noplanman.lstu
Ansible Role for Lstu (Let's Shorten That URL)
:rocket: Development has moved to git.feneas.org.
(The GitHub repository is just a mirror, so please fork on Feneas if you want to contribute. No registration is needed; just log in with your GitHub account.)
This role can install and set up Lstu on Debian/Ubuntu servers. Learn more about Lstu, created by Luc Didry.
When installed, this role will set up a service that starts automatically when the server boots. It will also detect which service manager is used.
Requirements
This role does not install Nginx or Apache for you as a reverse proxy; you will need to do that yourself. Check out the example configurations.
Role Variables
You can set the user and group for running Lstu, typically the web server's user and group.
lstu_user: www-data
lstu_group: www-data
You can choose whether Lstu should stay updated (default: no).
lstu_keep_updated: no
You can decide if you want to save the admin password in a hashed format. (lstu_adminpwd must always be the actual clear-text password!)
lstu_hash_adminpwd: yes
There are several required and optional settings. See all possible variables in defaults/main.yml.
# Required!
lstu_working_dir: "/var/www/example.com"
lstu_listen: "http://127.0.0.1:8080" # You can use an array for multiple addresses.
lstu_contact: "[email protected]"
lstu_secrets: ["array", "of", "random", "secrets"]
# Optional
lstu_proxy: no
lstu_adminpwd: "sup3r-secr3t"
lstu_theme: "default"
lstu_page_offset: 10
lstu_url_length: 8
lstu_provis_step: 5
lstu_provisioning: 100
lstu_prefix: "/"
lstu_allowed_domains: []
lstu_fixed_domain: "example.org"
lstu_db_type: "sqlite"
lstu_db_path: "lstu.db"
lstu_pgdb:
database: "lstu"
host: "localhost"
port: 5432
user: "DBUSER"
pwd: "DBPASSWORD"
max_connections: 1
lstu_mysqldb:
database: "lstu"
host: "localhost"
port: 3306
user: "DBUSER"
pwd: "DBPASSWORD"
max_connections: 5
lstu_ban_min_strike: 3
lstu_ban_blacklist: []
lstu_ban_whitelist: []
lstu_piwik:
url: "http://piwik.example.com"
idsite: "1"
minion:
enabled: no,
db_path: "minion.db"
pgdb:
database: "lstu_minion"
host: "localhost"
port: 5432
user: "DBUSER"
pwd: "DBPASSWORD"
mysqldb:
database: "lstu_minion"
host: "localhost"
port: 3306
user: "DBUSER"
pwd: "DBPASSWORD"
lstu_ldap:
uri: "ldaps://ldap.example.org"
user_tree: "ou=users,dc=example,dc=org"
bind_dn: "uid=ldap_user,ou=users,dc=example,dc=org"
bind_pwd: "secr3t"
user_attr: "uid"
user_filter: "(!(uid=ldap_user))"
lstu_htpasswd: "lstu.passwd"
lstu_session_duration: 3600
lstu_max_redir: 2
lstu_spam_blacklist_regex: "foo|bar"
lstu_spam_path_blacklist_regex: "foo|bar"
lstu_spam_whitelist_regex: "foo|bar"
lstu_skip_spamhaus: no
lstu_safebrowsing_api_key: ""
lstu_memcached_servers: []
lstu_csp: "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'"
lstu_x_frame_options: "DENY"
lstu_x_content_type_options: "nosniff"
lstu_x_xss_protection: "1; mode=block"
lstu_log_creator_ip: no
Role Tags
Each setup part has a tag.
lstu:install
lstu:site
lstu:service
Dependencies
None.
Example Playbook
# playbook.yml
---
- hosts: servers
become: yes
vars_files:
- vars/main.yml
roles:
- { role: noplanman.lstu }
# vars/main.yml
---
lstu_working_dir: "/var/www/lstu.example.com"
lstu_listen: "http://127.0.0.1:8080"
lstu_contact: "[email protected]"
lstu_secrets: ["Weiboe3a","Ahsahm0O","biPhah2u","Ki2teeph","Choihah4","ka7Oifia","aeT7eeb9","oYah4it7"]
lstu_adminpwd: "kohdah6DJieSh1CaTe1uWohKax9ahxeG"
Tests
Docker is used to test the role across different operating systems.
Check the tests folder.
License
MIT
Install and run Lstu on a Debian-like system.
ansible-galaxy install noplanman.lstu