11 changed files with 2 additions and 316 deletions
--- a/hosts.yaml
+++ b/hosts.yaml
@ -11,9 +11,6 @@ all:
        git:
          hosts:
            git.bitlair.nl:
        pad:
          hosts:
            pad.bitlair.nl:
        lights:
          hosts:
            lights.bitlair.nl:
--- a/pad.yaml
+++ b/pad.yaml
@ -1,9 +0,0 @@
 ---
 - hosts: pad
  vars:
    acme_san_domains:
      - [ pad.bitlair.nl ]
  roles:
    - common
    - acme
    - etherpad
--- a/roles/etherpad/defaults/main.yaml
+++ b/roles/etherpad/defaults/main.yaml
@ -1,4 +0,0 @@
 nodejs_version: node_18.x
 etherpad_db_user: etherpad
 etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}"
 etherpad_db_name: etherpad
--- a/roles/etherpad/handlers/main.yaml
+++ b/roles/etherpad/handlers/main.yaml
@ -1,8 +0,0 @@
 ---
 - import_tasks: ../../common/handlers/main.yaml
 - name: restart etherpad
  systemd:
    name: etherpad
    state: restarted
    daemon_reload: true
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@ -1,124 +0,0 @@
 ---
 - tags: etherpad
  block:
    - name: Install dependencies
      apt:
        name: [ gpg, nginx, postgresql, python3-psycopg2 ]
    - name: Import nodesource signing key
      apt_key:
        url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
      notify: apt update
    - name: Install nodesource source list
      template:
        src: nodesource.list
        dest: /etc/apt/sources.list.d/nodesource.list
        owner: root
        group: root
        mode: 0644
      notify: apt update
    - meta: flush_handlers
    - name: Install nodejs
      apt:
        name: nodejs
    - name: Add database user
      become: true
      become_method: su
      become_user: postgres
      no_log: yes
      postgresql_user:
        name: etherpad
        password: "{{ etherpad_db_password }}"
    - name: Add database
      become: true
      become_method: su
      become_user: postgres
      postgresql_db:
        name: "{{ etherpad_db_name }}"
        owner: "{{ etherpad_db_user }}"
    - name: Add etherpad user
      user:
        name: etherpad
        home: /var/lib/etherpad
    - name: Create log file
      file:
        path: /var/log/etherpad.log
        state: touch
        owner: etherpad
        group: etherpad
        mode: 0644
    - name: Create source directory
      file:
        path: /opt/etherpad
        state: directory
        owner: etherpad
        group: etherpad
        mode: 0755
    - name: Clone etherpad source
      become: yes
      become_method: su
      become_user: etherpad
      git:
        repo: https://github.com/ether/etherpad-lite.git
        version: master
        dest: /opt/etherpad
        accept_hostkey: yes
      notify: restart etherpad
    - name: Install etherpad config
      template:
        src: settings.json
        dest: /opt/etherpad/settings.json
        owner: root
        group: root
        mode: 0644
      notify: restart etherpad
    - name: Install etherpad service
      template:
        src: etherpad.service
        dest: /etc/systemd/system/etherpad.service
        owner: root
        group: root
        mode: 0644
      notify: restart etherpad
    - name: Clear default nginx site
      file:
        state: absent
        path: /etc/nginx/sites-enabled/default
      notify: reload nginx
    - name: Install nginx config
      template:
        src: nginx-site.conf
        dest: /etc/nginx/sites-enabled/etherpad
        owner: root
        group: root
        mode: 0644
      notify: reload nginx
    - name: Allow HTTP and HTTPS
      iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ item.port }}"
        ctstate: NEW
        jump: ACCEPT
        ip_version: "{{ item.ip }}"
        action: insert
      with_items:
        - { ip: ipv4, port: 80 }
        - { ip: ipv4, port: 443 }
        - { ip: ipv6, port: 80 }
        - { ip: ipv6, port: 443 }
      notify: persist iptables
--- a/roles/etherpad/templates/etherpad.service
+++ b/roles/etherpad/templates/etherpad.service
@ -1,16 +0,0 @@
 # Managed by Ansible
 [Unit]
 Description=Etherpad
 After=network.target
 [Service]
 Type=simple
 Restart=always
 RestartSec=10s
 ExecStart=/opt/etherpad/src/bin/run.sh /var/log/etherpad.log
 User=etherpad
 [Install]
 WantedBy=multi-user.target
--- a/roles/etherpad/templates/nginx-site.conf
+++ b/roles/etherpad/templates/nginx-site.conf
@ -1,33 +0,0 @@
 server {
 	listen 443 ssl http2 default_server;
 	listen [::]:443 ssl http2 default_server;
 	server_name {{ etherpad_domain }};
 	{% if acme_bootstrap_certs %}
 	include "snippets/snakeoil.conf";
 	{% else %}
 	ssl_certificate     "/var/lib/dehydrated/certs/{{ etherpad_domain }}/fullchain.pem";
 	ssl_certificate_key "/var/lib/dehydrated/certs/{{ etherpad_domain }}/privkey.pem";
