debops.etherpad default variables¶
Sections
APT packages¶
-
etherpad__base_packages¶
List of base APT packages required for Etherpad.
etherpad__base_packages: [ 'build-essential', 'pkg-config', 'libssl-dev',
'libpq-dev', 'curl', 'git' ]
-
etherpad__document_packages¶
List of APT packages to install for document import/export support.
etherpad__document_packages: [ 'abiword' ]
-
etherpad__packages¶
List of additional APT packages to install with Etherpad.
etherpad__packages: []
Application user, group, directories¶
-
etherpad_system_name¶
Base name for Etherpad instance
etherpad_system_name: 'etherpad-lite'
-
etherpad_user¶
Name of the system user account for Etherpad.
etherpad_user: '{{ etherpad_system_name }}'
-
etherpad_group¶
Name of the system group account for Etherpad.
etherpad_group: '{{ etherpad_system_name }}'
-
etherpad_home¶
Home directory of Etherpad.
etherpad_home: '{{ (ansible_local.fhs.app | d("/var/local"))
+ "/" + etherpad_user }}'
-
etherpad__shell¶
The default shell used by the Etherpad account.
etherpad__shell: '/usr/sbin/nologin'
-
etherpad_src_dir¶
Etherpad sources root directory.
etherpad_src_dir: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + etherpad_system_name }}'
-
etherpad_log_dir¶
Path where Etherpad logs are stored.
etherpad_log_dir: '{{ (ansible_local.fhs.log | d("/var/log"))
+ "/" + etherpad_system_name }}'
-
etherpad_log_to_file¶
By default Etherpad log into syslog, set to true if you want to log into a file instead of syslog.
etherpad_log_to_file: False
Basic configuration¶
-
etherpad_version¶
Etherpad git version to install.
etherpad_version: '{{ "1.7.0"
if (ansible_local.nodejs.npm_version|d() is version("6.4.0", "<"))
else "1.7.5" }}'
-
etherpad_source_address¶
git repository address.
etherpad_source_address: 'https://github.com/ether'
-
etherpad_repository¶
git repository name.
etherpad_repository: 'etherpad-lite'
-
etherpad_dependencies¶
Should the debops.etherpad role manage it's own dependencies (database, web server)?
etherpad_dependencies: True
-
etherpad_domain¶
What domain will be configured for Etherpad.
etherpad_domain: [ 'pad.{{ ansible_domain }}' ]
-
etherpad_title¶
Title of the Etherpad instance.
etherpad_title: 'Etherpad'
-
etherpad_mail_admin¶
E-mail address of the instance administrator, will be shown on each new pad
(see etherpad_welcome_text below).
etherpad_mail_admin: 'root@{{ ansible_domain }}'
-
etherpad_welcome_text¶
Text displayed on all new pads by default.
etherpad_welcome_text: |
Welcome to {{ etherpad_title }}!
This pad is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents.
Contact with administrator: mailto:{{ etherpad_mail_admin }}
Database and network¶
-
etherpad_database_server¶
FQDN of the database host. It will be configured by the debops.mariadb or debops.postgresql role.
etherpad_database_server: '{{ ansible_local.mariadb.server|d(ansible_local.postgresql.server|d("")) }}'
-
etherpad_database_user¶
Database user to use for Etherpad.
etherpad_database_user: '{{ etherpad_system_name }}'
-
etherpad_database_name¶
Name of the database to use for Etherpad.
etherpad_database_name: '{{ etherpad_system_name }}'
-
etherpad_database_password¶
Database password for the Etherpad database user.
etherpad_database_password: "{{ lookup('password', secret + '/'
+ ('mariadb'
if etherpad__database == 'mysql'
else ('postgresql'
if etherpad__database == 'postgres'
else etherpad__database)) + '/'
+ (ansible_local.mariadb.delegate_to + '/'
if ansible_local.mariadb.delegate_to|d()
else (ansible_local.postgresql.delegate_to + '/'
if ansible_local.postgresql.delegate_to|d()
else ''))
+ (ansible_local.mariadb.port + '/'
if ansible_local.mariadb.port|d()
else (ansible_local.postgresql.port + '/'
if ansible_local.postgresql.port|d()
else ''))
+ '/credentials/' + etherpad_database_user + '/password length=48') }}"
-
etherpad__database¶
Database to use for data storage (choices: sqlite, mysql, postgresql, dirty). Choose mysql even when you use different mysql flavors. More databases will be available in the future.
etherpad__database: '{{ "mysql"
if (ansible_local|d() and ansible_local.mariadb is defined)
else ("postgres"
if (ansible_local|d() and ansible_local.postgresql is defined)
else "sqlite") }}'
-
etherpad_database_connection¶
Connection type used for the database.
etherpad_database_connection: 'socket'
-
etherpad_database_config¶
Etherpad database configuration map.
etherpad_database_config:
dirty:
filename: 'var/dirty.db'
sqlite:
filename: 'var/sqlite.db'
mysql:
hostname: '{{ etherpad_database_server }}'
username: '{{ etherpad_database_user }}'
database: '{{ etherpad_database_name }}'
password: '{{ etherpad_database_password }}'
socket: '/var/run/mysqld/mysqld.sock'
port: '3306'
postgres:
hostname: '{{ etherpad_database_server }}'
username: '{{ etherpad_database_user }}'
database: '{{ etherpad_database_name }}'
password: '{{ etherpad_database_password }}'
socket: '/var/run/postgresql'
port: '5432'
-
etherpad_bind¶
IP address where etherpad-lite daemon will listen for connections.
etherpad_bind: '127.0.0.1'
-
etherpad_port¶
Port where etherpad-lite daemon will listen for connections.
etherpad_port: '9001'
Authentication¶
-
etherpad_admins¶
List of Etherpad administrative accounts. Passwords are generated automatically and are saved in the secret/ directory. Refer to the debops.secret role for more details.
etherpad_admins: [ 'admin' ]
-
etherpad_users¶
List of Etherpad user accounts. Passwords are generated automatically and are saved in the secret/ directory. Refer to the debops.secret role for more details.
etherpad_users: []
-
etherpad_password_hashing_algo¶
Hashing algorithm to use for handling passwords. See https://github.com/LaKing/ep_hash_auth for details. Currently only 'sha512' is supported by the role.
etherpad_password_hashing_algo: 'sha512'
-
etherpad_password_hashing_rounds¶
TODO: Not implemented yet.
How much rounds the hashing algorithm should do before using using the
password hash. This option depends on the hashing algorithm selected by
etherpad_password_hashing_algo. Some hashing algorithms
implementations may not support rounds. The SHA family currently does not and
defaults to one round which is considered insecure. bcrypt however does
support it.
etherpad_password_hashing_rounds: '10'
-
etherpad_require_authentication¶
Require authentication from all users.
etherpad_require_authentication: False
Require authorization by a module or user with is_admin = True.
etherpad_require_authorization: False
-
etherpad_require_session¶
Require session to access pads.
etherpad_require_session: False
-
etherpad_edit_only¶
Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads.
etherpad_edit_only: False
-
etherpad_trust_proxy¶
Trust the reverse proxy (nginx)?
etherpad_trust_proxy: False
Etherpad customization¶
-
etherpad_abiword¶
Enable Abiword support (for document import)?
etherpad_abiword: True
-
etherpad__default_plugins¶
Default Etherpad plugin list (alphabetically sorted).
etherpad__default_plugins:
- name: 'pg'
state: '{{ "present"
if (etherpad__database == "postgres")
else "absent" }}'
- name: 'sqlite3'
state: '{{ "present"
if (etherpad__database == "sqlite")
else "absent" }}'
- 'gyp'
- 'bcrypt'
- 'ep_adminpads'
- 'ep_align'
- 'ep_font_color'
- 'ep_font_family'
- 'ep_font_size'
- 'ep_hash_auth'
- 'ep_headings'
- 'ep_hide_referrer'
- 'ep_line_height'
- 'ep_linkify'
- 'ep_message_all'
- 'ep_padlist'
- 'ep_page_view'
- 'ep_print'
- 'ep_rss'
- 'ep_scrollto'
- 'ep_subscript'
- 'ep_superscript'
-
etherpad_plugins¶
List of additional Etherpad plugins to enable. Checkout the list of available plugins for more: https://static.etherpad.org/plugins.html.
etherpad_plugins: []
Other options¶
-
etherpad_allow¶
Allow access only from selected IP addresses/CIDR networks. If empty, allow access from everywhere.
etherpad_allow: []
-
etherpad_minify¶
Minify CSS and JS assets?
etherpad_minify: True
-
etherpad_max_age¶
Maximum age of cached assets (6 hours by default).
etherpad_max_age: '{{ (60 * 60 * 6) }}'
-
etherpad_disable_ip_logging¶
Disable IP addresses in logs?
etherpad_disable_ip_logging: False
-
etherpad_loglevel¶
Etherpad log level (choices: DEBUG, INFO, WARN, ERROR)
etherpad_loglevel: 'INFO'
-
etherpad_custom_json¶
Here you can define custom settings.json entries in YAML format, which will be converted to JSON and put at the end of the configuration file.
etherpad_custom_json: False
-
etherpad_api_calls¶
Allows you configure all aspects of Etherpad via its API. See http://etherpad.org/doc/v1.5.1/#index_api_methods for details.
etherpad_api_calls: []
# - method: 'createPad'
# args:
# 'padID': 'testing'
-
etherpad_api_version¶
Against which API version should the API calls be executed?
