diff --git a/install_whiteboard.yml b/install_whiteboard.yml new file mode 100644 index 0000000..6e3299a --- /dev/null +++ b/install_whiteboard.yml @@ -0,0 +1,233 @@ +- name: Voeg lokale host toe aan nextcloud groep + hosts: localhost + gather_facts: yes + tasks: + - name: Haal IP-adres op van huidige server + debug: + var: ansible_default_ipv4.address + + - name: Voeg IP-adres toe aan 'nextcloud' groep + add_host: + name: "{{ ansible_default_ipv4.address }}" + groups: nextcloud + ansible_user: "{{ ansible_user }}" + +- name: Setup Whiteboard server with Docker Compose v2, HTTPS/WSS, WebSocket fix, and healthcheck + hosts: whiteboard + become: true + vars: + ansible_python_interpreter: /usr/bin/python3 + + tasks: + - name: Update and upgrade apt packages + apt: + update_cache: yes + upgrade: dist + + - name: Install required packages + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - jq + - netcat + state: present + + - name: Add NodeSource Node.js 20.x repository + shell: curl -fsSL https://deb.nodesource.com/setup_20.x | bash - + args: + executable: /bin/bash + + - name: Install Node.js and npm (from NodeSource) + apt: + name: + - nodejs + state: present + + - name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + + - name: Add Docker repository + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable + state: present + + - name: Install Docker and Docker Compose v2 + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + state: present + + - name: Ensure Docker Compose v2 plugin is present + command: docker compose version + register: docker_compose_version + failed_when: docker_compose_version.rc != 0 + + - name: Clone Whiteboard repository (force overwrite) + git: + repo: https://github.com/nextcloud/whiteboard.git + dest: /opt/whiteboard + version: main + force: yes + + - name: Install npm packages (including dotenv) + command: npm install + args: + chdir: /opt/whiteboard + + - name: Create updated .env file for Whiteboard (matching Docker expectations) + copy: + dest: /opt/whiteboard/.env + content: | + NEXTCLOUD_URL={{ nc_url }} + NEXTCLOUD_USER={{ nc_user }} + NEXTCLOUD_PASSWORD={{ nc_password }} + JWT_SECRET_KEY={{ jwt_secret }} + FORCE_HTTPS=true + TRUST_PROXY=true + PORT=3002 + + - name: Update docker-compose.yml to use env_file + copy: + dest: /opt/whiteboard/docker-compose.yml + content: | + version: '3.7' + services: + nextcloud-whiteboard-server: + build: + context: . + dockerfile: Dockerfile + ports: + - 3002:3002 + env_file: + - .env + + - name: Run Docker Compose up + command: docker compose up -d + args: + chdir: /opt/whiteboard + + - name: Install Nginx and Certbot + apt: + name: + - nginx + - certbot + - python3-certbot-nginx + state: present + + - name: Ensure nginx.conf has map for connection_upgrade + blockinfile: + path: /etc/nginx/nginx.conf + block: | + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + insertafter: '^http {' + marker: "# {mark} ANSIBLE MANAGED CONNECTION UPGRADE MAP" + + - name: Temporary Nginx HTTP config for certificate request + copy: + dest: /etc/nginx/sites-available/whiteboard + content: | + server { + listen 80; + server_name {{ domain }}; + + location / { + proxy_pass http://localhost:3002; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port 80; + } + } + + - name: Enable Nginx site and disable default + file: + src: /etc/nginx/sites-available/whiteboard + dest: /etc/nginx/sites-enabled/whiteboard + state: link + force: true + + - name: Remove default Nginx site + file: + path: /etc/nginx/sites-enabled/default + state: absent + + - name: Test Nginx configuration + command: nginx -t + + - name: Reload Nginx + systemd: + name: nginx + state: reloaded + + - name: Obtain Let’s Encrypt certificate + command: > + certbot --nginx -d {{ domain }} --non-interactive --agree-tos -m {{ email }} + + - name: Replace Nginx config with SSL, WebSocket fix, and healthcheck support + copy: + dest: /etc/nginx/sites-available/whiteboard + content: | + server { + listen 80; + server_name {{ domain }}; + location / { + return 301 https://$host$request_uri; + } + } + + server { + listen 443 ssl; + server_name {{ domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; + + location / { + proxy_pass http://localhost:3002; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Port 443; + proxy_read_timeout 86400; + } + } + + - name: Test final Nginx configuration + command: nginx -t + + - name: Reload Nginx with final SSL config + systemd: + name: nginx + state: reloaded + + - name: Restart Docker Compose services + command: docker compose restart + args: + chdir: /opt/whiteboard + + - name: Check if backend port 3002 is open + command: nc -zv localhost 3002 + register: portcheck_result + failed_when: portcheck_result.rc != 0 + + - name: Show port 3002 check result + debug: + var: portcheck_result