Update roles/chat/templates/config.js.j2

Reviewed-on: bitlair/ansible#6
Reviewed-by: Mark Janssen <mark@sig-io.nl>

.ansible-lint

@@ -1,14 +0,0 @@
-#warn_list:  # or 'skip_list' to silence them completely
-skip_list:
-  - experimental
-  - var-naming[no-role-prefix]
-  - name
-warn_list:
-  - '204'   # Lines should be no longer than 160 chars
-  - no-handler
-  - ignore-errors
-  - fqcn-builtins
-  - fqcn
-  - partial-become[task]
-  - template-instead-of-copy
-offline: true

.gitignore

@@ -1,3 +0,0 @@
-.password-store
-.gitignore
-.envrc

.yamllint.yaml

@@ -15,8 +15,3 @@ rules:
     max-spaces-after: -1
   commas:
     max-spaces-after: -1
-  comments:
-    min-spaces-from-content: 1
-  octal-values:
-    forbid-implicit-octal: true
-    forbid-explicit-octal: true

authorized_keys/blackdragon.keys

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre

bitlair.yaml

@@ -1,80 +1,73 @@
 ---
 
-- name: common
+- hosts: all
-  hosts: all
   gather_facts: true
   roles:
     - { role: "common", tags: ["common"] }
     - { role: "nft", tags: ["nft"] }
 
-- name: bank
+- hosts: bank
-  hosts: bank
   roles:
     - { role: "bank", tags: ["bank"] }
 
-- name: homeassistant
+- hosts: homeassistant
-  hosts: homeassistant
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
 
-- name: raspi
+- hosts: raspi
-  hosts: raspi
   roles:
     - { role: "raspi", tags: ["raspi"] }
     - { role: "bank-terminal", tags: ["bank-terminal"] }
 
-- name: fotos
+- hosts: fotos
-  hosts: fotos
   roles:
     - { role: "photos", tags: ["photos"] }
 
-- name: CI
+- hosts: git-ci
-  hosts: git-ci
   roles:
-    - { role: "git-ci", tags: ["git-ci"] }
+    - { role: "git_ci", tags: ["git_ci"] }
 
-- name: git
+- hosts: git
-  hosts: git
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "git-server", tags: ["git-server"] }
 
-- name: monitoring
+- hosts: monitoring
-  hosts: monitoring
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "monitoring", tags: ["monitoring"] }
 
-- name: mqtt
+- hosts: mqtt
-  hosts: mqtt
   roles:
     - { role: "mqtt", tags: ["mqtt"] }
 
-- name: music
+- hosts: music
-  hosts: music
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "go", tags: ["go"] }
     - { role: "music", tags: ["music"] }
 
-- name: pad
+- hosts: pad
-  hosts: pad
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "etherpad", tags: ["etherpad"] }
 
-- name: services
+- hosts: services
-  hosts: services
   roles:
     - { role: "services", tags: ["services"] }
 
-- name: wiki
+- hosts: wiki
-  hosts: wiki
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "www", tags: ["www"] }
+
+- hosts: chat
+  roles:
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "chat", tags: [ "chat" ] }

chat.yaml

@@ -0,0 +1,9 @@
+---
+
+- hosts: chat
+  roles:
+    - { role: "common", tags: [ "common" ] }
+    - { role: "nft", tags: [ "nft" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "chat", tags: [ "chat" ] }

git-ci.yaml

@@ -3,4 +3,4 @@
 - hosts: git-ci
   roles:
     - { role: "common", tags: [ "common" ] }
-    - { role: "git-ci", tags: [ "git-ci" ] }
+    - { role: "git_ci", tags: [ "git_ci" ] }

group_vars/all.yaml

@@ -36,3 +36,6 @@ mqtt_public_host: bitlair.nl
 debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 
+deb_forgejo_repos:
+  - host: git.polyfloyd.net
+    owner: polyfloyd

group_vars/chat.yaml

@@ -0,0 +1,36 @@
+---
+
+root_access:
+  - blackdragon
+  - ak
+  - foobar
+  - polyfloyd
+
+nodejs_version: 22.x
+thelounge_version: "4.4.3"
+thelounge_ldap_url: ldaps://ldap.bitlair.nl
+thelounge_ldap_filter: (objectClass=inetOrgPerson)
+thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
+chat_hostname: chat.bitlair.nl
+
+acme_domains:
+ - "{{ chat_hostname }}"
+
+nginx_sites:
+  - server_name: "{{ chat_hostname }}"
+    config:
+      - |-
+        location / {
+          proxy_pass http://127.0.0.1:9000/;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          # by default nginx times out connections in one minute
+          proxy_read_timeout 1d;
+        }
+
+group_nft_input:
+  - "tcp dport { http, https } accept # Allow web-traffic from world"

inventory

@@ -17,7 +17,8 @@ blockchain.bitlair.nl
 git.bitlair.nl
 
 [git-ci]
-git-ci.bitlair.nl
+git-ci01.bitlair.nl
+git-ci02.bitlair.nl
 
 [pad]
 pad.bitlair.nl

lint.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 
 j2lint `find ./ -type f -name '*.j2'`
-yamllint -c .yamllint.yaml .
 ansible-lint bitlair.yaml
 

