music: Fix mqtt-soundboard

bank/revbank: Update to 10.5.1
music/ampswitch: Install from apt
2025-06-07 19:40:34 +02:00 · 2025-06-06 22:11:38 +02:00 · 2025-06-05 16:32:26 +02:00 · 2025-06-04 18:35:41 +02:00 · 2025-06-04 17:18:31 +02:00 · 2025-06-01 22:43:04 +02:00
89 changed files with 1172 additions and 600 deletions
--- a/authorized_keys/blackdragon.keys
+++ b/authorized_keys/blackdragon.keys
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre
--- a/bitlair.yaml
+++ b/bitlair.yaml
@ -26,7 +26,7 @@
 - hosts: git-ci
  roles:
-    - { role: "git-ci", tags: ["git-ci"] }
+    - { role: "git_ci", tags: ["git_ci"] }
 - hosts: git
  roles:
@ -47,7 +47,6 @@
 - hosts: music
  roles:
    - { role: "acme", tags: ["acme"] }
    - { role: "go", tags: ["go"] }
    - { role: "music", tags: ["music"] }
 - hosts: pad
@ -58,6 +57,7 @@
 - hosts: services
  roles:
    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
    - { role: "services", tags: ["services"] }
 - hosts: wiki
@ -65,3 +65,13 @@
    - { role: "acme", tags: ["acme"] }
    - { role: "nginx", tags: ["nginx"] }
    - { role: "www", tags: ["www"] }
 - hosts: chat
  roles:
    - { role: "acme", tags: [ "acme" ] }
    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "chat", tags: [ "chat" ] }
 - hosts: ldap
  roles:
    - { role: "common", tags: [ "common" ] }
--- a/chat.yaml
+++ b/chat.yaml
@ -0,0 +1,10 @@
 ---
 - hosts: chat
  roles:
    - { role: "common", tags: [ "common" ] }
    - { role: "nft", tags: [ "nft" ] }
    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "acme", tags: [ "acme" ] }
    - { role: "nodesource", tags: [ "nodesource" ] }
    - { role: "chat", tags: [ "chat" ] }
--- a/git-ci.yaml
+++ b/git-ci.yaml
@ -3,4 +3,4 @@
 - hosts: git-ci
  roles:
    - { role: "common", tags: [ "common" ] }
-    - { role: "git-ci", tags: [ "git-ci" ] }
+    - { role: "git_ci", tags: [ "git_ci" ] }
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -36,3 +36,8 @@ mqtt_public_host: bitlair.nl
 debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 deb_forgejo_repos:
  - host: git.bitlair.nl
    owner: bitlair
  - host: git.polyfloyd.net
    owner: polyfloyd
--- a/group_vars/chat.yaml
+++ b/group_vars/chat.yaml
@ -0,0 +1,36 @@
 ---
 root_access:
  - blackdragon
  - ak
  - foobar
  - polyfloyd
 nodejs_version: 22.x
 thelounge_version: "4.4.3"
 thelounge_ldap_url: ldaps://ldap.bitlair.nl
 thelounge_ldap_filter: (objectClass=inetOrgPerson)
 thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
 chat_hostname: chat.bitlair.nl
 acme_domains:
 - "{{ chat_hostname }}"
 nginx_sites:
  - server_name: "{{ chat_hostname }}"
    config:
      - |-
        location / {
          proxy_pass http://127.0.0.1:9000/;
          proxy_http_version 1.1;
          proxy_set_header Connection "upgrade";
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header X-Forwarded-For $remote_addr;
          proxy_set_header X-Forwarded-Proto $scheme;
          # by default nginx times out connections in one minute
          proxy_read_timeout 1d;
        }
 group_nft_input:
  - "tcp dport { http, https } accept # Allow web-traffic from world"
--- a/group_vars/music.yaml
+++ b/group_vars/music.yaml
@ -6,12 +6,18 @@ nft: false
 root_access:
  - ak
  - bob
  - eightdot
  - foobar
  - polyfloyd
 nginx_client_max_body_size: 512M
 nginx_sites:
  - server_name: "music.bitlair.nl"
    snippets:
      - "music-nginx.j2"
 music_domain: music.bitlair.nl
 acme_san_domains:
  - [ music.bitlair.nl ]
 music_bitpanel_host: bitpanel.bitlair.nl
 music_bitpanel_port: 1337
--- a/6
+++ b/6
@ -17,7 +17,8 @@ blockchain.bitlair.nl
 git.bitlair.nl
 [git-ci]
-git-ci.bitlair.nl
+git-ci01.bitlair.nl
 git-ci02.bitlair.nl
 [pad]
 pad.bitlair.nl
@ -49,6 +50,9 @@ homeassistant.bitlair.nl
 [chat]
 chat.bitlair.nl
 [ldap]
 ldap-new.bitlair.nl
 [debian:children]
 bank
 fotos
--- a/monitoring.yaml
+++ b/monitoring.yaml
@ -4,5 +4,6 @@
  roles:
    - { role: "common", tags: [ "common" ] }
    - { role: "acme", tags: [ "acme" ] }
    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "monitoring", tags: [ "monitoring" ] }
--- a/music.yaml
+++ b/music.yaml
@ -4,6 +4,6 @@
  roles:
    - { role: "common", tags: [ "common" ] }
    - { role: "acme", tags: [ "acme" ] }
-    - { role: "go", tags: [ "go" ] }
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
-#    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "music", tags: [ "music" ] }
--- a/pad.yaml
+++ b/pad.yaml
@ -9,4 +9,5 @@
    - { role: "nft", tags: [ "nft" ] }
    - { role: "acme", tags: [ "acme" ] }
    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "nodesource", tags: [ "nodesource" ] }
    - { role: "etherpad", tags: [ "etherpad" ] }
--- a/roles/bank/defaults/main.yaml
+++ b/roles/bank/defaults/main.yaml
@ -1,3 +1,3 @@
 bank_user: bank
 bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git
 bank_local_tty: no
 bank_revbank_version: "10.5.1"
--- a/roles/bank/tasks/login.yaml
+++ b/roles/bank/tasks/login.yaml
@ -4,7 +4,7 @@
    name: bank
    password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
    home: /home/{{ bank_user }}
-    shell: /home/{{ bank_user }}/revbank.git/revbank
+    shell: /usr/local/share/revbank/revbank
    update_password: always
 - name: Allow password auth for bank user
@ -13,7 +13,7 @@
    insertafter: EOF
    validate: "/usr/sbin/sshd -t -f %s"
    block: |-
-      Match User bank
+      Match User {{ bank_user }}
          PasswordAuthentication yes
  notify: reload sshd
--- a/roles/bank/tasks/revbank.yaml
+++ b/roles/bank/tasks/revbank.yaml
@ -1,50 +1,22 @@
 ---
 - name: Install dependencies
  ansible.builtin.apt:
-    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
+    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ]
    state: present
 - name: Clone revbank source
  ansible.builtin.git:
-    repo: "{{ bank_revbank_git }}"
+    repo: https://github.com/revspace/revbank.git
-    version: master
+    version: "v{{ bank_revbank_version }}"
-    dest: /home/{{ bank_user }}/revbank.git
+    dest: /usr/local/share/revbank
    accept_hostkey: yes
- name: Create data files
+- name: Clone revbank-plugin source
-  ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
+  ansible.builtin.git:
-  args:
+    repo: https://git.bitlair.nl/bitlair/revbank-plugins.git
-    creates: /home/{{ bank_user }}/{{ item }}
+    version: main
-  with_items:
+    dest: /usr/local/share/revbank-plugins
-    - revbank.accounts
+    accept_hostkey: yes
    - revbank.market
    - revbank.products
 - name: Ensure data file permissions
  ansible.builtin.file:
    path: /home/{{ bank_user }}/{{ item }}
    state: touch
    owner: "{{ bank_user }}"
    group: "{{ bank_user }}"
    mode: 0644
  with_items:
    - revbank.accounts
    - revbank.market
    - revbank.products
 - name: Link plugins
  ansible.builtin.file:
    state: link
    path: /home/{{ bank_user }}/{{ item }}
    src: /home/{{ bank_user }}/revbank.git/{{ item }}
  with_items:
    - plugins
    - revbank.plugins
 - name: Create git data dir
  ansible.builtin.file:
    path: /home/{{ bank_user }}/data.git
    state: directory
 - name: Install git cronjob
  ansible.builtin.template:
--- a/roles/bank/templates/git.cron
+++ b/roles/bank/templates/git.cron
@ -1,4 +1,4 @@
 SHELL=/bin/bash
-#m   h  dom mon dow user             command
+#m    h  dom mon dow user             command
- 0   *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)
+ */10 *  *   *   *   {{ bank_user }}  git -C ~/.revbank pull -r && git -C ~/.revbank push && git -C ~/.revbank gc
--- a/roles/chat/defaults/main.yaml
+++ b/roles/chat/defaults/main.yaml
@ -0,0 +1,5 @@
 ---
 chat_user: thelounge
 chat_group: thelounge
 chat_configdir: "/etc/thelounge"
--- a/roles/chat/handlers/main.yaml
+++ b/roles/chat/handlers/main.yaml
@ -0,0 +1,11 @@
 ---
 - name: Reload systemd
  ansible.builtin.systemd:
    daemon_reload: yes
 - name: Restart thelounge
  ansible.builtin.systemd:
    name: thelounge
    state: restarted
    enabled: true
--- a/roles/chat/tasks/main.yaml
+++ b/roles/chat/tasks/main.yaml
@ -0,0 +1,92 @@
 ---
 - name: Install dependencies
  ansible.builtin.apt:
    state: present
    pkg:
      - build-essential
      - nodejs
 - name: Ensure directories are present
  ansible.builtin.file:
    path: "{{ item.path }}"
    owner: "{{ chat_user }}"
    group: "{{ chat_group }}"
    state: "{{ item.state | default('directory') }}"
    mode: "{{ item.mode | default('0770') }}"
