start with etherpad

nodejs.yml

@@ -0,0 +1,5 @@
+---
+- name: nodejs test
+  hosts: all
+  roles:
+  - nodejs

roles/caddy/defaults/main.yml

@@ -0,0 +1,33 @@
+---
+# defaults file for caddy-ansible
+caddy_user: www-data
+caddy_home: /home/caddy
+caddy_packages: []
+caddy_update: true
+caddy_bin_dir: /usr/local/bin
+caddy_conf_dir: /etc/caddy
+caddy_github_token: ""
+caddy_log_dir: /var/log/caddy
+caddy_log_file: stdout
+caddy_certs_dir: /etc/ssl/caddy
+caddy_http2_enabled: "true"
+# additional cli args to pass to caddy
+caddy_additional_args: ""
+caddy_systemd_network_dependency: true
+caddy_systemd_capabilities_enabled: false
+caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
+caddy_systemd_restart: "on-failure"   # always, on-success, on-failure, on-abnormal, on-abort, on-watchdog
+caddy_systemd_restart_startlimitinterval: "86400"
+caddy_systemd_restart_startlimitburst: "5"
+caddy_systemd_private_tmp: "true"
+caddy_systemd_private_devices: "true"
+# Disable this because the git module writes to ~/.ssh
+caddy_systemd_protect_home: "false"
+caddy_systemd_protect_system: "full"
+caddy_systemd_nproc_limit: 0
+caddy_setcap: true
+caddy_config: |
+  http://localhost:2020
+  respond "Hello, world!"
+caddy_environment_variables: {}
+caddy_os: linux

roles/caddy/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Restart caddy
+  systemd:
+    daemon_reload: true
+    name: caddy
+    state: restarted
+
+- name: Reload caddy
+  systemd:
+    name: caddy
+    state: reloaded

roles/caddy/tasks/github-extract.yml

@@ -0,0 +1,21 @@
+---
+- name: Extract Caddy
+  unarchive:
+    src: "{{ caddy_home }}/caddy.tar.gz"
+    dest: "{{ caddy_home }}"
+    copy: false
+    mode: 0644
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"
+  when: caddy_binary_cache.changed
+  tags: skip_ansible_lint
+
+- name: Extract Caddy
+  unarchive:
+    src: "{{ caddy_home }}/caddy.tar.gz"
+    dest: "{{ caddy_home }}"
+    creates: "{{ caddy_home }}/caddy"
+    copy: false
+    mode: 0644
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"

roles/caddy/tasks/github-url.yml

@@ -0,0 +1,20 @@
+---
+- name: Get latest Caddy release details
+  uri:
+    url: https://api.github.com/repos/mholt/caddy/releases/latest
+    return_content: true
+    headers: '{{ caddy_github_headers }}'
+  register: latest_caddy_release
+
+- name: Set Caddy tag
+  set_fact:
+    caddy_tag: "{{ (latest_caddy_release.content | from_json).get('tag_name') }}"
+
+- name: Set Caddy version
+  set_fact:
+    caddy_version: "{{ caddy_tag | regex_replace('^v', '') }}"
+
+- name: Set Caddy url
+  set_fact:
+    caddy_url: "https://github.com/caddyserver/caddy/releases/download/\
+                {{ caddy_tag }}/caddy_{{ caddy_version }}_{{ caddy_os }}_{{ go_arch }}.tar.gz"

