monitoring/mqtt_exporter: Install from debian package

.config/ansible-lint.yml

@@ -0,0 +1,8 @@
+---
+skip_list:
+  - fqcn[action-core]
+  - name[casing]
+  - name[missing]
+
+exclude_paths:
+  - .forgejo

.forgejo/workflows/test.yaml

@@ -0,0 +1,19 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+
+  build:
+    runs-on: docker
+    container:
+      image: alpine:latest
+
+    steps:
+      - run: apk add nodejs ansible ansible-lint
+      - uses: actions/checkout@v4
+
+      - run: ansible-lint

authorized_keys/blackdragon.keys

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre

bitlair.yaml

@@ -26,7 +26,7 @@
 
 - hosts: git-ci
   roles:
-    - { role: "git-ci", tags: ["git-ci"] }
+    - { role: "git_ci", tags: ["git_ci"] }
 
 - hosts: git
   roles:

chat.yaml

@@ -1,7 +0,0 @@
-- hosts: chat
-  roles:
-    - { role: "common", tags: [ "common" ] }
-    - { role: "nft", tags: [ "nft" ] }
-    - { role: "nginx", tags: [ "nginx" ] }
-    - { role: "acme", tags: [ "acme" ] }
-    - { role: "chat", tags: [ "chat" ] }

git-ci.yaml

@@ -3,4 +3,4 @@
 - hosts: git-ci
   roles:
     - { role: "common", tags: [ "common" ] }
-    - { role: "git-ci", tags: [ "git-ci" ] }
+    - { role: "git_ci", tags: [ "git_ci" ] }

group_vars/all.yaml

@@ -36,3 +36,6 @@ mqtt_public_host: bitlair.nl
 debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 
+deb_forgejo_repos:
+  - host: git.polyfloyd.net
+    owner: polyfloyd

group_vars/chat.yaml

@@ -1,68 +0,0 @@
----
-root_access:
-  - blackdragon
-  - ak
-  - foobar
-  - polyfloyd
-nodejs_version: 22.x
-thelounge_version: "4.4.3"
-thelounge_ldap_url: ldaps://ldap.bitlair.nl
-thelounge_ldap_filter: (objectClass=inetOrgPerson)
-thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
-chat_hostname: chat.bitlair.nl
-
-acme_domains:
- - "{{ chat_hostname }}"
-
-nginx_sites:
-  - server_name: "{{ chat_hostname }}"
-    config:
-      - |-
-        location / {
-          proxy_pass http://127.0.0.1:9000/;
-          proxy_http_version 1.1;
-          proxy_set_header Connection "upgrade";
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header X-Forwarded-For $remote_addr;
-          proxy_set_header X-Forwarded-Proto $scheme;
-
-          # by default nginx times out connections in one minute
-          proxy_read_timeout 1d;
-        }
-
-group_nft_input:
-  - "tcp dport { http, https } accept # Allow web-traffic from world"
-  - "tcp dport 113 accept # Allow identd from world"
----
-root_access:
-  - blackdragon
-  - ak
-  - foobar
-  - polyfloyd
-nodejs_version: 22.x
-thelounge_version: "4.4.3"
-thelounge_ldap_url: ldaps://ldap.bitlair.nl
-thelounge_ldap_filter: (objectClass=inetOrgPerson)
-thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
-chat_hostname: chat.bitlair.nl
-acme_domains:
- - "{{ chat_hostname }}"
-
-nginx_sites:
-  - server_name: "{{ chat_hostname }}"
-    config:
-      - |-
-        location / {
-          proxy_pass http://127.0.0.1:9000/;
-          proxy_http_version 1.1;
-          proxy_set_header Connection "upgrade";
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header X-Forwarded-For $remote_addr;
-          proxy_set_header X-Forwarded-Proto $scheme;
-
-          # by default nginx times out connections in one minute
-          proxy_read_timeout 1d;
-        }
-
-group_nft_input:
-  - "tcp dport { http, https } accept # Allow web-traffic from world"

inventory

@@ -17,7 +17,8 @@ blockchain.bitlair.nl
 git.bitlair.nl
 
 [git-ci]
-git-ci.bitlair.nl
+git-ci01.bitlair.nl
+git-ci02.bitlair.nl
 
 [pad]
 pad.bitlair.nl
@@ -63,4 +64,4 @@ services
 wiki
 shell
 homeassistant
-chat
+chat

monitoring.yaml

@@ -4,5 +4,6 @@
   roles:
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "nginx", tags: [ "nginx" ] }
     - { role: "monitoring", tags: [ "monitoring" ] }

