boneskull/main.yml

## main.yml
---
# This task just includes everything else we need
- include_role:
    # a task to install nodejs from Nodesource's distros
    name: nodejs
- include_role:
    # a task to install nginx
    name: web
# everything below here is in this gist
- include: prerequisites.yml
  become: yes
- include: node-red.yml
  become: yes
- include: nginx.yml
  become: yes
- include: systemd.yml
  become: yes

## nginx.yml
---
# We expect nginx to already be installed.
# NR runs as a user, and binds to port 1880.  This creates a reverse proxy from 1180 to 80.
- name: Create nginx proxy
  template:
    # in /roles/node-red/templates/
    src: node-red.nginx
    dest: /etc/nginx/sites-available/node-red

- name: Enable node-red nginx config
  file:
    src: /etc/nginx/sites-available/node-red
    dest: /etc/nginx/sites-enabled/node-red
    state: link


## node-red.nginx
# nginx config for NR.
# in /roles/node-red/templates/

server {
    listen 0.0.0.0:80;
    # these names are computed by ansible and act on the current host being provisioned
    server_name {{ inventory_hostname }} {{ inventory_hostname_short }};
    access_log /var/log/nginx/{{ inventory_hostname_short }}.log;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:1880;
    }
}

## node-red.yml
---
# This role uses Yarn and expcets it to be installed.  You can replace with Ansible's "npm" module if you don't use Yarn.
- name: Install Node-RED
  command: /usr/bin/yarn global add node-red creates=/usr/local/share/.config/yarn/global/node_modules/node-red

# if this file is in /roles/node-red/tasks/, then it looks in /roles/node-red/files/ for these files.
- name: Copy Node-RED configuration
  copy:
    src: "{{ item }}"
    dest: /home/{{ user_login }}/.node-red/
    # user_login is specified in /group_vars/all.yml and the name of my user (boneskull)
    owner: "{{ user_login }}"
  with_items:
    - yarn.lock
    - package.json
    - settings.js
    - flows.json

# Install nodes from package.json and yarn.lock
- name: Install 3rd-party Node-RED nodes
  command: /usr/bin/yarn install
  args:
    # this is not precise
    creates: /home/{{ user_login }}/.node-red/node_modules/node-red*
    chdir: /home/{{ user_login }}/.node-red/
  become_user: "{{ user_login }}"

## nodered.service
# systemd unit for NR.
# In /roles/node-red/templates/

[Unit]
Description=Node-RED graphical event wiring tool.
Wants=network.target
Documentation=http://nodered.org/docs

[Service]
Type=simple
User={{ user_login }}
Group={{ dialout_group }}
Environment=NODE_OPTIONS="--max-old-space-size=128" NODE_RED_OPTIONS="-v"
ExecStart=/usr/bin/node $NODE_OPTIONS /usr/bin/node-red $NODE_RED_OPTIONS
# Use SIGINT to stop
KillSignal=SIGINT
# Auto restart on crash
Restart=on-failure
# Tag things in the log
SyslogIdentifier=Node-RED
StandardOutput=syslog
StandardError=syslog

[Install]
WantedBy=multi-user.target

## prerequisites.yml
---
# this is a prereq for the node-red-contrib-homekit module
- name: Install libavahi-compat-libdnssd-dev
  apt:
    name: libavahi-compat-libdnssd-dev
    state: present
  when: 'ansible_os_family == "Debian"'

## systemd.yml
---
# this creates a systemd service
- name: Create nodered.service
  template:
    # in /roles/node-red/templates/
    src: nodered.service
    dest: /lib/systemd/system/nodered.service
  when: 'ansible_os_family == "Debian"'

- name: Enable & start Node-RED
  systemd:
    daemon_reload: yes
    enabled: yes
    state: restarted
    name: nodered
  when: 'ansible_os_family == "Debian"'
  notify:
    # this calls a handler in /roles/web/handlers/main.yml, the contents of which are:
    # ---
    # - name: restart nginx
    #   service:
    #     name: nginx
    #     enabled: yes
    #     state: restarted
    #     become: yes

