfoss_url | mandatory }}"
 __selfoss_username: "{{ selfoss_username | mandatory }}"
-__selfoss_password: "{{ selfoss_password | mandatory }}"
+__selfoss_password_hash: "{{ selfoss_password_hash | mandatory }}"
 selfoss_special_time: daily
 
 # System specific variables, to be defined in vars/{{ ansible_os_family }}.yml

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart nginx
+  systemd:
+    name: nginx.service
+    state: restarted

inventory

@@ -0,0 +1 @@
+debiantest

playbook.yml

@@ -0,0 +1,8 @@
+---
+- hosts: debiantest
+  gather_facts: yes
+  vars_files:
+    - ./test/vars.yml
+
+  roles:
+    - ansible-selfoss

scripts/genpw.py

@@ -1,21 +1,23 @@
 # -*- encoding: utf-8 -*_
 import argparse
 import bcrypt
+from pprint import pprint as pp
 import typing as T
 
 
-def hash(passwd: T.Text) -> T.Text:
+def hash(passwd: T.Text) -> T.Dict[T.Text, T.Text]:
     bin_pass = passwd.encode("utf-8")
-    bin_hash = bcrypt.hashpw(bin_pass, bcrypt.gensalt(10))
-    return bin_hash.decode("utf-8")
+    bin_salt = bcrypt.gensalt(10)
+    bin_hash = bcrypt.hashpw(bin_pass, bin_salt)
+    return {"salt": bin_salt.decode("utf-8"), "hash": bin_hash.decode("utf-8")}
 
 
 def main() -> None:
     parser = argparse.ArgumentParser()
     parser.add_argument("plaintext", help="plaintext password to be hashed")
     args = parser.parse_args()
 
-    print(hash(args.plaintext))
+    pp(hash(args.plaintext))
 
 
 if __name__ == "__main__":

tasks/install-Debian.yml

@@ -0,0 +1,58 @@
+---
+- name: Install selfoss dependencies
+  apt:
+    name:
+      - php-fpm
+      - php-sqlite3
+      - php-gd
+      - php-xml
+      - unzip
+    update_cache: yes
+    state: present
+
+- name: Add selfoss runner users
+  user:
+    name: "{{ selfoss_www_user }}"
+    group: www-data
+    state: present
+    system: True
+    shell: /usr/sbin/nologin
+    home: "{{ selfoss_install_dir }}"
+    create_home: True
+  when: selfoss_create_user
+
+- name: Download selfoss from web
+  unarchive:
+    src: "{{ ___selfoss_download_url }}"
+    dest: /tmp
+    remote_src: yes
+
+- name: Replace current selfoss, if any
+  copy:
+    src: /tmp/selfoss
+    dest: "{{ selfoss_default_install_dir | dirname }}"
+    remote_src: yes
+
+- name: Create configuration from default
+  copy:
+    src: "{{ selfoss_default_install_dir }}/defaults.ini"
+    dest: "{{ selfoss_default_install_dir }}/config.ini"
+    remote_src: yes
+
+- name: Ensure php-fpm is running
+  systemd:
+    name: "php{{ selfoss_php_version }}-fpm.service"
+    enabled: yes
+    state: started
+
+- name: Ensure allow_url_fopen is enabled in php.ini
+  ini_file:
+    path: /etc/php/{{ selfoss_php_version }}/fpm/php.ini
+    section: PHP
+    option: allow_url_fopen
+    value: 'On'
+
+- include: "webserver.yml"
+
+- name: Force all notified handlers to run at this point, not waiting for normal sync points
+  meta: flush_handlers

tasks/main.yml

@@ -29,7 +29,7 @@
     when: selfoss_target_dir_state.state == "absent"
   when: selfoss_default_install_dir != selfoss_install_dir
 