roles/chat/tasks/main.yaml

@@ -1,143 +0,0 @@
-- name: Install dependencies
-  ansible.builtin.apt:
-    state: present
-    pkg: 
-      - gpg
-      - apt-transport-https
-      - build-essential
-
-- name: Import nodesource signing key
-  ansible.builtin.shell:
-    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-      -o /usr/share/keyrings/nodesource.gpg
-  args:
-    creates: /usr/share/keyrings/nodesource.gpg
-  notify: Apt update
-
-- name: Install nodesource source list
-  ansible.builtin.template:
-    src: nodesource.list
-    dest: /etc/apt/sources.list.d/nodesource.list
-    owner: root
-    group: root
-    mode: 0644
-  notify: Apt update
-
-- name: Install nodejs apt preference
-  ansible.builtin.template:
-    src: nodejs-apt-pref
-    dest: /etc/apt/preferences.d/nodejs
-    owner: root
-    group: root
-    mode: 0644
-  notify: Apt update
-
-- ansible.builtin.meta: flush_handlers
-
-- name: Install nodejs
-  ansible.builtin.apt:
-    name: nodejs
-
-- name: Install yarn
-  ansible.builtin.shell:
-    cmd: npm install --global yarn
-
-- stat: path=/opt/thelounge
-  register: src_path
-
-- name: Retreive thelounge source
-  block:
-    - name: Checkout source
-      ansible.builtin.git:
-        repo: 'https://github.com/revspace/thelounge.git'
-        dest: /opt/thelounge
-        version: 9d6dc83
-        force: true
-
-    - name: Copy patch
-      ansible.builtin.template:
-        src: thelounge-bitlair.patch    
-        dest: /tmp/thelounge-bitlair.patch
-
-    - name: Apply patch
-      ansible.builtin.shell:
-        chdir: /opt/thelounge
-        cmd: git apply /tmp/thelounge-bitlair.patch
-  when: not src_path.stat.exists
-
-- name: Build and install thelounge
-  ansible.builtin.shell:
-    chdir: /opt/thelounge
-    cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
-
-- name: Ensure user thelounge is present
-  user:
-    name: thelounge
-    createhome: no
-    comment: The Lounge (IRC client)
-    system: yes
-    state: present
-  become: yes
-      
-- name: Ensure JS and JSON syntax checking packages are installed
-  yarn:
-    name: "{{ item }}"
-    global: yes
-    state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
-  with_items:
-    - esprima
-    - jsonlint
-  become: yes
-  changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
-
-- name: Ensure thelounge configuration directory is present
-  file:
-    path: /etc/thelounge
-    owner: thelounge
-    group: thelounge
-    state: directory
-  become: yes
-
-- name: Ensure The Lounge is configured
-  template:
-    src: config.js.j2
-    dest: /etc/thelounge/config.js
-    owner: thelounge
-    group: thelounge
-    validate: 'esvalidate %s'
-  become: yes
-
-- name: Ensure user configuration directory is present
-  file:
-    path: /var/local/thelounge/users
-    owner: thelounge
-    group: thelounge
-    state: directory
-  become: yes
-
-- name: Ensure preview storage directory is present
-  file:
-    path: /var/local/thelounge/storage
-    owner: thelounge
-    group: thelounge
-    mode: "0770"
-    state: directory
-  become: yes
-
-- name: Copy service file to systemd directory
-  ansible.builtin.template:
-    src: thelounge.service    # Path to your service file in your Ansible project
-    dest: /etc/systemd/system/thelounge.service
-    owner: root
-    group: root
-    mode: '0644'
-  
-- name: Reload systemd daemon to read new service file
-  ansible.builtin.systemd:
-    daemon_reload: yes
-
-- name: Enable and start the service
-  ansible.builtin.systemd:
-    name: thelounge
-    state: started
-    enabled: yes

roles/chat/templates/config.js.j2

@@ -1,58 +0,0 @@
-"use strict";
-
-module.exports = {
-    public: false,
-    port: 9000,
-    bind: "0.0.0.0",
-    reverseProxy: true,
-    lockNetwork: true,
-    maxHistory: 10000,
-    leaveMessage: "Doei!",
-    defaults: {
-        name: "Smurfnet",
-        password: "",
-        rejectUnauthorized: true,
-        nick: "",
-        username: "",
-        realname: "",
-        join: "#bitlair",
-    },
-    messageStorage: ["sqlite", "text"],
-    fileUpload: {
-        enable: true,
-    },
-    networks: {
-        Smurfnet: {
-            host: "irc.smurfnet.ch",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: false,
-        },
-        "Libera.Chat": {
-            host: "irc.libera.chat",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: true,
-        },
-        OFTC: {
-            host: "irc.oftc.net",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: true,
-        },
-    },
-    identd: {
-        enable: false,
-    },
-    ldap: {
-        enable: true,
-        url: "{{ thelounge_ldap_url }}",
-        primaryKey: "uid",
-        searchDN: {
-            rootDN: "{{ thelounge_ldap_rootDN }}",
-            rootPassword: "{{ thelounge_ldap_rootPassword }}",
-            filter: "{{ thelounge_ldap_filter }}",
-            base: "{{ thelounge_ldap_base }}",
-        },
-    },
-};