monitoring.yaml

@@ -4,5 +4,6 @@
   roles:
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "nginx", tags: [ "nginx" ] }
     - { role: "monitoring", tags: [ "monitoring" ] }

music.yaml

@@ -4,6 +4,7 @@
   roles:
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "go", tags: [ "go" ] }
 #    - { role: "nginx", tags: [ "nginx" ] }
     - { role: "music", tags: [ "music" ] }

roles/acme/handlers/main.yaml

@@ -1,5 +1,9 @@
 ---
 
+- name: update_contact_info
+  ansible.builtin.command:
+    cmd: dehydrated --account
+
 - name: run dehydrated
   ansible.builtin.command:
     cmd: dehydrated --cron

roles/bank-terminal/tasks/main.yaml

@@ -4,11 +4,11 @@
   block:
     - name: Add user
       ansible.builtin.user:
-        name: "bank-terminal"
+        name: bank-terminal
-        home: "/home/{{ bank_terminal_user }}"
+        home: /home/{{ bank_terminal_user }}
-        shell: "/home/{{ bank_terminal_user }}/login"
+        shell: /home/{{ bank_terminal_user }}/login
         generate_ssh_key: yes
-        ssh_key_type: "ed25519"
+        ssh_key_type: ed25519
 
     - name: Locate agetty
       ansible.builtin.command:
@@ -16,35 +16,34 @@
       register: agetty_location_cmd
 
     - name: Set agetty var
-      ansible.builtin.set_fact:
+      ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
-        agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"
 
     - name: Install login script
       ansible.builtin.template:
-        src: "login"
+        src: login
-        dest: "/home/{{ bank_terminal_user }}/login"
+        dest: /home/{{ bank_terminal_user }}/login
-        owner: "bank-terminal"
+        owner: bank-terminal
-        group: "bank-terminal"
+        group: bank-terminal
-        mode: "0755"
+        mode: 0755
 
     - name: Autologin User
       ansible.builtin.template:
-        src: "tty_autologin.conf"
+        src: tty_autologin.conf
-        dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
+        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
-        owner: "root"
+        owner: root
-        group: "root"
+        group: root
-        mode: "0644"
+        mode: 0644
       notify: daemon_reload
 
     - name: Clear MOTD
       ansible.builtin.copy:
         content: ""
-        dest: "/etc/motd"
+        dest: /etc/motd
 
     # Set console font so the Revbank QR codes are rendered correctly.
     - name: Console setup
       ansible.builtin.lineinfile:
-        path: "/etc/default/console-setup"
+        path: /etc/default/console-setup
         line: '{{ item.k }}="{{ item.v }}"'
         regexp: "^#?{{ item.k }}"
       with_items:
@@ -57,8 +56,8 @@
 
     - name: Console Setup Management Note
       ansible.builtin.lineinfile:
-        path: "/etc/default/console-setup"
+        path: /etc/default/console-setup
-        line: "# Managed by Ansible"
+        line: '# Managed by Ansible'
         insertafter: "CONFIGURATION FILE"
 
     - name: Read pubkey

roles/bank/tasks/login.yaml

@@ -41,14 +41,14 @@
 
     - name: Create getty dir
       ansible.builtin.file:
-        path: "/etc/systemd/system/getty@tty1.service.d"
+        path: /etc/systemd/system/getty@tty1.service.d
         state: directory
 
     - name: Autologin User
       ansible.builtin.template:
-        src: "tty_autologin.conf"
+        src: tty_autologin.conf
-        dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
+        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
-        owner: "root"
+        owner: root
-        group: "root"
+        group: root
-        mode: "0644"
+        mode: 0644
       notify: daemon reload

roles/bank/tasks/revbank-deposit.yaml

@@ -23,18 +23,18 @@
   ansible.builtin.template:
     src: revbank-deposit.conf
     dest: /etc/revbank-deposit.conf
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0600"
+    mode: 0600
   notify: Restart revbank-deposit
 
 - name: Install revbank-deposit service
   ansible.builtin.template:
     src: revbank-deposit.service
     dest: /etc/systemd/system/revbank-deposit.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart revbank-deposit
 
 - name: Start revbank-deposit
@@ -44,4 +44,4 @@
     state: started
     enabled: true
 
