Add beehive role

roles/beehive/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+beehive_version: v0.4.0
+beehive_tarball_armv6: beehive_0.4.0_Linux_armv6.tar.gz
+beehive_tarball_armv6_sha256: c1fa8f5a1935ee12f09a2bd9579281d64552897c597534361aba90ed992676fb
+beehive_tarball_x86_64: beehive_0.4.0_Linux_x86_64.tar.gz
+beehive_tarball_x86_64_sha256: f1959bc2f7c19d4ec8eaabc7b78492836afcc3bcd75d034854e66607efa9efab
+
+architecture: "{{ 'armv6' if ansible_architecture|lower == 'armv7l' else  ansible_architecture|lower}}"
+beehive_tarball: "{{ lookup('vars', 'beehive_tarball_'+architecture, default=beehive_tarball_x86_64) }}"
+beehive_tarball_sha256: "{{ lookup('vars', 'beehive_tarball_'+architecture+'_sha256', default=beehive_tarball_x86_64_sha256) }}"
+
+
+beehive_download_url: "https://github.com/muesli/beehive/releases/download/{{ beehive_version }}/{{ beehive_tarball }}"
+
+beehive_dir: /srv/beehive
+
+beehive_bind: 127.0.0.1:8181
+beehive_canonical_url: "http://{{ beehive_bind }}"

roles/beehive/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: systemctl daemon-reload
+  systemd:
+    daemon_reload: true
+
+- name: systemctl restart beehive
+  systemd:
+    name: beehive.service
+    state: restarted

roles/beehive/tasks/main.yml

@@ -0,0 +1,71 @@
+---
+
+- name: ensure beehive group exits
+  group:
+    name: beehive
+    system: true
+
+- name: ensure beehive user exists and has restrictive settings
+  user:
+    name: beehive
+    groups: beehive
+    password: "*"
+    create_home: false
+    system: true
+    shell: /usr/sbin/nologin
+
+- name: ensure that the directory where we deploy beehive exists
+  file:
+    path: "{{ beehive_dir }}"
+    state: directory
+    owner: beehive
+    group: beehive
+    mode: "0750"
+
+# TODO: download only if not installed or a new version.
+
+- name: download locally beehive in /tmp
+  get_url:
+    url: "{{ beehive_download_url }}"
+    dest: /tmp
+    checksum: "sha256:{{ beehive_tarball_sha256 }}"
+  delegate_to: localhost
+  become: false
+
+- name: unarchive locally beehive
+  unarchive:
+    src: "/tmp/{{ beehive_tarball }}"
+    dest: /tmp
+    remote_src: true
+  delegate_to: localhost
+  become: false
+
+- name: copy beehive binary
+  copy:
+    src: /tmp/beehive
+    dest: "{{ beehive_dir }}"
+    owner: beehive
+    group: beehive
+    mode: "0750"
+
+- name: set cap_net_bind_service=+ep on beehive binary
+  capabilities:
+    path: "{{ beehive_dir }}/beehive"
+    capability: cap_net_bind_service=+ep
+
+- name: install beehive systemd unit file
+  template:
+    src: etc/systemd/system/beehive.service.j2
+    dest: /etc/systemd/system/beehive.service
+  notify:
+    - systemctl daemon-reload
+
+- name: systemctl enable beehive
+  systemd:
+    name: beehive
+    enabled: true
+
+- name: ensure beehive is running
+  systemd:
+    name: beehive
+    state: started

roles/beehive/templates/etc/systemd/system/beehive.service.j2

@@ -0,0 +1,15 @@
+# Managed by Ansible
+[Unit]
+Description=beehive
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+WorkingDirectory={{ beehive_dir }}
+ExecStart={{ beehive_dir }}/beehive -bind {{ beehive_bind }} --canonicalurl {{ beehive_canonical_url }}
+User=beehive
+Group=beehive
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

tests/test.yml

@@ -22,4 +22,5 @@
     # have to download is more than 60MB.
     # - {role: ../roles/wikijs, become: true, wikijs_db_type: sqlite}
     - {role: ../roles/adguardhome}
-    - {role: ../roles/n8n, become: true}
+    # - {role: ../roles/n8n, become: true}
+    - {role: ../roles/beehive, become: true, beehive_bind: 10.10.10.10:8181}