roles/chat/templates/nodejs-apt-pref

@@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-Package: nodejs
-Pin: origin deb.nodesource.com
-Pin-Priority: 1000

roles/chat/templates/nodesource.list

@@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main

roles/chat/templates/thelounge-bitlair.patch

@@ -1,28 +0,0 @@
-diff --git a/package.json b/package.json
-index 2991a6ec..dac43f16 100644
---- a/package.json
-+++ b/package.json
-@@ -84,9 +84,7 @@
-     "ua-parser-js": "1.0.33",
-     "uuid": "8.3.2",
-     "web-push": "3.4.5",
--    "yarn": "1.22.17"
--  },
--  "optionalDependencies": {
-+    "yarn": "1.22.17",
-     "sqlite3": "5.1.7"
-   },
-   "devDependencies": {
-diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
-index e6093b0f..d30b9a1c 100644
---- a/server/plugins/auth/ldap.ts
-+++ b/server/plugins/auth/ldap.ts
-@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
- 	// auth plugin API
- 	function callbackWrapper(valid: boolean) {
- 		if (valid && !client) {
--			manager.addUser(user, null, false);
-+			manager.addUser(user, null, true);
- 		}
- 
- 		callback(valid);

roles/chat/templates/thelounge.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=The Lounge (IRC client)
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-User=thelounge
-Group=thelounge
-Type=simple
-Environment=THELOUNGE_HOME=/var/local/thelounge
-ExecStart=/usr/local/bin/thelounge start
-ProtectSystem=yes
-ProtectHome=yes
-PrivateTmp=yes
-
-[Install]
-WantedBy=multi-user.target

roles/common/handlers/main.yaml

@@ -3,7 +3,7 @@
   ansible.builtin.command:
     cmd: update-grub
 
-- name: Apt update
+- name: apt update
   ansible.builtin.apt:
     update_cache: true
 

roles/common/tasks/main.yaml

@@ -79,7 +79,6 @@
       - unattended-upgrades
       - apt-listchanges
       - sudo-ldap
-      - cron
 
 - name: Configure FZF for Bash
   ansible.builtin.lineinfile:

roles/deb_forgejo/defaults/main.yaml

@@ -0,0 +1 @@
+deb_private_host: git.polyfloyd.net

roles/deb_forgejo/handlers/default.yaml

@@ -0,0 +1,3 @@
+---
+- ansible.builtin.import_tasks:
+    file: ../../common/handlers/main.yaml

roles/deb_forgejo/tasks/main.yaml

@@ -0,0 +1,26 @@
+---
+- tags: deb_forgejo
+  block:
+    - name: Install dependencies
+      apt:
+        name: apt-transport-https
+        state: present
+
+    - name: Install packaging key
+      get_url:
+        url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
+        dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
+        mode: "0644"
+      with_items: "{{ deb_forgejo_repos }}"
+      notify: apt update
+
+    - name: Install sources.list
+      template:
+        src: sources.list
+        dest: /etc/apt/sources.list.d/deb-forgejo.list
+        owner: root
+        group: root
+        mode: "0644"
+      notify: apt update
+
+    - meta: flush_handlers

roles/deb_forgejo/templates/sources.list

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for repo in deb_forgejo_repos %}
+deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
+{% endfor %}

roles/etherpad/tasks/main.yaml

@@ -15,7 +15,7 @@
       -o /usr/share/keyrings/nodesource.gpg
   args:
     creates: /usr/share/keyrings/nodesource.gpg
-  notify: Apt update
+  notify: apt update
 
 - name: Install nodesource source list
   ansible.builtin.template:
@@ -24,7 +24,7 @@
     owner: root
     group: root
     mode: 0644
-  notify: Apt update
+  notify: apt update
 
 - name: Install nodejs apt preference
   ansible.builtin.template:
@@ -33,7 +33,7 @@
     owner: root
     group: root
     mode: 0644
-  notify: Apt update
+  notify: apt update
 
