Various changes that I am not going to write a description for

2022-10-05 21:21:30 +02:00 · 2022-10-05 21:21:30 +02:00 · a8f593d9b7
commit a8f593d9b7
parent b903b1b201
14 changed files with 187 additions and 26 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -1,3 +1,14 @@
 ansible_user: root
 ansible_python_interpreter: auto_silent
 notify_email: bestuur@bitlair.nl
+acme_bootstrap_certs: no
+trusted_ranges:
+  - { v: ipv4, cidr: 127.0.0.1/8 }
+  - { v: ipv4, cidr: 10.0.0.0/8 }
+  - { v: ipv4, cidr: 192.168.0.0/16 }
+  - { v: ipv4, cidr: 100.64.0.0/10 }
+  - { v: ipv4, cidr: 172.16.0.0/21 }
+  - { v: ipv4, cidr: 185.205.52.194/32 }
+  - { v: ipv6, cidr: "::1" }
+  - { v: ipv6, cidr: "fe80::/10" }
+  - { v: ipv6, cidr: "2a02:166b:92::/64" }
--- a/mqtt-internal.yaml
+++ b/mqtt-internal.yaml
@ -3,5 +3,5 @@
  vars:
    mqtt_internal_public_host: bitlair.nl
  roles:
-    - polyfloyd.tweaks
+    - common
    - mqtt-internal
--- a/music.yaml
+++ b/music.yaml
@ -0,0 +1,11 @@
+---
+- hosts: music
+  vars:
+    music_domain: music.bitlair.nl
+    acme_san_domains:
+      - [ music.bitlair.nl ]
+  roles:
+    - common
+    - acme
+    - go
+    - music
--- a/roles/bank-terminal/handlers/main.yaml
+++ b/roles/bank-terminal/handlers/main.yaml
@ -1,7 +1,5 @@
 ---
- name: daemon_reload
-  systemd:
-    daemon_reload: yes
+- import_tasks: ../../common/handlers/main.yaml

 - name: console_setup
  command: dpkg-reconfigure console-setup --frontend noninteractive
--- a/roles/mqtt-internal/handlers/main.yaml
+++ b/roles/mqtt-internal/handlers/main.yaml
@ -1,5 +1,7 @@
 ---
- name: restart_mosquitto
+- import_tasks: ../../common/handlers/main.yaml
+
+- name: restart mosquitto
  systemd:
    name: mosquitto
    state: restarted
--- a/roles/mqtt-internal/tasks/main.yaml
+++ b/roles/mqtt-internal/tasks/main.yaml
@ -7,14 +7,17 @@
        name: mosquitto
        state: present

-    - name: Configure public bridge forwarding
+    - name: Configure Mosquitto
      template:
-        src: public-bridge.conf
-        dest: /etc/mosquitto/conf.d/public-bridge.conf
+        src: "{{ item }}"
+        dest: "/etc/mosquitto/conf.d/{{ item }}"
        owner: root
        group: root
        mode: 0644
-      notify: restart_mosquitto
+      notify: restart mosquitto
+      with_items:
+        - internal.conf
+        - public-bridge.conf

    - name: Start mosquitto
      systemd:
--- a/roles/mqtt-internal/templates/internal.conf
+++ b/roles/mqtt-internal/templates/internal.conf
@ -0,0 +1,6 @@
+# Managed by Ansible
+
+listener 1883 ::
+listener 1883 0.0.0.0
+
+allow_anonymous true
--- a/roles/mqtt-internal/templates/public-bridge.conf
+++ b/roles/mqtt-internal/templates/public-bridge.conf
@ -1,18 +1,13 @@
 # Managed by Ansible

 connection public-bridge
-
 address {{ mqtt_internal_public_host }}

 topic bitlair/state out
 topic bitlair/state/djo out
-topic bitlair/cam/+ out
 topic bitlair/music/+/state out
 topic bitlair/music/+/volume out
 topic bitlair/wifi/+/online out
 topic bitlair/climate/# out
-topic bitlair/temperature/+/current out
-topic bitlair/temperature/+/target out
 topic bitlair/humidity/+ out
 topic bitlair/lasercutter/+ out
-topic bitlair/flash out
--- a/roles/music/handlers/main.yaml
+++ b/roles/music/handlers/main.yaml
@ -1,14 +1,5 @@
 ---
- name: reload nginx
-  systemd:
-    name: nginx
-    state: reloaded
-
- name: rebuild trollibox
-  command: ./build.sh
-  args:
-    chdir: /opt/trollibox
-  environment: { RELEASE: 1 }
+- import_tasks: ../../common/handlers/main.yaml