 	{% endif %}
 	location / {
 		proxy_pass http://127.0.0.1:9001/;
 		include proxy_params;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection "upgrade";
 	}
 	include "snippets/acme.conf";
 }
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 	server_name {{ etherpad_domain }};
 	location / {
 		rewrite ^/(.*) https://$server_name$request_uri? redirect;
 	}
 	include "snippets/acme.conf";
 }
--- a/roles/etherpad/templates/nodesource.list
+++ b/roles/etherpad/templates/nodesource.list
@ -1,4 +0,0 @@
 # Managed by Ansible
 deb https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_facts.distribution_release }} main
 deb-src https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_facts.distribution_release }} main
--- a/roles/etherpad/templates/settings.json
+++ b/roles/etherpad/templates/settings.json
@ -1,113 +0,0 @@
 // Managed by Ansible
 {
  "title": "Bitlair Etherpad",
  "favicon": null,
  "skinName": "colibris",
  "skinVariants": "super-light-toolbar super-light-editor light-background",
  "ip": "127.0.0.1",
  "port": "9001",
  "showSettingsInAdminPage": true,
  "dbType" : "postgres",
  "dbSettings" : {
    "host":     "localhost",
    "user":     "{{ etherpad_db_user }}",
    "password": "{{ etherpad_db_password }}",
    "database": "{{ etherpad_db_name }}"
  },
  "defaultPadText" : "Welkom op Bitlair's Etherpad!\n\nPer 2022-10-30 is deze opnieuw geïnstalleerd. Je oude notities zijn tot 2022-12-01 terug te vinden op pad-oud.bitlair.nl",
  "padOptions": {
    "noColors":         false,
    "showControls":     true,
    "showChat":         true,
    "showLineNumbers":  true,
    "useMonospaceFont": false,
    "userName":         false,
    "userColor":        false,
    "rtl":              false,
    "alwaysShowChat":   false,
    "chatAndUsers":     false,
    "lang":             "en-gb"
  },
  "padShortcutEnabled" : {
    "altF9":     true, /* focus on the File Menu and/or editbar */
    "altC":      true, /* focus on the Chat window */
    "cmdShift2": true, /* shows a gritter popup showing a line author */
    "delete":    true,
    "return":    true,
    "esc":       true, /* in mozilla versions 14-19 avoid reconnecting pad */
    "cmdS":      true, /* save a revision */
    "tab":       true, /* indent */
    "cmdZ":      true, /* undo/redo */
    "cmdY":      true, /* redo */
    "cmdI":      true, /* italic */
    "cmdB":      true, /* bold */
    "cmdU":      true, /* underline */
    "cmd5":      true, /* strike through */
    "cmdShiftL": true, /* unordered list */
    "cmdShiftN": true, /* ordered list */
    "cmdShift1": true, /* ordered list */
    "cmdShiftC": true, /* clear authorship */
    "cmdH":      true, /* backspace */
    "ctrlHome":  true, /* scroll to top of pad */
    "pageUp":    true,
    "pageDown":  true
  },
  "suppressErrorsInPadText": false,
  "requireSession": false,
  "editOnly": false,
  "minify": true,
  "maxAge": 21600, // 60 * 60 * 6 = 6 hours
  "abiword": null,
  "soffice": null,
  "tidyHtml": null,
  "allowUnknownFileEnds": true,
  "requireAuthentication": false,
  "requireAuthorization": false,
  "trustProxy": false,
  "cookie": {
    "sameSite": "Lax"
  },
  "disableIPlogging": false,
  "automaticReconnectionTimeout": 0,
  "scrollWhenFocusLineIsOutOfViewport": {
    "percentage": {
      "editionAboveViewport": 0,
      "editionBelowViewport": 0
    },
    "duration": 0,
    "scrollWhenCaretIsInTheLastLineOfViewport": false,
    "percentageToScrollWhenUserPressesArrowUp": 0
  },
  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
  "socketIo": {
    "maxHttpBufferSize": 10000
  },
  "loadTest": false,
  "dumpOnUncleanExit": false,
  "importExportRateLimiting": {
    // duration of the rate limit window (milliseconds)
    "windowMs": 90000,
    // maximum number of requests per IP to allow during the rate limit window
    "max": 10
  },
  "importMaxFileSize": 52428800, // 50 * 1024 * 1024
  "commitRateLimiting": {
    // duration of the rate limit window (seconds)
    "duration": 1,
    // maximum number of changes per IP to allow during the rate limit window
    "points": 10
  },
  "exposeVersion": false,
  "loglevel": "INFO",
  "customLocaleStrings": {},
  "enableAdminUITests": false
 }
--- a/roles/services/tasks/siahsd.yaml
+++ b/roles/services/tasks/siahsd.yaml
@ -9,7 +9,7 @@
    group: nogroup
  with_items:
    - /var/log/siahsd
-    - /var/run/siahsd
+    - /run/siahsd
 - name: Install service file
  template:
--- a/roles/services/templates/siahsd.service
+++ b/roles/services/templates/siahsd.service
@ -6,7 +6,7 @@ After=network.target
 [Service]
 Type=forking
-PIDFile=/var/run/siahsd/siahsd.pid
+PIDFile=/run/siahsd/siahsd.pid
 Restart=always
 RestartSec=10s
 ExecStart=/usr/local/src/siahsd/build/siahsd