Only applies for etherpad_api_calls.
etherpad_api_version: '1.2.12'
-
etherpad_api_key_file¶
Filepath of the API key file.
etherpad_api_key_file: '{{ etherpad_home + "/" + etherpad_repository }}/APIKEY.txt'
-
etherpad_api_calls_debug¶
If True, you will get debugging output for the API calls defined by
etherpad_api_calls. Default is False.
etherpad_api_calls_debug: False
Configuration for other Ansible roles¶
-
etherpad__etc_services__dependent_list¶
Configuration for the debops.etc_services Ansible role.
etherpad__etc_services__dependent_list:
- name: 'etherpad-lite'
port: '{{ etherpad_port }}'
comment: 'Etherpad Lite'
-
etherpad__logrotate__dependent_config¶
Configuration for the debops.logrotate Ansible role.
etherpad__logrotate__dependent_config:
- filename: 'etherpad-lite'
log: '{{ etherpad_log_dir + "/*.log" }}'
options: |
weekly
missingok
rotate 4
compress
notifempty
create 644 {{ etherpad_user }} {{ etherpad_group }}
comment: 'Logrotate configuration for etherpad-lite'
-
etherpad__mariadb__dependent_users¶
User configuration for the debops.mariadb Ansible role.
etherpad__mariadb__dependent_users:
- name: '{{ etherpad_database_user }}'
password: '{{ etherpad_database_password }}'
owner: '{{ etherpad_user }}'
group: '{{ etherpad_group }}'
home: '{{ etherpad_home }}'
-
etherpad__mariadb__dependent_databases¶
Database configuration for the debops.mariadb Ansible role.
etherpad__mariadb__dependent_databases:
- database: '{{ etherpad_database_name }}'
-
etherpad__postgresql__dependent_roles¶
User configuration for the debops.postgresql Ansible role.
etherpad__postgresql__dependent_roles:
- name: '{{ etherpad_database_user }}'
password: '{{ etherpad_database_password }}'
flags: [ 'NOSUPERUSER', 'NOCREATEDB', 'LOGIN' ]
-
etherpad__postgresql__dependent_databases¶
Database configuration for the debops.postgresql Ansible role.
etherpad__postgresql__dependent_databases:
- name: '{{ etherpad_database_name }}'
port: '5432'
owner: '{{ etherpad_database_user }}'
encoding: '{{ etherpad_database_encoding | d(omit) }}'
lc_collate: '{{ etherpad_database_collate | d(omit) }}'
lc_ctype: '{{ etherpad_database_ctype | d(omit) }}'
-
etherpad__nginx__dependent_upstreams¶
Upstream configuration for the debops.nginx Ansible role.
etherpad__nginx__dependent_upstreams:
- name: '{{ etherpad_system_name }}'
enabled: True
server: '127.0.0.1:{{ etherpad_port }}'
-
etherpad__nginx__dependent_servers¶
Server configuration for the debops.nginx Ansible role.
etherpad__nginx__dependent_servers:
- by_role: 'debops.etherpad'
enabled: True
favicon: False
name: '{{ etherpad_domain }}'
filename: 'debops.etherpad'
location:
# Allow normal files to pass through
'~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt)': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Redirect to force /p/* URLs to the friendly version
'/p/': |
rewrite ^/p/(.*) /$1 redirect;
# Handle redirects
'/redirect': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Match the home page
'~ ^/$': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Handle pad URLs here
'/': |
rewrite ^/admin(.*) /admin/$1 redirect;
rewrite ^/list(.*) /list break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }}/p/;
proxy_redirect / /p/;
location_allow:
'~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt)': '{{ etherpad_allow }}'
'/p/': '{{ etherpad_allow }}'
'/redirect': '{{ etherpad_allow }}'
'~ ^/$': '{{ etherpad_allow }}'
'/': '{{ etherpad_allow }}'