roles/caddy/tasks/main.yml

@@ -0,0 +1,134 @@
+---
+- include: preflight.yml
+- include: packages-{{ ansible_pkg_mgr }}.yml
+
+- name: Create Caddy user
+  user:
+    name: "{{ caddy_user }}"
+    system: true
+    createhome: true
+    home: "{{ caddy_home }}"
+  register: caddy_user_details
+
+- name: Build headers to use when making requests to github
+  set_fact:
+    caddy_github_headers: "{{ caddy_github_headers | combine({'Authorization': 'token ' + caddy_github_token}) }}"
+  when: caddy_github_token | length > 0
+
+- name: Get all Caddy releases
+  get_url:
+    url: https://api.github.com/repos/mholt/caddy/git/refs/tags
+    dest: "{{ caddy_home }}/releases.txt"
+    force: true
+    headers: '{{ caddy_github_headers }}'
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"
+  retries: 3
+  delay: 2
+  when: caddy_update
+  register: caddy_releases_cache
+
+- name: Set Caddy features
+  copy:
+    content: "{{ ','.join(caddy_packages) }}"
+    dest: "{{ caddy_home }}/features.txt"
+    mode: 0640
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"
+  when: caddy_update
+  register: caddy_features_cache
+
+- include: github-url.yml
+  when: caddy_use_github
+
+- name: Download Caddy
+  get_url:
+    url: "{{ caddy_url }}"
+    dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
+    force: true
+    timeout: 300
+    mode: 0644
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"
+  retries: 3
+  delay: 2
+  when: caddy_releases_cache.changed or caddy_features_cache.changed
+  register: caddy_binary_cache
+  tags: skip_ansible_lint
+
+- name: Download Caddy
+  get_url:
+    url: "{{ caddy_url }}"
+    dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
+    timeout: 300
+    mode: 0644
+    owner: "{{ caddy_user }}"
+    group: "{{ caddy_user_details.group }}"
+  retries: 3
+  delay: 2
+  register: caddy_download
+  tags: skip_ansible_lint
+
+- include: github-extract.yml
+  when: caddy_use_github
+
+- name: Copy Caddy Binary
+  copy:
+    src: "{{ caddy_home }}/caddy"
+    dest: "{{ caddy_bin }}"
+    mode: 0755
+    remote_src: true
+  notify:
+    - Restart caddy
+
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ caddy_user }}"
+    mode: 0770
+  with_items:
+    - "{{ caddy_conf_dir }}"
+    - "{{ caddy_certs_dir }}"
+
+- name: Create log directory
+  file:
+    path: "{{ caddy_log_dir }}"
+    state: directory
+    owner: "{{ caddy_user }}"
+    mode: 0775
+
+- name: Create Caddyfile
+  copy:
+    content: "{{ caddy_config }}"
+    dest: "{{ caddy_conf_dir }}/Caddyfile"
+    owner: "{{ caddy_user }}"
+    mode: 0640
+  notify:
+    - Reload caddy
+
+- name: Template systemd service
+  template:
+    src: caddy.service
+    dest: /etc/systemd/system/caddy.service
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Restart caddy
+
+- name: Set capability on the binary file to be able to bind to TCP port <1024
+  capabilities:
+    path: "{{ caddy_bin }}"
+    capability: cap_net_bind_service+eip
+    state: present
+  when: caddy_setcap
+
+- name: Ensue caddy service is up-to-date before starting it
+  meta: flush_handlers
+
+- name: Start Caddy service
+  systemd:
+    name: caddy
+    state: started
+    enabled: true

roles/caddy/tasks/packages-apt.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Update cache
+  apt:
+    update_cache: true
+    cache_valid_time: 43200   # 12 hours
+
+# This is required because it provides the /bin/kill binary used in the service file
+- name: Install procps
+  apt:
+    name: procps
+    state: present
+
+- name: Install libcap
+  apt:
+    name: libcap2-bin
+    state: present
+  when: caddy_setcap

roles/caddy/tasks/packages-dnf.yml

@@ -0,0 +1 @@
+---

roles/caddy/tasks/packages-pacman.yml

@@ -0,0 +1 @@
+---

roles/caddy/tasks/packages-yum.yml

@@ -0,0 +1 @@
+---

roles/caddy/tasks/preflight.yml

@@ -0,0 +1,17 @@
+---
+- name: Assert usage of systemd as an init system
+  assert:
+    that: ansible_service_mgr == 'systemd'
+    msg: "This module only works with systemd"
+
+- name: Get systemd version
+  command: systemctl --version
+  changed_when: false
+  check_mode: false
+  register: __systemd_version
+  tags:
+    - skip_ansible_lint
+
+- name: Set systemd version fact
+  set_fact:
+    caddy_systemd_version: "{{ __systemd_version.stdout_lines[0].split(' ')[-1] }}"

