Compare commits

..

5 commits
main ... main

31 changed files with 166 additions and 422 deletions

8
.config/ansible-lint.yml Normal file
View file

@ -0,0 +1,8 @@
---
skip_list:
- fqcn[action-core]
- name[casing]
- name[missing]
exclude_paths:
- .forgejo

View file

@ -0,0 +1,19 @@
name: Test
on:
push:
branches:
- main
jobs:
build:
runs-on: docker
container:
image: alpine:latest
steps:
- run: apk add nodejs ansible ansible-lint
- uses: actions/checkout@v4
- run: ansible-lint

View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre

View file

@ -26,7 +26,7 @@
- hosts: git-ci
roles:
- { role: "git-ci", tags: ["git-ci"] }
- { role: "git_ci", tags: ["git_ci"] }
- hosts: git
roles:

View file

@ -1,7 +0,0 @@
- hosts: chat
roles:
- { role: "common", tags: [ "common" ] }
- { role: "nft", tags: [ "nft" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "chat", tags: [ "chat" ] }

View file

@ -3,4 +3,4 @@
- hosts: git-ci
roles:
- { role: "common", tags: [ "common" ] }
- { role: "git-ci", tags: [ "git-ci" ] }
- { role: "git_ci", tags: [ "git_ci" ] }

View file

@ -36,3 +36,6 @@ mqtt_public_host: bitlair.nl
debian_repourl: "http://deb.debian.org/debian/"
debian_securityurl: "http://security.debian.org/debian-security"
deb_forgejo_repos:
- host: git.polyfloyd.net
owner: polyfloyd

View file

@ -1,68 +0,0 @@
---
root_access:
- blackdragon
- ak
- foobar
- polyfloyd
nodejs_version: 22.x
thelounge_version: "4.4.3"
thelounge_ldap_url: ldaps://ldap.bitlair.nl
thelounge_ldap_filter: (objectClass=inetOrgPerson)
thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
chat_hostname: chat.bitlair.nl
acme_domains:
- "{{ chat_hostname }}"
nginx_sites:
- server_name: "{{ chat_hostname }}"
config:
- |-
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# by default nginx times out connections in one minute
proxy_read_timeout 1d;
}
group_nft_input:
- "tcp dport { http, https } accept # Allow web-traffic from world"
- "tcp dport 113 accept # Allow identd from world"
---
root_access:
- blackdragon
- ak
- foobar
- polyfloyd
nodejs_version: 22.x
thelounge_version: "4.4.3"
thelounge_ldap_url: ldaps://ldap.bitlair.nl
thelounge_ldap_filter: (objectClass=inetOrgPerson)
thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
chat_hostname: chat.bitlair.nl
acme_domains:
- "{{ chat_hostname }}"
nginx_sites:
- server_name: "{{ chat_hostname }}"
config:
- |-
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# by default nginx times out connections in one minute
proxy_read_timeout 1d;
}
group_nft_input:
- "tcp dport { http, https } accept # Allow web-traffic from world"

View file

@ -17,7 +17,8 @@ blockchain.bitlair.nl
git.bitlair.nl
[git-ci]
git-ci.bitlair.nl
git-ci01.bitlair.nl
git-ci02.bitlair.nl
[pad]
pad.bitlair.nl
@ -63,4 +64,4 @@ services
wiki
shell
homeassistant
chat
chat

View file

@ -4,5 +4,6 @@
roles:
- { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "monitoring", tags: [ "monitoring" ] }

View file

@ -1,143 +0,0 @@
- name: Install dependencies
ansible.builtin.apt:
state: present
pkg:
- gpg
- apt-transport-https
- build-essential
- name: Import nodesource signing key
ansible.builtin.shell:
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: Apt update
- name: Install nodesource source list
ansible.builtin.template:
src: nodesource.list
dest: /etc/apt/sources.list.d/nodesource.list
owner: root
group: root
mode: 0644
notify: Apt update
- name: Install nodejs apt preference
ansible.builtin.template:
src: nodejs-apt-pref
dest: /etc/apt/preferences.d/nodejs
owner: root
group: root
mode: 0644
notify: Apt update
- ansible.builtin.meta: flush_handlers
- name: Install nodejs
ansible.builtin.apt:
name: nodejs
- name: Install yarn
ansible.builtin.shell:
cmd: npm install --global yarn
- stat: path=/opt/thelounge
register: src_path
- name: Retreive thelounge source
block:
- name: Checkout source
ansible.builtin.git:
repo: 'https://github.com/revspace/thelounge.git'
dest: /opt/thelounge
version: 9d6dc83
force: true
- name: Copy patch
ansible.builtin.template:
src: thelounge-bitlair.patch
dest: /tmp/thelounge-bitlair.patch
- name: Apply patch
ansible.builtin.shell:
chdir: /opt/thelounge
cmd: git apply /tmp/thelounge-bitlair.patch
when: not src_path.stat.exists
- name: Build and install thelounge
ansible.builtin.shell:
chdir: /opt/thelounge
cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
- name: Ensure user thelounge is present
user:
name: thelounge
createhome: no
comment: The Lounge (IRC client)
system: yes
state: present
become: yes
- name: Ensure JS and JSON syntax checking packages are installed
yarn:
name: "{{ item }}"
global: yes
state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
with_items:
- esprima
- jsonlint
become: yes
changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
- name: Ensure thelounge configuration directory is present
file:
path: /etc/thelounge
owner: thelounge
group: thelounge
state: directory
become: yes
- name: Ensure The Lounge is configured
template:
src: config.js.j2
dest: /etc/thelounge/config.js
owner: thelounge
group: thelounge
validate: 'esvalidate %s'
become: yes
- name: Ensure user configuration directory is present
file:
path: /var/local/thelounge/users
owner: thelounge
group: thelounge
state: directory
become: yes
- name: Ensure preview storage directory is present
file:
path: /var/local/thelounge/storage
owner: thelounge
group: thelounge
mode: "0770"
state: directory
become: yes
- name: Copy service file to systemd directory
ansible.builtin.template:
src: thelounge.service # Path to your service file in your Ansible project
dest: /etc/systemd/system/thelounge.service
owner: root
group: root
mode: '0644'
- name: Reload systemd daemon to read new service file
ansible.builtin.systemd:
daemon_reload: yes
- name: Enable and start the service
ansible.builtin.systemd:
name: thelounge
state: started
enabled: yes