  with_items:
    - { path: "{{ chat_configdir }}" }
    - { path: "/var/local/thelounge/users" }
    - { path: "/var/local/thelounge/storage" }
  notify:
    - Restart thelounge
 - name: Install nodejs
  ansible.builtin.apt:
 - name: Install yarn
  ansible.builtin.shell:
    cmd: npm install --global yarn
 - ansible.builtin.stat:
    path: /opt/thelounge
  register: src_path
 - name: Retreive thelounge source
  block:
    - name: Checkout source
      ansible.builtin.git:
        repo: 'https://github.com/revspace/thelounge.git'
        dest: /opt/thelounge
        version: 9d6dc83
        force: true
    - name: Copy patch
      ansible.builtin.template:
        src: thelounge-bitlair.patch
        dest: /tmp/thelounge-bitlair.patch
    - name: Apply patch
      ansible.builtin.shell:
        chdir: /opt/thelounge
        cmd: git apply /tmp/thelounge-bitlair.patch
  when: not src_path.stat.exists
 - name: Build and install thelounge
  ansible.builtin.shell:
    chdir: /opt/thelounge
    cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
  notify:
    - Restart thelounge
 - name: Ensure user thelounge is present
  ansible.builtin.user:
    name: thelounge
    createhome: no
    comment: The Lounge (IRC client)
    system: yes
    state: present
 - name: Ensure JS and JSON syntax checking packages are installed
  community.general.yarn:
    name: "{{ item }}"
    global: yes
    # state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
  with_items:
    - esprima
    - jsonlint
      # changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
 - name: Configure templates
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner | default( chat_user ) }}"
    group: "{{ item.group | default( chat_group ) }}"
    mode: "{{ item.mode | default('0640') }}"
    validate: "{{ item.validate | default([]) }}"
  with_items:
    - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' }
    - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" }
  notify: "{{ item.notify | default('Restart thelounge') }}"
--- a/roles/chat/templates/config.js.j2
+++ b/roles/chat/templates/config.js.j2
@ -0,0 +1,59 @@
 "use strict";
 module.exports = {
    public: false,
    port: 9000,
    bind: "0.0.0.0",
    host: "127.0.0.1",
    reverseProxy: true,
    lockNetwork: true,
    maxHistory: 10000,
    leaveMessage: "Doei!",
    defaults: {
        name: "Smurfnet",
        password: "",
        rejectUnauthorized: true,
        nick: "",
        username: "",
        realname: "",
        join: "#bitlair",
    },
    messageStorage: ["sqlite", "text"],
    fileUpload: {
        enable: true,
    },
    networks: {
        Smurfnet: {
            host: "irc.smurfnet.ch",
            port: 6697,
            tls: true,
            rejectUnauthorized: false,
        },
        "Libera.Chat": {
            host: "irc.libera.chat",
            port: 6697,
            tls: true,
            rejectUnauthorized: true,
        },
        OFTC: {
            host: "irc.oftc.net",
            port: 6697,
            tls: true,
            rejectUnauthorized: true,
        },
    },
    identd: {
        enable: false,
    },
    ldap: {
        enable: true,
        url: "{{ thelounge_ldap_url }}",
        primaryKey: "uid",
        searchDN: {
            rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}",
            rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}",
            filter: "{{ thelounge_ldap_filter }}",
            base: "{{ thelounge_ldap_base }}",
        },
    },
 };
--- a/roles/chat/templates/thelounge-bitlair.patch
+++ b/roles/chat/templates/thelounge-bitlair.patch
@ -0,0 +1,28 @@
 diff --git a/package.json b/package.json
 index 2991a6ec..dac43f16 100644
 --- a/package.json
 +++ b/package.json
@@ -84,9 +84,7 @@
     "ua-parser-js": "1.0.33",
     "uuid": "8.3.2",
     "web-push": "3.4.5",
 -    "yarn": "1.22.17"
 -  },
 -  "optionalDependencies": {
 +    "yarn": "1.22.17",
     "sqlite3": "5.1.7"
   },
   "devDependencies": {
 diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
 index e6093b0f..d30b9a1c 100644
 --- a/server/plugins/auth/ldap.ts
 +++ b/server/plugins/auth/ldap.ts
@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
 	// auth plugin API
 	function callbackWrapper(valid: boolean) {
 		if (valid && !client) {
 -			manager.addUser(user, null, false);
 +			manager.addUser(user, null, true);
 		}
 		callback(valid);
--- a/roles/chat/templates/thelounge.service
+++ b/roles/chat/templates/thelounge.service
@ -0,0 +1,17 @@
 [Unit]
 Description=The Lounge (IRC client)
 After=network-online.target
 Wants=network-online.target
 [Service]
 User={{ chat_user }}
 Group={{ chat_group }}
 Type=simple
 Environment=THELOUNGE_HOME=/var/local/thelounge
 ExecStart=/usr/local/bin/thelounge start
 ProtectSystem=yes
 ProtectHome=yes
 PrivateTmp=yes
 [Install]
 WantedBy=multi-user.target
--- a/roles/common/handlers/main.yaml
+++ b/roles/common/handlers/main.yaml
@ -3,7 +3,7 @@
  ansible.builtin.command:
    cmd: update-grub
- name: Apt update
+- name: apt update
  ansible.builtin.apt:
    update_cache: true
--- a/roles/deb_forgejo/defaults/main.yaml
+++ b/roles/deb_forgejo/defaults/main.yaml
@ -0,0 +1 @@
 deb_private_host: git.polyfloyd.net
--- a/roles/deb_forgejo/handlers/default.yaml
+++ b/roles/deb_forgejo/handlers/default.yaml
@ -0,0 +1,3 @@
 ---
 - ansible.builtin.import_tasks:
    file: ../../common/handlers/main.yaml
--- a/roles/deb_forgejo/tasks/main.yaml
+++ b/roles/deb_forgejo/tasks/main.yaml
@ -0,0 +1,26 @@
 ---
 - tags: deb_forgejo
  block:
    - name: Install dependencies
      apt:
        name: apt-transport-https
        state: present
    - name: Install packaging key
      get_url:
        url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
        dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
        mode: "0644"
      with_items: "{{ deb_forgejo_repos }}"
      notify: apt update
    - name: Install sources.list
      template:
        src: sources.list
        dest: /etc/apt/sources.list.d/deb-forgejo.list
        owner: root
        group: root
        mode: "0644"
      notify: apt update
    - meta: flush_handlers
--- a/roles/deb_forgejo/templates/sources.list
+++ b/roles/deb_forgejo/templates/sources.list
@ -0,0 +1,5 @@
 # {{ ansible_managed }}
 {% for repo in deb_forgejo_repos %}
 deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
 {% endfor %}
--- a/roles/etherpad/defaults/main.yaml
+++ b/roles/etherpad/defaults/main.yaml
@ -1,4 +1,3 @@
 nodejs_version: 22.x
 etherpad_db_user: etherpad
 etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}"
 etherpad_db_name: etherpad
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@ -3,43 +3,10 @@
 - name: Install dependencies
  ansible.builtin.apt:
    state: present
-    pkg: 
+    pkg:
-      - gpg
+      - nodejs
      - postgresql
      - python3-psycopg2
      - apt-transport-https
 - name: Import nodesource signing key
  ansible.builtin.shell:
    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
      -o /usr/share/keyrings/nodesource.gpg
  args:
    creates: /usr/share/keyrings/nodesource.gpg
  notify: Apt update
 - name: Install nodesource source list
  ansible.builtin.template:
    src: nodesource.list
    dest: /etc/apt/sources.list.d/nodesource.list
    owner: root
    group: root
    mode: 0644
  notify: Apt update
 - name: Install nodejs apt preference
  ansible.builtin.template:
    src: nodejs-apt-pref
    dest: /etc/apt/preferences.d/nodejs
    owner: root
    group: root
    mode: 0644
  notify: Apt update
 - ansible.builtin.meta: flush_handlers
 - name: Install nodejs
  ansible.builtin.apt:
    name: nodejs
 - name: Add database user
  become: true
--- a/roles/git-ci/defaults/main.yaml
+++ b/roles/git-ci/defaults/main.yaml
@ -1,2 +0,0 @@
 runner_wd: /var/lib/forgejo-runner
 runner_version: 6.3.0
--- a/roles/git-ci/tasks/main.yaml
+++ b/roles/git-ci/tasks/main.yaml
@ -1,50 +0,0 @@
 ---
 - name: Install dependencies
  ansible.builtin.apt:
    name: docker.io
 - name: Download forgejo-runner
  ansible.builtin.get_url:
    url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
    dest: /usr/local/bin/forgejo-runner
    mode: 0755
  notify: restart forgejo-runner
 - name: Create runner dir
  ansible.builtin.file:
    state: directory
    path: "{{ runner_wd }}"
    owner: root
    group: root
    mode: 0755
 - name: Register runner
  ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
