forked from bitlair/ansible
fix dingen op chat.bitlair.nl
This commit is contained in:
parent
9cbd01f4bc
commit
e4c0e19613
4 changed files with 39 additions and 16 deletions
|
|
@ -33,3 +33,36 @@ nginx_sites:
|
|||
group_nft_input:
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
- "tcp dport 113 accept # Allow identd from world"
|
||||
---
|
||||
root_access:
|
||||
- blackdragon
|
||||
- ak
|
||||
- foobar
|
||||
- polyfloyd
|
||||
nodejs_version: 22.x
|
||||
thelounge_version: "4.4.3"
|
||||
thelounge_ldap_url: ldaps://ldap.bitlair.nl
|
||||
thelounge_ldap_filter: (objectClass=inetOrgPerson)
|
||||
thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
|
||||
chat_hostname: chat.bitlair.nl
|
||||
acme_domains:
|
||||
- "{{ chat_hostname }}"
|
||||
|
||||
nginx_sites:
|
||||
- server_name: "{{ chat_hostname }}"
|
||||
config:
|
||||
- |-
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:9000/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# by default nginx times out connections in one minute
|
||||
proxy_read_timeout 1d;
|
||||
}
|
||||
|
||||
group_nft_input:
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
- gpg
|
||||
- apt-transport-https
|
||||
- build-essential
|
||||
- authbind
|
||||
|
||||
- name: Import nodesource signing key
|
||||
ansible.builtin.shell:
|
||||
|
|
@ -80,14 +79,6 @@
|
|||
state: present
|
||||
become: yes
|
||||
|
||||
- name: Give thelounge access to port 113 via authbind
|
||||
file:
|
||||
path: /etc/authbind/byport/113
|
||||
owner: thelounge
|
||||
group: thelounge
|
||||
mode: 0500
|
||||
state: touch
|
||||
|
||||
- name: Ensure JS and JSON syntax checking packages are installed
|
||||
yarn:
|
||||
name: "{{ item }}"
|
||||
|
|
@ -118,7 +109,7 @@
|
|||
|
||||
- name: Ensure user configuration directory is present
|
||||
file:
|
||||
path: /etc/thelounge/users
|
||||
path: /var/local/thelounge/users
|
||||
owner: thelounge
|
||||
group: thelounge
|
||||
state: directory
|
||||
|
|
@ -126,7 +117,7 @@
|
|||
|
||||
- name: Ensure preview storage directory is present
|
||||
file:
|
||||
path: /etc/thelounge/storage
|
||||
path: /var/local/thelounge/storage
|
||||
owner: thelounge
|
||||
group: thelounge
|
||||
mode: "0770"
|
||||
|
|
|
|||
|
|
@ -42,8 +42,7 @@ module.exports = {
|
|||
},
|
||||
},
|
||||
identd: {
|
||||
enable: true,
|
||||
port: 113,
|
||||
enable: false,
|
||||
},
|
||||
ldap: {
|
||||
enable: true,
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ Wants=network-online.target
|
|||
User=thelounge
|
||||
Group=thelounge
|
||||
Type=simple
|
||||
Environment=THELOUNGE_HOME=/etc/thelounge
|
||||
ExecStart=/usr/bin/authbind --deep /usr/local/bin/thelounge start
|
||||
Environment=THELOUNGE_HOME=/var/local/thelounge
|
||||
ExecStart=/usr/local/bin/thelounge start
|
||||
ProtectSystem=yes
|
||||
ProtectHome=yes
|
||||
PrivateTmp=yes
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue