diff --git a/authorized_keys/blackdragon.keys b/authorized_keys/blackdragon.keys deleted file mode 100644 index d488f52..0000000 --- a/authorized_keys/blackdragon.keys +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre diff --git a/bitlair.yaml b/bitlair.yaml index 19de646..4016241 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -65,9 +65,3 @@ - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } - { role: "www", tags: ["www"] } - -- hosts: chat - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "nginx", tags: [ "nginx" ] } - - { role: "chat", tags: [ "chat" ] } diff --git a/chat.yaml b/chat.yaml index a5b4c42..9560585 100644 --- a/chat.yaml +++ b/chat.yaml @@ -1,5 +1,3 @@ ---- - - hosts: chat roles: - { role: "common", tags: [ "common" ] } diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml index 08a3480..8caf096 100644 --- a/group_vars/chat.yaml +++ b/group_vars/chat.yaml @@ -1,11 +1,9 @@ --- - root_access: - blackdragon - ak - foobar - polyfloyd - nodejs_version: 22.x thelounge_version: "4.4.3" thelounge_ldap_url: ldaps://ldap.bitlair.nl @@ -33,4 +31,4 @@ nginx_sites: } group_nft_input: - - "tcp dport { http, https } accept # Allow web-traffic from world" + - "tcp dport { http, https } accept # Allow web-traffic from world" \ No newline at end of file diff --git a/roles/chat/defaults/main.yaml b/roles/chat/defaults/main.yaml index 4e52991..e69de29 100644 --- a/roles/chat/defaults/main.yaml +++ b/roles/chat/defaults/main.yaml @@ -1,5 +0,0 @@ ---- - -chat_user: thelounge -chat_group: thelounge -chat_configdir: "/etc/thelounge" diff --git a/roles/chat/handlers/main.yaml b/roles/chat/handlers/main.yaml deleted file mode 100644 index e03963e..0000000 --- a/roles/chat/handlers/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Reload systemd - ansible.builtin.systemd: - daemon_reload: yes - -- name: Restart thelounge - ansible.builtin.systemd: - name: thelounge - state: restarted - enabled: true diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 7b74982..6fa26d1 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -1,9 +1,7 @@ ---- - - name: Install dependencies ansible.builtin.apt: state: present - pkg: + pkg: - gpg - apt-transport-https - build-essential @@ -16,30 +14,25 @@ creates: /usr/share/keyrings/nodesource.gpg notify: Apt update -- name: Ensure directories are present - ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ chat_user }}" - group: "{{ chat_group }}" - state: "{{ item.state | default('directory') }}" - mode: "{{ item.mode | default('0770') }}" - with_items: - - { path: "{{ chat_configdir }}" } - - { path: "/var/local/thelounge/users" } - - { path: "/var/local/thelounge/storage" } - notify: - - Restart thelounge - -- name: Configure templates +- name: Install nodesource source list ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner | default( chat_user ) }}" - group: "{{ item.group | default( chat_group ) }}" - mode: "{{ item.mode | default('0640') }}" - with_items: - - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root } - - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs", owner: root, group: root } + src: nodesource.list + dest: /etc/apt/sources.list.d/nodesource.list + owner: root + group: root + mode: 0644 + notify: Apt update + +- name: Install nodejs apt preference + ansible.builtin.template: + src: nodejs-apt-pref + dest: /etc/apt/preferences.d/nodejs + owner: root + group: root + mode: 0644 + notify: Apt update + +- ansible.builtin.meta: flush_handlers - name: Install nodejs ansible.builtin.apt: @@ -63,7 +56,7 @@ - name: Copy patch ansible.builtin.template: - src: thelounge-bitlair.patch + src: thelounge-bitlair.patch dest: /tmp/thelounge-bitlair.patch - name: Apply patch @@ -76,17 +69,16 @@ ansible.builtin.shell: chdir: /opt/thelounge cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge - notify: - - Restart thelounge - name: Ensure user thelounge is present - ansible.builtin.user: + user: name: thelounge createhome: no comment: The Lounge (IRC client) system: yes state: present - + become: yes + - name: Ensure JS and JSON syntax checking packages are installed yarn: name: "{{ item }}" @@ -95,18 +87,57 @@ with_items: - esprima - jsonlint + become: yes changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in -- name: Configure templates - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner | default( chat_user ) }}" - group: "{{ item.group | default( chat_group ) }}" - mode: "{{ item.mode | default('0640') }}" - validate: "{{ item.validate | default([]) }}" - with_items: - - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' } - - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" } - notify: "{{ item.notify | default('Restart thelounge') }}" +- name: Ensure thelounge configuration directory is present + file: + path: /etc/thelounge + owner: thelounge + group: thelounge + state: directory + become: yes +- name: Ensure The Lounge is configured + template: + src: config.js.j2 + dest: /etc/thelounge/config.js + owner: thelounge + group: thelounge + validate: 'esvalidate %s' + become: yes + +- name: Ensure user configuration directory is present + file: + path: /var/local/thelounge/users + owner: thelounge + group: thelounge + state: directory + become: yes + +- name: Ensure preview storage directory is present + file: + path: /var/local/thelounge/storage + owner: thelounge + group: thelounge + mode: "0770" + state: directory + become: yes + +- name: Copy service file to systemd directory + ansible.builtin.template: + src: thelounge.service # Path to your service file in your Ansible project + dest: /etc/systemd/system/thelounge.service + owner: root + group: root + mode: '0644' + +- name: Reload systemd daemon to read new service file + ansible.builtin.systemd: + daemon_reload: yes + +- name: Enable and start the service + ansible.builtin.systemd: + name: thelounge + state: started + enabled: yes \ No newline at end of file diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 index ba12695..c606576 100644 --- a/roles/chat/templates/config.js.j2 +++ b/roles/chat/templates/config.js.j2 @@ -3,7 +3,7 @@ module.exports = { public: false, port: 9000, - bind: "127.0.0.1", + bind: "0.0.0.0", reverseProxy: true, lockNetwork: true, maxHistory: 10000, @@ -49,8 +49,8 @@ module.exports = { url: "{{ thelounge_ldap_url }}", primaryKey: "uid", searchDN: { - rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}", - rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}", + rootDN: "{{ thelounge_ldap_rootDN }}", + rootPassword: "{{ thelounge_ldap_rootPassword }}", filter: "{{ thelounge_ldap_filter }}", base: "{{ thelounge_ldap_base }}", }, diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service index 26a11ea..3fc7396 100644 --- a/roles/chat/templates/thelounge.service +++ b/roles/chat/templates/thelounge.service @@ -4,8 +4,8 @@ After=network-online.target Wants=network-online.target [Service] -User={{ chat_user }} -Group={{ chat_group }} +User=thelounge +Group=thelounge Type=simple Environment=THELOUNGE_HOME=/var/local/thelounge ExecStart=/usr/local/bin/thelounge start