From d0cd352b4ab03e697d92d350a00bfcc1749a1e6f Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Sat, 19 Apr 2025 16:24:47 +0200 Subject: [PATCH 01/56] Linting --- .ansible-lint | 14 ++++++++++++++ .gitignore | 3 +++ .yamllint.yaml | 5 +++++ bitlair.yaml | 39 ++++++++++++++++++++++++++------------- lint.sh | 1 + 5 files changed, 49 insertions(+), 13 deletions(-) create mode 100644 .ansible-lint create mode 100644 .gitignore diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..c6123e8 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,14 @@ +#warn_list: # or 'skip_list' to silence them completely +skip_list: + - experimental + - var-naming[no-role-prefix] + - name +warn_list: + - '204' # Lines should be no longer than 160 chars + - no-handler + - ignore-errors + - fqcn-builtins + - fqcn + - partial-become[task] + - template-instead-of-copy +offline: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..781c027 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.password-store +.gitignore +.envrc diff --git a/.yamllint.yaml b/.yamllint.yaml index d932357..2d3284c 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -15,3 +15,8 @@ rules: max-spaces-after: -1 commas: max-spaces-after: -1 + comments: + min-spaces-from-content: 1 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/bitlair.yaml b/bitlair.yaml index 48db717..d09757f 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -1,66 +1,79 @@ --- -- hosts: all +- name: common + hosts: all gather_facts: true roles: - { role: "common", tags: ["common"] } - { role: "nft", tags: ["nft"] } -- hosts: bank +- name: bank + hosts: bank roles: - { role: "bank", tags: ["bank"] } -- hosts: homeassistant +- name: homeassistant + hosts: homeassistant roles: - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } -- hosts: raspi +- name: raspi + hosts: raspi roles: - { role: "raspi", tags: ["raspi"] } - { role: "bank-terminal", tags: ["bank-terminal"] } -- hosts: fotos +- name: fotos + hosts: fotos roles: - { role: "photos", tags: ["photos"] } -- hosts: git-ci +- name: CI + hosts: git-ci roles: - { role: "git-ci", tags: ["git-ci"] } -- hosts: git +- name: git + hosts: git roles: - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } - { role: "git-server", tags: ["git-server"] } -- hosts: monitoring +- name: monitoring + hosts: monitoring roles: - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } - { role: "monitoring", tags: ["monitoring"] } -- hosts: mqtt +- name: mqtt + hosts: mqtt roles: - { role: "mqtt", tags: ["mqtt"] } -- hosts: music +- name: music + hosts: music roles: - { role: "acme", tags: ["acme"] } - { role: "go", tags: ["go"] } - { role: "music", tags: ["music"] } -- hosts: pad +- name: pad + hosts: pad roles: - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } - { role: "etherpad", tags: ["etherpad"] } -- hosts: services +- name: services + hosts: services roles: - { role: "services", tags: ["services"] } -- hosts: wiki +- name: wiki + hosts: wiki roles: - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } diff --git a/lint.sh b/lint.sh index bc0183d..296c955 100755 --- a/lint.sh +++ b/lint.sh @@ -1,5 +1,6 @@ #!/bin/bash j2lint `find ./ -type f -name '*.j2'` +yamllint -c .yamllint.yaml . ansible-lint bitlair.yaml From 77c1732623b70f36da401240c9fe33329d198fd1 Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Sat, 19 Apr 2025 16:42:53 +0200 Subject: [PATCH 02/56] Linting --- roles/acme/handlers/main.yaml | 4 -- roles/bank-terminal/tasks/main.yaml | 39 +++++++------- roles/bank/tasks/login.yaml | 12 ++--- roles/bank/tasks/revbank-deposit.yaml | 4 +- roles/bank/tasks/revbank.yaml | 2 +- roles/common/tasks/debian-upgrade.yaml | 2 +- roles/common/tasks/main.yaml | 2 +- roles/common/tasks/network.yaml | 2 +- roles/etherpad/tasks/main.yaml | 51 ++++++++----------- roles/git-ci/tasks/main.yaml | 6 +-- roles/git-server/tasks/main.yaml | 8 +-- roles/go/tasks/main.yaml | 10 ++-- roles/monitoring/tasks/grafana.yaml | 12 ++--- roles/monitoring/tasks/main.yaml | 6 +-- roles/monitoring/tasks/mqtt_exporter.yaml | 4 +- roles/monitoring/tasks/prometheus.yaml | 6 +-- roles/mqtt/tasks/main.yaml | 6 +-- roles/music/tasks/librespot.yaml | 6 +-- roles/music/tasks/main.yaml | 6 +-- roles/music/tasks/mpd.yaml | 18 +++---- roles/music/tasks/soundboard.yaml | 4 +- roles/photos/tasks/bambulab-fetch.yaml | 32 ++++-------- roles/photos/tasks/photo-gallery.yaml | 4 +- roles/photos/tasks/photos2mqtt.yaml | 4 +- roles/services/tasks/ircbot.yaml | 10 ++-- roles/services/tasks/mastodon_spacestate.yaml | 4 +- roles/services/tasks/power_mqtt.yaml | 4 +- roles/services/tasks/spacestated.yaml | 2 +- roles/www/tasks/calendar.yaml | 2 +- roles/www/tasks/mediawiki.yaml | 2 +- roles/www/tasks/mqtt.yaml | 2 +- 31 files changed, 127 insertions(+), 149 deletions(-) diff --git a/roles/acme/handlers/main.yaml b/roles/acme/handlers/main.yaml index 7ff2509..3b4b5d1 100644 --- a/roles/acme/handlers/main.yaml +++ b/roles/acme/handlers/main.yaml @@ -1,9 +1,5 @@ --- -- name: update_contact_info - ansible.builtin.command: - cmd: dehydrated --account - - name: run dehydrated ansible.builtin.command: cmd: dehydrated --cron diff --git a/roles/bank-terminal/tasks/main.yaml b/roles/bank-terminal/tasks/main.yaml index 7a01ccb..d035da3 100644 --- a/roles/bank-terminal/tasks/main.yaml +++ b/roles/bank-terminal/tasks/main.yaml @@ -4,11 +4,11 @@ block: - name: Add user ansible.builtin.user: - name: bank-terminal - home: /home/{{ bank_terminal_user }} - shell: /home/{{ bank_terminal_user }}/login + name: "bank-terminal" + home: "/home/{{ bank_terminal_user }}" + shell: "/home/{{ bank_terminal_user }}/login" generate_ssh_key: yes - ssh_key_type: ed25519 + ssh_key_type: "ed25519" - name: Locate agetty ansible.builtin.command: @@ -16,34 +16,35 @@ register: agetty_location_cmd - name: Set agetty var - ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" + ansible.builtin.set_fact: + agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}" - name: Install login script ansible.builtin.template: - src: login - dest: /home/{{ bank_terminal_user }}/login - owner: bank-terminal - group: bank-terminal - mode: 0755 + src: "login" + dest: "/home/{{ bank_terminal_user }}/login" + owner: "bank-terminal" + group: "bank-terminal" + mode: "0755" - name: Autologin User ansible.builtin.template: - src: tty_autologin.conf - dest: /etc/systemd/system/getty@tty1.service.d/override.conf - owner: root - group: root - mode: 0644 + src: "tty_autologin.conf" + dest: "/etc/systemd/system/getty@tty1.service.d/override.conf" + owner: "root" + group: "root" + mode: "0644" notify: daemon_reload - name: Clear MOTD ansible.builtin.copy: content: "" - dest: /etc/motd + dest: "/etc/motd" # Set console font so the Revbank QR codes are rendered correctly. - name: Console setup ansible.builtin.lineinfile: - path: /etc/default/console-setup + path: "/etc/default/console-setup" line: '{{ item.k }}="{{ item.v }}"' regexp: "^#?{{ item.k }}" with_items: @@ -56,8 +57,8 @@ - name: Console Setup Management Note ansible.builtin.lineinfile: - path: /etc/default/console-setup - line: '# Managed by Ansible' + path: "/etc/default/console-setup" + line: "# Managed by Ansible" insertafter: "CONFIGURATION FILE" - name: Read pubkey diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index 7ed568e..029f826 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -41,14 +41,14 @@ - name: Create getty dir ansible.builtin.file: - path: /etc/systemd/system/getty@tty1.service.d + path: "/etc/systemd/system/getty@tty1.service.d" state: directory - name: Autologin User ansible.builtin.template: - src: tty_autologin.conf - dest: /etc/systemd/system/getty@tty1.service.d/override.conf - owner: root - group: root - mode: 0644 + src: "tty_autologin.conf" + dest: "/etc/systemd/system/getty@tty1.service.d/override.conf" + owner: "root" + group: "root" + mode: "0644" notify: daemon reload diff --git a/roles/bank/tasks/revbank-deposit.yaml b/roles/bank/tasks/revbank-deposit.yaml index 1190a53..672ba24 100644 --- a/roles/bank/tasks/revbank-deposit.yaml +++ b/roles/bank/tasks/revbank-deposit.yaml @@ -25,7 +25,7 @@ dest: /etc/revbank-deposit.conf owner: root group: root - mode: 0600 + mode: "0600" notify: Restart revbank-deposit - name: Install revbank-deposit service @@ -34,7 +34,7 @@ dest: /etc/systemd/system/revbank-deposit.service owner: root group: root - mode: 0644 + mode: "0644" notify: Restart revbank-deposit - name: Start revbank-deposit diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index ec283d1..9ffb91c 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -26,7 +26,7 @@ state: touch owner: "{{ bank_user }}" group: "{{ bank_user }}" - mode: 0644 + mode: "0644" with_items: - revbank.accounts - revbank.market diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index f986713..426a499 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -6,7 +6,7 @@ dest: /etc/apt/sources.list owner: root group: root - mode: 0644 + mode: "0644" - name: Remove backports ansible.builtin.file: diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 29f7744..4f82e2f 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -30,7 +30,7 @@ ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys - mode: 0600 + mode: "0600" when: root_access is defined and root_access tags: authorized_keys diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml index 7e2a75b..63efa5a 100644 --- a/roles/common/tasks/network.yaml +++ b/roles/common/tasks/network.yaml @@ -30,7 +30,7 @@ dest: /etc/network/interfaces owner: root group: root - mode: 0644 + mode: "0644" when: network_br or network_dhcp or network_static - ansible.builtin.meta: flush_handlers diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index 0f4beb5..c7b1521 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -19,20 +19,13 @@ - name: Install nodesource source list ansible.builtin.template: - src: nodesource.list - dest: /etc/apt/sources.list.d/nodesource.list - owner: root - group: root - mode: 0644 - notify: Apt update - -- name: Install nodejs apt preference - ansible.builtin.template: - src: nodejs-apt-pref - dest: /etc/apt/preferences.d/nodejs - owner: root - group: root - mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + with_items: + - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list" } + - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs" } notify: Apt update - ansible.builtin.meta: flush_handlers @@ -67,17 +60,17 @@ ansible.builtin.file: path: /var/log/etherpad.log state: touch - owner: etherpad - group: etherpad - mode: 0644 + owner: "etherpad" + group: "etherpad" + mode: "0644" - name: Create source directory ansible.builtin.file: path: /opt/etherpad state: directory - owner: etherpad - group: etherpad - mode: 0755 + owner: "etherpad" + group: "etherpad" + mode: "0755" - name: Clone etherpad source become: yes @@ -94,18 +87,18 @@ ansible.builtin.template: src: settings.json dest: /opt/etherpad/settings.json - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart etherpad - name: Install etherpad service ansible.builtin.template: src: etherpad.service dest: /etc/systemd/system/etherpad.service - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart etherpad - name: Start etherpad @@ -119,8 +112,8 @@ ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/etherpad - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Reload nginx diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml index d677a61..d4e3a19 100644 --- a/roles/git-ci/tasks/main.yaml +++ b/roles/git-ci/tasks/main.yaml @@ -8,7 +8,7 @@ ansible.builtin.get_url: url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" dest: /usr/local/bin/forgejo-runner - mode: 0755 + mode: "0755" notify: restart forgejo-runner - name: Create runner dir @@ -17,7 +17,7 @@ path: "{{ runner_wd }}" owner: root group: root - mode: 0755 + mode: "0755" - name: Register runner ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" @@ -31,7 +31,7 @@ dest: /etc/systemd/system/forgejo-runner.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart forgejo-runner - name: Enable service diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml index 5104ef5..570406b 100644 --- a/roles/git-server/tasks/main.yaml +++ b/roles/git-server/tasks/main.yaml @@ -13,7 +13,7 @@ dest: /etc/nginx/sites-available/forgejo owner: root group: root - mode: 0644 + mode: "0644" notify: Reload nginx - name: Enable nginx site @@ -36,7 +36,7 @@ path: /var/log/forgejo owner: "{{ git_server_user }}" group: "{{ git_server_user }}" - mode: 0755 + mode: "0755" # TODO: Install initial config @@ -46,7 +46,7 @@ dest: /etc/systemd/system/forgejo.service owner: root group: root - mode: 0644 + mode: "0644" notify: Reload forgejo - name: Install update script @@ -55,7 +55,7 @@ dest: "{{ git_server_working_dir }}/update.sh" owner: "{{ git_server_user }}" group: "{{ git_server_user }}" - mode: 0755 + mode: "0755" - name: Perform initial update ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml index ab16901..ebd93c7 100644 --- a/roles/go/tasks/main.yaml +++ b/roles/go/tasks/main.yaml @@ -48,17 +48,17 @@ src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz dest: /usr/local remote_src: yes - owner: root - group: root + owner: "root" + group: "root" when: go_installed_version != go_latest_version - name: Configure Go environment ansible.builtin.template: src: go.profile dest: /etc/profile.d/go.sh - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" - name: Link go binary ansible.builtin.file: diff --git a/roles/monitoring/tasks/grafana.yaml b/roles/monitoring/tasks/grafana.yaml index 3e09b8f..974551b 100644 --- a/roles/monitoring/tasks/grafana.yaml +++ b/roles/monitoring/tasks/grafana.yaml @@ -21,9 +21,9 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: restart grafana with_items: - { src: grafana.ini, dest: /etc/grafana/grafana.ini } @@ -33,9 +33,9 @@ ansible.builtin.template: src: grafana-data-source.yml dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml" - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: restart grafana with_items: - name: Prometheus diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml index 2017d5b..a2878a7 100644 --- a/roles/monitoring/tasks/main.yaml +++ b/roles/monitoring/tasks/main.yaml @@ -4,9 +4,9 @@ ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-available/monitoring - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Reload nginx - name: Enable nginx site diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml index 0ae5d07..635c263 100644 --- a/roles/monitoring/tasks/mqtt_exporter.yaml +++ b/roles/monitoring/tasks/mqtt_exporter.yaml @@ -22,7 +22,7 @@ dest: /etc/systemd/system/mqtt_exporter.service owner: root group: root - mode: 0644 + mode: "0644" notify: - Daemon reload - restart mqtt_exporter @@ -33,7 +33,7 @@ dest: /etc/mqtt_exporter.yaml owner: root group: root - mode: 0644 + mode: "0644" notify: - Daemon reload - restart mqtt_exporter diff --git a/roles/monitoring/tasks/prometheus.yaml b/roles/monitoring/tasks/prometheus.yaml index 30522b5..3c86a0f 100644 --- a/roles/monitoring/tasks/prometheus.yaml +++ b/roles/monitoring/tasks/prometheus.yaml @@ -7,9 +7,9 @@ ansible.builtin.template: src: prometheus.yml dest: "{{ prometheus_config_dir }}/prometheus.yml" - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: restart prometheus - name: Configure Prometheus args diff --git a/roles/mqtt/tasks/main.yaml b/roles/mqtt/tasks/main.yaml index 498f49c..727cca3 100644 --- a/roles/mqtt/tasks/main.yaml +++ b/roles/mqtt/tasks/main.yaml @@ -16,9 +16,9 @@ ansible.builtin.template: src: "{{ item }}" dest: "/etc/mosquitto/conf.d/{{ item }}" - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: restart mosquitto with_items: - bambulab.conf diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 2a8d19b..8b7ea51 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -18,9 +18,9 @@ ansible.builtin.template: src: librespot.service dest: /etc/systemd/system/librespot.service - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart librespot - name: Enable Librespot diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index e8a751c..c57393f 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -28,7 +28,7 @@ ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/trollibox - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Reload nginx diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index eb88133..3e7abeb 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -13,18 +13,18 @@ ansible.builtin.template: src: mpd-volume-to-mqtt.sh dest: /opt/mpd-volume-to-mqtt.sh - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart mpd-volume-to-mqtt - name: Install mpd-volume-to-mqtt service ansible.builtin.template: src: mpd-volume-to-mqtt.service dest: /etc/systemd/system/mpd-volume-to-mqtt.service - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt @@ -46,9 +46,9 @@ ansible.builtin.template: src: skipbutton.service dest: /etc/systemd/system/skipbutton.service - owner: root - group: root - mode: 0644 + owner: "root" + group: "root" + mode: "0644" notify: Restart skipbutton - name: Enable skipbutton diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index a0ea558..6601611 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -30,7 +30,7 @@ dest: /etc/soundboard.yaml owner: root group: root - mode: 0644 + mode: "0644" notify: Restart soundboard - name: Install soundboard service file @@ -39,7 +39,7 @@ dest: /etc/systemd/system/soundboard.service owner: root group: root - mode: 0644 + mode: "0644" notify: Restart soundboard - name: Enable soundboard diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml index b050af9..dfcf3b5 100644 --- a/roles/photos/tasks/bambulab-fetch.yaml +++ b/roles/photos/tasks/bambulab-fetch.yaml @@ -5,28 +5,16 @@ - name: Install fetch script ansible.builtin.template: - src: bambulab-fetch.sh - dest: /opt/bambulab-fetch.sh - owner: root - group: root - mode: 0755 - -- name: Install service - ansible.builtin.template: - src: bambulab-fetch.service - dest: /etc/systemd/system/bambulab-fetch.service - owner: root - group: root - mode: 0644 - notify: daemon reload - -- name: Install timer - ansible.builtin.template: - src: bambulab-fetch.timer - dest: /etc/systemd/system/bambulab-fetch.timer - owner: root - group: root - mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0644') }}" + force: "{{ item.force | default('yes') }}" + with_items: + - { src: "bambulab-fetch.sh", dest: "/opt/bambulab-fetch.sh", mode: "0755" } + - { src: "bambulab-fetch.service", dest: "/etc/systemd/system/bambulab-fetch.service" } + - { src: "bambulab-fetch.timer", dest: "/etc/systemd/system/bambulab-fetch.timer" } notify: daemon reload - name: Enable timer diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml index 5a6cfff..3f6df3d 100644 --- a/roles/photos/tasks/photo-gallery.yaml +++ b/roles/photos/tasks/photo-gallery.yaml @@ -17,7 +17,7 @@ dest: /opt/photo-gallery/config.json owner: root group: root - mode: 0644 + mode: "0644" notify: restart photo-gallery - name: Install photo-gallery service file @@ -26,7 +26,7 @@ dest: /etc/systemd/system/photo-gallery.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart photo-gallery - name: Start photo-gallery diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml index d9f2e05..cad0605 100644 --- a/roles/photos/tasks/photos2mqtt.yaml +++ b/roles/photos/tasks/photos2mqtt.yaml @@ -16,7 +16,7 @@ dest: /opt/photos2mqtt.pl owner: root group: root - mode: 0755 + mode: "0755" notify: restart photos2mqtt - name: Install photos2mqtt service file @@ -25,7 +25,7 @@ dest: /etc/systemd/system/photos2mqtt.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart photos2mqtt - name: Start photos2mqtt diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index e635302..90d60c8 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -20,7 +20,7 @@ dest: /etc/systemd/system/irc-bot.service owner: root group: root - mode: 0644 + mode: "0644" vars: description: Bitlair IRC bot exec: /bin/bash /var/lib/irc-bot/irc-bot @@ -44,7 +44,7 @@ dest: /var/lib/irc-helpers/photos.sh owner: root group: root - mode: 0755 + mode: "0755" notify: Restart irc-photos - name: Install photos notification service @@ -53,7 +53,7 @@ dest: /etc/systemd/system/irc-photos.service owner: root group: root - mode: 0644 + mode: "0644" vars: description: Bitlair IRC photos notification requires: irc-bot.service @@ -73,7 +73,7 @@ dest: /var/lib/irc-helpers/doorduino.sh owner: root group: root - mode: 0755 + mode: "0755" notify: Restart irc-doorduino - name: Install doorduino notification service @@ -82,7 +82,7 @@ dest: /etc/systemd/system/irc-doorduino.service owner: root group: root - mode: 0644 + mode: "0644" vars: description: Bitlair IRC doorduino notification requires: irc-bot.service diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index 53f979e..a64d353 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -20,7 +20,7 @@ dest: /var/lib/mastodon-spacestate/config.py owner: root group: root - mode: 0655 + mode: "0655" notify: Restart mastodon-spacestate - name: Install service file @@ -29,7 +29,7 @@ dest: /etc/systemd/system/mastodon-spacestate.service owner: root group: root - mode: 0644 + mode: "0644" notify: Restart mastodon-spacestate - name: Start mastodon-spacestate diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml index 5c18589..fe442b6 100644 --- a/roles/services/tasks/power_mqtt.yaml +++ b/roles/services/tasks/power_mqtt.yaml @@ -9,7 +9,7 @@ dest: /var/lib/power-mqtt.py owner: root group: root - mode: 0755 + mode: "0755" notify: Restart power-mqtt - name: Remove old service @@ -23,7 +23,7 @@ dest: /etc/systemd/system/power-mqtt@.service owner: root group: root - mode: 0644 + mode: "0644" vars: description: "SMD630 to MQTT Probe" exec: "/var/lib/power-mqtt.py %i" diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 92a0ace..363397e 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -34,7 +34,7 @@ dest: /etc/systemd/system/spacestated.service owner: root group: root - mode: 0644 + mode: "0644" notify: Restart spacestated - name: Start spacestated diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml index f6513a8..c034d81 100644 --- a/roles/www/tasks/calendar.yaml +++ b/roles/www/tasks/calendar.yaml @@ -21,4 +21,4 @@ dest: /etc/cron.d/bitlair-calendar owner: root group: root - mode: 0644 + mode: "0644" diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml index 2eb69f4..de77057 100644 --- a/roles/www/tasks/mediawiki.yaml +++ b/roles/www/tasks/mediawiki.yaml @@ -11,5 +11,5 @@ dest: /opt/security.txt owner: root group: root - mode: 0644 + mode: "0644" diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml index 63d1dee..10cc736 100644 --- a/roles/www/tasks/mqtt.yaml +++ b/roles/www/tasks/mqtt.yaml @@ -26,7 +26,7 @@ dest: /etc/systemd/system/mqtt2web.service owner: root group: root - mode: 0644 + mode: "0644" notify: - Daemon reload - Restart mqtt2web From a30d388422ddd53f70dbe265d6eda830a55cc066 Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Sat, 19 Apr 2025 16:45:08 +0200 Subject: [PATCH 03/56] Owner/group strings --- roles/bank/tasks/revbank-deposit.yaml | 10 +++++----- roles/common/tasks/debian-upgrade.yaml | 4 ++-- roles/common/tasks/network.yaml | 4 ++-- roles/git-ci/tasks/main.yaml | 8 ++++---- roles/git-server/tasks/main.yaml | 8 ++++---- roles/monitoring/tasks/mqtt_exporter.yaml | 8 ++++---- roles/music/tasks/soundboard.yaml | 8 ++++---- roles/music/tasks/trollibox.yaml | 8 ++++---- roles/photos/tasks/photo-gallery.yaml | 8 ++++---- roles/photos/tasks/photos2mqtt.yaml | 8 ++++---- roles/services/tasks/discord_bot.yaml | 4 ++-- roles/services/tasks/ircbot.yaml | 20 +++++++++---------- roles/services/tasks/mastodon_spacestate.yaml | 8 ++++---- roles/services/tasks/power_mqtt.yaml | 8 ++++---- roles/services/tasks/siahsd.yaml | 8 ++++---- roles/services/tasks/spacestated.yaml | 4 ++-- roles/services/tasks/wifi_mqtt.yaml | 4 ++-- roles/www/tasks/calendar.yaml | 4 ++-- roles/www/tasks/mediawiki.yaml | 4 ++-- roles/www/tasks/mqtt.yaml | 4 ++-- roles/www/tasks/spaceapi.yaml | 4 ++-- 21 files changed, 73 insertions(+), 73 deletions(-) diff --git a/roles/bank/tasks/revbank-deposit.yaml b/roles/bank/tasks/revbank-deposit.yaml index 672ba24..97c3593 100644 --- a/roles/bank/tasks/revbank-deposit.yaml +++ b/roles/bank/tasks/revbank-deposit.yaml @@ -23,8 +23,8 @@ ansible.builtin.template: src: revbank-deposit.conf dest: /etc/revbank-deposit.conf - owner: root - group: root + owner: "root" + group: "root" mode: "0600" notify: Restart revbank-deposit @@ -32,8 +32,8 @@ ansible.builtin.template: src: revbank-deposit.service dest: /etc/systemd/system/revbank-deposit.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart revbank-deposit @@ -44,4 +44,4 @@ state: started enabled: true -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index 426a499..b480bea 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -4,8 +4,8 @@ ansible.builtin.template: src: stable-sources.list dest: /etc/apt/sources.list - owner: root - group: root + owner: "root" + group: "root" mode: "0644" - name: Remove backports diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml index 63efa5a..fae4ed5 100644 --- a/roles/common/tasks/network.yaml +++ b/roles/common/tasks/network.yaml @@ -28,8 +28,8 @@ ansible.builtin.template: src: network-interfaces dest: /etc/network/interfaces - owner: root - group: root + owner: "root" + group: "root" mode: "0644" when: network_br or network_dhcp or network_static diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml index d4e3a19..ea688fa 100644 --- a/roles/git-ci/tasks/main.yaml +++ b/roles/git-ci/tasks/main.yaml @@ -15,8 +15,8 @@ ansible.builtin.file: state: directory path: "{{ runner_wd }}" - owner: root - group: root + owner: "root" + group: "root" mode: "0755" - name: Register runner @@ -29,8 +29,8 @@ ansible.builtin.template: src: forgejo-runner.service dest: /etc/systemd/system/forgejo-runner.