-- name: Ensure correct initialization of the salt
+- name: Ensure the correct salt is present
   block:
   - name: Check the value of salt in config.ini
     lineinfile:
@@ -39,18 +39,14 @@
     check_mode: yes
     changed_when: false
     register: selfoss_salt_state
-  - block:
-    - name: Create a good salt
-      shell: tr -cd '#_[:alnum:]' < /dev/urandom | fold -w 60 | head -1
-      register: selfoss_salt
-      changed_when: false
-    - name: Write the new salt in config.ini
-      ini_file:
-        path: "{{ selfoss_install_dir }}/config.ini"
-        section: globals
-        option: salt
-        value: "{{ selfoss_salt.stdout }}"
+  - name: Write the new salt in config.ini
+    ini_file:
+      path: "{{ selfoss_install_dir }}/config.ini"
+      section: globals
+      option: salt
+      value: "{{ selfoss_password_salt }}"
     when: selfoss_salt_state.changed == false and selfoss_salt_state.msg != 'line added'
+  when: selfoss_password_salt is defined
 
 - name: Ensure correct initialization of the username
   block:
@@ -69,6 +65,7 @@
       option: username
       value: "{{ __selfoss_username }}"
     when: selfoss_username_state.changed == false and selfoss_username_state.msg != 'line added'
+  when: selfoss_username is defined
 
 - name: Ensure correct initialization of the password
   block:
@@ -87,10 +84,11 @@
       option: password
       value: "{{ selfoss_password_hash }}"
     when: selfoss_password_state.changed == false and selfoss_password_state.msg != 'line added'
+  when: selfoss_password_hash is defined
 
 - name: Ensure feeds are updated with a cron job
   cron:
-    name: "Update feeds for {{ selfoss_username }}"
+    name: "Update feeds for {{ selfoss_username | default('selfoss service') }}"
     special_time: "{{ selfoss_special_time }}"
     job: "sleep $((RANDOM \\% 300)) && {{ selfoss_php_path }} {{ selfoss_install_dir }}/cliupdate.php"
     user: "{{ selfoss_www_user }}"

tasks/webserver.yml

@@ -0,0 +1,35 @@
+---
+- name: Install selfoss dependencies
+  apt:
+    name: nginx
+    state: present
+
+- name: Ensure the configuration file is present
+  template:
+    src: selfoss.conf.j2
+    dest: /etc/nginx/sites-available/selfoss.conf
+    mode: 0644
+    owner: root
+    group: root
+  notify: restart nginx
+
+- name: Ensure nginx configuration is enabled
+  file:
+    src: /etc/nginx/sites-available/selfoss.conf
+    dest: /etc/nginx/sites-enabled/selfoss.conf
+    owner: root
+    group: root
+    state: link
+  notify: restart nginx
+
+- name: Ensure default nginx configuration is absent
+  file:
+    dest: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: restart nginx
+
+- name: Enable nginx service
+  systemd:
+    name: nginx.service
+    enabled: yes
+    state: started

templates/selfoss.conf.j2

@@ -0,0 +1,29 @@
+server {
+    listen {{ selfoss_port }} default_server;
+    root {{ selfoss_install_dir }};
+    access_log /var/log/nginx/selfoss.access.log;
+    error_log /var/log/nginx/selfoss.error.log;
+
+    location ~* \ (gif|jpg|png) {
+        expires 30d;
+    }
+
+    location ~ ^/(favicons|thumbnails)/.*$ {
+        try_files $uri /data/$uri;
+    }
+
+    location ~* ^/(data\/logs|data\/sqlite|config\.ini|\.ht) {
+        deny all;
+    }
+
+    location / {
+        index index.php;
+        try_files $uri /public/$uri /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php/php{{ selfoss_php_version }}-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi.conf;
+    }
+}

test/vars.yml

@@ -0,0 +1,11 @@
+---
+selfoss_create_user: False
+selfoss_www_user: www-data
+selfoss_www_group: www-data
+selfoss_port: "8080"
+selfoss_url: http://debiantest:8080
+selfoss_username: leo
+selfoss_password: password
+selfoss_include_nginx: True
+selfoss_password_salt: $2b$10$06dc9qpT/wPf/NxnMEngVO
+selfoss_password_hash: $2b$10$06dc9qpT/wPf/NxnMEngVO8nAgAq4TS4Erts4fSjT.S/SxECQ8deS

vars/Debian.yml

@@ -0,0 +1,4 @@
+---
+selfoss_php_version: "7.4"
+___selfoss_download_url: https://bintray.com/fossar/selfoss/download_file?file_path=selfoss-2.19-9af53e9.zip
+___selfoss_php_path: /usr/bin/php