acme: Remove remove_conflicting tasks

group_vars/all.yaml

@@ -1,3 +1,5 @@
+is_vm: true
+
 ansible_user: root
 ansible_python_interpreter: auto_silent
 notify_email: bestuur@bitlair.nl

group_vars/music.yaml

@@ -1,3 +1,5 @@
+is_vm: false
+
 music_domain: music.bitlair.nl
 acme_san_domains:
   - [ music.bitlair.nl ]

roles/acme/tasks/remove_conflicting.yaml

@@ -1,18 +1,4 @@
 ---
-- name: Remove acmetool from apt
-  apt:
-    name: acmetool
-    state: absent
-
-- name: Remove files
-  file:
-    state: absent
-    path: "{{ item }}"
-  with_items:
-    - /etc/cron.d/acmetool
-    - /usr/local/bin/acmetool
-    - /var/lib/acme
-
 - name: Remove certbot from apt
   apt:
     name: [ letsencrypt, certbot ]

roles/common/defaults/main.yaml

@@ -1,4 +1,5 @@
 ssh_port: "22"
+is_vm: false
 unattended_upgrades_auto_reboot_time: "04:00"
 unattended_upgrades_extra_origin_patterns: []
 trusted_ranges:

roles/common/tasks/main.yaml

@@ -18,6 +18,10 @@
 - tags: node-exporter
   import_tasks: node-exporter.yaml
 
+- tags: vm
+  import_tasks: node-exporter.yaml
+  when: is_vm
+
 - name: Remove Vim
   apt:
     name: vim

roles/common/tasks/vm.yaml

@@ -0,0 +1,15 @@
+---
+- name: Install guest agent
+  apt:
+    name: qemu-guest-agent
+
+- name: Serial Console
+  lineinfile:
+    path: /etc/default/grub
+    regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
+  notify:
+    - update grub
+    - reboot
+
+- meta: flush_handlers

roles/etherpad/defaults/main.yaml

@@ -1,4 +1,4 @@
-nodejs_version: node_18.x
+nodejs_version: 22.x
 etherpad_db_user: etherpad
 etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}"
 etherpad_db_name: etherpad

roles/etherpad/tasks/main.yaml

@@ -3,11 +3,12 @@
   block:
     - name: Install dependencies
       apt:
-        name: [ gpg, nginx, postgresql, python3-psycopg2 ]
+        name: [ gpg, nginx, postgresql, python3-psycopg2, apt-transport-https ]
 
     - name: Import nodesource signing key
-      apt_key:
+      shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
-        url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+      args:
+        creates: /usr/share/keyrings/nodesource.gpg
       notify: apt update
 
     - name: Install nodesource source list
@@ -19,6 +20,15 @@
         mode: 0644
       notify: apt update
 
+    - name: Install nodejs apt preference
+      template:
+        src: nodejs-apt-pref
+        dest: /etc/apt/preferences.d/nodejs
+        owner: root
+        group: root
+        mode: 0644
+      notify: apt update
+
     - meta: flush_handlers
 
     - name: Install nodejs

roles/etherpad/templates/etherpad.service

@@ -1,4 +1,4 @@
-# Managed by Ansible
+# {{ ansible_managed }}
 
 [Unit]
 Description=Etherpad
@@ -8,10 +8,10 @@ After=network.target
 Type=simple
 Restart=always
 RestartSec=10s
-ExecStart=/opt/etherpad/src/bin/run.sh /var/log/etherpad.log
+ExecStartPre=+/usr/bin/npm install pnpm -g
+ExecStart=/opt/etherpad/bin/run.sh /var/log/etherpad.log
 User=etherpad
 Environment="NODE_ENV=production"
 
 [Install]
 WantedBy=multi-user.target
-

roles/etherpad/templates/nginx-site.conf

@@ -1,3 +1,5 @@
+# {{ ansible_managed }}
+
 server {
 	listen 443 ssl http2 default_server;
 	listen [::]:443 ssl http2 default_server;
@@ -13,8 +15,10 @@ server {
 	location / {
 		proxy_pass http://127.0.0.1:9001/;
 		include proxy_params;
+
+		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
-		proxy_set_header Connection "upgrade";
+		proxy_set_header Connection $http_connection;
 	}
 
 	include "snippets/acme.conf";

roles/etherpad/templates/nodejs-apt-pref

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+Package: nodejs
+Pin: origin deb.nodesource.com
+Pin-Priority: 600

roles/etherpad/templates/nodesource.list

@@ -1,4 +1,3 @@
-# Managed by Ansible
+# {{ ansible_managed }}
 
-deb https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_facts.distribution_release }} main
+deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main
-deb-src https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_facts.distribution_release }} main

roles/etherpad/templates/settings.json

@@ -1,4 +1,4 @@
-// Managed by Ansible
+// {{ ansible_managed }}
 
 {
   "title": "Bitlair Etherpad",
@@ -61,7 +61,7 @@
   "suppressErrorsInPadText": false,
   "requireSession": false,
   "editOnly": false,
-  "minify": true,
+  "minify": false,
   "maxAge": 21600, // 60 * 60 * 6 = 6 hours
   "abiword": null,
   "soffice": null,
@@ -85,8 +85,7 @@
     "percentageToScrollWhenUserPressesArrowUp": 0
   },
 
-
+  "socketTransportProtocols" : ["websocket", "polling"],
-  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
   "socketIo": {
     "maxHttpBufferSize": 10000
   },