Update to 2021-12-25 20:02

roles/bookstack/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-bookstack_version: '21.11.3'
+bookstack_version: '21.12'
 # URL of the arhive
 bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz
 # Expected sha1 of the archive
-bookstack_archive_sha1: 26b9ac3d732c27c0630a4cb2b570bd4044e55769
+bookstack_archive_sha1: d2abf62794f97e3fcd7ebd8a270c152329c3573e
 
 # Should ansible handle bookstack upgrades or just the inintial install
 bookstack_manage_upgrade: True

roles/bookstack/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart bookstack-queue
+  service: name=bookstack_{{ bookstack_id }}-queue state=restarted

roles/bookstack/tasks/install.yml

@@ -84,3 +84,14 @@
     - pre
     - post
   tags: bookstack
+
+- name: Install queue worker unit
+  template: src=bookstack-queue.service.j2 dest=/etc/systemd/system/bookstack_{{ bookstack_id }}-queue.service
+  register: bookstack_unit
+  notify: restart bookstack-queue
+  tags: bookstack
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: bookstack_unit.changed
+  tags: bookstack

roles/bookstack/tasks/main.yml

@@ -7,6 +7,7 @@
   when: bookstack_install_mode == 'upgrade'
 - include: install.yml
 - include: conf.yml
+- include: services.yml
 - include: write_version.yml
 - include: archive_post.yml
   when: bookstack_install_mode == 'upgrade'

roles/bookstack/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable services
+  service: name=bookstack_{{ bookstack_id }}-queue state=started enabled=True
+  tags: bookstack

roles/bookstack/templates/bookstack-queue.service.j2

@@ -0,0 +1,29 @@
+[Unit]
+Description=BookStack {{ bookstack_id }} Queue Worker
+
+[Service]
+User={{ bookstack_php_user }}
+Group={{ bookstack_php_user }}
+Restart=always
+ExecStart=/bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan queue:work --sleep=3 --tries=1 --max-time=3600
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictRealtime=true
+RestrictNamespaces=yes
+ReadWritePaths={{ bookstack_root_dir }}
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
+SystemCallErrorNumber=EPERM
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+
+[Install]
+WantedBy=multi-user.target

roles/bookstack/templates/env.j2

@@ -23,6 +23,7 @@ CACHE_PREFIX=bookstack_{{ bookstack_id }}
 {% if bookstack_trusted_proxies | length > 0 %}
 APP_PROXIES={{ bookstack_trusted_proxies | join(',') }}
 {% endif %}
+QUEUE_CONNECTION=database
 {% for key in bookstack_settings.keys() | list %}
 {{ key }}="{{ bookstack_settings[key] }}"
 {% endfor %}

roles/httpd_php/defaults/main.yml

@@ -32,8 +32,9 @@ httpd_php_versions:
   - 73
   - 74
   - 80
+  - 81
 
-httpd_php_default_version: 73
+httpd_php_default_version: 74
 
 #httpd_php_ansible_pools:
 #  name: glpi