jriou/ansible
1
0
Fork 0
Code Issues Pull requests Releases 1 Activity Actions

Initial commit
All checks were successful
/ ansible-docsmith (push) Successful in 41s
Details

Browse source 
Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
Julien Riou 2026-03-23 10:48:41 +01:00 committed by Julien Riou
commit f418990e84
Signed by: jriou
GPG key ID: 9A099EDA51316854
85 changed files with 3520 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

232
roles/firefly/README.md Normal file
View file

@ -0,0 +1,232 @@
# Ansible Role Firefly
Ansible role to manage a [Firefly III](https://firefly-iii.org/) instance.
## Table of content
<!-- ANSIBLE DOCSMITH TOC START -->
* [Role variables](#variables)
* [`firefly_version`](#variable-firefly_version)
* [`firefly_port`](#variable-firefly_port)
* [`firefly_static_cron_token`](#variable-firefly_static_cron_token)
* [`firefly_home`](#variable-firefly_home)
* [`firefly_site_owner`](#variable-firefly_site_owner)
* [`firefly_app_key`](#variable-firefly_app_key)
* [`firefly_language`](#variable-firefly_language)
* [`firefly_tz`](#variable-firefly_tz)
* [`firefly_db_database`](#variable-firefly_db_database)
* [`firefly_db_username`](#variable-firefly_db_username)
* [`firefly_db_password`](#variable-firefly_db_password)
* [`firefly_manage_iptables`](#variable-firefly_manage_iptables)
* [`firefly_allowed_sources`](#variable-firefly_allowed_sources)
<!-- ANSIBLE DOCSMITH TOC END -->
<!-- ANSIBLE DOCSMITH MAIN START -->
## Role variables<a id="variables"></a>
The following variables can be configured for this role:
| Variable | Type | Required | Default | Description (abstract) |
|----------|------|----------|---------|------------------------|
| `firefly_version` | `str` | No | `"latest"` | Version of the docker image. |
| `firefly_port` | `int` | No | `8080` | |
| `firefly_static_cron_token` | `str` | Yes | N/A | Token used by the cron job (sensitive). |
| `firefly_home` | `path` | No | `"/var/lib/firefly"` | Directory where to store data files. |
| `firefly_site_owner` | `str` | No | `"root@localhost"` | E-mail address of the site owner. |
| `firefly_app_key` | `str` | Yes | N/A | Application key (sensitive). |
| `firefly_language` | `str` | No | `"en_US"` | Language of the web interface. |
| `firefly_tz` | `str` | No | `"Etc/UTC"` | Time zone of the web interface. |
| `firefly_db_database` | `str` | No | `"firefly"` | Name of the database. |
| `firefly_db_username` | `str` | No | `"firefly"` | Name of the user to connect to the database. |
| `firefly_db_password` | `str` | Yes | N/A | Password to connect to the database (sensitive). |
| `firefly_manage_iptables` | `bool` | No | `false` | Configure iptables rules. |
| `firefly_allowed_sources` | `list` | No | N/A | List of IP ranges to allow when `firefly_manage_iptables` is enabled. |
### `firefly_version`<a id="variable-firefly_version"></a>
[*⇑ Back to ToC ⇑*](#toc)
Version of the docker image.
- **Type**: `str`
- **Required**: No
- **Default**: `"latest"`
### `firefly_port`<a id="variable-firefly_port"></a>
[*⇑ Back to ToC ⇑*](#toc)
- **Type**: `int`
- **Required**: No
- **Default**: `8080`
### `firefly_static_cron_token`<a id="variable-firefly_static_cron_token"></a>
[*⇑ Back to ToC ⇑*](#toc)
Token used by the cron job (sensitive).
- **Type**: `str`
- **Required**: Yes
### `firefly_home`<a id="variable-firefly_home"></a>
[*⇑ Back to ToC ⇑*](#toc)
Directory where to store data files.
- **Type**: `path`
- **Required**: No
- **Default**: `"/var/lib/firefly"`
### `firefly_site_owner`<a id="variable-firefly_site_owner"></a>
[*⇑ Back to ToC ⇑*](#toc)
E-mail address of the site owner.
- **Type**: `str`
- **Required**: No
- **Default**: `"root@localhost"`
### `firefly_app_key`<a id="variable-firefly_app_key"></a>
[*⇑ Back to ToC ⇑*](#toc)
Application key (sensitive).
- **Type**: `str`
- **Required**: Yes
### `firefly_language`<a id="variable-firefly_language"></a>
[*⇑ Back to ToC ⇑*](#toc)
Language of the web interface.
- **Type**: `str`
- **Required**: No
- **Default**: `"en_US"`
### `firefly_tz`<a id="variable-firefly_tz"></a>
[*⇑ Back to ToC ⇑*](#toc)
Time zone of the web interface.
- **Type**: `str`
- **Required**: No
- **Default**: `"Etc/UTC"`
### `firefly_db_database`<a id="variable-firefly_db_database"></a>
[*⇑ Back to ToC ⇑*](#toc)
Name of the database.
- **Type**: `str`
- **Required**: No
- **Default**: `"firefly"`
### `firefly_db_username`<a id="variable-firefly_db_username"></a>
[*⇑ Back to ToC ⇑*](#toc)
Name of the user to connect to the database.
- **Type**: `str`
- **Required**: No
- **Default**: `"firefly"`
### `firefly_db_password`<a id="variable-firefly_db_password"></a>
[*⇑ Back to ToC ⇑*](#toc)
Password to connect to the database (sensitive).
- **Type**: `str`
- **Required**: Yes
### `firefly_manage_iptables`<a id="variable-firefly_manage_iptables"></a>
[*⇑ Back to ToC ⇑*](#toc)
Configure iptables rules.
- **Type**: `bool`
- **Required**: No
- **Default**: `false`
### `firefly_allowed_sources`<a id="variable-firefly_allowed_sources"></a>
[*⇑ Back to ToC ⇑*](#toc)
List of IP ranges to allow when `firefly_manage_iptables` is enabled.
- **Type**: `list`
- **Required**: No
<!-- ANSIBLE DOCSMITH MAIN END -->
## Configuration
See [Variable
precedence](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#ansible-variable-precedence)
to find where you should put your own variables.
Then define at least `firefly_static_cron_token`, `firefly_db_password` and
`firefly_app_key` variables with a strong and secure password, encrypted using
[ansible-vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
See list of [default variables](defaults/main.yml).
## Usage
Playbook example:
```yaml
- hosts: all
roles:
- jriou.general.firefly
```
Then run the playbook:
```
ansible-playbook play.yml
```
## Donate
As we all love FOSS projects, you should consider [sponsoring and/or
contribute](https://github.com/firefly-iii/firefly-iii).