-- ansible.builtin.meta: flush_handlers
+- meta: flush_handlers

roles/bank/tasks/revbank.yaml

@@ -26,7 +26,7 @@
     state: touch
     owner: "{{ bank_user }}"
     group: "{{ bank_user }}"
-    mode: "0644"
+    mode: 0644
   with_items:
     - revbank.accounts
     - revbank.market

roles/bank/templates/git.cron

@@ -1,4 +1,4 @@
 SHELL=/bin/bash
 
-#m   h  dom mon dow user             command
+#m    h  dom mon dow user             command
- 0   *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)
+ */10 *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)

roles/chat/defaults/main.yaml

@@ -0,0 +1,5 @@
+---
+
+chat_user: thelounge
+chat_group: thelounge
+chat_configdir: "/etc/thelounge"

roles/chat/handlers/main.yaml

@@ -0,0 +1,11 @@
+---
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: yes
+
+- name: Restart thelounge
+  ansible.builtin.systemd:
+    name: thelounge
+    state: restarted
+    enabled: true

roles/chat/tasks/main.yaml

@@ -0,0 +1,112 @@
+---
+
+- name: Install dependencies
+  ansible.builtin.apt:
+    state: present
+    pkg:
+      - gpg
+      - apt-transport-https
+      - build-essential
+
+- name: Import nodesource signing key
+  ansible.builtin.shell:
+    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
+      -o /usr/share/keyrings/nodesource.gpg
+  args:
+    creates: /usr/share/keyrings/nodesource.gpg
+  notify: Apt update
+
+- name: Ensure directories are present
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    owner: "{{ chat_user }}"
+    group: "{{ chat_group }}"
+    state: "{{ item.state | default('directory') }}"
+    mode: "{{ item.mode | default('0770') }}"
+  with_items:
+    - { path: "{{ chat_configdir }}" }
+    - { path: "/var/local/thelounge/users" }
+    - { path: "/var/local/thelounge/storage" }
+  notify:
+    - Restart thelounge
+
+- name: Configure templates
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default( chat_user ) }}"
+    group: "{{ item.group | default( chat_group ) }}"
+    mode: "{{ item.mode | default('0640') }}"
+  with_items:
+    - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root }
+    - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs", owner: root, group: root }
+
+- name: Install nodejs
+  ansible.builtin.apt:
+    name: nodejs
+
+- name: Install yarn
+  ansible.builtin.shell:
+    cmd: npm install --global yarn
+
+- stat: path=/opt/thelounge
+  register: src_path
+
+- name: Retreive thelounge source
+  block:
+    - name: Checkout source
+      ansible.builtin.git:
+        repo: 'https://github.com/revspace/thelounge.git'
+        dest: /opt/thelounge
+        version: 9d6dc83
+        force: true
+
+    - name: Copy patch
+      ansible.builtin.template:
+        src: thelounge-bitlair.patch
+        dest: /tmp/thelounge-bitlair.patch
+
+    - name: Apply patch
+      ansible.builtin.shell:
+        chdir: /opt/thelounge
+        cmd: git apply /tmp/thelounge-bitlair.patch
+  when: not src_path.stat.exists
+
+- name: Build and install thelounge
+  ansible.builtin.shell:
+    chdir: /opt/thelounge
+    cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
+  notify:
+    - Restart thelounge
+
+- name: Ensure user thelounge is present
+  ansible.builtin.user:
+    name: thelounge
+    createhome: no
+    comment: The Lounge (IRC client)
+    system: yes
+    state: present
+
+- name: Ensure JS and JSON syntax checking packages are installed
+  yarn:
+    name: "{{ item }}"
+    global: yes
+    state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
+  with_items:
+    - esprima
+    - jsonlint
+  changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
+
+- name: Configure templates
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default( chat_user ) }}"
+    group: "{{ item.group | default( chat_group ) }}"
+    mode: "{{ item.mode | default('0640') }}"
+    validate: "{{ item.validate | default([]) }}"
+  with_items:
+    - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' }
+    - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" }
+  notify: "{{ item.notify | default('Restart thelounge') }}"
+

roles/chat/templates/config.js.j2

@@ -0,0 +1,59 @@
+"use strict";
+
+module.exports = {
+    public: false,
+    port: 9000,
+    bind: "0.0.0.0",
+    host: "127.0.0.1",
+    reverseProxy: true,
+    lockNetwork: true,
+    maxHistory: 10000,
+    leaveMessage: "Doei!",
+    defaults: {
+        name: "Smurfnet",
+        password: "",
+        rejectUnauthorized: true,
+        nick: "",
+        username: "",
+        realname: "",
+        join: "#bitlair",
+    },
+    messageStorage: ["sqlite", "text"],
+    fileUpload: {
+        enable: true,
+    },
+    networks: {
+        Smurfnet: {
+            host: "irc.smurfnet.ch",
+            port: 6697,
+            tls: true,
+            rejectUnauthorized: false,
+        },
+        "Libera.Chat": {
+            host: "irc.libera.chat",
+            port: 6697,
+            tls: true,
+            rejectUnauthorized: true,
+        },
+        OFTC: {
+            host: "irc.oftc.net",
+            port: 6697,
+            tls: true,
+            rejectUnauthorized: true,
+        },
+    },
+    identd: {
+        enable: false,
+    },
+    ldap: {
+        enable: true,
+        url: "{{ thelounge_ldap_url }}",
+        primaryKey: "uid",
+        searchDN: {
+            rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}",
+            rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}",
+            filter: "{{ thelounge_ldap_filter }}",
+            base: "{{ thelounge_ldap_base }}",
+        },
+    },
+};