  args:
    chdir: "{{ runner_wd }}"
    creates: "{{ runner_wd }}/.runner"
 - name: Install service file
  ansible.builtin.template:
    src: forgejo-runner.service
    dest: /etc/systemd/system/forgejo-runner.service
    owner: root
    group: root
    mode: 0644
  notify: restart forgejo-runner
 - name: Enable service
  ansible.builtin.systemd:
    name: forgejo-runner
    enabled: true
    daemon_reload: true
 - name: Start service
  ansible.builtin.systemd:
    name: forgejo-runner
    state: started
    daemon_reload: true
 - name: Flush handlers
  ansible.builtin.meta: flush_handlers
--- a/roles/git-server/templates/cronjob
+++ b/roles/git-server/templates/cronjob
@ -1,4 +1,4 @@
 # {{ ansible_managed }}
-#m   h  dom mon dow user             command
+#m   h  dom mon dow user command
- 0   2  *   *   1   {{ git_server_user }} {{ git_server_working_dir }}/update.sh
+ 0   2  *   *   1   root {{ git_server_working_dir }}/update.sh
--- a/roles/git_ci/defaults/main.yaml
+++ b/roles/git_ci/defaults/main.yaml
@ -0,0 +1,2 @@
 ---
 git_ci_runner_wd: /var/lib/forgejo-runner
--- a/roles/git_ci/handlers/main.yaml
+++ b/roles/git_ci/handlers/main.yaml
@ -3,6 +3,6 @@
    file: ../../common/handlers/main.yaml
 - name: restart forgejo-runner
-  ansible.builtin.systemd:
+  systemd:
    name: forgejo-runner
    state: restarted
--- a/roles/git_ci/tasks/main.yaml
+++ b/roles/git_ci/tasks/main.yaml
@ -0,0 +1,83 @@
 ---
 - tags: git_ci
  block:
    - name: Install dependencies
      apt:
        name: docker.io
    - name: Query latest forgejo-runner version
      uri:
        url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
        return_content: true
      register: response
      changed_when: false
      check_mode: false
      failed_when: "response is failed or 'json' not in response"
    - name: Format forgejo-runner latest version
      set_fact:
        forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
    - name: Detect installed forgejo-runner version
      shell:
        cmd: |
          set -o pipefail
          forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
        executable: /bin/bash
      register: forgejo_runner_installed_version_shell
      changed_when: false
      check_mode: false
    - name: Format installed forgejo-runner version
      set_fact:
        forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
    - debug:
        msg:
          - "Forgejo Runner latest version: {{ forgejo_runner_version }}"
          - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
    - name: Download forgejo-runner
      get_url:
        url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
        dest: /usr/local/bin/forgejo-runner
        mode: "0755"
      notify: restart forgejo-runner
      when: forgejo_runner_installed_version != forgejo_runner_version
    - name: Create runner dir
      file:
        state: directory
        path: "{{ git_ci_runner_wd }}"
        owner: root
        group: root
        mode: "0755"
    - name: Register runner
      command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
      args:
        chdir: "{{ git_ci_runner_wd }}"
        creates: "{{ git_ci_runner_wd }}/.runner"
    - name: Install service file
      template:
        src: forgejo-runner.service
        dest: /etc/systemd/system/forgejo-runner.service
        owner: root
        group: root
        mode: "0644"
      notify: restart forgejo-runner
    - name: Enable service
      systemd:
        name: forgejo-runner
        enabled: true
        daemon_reload: true
    - name: Start service
      systemd:
        name: forgejo-runner
        state: started
        daemon_reload: true
    - meta: flush_handlers
--- a/roles/git_ci/templates/forgejo-runner.service
+++ b/roles/git_ci/templates/forgejo-runner.service
@ -6,7 +6,7 @@ After=network.target
 [Service]
 ExecStart=/usr/local/bin/forgejo-runner daemon
-WorkingDirectory={{ runner_wd }}
+WorkingDirectory={{ git_ci_runner_wd }}
 Restart=on-failure
 RestartSec=10s
--- a/roles/monitoring/tasks/mqtt_exporter.yaml
+++ b/roles/monitoring/tasks/mqtt_exporter.yaml
@ -1,47 +1,22 @@
 ---
 - name: Clone source
  ansible.builtin.git:
    repo: https://github.com/polyfloyd/mqtt-exporter.git
    version: main
    dest: /opt/mqtt_exporter
    accept_hostkey: yes
  notify: restart mqtt_exporter
 - name: Install apt dependencies
  ansible.builtin.apt:
-    name:
+    name: mqtt-exporter
      - jq
      - python3-paho-mqtt
      - python3-prometheus-client
      - python3-yaml
    state: present
 - name: Install service
  ansible.builtin.template:
    src: mqtt_exporter.service
    dest: /etc/systemd/system/mqtt_exporter.service
    owner: root
    group: root
    mode: 0644
  notify:
    - Daemon reload
    - restart mqtt_exporter
 - name: Install config file
  ansible.builtin.template:
    src: mqtt_exporter_config.yaml
-    dest: /etc/mqtt_exporter.yaml
+    dest: /etc/mqtt-exporter.yaml
    owner: root
    group: root
    mode: 0644
-  notify:
+  notify: restart mqtt_exporter
    - Daemon reload
    - restart mqtt_exporter
 - ansible.builtin.meta: flush_handlers
 - name: Start service
  ansible.builtin.systemd:
-    name: mqtt_exporter
+    name: mqtt-exporter
    state: started
    enabled: true
--- a/roles/mqtt/defaults/main.yaml
+++ b/roles/mqtt/defaults/main.yaml
@ -1 +0,0 @@
 mqtt_bambulab_cafile: /etc/mosquitto/ca_certificates/bambulab.pem
--- a/roles/mqtt/tasks/main.yaml
+++ b/roles/mqtt/tasks/main.yaml
@ -9,8 +9,10 @@
 - name: Install bambulab cafile
  # openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
  ansible.builtin.copy:
-    dest: "{{ mqtt_bambulab_cafile }}"
+    dest: "/etc/mosquitto/ca_certificates/bambu_{{ item.name }}.pem"
-    content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
+    content: "{{ item.cafile }}"
  notify: restart mosquitto
  with_items: "{{ lookup('passwordstore', 'bambulab subkey=printers') }}"
 - name: Configure Mosquitto
  ansible.builtin.template:
--- a/roles/mqtt/templates/bambulab.conf
+++ b/roles/mqtt/templates/bambulab.conf
@ -1,10 +1,11 @@
 # {{ ansible_managed }}
 {% for bambu in lookup('passwordstore', 'bambulab subkey=printers') %}
-connection bambulab
+connection bambulab_{{ bambu.name }}
-address {{ lookup('passwordstore', 'bambulab subkey=host') }}:8883
+address {{ bambu.host }}:8883
-bridge_cafile {{ mqtt_bambulab_cafile }}
+bridge_cafile /etc/mosquitto/ca_certificates/bambu_{{ bambu.name }}.pem
 bridge_insecure true
 remote_username bblp
-remote_password {{ lookup('passwordstore', 'bambulab subkey=key') }}
+remote_password {{ bambu.key }}
-
+topic # in 2 bambulab/{{ bambu.name }}/ ""
-topic # in 2 bambulab/ ""
+{% endfor %}
--- a/roles/music/defaults/main.yaml
+++ b/roles/music/defaults/main.yaml
@ -1,2 +1,10 @@
 music_audio_user: audio
 music_audio_user_id: 998
 music_audio_group: audio
 music_bitvis_user: bitvis
 music_librespot_user: librespot
 music_trollibox_user: trollibox
 music_pulse_server: /tmp/pipewire-pulse-socket
 music_mqtt_mpd_volume: bitlair/music/space/volume
--- a/roles/music/handlers/main.yaml
+++ b/roles/music/handlers/main.yaml
@ -2,27 +2,65 @@
 - ansible.builtin.import_tasks:
    file: ../../common/handlers/main.yaml
- name: Restart trollibox
+- name: restart pipewire
  become: true
  become_user: "{{ music_audio_user }}"
  become_method: machinectl
  ansible.builtin.systemd:
    name: pipewire
    state: restarted
    daemon_reload: true
    scope: user
 - name: restart filter-chain
  become: true
  become_user: "{{ music_audio_user }}"
  become_method: machinectl
  ansible.builtin.systemd:
    name: filter-chain
    state: restarted
    daemon_reload: true
    scope: user
 - name: restart bitvis
  ansible.builtin.systemd:
    name: bitvis
    state: restarted
    daemon_reload: true
 - name: restart bitvis-tee
  ansible.builtin.systemd:
    name: bitvis-tee
    state: restarted
    daemon_reload: true
 - name: restart mpd
  ansible.builtin.systemd:
    name: mpd
    state: restarted
    daemon_reload: true
 - name: restart trollibox
  ansible.builtin.systemd:
    name: trollibox
    state: restarted
    daemon_reload: true
- name: Rebuild librespot
+- name: rebuild librespot
  ansible.builtin.command:
-    cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
+    cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend,jackaudio-backend
  args:
    chdir: /opt/librespot
- name: Restart librespot
+- name: restart librespot
