ansible/roles/librenms/tasks/main.yml

---

- name: Install dependencies
  apt:
    name:
    - fping
    - git
    - graphviz
    - imagemagick
    - mtr-tiny
    - mariadb-server
    - nmap
    - php-net-ipv4
    - php-net-ipv6
    - php-pear
    - php7.3-cli
    - php7.3-curl
    - php7.3-fpm
    - php7.3-gd
    - php7.3-json
    - php7.3-mbstring
    - php7.3-mysql
    - php7.3-snmp
    - python3-dotenv
    - python3-pymysql
    - python3-redis
    - rrdtool
    - snmp
    - snmpd
    - whois

- name: Configure MySQL database
  mysql_db: name={{ librenms_dbname }}

# FIXME the following statement has broken at some point in time
#- name: Configure MySQL user
#  mysql_user: name={{ librenms_dbuser }} password={{ librenms_dbpass }} priv={{ librenms_dbname }}.*:ALL state=present

- name: Ensure librenms user exists
  user: name=librenms groups=www-data createhome=no home=/usr/share/librenms system=yes

- name: Clone librenms
  git: repo=https://github.com/librenms/librenms.git dest=/usr/share/librenms depth=1 update=no

- name: Configure librenms
  template: src=config.php.j2 dest=/usr/share/librenms/config.php owner=librenms group=www-data mode=0440

- name: Set php timezone
  lineinfile:
    path: "{{ item }}"
    regexp: ';?date\.timezone'
    line: 'date.timezone = Europe/Berlin'
  with_items:
  - /etc/php/7.3/cli/php.ini
  - /etc/php/7.3/fpm/php.ini

- name: Ensure certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ librenms_domain }}.key -out /etc/nginx/ssl/{{ librenms_domain }}.crt -days 730 -subj "/CN={{ librenms_domain }}" creates=/etc/nginx/ssl/{{ librenms_domain }}.crt
  notify: Restart nginx

- name: Request nsupdate key for certificate
  include_role: name=acme-dnskey-generate
  vars:
    acme_dnskey_san_domains:
    - "{{ librenms_domain }}"

- name: Configure certificate manager for librenms
  template: src=certs.j2 dest=/etc/acertmgr/{{ librenms_domain }}.conf
  notify: Run acertmgr

- name: Configure vhost
  template: src=vhost.j2 dest=/etc/nginx/sites-available/librenms
  notify: Restart nginx

- name: Enable vhost
  file: src=/etc/nginx/sites-available/librenms dest=/etc/nginx/sites-enabled/librenms state=link
  notify: Restart nginx

- name: Start php7.3-fpm
  service: name=php7.3-fpm state=started enabled=yes