66
roles/firefly/defaults/main.yml Normal file
View file

@ -0,0 +1,66 @@
---
firefly_port: 8080
# Version of the docker image.
#
# - Type: str
# - Required: No
# - Default: latest
firefly_version: latest
# Directory where to store data files.
#
# - Type: path
# - Required: No
# - Default: /var/lib/firefly
firefly_home: /var/lib/firefly
# E-mail address of the site owner.
#
# - Type: str
# - Required: No
# - Default: root@localhost
firefly_site_owner: root@localhost
# Language of the web interface.
#
# - Type: str
# - Required: No
# - Default: en_US
firefly_language: en_US
# Time zone of the web interface.
#
# - Type: str
# - Required: No
# - Default: Etc/UTC
firefly_tz: Etc/UTC
# Name of the database.
#
# - Type: str
# - Required: No
# - Default: firefly
firefly_db_database: firefly
# Name of the user to connect to the database.
#
# - Type: str
# - Required: No
# - Default: firefly
firefly_db_username: firefly
# Configure iptables rules.
#
# - Type: bool
# - Required: No
# - Default: false
firefly_manage_iptables: false
# List of IP ranges to allow when `firefly_manage_iptables` is enabled.
#
# - Type: list
# - Required: No
firefly_allowed_sources: []

4
roles/firefly/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: Save iptables
ansible.builtin.shell:
cmd: netfilter-persistent save

76
roles/firefly/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,76 @@
---
argument_specs:
main:
short_description: Install and configure Firefly III
description:
- Install and configure [Firefly III](https://www.firefly-iii.org/).
author:
- jriou
options:
firefly_version:
description:
- Version of the docker image.
default: latest
firefly_port:
descritpion:
- Port to listen.
type: int
default: 8080
firefly_static_cron_token:
description:
- Token used by the cron job (sensitive).
required: true
firefly_home:
description:
- Directory where to store data files.
type: path
default: /var/lib/firefly
firefly_site_owner:
description:
- E-mail address of the site owner.
default: root@localhost
firefly_app_key:
description:
- Application key (sensitive).
required: true
firefly_language:
description:
- Language of the web interface.
default: en_US
firefly_tz:
description:
- Time zone of the web interface.
default: Etc/UTC
firefly_db_database:
description:
- Name of the database.
default: firefly
firefly_db_username:
description:
- Name of the user to connect to the database.
default: firefly
firefly_db_password:
description:
- Password to connect to the database (sensitive).
required: true
firefly_manage_iptables:
description:
- Configure iptables rules.
type: bool
default: false
firefly_allowed_sources:
description:
- List of IP ranges to allow when `firefly_manage_iptables` is enabled.
type: list

3
roles/firefly/meta/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
dependencies:
- role: geerlingguy.docker

47
roles/firefly/tasks/main.yml Normal file
View file

@ -0,0 +1,47 @@
---
- name: Check requirements
ansible.builtin.assert:
that:
- firefly_static_cron_token is defined
- firefly_db_password is defined
- firefly_app_key is defined
- name: Install dependencies
ansible.builtin.apt:
name:
- python3-docker
- python3-compose
- name: Create directories
ansible.builtin.file:
path: /etc/firefly
state: directory
- name: Create configuration files
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/firefly/{{ item }}"
mode: "0600"
loop:
- docker-compose.yml
- db.env
- app.env
- name: Start service
community.docker.docker_compose_v2:
project_src: /etc/firefly
files:
- docker-compose.yml
- name: Allow with iptables
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
source: "{{ item }}"
destination_ports:
- "{{ firefly_port }}"
jump: ACCEPT
comment: firefly
loop: "{{ firefly_allowed_sources }}"
notify: Save iptables
when: firefly_manage_iptables is truthy