  ansible.builtin.systemd:
    name: librespot
    state: restarted
    daemon_reload: true
- name: Restart soundboard
+- name: restart mqtt-soundboard
  ansible.builtin.systemd:
-    name: soundboard
+    name: mqtt-soundboard
    state: restarted
    daemon_reload: true
@ -37,3 +75,12 @@
    name: skipbutton
    state: restarted
    daemon_reload: true
 - name: restart ampswitch
  ansible.builtin.systemd:
    name: "ampswitch-{{ item }}"
    state: restarted
    daemon_reload: true
  with_items:
    - librespot
    - mpd
--- a/roles/music/tasks/ampswitch.yaml
+++ b/roles/music/tasks/ampswitch.yaml
@ -0,0 +1,31 @@
 ---
 - name: Install ampswitch
  apt:
    name: ampswitch
 - name: Install ampswitch service file
  template:
    src: ampswitch.service
    dest: /etc/systemd/system/ampswitch-{{ item.instance }}.service
    owner: root
    group: root
    mode: 0755
  with_items:
    - instance: mpd
      pw_inputs:
        - "Music Player Daemon:output_FL"
        - "Music Player Daemon:output_FR"
    - instance: librespot
      pw_inputs:
        - "librespot:out_0"
        - "librespot:out_1"
  notify: restart ampswitch
 - name: Enable ampswitch
  ansible.builtin.systemd:
    name: "ampswitch-{{ item }}"
    state: started
    enabled: true
  with_items:
    - librespot
    - mpd
--- a/roles/music/tasks/base.yaml
+++ b/roles/music/tasks/base.yaml
@ -0,0 +1,68 @@
 ---
 - name: Install pipewire
  apt:
    name:
      - systemd-container
      - pipewire
      - pipewire-jack
      - pipewire-pulse
      - pulseaudio-utils
      - pulsemixer
      - wireplumber
    state: present
 - name: Add audio group
  group:
    name: audio
    system: true
 - name: Add {{ music_audio_user }} user
  user:
    name: "{{ music_audio_user }}"
    uid: "{{ music_audio_user_id }}"
    system: true
    groups:
      - audio
 - name: Enable linger for {{ music_audio_user }}
  copy:
    dest: "/var/lib/systemd/linger/{{ music_audio_user }}"
    content: ""
 - name: Enable pipewire
  become: true
  become_user: "{{ music_audio_user }}"
  become_method: machinectl
  ansible.builtin.systemd:
    name: pipewire
    state: started
    enabled: true
    scope: user
 - name: Set PULSE_SERVER env var for all shells
  copy:
    dest: /etc/profile.d/pulse-server.sh
    content: |+
      # Ansible managed
      export PULSE_SERVER={{ music_pulse_server }}
 - name: Create pipewire-pulse config dir
  file:
    path: /etc/pipewire/pipewire-pulse.conf.d/
    state: directory
 - name: Configure system socket
  ansible.builtin.copy:
    dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf
    content: |+
      # Ansible managed
      context.exec = [
        { path = "/bin/chgrp"  args = "{{ music_audio_group }} {{ music_pulse_server }}" }
        { path = "/bin/chmod"  args = "g+rwx,o-rwx {{ music_pulse_server }}" }
      ]
      pulse.properties = {
        server.address = [
          "unix:{{ music_pulse_server }}"
        ]
      }
  notify: restart pipewire
--- a/roles/music/tasks/bitvis.yaml
+++ b/roles/music/tasks/bitvis.yaml
@ -0,0 +1,72 @@
 ---
 - name: Install bitvis dependencies
  apt:
    name:
      - bitvis
      - bitvis-http
      - swh-plugins
 - name: Create bitvis user
  user:
    name: "{{ music_bitvis_user }}"
    system: true
    home: /var/lib/bitvis
    groups:
      - "{{ music_audio_group }}"
 - name: Install bitvis-tee
  ansible.builtin.template:
    src: bitvis-tee.sh
    dest: /opt/bitvis-tee.sh
    owner: root
    group: root
    mode: 0755
  notify: restart {{ item }}
  with_items:
    - bitvis
    - bitvis-tee
 - name: Install service file
  ansible.builtin.template:
    src: "{{ item }}.service"
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: 0644
  notify: restart {{ item }}
  with_items:
    - bitvis
    - bitvis-tee
 - name: Enable service
  ansible.builtin.systemd:
    name: "{{ item }}"
    state: started
    enabled: true
    daemon_reload: true
  with_items:
    - bitvis
    - bitvis-tee
 - name: Install bitvis gain filter
  ansible.builtin.template:
    src: pw-bitvis-mixer.conf
    dest: /etc/pipewire/filter-chain.conf.d/bitvis-mixer.conf
    owner: root
    group: root
    mode: 0644
  notify:
    - restart filter-chain
    - restart bitvis
 - name: Enable filter-chain
  become: true
  become_user: "{{ music_audio_user }}"
  become_method: machinectl
  ansible.builtin.systemd:
    name: filter-chain
    state: started
    enabled: true
    scope: user
 - meta: flush_handlers
--- a/roles/music/tasks/librespot.yaml
+++ b/roles/music/tasks/librespot.yaml
@ -1,8 +1,18 @@
 ---
- name: Install dependencies
+- name: Install apt dependencies
-  ansible.builtin.apt:
+  apt:
-    name: libjack-jackd2-dev
+    name:
-    state: present
+      - libasound2-dev
      - libjack-dev
      - pkg-config
 - name: Create librespot user
  user:
    name: "{{ music_librespot_user }}"
    system: true
    home: /var/lib/librespot
    groups:
      - "{{ music_audio_group }}"
 - name: Clone librespot source
  ansible.builtin.git:
@ -11,8 +21,8 @@
    dest: /opt/librespot
    accept_hostkey: yes
  notify:
-    - Rebuild librespot
+    - rebuild librespot
-    - Restart librespot
+    - restart librespot
 - name: Install service file
  ansible.builtin.template:
@ -21,7 +31,7 @@
    owner: root
    group: root
    mode: 0644
-  notify: Restart librespot
+  notify: restart librespot
 - name: Enable Librespot
  ansible.builtin.systemd:
@ -29,3 +39,5 @@
    state: started
    enabled: true
    daemon_reload: true
 - meta: flush_handlers
--- a/roles/music/tasks/main.yaml
+++ b/roles/music/tasks/main.yaml
@ -1,4 +1,9 @@
 ---
 - name: Import base
  ansible.builtin.import_tasks:
    file: base.yaml
  tags:
    - music_base
 - name: Import mpd
  ansible.builtin.import_tasks:
@ -6,6 +11,18 @@
  tags:
    - music_mpd
 - name: Bitvis
  ansible.builtin.import_tasks:
    file: bitvis.yaml
  tags:
    - music_bitvis
 - name: Import airplay
  ansible.builtin.import_tasks:
    file: airplay.yaml
  tags:
    - music_airplay
 - name: Import trollibox
  ansible.builtin.import_tasks:
    file: trollibox.yaml
@ -24,11 +41,8 @@
  tags:
    - music_soundboard
- name: Install nginx config
+- name: Ampswitch
-  ansible.builtin.template:
+  ansible.builtin.import_tasks:
-    src: nginx-site.conf
+    file: ampswitch.yaml
-    dest: /etc/nginx/sites-enabled/trollibox
+  tags:
-    owner: root
+    - music_ampswitch
    group: root
    mode: 0644
  notify: Reload nginx
--- a/roles/music/tasks/mpd.yaml
+++ b/roles/music/tasks/mpd.yaml
@ -1,14 +1,32 @@
 ---
 - name: Install MPD
  ansible.builtin.apt:
-    name:
+    name: mpd
      - jackd
      - mpd
      - python3-mpd
      - python3-serial
    state: present
 - name: Add mpd user to the {{ music_audio_group }} group
  user:
    name: mpd
    groups:
      - "{{ music_audio_group }}"
  notify: restart mpd
 - name: Install mpd file
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
  notify: restart mpd
  with_items:
    - src: mpd.conf
      dest: /etc/mpd.conf
    - src: mpd.service
      dest: /etc/systemd/system/mpd.service
    - src: mpd_state
      dest: /var/lib/mpd/state.default
 - name: Install mpd-volume-to-mqtt script
  ansible.builtin.template:
    src: mpd-volume-to-mqtt.sh
@ -33,27 +51,3 @@
    state: started
    enabled: true
    daemon_reload: true
 - name: Clone skipbutton source
  ansible.builtin.git:
    repo: https://github.com/bitlair/skipbutton.git
    version: master
    dest: /opt/skipbutton
    accept_hostkey: yes
  notify: Restart skipbutton
 - name: Install skipbutton service
  ansible.builtin.template:
    src: skipbutton.service
    dest: /etc/systemd/system/skipbutton.service
    owner: root
    group: root
    mode: 0644
  notify: Restart skipbutton
 - name: Enable skipbutton
  ansible.builtin.systemd:
    name: skipbutton
    state: started
    enabled: true
    daemon_reload: true
--- a/roles/music/tasks/soundboard.yaml
+++ b/roles/music/tasks/soundboard.yaml
@ -1,50 +1,28 @@
 ---
 - name: Install dependencies
  ansible.builtin.apt:
-    name: virtualenv
+    name:
      - mqtt-soundboard
      - mplayer
    state: present
 - name: Clone soundboard source
  ansible.builtin.git:
    repo: https://github.com/polyfloyd/mqtt-soundboard.git
    version: main
    dest: /opt/soundboard
    accept_hostkey: yes
  notify: Restart soundboard
 - name: Create virtualenv
  ansible.builtin.command:
    cmd: virtualenv /opt/soundboard/.venv
  args:
    creates: /opt/soundboard/.venv
 - name: Install Python dependencies
  ansible.builtin.shell:
    cmd: . .venv/bin/activate && pip install -r requirements.txt
  args:
    chdir: /opt/soundboard
 - name: Install soundboard config file
  ansible.builtin.template:
-    src: soundboard.yaml
+    src: "{{ item.src }}"
-    dest: /etc/soundboard.yaml
+    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
-  notify: Restart soundboard
+  notify: restart mqtt-soundboard
-
+  with_items:
- name: Install soundboard service file
+    - src: mqtt-soundboard.service
-  ansible.builtin.template:
+      dest: /etc/systemd/system/mqtt-soundboard.service
-    src: soundboard.service
+    - src: mqtt-soundboard.yaml
-    dest: /etc/systemd/system/soundboard.service
+      dest: /etc/mqtt-soundboard.yaml
    owner: root
    group: root
    mode: 0644
  notify: Restart soundboard
 - name: Enable soundboard
  ansible.builtin.systemd:
-    name: soundboard
+    name: mqtt-soundboard
    state: started
    enabled: true
    daemon_reload: true
--- a/roles/music/tasks/trollibox.yaml
+++ b/roles/music/tasks/trollibox.yaml
@ -1,4 +1,10 @@
 ---
 - name: Create trollibox user
  user:
    name: "{{ music_trollibox_user }}"
    system: true
    home: /var/lib/trollibox
 - name: Install Trollibox config
  ansible.builtin.template:
    src: trollibox.yaml
@ -6,27 +12,29 @@
    owner: root
    group: root
    mode: "0644"
-  notify: Restart trollibox
+  notify: restart trollibox
 - name: Get latest Trollibox version from Github API
-  ansible.builtin.get_url:
+  uri:
    url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
-    dest: "/tmp/_ansible_trollibox_latest_release.json"
+    return_content: true
  register: response
  changed_when: false
  check_mode: false
  failed_when: "response is failed or 'json' not in response"
- name: Get download url
+- name: Format trollibox latest version
-  ansible.builtin.shell:
+  set_fact:
-    cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
+    trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}"
      | contains("linux-amd64")) | .browser_download_url -r
  register: "trollibox_download_url"
 - name: Download Trollibox
  ansible.builtin.unarchive:
-    src: "{{ trollibox_download_url.stdout }}"
+    src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz"
    remote_src: yes
    dest: /usr/local/bin
    include: [ trollibox ]
    mode: "0755"
-  notify: Restart trollibox
+  notify: restart trollibox
 - name: Install service file
  ansible.builtin.template:
@ -35,7 +43,7 @@
    owner: root
    group: root
    mode: "0644"
-  notify: Restart trollibox
+  notify: restart trollibox
 - name: Enable Trollibox
  ansible.builtin.systemd:
--- a/roles/music/templates/ampswitch.service
+++ b/roles/music/templates/ampswitch.service
@ -0,0 +1,20 @@
 [Unit]
 Description=Script hook for {{ item }} playback
 After=network.target {{ item.instance }}.service
 Requires={{ item.instance }}.service
 StopPropagatedFrom={{ item.instance }}.service
 [Service]
 Type=simple
 Restart=always
 RestartSec=10s
 ExecStart=/usr/bin/pw-jack ampswitch --jack-name ampswitch-{{ item.instance }} --on-command /opt/on-{{ item.instance }}-start.sh --switch-time 10 --trigger-level 0.001
 ExecStartPost=/usr/bin/sleep 4
 {% for pw_input in item.pw_inputs %}
 ExecStartPost=-/usr/bin/pw-link "{{ pw_input }}" ampswitch-{{ item.instance }}:Input
 {% endfor %}
 User=root
 Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/bitvis-tee.service
+++ b/roles/music/templates/bitvis-tee.service
@ -0,0 +1,15 @@
 [Unit]
 Description=Multiplexer for bitvis
 Before=bitvis.service
 After=bitvis-http.service
 Requires=bitvis-http.service
 PropagatesStopTo=bitvis.service
 StopPropagatedFrom=bitvis.service
 [Service]
 Type=forking
 ExecStart=/usr/bin/screen -dmS bitvis-tee /opt/bitvis-tee.sh
 User={{ music_bitvis_user }}
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/bitvis-tee.sh
+++ b/roles/music/templates/bitvis-tee.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 # {{ ansible_managed }}
 loop=`mktemp --suffix -bitvis`
 mkfifo -f "$loop"
 trap "rm -f $loop" EXIT TERM
 cat "$loop" | while true; do nc -4 -w 2 localhost 1338; done &
 nc -klp 1337 | tee "$loop" | while true; do nc -w 2 {{ music_bitpanel_host }} {{ music_bitpanel_port }}; done
--- a/roles/music/templates/bitvis.service
+++ b/roles/music/templates/bitvis.service
@ -0,0 +1,19 @@
 [Unit]
 Description=Audio visualizer for the bitpanel
 After=network.target
 [Service]
 Type=simple
 Restart=always
 RestartSec=10s
 ExecStart=/usr/bin/pw-jack bitvis -a localhost -p 1337 -m localhost -o 6600
 ExecStartPost=/usr/bin/sleep 4
 ExecStartPost=-/usr/bin/pw-link bitvis-mixer:output_FL bitvis:input
 ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FL bitvis-mixer:playback_FL
 ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis-mixer:playback_FR
 User={{ music_audio_user }}
 Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/librespot.service
+++ b/roles/music/templates/librespot.service
@ -3,16 +3,18 @@
 [Unit]
 Description=Spotify through Librespot
 After=network.target
 Requires=jackd.service
 [Service]
 Type=simple
 Restart=always
-RestartSec=2s
+RestartSec=10s
-ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
+ExecStart=/usr/bin/pw-jack -s 44100 /opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
-User={{ music_audio_user }}
+ExecStartPost=/usr/bin/sleep 4
-Group={{ music_audio_user }}
+ExecStartPost=-/usr/bin/pw-link librespot:out_0 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FL
-AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE
+ExecStartPost=-/usr/bin/pw-link librespot:out_1 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FR
 # User={{ music_librespot_user }}
 User=root
 Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/mpd-volume-to-mqtt.sh
+++ b/roles/music/templates/mpd-volume-to-mqtt.sh
@ -14,7 +14,7 @@ prev_volume=x
    if [ $event = "mixer" ]; then
        volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'`
        if [ "$prev_volume" != "$volume" ]; then
-            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume"
+            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume"
        fi
        prev_volume=$volume
    fi
--- a/roles/music/templates/mpd.conf
+++ b/roles/music/templates/mpd.conf
@ -0,0 +1,40 @@
 # {{ ansible_managed }}
 user "mpd"
 group "{{ music_audio_group }}"
 bind_to_address "any"
 port "6600"
 max_connections "20"
 zeroconf_enabled "yes"
 zeroconf_name "MPD @ %h"
 music_directory "/srv/media/music"
 auto_update "yes"
 filesystem_charset "UTF-8"
 playlist_directory "/var/lib/mpd/playlists"
 db_file "/var/lib/mpd/tag_cache"
 state_file "/var/lib/mpd/state"
 sticker_file "/var/lib/mpd/sticker.sql"
 input {
        plugin "curl" # Required for web streams.
 }
 decoder {
        plugin  "hybrid_dsd"
        enabled "no"
 }
 decoder {
        plugin  "wildmidi"
        enabled "no"
 }
 audio_output {
       type     "pulse"
       name     "Pulse"
       server   "{{ music_pulse_server }}"
 }
--- a/roles/music/templates/mpd.service
+++ b/roles/music/templates/mpd.service
@ -0,0 +1,21 @@
 # {{ ansible_managed }}
 [Unit]
 Description=Music Player Daemon
 After=network.target
 [Service]
 Type=simple
 ExecStartPre=/bin/mkdir -p /run/mpd
 ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd
 ExecStartPre=/bin/touch /var/log/mpd.log
 ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log
 ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state
 ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf
 # MDP will fork itself to the user defined in its config
 User=root
 LimitMEMLOCK=infinity
 LimitRTPRIO=99
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/mpd_state
+++ b/roles/music/templates/mpd_state
@ -0,0 +1,17 @@
 sw_volume: 20
 audio_device_state:1:Pulse
 state: play
 current: 0
 time: 0
 random: 0
 repeat: 0
 single: 0
 consume: 0
 crossfade: 0
 mixrampdb: 0.000000
 mixrampdelay: -1.000000
 playlist_begin
 song_begin: http://ice4.somafm.com/groovesalad-256-mp3
 Name: SomaFM Groove Salad
 song_end
 playlist_end
--- a/roles/music/templates/mqtt-soundboard.service
+++ b/roles/music/templates/mqtt-soundboard.service
@ -6,12 +6,11 @@ After=network.target
 [Service]
 Type=simple
-ExecStart=/opt/soundboard/.venv/bin/python /opt/soundboard/soundboard.py /etc/soundboard.yaml
+ExecStart=/lib/python3/dist-packages/mqtt-soundboard.py /etc/mqtt-soundboard.yaml
 Restart=always