roles/chat/templates/nodejs-apt-pref

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+Package: nodejs
+Pin: origin deb.nodesource.com
+Pin-Priority: 1000

roles/chat/templates/nodesource.list

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main

roles/chat/templates/thelounge-bitlair.patch

@@ -0,0 +1,28 @@
+diff --git a/package.json b/package.json
+index 2991a6ec..dac43f16 100644
+--- a/package.json
++++ b/package.json
+@@ -84,9 +84,7 @@
+     "ua-parser-js": "1.0.33",
+     "uuid": "8.3.2",
+     "web-push": "3.4.5",
+-    "yarn": "1.22.17"
+-  },
+-  "optionalDependencies": {
++    "yarn": "1.22.17",
+     "sqlite3": "5.1.7"
+   },
+   "devDependencies": {
+diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
+index e6093b0f..d30b9a1c 100644
+--- a/server/plugins/auth/ldap.ts
++++ b/server/plugins/auth/ldap.ts
+@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
+ 	// auth plugin API
+ 	function callbackWrapper(valid: boolean) {
+ 		if (valid && !client) {
+-			manager.addUser(user, null, false);
++			manager.addUser(user, null, true);
+ 		}
+ 
+ 		callback(valid);

roles/chat/templates/thelounge.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=The Lounge (IRC client)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+User={{ chat_user }}
+Group={{ chat_group }}
+Type=simple
+Environment=THELOUNGE_HOME=/var/local/thelounge
+ExecStart=/usr/local/bin/thelounge start
+ProtectSystem=yes
+ProtectHome=yes
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target

roles/common/handlers/main.yaml

@@ -3,7 +3,7 @@
   ansible.builtin.command:
     cmd: update-grub
 
-- name: Apt update
+- name: apt update
   ansible.builtin.apt:
     update_cache: true
 

roles/common/tasks/debian-upgrade.yaml

@@ -4,9 +4,9 @@
   ansible.builtin.template:
     src: stable-sources.list
     dest: /etc/apt/sources.list
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
 
 - name: Remove backports
   ansible.builtin.file:

roles/common/tasks/main.yaml

@@ -30,7 +30,7 @@
   ansible.builtin.template:
     src: authorized_keys.j2
     dest: /root/.ssh/authorized_keys
-    mode: "0600"
+    mode: 0600
   when: root_access is defined and root_access
   tags: authorized_keys
 

roles/common/tasks/network.yaml

@@ -28,9 +28,9 @@
   ansible.builtin.template:
     src: network-interfaces
     dest: /etc/network/interfaces
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   when: network_br or network_dhcp or network_static
 
 - ansible.builtin.meta: flush_handlers

roles/deb_forgejo/defaults/main.yaml

@@ -0,0 +1 @@
+deb_private_host: git.polyfloyd.net

roles/deb_forgejo/handlers/default.yaml

@@ -0,0 +1,3 @@
+---
+- ansible.builtin.import_tasks:
+    file: ../../common/handlers/main.yaml

roles/deb_forgejo/tasks/main.yaml

@@ -0,0 +1,26 @@
+---
+- tags: deb_forgejo
+  block:
+    - name: Install dependencies
+      apt:
+        name: apt-transport-https
+        state: present
+
+    - name: Install packaging key
+      get_url:
+        url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
+        dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
+        mode: "0644"
+      with_items: "{{ deb_forgejo_repos }}"
+      notify: apt update
+
+    - name: Install sources.list
+      template:
+        src: sources.list
+        dest: /etc/apt/sources.list.d/deb-forgejo.list
+        owner: root
+        group: root
+        mode: "0644"
+      notify: apt update
+
+    - meta: flush_handlers

roles/deb_forgejo/templates/sources.list

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for repo in deb_forgejo_repos %}
+deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
+{% endfor %}

roles/etherpad/tasks/main.yaml

@@ -15,18 +15,25 @@
       -o /usr/share/keyrings/nodesource.gpg
   args:
     creates: /usr/share/keyrings/nodesource.gpg
-  notify: Apt update
+  notify: apt update
 
 - name: Install nodesource source list
   ansible.builtin.template:
-    src: "{{ item.src }}"
+    src: nodesource.list
-    dest: "{{ item.dest }}"
+    dest: /etc/apt/sources.list.d/nodesource.list
-    owner: "{{ item.owner | default('root') }}"
+    owner: root
-    group: "{{ item.group | default('root') }}"
+    group: root
-  with_items:
+    mode: 0644
-    - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list" }
+  notify: apt update
-    - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs" }
+
-  notify: Apt update
+- name: Install nodejs apt preference
+  ansible.builtin.template:
+    src: nodejs-apt-pref
+    dest: /etc/apt/preferences.d/nodejs
+    owner: root
+    group: root
+    mode: 0644
+  notify: apt update
 
 - ansible.builtin.meta: flush_handlers
 
@@ -60,17 +67,17 @@
   ansible.builtin.file:
     path: /var/log/etherpad.log
     state: touch
-    owner: "etherpad"
+    owner: etherpad
-    group: "etherpad"
+    group: etherpad
-    mode: "0644"
+    mode: 0644
 