View file

@ -1,58 +0,0 @@
"use strict";
module.exports = {
public: false,
port: 9000,
bind: "0.0.0.0",
reverseProxy: true,
lockNetwork: true,
maxHistory: 10000,
leaveMessage: "Doei!",
defaults: {
name: "Smurfnet",
password: "",
rejectUnauthorized: true,
nick: "",
username: "",
realname: "",
join: "#bitlair",
},
messageStorage: ["sqlite", "text"],
fileUpload: {
enable: true,
},
networks: {
Smurfnet: {
host: "irc.smurfnet.ch",
port: 6697,
tls: true,
rejectUnauthorized: false,
},
"Libera.Chat": {
host: "irc.libera.chat",
port: 6697,
tls: true,
rejectUnauthorized: true,
},
OFTC: {
host: "irc.oftc.net",
port: 6697,
tls: true,
rejectUnauthorized: true,
},
},
identd: {
enable: false,
},
ldap: {
enable: true,
url: "{{ thelounge_ldap_url }}",
primaryKey: "uid",
searchDN: {
rootDN: "{{ thelounge_ldap_rootDN }}",
rootPassword: "{{ thelounge_ldap_rootPassword }}",
filter: "{{ thelounge_ldap_filter }}",
base: "{{ thelounge_ldap_base }}",
},
},
};

View file

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: nodejs
Pin: origin deb.nodesource.com
Pin-Priority: 1000

View file

@ -1,3 +0,0 @@
# {{ ansible_managed }}
deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main

View file

@ -1,28 +0,0 @@
diff --git a/package.json b/package.json
index 2991a6ec..dac43f16 100644
--- a/package.json
+++ b/package.json
@@ -84,9 +84,7 @@
"ua-parser-js": "1.0.33",
"uuid": "8.3.2",
"web-push": "3.4.5",
- "yarn": "1.22.17"
- },
- "optionalDependencies": {
+ "yarn": "1.22.17",
"sqlite3": "5.1.7"
},
"devDependencies": {
diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
index e6093b0f..d30b9a1c 100644
--- a/server/plugins/auth/ldap.ts
+++ b/server/plugins/auth/ldap.ts
@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
// auth plugin API
function callbackWrapper(valid: boolean) {
if (valid && !client) {
- manager.addUser(user, null, false);
+ manager.addUser(user, null, true);
}
callback(valid);

View file

@ -1,17 +0,0 @@
[Unit]
Description=The Lounge (IRC client)
After=network-online.target
Wants=network-online.target
[Service]
User=thelounge
Group=thelounge
Type=simple
Environment=THELOUNGE_HOME=/var/local/thelounge
ExecStart=/usr/local/bin/thelounge start
ProtectSystem=yes
ProtectHome=yes
PrivateTmp=yes
[Install]
WantedBy=multi-user.target

View file

@ -3,7 +3,7 @@
ansible.builtin.command:
cmd: update-grub
- name: Apt update
- name: apt update
ansible.builtin.apt:
update_cache: true

View file

@ -79,7 +79,6 @@
- unattended-upgrades
- apt-listchanges
- sudo-ldap
- cron
- name: Configure FZF for Bash
ansible.builtin.lineinfile:

View file

@ -0,0 +1 @@
deb_private_host: git.polyfloyd.net

View file

@ -0,0 +1,3 @@
---
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

View file

@ -0,0 +1,26 @@
---
- tags: deb_forgejo
block:
- name: Install dependencies
apt:
name: apt-transport-https
state: present
- name: Install packaging key
get_url:
url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
mode: "0644"
with_items: "{{ deb_forgejo_repos }}"
notify: apt update
- name: Install sources.list
template:
src: sources.list
dest: /etc/apt/sources.list.d/deb-forgejo.list
owner: root
group: root
mode: "0644"
notify: apt update
- meta: flush_handlers

