129 lines
3.1 KiB
YAML
129 lines
3.1 KiB
YAML
---
|
|
- name: fix selinux contexts from cache directory
|
|
community.general.sefcontext:
|
|
path: "/var/cache/zoneminder(/.*)?"
|
|
setype: httpd_cache_t
|
|
|
|
- name: install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- mariadb
|
|
- zoneminder-httpd
|
|
|
|
- name: fix selinux contexts from data directory
|
|
community.general.sefcontext:
|
|
path: "/export/zoneminder(/.*)?"
|
|
setype: zoneminder_var_lib_t
|
|
|
|
- name: create data directory
|
|
ansible.builtin.file:
|
|
path: /export/zoneminder
|
|
state: directory
|
|
mode: 0750
|
|
owner: apache
|
|
group: apache
|
|
setype: _default
|
|
|
|
- name: link data directory
|
|
ansible.builtin.file:
|
|
dest: /srv/zoneminder
|
|
src: /export/zoneminder
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
|
|
- name: create config
|
|
ansible.builtin.template:
|
|
dest: /etc/zm/conf.d/local.conf
|
|
src: zm.conf
|
|
mode: 0640
|
|
owner: root
|
|
group: apache
|
|
notify: restart zoneminder
|
|
|
|
- name: remove mariadb depency from unit file
|
|
ansible.builtin.shell:
|
|
cmd: >-
|
|
sed -e 's/mariadb\.service//' /lib/systemd/system/zoneminder.service
|
|
> /etc/systemd/system/zoneminder.service
|
|
creates: /etc/systemd/system/zoneminder.service
|
|
warn: false
|
|
notify: restart zoneminder
|
|
when: zm_mysql_host != "localhost"
|
|
|
|
- name: allow zoneminder to read host private key
|
|
ansible.builtin.user:
|
|
name: apache
|
|
groups: hostkey
|
|
append: true
|
|
notify: restart zoneminder
|
|
when: zm_mysql_host != "localhost"
|
|
|
|
- name: loosen selinux settings
|
|
ansible.posix.seboolean:
|
|
name: "{{ item }}"
|
|
state: true
|
|
persistent: true
|
|
with_items:
|
|
- domain_can_mmap_files
|
|
- nis_enabled
|
|
|
|
# selinux doesn't allow create this
|
|
- name: create stub web log
|
|
ansible.builtin.file:
|
|
dest: /var/log/zoneminder/web_php.log
|
|
state: touch
|
|
mode: 0640
|
|
owner: apache
|
|
group: apache
|
|
access_time: preserve
|
|
modification_time: preserve
|
|
|
|
- name: link apache config
|
|
ansible.builtin.file:
|
|
dest: /etc/httpd/conf.local.d/zm.conf
|
|
src: /etc/zm/www/zoneminder.httpd.conf
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart apache
|
|
|
|
- name: link apache php config
|
|
ansible.builtin.file:
|
|
dest: /etc/httpd/conf.local.d/php.conf
|
|
src: /etc/httpd/conf.d/php.conf
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart apache
|
|
|
|
- name: configure zoneminder timezone
|
|
ansible.builtin.copy:
|
|
dest: /etc/php.d/timezone.ini
|
|
content: "date.timezone=UTC\n"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: restart apache
|
|
|
|
# required for database updates to work
|
|
- name: configure mysql client to use ssl
|
|
ansible.builtin.copy:
|
|
dest: /root/.my.cnf
|
|
content: |
|
|
[client]
|
|
ssl-ca={{ tls_certs }}/ca.crt
|
|
ssl-cert={{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
ssl-key={{ tls_private }}/{{ inventory_hostname }}.key
|
|
mode: 0600
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: enable service
|
|
ansible.builtin.service:
|
|
name: zoneminder
|
|
state: started
|
|
enabled: true
|