 - name: Create source directory
   ansible.builtin.file:
     path: /opt/etherpad
     state: directory
-    owner: "etherpad"
+    owner: etherpad
-    group: "etherpad"
+    group: etherpad
-    mode: "0755"
+    mode: 0755
 
 - name: Clone etherpad source
   become: yes
@@ -87,18 +94,18 @@
   ansible.builtin.template:
     src: settings.json
     dest: /opt/etherpad/settings.json
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart etherpad
 
 - name: Install etherpad service
   ansible.builtin.template:
     src: etherpad.service
     dest: /etc/systemd/system/etherpad.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart etherpad
 
 - name: Start etherpad
@@ -112,8 +119,8 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-enabled/etherpad
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Reload nginx
 

roles/git-ci/defaults/main.yaml

@@ -1,2 +0,0 @@
-runner_wd: /var/lib/forgejo-runner
-runner_version: 6.3.0

roles/git-ci/tasks/main.yaml

@@ -1,50 +0,0 @@
----
-
-- name: Install dependencies
-  ansible.builtin.apt:
-    name: docker.io
-
-- name: Download forgejo-runner
-  ansible.builtin.get_url:
-    url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
-    dest: /usr/local/bin/forgejo-runner
-    mode: "0755"
-  notify: restart forgejo-runner
-
-- name: Create runner dir
-  ansible.builtin.file:
-    state: directory
-    path: "{{ runner_wd }}"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-
-- name: Register runner
-  ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
-  args:
-    chdir: "{{ runner_wd }}"
-    creates: "{{ runner_wd }}/.runner"
-
-- name: Install service file
-  ansible.builtin.template:
-    src: forgejo-runner.service
-    dest: /etc/systemd/system/forgejo-runner.service
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  notify: restart forgejo-runner
-
-- name: Enable service
-  ansible.builtin.systemd:
-    name: forgejo-runner
-    enabled: true
-    daemon_reload: true
-
-- name: Start service
-  ansible.builtin.systemd:
-    name: forgejo-runner
-    state: started
-    daemon_reload: true
-
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers

roles/git-server/tasks/main.yaml

@@ -11,9 +11,9 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-available/forgejo
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Reload nginx
 
 - name: Enable nginx site
@@ -36,7 +36,7 @@
     path: /var/log/forgejo
     owner: "{{ git_server_user }}"
     group: "{{ git_server_user }}"
-    mode: "0755"
+    mode: 0755
 
 # TODO: Install initial config
 
@@ -44,9 +44,9 @@
   ansible.builtin.template:
     src: forgejo.service
     dest: /etc/systemd/system/forgejo.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Reload forgejo
 
 - name: Install update script
@@ -55,7 +55,7 @@
     dest: "{{ git_server_working_dir }}/update.sh"
     owner: "{{ git_server_user }}"
     group: "{{ git_server_user }}"
-    mode: "0755"
+    mode: 0755
 
 - name: Perform initial update
   ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"

roles/git_ci/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+git_ci_runner_wd: /var/lib/forgejo-runner

roles/git_ci/handlers/main.yaml

@@ -3,6 +3,6 @@
     file: ../../common/handlers/main.yaml
 
 - name: restart forgejo-runner
-  ansible.builtin.systemd:
+  systemd:
     name: forgejo-runner
     state: restarted

roles/git_ci/tasks/main.yaml

@@ -0,0 +1,83 @@
+---
+- tags: git_ci
+  block:
+    - name: Install dependencies
+      apt:
+        name: docker.io
+
+    - name: Query latest forgejo-runner version
+      uri:
+        url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
+        return_content: true
+      register: response
+      changed_when: false
+      check_mode: false
+      failed_when: "response is failed or 'json' not in response"
+
+    - name: Format forgejo-runner latest version
+      set_fact:
+        forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
+
+    - name: Detect installed forgejo-runner version
+      shell:
+        cmd: |
+          set -o pipefail
+          forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
+        executable: /bin/bash
+      register: forgejo_runner_installed_version_shell
+      changed_when: false
+      check_mode: false
+
+    - name: Format installed forgejo-runner version
+      set_fact:
+        forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
+
+    - debug:
+        msg:
+          - "Forgejo Runner latest version: {{ forgejo_runner_version }}"
+          - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
+
+    - name: Download forgejo-runner
+      get_url:
+        url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
+        dest: /usr/local/bin/forgejo-runner
+        mode: "0755"
+      notify: restart forgejo-runner
+      when: forgejo_runner_installed_version != forgejo_runner_version
+
+    - name: Create runner dir
+      file:
+        state: directory
+        path: "{{ git_ci_runner_wd }}"
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Register runner
+      command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
+      args:
+        chdir: "{{ git_ci_runner_wd }}"
+        creates: "{{ git_ci_runner_wd }}/.runner"
+
+    - name: Install service file
+      template:
+        src: forgejo-runner.service
+        dest: /etc/systemd/system/forgejo-runner.service
+        owner: root
+        group: root
+        mode: "0644"
+      notify: restart forgejo-runner
+
+    - name: Enable service
+      systemd:
+        name: forgejo-runner
+        enabled: true
+        daemon_reload: true
+
+    - name: Start service
+      systemd:
+        name: forgejo-runner
+        state: started
+        daemon_reload: true
+
+    - meta: flush_handlers