 - name: restart trollibox
  systemd:
--- a/roles/music/tasks/main.yaml
+++ b/roles/music/tasks/main.yaml
@ -7,3 +7,18 @@

 - tags: music_librespot
  import_tasks: librespot.yaml
+
+- tags: music
+  block:
+    - name: Install nginx
+      apt:
+        name: nginx
+
+    - name: Install nginx config
+      template:
+        src: nginx-site.conf
+        dest: /etc/nginx/sites-enabled/trollibox
+        owner: root
+        group: root
+        mode: 0644
+      notify: reload nginx
--- a/roles/music/tasks/trollibox.yaml
+++ b/roles/music/tasks/trollibox.yaml
@ -1,4 +1,13 @@
 ---
+- name: Install Trollibox config
+  template:
+    src: trollibox.yaml
+    dest: /etc/trollibox.yaml
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart trollibox
+
 - name: Get latest Trollibox version from Github API
  get_url:
    url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
--- a/roles/music/templates/nginx-site.conf
+++ b/roles/music/templates/nginx-site.conf
@ -0,0 +1,68 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    server_name {{ music_domain }};
+
+    {% if acme_bootstrap_certs %}
+    include "snippets/snakeoil.conf";
+    {% else %}
+    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
+    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
+    {% endif %}
+
+    {% for range in trusted_ranges %}
+    allow {{ range.cidr }};
+    {% endfor %}
+    deny all;
+
+    location / {
+        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
+    }
+
+    location /trollibox/ {
+        proxy_pass http://[::1]:3000/;
+        client_max_body_size 512M;
+        include proxy_params;
+    }
+
+    location ~ ^/trollibox/(.+/events)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        chunked_transfer_encoding off;
+        add_header X-Test "123";
+        proxy_set_header Connection '';
+        proxy_buffering off;
+        proxy_read_timeout 7d;
+    }
+
+    location ~ ^/trollibox/(.+/listen)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 7d;
+    }
+
+    location /bobdsp/ {
+        proxy_pass http://[::1]:8081/;
+        include proxy_params;
+    }
+
+    location /vis/ {
+        allow all;
+        proxy_pass http://[::1]:13378/;
+        include proxy_params;
+    }
+
+    location = /vis/ {
+        rewrite ^(.*)$ /vis/index.html;
+        include proxy_params;
+    }
+
+    include "snippets/acme.conf";
+}
--- a/roles/music/templates/trollibox.yaml
+++ b/roles/music/templates/trollibox.yaml
@ -0,0 +1,53 @@
+# Managed by Ansible
+
+# The network address to listen on. Must be in the Go listen format.
+#
+# Example, listen on port 80 on all interfaces:
+#  :80
+bind: "[::1]:3000"
+
+# The base URL at which the webinterface will can be reached by clients.
+# Must end with '/'.
+url_root: https://{{ music_domain }}/trollibox/
+
+# The directory which Trollibox will use to store data which can not be
+# saved to configured players.
+storage_dir: ~/.config/trollibox
+
+# The CSS colors used in the interface.
+colors:
+  background: "#333"
+  background_elem: "#222"
+  text: "#eee"
+  text_inactive: "#aaa"
+  accent: "#f60"
+
+# Enable or disable random tracks being automatically queued when the
+# playlist ends.
+autoqueue: true
+
+# Sets the default player by name. Leave empty to let Trollibox select a
+# random player.
+default_player:
+
+# The sections below list options to configure the players that Trollibox
+# will control. Each player is identified by a unique "name" property.
+
+# MPD instances to control. Leave emtpy if you don't want to configure any
+# MPD instances.
+mpd:
+  - name: space
+    network: tcp
+    address: 127.0.0.1:6600
+    password:
+
+# Logitech SlimServer to control. Set to null if you don't want to configure a
+# SlimServer. The players along with their names are automatically detected.
+#slimserver:
+#  network: tcp
+#  address: 127.0.0.1:9090
+#  username:
+#  password:
+#
+#  # The root of the SlimServer's web interface. Used to query track art.
+#  weburl: http://127.0.0.1:9000/
--- a/roles/raspi/handlers/main.yaml
+++ b/roles/raspi/handlers/main.yaml
@ -1,3 +1,2 @@
 ---
- name: reboot
-  reboot:
+- import_tasks: ../../common/handlers/main.yaml