debops.etherpad default variables
Sections
APT packages
- etherpad__base_packages
List of base APT packages required for Etherpad.
etherpad__base_packages: [ 'build-essential', 'pkg-config', 'libssl-dev',
'libpq-dev', 'curl', 'git' ]
- etherpad__document_packages
List of APT packages to install for document import/export support.
etherpad__document_packages: [ 'abiword' ]
- etherpad__packages
List of additional APT packages to install with Etherpad.
etherpad__packages: []
Application user, group, directories
- etherpad_system_name
Base name for Etherpad instance
etherpad_system_name: 'etherpad-lite'
- etherpad_user
Name of the system user account for Etherpad.
etherpad_user: '{{ etherpad_system_name }}'
- etherpad_group
Name of the system group account for Etherpad.
etherpad_group: '{{ etherpad_system_name }}'
- etherpad_home
Home directory of Etherpad.
etherpad_home: '{{ (ansible_local.fhs.app | d("/var/local"))
+ "/" + etherpad_user }}'
- etherpad__shell
The default shell used by the Etherpad account.
etherpad__shell: '/usr/sbin/nologin'
- etherpad_src_dir
Etherpad sources root directory.
etherpad_src_dir: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + etherpad_system_name }}'
- etherpad_log_dir
Path where Etherpad logs are stored.
etherpad_log_dir: '{{ (ansible_local.fhs.log | d("/var/log"))
+ "/" + etherpad_system_name }}'
- etherpad_log_to_file
By default Etherpad log into syslog, set to true if you want to log into a file instead of syslog.
etherpad_log_to_file: False
Basic configuration
- etherpad_version
Etherpad git version to install.
etherpad_version: '{{ "1.7.0"
if (ansible_local.nodejs.npm_version | d() is version("6.4.0", "<"))
else "1.7.5" }}'
- etherpad_source_address
git repository address.
etherpad_source_address: 'https://github.com/ether'
- etherpad_repository
git repository name.
etherpad_repository: 'etherpad-lite'
- etherpad_dependencies
Should the debops.etherpad
role manage it's own dependencies (database, web server)?
etherpad_dependencies: True
- etherpad_domain
What domain will be configured for Etherpad.
etherpad_domain: [ 'pad.{{ ansible_domain }}' ]
- etherpad_title
Title of the Etherpad instance.
etherpad_title: 'Etherpad'
- etherpad_mail_admin
E-mail address of the instance administrator, will be shown on each new pad
(see etherpad_welcome_text
below).
etherpad_mail_admin: 'root@{{ ansible_domain }}'
- etherpad_welcome_text
Text displayed on all new pads by default.
etherpad_welcome_text: |
Welcome to {{ etherpad_title }}!
This pad is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents.
Contact with administrator: mailto:{{ etherpad_mail_admin }}
Database and network
- etherpad_database_server
FQDN of the database host. It will be configured by the debops.mariadb or debops.postgresql role.
etherpad_database_server: '{{ ansible_local.mariadb.server | d(ansible_local.postgresql.server | d("")) }}'
- etherpad_database_user
Database user to use for Etherpad.
etherpad_database_user: '{{ etherpad_system_name }}'
- etherpad_database_name
Name of the database to use for Etherpad.
etherpad_database_name: '{{ etherpad_system_name }}'
- etherpad_database_password
Database password for the Etherpad database user.
etherpad_database_password: "{{ lookup('password', secret + '/'
+ ('mariadb'
if etherpad__database == 'mysql'
else ('postgresql'
if etherpad__database == 'postgres'
else etherpad__database)) + '/'
+ (ansible_local.mariadb.delegate_to + '/'
if ansible_local.mariadb.delegate_to | d()
else (ansible_local.postgresql.delegate_to + '/'
if ansible_local.postgresql.delegate_to | d()
else ''))
+ (ansible_local.mariadb.port + '/'
if ansible_local.mariadb.port | d()
else (ansible_local.postgresql.port + '/'
if ansible_local.postgresql.port | d()
else ''))
+ '/credentials/' + etherpad_database_user + '/password length=48') }}"
- etherpad__database
Database to use for data storage (choices: sqlite, mysql, postgresql, dirty). Choose mysql even when you use different mysql flavors. More databases will be available in the future.