roles/git_ci/templates/forgejo-runner.service

@@ -6,7 +6,7 @@ After=network.target
 
 [Service]
 ExecStart=/usr/local/bin/forgejo-runner daemon
-WorkingDirectory={{ runner_wd }}
+WorkingDirectory={{ git_ci_runner_wd }}
 Restart=on-failure
 RestartSec=10s
 

roles/go/tasks/main.yaml

@@ -48,17 +48,17 @@
         src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
         dest: /usr/local
         remote_src: yes
-        owner: "root"
+        owner: root
-        group: "root"
+        group: root
       when: go_installed_version != go_latest_version
 
     - name: Configure Go environment
       ansible.builtin.template:
         src: go.profile
         dest: /etc/profile.d/go.sh
-        owner: "root"
+        owner: root
-        group: "root"
+        group: root
-        mode: "0644"
+        mode: 0644
 
     - name: Link go binary
       ansible.builtin.file:

roles/monitoring/tasks/grafana.yaml

@@ -21,9 +21,9 @@
   ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart grafana
   with_items:
     - { src: grafana.ini, dest: /etc/grafana/grafana.ini }
@@ -33,9 +33,9 @@
   ansible.builtin.template:
     src: grafana-data-source.yml
     dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart grafana
   with_items:
     - name: Prometheus

roles/monitoring/tasks/main.yaml

@@ -4,9 +4,9 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-available/monitoring
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Reload nginx
 
 - name: Enable nginx site

roles/monitoring/tasks/mqtt_exporter.yaml

@@ -1,47 +1,22 @@
 ---
-- name: Clone source
-  ansible.builtin.git:
-    repo: https://github.com/polyfloyd/mqtt-exporter.git
-    version: main
-    dest: /opt/mqtt_exporter
-    accept_hostkey: yes
-  notify: restart mqtt_exporter
-
 - name: Install apt dependencies
   ansible.builtin.apt:
-    name:
+    name: mqtt-exporter
-      - jq
-      - python3-paho-mqtt
-      - python3-prometheus-client
-      - python3-yaml
     state: present
 
-- name: Install service
-  ansible.builtin.template:
-    src: mqtt_exporter.service
-    dest: /etc/systemd/system/mqtt_exporter.service
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  notify:
-    - Daemon reload
-    - restart mqtt_exporter
-
 - name: Install config file
   ansible.builtin.template:
     src: mqtt_exporter_config.yaml
-    dest: /etc/mqtt_exporter.yaml
+    dest: /etc/mqtt-exporter.yaml
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
-  notify:
+  notify: restart mqtt_exporter
-    - Daemon reload
-    - restart mqtt_exporter
 
 - ansible.builtin.meta: flush_handlers
 
 - name: Start service
   ansible.builtin.systemd:
-    name: mqtt_exporter
+    name: mqtt-exporter
     state: started
     enabled: true

roles/monitoring/tasks/prometheus.yaml

@@ -7,9 +7,9 @@
   ansible.builtin.template:
     src: prometheus.yml
     dest: "{{ prometheus_config_dir }}/prometheus.yml"
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart prometheus
 
 - name: Configure Prometheus args

roles/mqtt/tasks/main.yaml

@@ -16,9 +16,9 @@
   ansible.builtin.template:
     src: "{{ item }}"
     dest: "/etc/mosquitto/conf.d/{{ item }}"
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart mosquitto
   with_items:
     - bambulab.conf

roles/music/tasks/librespot.yaml

@@ -18,9 +18,9 @@
   ansible.builtin.template:
     src: librespot.service
     dest: /etc/systemd/system/librespot.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart librespot
 
 - name: Enable Librespot

roles/music/tasks/main.yaml

@@ -28,7 +28,7 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-enabled/trollibox
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Reload nginx

roles/music/tasks/mpd.yaml

@@ -13,18 +13,18 @@
   ansible.builtin.template:
     src: mpd-volume-to-mqtt.sh
     dest: /opt/mpd-volume-to-mqtt.sh
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart mpd-volume-to-mqtt
 
 - name: Install mpd-volume-to-mqtt service
   ansible.builtin.template:
     src: mpd-volume-to-mqtt.service
     dest: /etc/systemd/system/mpd-volume-to-mqtt.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart mpd-volume-to-mqtt
 
 - name: Enable mpd-volume-to-mqtt
@@ -46,9 +46,9 @@
   ansible.builtin.template:
     src: skipbutton.service
     dest: /etc/systemd/system/skipbutton.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart skipbutton
 
 - name: Enable skipbutton

roles/music/tasks/soundboard.yaml

@@ -1,45 +1,25 @@
 ---
 - name: Install dependencies
   ansible.builtin.apt:
-    name: virtualenv
+    name:
+      - mqtt-soundboard
+      - mplayer
     state: present
 