    - restart nginx
	---
	# This task just includes everything else we need
	- include_role:
	# a task to install nodejs from Nodesource's distros
	name: nodejs
	- include_role:
	# a task to install nginx
	name: web
	# everything below here is in this gist
	- include: prerequisites.yml
	become: yes
	- include: node-red.yml
	become: yes
	- include: nginx.yml
	become: yes
	- include: systemd.yml
	become: yes
	---
	# We expect nginx to already be installed.
	# NR runs as a user, and binds to port 1880. This creates a reverse proxy from 1180 to 80.
	- name: Create nginx proxy
	template:
	# in /roles/node-red/templates/
	src: node-red.nginx
	dest: /etc/nginx/sites-available/node-red

	- name: Enable node-red nginx config
	file:
	src: /etc/nginx/sites-available/node-red
	dest: /etc/nginx/sites-enabled/node-red
	state: link
	# nginx config for NR.
	# in /roles/node-red/templates/

	server {
	listen 0.0.0.0:80;
	# these names are computed by ansible and act on the current host being provisioned
	server_name {{ inventory_hostname }} {{ inventory_hostname_short }};
	access_log /var/log/nginx/{{ inventory_hostname_short }}.log;

	# pass the request to the node.js server with the correct headers
	# and much more can be added, see nginx config options
	location / {
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_pass http://127.0.0.1:1880;
	}
	}
	---
	# This role uses Yarn and expcets it to be installed. You can replace with Ansible's "npm" module if you don't use Yarn.
	- name: Install Node-RED
	command: /usr/bin/yarn global add node-red creates=/usr/local/share/.config/yarn/global/node_modules/node-red

	# if this file is in /roles/node-red/tasks/, then it looks in /roles/node-red/files/ for these files.
	- name: Copy Node-RED configuration
	copy:
	src: "{{ item }}"
	dest: /home/{{ user_login }}/.node-red/
	# user_login is specified in /group_vars/all.yml and the name of my user (boneskull)
	owner: "{{ user_login }}"
	with_items:
	- yarn.lock
	- package.json
	- settings.js
	- flows.json

	# Install nodes from package.json and yarn.lock
	- name: Install 3rd-party Node-RED nodes
	command: /usr/bin/yarn install
	args:
	# this is not precise
	creates: /home/{{ user_login }}/.node-red/node_modules/node-red*
	chdir: /home/{{ user_login }}/.node-red/
	become_user: "{{ user_login }}"
	# systemd unit for NR.
	# In /roles/node-red/templates/

	[Unit]
	Description=Node-RED graphical event wiring tool.
	Wants=network.target
	Documentation=http://nodered.org/docs

	[Service]
	Type=simple
	User={{ user_login }}
	Group={{ dialout_group }}
	Environment=NODE_OPTIONS="--max-old-space-size=128" NODE_RED_OPTIONS="-v"
	ExecStart=/usr/bin/node $NODE_OPTIONS /usr/bin/node-red $NODE_RED_OPTIONS
	# Use SIGINT to stop
	KillSignal=SIGINT
	# Auto restart on crash
	Restart=on-failure
	# Tag things in the log
	SyslogIdentifier=Node-RED
	StandardOutput=syslog
	StandardError=syslog

	[Install]
	WantedBy=multi-user.target
	---
	# this is a prereq for the node-red-contrib-homekit module
	- name: Install libavahi-compat-libdnssd-dev
	apt:
	name: libavahi-compat-libdnssd-dev
	state: present
	when: 'ansible_os_family == "Debian"'
	---
	# this creates a systemd service
	- name: Create nodered.service
	template:
	# in /roles/node-red/templates/
	src: nodered.service
	dest: /lib/systemd/system/nodered.service
	when: 'ansible_os_family == "Debian"'

	- name: Enable & start Node-RED
	systemd:
	daemon_reload: yes
	enabled: yes
	state: restarted
	name: nodered
	when: 'ansible_os_family == "Debian"'
	notify:
	# this calls a handler in /roles/web/handlers/main.yml, the contents of which are:
	# ---
	# - name: restart nginx
	# service:
	# name: nginx
	# enabled: yes
	# state: restarted
	# become: yes

	- restart nginx