roles/caddy/templates/caddy.service

@@ -0,0 +1,73 @@
+{{ ansible_managed | comment(decoration="; ") }}
+; source: https://github.com/mholt/caddy/blob/master/dist/init/linux-systemd/caddy.service
+; version: 6be0386
+; changes: Set variables via Ansible
+
+[Unit]
+Description=Caddy HTTP/2 web server
+Documentation=https://caddyserver.com/docs
+After=network-online.target
+{% if caddy_systemd_network_dependency == true %}
+Wants=network-online.target systemd-networkd-wait-online.service
+{% endif %}
+{% if caddy_systemd_version | int >= 230 %}
+StartLimitIntervalSec={{ caddy_systemd_restart_startlimitinterval }}
+StartLimitBurst={{ caddy_systemd_restart_startlimitburst }}
+{% endif %}
+
+[Service]
+Restart={{ caddy_systemd_restart }}
+{% if caddy_systemd_version | int < 230 %}
+StartLimitInterval={{ caddy_systemd_restart_startlimitinterval }}
+StartLimitBurst={{ caddy_systemd_restart_startlimitburst }}
+{% endif %}
+
+; User and group the process will run as.
+User={{ caddy_user }}
+Group={{ caddy_user }}
+
+; Letsencrypt-issued certificates will be written to this directory.
+Environment=CADDYPATH={{ caddy_certs_dir }}
+
+ExecStart="{{ caddy_bin_dir }}/caddy" run --environ --config "{{ caddy_conf_dir }}/Caddyfile" {{ caddy_additional_args }}
+ExecReload="{{ caddy_bin_dir }}/caddy" reload --config "{{ caddy_conf_dir }}/Caddyfile"
+
+; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+LimitNOFILE=1048576
+{% if caddy_systemd_nproc_limit > 0 %}
+; Limit the number of caddy threads.
+LimitNPROC={{ caddy_systemd_nproc_limit }}
+{% endif %}
+
+; Use private /tmp and /var/tmp, which are discarded after caddy stops.
+PrivateTmp={{ caddy_systemd_private_tmp }}
+; Use a minimal /dev
+PrivateDevices={{ caddy_systemd_private_devices }}
+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome={{ caddy_systemd_protect_home }}
+; Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem={{ caddy_systemd_protect_system }}
+; … except {{ caddy_certs_dir }}, because we want Letsencrypt-certificates there.
+;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
+ReadWriteDirectories={{ caddy_certs_dir }}
+
+{% if caddy_systemd_capabilities_enabled %}
+; The following additional security directives only work with systemd v229 or later.
+; They further retrict privileges that can be gained by caddy.
+; Note that you may have to add capabilities required by any plugins in use.
+CapabilityBoundingSet={{ caddy_systemd_capabilities }}
+AmbientCapabilities={{ caddy_systemd_capabilities }}
+NoNewPrivileges=true
+
+{% endif %}
+{% if caddy_environment_variables|length %}
+
+; Additional environment variables:
+
+{% for key, value in caddy_environment_variables.items() %}
+Environment={{ key }}={{ value }}
+{% endfor %}
+
+{% endif %}
+[Install]
+WantedBy=multi-user.target

roles/caddy/vars/main.yml

@@ -0,0 +1,21 @@
+---
+# vars file for caddy-ansible
+caddy_github_headers: {}
+
+go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+  aarch64: 'arm64'
+  armv7l: 'arm7'
+  armv6l: 'arm6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+
+caddy_bin: "{{ caddy_bin_dir }}/caddy"
+
+caddy_url: "https://caddyserver.com/api/download?os={{ caddy_os }}&arch={{ go_arch }}\
+           {% for pkg in caddy_packages %}\
+           {% if loop.first %}&{% endif %}p={{ pkg | urlencode() }}{% if not loop.last %},{% endif %}\
+           {% endfor %}"
+
+caddy_use_github: "{{ caddy_packages == [] }}"

roles/etherpad/.gitignore

@@ -0,0 +1,3 @@
+.molecule
+.tox
+molecule/*/.molecule

roles/etherpad/.travis.yml

@@ -0,0 +1,19 @@
+---
+language: python
+cache: pip
+
+env:
+  - MOLECULE_DISTRO=debian10
+  - MOLECULE_DISTRO=debian9
+  - MOLECULE_DISTRO=ubuntu1804
+  - MOLECULE_DISTRO=ubuntu1604
+
+install:
+  # Install test dependencies.
+  - pip install molecule docker ansible-lint yamllint
+
+script:
+  - molecule test -s docker
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/etherpad/.yamllint