-- name: Clone soundboard source
+- ansible.builtin.file:
-  ansible.builtin.git:
+    path: "{{ item }}"
-    repo: https://github.com/polyfloyd/mqtt-soundboard.git
+    state: absent
-    version: main
+  with_items:
-    dest: /opt/soundboard
+    - /opt/soundboard
-    accept_hostkey: yes
+    - /etc/systemd/system/soundboard.service
-  notify: Restart soundboard
-
-- name: Create virtualenv
-  ansible.builtin.command:
-    cmd: virtualenv /opt/soundboard/.venv
-  args:
-    creates: /opt/soundboard/.venv
-
-- name: Install Python dependencies
-  ansible.builtin.shell:
-    cmd: . .venv/bin/activate && pip install -r requirements.txt
-  args:
-    chdir: /opt/soundboard
 
 - name: Install soundboard config file
   ansible.builtin.template:
     src: soundboard.yaml
     dest: /etc/soundboard.yaml
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
-  notify: Restart soundboard
-
-- name: Install soundboard service file
-  ansible.builtin.template:
-    src: soundboard.service
-    dest: /etc/systemd/system/soundboard.service
-    owner: "root"
-    group: "root"
-    mode: "0644"
   notify: Restart soundboard
 
 - name: Enable soundboard

roles/music/tasks/trollibox.yaml

@@ -3,8 +3,8 @@
   ansible.builtin.template:
     src: trollibox.yaml
     dest: /etc/trollibox.yaml
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart trollibox
 
@@ -32,8 +32,8 @@
   ansible.builtin.template:
     src: trollibox.service
     dest: /etc/systemd/system/trollibox.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart trollibox
 

roles/photos/tasks/bambulab-fetch.yaml

@@ -5,16 +5,28 @@
 
 - name: Install fetch script
   ansible.builtin.template:
-    src: "{{ item.src }}"
+    src: bambulab-fetch.sh
-    dest: "{{ item.dest }}"
+    dest: /opt/bambulab-fetch.sh
-    owner: "{{ item.owner | default('root') }}"
+    owner: root
-    group: "{{ item.group | default('root') }}"
+    group: root
-    mode: "{{ item.mode | default('0644') }}"
+    mode: 0755
-    force: "{{ item.force | default('yes') }}"
+
-  with_items:
+- name: Install service
-    - { src: "bambulab-fetch.sh", dest: "/opt/bambulab-fetch.sh", mode: "0755" }
+  ansible.builtin.template:
-    - { src: "bambulab-fetch.service", dest: "/etc/systemd/system/bambulab-fetch.service" }
+    src: bambulab-fetch.service
-    - { src: "bambulab-fetch.timer", dest: "/etc/systemd/system/bambulab-fetch.timer" }
+    dest: /etc/systemd/system/bambulab-fetch.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: daemon reload
+
+- name: Install timer
+  ansible.builtin.template:
+    src: bambulab-fetch.timer
+    dest: /etc/systemd/system/bambulab-fetch.timer
+    owner: root
+    group: root
+    mode: 0644
   notify: daemon reload
 
 - name: Enable timer

roles/photos/tasks/photo-gallery.yaml

@@ -15,18 +15,18 @@
   ansible.builtin.template:
     src: photo-gallery-config.json
     dest: /opt/photo-gallery/config.json
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart photo-gallery
 
 - name: Install photo-gallery service file
   ansible.builtin.template:
     src: photo-gallery.service
     dest: /etc/systemd/system/photo-gallery.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart photo-gallery
 
 - name: Start photo-gallery

roles/photos/tasks/photos2mqtt.yaml

@@ -14,18 +14,18 @@
   ansible.builtin.template:
     src: photos2mqtt.pl
     dest: /opt/photos2mqtt.pl
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0755"
+    mode: 0755
   notify: restart photos2mqtt
 
 - name: Install photos2mqtt service file
   ansible.builtin.template:
     src: photos2mqtt.service
     dest: /etc/systemd/system/photos2mqtt.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: restart photos2mqtt
 
 - name: Start photos2mqtt

roles/services/tasks/discord_bot.yaml

@@ -21,7 +21,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/discord-bot.git
+    repo: https://git.bitlair.nl/bitlair/discord-bot.git
     version: main
     dest: /var/lib/discord-bot
     accept_hostkey: yes
@@ -32,8 +32,8 @@
   ansible.builtin.template:
     src: discord-bot.service
     dest: /etc/systemd/system/discord-bot.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart discord-bot
 

roles/services/tasks/ircbot.yaml

@@ -18,9 +18,9 @@
   ansible.builtin.template:
     src: generic.service
     dest: /etc/systemd/system/irc-bot.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   vars:
     description: Bitlair IRC bot
     exec: /bin/bash /var/lib/irc-bot/irc-bot
@@ -42,18 +42,18 @@
   ansible.builtin.template:
     src: irc-photos.sh
     dest: /var/lib/irc-helpers/photos.sh
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0755"
+    mode: 0755
   notify: Restart irc-photos
 