etherpad__database: '{{ "mysql"
if (ansible_local | d() and ansible_local.mariadb is defined)
else ("postgres"
if (ansible_local | d() and ansible_local.postgresql is defined)
else "sqlite") }}'
- etherpad_database_connection
Connection type used for the database.
etherpad_database_connection: 'socket'
- etherpad_database_config
Etherpad database configuration map.
etherpad_database_config:
dirty:
filename: 'var/dirty.db'
sqlite:
filename: 'var/sqlite.db'
mysql:
hostname: '{{ etherpad_database_server }}'
username: '{{ etherpad_database_user }}'
database: '{{ etherpad_database_name }}'
password: '{{ etherpad_database_password }}'
socket: '/var/run/mysqld/mysqld.sock'
port: '3306'
postgres:
hostname: '{{ etherpad_database_server }}'
username: '{{ etherpad_database_user }}'
database: '{{ etherpad_database_name }}'
password: '{{ etherpad_database_password }}'
socket: '/var/run/postgresql'
port: '5432'
- etherpad_bind
IP address where etherpad-lite daemon will listen for connections.
etherpad_bind: '127.0.0.1'
- etherpad_port
Port where etherpad-lite daemon will listen for connections.
etherpad_port: '9001'
Authentication
- etherpad_admins
List of Etherpad administrative accounts. Passwords are generated automatically and are saved in the secret/ directory. Refer to the debops.secret role for more details.
etherpad_admins: [ 'admin' ]
- etherpad_users
List of Etherpad user accounts. Passwords are generated automatically and are saved in the secret/ directory. Refer to the debops.secret role for more details.
etherpad_users: []
- etherpad_password_hashing_algo
Hashing algorithm to use for handling passwords. See https://github.com/LaKing/ep_hash_auth for details. Currently only 'sha512' is supported by the role.
etherpad_password_hashing_algo: 'sha512'
- etherpad_password_hashing_rounds
TODO: Not implemented yet.
How much rounds the hashing algorithm should do before using using the
password hash. This option depends on the hashing algorithm selected by
etherpad_password_hashing_algo
. Some hashing algorithms
implementations may not support rounds. The SHA family currently does not and
defaults to one round which is considered insecure. bcrypt however does
support it.
etherpad_password_hashing_rounds: '10'
- etherpad_require_authentication
Require authentication from all users.
etherpad_require_authentication: False
- etherpad_require_authorization
Require authorization by a module or user with is_admin = True
.
etherpad_require_authorization: False
- etherpad_require_session
Require session to access pads.
etherpad_require_session: False
- etherpad_edit_only
Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads.
etherpad_edit_only: False
- etherpad_trust_proxy
Trust the reverse proxy (nginx)?
etherpad_trust_proxy: False
Etherpad customization
- etherpad_abiword
Enable Abiword support (for document import)?
etherpad_abiword: True
- etherpad__default_plugins
Default Etherpad plugin list (alphabetically sorted).
etherpad__default_plugins:
- name: 'pg'
state: '{{ "present"
if (etherpad__database == "postgres")
else "absent" }}'
- name: 'sqlite3'
state: '{{ "present"
if (etherpad__database == "sqlite")
else "absent" }}'
- 'gyp'
- 'bcrypt'
- 'ep_adminpads'
- 'ep_align'
- 'ep_font_color'
- 'ep_font_family'
- 'ep_font_size'
- 'ep_hash_auth'
- 'ep_headings'
- 'ep_hide_referrer'
- 'ep_line_height'
- 'ep_linkify'
- 'ep_message_all'
- 'ep_padlist'
- 'ep_page_view'
- 'ep_print'
- 'ep_rss'
- 'ep_scrollto'
- 'ep_subscript'
- 'ep_superscript'
- etherpad_plugins
List of additional Etherpad plugins to enable. Checkout the list of available plugins for more: https://static.etherpad.org/plugins.html.
etherpad_plugins: []
Other options
- etherpad_allow
Allow access only from selected IP addresses/CIDR networks. If empty, allow access from everywhere.
etherpad_allow: []
- etherpad_minify
Minify CSS and JS assets?
etherpad_minify: True
- etherpad_max_age
Maximum age of cached assets (6 hours by default).
etherpad_max_age: '{{ (60 * 60 * 6) }}'
- etherpad_disable_ip_logging
Disable IP addresses in logs?
etherpad_disable_ip_logging: False
- etherpad_loglevel
Etherpad log level (choices: DEBUG, INFO, WARN, ERROR)
etherpad_loglevel: 'INFO'
- etherpad_custom_json
Here you can define custom settings.json entries in YAML format, which will be converted to JSON and put at the end of the configuration file.
etherpad_custom_json: False
- etherpad_api_calls
Allows you configure all aspects of Etherpad via its API. See http://etherpad.org/doc/v1.5.1/#index_api_methods for details.
etherpad_api_calls: []
# - method: 'createPad'
# args:
# 'padID': 'testing'
- etherpad_api_version
Against which API version should the API calls be executed?
