add pghero support

alphanodes · Dec 27, 2024 · bc4b9fe · bc4b9fe
1 parent 3dd5219
commit bc4b9fe
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 4 deletions.
diff --git a/roles/redmine/defaults/main.yml b/roles/redmine/defaults/main.yml
@@ -60,6 +60,10 @@ redmine_with_hedgedoc: false
 redmine_with_memcache: true
 redmine_memcached_host: '127.0.0.1:11211'
 
+# if instance.vhost_users is defined, use access protection
+# NOTE: can be disabled to use protection for e.g. pghero only
+redmine_access_protection: true
+
 redmine_with_agile: false
 
 account_migrate_to_new_home: true

diff --git a/roles/redmine/tasks/redmine_instance.yml b/roles/redmine/tasks/redmine_instance.yml
@@ -93,10 +93,19 @@
         mode: '0644'
       notify: Reload nginx
 
+    - name: Check vhost user are specified for pghero
+      when:
+        - not access_protection
+        - instance.vhost_users is undefined
+        - instance.with_pghero is defined
+        - instance.with_pghero
+      ansible.builtin.fail:
+        msg: with_pghero requires to define vhost_users"
+
     # restart required, because file can be not available before
     - name: Redmine vhost user protection - {{ instance_name }}
       community.general.htpasswd:
-        path: /etc/nginx/.htpasswd_redmine_{{ instance_name }}
+        path: '{{ htpasswd_file }}'
         name: '{{ item.user }}'
         password: '{{ item.password }}'
         owner: root
@@ -108,7 +117,7 @@
 
 - name: Remove htpasswd file, if no base auth is in use - {{ instance_name }}
   ansible.builtin.file:
-    path: /etc/nginx/.htpasswd_redmine_{{ instance_name }}
+    path: '{{ htpasswd_file }}'
     state: absent
   when: instance.vhost_users is undefined
   notify: Restart nginx

diff --git a/roles/redmine/tasks/set_instance_vars.yml b/roles/redmine/tasks/set_instance_vars.yml
@@ -57,6 +57,8 @@
     active_agile: "{{ instance.with_agile | default(redmine_with_agile) }}"
     instance: "{{ instance | combine([{'error_404_enabled': true}]) }}"
     queue_adapter: "{{ instance.queue_adapter | default(redmine_queue_adapter) | default('') }}"
+    htpasswd_file: "/etc/nginx/.htpasswd_redmine_{{ instance_name }}"
+    access_protection: "{{ instance.access_protection | default(redmine_access_protection) }}"
 
 - name: Set redmine_theme_dir - {{ instance_name }}
   ansible.builtin.set_fact:

diff --git a/roles/redmine/templates/etc/nginx/sites-available/redmine.j2 b/roles/redmine/templates/etc/nginx/sites-available/redmine.j2
@@ -129,10 +129,18 @@ server {
 
   {% include 'templates/nginx_error_handler.inc.j2' with context %}
 
-{% if instance.vhost_users is defined %}
+{% if not access_protection && instance.with_pghero is defined and instance.with_pghero %}
+  location /pghero {
+    # access protection
+    auth_basic "Restricted access only";
+    auth_basic_user_file {{ htpasswd_file }};
+  }
+{% endif %}
+
+{% if access_protection && instance.vhost_users is defined %}
   # access protection
   auth_basic "Restricted access only";
-  auth_basic_user_file /etc/nginx/.htpasswd_redmine_{{ instance_name }};
+  auth_basic_user_file {{ htpasswd_file }};
 {% endif %}
 }
 

diff --git a/roles/redmine/templates/redmine/Gemfile.j2 b/roles/redmine/templates/redmine/Gemfile.j2
@@ -18,6 +18,9 @@ gem 'connection_pool'
 {% if instance.with_mysql2postgres is defined and instance.with_mysql2postgres %}
 gem 'mysql2postgres'
 {% endif %}
+{% if instance.with_pghero is defined and instance.with_pghero %}
+gem 'pghero'
+{% endif %}
 {% if instance.gemfile_extras is defined %}
 {% for extra_line in instance.gemfile_extras %}
 {{ extra_line }}