@@ -0,0 +1,12 @@
+---
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable

roles/etherpad/defaults/main.yml

@@ -0,0 +1,99 @@
+---
+etherpad:
+  title: "Etherpad"
+  favicon: "favicon.ico"
+  ip: 0.0.0.0
+  port: 9001
+  users: []
+  #  -
+  #    name: admin
+  #    password: ""
+  #    is_admin: "true"
+  default_text: '"Welcome to Etherpad!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\\n\\nGet involved with Etherpad at http:\\/\\/etherpad.org\\n"'
+  pad_options_no_colors: "false"
+  pad_options_show_controls: "true"
+  pad_options_show_chat: "true"
+  pad_options_show_line_numbers: "true"
+  pad_options_use_monospace_font: "false"
+  pad_options_user_name: "false"
+  pad_options_user_color: "false"
+  pad_options_rtl: "false"
+  pad_options_always_show_chat: "false"
+  pad_options_chat_and_users: "false"
+  pad_options_lang: "en-gb"
+  pad_shortcut_alt_f9: "true"
+  pad_shortcut_alt_c: "true"
+  pad_shortcut_cmd_shft_2: "true"
+  pad_shortcut_delete: "true"
+  pad_shortcut_return: "true"
+  pad_shortcut_esc: "true"
+  pad_shortcut_cmd_s: "true"
+  pad_shortcut_tab: "true"
+  pad_shortcut_cmd_z: "true"
+  pad_shortcut_cmd_y: "true"
+  pad_shortcut_cmd_i: "true"
+  pad_shortcut_cmd_b: "true"
+  pad_shortcut_cmd_u: "true"
+  pad_shortcut_cmd_5: "true"
+  pad_shortcut_cmd_shift_l: "true"
+  pad_shortcut_cmd_shift_n: "true"
+  pad_shortcut_cmd_shift_1: "true"
+  pad_shortcut_cmd_shift_c: "true"
+  pad_shortcut_cmd_h: "true"
+  pad_shortcut_ctrl_home: "true"
+  pad_shortcut_page_up: "true"
+  pad_shortcut_page_down: "true"
+  suppress_errors_in_pad_text: "false"
+  require_session: "false"
+  edit_only: "false"
+  session_no_password: "false"
+  minify: "true"
+  max_age: 21600
+  abiword: "null"
+  soffice: "null"
+  tidyhtml: "null"
+  allow_unknown_file_ends: "true"
+  require_authentication: "false"
+  require_authorization: "false"
+  trust_proxy: "false"
+  socket_transport_protocols: ["xhr-polling", "jsonp-polling", "htmlfile"]
+  load_test: "false"
+  indentation_on_new_line: "false"
+  automatic_reconnection_timeout: 0
+  expose_version: "false"
+  toolbar:
+    left:
+      - ["bold", "italic", "underline", "strikethrough"]
+      - ["orderedlist", "unorderedlist", "indent", "outdent"]
+      - ["undo", "redo"]
+      - ["clearauthorship"]
+    right:
+      - ["importexport", "timeslider", "savedrevision"]
+      - ["settings", "embed"]
+      - ["showusers"]
+    timeslider:
+      - ["timeslider_export", "timeslider_returnToPad"]
+  log_level: "INFO"
+  abiword_enabled: False
+  console_enabled: False
+  monit_enabled: False
+  # list of etherpad plugins to be installed
+  plugins: []
+  plugins_state: present
+
+  mysql_database_host: /var/run/postgresql
+  mysql_database_name: etherpad
+  mysql_database_user: etherpad
+  mysql_database_password: etherpad
+  mysql_database_port: 3306
+
+  # Recommendation for large setups is MyISAM
+  mysql_database_engine: InnoDB
+  mysql_database_collation: utf8mb4_bin
+  mysql_database_charset: utf8mb4
+
+  # Settings for plugin 'ep_table_of_contents'
+  toc_disable: "true"
+
+  # Settings for plugin 'ep_auth_author'
+  # auth_author_prefix:

roles/etherpad/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart etherpad-lite
+  service:
+    name: etherpad-lite
+    state: restarted

roles/etherpad/tasks/abiword.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ensure abiword package is installed
+  apt:
+    pkg: abiword
+    state: present

roles/etherpad/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+- include: postgresql.yml
+
+- name: ensure etherpad user is present
+  user:
+    name: "etherpad"
+    home: "/srv/etherpad"
+    shell: "/bin/bash"
+    state: present
+
+- name: ensure etherpad is latest
+  git:
+    repo: "https://github.com/ether/etherpad-lite"
+    dest: "/srv/etherpad/etherpad"
+    version: "master"
+  become: true
+  become_user: "etherpad"
+  register: repository
+
+- name: ensure etherpad systemd unit is latest
+  template:
+    src: etherpad-lite.service.j2
+    dest: /etc/systemd/system/etherpad-lite.service
+    owner: root
+    group: root
+    mode: 0644
+
+- name: ensure etherpad will start after system is booted
+  service:
+    name: etherpad-lite
+    enabled: yes
+
+- name: install etherpad plugins
+  npm:
+    name: "{{ item }}"
+    path: "{{ etherpad.path }}"
+    state: "{{ etherpad.plugins_state }}"
+  become: true
+  become_user: etherpad
+  with_items: "{{ etherpad.plugins|d() }}"
+  notify: restart etherpad-lite
+
+- include: abiword.yml

roles/etherpad/tasks/postgresql.yml

@@ -0,0 +1,21 @@
+---
+- name: Install postgresql
+  apt:
+    pkg: 
+      - postgresql
+      - python3-psycopg2
+- name: Create etherpad postgresql db
+  become: yes
+  become_user: postgres
+  postgresql_db:
+    name: etherpad
+
+- name: Create etherpad postgresql user
+  become: yes
+  become_user: postgres
+  postgresql_user:
+    db: etherpad
+    name: etherpad
+    password: etherpad
+
+

roles/etherpad/templates/etherpad-lite.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Etherpad-lite, the collaborative editor.
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=etherpad
+Group=etherpad
+WorkingDirectory=/srv/etherpad/etherpad
+ExecStart=/usr/bin/nodejs /srv/etherpad/etherpad/node_modules/ep_etherpad-lite/node/server.js
+Environment=NODE_ENV=production
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/etherpad/templates/etherpad-lite.sysvinit.j2

@@ -0,0 +1,79 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          etherpad-lite
+# Required-Start:    $local_fs $remote_fs $network $syslog
+# Required-Stop:     $local_fs $remote_fs $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts etherpad lite
+# Description:       starts etherpad lite using start-stop-daemon
+### END INIT INFO
+
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin"
+LOGFILE="/var/log/etherpad-lite/etherpad-lite.log"
+EPLITE_DIR="{{ etherpad_path }}"
+EPLITE_BIN="bin/safeRun.sh"
+USER="{{ etherpad_user }}"
+GROUP="{{ etherpad_group }}"
+DESC="Etherpad Lite"
+NAME="etherpad-lite"
+
+set -e
+
+. /lib/lsb/init-functions
+
+start() {
+  echo "Starting $DESC... "
+
+    start-stop-daemon --start --chuid "$USER:$GROUP" --background --make-pidfile --pidfile /var/run/$NAME.pid --exec $EPLITE_DIR/$EPLITE_BIN -- $LOGFILE || true
+  echo "done"
+}
+
+#We need this function to ensure the whole process tree will be killed
+killtree() {
+    local _pid=$1
+    local _sig=${2-TERM}
+    for _child in $(ps -o pid --no-headers --ppid ${_pid}); do
+        killtree ${_child} ${_sig}
+    done
+    kill -${_sig} ${_pid}
+}
+
+stop() {
+  echo "Stopping $DESC... "
+  if test -f /var/run/$NAME.pid; then
+    while test -d /proc/$(cat /var/run/$NAME.pid); do
+      killtree $(cat /var/run/$NAME.pid) 15
+      sleep 0.5
+    done
+    rm /var/run/$NAME.pid
+  fi
+  echo "done"
+}
+
+status() {
+  status_of_proc -p /var/run/$NAME.pid "" "etherpad-lite" && exit 0 || exit $?
+}
+
+case "$1" in
+  start)
+      start
+      ;;
+  stop)
+    stop
+      ;;
+  restart)
+      stop
+      start
+      ;;
+  status)
+      status
+      ;;
+  *)
+      echo "Usage: $NAME {start|stop|restart|status}" >&2
+      exit 1
+      ;;
+esac
+
+exit 0

