BlackDragon/ansible
1
0
Fork 0
forked from bitlair/ansible
Code Pull requests Activity

fix dingen op chat.bitlair.nl

Browse source
This commit is contained in:
Kyan Wanschers 2025-04-15 16:31:57 +02:00
parent 9cbd01f4bc
commit e4c0e19613
4 changed files with 39 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
group_vars/chat.yaml
View file

@ -33,3 +33,36 @@ nginx_sites:
group_nft_input: group_nft_input:
- "tcp dport { http, https } accept # Allow web-traffic from world" - "tcp dport { http, https } accept # Allow web-traffic from world"
- "tcp dport 113 accept # Allow identd from world" - "tcp dport 113 accept # Allow identd from world"
---
root_access:
- blackdragon
- ak
- foobar
- polyfloyd
nodejs_version: 22.x
thelounge_version: "4.4.3"
thelounge_ldap_url: ldaps://ldap.bitlair.nl
thelounge_ldap_filter: (objectClass=inetOrgPerson)
thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
chat_hostname: chat.bitlair.nl
acme_domains:
- "{{ chat_hostname }}"
nginx_sites:
- server_name: "{{ chat_hostname }}"
config:
- |-
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# by default nginx times out connections in one minute
proxy_read_timeout 1d;
}
group_nft_input:
- "tcp dport { http, https } accept # Allow web-traffic from world"

13
roles/chat/tasks/main.yaml
View file

@ -5,7 +5,6 @@
- gpg - gpg
- apt-transport-https - apt-transport-https
- build-essential - build-essential
- authbind
- name: Import nodesource signing key - name: Import nodesource signing key
ansible.builtin.shell: ansible.builtin.shell:
@ -80,14 +79,6 @@
state: present state: present
become: yes become: yes
- name: Give thelounge access to port 113 via authbind
file:
path: /etc/authbind/byport/113
owner: thelounge
group: thelounge
mode: 0500
state: touch
- name: Ensure JS and JSON syntax checking packages are installed - name: Ensure JS and JSON syntax checking packages are installed
yarn: yarn:
name: "{{ item }}" name: "{{ item }}"
@ -118,7 +109,7 @@
- name: Ensure user configuration directory is present - name: Ensure user configuration directory is present
file: file:
path: /etc/thelounge/users path: /var/local/thelounge/users
owner: thelounge owner: thelounge
group: thelounge group: thelounge
state: directory state: directory
@ -126,7 +117,7 @@
- name: Ensure preview storage directory is present - name: Ensure preview storage directory is present
file: file:
path: /etc/thelounge/storage path: /var/local/thelounge/storage
owner: thelounge owner: thelounge
group: thelounge group: thelounge
mode: "0770" mode: "0770"

3
roles/chat/templates/config.js.j2
View file

@ -42,8 +42,7 @@ module.exports = {
}, },
}, },
identd: { identd: {
enable: true, enable: false,
port: 113,
}, },
ldap: { ldap: {
enable: true, enable: true,

4
roles/chat/templates/thelounge.service
View file

@ -7,8 +7,8 @@ Wants=network-online.target
User=thelounge User=thelounge
Group=thelounge Group=thelounge
Type=simple Type=simple
Environment=THELOUNGE_HOME=/etc/thelounge Environment=THELOUNGE_HOME=/var/local/thelounge
ExecStart=/usr/bin/authbind --deep /usr/local/bin/thelounge start ExecStart=/usr/local/bin/thelounge start
ProtectSystem=yes ProtectSystem=yes
ProtectHome=yes ProtectHome=yes
PrivateTmp=yes PrivateTmp=yes