View file

@ -0,0 +1,5 @@
# {{ ansible_managed }}
{% for repo in deb_forgejo_repos %}
deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
{% endfor %}

View file

@ -15,7 +15,7 @@
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: Apt update
notify: apt update
- name: Install nodesource source list
ansible.builtin.template:
@ -24,7 +24,7 @@
owner: root
group: root
mode: 0644
notify: Apt update
notify: apt update
- name: Install nodejs apt preference
ansible.builtin.template:
@ -33,7 +33,7 @@
owner: root
group: root
mode: 0644
notify: Apt update
notify: apt update
- ansible.builtin.meta: flush_handlers

View file

@ -1,2 +0,0 @@
runner_wd: /var/lib/forgejo-runner
runner_version: 6.3.0

View file

@ -1,50 +0,0 @@
---
- name: Install dependencies
ansible.builtin.apt:
name: docker.io
- name: Download forgejo-runner
ansible.builtin.get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner
mode: 0755
notify: restart forgejo-runner
- name: Create runner dir
ansible.builtin.file:
state: directory
path: "{{ runner_wd }}"
owner: root
group: root
mode: 0755
- name: Register runner
ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args:
chdir: "{{ runner_wd }}"
creates: "{{ runner_wd }}/.runner"
- name: Install service file
ansible.builtin.template:
src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service
owner: root
group: root
mode: 0644
notify: restart forgejo-runner
- name: Enable service
ansible.builtin.systemd:
name: forgejo-runner
enabled: true
daemon_reload: true
- name: Start service
ansible.builtin.systemd:
name: forgejo-runner
state: started
daemon_reload: true
- name: Flush handlers
ansible.builtin.meta: flush_handlers

View file

@ -0,0 +1,2 @@
---
git_ci_runner_wd: /var/lib/forgejo-runner

View file

@ -3,6 +3,6 @@
file: ../../common/handlers/main.yaml
- name: restart forgejo-runner
ansible.builtin.systemd:
systemd:
name: forgejo-runner
state: restarted

View file

@ -0,0 +1,83 @@
---
- tags: git_ci
block:
- name: Install dependencies
apt:
name: docker.io
- name: Query latest forgejo-runner version
uri:
url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
return_content: true
register: response
changed_when: false
check_mode: false
failed_when: "response is failed or 'json' not in response"
- name: Format forgejo-runner latest version
set_fact:
forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
- name: Detect installed forgejo-runner version
shell:
cmd: |
set -o pipefail
forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
executable: /bin/bash
register: forgejo_runner_installed_version_shell
changed_when: false
check_mode: false
- name: Format installed forgejo-runner version
set_fact:
forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
- debug:
msg:
- "Forgejo Runner latest version: {{ forgejo_runner_version }}"
- "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
- name: Download forgejo-runner
get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner
mode: "0755"
notify: restart forgejo-runner
when: forgejo_runner_installed_version != forgejo_runner_version
- name: Create runner dir
file:
state: directory
path: "{{ git_ci_runner_wd }}"
owner: root
group: root
mode: "0755"
- name: Register runner
command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args:
chdir: "{{ git_ci_runner_wd }}"
creates: "{{ git_ci_runner_wd }}/.runner"
- name: Install service file
template:
src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service
owner: root
group: root
mode: "0644"
notify: restart forgejo-runner
- name: Enable service
systemd:
name: forgejo-runner
enabled: true
daemon_reload: true
- name: Start service
systemd:
name: forgejo-runner
state: started
daemon_reload: true
- meta: flush_handlers

View file

@ -6,7 +6,7 @@ After=network.target
[Service]
ExecStart=/usr/local/bin/forgejo-runner daemon
WorkingDirectory={{ runner_wd }}
WorkingDirectory={{ git_ci_runner_wd }}
Restart=on-failure
RestartSec=10s

View file

@ -1,47 +1,22 @@
---
- name: Clone source
ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-exporter.git
version: main
dest: /opt/mqtt_exporter
accept_hostkey: yes
notify: restart mqtt_exporter
- name: Install apt dependencies
ansible.builtin.apt:
name:
- jq
- python3-paho-mqtt
- python3-prometheus-client
- python3-yaml
name: mqtt-exporter
state: present
- name: Install service
ansible.builtin.template:
src: mqtt_exporter.service
dest: /etc/systemd/system/mqtt_exporter.service
owner: root
group: root
mode: 0644
notify:
- Daemon reload
- restart mqtt_exporter
- name: Install config file
ansible.builtin.template:
src: mqtt_exporter_config.yaml
dest: /etc/mqtt_exporter.yaml
dest: /etc/mqtt-exporter.yaml
owner: root
group: root
mode: 0644
notify:
- Daemon reload
- restart mqtt_exporter
notify: restart mqtt_exporter
- ansible.builtin.meta: flush_handlers
- name: Start service
ansible.builtin.systemd:
name: mqtt_exporter
name: mqtt-exporter
state: started
enabled: true