roles/etherpad/templates/settings.json.j2

@@ -0,0 +1,109 @@
+#jinja2: lstrip_blocks: True
+{
+  "title": "{{ etherpad.title }}",
+  "favicon": "{{ etherpad.favicon }}",
+  "ip": "{{ etherpad.ip }}",
+  "port" : {{ etherpad.port }},
+  "showSettingsInAdminPage": false,
+  "sessionKey": "{{ etherpad.session_key }}",
+  "skinName": "colibris",
+  "dbType": "mysql",
+  "dbSettings" : {
+    "user"    : "{{ etherpad.mysql_database_user }}",
+    "host"    : "{{ etherpad.mysql_database_host }}",
+    "port"    : {{ etherpad.mysql_database_port }},
+    "password": "{{ etherpad.mysql_database_password }}",
+    "database": "{{ etherpad.mysql_database_name }}",
+    "charset" : "{{ etherpad.mysql_database_charset }}"
+  },
+  "defaultPadText": {{ etherpad.default_text }},
+  "padOptions": {
+    "noColors": {{ etherpad.pad_options_no_colors }},
+    "showControls": {{ etherpad.pad_options_show_controls }},
+    "showChat": {{ etherpad.pad_options_show_chat }},
+    "showLineNumbers": {{ etherpad.pad_options_show_line_numbers }},
+    "useMonospaceFont": {{ etherpad.pad_options_use_monospace_font }},
+    "userName": {{ etherpad.pad_options_user_name }},
+    "userColor": {{ etherpad.pad_options_user_color }},
+    "rtl": {{ etherpad.pad_options_rtl }},
+    "alwaysShowChat": {{ etherpad.pad_options_always_show_chat }},
+    "chatAndUsers": {{ etherpad.pad_options_chat_and_users }},
+    "lang": "{{ etherpad.pad_options_lang }}"
+  },
+  "padShortcutEnabled" : {
+    "altF9":     {{ etherpad.pad_shortcut_alt_f9 }},
+    "altC":      {{ etherpad.pad_shortcut_alt_c }},
+    "cmdShift2": {{ etherpad.pad_shortcut_cmd_shft_2 }},
+    "delete":    {{ etherpad.pad_shortcut_delete }},
+    "return":    {{ etherpad.pad_shortcut_return }},
+    "esc":       {{ etherpad.pad_shortcut_esc }},
+    "cmdS":      {{ etherpad.pad_shortcut_cmd_s }},
+    "tab":       {{ etherpad.pad_shortcut_tab }},
+    "cmdZ":      {{ etherpad.pad_shortcut_cmd_z }},
+    "cmdY":      {{ etherpad.pad_shortcut_cmd_y }},
+    "cmdI":      {{ etherpad.pad_shortcut_cmd_i }},
+    "cmdB":      {{ etherpad.pad_shortcut_cmd_b }},
+    "cmdU":      {{ etherpad.pad_shortcut_cmd_u }},
+    "cmd5":      {{ etherpad.pad_shortcut_cmd_5 }},
+    "cmdShiftL": {{ etherpad.pad_shortcut_cmd_shift_l }},
+    "cmdShiftN": {{ etherpad.pad_shortcut_cmd_shift_n }},
+    "cmdShift1": {{ etherpad.pad_shortcut_cmd_shift_1 }},
