From 489c627e9df3e22afa3d0e92663a6a0090d7c40c Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dani@LAPIOLE.ORG@build.lapiole.org>
Date: Sat, 25 Dec 2021 20:02:20 +0100
Subject: [PATCH] Update to 2021-12-25 20:02

---
 roles/bookstack/defaults/main.yml             |  4 +--
 roles/bookstack/handlers/main.yml             |  4 +++
 roles/bookstack/tasks/install.yml             | 11 +++++++
 roles/bookstack/tasks/main.yml                |  1 +
 roles/bookstack/tasks/services.yml            |  5 ++++
 .../templates/bookstack-queue.service.j2      | 29 +++++++++++++++++++
 roles/bookstack/templates/env.j2              |  1 +
 roles/httpd_php/defaults/main.yml             |  3 +-
 8 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 roles/bookstack/handlers/main.yml
 create mode 100644 roles/bookstack/tasks/services.yml
 create mode 100644 roles/bookstack/templates/bookstack-queue.service.j2

diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml
index 10f9efa..d31fd1b 100644
--- a/roles/bookstack/defaults/main.yml
+++ b/roles/bookstack/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-bookstack_version: '21.11.3'
+bookstack_version: '21.12'
 # URL of the arhive
 bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz
 # Expected sha1 of the archive
-bookstack_archive_sha1: 26b9ac3d732c27c0630a4cb2b570bd4044e55769
+bookstack_archive_sha1: d2abf62794f97e3fcd7ebd8a270c152329c3573e
 
 # Should ansible handle bookstack upgrades or just the inintial install
 bookstack_manage_upgrade: True
diff --git a/roles/bookstack/handlers/main.yml b/roles/bookstack/handlers/main.yml
new file mode 100644
index 0000000..4443c8a
--- /dev/null
+++ b/roles/bookstack/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart bookstack-queue
+  service: name=bookstack_{{ bookstack_id }}-queue state=restarted
diff --git a/roles/bookstack/tasks/install.yml b/roles/bookstack/tasks/install.yml
index 792b978..b23fd33 100644
--- a/roles/bookstack/tasks/install.yml
+++ b/roles/bookstack/tasks/install.yml
@@ -84,3 +84,14 @@
     - pre
     - post
   tags: bookstack
+
+- name: Install queue worker unit
+  template: src=bookstack-queue.service.j2 dest=/etc/systemd/system/bookstack_{{ bookstack_id }}-queue.service
+  register: bookstack_unit
+  notify: restart bookstack-queue
+  tags: bookstack
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: bookstack_unit.changed
+  tags: bookstack
diff --git a/roles/bookstack/tasks/main.yml b/roles/bookstack/tasks/main.yml
index 57f4c85..4a78539 100644
--- a/roles/bookstack/tasks/main.yml
+++ b/roles/bookstack/tasks/main.yml
@@ -7,6 +7,7 @@
   when: bookstack_install_mode == 'upgrade'
 - include: install.yml
 - include: conf.yml
+- include: services.yml
 - include: write_version.yml
 - include: archive_post.yml
   when: bookstack_install_mode == 'upgrade'
diff --git a/roles/bookstack/tasks/services.yml b/roles/bookstack/tasks/services.yml
new file mode 100644
index 0000000..15b478c
--- /dev/null
+++ b/roles/bookstack/tasks/services.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable services
+  service: name=bookstack_{{ bookstack_id }}-queue state=started enabled=True
+  tags: bookstack
diff --git a/roles/bookstack/templates/bookstack-queue.service.j2 b/roles/bookstack/templates/bookstack-queue.service.j2
new file mode 100644
index 0000000..b6826d2
--- /dev/null
+++ b/roles/bookstack/templates/bookstack-queue.service.j2
@@ -0,0 +1,29 @@
+[Unit]
+Description=BookStack {{ bookstack_id }} Queue Worker
+
+[Service]
+User={{ bookstack_php_user }}
+Group={{ bookstack_php_user }}
+Restart=always
+ExecStart=/bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan queue:work --sleep=3 --tries=1 --max-time=3600
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictRealtime=true
+RestrictNamespaces=yes
+ReadWritePaths={{ bookstack_root_dir }}
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
+SystemCallErrorNumber=EPERM
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/bookstack/templates/env.j2 b/roles/bookstack/templates/env.j2
index 9fdbdb8..b9a3f40 100644
--- a/roles/bookstack/templates/env.j2
+++ b/roles/bookstack/templates/env.j2
@@ -23,6 +23,7 @@ CACHE_PREFIX=bookstack_{{ bookstack_id }}
 {% if bookstack_trusted_proxies | length > 0 %}
 APP_PROXIES={{ bookstack_trusted_proxies | join(',') }}
 {% endif %}
+QUEUE_CONNECTION=database
 {% for key in bookstack_settings.keys() | list %}
 {{ key }}="{{ bookstack_settings[key] }}"
 {% endfor %}
diff --git a/roles/httpd_php/defaults/main.yml b/roles/httpd_php/defaults/main.yml
index 9992547..1dacf97 100644
--- a/roles/httpd_php/defaults/main.yml
+++ b/roles/httpd_php/defaults/main.yml
@@ -32,8 +32,9 @@ httpd_php_versions:
   - 73
   - 74
   - 80
+  - 81
 
-httpd_php_default_version: 73
+httpd_php_default_version: 74
 
 #httpd_php_ansible_pools:
 #  name: glpi