motioneye: Deploy motionEye camera software

The *motioneye* role installs motionEye on a Fedora machine using `pip`.
It configures Apache to proxy for motionEye for outside (HTTPS) access.

The official installation instructions and default configuration for
motionEye assume it will be running as root.  There is, however, no
specific reason for this, as it works just fine as an unprivileged user.
The only minor surprise is that the `conf_path` configuration setting
must be writable, as this is where motionEye places generated
configuration for `motion`.  This path does not, however, have to
include the `motioneye.conf` file itself, which can still be read-only.

roles/motioneye/tasks/main.yml

@@ -0,0 +1,110 @@
+- name: ensure rpmfusion repo is available
+  dnf:
+    name: >-
+      https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_version }}.noarch.rpm
+    state: present
+  tags: install
+
+- name: ensure motion is installed
+  package:
+    name: '{{ motion_packages }}'
+    state: present
+  tags: install
+- name: ensure motioneye dependencies are installed
+  package:
+    name: '{{ motioneye_packages }}'
+    state: present
+  tags: install
+- name: ensure motioneye is installed
+  pip:
+    name: motioneye
+    executable: /usr/bin/pip2
+    state: present
+  tags:
+  - install
+  - pip
+
+- name: ensure motioneye user exists
+  user:
+    name: motioneye
+    system: true
+    shell: /sbin/nologin
+    state: present
+  tags:
+  - user
+
+- name: ensure motioneye media directory exists
+  file:
+    path: /var/lib/motioneye
+    owner: motioneye
+    group: motioneye
+    mode: '0755'
+    state: directory
+- name: ensure motioneye configuration directory exists
+  file:
+    path: /var/lib/motioneye/conf
+    owner: motioneye
+    group: motioneye
+    mode: '0755'
+    state: directory
+- name: ensure motioneye log directory exists
+  file:
+    path: /var/log/motioneye
+    owner: motioneye
+    group: motioneye
+    mode: '0755'
+    state: directory
+
+- name: ensure motioneye is configured
+  template:
+    src: motioneye.conf.j2
+    dest: /etc/motioneye.conf
+    mode: '0644'
+
+- name: ensure tmpfiles.d directory exists
+  file:
+    path: /etc/tmpfiles.d
+    mode: '0755'
+    state: directory
+- name: ensure motioneye tmpfiles are configured
+  copy:
+    src: motioneye.tmpfiles.conf
+    dest: /etc/tmpfiles.d/motioneye.conf
+  notify: process tmpfiles
+
+- name: ensure motioneye systemd unit is installed
+  copy:
+    src: motioneye.service
+    dest: /etc/systemd/system/motioneye.service
+    mode: '0644'
+  notify:
+  - reload systemd
+  - restart motioneye
+  tags: systemd
+- name: ensure motioneye service is enabled
+  service:
+    name: motioneye
+    enabled: true
+- meta: flush_handlers
+- name: ensure motioneye service is running
+  service:
+    name: motioneye
+    state: started
+
+- name: ensure apache is allowed to proxy for motioneye
+  seboolean:
+    name: httpd_can_network_connect
+    persistent: true
+    state: true
+  tags:
+  - apache
+  - selinux
+- name: ensure apache is configured to proxy for motioneye
+  template:
+    src: motioneye.httpd.conf.j2
+    dest: /etc/httpd/conf.d/motioneye.conf
+    mode: '0644'
+  notify: reload httpd
+  tags:
+  - apache
+  - apache-config