+    "cmdShiftC": {{ etherpad.pad_shortcut_cmd_shift_c }},
+    "cmdH":      {{ etherpad.pad_shortcut_cmd_h }},
+    "ctrlHome":  {{ etherpad.pad_shortcut_ctrl_home }},
+    "pageUp":    {{ etherpad.pad_shortcut_page_up }},
+    "pageDown":  {{ etherpad.pad_shortcut_page_down }}
+  },
+  "suppressErrorsInPadText": {{ etherpad.suppress_errors_in_pad_text }},
+  "requireSession": {{ etherpad.require_session }},
+  "editOnly": {{ etherpad.edit_only }},
+  "sessionNoPassword": {{ etherpad.session_no_password }},
+  "minify": {{ etherpad.minify }},
+  "maxAge": {{ etherpad.max_age }},
+  "abiword": {{ etherpad.abiword }},
+  "soffice": {{ etherpad.soffice }},
+  "tidyHtml": {{ etherpad.tidyhtml }},
+  "allowUnknownFileEnds": {{ etherpad.allow_unknown_file_ends }},
+  "requireAuthentication": {{ etherpad.require_authentication }},
+  "requireAuthorization": {{ etherpad.require_authorization }},
+  "trustProxy": {{ etherpad.trust_proxy }},
+  "disableIPlogging": {{ etherpad.disable_ip_logging }},
+  "automaticReconnectionTimeout": {{ etherpad.automatic_reconnection_timeout }},
+  "scrollWhenFocusLineIsOutOfViewport": {
+    "percentage": {
+      "editionAboveViewport": 0,
+      "editionBelowViewport": 0
+    },
+    "duration": 0,
+    "scrollWhenCaretIsInTheLastLineOfViewport": false,
+    "percentageToScrollWhenUserPressesArrowUp": 0
+  },
+{% if 'ep_table_of_contents' in etherpad.plugins %}
+  "ep_toc": {
+    "disable_by_default": {{ etherpad.toc_disable }}
+  },
+{% endif %}
+{% if 'ep_auth_author' in etherpad.plugins and etherpad.auth_author_prefix is defined %}
+  "ep_auth_author": {
+    "prefix": "{{ etherpad.auth_author_prefix }}"
+  },
+{% endif %}
+  "users": {
+{% for user in etherpad.users %}
+    "{% if user.auth_author is defined and user.auth_author %}{{ etherpad.auth_author_prefix }}{% endif %}{{ user.name }}": {
+      "password": "{{ user.password }}",
+{% if user.auth_author is defined and user.auth_author %}
+      "author_name": "{{ user.name }}",
+{% endif %}
+      "is_admin": {{ user.is_admin }}
+    }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+  },
+  "socketTransportProtocols": {{ etherpad.socket_transport_protocols|to_json }},
+  "loadTest": false,
+  "indentationOnNewLine": {{ etherpad.indentation_on_new_line }},
+  "toolbar": {{ etherpad.toolbar|to_json }},
+  "exposeVersion": false,
+  "loglevel": "{{ etherpad.log_level }}",
+}