 RestartSec=10
-User=audio
+User=root
-LimitMEMLOCK=infinity
+Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
 LimitRTPRIO=99
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/mqtt-soundboard.yaml
+++ b/roles/music/templates/mqtt-soundboard.yaml
@ -1,13 +1,13 @@
 # {{ ansible_managed }}
-loglevel: INFO
+loglevel: DEBUG
 mqtt:
  host: {{ mqtt_internal_host }}
 sounds:
  directory: /opt/sounds
-  play_cmd: "mplayer -volume 10 -ao jack:name=MPlayer %s"
+  play_cmd: "pw-jack mplayer -volume 20 -ao jack:name=MPlayer %s"
  topic: bitlair/soundboard
 aliases:
--- a/roles/music/templates/nginx-site.conf
+++ b/roles/music/templates/nginx-site.conf
@ -1,70 +0,0 @@
 # {{ ansible_managed }}
 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name {{ music_domain }};
    {% if acme_bootstrap_certs %}
    include "snippets/snakeoil.conf";
    {% else %}
    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
    {% endif %}
    {% for range in trusted_ranges %}
    allow {{ range.cidr }};
    {% endfor %}
    deny all;
    location / {
        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
    }
    location /trollibox/ {
        proxy_pass http://[::1]:3000/;
        client_max_body_size 512M;
        include proxy_params;
    }
    location ~ ^/trollibox/(.+/events)$ {
        proxy_pass http://[::1]:3000/$1;
        include proxy_params;
        proxy_http_version 1.1;
        chunked_transfer_encoding off;
        add_header X-Test "123";
        proxy_set_header Connection '';
        proxy_buffering off;
        proxy_read_timeout 7d;
    }
    location ~ ^/trollibox/(.+/listen)$ {
        proxy_pass http://[::1]:3000/$1;
        include proxy_params;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 7d;
    }
    location /bobdsp/ {
        proxy_pass http://[::1]:8081/;
        include proxy_params;
    }
    location /vis/ {
        allow all;
        proxy_pass http://[::1]:13378/;
        include proxy_params;
    }
    location = /vis/ {
        rewrite ^(.*)$ /vis/index.html;
        include proxy_params;
    }
    include "snippets/acme.conf";
 }
--- a/roles/music/templates/pw-bitvis-mixer.conf
+++ b/roles/music/templates/pw-bitvis-mixer.conf
@ -0,0 +1,49 @@
 # {{ ansible_managed }}
 context.modules = [
    {
        name = libpipewire-module-filter-chain
        args = {
            node.description = "bitvis-mixer"
            media.name       = "bitvis-mixer"
            filter.graph = {
                nodes = [
                    {
                        name    = normalize
                        type    = ladspa
                        plugin  = fast_lookahead_limiter_1913
                        label   = fastLookaheadLimiter
                        control = {
                            "Input gain (dB)" = 40
                            "Limit (dB)" = 0
                            "Release time (s)" = 1
                        }
                    }
                    {
                        name  = mono
                        type  = builtin
                        label = mixer
                    }
                ]
                links = [
                    { output = "normalize:Output 1", input = "mono:In 1" }
                    { output = "normalize:Output 2", input = "mono:In 2" }
                ]
                inputs  = [ "normalize:Input 1" "normalize:Input 2" ]
                outputs = [ "mono:Out" ]
            }
            capture.props = {
                node.name         = "mix_input.bitvis"
                audio.position    = [ FL FR ]
                media.class       = "Audio/Sink"
            }
            playback.props = {
                node.name         = "mix_output.bitvis"
                audio.position    = [ FL ]
                stream.dont-remix = true
                node.passive      = true
                node.autoconnect  = false
            }
        }
    }
 ]
--- a/roles/music/templates/skipbutton.service
+++ b/roles/music/templates/skipbutton.service
@ -1,17 +0,0 @@
 # {{ ansible_managed }}
 [Unit]
 Description=MPD Skipbutton
 After=network.target
 Requires=mpd.service
 [Service]
 Type=simple
 Restart=always
 RestartSec=10s
 ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0
 DynamicUser=true
 Group=dialout
 [Install]
 WantedBy=multi-user.target
--- a/roles/music/templates/trollibox.service
+++ b/roles/music/templates/trollibox.service
@ -10,8 +10,7 @@ Type=simple
 Restart=always
 RestartSec=2s
 ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml
-User={{ music_audio_user }}
+User={{ music_trollibox_user }}
 Group={{ music_audio_user }}
 [Install]
 WantedBy=multi-user.target
--- a/roles/nodesource/defaults/main.yaml
+++ b/roles/nodesource/defaults/main.yaml
@ -0,0 +1,2 @@
 ---
 nodesource_version: 22.x
--- a/roles/nodesource/handlers/main.yaml
+++ b/roles/nodesource/handlers/main.yaml
@ -0,0 +1,3 @@
 ---
 - ansible.builtin.import_tasks:
    file: ../../common/handlers/main.yaml
--- a/roles/nodesource/tasks/main.yaml
+++ b/roles/nodesource/tasks/main.yaml
@ -0,0 +1,33 @@
 ---
 - name: Install dependencies
  ansible.builtin.apt:
    state: present
    pkg:
      - apt-transport-https
      - gpg
 - name: Import nodesource signing key
  ansible.builtin.shell:
    cmd: |
      set -o pipefail
      curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
    executable: /bin/bash
  args:
    creates: /usr/share/keyrings/nodesource.gpg
  notify: apt update
 - name: Install nodesource apt files
  ansible.builtin.template:
    src: nodesource.list
    dest: /etc/apt/sources.list.d/nodesource.list
    owner: root
    group: root
    mode: 0644
  notify: apt update
  with_items:
    - src: nodesource.list
      dest: /etc/apt/sources.list.d/nodesource.list
    - src: nodejs-apt-pref
      dest: /etc/apt/preferences.d/nodejs
 - ansible.builtin.meta: flush_handlers
--- a/roles/nodesource/templates/nodejs-apt-pref
+++ b/roles/nodesource/templates/nodejs-apt-pref
--- a/roles/nodesource/templates/nodesource.list
+++ b/roles/nodesource/templates/nodesource.list
@ -1,3 +1,3 @@
 # {{ ansible_managed }}
-deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main
+deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodesource_version }} nodistro main
--- a/roles/services/handlers/main.yaml
+++ b/roles/services/handlers/main.yaml
@ -2,30 +2,24 @@
 - ansible.builtin.import_tasks:
    file: ../../common/handlers/main.yaml
- name: Restart irc-bot
+- name: Restart ircbot
  ansible.builtin.systemd:
-    name: irc-bot
+    name: ircbot
    state: restarted
    daemon_reload: true
- name: Restart irc-photos
+- name: restart discord-bot
  ansible.builtin.systemd:
    name: irc-photos
    state: restarted
    daemon_reload: true
 - name: Restart irc-doorduino
  ansible.builtin.systemd:
    name: irc-doorduino
    state: restarted
    daemon_reload: true
 - name: Restart discord-bot
  ansible.builtin.systemd:
    name: discord-bot
    state: restarted
    daemon_reload: true
 - name: restart irc-bot
  ansible.builtin.systemd:
    name: irc-bot
    state: restarted
    daemon_reload: true
 - name: Restart siahsd
  ansible.builtin.systemd:
    name: siahsd
--- a/roles/services/tasks/discord_bot.yaml
+++ b/roles/services/tasks/discord_bot.yaml
@ -3,39 +3,58 @@
 - name: Install dependencies
  ansible.builtin.apt:
    name:
-      - python3-paho-mqtt
+      - openscad
      - python3-tz
      - virtualenv
 - name: Create virtualenv
  ansible.builtin.command:
-    cmd: virtualenv /opt/miflora_exporter/.venv
+    cmd: virtualenv /var/lib/discord-bot/.venv
  args:
    creates: /var/lib/discord-bot/.venv
- name: Install Python dependencies
+- name: Clone bottleclip source
  ansible.builtin.shell:
    cmd: . .venv/bin/activate && pip install -r requirements.txt
  args:
    chdir: /var/lib/discord-bot
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/discord-bot.git
+    repo: https://git.bitlair.nl/bitlair/bottle-clip.git
    version: main
    dest: /var/lib/bottle-clip
    accept_hostkey: yes
 - name: Clone discord-bot source
  ansible.builtin.git:
    repo: https://git.bitlair.nl/bitlair/discord-bot.git
    version: main
    dest: /var/lib/discord-bot
    accept_hostkey: yes
-  notify: Restart discord-bot
+  notify:
-  ignore_errors: true
+    - restart discord-bot
    - restart irc-bot
- name: Install service file
+- name: Install Python dependencies
  ansible.builtin.shell:
    cmd: . .venv/bin/activate && pip install -e .