Only applies for etherpad_api_calls
.
etherpad_api_version: '1.2.12'
- etherpad_api_key_file
Filepath of the API key file.
etherpad_api_key_file: '{{ etherpad_home + "/" + etherpad_repository }}/APIKEY.txt'
- etherpad_api_calls_debug
If True, you will get debugging output for the API calls defined by
etherpad_api_calls
. Default is False.
etherpad_api_calls_debug: False
Configuration for other Ansible roles
- etherpad__etc_services__dependent_list
Configuration for the debops.etc_services Ansible role.
etherpad__etc_services__dependent_list:
- name: 'etherpad-lite'
port: '{{ etherpad_port }}'
comment: 'Etherpad Lite'
- etherpad__logrotate__dependent_config
Configuration for the debops.logrotate Ansible role.
etherpad__logrotate__dependent_config:
- filename: 'etherpad-lite'
log: '{{ etherpad_log_dir + "/*.log" }}'
options: |
weekly
missingok
rotate 4
compress
notifempty
create 644 {{ etherpad_user }} {{ etherpad_group }}
comment: 'Logrotate configuration for etherpad-lite'
- etherpad__mariadb__dependent_users
User configuration for the debops.mariadb Ansible role.
etherpad__mariadb__dependent_users:
- name: '{{ etherpad_database_user }}'
password: '{{ etherpad_database_password }}'
owner: '{{ etherpad_user }}'
group: '{{ etherpad_group }}'
home: '{{ etherpad_home }}'
- etherpad__mariadb__dependent_databases
Database configuration for the debops.mariadb Ansible role.
etherpad__mariadb__dependent_databases:
- database: '{{ etherpad_database_name }}'
- etherpad__postgresql__dependent_roles
User configuration for the debops.postgresql Ansible role.
etherpad__postgresql__dependent_roles:
- name: '{{ etherpad_database_user }}'
password: '{{ etherpad_database_password }}'
flags: [ 'NOSUPERUSER', 'NOCREATEDB', 'LOGIN' ]
- etherpad__postgresql__dependent_databases
Database configuration for the debops.postgresql Ansible role.
etherpad__postgresql__dependent_databases:
- name: '{{ etherpad_database_name }}'
port: '5432'
owner: '{{ etherpad_database_user }}'
encoding: '{{ etherpad_database_encoding | d(omit) }}'
lc_collate: '{{ etherpad_database_collate | d(omit) }}'
lc_ctype: '{{ etherpad_database_ctype | d(omit) }}'
- etherpad__nginx__dependent_upstreams
Upstream configuration for the debops.nginx Ansible role.
etherpad__nginx__dependent_upstreams:
- name: '{{ etherpad_system_name }}'
enabled: True
server: '127.0.0.1:{{ etherpad_port }}'
- etherpad__nginx__dependent_servers
Server configuration for the debops.nginx Ansible role.
etherpad__nginx__dependent_servers:
- by_role: 'debops.etherpad'
enabled: True
favicon: False
name: '{{ etherpad_domain }}'
filename: 'debops.etherpad'
location:
# Allow normal files to pass through
'~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt)': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Redirect to force /p/* URLs to the friendly version
'/p/': |
rewrite ^/p/(.*) /$1 redirect;
# Handle redirects
'/redirect': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Match the home page
'~ ^/$': |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }};
# Handle pad URLs here
'/': |
rewrite ^/admin(.*) /admin/$1 redirect;
rewrite ^/list(.*) /list break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass http://{{ etherpad_system_name }}/p/;
proxy_redirect / /p/;
location_allow:
'~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt)': '{{ etherpad_allow }}'
'/p/': '{{ etherpad_allow }}'
'/redirect': '{{ etherpad_allow }}'
'~ ^/$': '{{ etherpad_allow }}'
'/': '{{ etherpad_allow }}'