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: restart forgejo-runner diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml index 570406b..847d850 100644 --- a/roles/git-server/tasks/main.yaml +++ b/roles/git-server/tasks/main.yaml @@ -11,8 +11,8 @@ ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-available/forgejo - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Reload nginx @@ -44,8 +44,8 @@ ansible.builtin.template: src: forgejo.service dest: /etc/systemd/system/forgejo.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Reload forgejo diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml index 635c263..b0350f4 100644 --- a/roles/monitoring/tasks/mqtt_exporter.yaml +++ b/roles/monitoring/tasks/mqtt_exporter.yaml @@ -20,8 +20,8 @@ ansible.builtin.template: src: mqtt_exporter.service dest: /etc/systemd/system/mqtt_exporter.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: - Daemon reload @@ -31,8 +31,8 @@ ansible.builtin.template: src: mqtt_exporter_config.yaml dest: /etc/mqtt_exporter.yaml - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: - Daemon reload diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index 6601611..fa5ace0 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -28,8 +28,8 @@ ansible.builtin.template: src: soundboard.yaml dest: /etc/soundboard.yaml - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart soundboard @@ -37,8 +37,8 @@ ansible.builtin.template: src: soundboard.service dest: /etc/systemd/system/soundboard.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart soundboard diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 0b20b4a..717c235 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -3,8 +3,8 @@ ansible.builtin.template: src: trollibox.yaml dest: /etc/trollibox.yaml - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart trollibox @@ -32,8 +32,8 @@ ansible.builtin.template: src: trollibox.service dest: /etc/systemd/system/trollibox.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart trollibox diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml index 3f6df3d..95eb800 100644 --- a/roles/photos/tasks/photo-gallery.yaml +++ b/roles/photos/tasks/photo-gallery.yaml @@ -15,8 +15,8 @@ ansible.builtin.template: src: photo-gallery-config.json dest: /opt/photo-gallery/config.json - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: restart photo-gallery @@ -24,8 +24,8 @@ ansible.builtin.template: src: photo-gallery.service dest: /etc/systemd/system/photo-gallery.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: restart photo-gallery diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml index cad0605..1fedc06 100644 --- a/roles/photos/tasks/photos2mqtt.yaml +++ b/roles/photos/tasks/photos2mqtt.yaml @@ -14,8 +14,8 @@ ansible.builtin.template: src: photos2mqtt.pl dest: /opt/photos2mqtt.pl - owner: root - group: root + owner: "root" + group: "root" mode: "0755" notify: restart photos2mqtt @@ -23,8 +23,8 @@ ansible.builtin.template: src: photos2mqtt.service dest: /etc/systemd/system/photos2mqtt.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: restart photos2mqtt diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 1889db4..7f64a01 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -32,8 +32,8 @@ ansible.builtin.template: src: discord-bot.service dest: /etc/systemd/system/discord-bot.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart discord-bot diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index 90d60c8..83a8f72 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -18,8 +18,8 @@ ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-bot.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" vars: description: Bitlair IRC bot @@ -42,8 +42,8 @@ ansible.builtin.template: src: irc-photos.sh dest: /var/lib/irc-helpers/photos.sh - owner: root - group: root + owner: "root" + group: "root" mode: "0755" notify: Restart irc-photos @@ -51,8 +51,8 @@ ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-photos.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" vars: description: Bitlair IRC photos notification @@ -71,8 +71,8 @@ ansible.builtin.template: src: irc-doorduino.sh dest: /var/lib/irc-helpers/doorduino.sh - owner: root - group: root + owner: "root" + group: "root" mode: "0755" notify: Restart irc-doorduino @@ -80,8 +80,8 @@ ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-doorduino.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" vars: description: Bitlair IRC doorduino notification diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index a64d353..8d2175a 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -18,8 +18,8 @@ ansible.builtin.template: src: mastodon-spacestate-config.py dest: /var/lib/mastodon-spacestate/config.py - owner: root - group: root + owner: "root" + group: "root" mode: "0655" notify: Restart mastodon-spacestate @@ -27,8 +27,8 @@ ansible.builtin.template: src: mastodon-spacestate.service dest: /etc/systemd/system/mastodon-spacestate.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart mastodon-spacestate diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml index fe442b6..1ca1e7f 100644 --- a/roles/services/tasks/power_mqtt.yaml +++ b/roles/services/tasks/power_mqtt.yaml @@ -7,8 +7,8 @@ ansible.builtin.template: src: power-mqtt.py dest: /var/lib/power-mqtt.py - owner: root - group: root + owner: "root" + group: "root" mode: "0755" notify: Restart power-mqtt @@ -21,8 +21,8 @@ ansible.builtin.template: src: generic.service dest: /etc/systemd/system/power-mqtt@.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" vars: description: "SMD630 to MQTT Probe" diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index c7c3b0b..a1e59a9 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -16,8 +16,8 @@ ansible.builtin.template: src: siahsd.conf dest: /etc/siahsd.conf - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart siahsd @@ -25,8 +25,8 @@ ansible.builtin.template: src: siahsd.service dest: /etc/systemd/system/siahsd.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart siahsd diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 363397e..8f22309 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -32,8 +32,8 @@ ansible.builtin.template: src: spacestated.service dest: /etc/systemd/system/spacestated.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart spacestated diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index 8bb8353..1f10c64 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -19,8 +19,8 @@ ansible.builtin.template: src: wifi-mqtt.service dest: /etc/systemd/system/wifi-mqtt.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart wifi-mqtt diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml index c034d81..8f42b06 100644 --- a/roles/www/tasks/calendar.yaml +++ b/roles/www/tasks/calendar.yaml @@ -19,6 +19,6 @@ ansible.builtin.template: src: calendar.cron dest: /etc/cron.d/bitlair-calendar - owner: root - group: root + owner: "root" + group: "root" mode: "0644" diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml index de77057..0508e32 100644 --- a/roles/www/tasks/mediawiki.yaml +++ b/roles/www/tasks/mediawiki.yaml @@ -9,7 +9,7 @@ ansible.builtin.template: src: security.txt dest: /opt/security.txt - owner: root - group: root + owner: "root" + group: "root" mode: "0644" diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml index 10cc736..ed097d6 100644 --- a/roles/www/tasks/mqtt.yaml +++ b/roles/www/tasks/mqtt.yaml @@ -24,8 +24,8 @@ ansible.builtin.template: src: mqtt2web.service dest: /etc/systemd/system/mqtt2web.