132
roles/firefly/templates/app.env.j2 Normal file
View file

@ -0,0 +1,132 @@
APP_ENV=local
APP_DEBUG=false
SITE_OWNER={{ firefly_site_owner }}
APP_KEY={{ firefly_app_key }}
DEFAULT_LANGUAGE={{ firefly_language }}
DEFAULT_LOCALE=equal
TZ={{ firefly_tz }}
TRUSTED_PROXIES=*
LOG_CHANNEL=stack
APP_LOG_LEVEL=notice
AUDIT_LOG_LEVEL=emergency
AUDIT_LOG_CHANNEL=
PAPERTRAIL_HOST=
PAPERTRAIL_PORT=
# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
# For other database types, please see the FAQ: https://docs.firefly-iii.org/firefly-iii/faq/self-hosted/#i-want-to-use-sqlite
# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
# Use "pgsql" for PostgreSQL
# Use "mysql" for MySQL and MariaDB.
# Use "sqlite" for SQLite.
DB_CONNECTION=pgsql
DB_HOST=db
DB_PORT=5432
DB_DATABASE={{ firefly_db_database }}
DB_USERNAME={{ firefly_db_username }}
DB_PASSWORD={{ firefly_db_password }}
DB_SOCKET=
PGSQL_SSL_MODE=prefer
PGSQL_SCHEMA=public
CACHE_DRIVER=file
SESSION_DRIVER=file
REDIS_SCHEME=tcp
REDIS_PATH=
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_USERNAME=firefly
REDIS_PASSWORD=
REDIS_DB="0"
REDIS_CACHE_DB="1"
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
COOKIE_SAMESITE=lax
MAIL_MAILER=log
MAIL_HOST=null
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_SENDMAIL_COMMAND=
MAILGUN_DOMAIN=
MAILGUN_SECRET=
MAILGUN_ENDPOINT=api.mailgun.net
MANDRILL_SECRET=
SPARKPOST_SECRET=
SEND_ERROR_MESSAGE=true
SEND_REPORT_JOURNALS=true
ENABLE_EXTERNAL_MAP=false
ENABLE_EXTERNAL_RATES=false
MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
VALID_URL_PROTOCOLS=
AUTHENTICATION_GUARD=web
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
PASSPORT_PRIVATE_KEY=
PASSPORT_PUBLIC_KEY=
CUSTOM_LOGOUT_URL=
DISABLE_FRAME_HEADER=false
DISABLE_CSP_HEADER=false
TRACKER_SITE_ID=
TRACKER_URL=
ALLOW_WEBHOOKS=false
STATIC_CRON_TOKEN={{ firefly_static_cron_token }}
DKR_BUILD_LOCALE=false
DKR_CHECK_SQLITE=true
DKR_RUN_MIGRATION=true
DKR_RUN_UPGRADE=true
DKR_RUN_VERIFY=true
DKR_RUN_REPORT=true
DKR_RUN_PASSPORT_INSTALL=true
APP_NAME=FireflyIII
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
CACHE_PREFIX=firefly
PUSHER_KEY=
IPINFO_TOKEN=
PUSHER_SECRET=
PUSHER_ID=
DEMO_USERNAME=
DEMO_PASSWORD=
FIREFLY_III_LAYOUT=v1
#
# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
# This configuration value WILL NOT HELP.
#
# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
#
# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
# So when configuring anything WEB related this variable doesn't do anything. Nothing
#
# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
#
APP_URL=http://localhost

5
roles/firefly/templates/db.env.j2 Normal file
View file

@ -0,0 +1,5 @@
POSTGRES_USER={{ firefly_db_username }}
POSTGRES_PASSWORD={{ firefly_db_password }}
POSTGRES_DB={{ firefly_db_database }}
POSTGRES_INITDB_ARGS="--data-checksums"
POSTGRES_HOST_AUTH_METHOD=scram-sha-256

40
roles/firefly/templates/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,40 @@
---
{{ ansible_managed | comment }}
services:
app:
image: fireflyiii/core:{{ firefly_version }}
hostname: app
container_name: firefly_iii_core
restart: always
volumes:
- {{ firefly_home }}/app/upload:/var/www/html/storage/upload
env_file: /etc/firefly/app.env
networks:
- firefly_iii
ports:
- {{ firefly_port }}:8080
depends_on:
- db
db:
image: postgres:17
hostname: db
container_name: firefly_iii_db
restart: always
env_file: /etc/firefly/db.env
networks:
- firefly_iii
volumes:
- {{ firefly_home }}/db/data:/var/lib/postgresql/data
- {{ firefly_home }}/db/backup:/var/lib/postgresql/backup
cron:
image: alpine
restart: always
container_name: firefly_iii_cron
command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/{{ firefly_static_cron_token }}\" | crontab - && crond -f -L /dev/stdout"
networks:
- firefly_iii
networks:
firefly_iii:
driver: bridge