roles/nodejs/defaults/main.yml

@@ -0,0 +1,27 @@
+---
+# Set the version of Node.js to install (8.x", "10.x", "12.x", "13.x", etc.).
+# Version numbers from Nodesource: https://github.com/nodesource/distributions
+nodejs_version: "14.x"
+
+# The user for whom the npm packages will be installed.
+# nodejs_install_npm_user: username
+
+# The directory for global installations.
+npm_config_prefix: "/usr/local/lib/npm"
+
+# Set to true to suppress the UID/GID switching when running package scripts. If
+# set explicitly to false, then installing as a non-root user will fail.
+npm_config_unsafe_perm: "false"
+
+# Define a list of global packages to be installed with NPM.
+nodejs_npm_global_packages: []
+#  # Install a specific version of a package.
+#  - name: jslint
+#    version: 0.9.3
+#  # Install the latest stable release of a package.
+#  - name: node-sass
+#  # This shorthand syntax also works (same as previous example).
+#  - node-sass
+
+# The path of a package.json file used to install packages globally.
+nodejs_package_json_path: ""

roles/nodejs/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- include: setup.yml
+
+- name: Define nodejs_install_npm_user
+  set_fact:
+    nodejs_install_npm_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
+  when: nodejs_install_npm_user is not defined
+
+- name: Create npm global directory
+  file:
+    path: "{{ npm_config_prefix }}"
+    owner: "{{ nodejs_install_npm_user }}"
+    group: "{{ nodejs_install_npm_user }}"
+    state: directory
+
+- name: Add npm_config_prefix bin directory to global $PATH.
+  template:
+    src: npm.sh.j2
+    dest: /etc/profile.d/npm.sh
+    mode: 0644
+
+- name: Ensure npm global packages are installed.
+  npm:
+    name: "{{ item.name | default(item) }}"
+    version: "{{ item.version | default('latest') }}"
+    global: true
+    state: latest
+  environment:
+    NPM_CONFIG_PREFIX: "{{ npm_config_prefix }}"
+    NODE_PATH: "{{ npm_config_prefix }}/lib/node_modules"
+    NPM_CONFIG_UNSAFE_PERM: "{{ npm_config_unsafe_perm }}"
+  with_items: "{{ nodejs_npm_global_packages }}"
+  tags: ['skip_ansible_lint']
+
+- name: Install packages defined in a given package.json.
+  npm:
+    path: "{{ nodejs_package_json_path }}"
+  when: nodejs_package_json_path is defined and nodejs_package_json_path

roles/nodejs/tasks/setup.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure dependencies are present.
+  apt:
+    name:
+      - apt-transport-https
+      - gnupg2
+      - build-essential
+    state: present
+
+- name: Add Nodesource apt key.
+  apt_key:
+    url: https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x1655A0AB68576280
+    id: "68576280"
+    state: present
+
+- name: Add NodeSource repositories for Node.js.
+  apt_repository:
+    repo: "{{ item }}"
+    state: present
+  with_items:
+    - "deb https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main"
+    - "deb-src https://deb.nodesource.com/node_{{ nodejs_version }} {{ ansible_distribution_release }} main"
+  register: node_repo
+
+- name: Update apt cache if repo was added.
+  apt: update_cache=yes
+  when: node_repo.changed
+  tags: ['skip_ansible_lint']
+
+- name: Ensure Node.js and npm are installed.
+  apt:
+    name: "nodejs={{ nodejs_version|regex_replace('x', '') }}*"
+    state: present

roles/nodejs/templates/npm.sh.j2

@@ -0,0 +1,3 @@
+export PATH=$PATH:{{ npm_config_prefix }}/bin
+export NPM_CONFIG_PREFIX={{ npm_config_prefix }}
+export NODE_PATH=$NODE_PATH:{{ npm_config_prefix }}/lib/node_modules

tests/caddy/Vagrantfile

@@ -0,0 +1,8 @@
+Vagrant.configure("2") do |config|
+  config.vm.define :node do |node|
+    node.vm.box = "generic/debian10"
+    node.vm.provision "ansible" do |ansible|
+      ansible.playbook = "./nodejs.yml"
+    end
+  end
+end

tests/caddy/caddy.yml

@@ -0,0 +1,6 @@
+---
+- name: caddy test
+  hosts: localhost
+  become: yes
+  roles:
+  - caddy

tests/caddy/roles

@@ -0,0 +1 @@
+../../roles/

tests/dev/Vagrantfile

@@ -0,0 +1,11 @@
+# vagrant cisti.org dev file
+# use this vagrant to build and test your ansible role
+
+Vagrant.configure("2") do |config|
+  config.vm.define :dev do |dev|
+    dev.vm.box = "generic/debian10"
+    dev.vm.synced_folder "../..", "/vagrant", disabled: false
+    dev.vm.provision "shell", inline: "DEBIAN_FRONTEND=noninteractive apt-get -qq update && apt-get -y autoclean && apt-get -y autoremove"
+    dev.vm.provision "shell", inline: "DEBIAN_FRONTEND=noninteractive apt-get -fqy dist-upgrade && apt-get -qq -y install ansible" 
+  end
+end	

tests/dev/roles

@@ -0,0 +1 @@
+../../roles

tests/nodejs/Vagrantfile

@@ -0,0 +1,8 @@
+Vagrant.configure("2") do |config|
+  config.vm.define :node do |node|
+    node.vm.box = "generic/debian10"
+    node.vm.provision "ansible" do |ansible|
+      ansible.playbook = "./nodejs.yml"
+    end
+  end
+end

tests/nodejs/nodejs.yml

@@ -0,0 +1,6 @@
+---
+- name: nodejs test
+  hosts: localhost
+  become: yes
+  roles:
+  - nodejs

tests/nodejs/roles

@@ -0,0 +1 @@
+../../roles