  args:
    chdir: /var/lib/discord-bot
  notify:
    - restart discord-bot
    - restart irc-bot
 - name: Install discord-bot service file
  ansible.builtin.template:
    src: discord-bot.service
    dest: /etc/systemd/system/discord-bot.service
    owner: root
    group: root
    mode: "0644"
-  notify: Restart discord-bot
+  notify: restart discord-bot
 - name: Install irc-bot service file
  ansible.builtin.template:
    src: irc-bot.service
    dest: /etc/systemd/system/irc-bot.service
    owner: root
    group: root
    mode: "0644"
  notify: restart irc-bot
 - name: Start discord-bot
  ansible.builtin.systemd:
@ -43,3 +62,10 @@
    state: started
    enabled: true
    daemon_reload: true
 - name: Start irc-bot
  ansible.builtin.systemd:
    name: irc-bot
    state: started
    enabled: true
    daemon_reload: true
--- a/roles/services/tasks/ircbot.yaml
+++ b/roles/services/tasks/ircbot.yaml
@ -1,12 +1,12 @@
 ---
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/irc-bot.git
+    repo: https://git.bitlair.nl/bitlair/irc-bot.git
-    version: master
+    version: main
    dest: /var/lib/irc-bot
    accept_hostkey: yes
  ignore_errors: true
-  notify: Restart irc-bot
+  notify: Restart ircbot
 - name: Link irc-say
  ansible.builtin.file:
@ -17,81 +17,18 @@
 - name: Install service file
  ansible.builtin.template:
    src: generic.service
-    dest: /etc/systemd/system/irc-bot.service
+    dest: /etc/systemd/system/ircbot.service
    owner: root
    group: root
    mode: 0644
  vars:
    description: Bitlair IRC bot
    exec: /bin/bash /var/lib/irc-bot/irc-bot
-  notify: Restart irc-bot
+  notify: Restart ircbot
- name: Start irc-bot
+- name: Start ircbot
  ansible.builtin.systemd:
-    name: irc-bot
+    name: ircbot
    state: started
    enabled: true
    daemon_reload: true
 - name: Create helpers dir
  ansible.builtin.file:
    path: /var/lib/irc-helpers
    state: directory
 - name: Install photos notification
  ansible.builtin.template:
    src: irc-photos.sh
    dest: /var/lib/irc-helpers/photos.sh
    owner: root
    group: root
    mode: 0755
  notify: Restart irc-photos
 - name: Install photos notification service
  ansible.builtin.template:
    src: generic.service
    dest: /etc/systemd/system/irc-photos.service
    owner: root
    group: root
    mode: 0644
  vars:
    description: Bitlair IRC photos notification
    requires: irc-bot.service
    exec: /bin/bash /var/lib/irc-helpers/photos.sh
  notify: Restart irc-photos
 - name: Start irc-photos
  ansible.builtin.systemd:
    name: irc-photos
    state: started
    enabled: true
    daemon_reload: true
 - name: Install doorduino notification
  ansible.builtin.template:
    src: irc-doorduino.sh
    dest: /var/lib/irc-helpers/doorduino.sh
    owner: root
    group: root
    mode: 0755
  notify: Restart irc-doorduino
 - name: Install doorduino notification service
  ansible.builtin.template:
    src: generic.service
    dest: /etc/systemd/system/irc-doorduino.service
    owner: root
    group: root
    mode: 0644
  vars:
    description: Bitlair IRC doorduino notification
    requires: irc-bot.service
    exec: /bin/bash /var/lib/irc-helpers/doorduino.sh
  notify: Restart irc-doorduino
 - name: Start irc-doorduino
  ansible.builtin.systemd:
    name: irc-doorduino
    state: started
    enabled: true
    daemon_reload: true
--- a/roles/services/tasks/mastodon_spacestate.yaml
+++ b/roles/services/tasks/mastodon_spacestate.yaml
@ -7,7 +7,7 @@
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/mastodon-spacestate.git
+    repo: https://git.bitlair.nl/bitlair/mastodon-spacestate.git
    version: main
    dest: /var/lib/mastodon-spacestate
    accept_hostkey: yes
--- a/roles/services/tasks/siahsd.yaml
+++ b/roles/services/tasks/siahsd.yaml
@ -1,16 +1,24 @@
 ---
-# TODO: Install and build
+- name: Install siahsd
  apt:
    name:
      - debianutils
      - siahsd
- name: Create directories
+- name: Clone alarm-handlers
  ansible.builtin.git:
    repo: https://git.bitlair.nl/bitlair/alarm-handlers.git
    version: main
    dest: /opt/alarm
    accept_hostkey: yes
 - name: Create log directory
  ansible.builtin.file:
-    path: "{{ item }}"
+    path: /var/log/siahsd
    state: directory
    owner: siahsd
    group: nogroup
    mode: "0750"
  with_items:
    - /var/log/siahsd
    - /var/lib/siahsd
 - name: Install config file
  ansible.builtin.template:
@ -21,19 +29,9 @@
    mode: "0644"
  notify: Restart siahsd
 - name: Install service file
  ansible.builtin.template:
    src: siahsd.service
    dest: /etc/systemd/system/siahsd.service
    owner: root
    group: root
    mode: "0644"
  notify: Restart siahsd
 - name: Start siahsd
  ansible.builtin.systemd:
    name: siahsd
    state: started
    enabled: true
    daemon_reload: true
--- a/roles/services/tasks/spacestated.yaml
+++ b/roles/services/tasks/spacestated.yaml
@ -21,7 +21,7 @@
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/spacestated.git
+    repo: https://git.bitlair.nl/bitlair/spacestated.git
    version: main
    dest: /var/lib/spacestated/spacestated
    accept_hostkey: yes
--- a/roles/services/tasks/wifi_mqtt.yaml
+++ b/roles/services/tasks/wifi_mqtt.yaml
@ -8,7 +8,7 @@
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/wifi-mqtt.git
+    repo: https://git.bitlair.nl/bitlair/wifi-mqtt.git
    version: main
    dest: /var/lib/wifi-mqtt
    accept_hostkey: yes
--- a/roles/services/templates/discord-bot.service
+++ b/roles/services/templates/discord-bot.service
@ -1,16 +1,17 @@
-# Managed by Ansible
+# {{ ansible_managed }}
 [Unit]
-Description=HobbyBot
+Description=Bitlair Discord Bot
 After=network.target
 [Service]
 Type=simple
-Restart=on-failure
+Restart=always
 RestartSec=10s
-ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/main.py
+ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/discordbot.py
 DynamicUser=true
 Environment="MQTT_HOST={{ mqtt_internal_host }}"
 Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
 Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}"
 Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}"
--- a/roles/services/templates/irc-bot.service
+++ b/roles/services/templates/irc-bot.service
@ -0,0 +1,20 @@
 # {{ ansible_managed }}
 [Unit]
 Description=Bitlair IRC Bot
 After=network.target
 [Service]
 Type=simple
 Restart=always
 RestartSec=10s
 ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/ircbot.py
 DynamicUser=true
 Environment="MQTT_HOST={{ mqtt_internal_host }}"
 Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
 Environment="IRC_SERVER=irc.smurfnet.ch"
 Environment="IRC_CHANNEL=#bitlair"
 Environment="IRC_NICK=bitlair"
 [Install]
 WantedBy=multi-user.target
--- a/roles/services/templates/irc-doorduino.sh
+++ b/roles/services/templates/irc-doorduino.sh
@ -1,24 +0,0 @@
 #!/bin/bash
 # Managed by Ansible
 set -eu
 set -o pipefail
 initial=1
 mqtt-simple -h {{ mqtt_internal_host }} -t "bitlair/doorduino/+" |
  while read line; do
      topic=$(echo "$line" | cut -d' ' -f1 | sed "s/bitlair\/doorduino\///")
      value=$(echo "$line" | cut -s -d' ' -f2-)
      if [ $initial == 0 ] && [ $value != 0 ]; then
         if [ $topic == "doorbell" ]; then
            irc-say "DEURBEL! Open de deur beneden!"
         elif [ $topic != "dooropen" ]; then
            irc-say "Doorduino: $topic $value"
         fi
      fi
      initial=0
  done
--- a/roles/services/templates/irc-photos.sh
+++ b/roles/services/templates/irc-photos.sh
@ -1,13 +0,0 @@
 #!/bin/bash
 # Managed by Ansible
 set -eu
 set -o pipefail
 mqtt-simple -h {{ mqtt_internal_host }} -s "bitlair/photos" |
    while read event; do
        path=$(echo $event | cut -d ' ' -f 2)
        url="https://bitlair.nl/fotos/view/$path"
        irc-say "WIP: $url"
    done
--- a/roles/services/templates/siahsd.conf
+++ b/roles/services/templates/siahsd.conf
@ -1,3 +1,5 @@
 # {{ ansible_managed }}
 [siahsd]
 pid file = /var/lib/siahsd/siahsd.pid
 log file = /var/log/siahsd/siahsd.log
@ -5,13 +7,6 @@ log level = 3
 foreground = 0
 event handlers = script
 #[database]
 #driver = mysql
 #host = localhost
 #name = siahsd
 #username = siahsd
 #password = MysbJxAaawmwKPqD
 [siahs]
 port = 4000
@ -19,21 +14,5 @@ port = 4000
 port = 9000
 rsa key file = something.sexp
 #[jsonbot]
 #address = 192.168.88.15
 #port = 5500
 #aes key = blablablablablaz
 #password = mekker
 #privmsg to = #bitlair
 #[spacestate]
 #driver = mysql
 #host = localhost
 #name = bitwifi
 #username = bitwifi
 #password = aGWERQpLEQPUaXJV
 #open script = /opt/alarm/disarmed.sh
 #close script = /opt/alarm/armed.sh
 [script]
 path = /opt/alarm/siahsd_handler.sh
--- a/roles/services/templates/siahsd.service
