From 050205e95c01b8025892972ad8e77f3ff75d9cd0 Mon Sep 17 00:00:00 2001
From: Mark Janssen -- Sig-I/O Automatisering <mark@sig-io.nl>
Date: Sun, 27 Apr 2025 21:11:17 +0200
Subject: [PATCH] Cleanup thelounge playbook

---
 bitlair.yaml                      |   6 ++
 chat.yaml                         |   2 +
 roles/chat/handlers/main.yaml     |  10 +++
 roles/chat/tasks/main.yaml        | 113 +++++++++++-------------------
 roles/chat/templates/config.js.j2 |   4 +-
 5 files changed, 61 insertions(+), 74 deletions(-)
 create mode 100644 roles/chat/handlers/main.yaml

diff --git a/bitlair.yaml b/bitlair.yaml
index 4016241..19de646 100644
--- a/bitlair.yaml
+++ b/bitlair.yaml
@@ -65,3 +65,9 @@
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "www", tags: ["www"] }
+
+- hosts: chat
+  roles:
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "chat", tags: [ "chat" ] }
diff --git a/chat.yaml b/chat.yaml
index 9560585..a5b4c42 100644
--- a/chat.yaml
+++ b/chat.yaml
@@ -1,3 +1,5 @@
+---
+
 - hosts: chat
   roles:
     - { role: "common", tags: [ "common" ] }
diff --git a/roles/chat/handlers/main.yaml b/roles/chat/handlers/main.yaml
new file mode 100644
index 0000000..82e78eb
--- /dev/null
+++ b/roles/chat/handlers/main.yaml
@@ -0,0 +1,10 @@
+---
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: yes
+
+- name: Restart thelounge
+  ansible.builtin.systemd:
+    name: thelounge
+    state: restarted
+    enabled: true
diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml
index 6fa26d1..097eb1b 100644
--- a/roles/chat/tasks/main.yaml
+++ b/roles/chat/tasks/main.yaml
@@ -1,7 +1,9 @@
+---
+
 - name: Install dependencies
   ansible.builtin.apt:
     state: present
-    pkg: 
+    pkg:
       - gpg
       - apt-transport-https
       - build-essential
@@ -14,25 +16,30 @@
     creates: /usr/share/keyrings/nodesource.gpg
   notify: Apt update
 
-- name: Install nodesource source list
-  ansible.builtin.template:
-    src: nodesource.list
-    dest: /etc/apt/sources.list.d/nodesource.list
-    owner: root
-    group: root
-    mode: 0644
-  notify: Apt update
+- name: Ensure directories are present
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    owner: "thelounge"
+    group: "thelounge"
+    state: "{{ item.state | default('directory') }}"
+    mode: "{{ item.mode | default('0770') }}"
+  with_items:
+    - { path: "/etc/thelounge" }
+    - { path: "/var/local/thelounge/users" }
+    - { path: "/var/local/thelounge/storage" }
+  notify:
+    - Restart thelounge
 
-- name: Install nodejs apt preference
+- name: Configure templates
   ansible.builtin.template:
-    src: nodejs-apt-pref
-    dest: /etc/apt/preferences.d/nodejs
-    owner: root
-    group: root
-    mode: 0644
-  notify: Apt update
-
-- ansible.builtin.meta: flush_handlers
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default( 'thelounge' ) }}"
+    group: "{{ item.group | default( 'thelounge' ) }}"
+    mode: "{{ item.mode | default('0640') }}"
+  with_items:
+    - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root }
+    - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs", owner: root, group: root }
 
 - name: Install nodejs
   ansible.builtin.apt:
@@ -56,7 +63,7 @@
 
     - name: Copy patch
       ansible.builtin.template:
-        src: thelounge-bitlair.patch    
+        src: thelounge-bitlair.patch
         dest: /tmp/thelounge-bitlair.patch
 
     - name: Apply patch
@@ -69,16 +76,17 @@
   ansible.builtin.shell:
     chdir: /opt/thelounge
     cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
+  notify:
+    - Restart thelounge
 
 - name: Ensure user thelounge is present
-  user:
+  ansible.builtin.user:
     name: thelounge
     createhome: no
     comment: The Lounge (IRC client)
     system: yes
     state: present
-  become: yes
-      
+
 - name: Ensure JS and JSON syntax checking packages are installed
   yarn:
     name: "{{ item }}"
@@ -87,57 +95,18 @@
   with_items:
     - esprima
     - jsonlint
-  become: yes
   changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
 
-- name: Ensure thelounge configuration directory is present
-  file:
-    path: /etc/thelounge
-    owner: thelounge
-    group: thelounge
-    state: directory
-  become: yes
-
-- name: Ensure The Lounge is configured
-  template:
-    src: config.js.j2
-    dest: /etc/thelounge/config.js
-    owner: thelounge
-    group: thelounge
-    validate: 'esvalidate %s'
-  become: yes
-
-- name: Ensure user configuration directory is present
-  file:
-    path: /var/local/thelounge/users
-    owner: thelounge
-    group: thelounge
-    state: directory
-  become: yes
-
-- name: Ensure preview storage directory is present
-  file:
-    path: /var/local/thelounge/storage
-    owner: thelounge
-    group: thelounge
-    mode: "0770"
-    state: directory
-  become: yes
-
-- name: Copy service file to systemd directory
+- name: Configure templates
   ansible.builtin.template:
-    src: thelounge.service    # Path to your service file in your Ansible project
-    dest: /etc/systemd/system/thelounge.service
-    owner: root
-    group: root
-    mode: '0644'
-  
-- name: Reload systemd daemon to read new service file
-  ansible.builtin.systemd:
-    daemon_reload: yes
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default( 'thelounge' ) }}"
+    group: "{{ item.group | default( 'thelounge' ) }}"
+    mode: "{{ item.mode | default('0640') }}"
+    validate: "{{ item.validate | default([]) }}"
+  with_items:
+    - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' }
+    - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" }
+  notify: "{{ item.notify | default('Restart thelounge') }}"
 
-- name: Enable and start the service
-  ansible.builtin.systemd:
-    name: thelounge
-    state: started
-    enabled: yes
\ No newline at end of file
diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2
index c606576..c1b4a0c 100644
--- a/roles/chat/templates/config.js.j2
+++ b/roles/chat/templates/config.js.j2
@@ -49,8 +49,8 @@ module.exports = {
         url: "{{ thelounge_ldap_url }}",
         primaryKey: "uid",
         searchDN: {
-            rootDN: "{{ thelounge_ldap_rootDN }}",
-            rootPassword: "{{ thelounge_ldap_rootPassword }}",
+            rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}",
+            rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}",
             filter: "{{ thelounge_ldap_filter }}",
             base: "{{ thelounge_ldap_base }}",
         },