From a8f593d9b7de0d40210fa081c1778588779812ad Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 5 Oct 2022 21:21:30 +0200 Subject: [PATCH] Various changes that I am not going to write a description for --- group_vars/all.yaml | 11 +++ mqtt-internal.yaml | 2 +- music.yaml | 11 +++ roles/bank-terminal/handlers/main.yaml | 4 +- roles/mqtt-internal/handlers/main.yaml | 4 +- roles/mqtt-internal/tasks/main.yaml | 11 +-- roles/mqtt-internal/templates/internal.conf | 6 ++ .../templates/public-bridge.conf | 5 -- roles/music/handlers/main.yaml | 11 +-- roles/music/tasks/main.yaml | 15 ++++ roles/music/tasks/trollibox.yaml | 9 +++ roles/music/templates/nginx-site.conf | 68 +++++++++++++++++++ roles/music/templates/trollibox.yaml | 53 +++++++++++++++ roles/raspi/handlers/main.yaml | 3 +- 14 files changed, 187 insertions(+), 26 deletions(-) create mode 100644 music.yaml create mode 100644 roles/mqtt-internal/templates/internal.conf create mode 100644 roles/music/templates/nginx-site.conf create mode 100644 roles/music/templates/trollibox.yaml diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 84587ed..e930470 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,3 +1,14 @@ ansible_user: root ansible_python_interpreter: auto_silent notify_email: bestuur@bitlair.nl +acme_bootstrap_certs: no +trusted_ranges: + - { v: ipv4, cidr: 127.0.0.1/8 } + - { v: ipv4, cidr: 10.0.0.0/8 } + - { v: ipv4, cidr: 192.168.0.0/16 } + - { v: ipv4, cidr: 100.64.0.0/10 } + - { v: ipv4, cidr: 172.16.0.0/21 } + - { v: ipv4, cidr: 185.205.52.194/32 } + - { v: ipv6, cidr: "::1" } + - { v: ipv6, cidr: "fe80::/10" } + - { v: ipv6, cidr: "2a02:166b:92::/64" } diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml index 118e82e..102998a 100644 --- a/mqtt-internal.yaml +++ b/mqtt-internal.yaml @@ -3,5 +3,5 @@ vars: mqtt_internal_public_host: bitlair.nl roles: - - polyfloyd.tweaks + - common - mqtt-internal diff --git a/music.yaml b/music.yaml new file mode 100644 index 0000000..919aa71 --- /dev/null +++ b/music.yaml @@ -0,0 +1,11 @@ +--- +- hosts: music + vars: + music_domain: music.bitlair.nl + acme_san_domains: + - [ music.bitlair.nl ] + roles: + - common + - acme + - go + - music diff --git a/roles/bank-terminal/handlers/main.yaml b/roles/bank-terminal/handlers/main.yaml index f88fd31..6c8d778 100644 --- a/roles/bank-terminal/handlers/main.yaml +++ b/roles/bank-terminal/handlers/main.yaml @@ -1,7 +1,5 @@ --- -- name: daemon_reload - systemd: - daemon_reload: yes +- import_tasks: ../../common/handlers/main.yaml - name: console_setup command: dpkg-reconfigure console-setup --frontend noninteractive diff --git a/roles/mqtt-internal/handlers/main.yaml b/roles/mqtt-internal/handlers/main.yaml index 88fc2f9..ca73bed 100644 --- a/roles/mqtt-internal/handlers/main.yaml +++ b/roles/mqtt-internal/handlers/main.yaml @@ -1,5 +1,7 @@ --- -- name: restart_mosquitto +- import_tasks: ../../common/handlers/main.yaml + +- name: restart mosquitto systemd: name: mosquitto state: restarted diff --git a/roles/mqtt-internal/tasks/main.yaml b/roles/mqtt-internal/tasks/main.yaml index 1e6fcef..dd6883e 100644 --- a/roles/mqtt-internal/tasks/main.yaml +++ b/roles/mqtt-internal/tasks/main.yaml @@ -7,14 +7,17 @@ name: mosquitto state: present - - name: Configure public bridge forwarding + - name: Configure Mosquitto template: - src: public-bridge.conf - dest: /etc/mosquitto/conf.d/public-bridge.conf + src: "{{ item }}" + dest: "/etc/mosquitto/conf.d/{{ item }}" owner: root group: root mode: 0644 - notify: restart_mosquitto + notify: restart mosquitto + with_items: + - internal.conf + - public-bridge.conf - name: Start mosquitto systemd: diff --git a/roles/mqtt-internal/templates/internal.conf b/roles/mqtt-internal/templates/internal.conf new file mode 100644 index 0000000..eba205a --- /dev/null +++ b/roles/mqtt-internal/templates/internal.conf @@ -0,0 +1,6 @@ +# Managed by Ansible + +listener 1883 :: +listener 1883 0.0.0.0 + +allow_anonymous true diff --git a/roles/mqtt-internal/templates/public-bridge.conf b/roles/mqtt-internal/templates/public-bridge.conf index c440ba8..7b0494a 100644 --- a/roles/mqtt-internal/templates/public-bridge.conf +++ b/roles/mqtt-internal/templates/public-bridge.conf @@ -1,18 +1,13 @@ # Managed by Ansible connection public-bridge - address {{ mqtt_internal_public_host }} topic bitlair/state out topic bitlair/state/djo out -topic bitlair/cam/+ out topic bitlair/music/+/state out topic bitlair/music/+/volume out topic bitlair/wifi/+/online out topic bitlair/climate/# out -topic bitlair/temperature/+/current out -topic bitlair/temperature/+/target out topic bitlair/humidity/+ out topic bitlair/lasercutter/+ out -topic bitlair/flash out diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index bf7fba3..11225a0 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -1,14 +1,5 @@ --- -- name: reload nginx - systemd: - name: nginx - state: reloaded - -- name: rebuild trollibox - command: ./build.sh - args: - chdir: /opt/trollibox - environment: { RELEASE: 1 } +- import_tasks: ../../common/handlers/main.yaml - name: restart trollibox systemd: diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index 2b73f78..3a4eb8c 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -7,3 +7,18 @@ - tags: music_librespot import_tasks: librespot.yaml + +- tags: music + block: + - name: Install nginx + apt: + name: nginx + + - name: Install nginx config + template: + src: nginx-site.conf + dest: /etc/nginx/sites-enabled/trollibox + owner: root + group: root + mode: 0644 + notify: reload nginx diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index e278612..4ac9455 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,4 +1,13 @@ --- +- name: Install Trollibox config + template: + src: trollibox.yaml + dest: /etc/trollibox.yaml + owner: root + group: root + mode: 0644 + notify: restart trollibox + - name: Get latest Trollibox version from Github API get_url: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" diff --git a/roles/music/templates/nginx-site.conf b/roles/music/templates/nginx-site.conf new file mode 100644 index 0000000..6ed4945 --- /dev/null +++ b/roles/music/templates/nginx-site.conf @@ -0,0 +1,68 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + server_name {{ music_domain }}; + + {% if acme_bootstrap_certs %} + include "snippets/snakeoil.conf"; + {% else %} + ssl_certificate "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem"; + ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem"; + {% endif %} + + {% for range in trusted_ranges %} + allow {{ range.cidr }}; + {% endfor %} + deny all; + + location / { + rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?; + } + + location /trollibox/ { + proxy_pass http://[::1]:3000/; + client_max_body_size 512M; + include proxy_params; + } + + location ~ ^/trollibox/(.+/events)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + chunked_transfer_encoding off; + add_header X-Test "123"; + proxy_set_header Connection ''; + proxy_buffering off; + proxy_read_timeout 7d; + } + + location ~ ^/trollibox/(.+/listen)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 7d; + } + + location /bobdsp/ { + proxy_pass http://[::1]:8081/; + include proxy_params; + } + + location /vis/ { + allow all; + proxy_pass http://[::1]:13378/; + include proxy_params; + } + + location = /vis/ { + rewrite ^(.*)$ /vis/index.html; + include proxy_params; + } + + include "snippets/acme.conf"; +} diff --git a/roles/music/templates/trollibox.yaml b/roles/music/templates/trollibox.yaml new file mode 100644 index 0000000..d3fab0b --- /dev/null +++ b/roles/music/templates/trollibox.yaml @@ -0,0 +1,53 @@ +# Managed by Ansible + +# The network address to listen on. Must be in the Go listen format. +# +# Example, listen on port 80 on all interfaces: +# :80 +bind: "[::1]:3000" + +# The base URL at which the webinterface will can be reached by clients. +# Must end with '/'. +url_root: https://{{ music_domain }}/trollibox/ + +# The directory which Trollibox will use to store data which can not be +# saved to configured players. +storage_dir: ~/.config/trollibox + +# The CSS colors used in the interface. +colors: + background: "#333" + background_elem: "#222" + text: "#eee" + text_inactive: "#aaa" + accent: "#f60" + +# Enable or disable random tracks being automatically queued when the +# playlist ends. +autoqueue: true + +# Sets the default player by name. Leave empty to let Trollibox select a +# random player. +default_player: + +# The sections below list options to configure the players that Trollibox +# will control. Each player is identified by a unique "name" property. + +# MPD instances to control. Leave emtpy if you don't want to configure any +# MPD instances. +mpd: + - name: space + network: tcp + address: 127.0.0.1:6600 + password: + +# Logitech SlimServer to control. Set to null if you don't want to configure a +# SlimServer. The players along with their names are automatically detected. +#slimserver: +# network: tcp +# address: 127.0.0.1:9090 +# username: +# password: +# +# # The root of the SlimServer's web interface. Used to query track art. +# weburl: http://127.0.0.1:9000/ diff --git a/roles/raspi/handlers/main.yaml b/roles/raspi/handlers/main.yaml index d25cf90..68a75c2 100644 --- a/roles/raspi/handlers/main.yaml +++ b/roles/raspi/handlers/main.yaml @@ -1,3 +1,2 @@ --- -- name: reboot - reboot: +- import_tasks: ../../common/handlers/main.yaml