+++ b/roles/services/templates/siahsd.service
@ -1,17 +0,0 @@
 # Managed by Ansible
 [Unit]
 Description=Siahsd
 After=network.target
 [Service]
 Type=forking
 PIDFile=/var/lib/siahsd/siahsd.pid
 Restart=always
 RestartSec=10s
 ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid
 ExecStart=/usr/local/src/siahsd/build/siahsd
 User=siahsd
 [Install]
 WantedBy=multi-user.target
--- a/roles/www/tasks/calendar.yaml
+++ b/roles/www/tasks/calendar.yaml
@ -5,7 +5,7 @@
 - name: Clone source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/calendar-parser.git
+    repo: https://git.bitlair.nl/bitlair/wiki-calendar-exporter.git
    version: main
    dest: /usr/local/src/bitlair-calendar
    accept_hostkey: yes
--- a/roles/www/tasks/spaceapi.yaml
+++ b/roles/www/tasks/spaceapi.yaml
@ -1,7 +1,7 @@
 ---
 - name: Clone spaceapi source
  ansible.builtin.git:
-    repo: https://github.com/bitlair/spaceapi.git
+    repo: https://git.bitlair.nl/bitlair/spaceapi.git
    version: main
    dest: /opt/spaceapi
    accept_hostkey: true
--- a/roles/www/templates/matrix-delegation.json
+++ b/roles/www/templates/matrix-delegation.json
@ -1,3 +0,0 @@
 {
    "m.server": "matrix.bitlair.nl"
 }
--- a/roles/www/templates/nginx-site.conf
+++ b/roles/www/templates/nginx-site.conf
@ -119,13 +119,6 @@ server {
        rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
    }
    # Matrix realm delegation
    location = /.well-known/matrix/server {
        add_header "Content-Type" "application/json";
        add_header "Access-Control-Allow-Origin" "*";
        alias /opt/matrix-delegation.json;
    }
    location = /.well-known/security.txt {
        alias /opt/security.txt;
    }
--- a/services.yaml
+++ b/services.yaml
@ -3,4 +3,5 @@
 - hosts: services
  roles:
    - { role: "common", tags: [ "common" ] }
    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
    - { role: "services", tags: [ "services" ] }
--- a/snippets/music-nginx.j2
+++ b/snippets/music-nginx.j2
@ -0,0 +1,44 @@
 {% for range in trusted_ranges %}
 allow {{ range.cidr }};
 {% endfor %}
 deny all;
 location / {
    rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
 }
 location /trollibox/ {
    proxy_pass http://[::1]:3000/;
    include proxy_params;
 }
 location ~ ^/trollibox/(.+/events)$ {
    proxy_pass http://[::1]:3000/$1;
    include proxy_params;
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    add_header X-Test "123";
    proxy_set_header Connection '';
    proxy_buffering off;
    proxy_read_timeout 7d;
 }
 location ~ ^/trollibox/(.+/listen)$ {
    proxy_pass http://[::1]:3000/$1;
    include proxy_params;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 7d;
 }
 location /vis/ {
    allow all;
    proxy_pass http://[::1]:13378/;
    include proxy_params;
 }
 location = /vis/ {
    rewrite ^(.*)$ /vis/index.html;
    include proxy_params;
 }
--- a/snippets/www-nginx.j2
+++ b/snippets/www-nginx.j2
@ -1,4 +1,4 @@
-root /opt/mediawiki-1.41.1/;
+root /opt/mediawiki-1.43.0/;
 index index.php index.html index.htm;
 # Photo gallery
@ -78,13 +78,6 @@ location /Pages/ {
    rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
 }
 # Matrix realm delegation
 location = /.well-known/matrix/server {
    add_header "Content-Type" "application/json";
    add_header "Access-Control-Allow-Origin" "*";
    alias /opt/matrix-delegation.json;
 }
 location = /.well-known/security.txt {
    alias /opt/security.txt;
 }
Author	SHA1	Message	Date
polyfloyd	5d708d2808	music: Fix mqtt-soundboard	2025-06-07 19:40:34 +02:00
polyfloyd	d0ecc5f105	bank/revbank: Update to 10.5.1	2025-06-06 22:11:38 +02:00
polyfloyd	5ada26be13	music/ampswitch: Install from apt	2025-06-05 16:32:26 +02:00
polyfloyd	d7dd9b73bd	wiki: Update MediaWiki	2025-06-04 18:35:41 +02:00
polyfloyd	c80a489ec1	Remove matrix-homeserver stuff	2025-06-04 17:18:31 +02:00
polyfloyd	c784d4d217	music: Set up ampswitch for MPD and Librespot	2025-06-01 22:43:04 +02:00
polyfloyd	32b75696c2	music/librespot: Use jackaudio backend	2025-06-01 21:37:30 +02:00
polyfloyd	5254769a9c	music/bitvis: Use fastLookaheadLimiter	2025-06-01 20:57:07 +02:00
polyfloyd	0f1740005a	services: Switch new IRC bot to #bitlair	2025-06-01 19:49:38 +02:00
polyfloyd	7529832dea	services: Add new IRC bot in #bitlair-bot-test	2025-06-01 18:47:48 +02:00
polyfloyd	3d6d71e068	services/ircbot: Rename service to ircbot	2025-06-01 18:22:56 +02:00
polyfloyd	0d2fc3ebb5	services/discord_bot: Update deployment	2025-06-01 18:21:40 +02:00
polyfloyd	2698e8a613	services/siahsd: Add alarm-handlers	2025-06-01 14:23:00 +02:00
polyfloyd	b99450233a	services/ircbot: Update git url	2025-05-25 20:13:31 +02:00
polyfloyd	c56ead77b4	mqtt: Bridge all Bambu printers	2025-05-25 13:37:19 +02:00
polyfloyd	6eb35523c7	music: Remove bobdsp	2025-05-21 20:49:24 +02:00
polyfloyd	2b21833551	music: Update access	2025-05-21 20:32:02 +02:00
polyfloyd	681f25382a	music: Add systemd --user operations	2025-05-21 20:31:26 +02:00
polyfloyd	aa32225eea	music/bitvis: Add a gain filter	2025-05-21 19:50:08 +02:00
polyfloyd	b85f878201	music: Add bitvis	2025-05-18 19:39:07 +02:00
polyfloyd	82739c1ff0	music: Remove go	2025-05-16 17:40:51 +02:00
polyfloyd	8e5b9f6b30	music/trollibox: Run as a distinct user	2025-05-16 17:36:03 +02:00
polyfloyd	e9f31417b7	music: Fix mpd-volume-to-mqtt	2025-05-14 23:53:40 +02:00
polyfloyd	949cdbe7bc	music: Install wireplumber	2025-05-14 23:53:22 +02:00
polyfloyd	64ffeeb512	music: Remove skipbutton service	2025-05-14 23:52:52 +02:00
polyfloyd	6927806972	music: Add the base audio server	2025-05-14 23:45:03 +02:00
polyfloyd	7cd44bbe53	music: Add MPD	2025-05-14 21:26:36 +02:00
polyfloyd	43075d27fe	music/librespot: Various tweaks * Use pulseaudio backend * Run as separate librespot user * Use linear volume mixer	2025-05-14 20:28:21 +02:00
polyfloyd	301529271d	music: Use nginx role	2025-05-14 17:42:53 +02:00
polyfloyd	1d8e07bf04	services/discord_bot: New bottle-clip implementation	2025-05-09 17:40:10 +02:00
polyfloyd	3a0071abfa	services/siahsd: Install from Debian package	2025-05-09 14:34:44 +02:00
polyfloyd	4f6025849f	Update bitlair-plugin git upstream	2025-05-07 14:30:45 +02:00
polyfloyd	1b04d0f5c3	bank: RevBank 10.3	2025-05-07 01:00:01 +02:00
polyfloyd	b9be1729b3	bank: RevBank 10.2	2025-05-07 00:47:00 +02:00
polyfloyd	2f9ca22e90	bank: Use new REVBANK_PLUGINS env var	2025-05-06 18:25:31 +02:00
polyfloyd	e65ffd5dc7	services/discord_bot: Some tweaks	2025-05-05 22:59:52 +02:00
polyfloyd	a5930bb1aa	bank: qrencode is no longer needed	2025-05-04 23:12:44 +02:00
polyfloyd	eb0a724309	bank: Changes required for RevBank 10.0	2025-05-04 23:05:15 +02:00
Mark Janssen -- Sig-I/O Automatisering	0a7dfab99f	Cleanup chat playbook	2025-04-30 21:43:21 +02:00
polyfloyd	46a28a9ead	Add ldap host	2025-04-30 20:59:31 +02:00
polyfloyd	33f7b0fc35	git-server: Run update.sh as root	2025-04-30 20:47:29 +02:00
polyfloyd	6dfb60165a	Add a distinct nodesource role	2025-04-30 19:33:26 +02:00
BlackDragon	efd0604c3a	Update roles/chat/templates/config.js.j2	2025-04-30 18:44:08 +02:00
polyfloyd	cedacdec7d	bank: Increase git sync frequency	2025-04-29 18:47:52 +02:00
polyfloyd	720cd70e4f	Move a few things over from GitHub	2025-04-29 17:50:36 +02:00
Mark Janssen -- Sig-I/O Automatisering	4870960b45	Listen on localhost	2025-04-27 21:19:41 +02:00
Mark Janssen -- Sig-I/O Automatisering	050205e95c	Cleanup thelounge playbook	2025-04-27 21:11:17 +02:00
Mark Janssen -- Sig-I/O Automatisering	8e2cc7e77a	keys	2025-04-27 20:04:56 +02:00
Mark Janssen	c656dd588a	Merge pull request 'maak chat.bitlair.nl' (#6 ) from BlackDragon/ansible:main into main Reviewed-on: bitlair/ansible#6 Reviewed-by: Mark Janssen <mark@sig-io.nl>	2025-04-27 20:02:08 +02:00
BlackDragon-B	c267c51e1e	maak chat.bitlair.nl	2025-04-27 19:50:53 +02:00
polyfloyd	5ab22d0e96	music: Install mqtt-soundboard from Debian package	2025-04-27 18:59:37 +02:00
polyfloyd	ee6b8bee5c	monitoring/mqtt_exporter: Install from debian package	2025-04-27 13:08:31 +02:00
polyfloyd	bb5f845c1b	Add new CI runner	2025-04-26 18:23:08 +02:00
polyfloyd	b74a9859b2	Update git_ci role from polyfloyd's infra	2025-04-26 18:18:53 +02:00
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre`
		`@ -1,2 +0,0 @@`
			`runner_wd: /var/lib/forgejo-runner`
			`runner_version: 6.3.0`
		`@ -0,0 +1,2 @@`
							`---`
							`git_ci_runner_wd: /var/lib/forgejo-runner`
		`@ -1 +0,0 @@`
			`mqtt_bambulab_cafile: /etc/mosquitto/ca_certificates/bambulab.pem`
`@ -1,3 +1,3 @@`
	`# {{ ansible_managed }}`	`# {{ ansible_managed }}`

	`deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main`	`deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodesource_version }} nodistro main`