 - name: Install photos notification service
   ansible.builtin.template:
     src: generic.service
     dest: /etc/systemd/system/irc-photos.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   vars:
     description: Bitlair IRC photos notification
     requires: irc-bot.service
@@ -71,18 +71,18 @@
   ansible.builtin.template:
     src: irc-doorduino.sh
     dest: /var/lib/irc-helpers/doorduino.sh
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0755"
+    mode: 0755
   notify: Restart irc-doorduino
 
 - name: Install doorduino notification service
   ansible.builtin.template:
     src: generic.service
     dest: /etc/systemd/system/irc-doorduino.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   vars:
     description: Bitlair IRC doorduino notification
     requires: irc-bot.service

roles/services/tasks/mastodon_spacestate.yaml

@@ -7,7 +7,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/mastodon-spacestate.git
+    repo: https://git.bitlair.nl/bitlair/mastodon-spacestate.git
     version: main
     dest: /var/lib/mastodon-spacestate
     accept_hostkey: yes
@@ -18,18 +18,18 @@
   ansible.builtin.template:
     src: mastodon-spacestate-config.py
     dest: /var/lib/mastodon-spacestate/config.py
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0655"
+    mode: 0655
   notify: Restart mastodon-spacestate
 
 - name: Install service file
   ansible.builtin.template:
     src: mastodon-spacestate.service
     dest: /etc/systemd/system/mastodon-spacestate.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart mastodon-spacestate
 
 - name: Start mastodon-spacestate

roles/services/tasks/power_mqtt.yaml

@@ -7,9 +7,9 @@
   ansible.builtin.template:
     src: power-mqtt.py
     dest: /var/lib/power-mqtt.py
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0755"
+    mode: 0755
   notify: Restart power-mqtt
 
 - name: Remove old service
@@ -21,9 +21,9 @@
   ansible.builtin.template:
     src: generic.service
     dest: /etc/systemd/system/power-mqtt@.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   vars:
     description: "SMD630 to MQTT Probe"
     exec: "/var/lib/power-mqtt.py %i"

roles/services/tasks/siahsd.yaml

@@ -16,8 +16,8 @@
   ansible.builtin.template:
     src: siahsd.conf
     dest: /etc/siahsd.conf
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart siahsd
 
@@ -25,8 +25,8 @@
   ansible.builtin.template:
     src: siahsd.service
     dest: /etc/systemd/system/siahsd.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart siahsd
 

roles/services/tasks/spacestated.yaml

@@ -21,7 +21,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/spacestated.git
+    repo: https://git.bitlair.nl/bitlair/spacestated.git
     version: main
     dest: /var/lib/spacestated/spacestated
     accept_hostkey: yes
@@ -32,9 +32,9 @@
   ansible.builtin.template:
     src: spacestated.service
     dest: /etc/systemd/system/spacestated.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify: Restart spacestated
 
 - name: Start spacestated

roles/services/tasks/wifi_mqtt.yaml

@@ -8,7 +8,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/wifi-mqtt.git
+    repo: https://git.bitlair.nl/bitlair/wifi-mqtt.git
     version: main
     dest: /var/lib/wifi-mqtt
     accept_hostkey: yes
@@ -19,8 +19,8 @@
   ansible.builtin.template:
     src: wifi-mqtt.service
     dest: /etc/systemd/system/wifi-mqtt.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart wifi-mqtt
 

roles/www/tasks/calendar.yaml

@@ -5,7 +5,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/calendar-parser.git
+    repo: https://git.bitlair.nl/bitlair/wiki-calendar-exporter.git
     version: main
     dest: /usr/local/src/bitlair-calendar
     accept_hostkey: yes
@@ -19,6 +19,6 @@
   ansible.builtin.template:
     src: calendar.cron
     dest: /etc/cron.d/bitlair-calendar
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644

roles/www/tasks/mediawiki.yaml

@@ -9,7 +9,7 @@
   ansible.builtin.template:
     src: security.txt
     dest: /opt/security.txt
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
 

roles/www/tasks/mqtt.yaml

@@ -24,9 +24,9 @@
   ansible.builtin.template:
     src: mqtt2web.service
     dest: /etc/systemd/system/mqtt2web.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
-    mode: "0644"
+    mode: 0644
   notify:
     - Daemon reload
     - Restart mqtt2web

roles/www/tasks/spaceapi.yaml

@@ -1,7 +1,7 @@
 ---
 - name: Clone spaceapi source
   ansible.builtin.git:
-    repo: https://github.com/bitlair/spaceapi.git
+    repo: https://git.bitlair.nl/bitlair/spaceapi.git
     version: main
     dest: /opt/spaceapi
     accept_hostkey: true
@@ -11,8 +11,8 @@
   ansible.builtin.template:
     src: spaceapi.service
     dest: /etc/systemd/system/spaceapi.service
-    owner: "root"
+    owner: root
-    group: "root"
+    group: root
     mode: "0644"
   notify: Restart spaceapi