 - ansible.builtin.meta: flush_handlers
 

roles/git-ci/defaults/main.yaml

@@ -1,2 +0,0 @@
-runner_wd: /var/lib/forgejo-runner
-runner_version: 6.3.0

roles/git-ci/tasks/main.yaml

@@ -1,50 +0,0 @@
----
-
-- name: Install dependencies
-  ansible.builtin.apt:
-    name: docker.io
-
-- name: Download forgejo-runner
-  ansible.builtin.get_url:
-    url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
-    dest: /usr/local/bin/forgejo-runner
-    mode: 0755
-  notify: restart forgejo-runner
-
-- name: Create runner dir
-  ansible.builtin.file:
-    state: directory
-    path: "{{ runner_wd }}"
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Register runner
-  ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
-  args:
-    chdir: "{{ runner_wd }}"
-    creates: "{{ runner_wd }}/.runner"
-
-- name: Install service file
-  ansible.builtin.template:
-    src: forgejo-runner.service
-    dest: /etc/systemd/system/forgejo-runner.service
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart forgejo-runner
-
-- name: Enable service
-  ansible.builtin.systemd:
-    name: forgejo-runner
-    enabled: true
-    daemon_reload: true
-
-- name: Start service
-  ansible.builtin.systemd:
-    name: forgejo-runner
-    state: started
-    daemon_reload: true
-
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers

roles/git_ci/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+git_ci_runner_wd: /var/lib/forgejo-runner

roles/git_ci/handlers/main.yaml

@@ -3,6 +3,6 @@
     file: ../../common/handlers/main.yaml
 
 - name: restart forgejo-runner
-  ansible.builtin.systemd:
+  systemd:
     name: forgejo-runner
     state: restarted

roles/git_ci/tasks/main.yaml

@@ -0,0 +1,83 @@
+---
+- tags: git_ci
+  block:
+    - name: Install dependencies
+      apt:
+        name: docker.io
+
+    - name: Query latest forgejo-runner version
+      uri:
+        url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
+        return_content: true
+      register: response
+      changed_when: false
+      check_mode: false
+      failed_when: "response is failed or 'json' not in response"
+
+    - name: Format forgejo-runner latest version
+      set_fact:
+        forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
+
+    - name: Detect installed forgejo-runner version
+      shell:
+        cmd: |
+          set -o pipefail
+          forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
+        executable: /bin/bash
+      register: forgejo_runner_installed_version_shell
+      changed_when: false
+      check_mode: false
+
+    - name: Format installed forgejo-runner version
+      set_fact:
+        forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
+
+    - debug:
+        msg:
+          - "Forgejo Runner latest version: {{ forgejo_runner_version }}"
+          - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
+
+    - name: Download forgejo-runner
+      get_url:
+        url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
+        dest: /usr/local/bin/forgejo-runner
+        mode: "0755"
+      notify: restart forgejo-runner
+      when: forgejo_runner_installed_version != forgejo_runner_version
+
+    - name: Create runner dir
+      file:
+        state: directory
+        path: "{{ git_ci_runner_wd }}"
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Register runner
+      command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
+      args:
+        chdir: "{{ git_ci_runner_wd }}"
+        creates: "{{ git_ci_runner_wd }}/.runner"
+
+    - name: Install service file
+      template:
+        src: forgejo-runner.service
+        dest: /etc/systemd/system/forgejo-runner.service
+        owner: root
+        group: root
+        mode: "0644"
+      notify: restart forgejo-runner
+
+    - name: Enable service
+      systemd:
+        name: forgejo-runner
+        enabled: true
+        daemon_reload: true
+
+    - name: Start service
+      systemd:
+        name: forgejo-runner
+        state: started
+        daemon_reload: true
+
+    - meta: flush_handlers

roles/git_ci/templates/forgejo-runner.service

@@ -6,7 +6,7 @@ After=network.target
 
 [Service]
 ExecStart=/usr/local/bin/forgejo-runner daemon
-WorkingDirectory={{ runner_wd }}
+WorkingDirectory={{ git_ci_runner_wd }}
 Restart=on-failure
 RestartSec=10s
 

roles/monitoring/tasks/mqtt_exporter.yaml

@@ -1,47 +1,22 @@
 ---
-- name: Clone source
-  ansible.builtin.git:
-    repo: https://github.com/polyfloyd/mqtt-exporter.git
-    version: main
-    dest: /opt/mqtt_exporter
-    accept_hostkey: yes
-  notify: restart mqtt_exporter
-
 - name: Install apt dependencies
   ansible.builtin.apt:
-    name:
-      - jq
-      - python3-paho-mqtt
-      - python3-prometheus-client
-      - python3-yaml
+    name: mqtt-exporter
     state: present
 
-- name: Install service
-  ansible.builtin.template:
-    src: mqtt_exporter.service
-    dest: /etc/systemd/system/mqtt_exporter.service
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - Daemon reload
-    - restart mqtt_exporter
-
 - name: Install config file
   ansible.builtin.template:
     src: mqtt_exporter_config.yaml
-    dest: /etc/mqtt_exporter.yaml
+    dest: /etc/mqtt-exporter.yaml
     owner: root
     group: root
     mode: 0644
-  notify:
-    - Daemon reload
-    - restart mqtt_exporter
+  notify: restart mqtt_exporter
 
 - ansible.builtin.meta: flush_handlers
 
 - name: Start service
   ansible.builtin.systemd:
-    name: mqtt_exporter
+    name: mqtt-exporter
     state: started
     enabled: true