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: - Daemon reload diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index 7c8a494..1c5c3ec 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -11,8 +11,8 @@ ansible.builtin.template: src: spaceapi.service dest: /etc/systemd/system/spaceapi.service - owner: root - group: root + owner: "root" + group: "root" mode: "0644" notify: Restart spaceapi From b74a9859b2dca47f23d08e5e90e24fe376aecb2e Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 26 Apr 2025 18:18:53 +0200 Subject: [PATCH 04/56] Update git_ci role from polyfloyd's infra --- bitlair.yaml | 2 +- git-ci.yaml | 2 +- roles/git-ci/defaults/main.yaml | 2 - roles/git-ci/tasks/main.yaml | 50 ----------- roles/git_ci/defaults/main.yaml | 2 + roles/{git-ci => git_ci}/handlers/main.yaml | 2 +- roles/git_ci/tasks/main.yaml | 83 +++++++++++++++++++ .../templates/forgejo-runner.service | 2 +- 8 files changed, 89 insertions(+), 56 deletions(-) delete mode 100644 roles/git-ci/defaults/main.yaml delete mode 100644 roles/git-ci/tasks/main.yaml create mode 100644 roles/git_ci/defaults/main.yaml rename roles/{git-ci => git_ci}/handlers/main.yaml (85%) create mode 100644 roles/git_ci/tasks/main.yaml rename roles/{git-ci => git_ci}/templates/forgejo-runner.service (84%) diff --git a/bitlair.yaml b/bitlair.yaml index 48db717..4016241 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -26,7 +26,7 @@ - hosts: git-ci roles: - - { role: "git-ci", tags: ["git-ci"] } + - { role: "git_ci", tags: ["git_ci"] } - hosts: git roles: diff --git a/git-ci.yaml b/git-ci.yaml index 711dac4..4a53a08 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -3,4 +3,4 @@ - hosts: git-ci roles: - { role: "common", tags: [ "common" ] } - - { role: "git-ci", tags: [ "git-ci" ] } + - { role: "git_ci", tags: [ "git_ci" ] } diff --git a/roles/git-ci/defaults/main.yaml b/roles/git-ci/defaults/main.yaml deleted file mode 100644 index 2e805ee..0000000 --- a/roles/git-ci/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -runner_wd: /var/lib/forgejo-runner -runner_version: 6.3.0 diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml deleted file mode 100644 index d677a61..0000000 --- a/roles/git-ci/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- name: Install dependencies - ansible.builtin.apt: - name: docker.io - -- name: Download forgejo-runner - ansible.builtin.get_url: - url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" - dest: /usr/local/bin/forgejo-runner - mode: 0755 - notify: restart forgejo-runner - -- name: Create runner dir - ansible.builtin.file: - state: directory - path: "{{ runner_wd }}" - owner: root - group: root - mode: 0755 - -- name: Register runner - ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" - args: - chdir: "{{ runner_wd }}" - creates: "{{ runner_wd }}/.runner" - -- name: Install service file - ansible.builtin.template: - src: forgejo-runner.service - dest: /etc/systemd/system/forgejo-runner.service - owner: root - group: root - mode: 0644 - notify: restart forgejo-runner - -- name: Enable service - ansible.builtin.systemd: - name: forgejo-runner - enabled: true - daemon_reload: true - -- name: Start service - ansible.builtin.systemd: - name: forgejo-runner - state: started - daemon_reload: true - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/git_ci/defaults/main.yaml b/roles/git_ci/defaults/main.yaml new file mode 100644 index 0000000..2c54fd9 --- /dev/null +++ b/roles/git_ci/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +git_ci_runner_wd: /var/lib/forgejo-runner diff --git a/roles/git-ci/handlers/main.yaml b/roles/git_ci/handlers/main.yaml similarity index 85% rename from roles/git-ci/handlers/main.yaml rename to roles/git_ci/handlers/main.yaml index 361ba38..05f3913 100644 --- a/roles/git-ci/handlers/main.yaml +++ b/roles/git_ci/handlers/main.yaml @@ -3,6 +3,6 @@ file: ../../common/handlers/main.yaml - name: restart forgejo-runner - ansible.builtin.systemd: + systemd: name: forgejo-runner state: restarted diff --git a/roles/git_ci/tasks/main.yaml b/roles/git_ci/tasks/main.yaml new file mode 100644 index 0000000..c2c4002 --- /dev/null +++ b/roles/git_ci/tasks/main.yaml @@ -0,0 +1,83 @@ +--- +- tags: git_ci + block: + - name: Install dependencies + apt: + name: docker.io + + - name: Query latest forgejo-runner version + uri: + url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags + return_content: true + register: response + changed_when: false + check_mode: false + failed_when: "response is failed or 'json' not in response" + + - name: Format forgejo-runner latest version + set_fact: + forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}" + + - name: Detect installed forgejo-runner version + shell: + cmd: | + set -o pipefail + forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none + executable: /bin/bash + register: forgejo_runner_installed_version_shell + changed_when: false + check_mode: false + + - name: Format installed forgejo-runner version + set_fact: + forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}" + + - debug: + msg: + - "Forgejo Runner latest version: {{ forgejo_runner_version }}" + - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}" + + - name: Download forgejo-runner + get_url: + url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64" + dest: /usr/local/bin/forgejo-runner + mode: "0755" + notify: restart forgejo-runner + when: forgejo_runner_installed_version != forgejo_runner_version + + - name: Create runner dir + file: + state: directory + path: "{{ git_ci_runner_wd }}" + owner: root + group: root + mode: "0755" + + - name: Register runner + command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" + args: + chdir: "{{ git_ci_runner_wd }}" + creates: "{{ git_ci_runner_wd }}/.runner" + + - name: Install service file + template: + src: forgejo-runner.service + dest: /etc/systemd/system/forgejo-runner.service + owner: root + group: root + mode: "0644" + notify: restart forgejo-runner + + - name: Enable service + systemd: + name: forgejo-runner + enabled: true + daemon_reload: true + + - name: Start service + systemd: + name: forgejo-runner + state: started + daemon_reload: true + + - meta: flush_handlers diff --git a/roles/git-ci/templates/forgejo-runner.service b/roles/git_ci/templates/forgejo-runner.service similarity index 84% rename from roles/git-ci/templates/forgejo-runner.service rename to roles/git_ci/templates/forgejo-runner.service index c9550d2..9cd5b5b 100644 --- a/roles/git-ci/templates/forgejo-runner.service +++ b/roles/git_ci/templates/forgejo-runner.service @@ -6,7 +6,7 @@ After=network.target [Service] ExecStart=/usr/local/bin/forgejo-runner daemon -WorkingDirectory={{ runner_wd }} +WorkingDirectory={{ git_ci_runner_wd }} Restart=on-failure RestartSec=10s From bb5f845c1bcd2be123cb9f58328bf4526172e82e Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 26 Apr 2025 18:23:08 +0200 Subject: [PATCH 05/56] Add new CI runner --- inventory | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inventory b/inventory index c380b07..86d1bea 100644 --- a/inventory +++ b/inventory @@ -17,7 +17,8 @@ blockchain.bitlair.nl git.bitlair.nl [git-ci] -git-ci.bitlair.nl +git-ci01.bitlair.nl +git-ci02.bitlair.nl [pad] pad.bitlair.nl From ee6b8bee5c0ff974700cdb6024e5a6e56d5e9151 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 27 Apr 2025 13:08:31 +0200 Subject: [PATCH 06/56] monitoring/mqtt_exporter: Install from debian package --- group_vars/all.yaml | 3 +++ monitoring.yaml | 1 + roles/common/handlers/main.yaml | 2 +- roles/deb_forgejo/defaults/main.yaml | 1 + roles/deb_forgejo/handlers/default.yaml | 3 +++ roles/deb_forgejo/tasks/main.yaml | 26 ++++++++++++++++++ roles/deb_forgejo/templates/sources.list | 5 ++++ roles/etherpad/tasks/main.yaml | 6 ++--- roles/monitoring/tasks/mqtt_exporter.yaml | 33 +++-------------------- 9 files changed, 47 insertions(+), 33 deletions(-) create mode 100644 roles/deb_forgejo/defaults/main.yaml create mode 100644 roles/deb_forgejo/handlers/default.yaml create mode 100644 roles/deb_forgejo/tasks/main.yaml create mode 100644 roles/deb_forgejo/templates/sources.list diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 3deb227..39de4c0 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -36,3 +36,6 @@ mqtt_public_host: bitlair.nl debian_repourl: "http://deb.debian.org/debian/" debian_securityurl: "http://security.debian.org/debian-security" +deb_forgejo_repos: + - host: git.polyfloyd.net + owner: polyfloyd diff --git a/monitoring.yaml b/monitoring.yaml index 9e05df0..202cb58 100644 --- a/monitoring.yaml +++ b/monitoring.yaml @@ -4,5 +4,6 @@ roles: - { role: "common", tags: [ "common" ] } - { role: "acme", tags: [ "acme" ] } + - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "nginx", tags: [ "nginx" ] } - { role: "monitoring", tags: [ "monitoring" ] } diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml index 3f6d5b8..b35b8d8 100644 --- a/roles/common/handlers/main.yaml +++ b/roles/common/handlers/main.yaml @@ -3,7 +3,7 @@ ansible.builtin.command: cmd: update-grub -- name: Apt update +- name: apt update ansible.builtin.apt: update_cache: true diff --git a/roles/deb_forgejo/defaults/main.yaml b/roles/deb_forgejo/defaults/main.yaml new file mode 100644 index 0000000..21082e1 --- /dev/null +++ b/roles/deb_forgejo/defaults/main.yaml @@ -0,0 +1 @@ +deb_private_host: git.polyfloyd.net diff --git a/roles/deb_forgejo/handlers/default.yaml b/roles/deb_forgejo/handlers/default.yaml new file mode 100644 index 0000000..e7a11ce --- /dev/null +++ b/roles/deb_forgejo/handlers/default.yaml @@ -0,0 +1,3 @@ +--- +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml diff --git a/roles/deb_forgejo/tasks/main.yaml b/roles/deb_forgejo/tasks/main.yaml new file mode 100644 index 0000000..68c3c44 --- /dev/null +++ b/roles/deb_forgejo/tasks/main.yaml @@ -0,0 +1,26 @@ +--- +- tags: deb_forgejo + block: + - name: Install dependencies + apt: + name: apt-transport-https + state: present + + - name: Install packaging key + get_url: + url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key + dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc + mode: "0644" + with_items: "{{ deb_forgejo_repos }}" + notify: apt update + + - name: Install sources.list + template: + src: sources.list + dest: /etc/apt/sources.list.d/deb-forgejo.list + owner: root + group: root + mode: "0644" + notify: apt update + + - meta: flush_handlers diff --git a/roles/deb_forgejo/templates/sources.list b/roles/deb_forgejo/templates/sources.list new file mode 100644 index 0000000..9400fd3 --- /dev/null +++ b/roles/deb_forgejo/templates/sources.list @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for repo in deb_forgejo_repos %} +deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }} +{% endfor %} diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index 0f4beb5..38dc4d3 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -15,7 +15,7 @@ -o /usr/share/keyrings/nodesource.gpg args: creates: /usr/share/keyrings/nodesource.gpg - notify: Apt update + notify: apt update - name: Install nodesource source list ansible.builtin.template: @@ -24,7 +24,7 @@ owner: root group: root mode: 0644 - notify: Apt update + notify: apt update - name: Install nodejs apt preference ansible.builtin.template: @@ -33,7 +33,7 @@ owner: root group: root mode: 0644 - notify: Apt update + notify: apt update - ansible.builtin.meta: flush_handlers diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml index 0ae5d07..481d2c1 100644 --- a/roles/monitoring/tasks/mqtt_exporter.yaml +++ b/roles/monitoring/tasks/mqtt_exporter.yaml @@ -1,47 +1,22 @@ --- -- name: Clone source - ansible.builtin.git: - repo: https://github.com/polyfloyd/mqtt-exporter.git - version: main - dest: /opt/mqtt_exporter - accept_hostkey: yes - notify: restart mqtt_exporter - - name: Install apt dependencies ansible.builtin.apt: - name: - - jq - - python3-paho-mqtt - - python3-prometheus-client - - python3-yaml + name: mqtt-exporter state: present -- name: Install service - ansible.builtin.template: - src: mqtt_exporter.service - dest: /etc/systemd/system/mqtt_exporter.service - owner: root - group: root - mode: 0644 - notify: - - Daemon reload - - restart mqtt_exporter - - name: Install config file ansible.builtin.template: src: mqtt_exporter_config.yaml - dest: /etc/mqtt_exporter.yaml + dest: /etc/mqtt-exporter.yaml owner: root group: root mode: 0644 - notify: - - Daemon reload - - restart mqtt_exporter + notify: restart mqtt_exporter - ansible.builtin.meta: flush_handlers - name: Start service ansible.builtin.systemd: - name: mqtt_exporter + name: mqtt-exporter state: started enabled: true From 5ab22d0e9653e97030e942159db483652292459c Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 27 Apr 2025 18:59:37 +0200 Subject: [PATCH 07/56] music: Install mqtt-soundboard from Debian package --- music.yaml | 1 + roles/music/tasks/soundboard.yaml | 38 ++++++++----------------------- 2 files changed, 10 insertions(+), 29 deletions(-) diff --git a/music.yaml b/music.yaml index e4ea70b..17666f3 100644 --- a/music.yaml +++ b/music.yaml @@ -4,6 +4,7 @@ roles: - { role: "common", tags: [ "common" ] } - { role: "acme", tags: [ "acme" ] } + - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "go", tags: [ "go" ] } # - { role: "nginx", tags: [ "nginx" ] } - { role: "music", tags: [ "music" ] } diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index a0ea558..1b72dbf 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -1,28 +1,17 @@ --- - name: Install dependencies ansible.builtin.apt: - name: virtualenv + name: + - mqtt-soundboard + - mplayer state: present -- name: Clone soundboard source - ansible.builtin.git: - repo: https://github.com/polyfloyd/mqtt-soundboard.git - version: main - dest: /opt/soundboard - accept_hostkey: yes - notify: Restart soundboard - -- name: Create virtualenv - ansible.builtin.command: - cmd: virtualenv /opt/soundboard/.venv - args: - creates: /opt/soundboard/.venv - -- name: Install Python dependencies - ansible.builtin.shell: - cmd: . .venv/bin/activate && pip install -r requirements.txt - args: - chdir: /opt/soundboard +- ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /opt/soundboard + - /etc/systemd/system/soundboard.service - name: Install soundboard config file ansible.builtin.template: @@ -33,15 +22,6 @@ mode: 0644 notify: Restart soundboard -- name: Install soundboard service file - ansible.builtin.template: - src: soundboard.service - dest: /etc/systemd/system/soundboard.service - owner: root - group: root - mode: 0644 - notify: Restart soundboard - - name: Enable soundboard ansible.builtin.systemd: name: soundboard From c267c51e1ea34dc63387ddadbbdac770ded0419b Mon Sep 17 00:00:00 2001 From: BlackDragon-B Date: Sun, 27 Apr 2025 19:50:53 +0200 Subject: [PATCH 08/56] maak chat.bitlair.nl --- chat.yaml | 7 + group_vars/chat.yaml | 34 +++++ roles/chat/defaults/main.yaml | 0 roles/chat/tasks/main.yaml | 143 +++++++++++++++++++ roles/chat/templates/config.js.j2 | 58 ++++++++ roles/chat/templates/nodejs-apt-pref | 5 + roles/chat/templates/nodesource.list | 3 + roles/chat/templates/thelounge-bitlair.patch | 28 ++++ roles/chat/templates/thelounge.service | 17 +++ 9 files changed, 295 insertions(+) create mode 100644 chat.yaml create mode 100644 group_vars/chat.yaml create mode 100644 roles/chat/defaults/main.yaml create mode 100644 roles/chat/tasks/main.yaml create mode 100644 roles/chat/templates/config.js.j2 create mode 100644 roles/chat/templates/nodejs-apt-pref create mode 100644 roles/chat/templates/nodesource.list create mode 100644 roles/chat/templates/thelounge-bitlair.patch create mode 100644 roles/chat/templates/thelounge.service diff --git a/chat.yaml b/chat.yaml new file mode 100644 index 0000000..9560585 --- /dev/null +++ b/chat.yaml @@ -0,0 +1,7 @@ +- hosts: chat + roles: + - { role: "common", tags: [ "common" ] } + - { role: "nft", tags: [ "nft" ] } + - { role: "nginx", tags: [ "nginx" ] } + - { role: "acme", tags: [ "acme" ] } + - { role: "chat", tags: [ "chat" ] } diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml new file mode 100644 index 0000000..8caf096 --- /dev/null +++ b/group_vars/chat.yaml @@ -0,0 +1,34 @@ +--- +root_access: + - blackdragon + - ak + - foobar + - polyfloyd +nodejs_version: 22.x +thelounge_version: "4.4.3" +thelounge_ldap_url: ldaps://ldap.bitlair.nl +thelounge_ldap_filter: (objectClass=inetOrgPerson) +thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl +chat_hostname: chat.bitlair.nl + +acme_domains: + - "{{ chat_hostname }}" + +nginx_sites: + - server_name: "{{ chat_hostname }}" + config: + - |- + location / { + proxy_pass http://127.0.0.1:9000/; + proxy_http_version 1.1; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + + # by default nginx times out connections in one minute + proxy_read_timeout 1d; + } + +group_nft_input: + - "tcp dport { http, https } accept # Allow web-traffic from world" \ No newline at end of file diff --git a/roles/chat/defaults/main.yaml b/roles/chat/defaults/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml new file mode 100644 index 0000000..6fa26d1 --- /dev/null +++ b/roles/chat/tasks/main.yaml @@ -0,0 +1,143 @@ +- name: Install dependencies + ansible.builtin.apt: + state: present + pkg: + - gpg + - apt-transport-https + - build-essential + +- name: Import nodesource signing key + ansible.builtin.shell: + cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor + -o /usr/share/keyrings/nodesource.gpg + args: + creates: /usr/share/keyrings/nodesource.gpg + notify: Apt update + +- name: Install nodesource source list + ansible.builtin.template: + src: nodesource.list + dest: /etc/apt/sources.list.d/nodesource.list + owner: root + group: root + mode: 0644 + notify: Apt update + +- name: Install nodejs apt preference + ansible.builtin.template: + src: nodejs-apt-pref + dest: /etc/apt/preferences.d/nodejs + owner: root + group: root + mode: 0644 + notify: Apt update + +- ansible.builtin.meta: flush_handlers + +- name: Install nodejs + ansible.builtin.apt: + name: nodejs + +- name: Install yarn + ansible.builtin.shell: + cmd: npm install --global yarn + +- stat: path=/opt/thelounge + register: src_path + +- name: Retreive thelounge source + block: + - name: Checkout source + ansible.builtin.git: + repo: 'https://github.com/revspace/thelounge.git' + dest: /opt/thelounge + version: 9d6dc83 + force: true + + - name: Copy patch + ansible.builtin.template: + src: thelounge-bitlair.patch + dest: /tmp/thelounge-bitlair.patch + + - name: Apply patch + ansible.builtin.shell: + chdir: /opt/thelounge + cmd: git apply /tmp/thelounge-bitlair.patch + when: not src_path.stat.exists + +- name: Build and install thelounge + ansible.builtin.shell: + chdir: /opt/thelounge + cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge + +- name: Ensure user thelounge is present + user: + name: thelounge + createhome: no + comment: The Lounge (IRC client) + system: yes + state: present + become: yes + +- name: Ensure JS and JSON syntax checking packages are installed + yarn: + name: "{{ item }}" + global: yes + state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + with_items: + - esprima + - jsonlint + become: yes + changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + +- name: Ensure thelounge configuration directory is present + file: + path: /etc/thelounge + owner: thelounge + group: thelounge + state: directory + become: yes + +- name: Ensure The Lounge is configured + template: + src: config.js.j2 + dest: /etc/thelounge/config.js + owner: thelounge + group: thelounge + validate: 'esvalidate %s' + become: yes + +- name: Ensure user configuration directory is present + file: + path: /var/local/thelounge/users + owner: thelounge + group: thelounge + state: directory + become: yes + +- name: Ensure preview storage directory is present + file: + path: /var/local/thelounge/storage + owner: thelounge + group: thelounge + mode: "0770" + state: directory + become: yes + +- name: Copy service file to systemd directory + ansible.builtin.template: + src: thelounge.service # Path to your service file in your Ansible project + dest: /etc/systemd/system/thelounge.service + owner: root + group: root + mode: '0644' + +- name: Reload systemd daemon to read new service file + ansible.builtin.systemd: + daemon_reload: yes + +- name: Enable and start the service + ansible.builtin.systemd: + name: thelounge + state: started + enabled: yes \ No newline at end of file diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 new file mode 100644 index 0000000..c606576 --- /dev/null +++ b/roles/chat/templates/config.js.j2 @@ -0,0 +1,58 @@ +"use strict"; + +module.exports = { + public: false, + port: 9000, + bind: "0.0.0.0", + reverseProxy: true, + lockNetwork: true, + maxHistory: 10000, + leaveMessage: "Doei!", + defaults: { + name: "Smurfnet", + password: "", + rejectUnauthorized: true, + nick: "", + username: "", + realname: "", + join: "#bitlair", + }, + messageStorage: ["sqlite", "text"], + fileUpload: { + enable: true, + }, + networks: { + Smurfnet: { + host: "irc.smurfnet.ch", + port: 6697, + tls: true, + rejectUnauthorized: false, + }, + "Libera.Chat": { + host: "irc.libera.chat", + port: 6697, + tls: true, + rejectUnauthorized: true, + }, + OFTC: { + host: "irc.oftc.net", + port: 6697, + tls: true, + rejectUnauthorized: true, + }, + }, + identd: { + enable: false, + }, + ldap: { + enable: true, + url: "{{ thelounge_ldap_url }}", + primaryKey: "uid", + searchDN: { + rootDN: "{{ thelounge_ldap_rootDN }}", + rootPassword: "{{ thelounge_ldap_rootPassword }}", + filter: "{{ thelounge_ldap_filter }}", + base: "{{ thelounge_ldap_base }}", + }, + }, +}; diff --git a/roles/chat/templates/nodejs-apt-pref b/roles/chat/templates/nodejs-apt-pref new file mode 100644 index 0000000..6193912 --- /dev/null +++ b/roles/chat/templates/nodejs-apt-pref @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +Package: nodejs +Pin: origin deb.nodesource.com +Pin-Priority: 1000 diff --git a/roles/chat/templates/nodesource.list b/roles/chat/templates/nodesource.list new file mode 100644 index 0000000..6ac9322 --- /dev/null +++ b/roles/chat/templates/nodesource.list @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main diff --git a/roles/chat/templates/thelounge-bitlair.patch b/roles/chat/templates/thelounge-bitlair.patch new file mode 100644 index 0000000..fdfb795 --- /dev/null +++ b/roles/chat/templates/thelounge-bitlair.patch @@ -0,0 +1,28 @@ +diff --git a/package.json b/package.json +index 2991a6ec..dac43f16 100644 +--- a/package.json ++++ b/package.json +@@ -84,9 +84,7 @@ + "ua-parser-js": "1.0.33", + "uuid": "8.3.2", + "web-push": "3.4.5", +- "yarn": "1.22.17" +- }, +- "optionalDependencies": { ++ "yarn": "1.22.17", + "sqlite3": "5.1.7" + }, + "devDependencies": { +diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts +index e6093b0f..d30b9a1c 100644 +--- a/server/plugins/auth/ldap.ts ++++ b/server/plugins/auth/ldap.ts +@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => { + // auth plugin API + function callbackWrapper(valid: boolean) { + if (valid && !client) { +- manager.addUser(user, null, false); ++ manager.addUser(user, null, true); + } + + callback(valid); diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service new file mode 100644 index 0000000..3fc7396 --- /dev/null +++ b/roles/chat/templates/thelounge.service @@ -0,0 +1,17 @@ +[Unit] +Description=The Lounge (IRC client) +After=network-online.target +Wants=network-online.target + +[Service] +User=thelounge +Group=thelounge +Type=simple +Environment=THELOUNGE_HOME=/var/local/thelounge +ExecStart=/usr/local/bin/thelounge start +ProtectSystem=yes +ProtectHome=yes +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target From 8e2cc7e77aa0cef21595bdceae0e595c51d7afee Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Sun, 27 Apr 2025 20:04:56 +0200 Subject: [PATCH 09/56] keys --- authorized_keys/blackdragon.keys | 1 + 1 file changed, 1 insertion(+) create mode 100644 authorized_keys/blackdragon.keys diff --git a/authorized_keys/blackdragon.keys b/authorized_keys/blackdragon.keys new file mode 100644 index 0000000..d488f52 --- /dev/null +++ b/authorized_keys/blackdragon.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre From 050205e95c01b8025892972ad8e77f3ff75d9cd0 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Sun, 27 Apr 2025 21:11:17 +0200 Subject: [PATCH 10/56] Cleanup thelounge playbook --- bitlair.yaml | 6 ++ chat.yaml | 2 + roles/chat/handlers/main.yaml | 10 +++ roles/chat/tasks/main.yaml | 113 +++++++++++------------------- roles/chat/templates/config.js.j2 | 4 +- 5 files changed, 61 insertions(+), 74 deletions(-) create mode 100644 roles/chat/handlers/main.yaml diff --git a/bitlair.yaml b/bitlair.yaml index 4016241..19de646 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -65,3 +65,9 @@ - { role: "acme", tags: ["acme"] } - { role: "nginx", tags: ["nginx"] } - { role: "www", tags: ["www"] } + +- hosts: chat + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "nginx", tags: [ "nginx" ] } + - { role: "chat", tags: [ "chat" ] } diff --git a/chat.yaml b/chat.yaml index 9560585..a5b4c42 100644 --- a/chat.yaml +++ b/chat.yaml @@ -1,3 +1,5 @@ +--- + - hosts: chat roles: - { role: "common", tags: [ "common" ] } diff --git a/roles/chat/handlers/main.yaml b/roles/chat/handlers/main.yaml new file mode 100644 index 0000000..82e78eb --- /dev/null +++ b/roles/chat/handlers/main.yaml @@ -0,0 +1,10 @@ +--- +- name: Reload systemd + ansible.builtin.systemd: + daemon_reload: yes + +- name: Restart thelounge + ansible.builtin.systemd: + name: thelounge + state: restarted + enabled: true diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 6fa26d1..097eb1b 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -1,7 +1,9 @@ +--- + - name: Install dependencies ansible.builtin.apt: state: present - pkg: + pkg: - gpg - apt-transport-https - build-essential @@ -14,25 +16,30 @@ creates: /usr/share/keyrings/nodesource.gpg notify: Apt update -- name: Install nodesource source list - ansible.builtin.template: - src: nodesource.list - dest: /etc/apt/sources.list.d/nodesource.list - owner: root - group: root - mode: 0644 - notify: Apt update +- name: Ensure directories are present + ansible.builtin.file: + path: "{{ item.path }}" + owner: "thelounge" + group: "thelounge" + state: "{{ item.state | default('directory') }}" + mode: "{{ item.mode | default('0770') }}" + with_items: + - { path: "/etc/thelounge" } + - { path: "/var/local/thelounge/users" } + - { path: "/var/local/thelounge/storage" } + notify: + - Restart thelounge -- name: Install nodejs apt preference +- name: Configure templates ansible.builtin.template: - src: nodejs-apt-pref - dest: /etc/apt/preferences.d/nodejs - owner: root - group: root - mode: 0644 - notify: Apt update - -- ansible.builtin.meta: flush_handlers + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner | default( 'thelounge' ) }}" + group: "{{ item.group | default( 'thelounge' ) }}" + mode: "{{ item.mode | default('0640') }}" + with_items: + - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root } + - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs", owner: root, group: root } - name: Install nodejs ansible.builtin.apt: @@ -56,7 +63,7 @@ - name: Copy patch ansible.builtin.template: - src: thelounge-bitlair.patch + src: thelounge-bitlair.patch dest: /tmp/thelounge-bitlair.patch - name: Apply patch @@ -69,16 +76,17 @@ ansible.builtin.shell: chdir: /opt/thelounge cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge + notify: + - Restart thelounge - name: Ensure user thelounge is present - user: + ansible.builtin.user: name: thelounge createhome: no comment: The Lounge (IRC client) system: yes state: present - become: yes - + - name: Ensure JS and JSON syntax checking packages are installed yarn: name: "{{ item }}" @@ -87,57 +95,18 @@ with_items: - esprima - jsonlint - become: yes changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in -- name: Ensure thelounge configuration directory is present - file: - path: /etc/thelounge - owner: thelounge - group: thelounge - state: directory - become: yes - -- name: Ensure The Lounge is configured - template: - src: config.js.j2 - dest: /etc/thelounge/config.js - owner: thelounge - group: thelounge - validate: 'esvalidate %s' - become: yes - -- name: Ensure user configuration directory is present - file: - path: /var/local/thelounge/users - owner: thelounge - group: thelounge - state: directory - become: yes - -- name: Ensure preview storage directory is present - file: - path: /var/local/thelounge/storage - owner: thelounge - group: thelounge - mode: "0770" - state: directory - become: yes - -- name: Copy service file to systemd directory +- name: Configure templates ansible.builtin.template: - src: thelounge.service # Path to your service file in your Ansible project - dest: /etc/systemd/system/thelounge.service - owner: root - group: root - mode: '0644' - -- name: Reload systemd daemon to read new service file - ansible.builtin.systemd: - daemon_reload: yes + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner | default( 'thelounge' ) }}" + group: "{{ item.group | default( 'thelounge' ) }}" + mode: "{{ item.mode | default('0640') }}" + validate: "{{ item.validate | default([]) }}" + with_items: + - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' } + - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" } + notify: "{{ item.notify | default('Restart thelounge') }}" -- name: Enable and start the service - ansible.builtin.systemd: - name: thelounge - state: started - enabled: yes \ No newline at end of file diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 index c606576..c1b4a0c 100644 --- a/roles/chat/templates/config.js.j2 +++ b/roles/chat/templates/config.js.j2 @@ -49,8 +49,8 @@ module.exports = { url: "{{ thelounge_ldap_url }}", primaryKey: "uid", searchDN: { - rootDN: "{{ thelounge_ldap_rootDN }}", - rootPassword: "{{ thelounge_ldap_rootPassword }}", + rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}", + rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}", filter: "{{ thelounge_ldap_filter }}", base: "{{ thelounge_ldap_base }}", }, From 4870960b455748ae80b5f8724710e81cf3c24fa3 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Sun, 27 Apr 2025 21:19:41 +0200 Subject: [PATCH 11/56] Listen on localhost --- group_vars/chat.yaml | 4 +++- roles/chat/defaults/main.yaml | 5 +++++ roles/chat/handlers/main.yaml | 1 + roles/chat/tasks/main.yaml | 14 +++++++------- roles/chat/templates/config.js.j2 | 2 +- roles/chat/templates/thelounge.service | 4 ++-- 6 files changed, 19 insertions(+), 11 deletions(-) diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml index 8caf096..08a3480 100644 --- a/group_vars/chat.yaml +++ b/group_vars/chat.yaml @@ -1,9 +1,11 @@ --- + root_access: - blackdragon - ak - foobar - polyfloyd + nodejs_version: 22.x thelounge_version: "4.4.3" thelounge_ldap_url: ldaps://ldap.bitlair.nl @@ -31,4 +33,4 @@ nginx_sites: } group_nft_input: - - "tcp dport { http, https } accept # Allow web-traffic from world" \ No newline at end of file + - "tcp dport { http, https } accept # Allow web-traffic from world" diff --git a/roles/chat/defaults/main.yaml b/roles/chat/defaults/main.yaml index e69de29..4e52991 100644 --- a/roles/chat/defaults/main.yaml +++ b/roles/chat/defaults/main.yaml @@ -0,0 +1,5 @@ +--- + +chat_user: thelounge +chat_group: thelounge +chat_configdir: "/etc/thelounge" diff --git a/roles/chat/handlers/main.yaml b/roles/chat/handlers/main.yaml index 82e78eb..e03963e 100644 --- a/roles/chat/handlers/main.yaml +++ b/roles/chat/handlers/main.yaml @@ -1,4 +1,5 @@ --- + - name: Reload systemd ansible.builtin.systemd: daemon_reload: yes diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 097eb1b..7b74982 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -19,12 +19,12 @@ - name: Ensure directories are present ansible.builtin.file: path: "{{ item.path }}" - owner: "thelounge" - group: "thelounge" + owner: "{{ chat_user }}" + group: "{{ chat_group }}" state: "{{ item.state | default('directory') }}" mode: "{{ item.mode | default('0770') }}" with_items: - - { path: "/etc/thelounge" } + - { path: "{{ chat_configdir }}" } - { path: "/var/local/thelounge/users" } - { path: "/var/local/thelounge/storage" } notify: @@ -34,8 +34,8 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ item.owner | default( 'thelounge' ) }}" - group: "{{ item.group | default( 'thelounge' ) }}" + owner: "{{ item.owner | default( chat_user ) }}" + group: "{{ item.group | default( chat_group ) }}" mode: "{{ item.mode | default('0640') }}" with_items: - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root } @@ -101,8 +101,8 @@ ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: "{{ item.owner | default( 'thelounge' ) }}" - group: "{{ item.group | default( 'thelounge' ) }}" + owner: "{{ item.owner | default( chat_user ) }}" + group: "{{ item.group | default( chat_group ) }}" mode: "{{ item.mode | default('0640') }}" validate: "{{ item.validate | default([]) }}" with_items: diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 index c1b4a0c..ba12695 100644 --- a/roles/chat/templates/config.js.j2 +++ b/roles/chat/templates/config.js.j2 @@ -3,7 +3,7 @@ module.exports = { public: false, port: 9000, - bind: "0.0.0.0", + bind: "127.0.0.1", reverseProxy: true, lockNetwork: true, maxHistory: 10000, diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service index 3fc7396..26a11ea 100644 --- a/roles/chat/templates/thelounge.service +++ b/roles/chat/templates/thelounge.service @@ -4,8 +4,8 @@ After=network-online.target Wants=network-online.target [Service] -User=thelounge -Group=thelounge +User={{ chat_user }} +Group={{ chat_group }} Type=simple Environment=THELOUNGE_HOME=/var/local/thelounge ExecStart=/usr/local/bin/thelounge start From 720cd70e4fd5635794c1ab95a9f1ef4b65b9d358 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Tue, 29 Apr 2025 17:50:18 +0200 Subject: [PATCH 12/56] Move a few things over from GitHub --- roles/services/tasks/discord_bot.yaml | 2 +- roles/services/tasks/mastodon_spacestate.yaml | 2 +- roles/services/tasks/spacestated.yaml | 2 +- roles/services/tasks/wifi_mqtt.yaml | 2 +- roles/www/tasks/calendar.yaml | 2 +- roles/www/tasks/spaceapi.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 1889db4..19a659f 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -21,7 +21,7 @@ - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/discord-bot.git + repo: https://git.bitlair.nl/bitlair/discord-bot.git version: main dest: /var/lib/discord-bot accept_hostkey: yes diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index 53f979e..9babbbd 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -7,7 +7,7 @@ - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/mastodon-spacestate.git + repo: https://git.bitlair.nl/bitlair/mastodon-spacestate.git version: main dest: /var/lib/mastodon-spacestate accept_hostkey: yes diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 92a0ace..e35851e 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -21,7 +21,7 @@ - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/spacestated.git + repo: https://git.bitlair.nl/bitlair/spacestated.git version: main dest: /var/lib/spacestated/spacestated accept_hostkey: yes diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index 8bb8353..d69aa34 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -8,7 +8,7 @@ - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/wifi-mqtt.git + repo: https://git.bitlair.nl/bitlair/wifi-mqtt.git version: main dest: /var/lib/wifi-mqtt accept_hostkey: yes diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml index f6513a8..16c027e 100644 --- a/roles/www/tasks/calendar.yaml +++ b/roles/www/tasks/calendar.yaml @@ -5,7 +5,7 @@ - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/calendar-parser.git + repo: https://git.bitlair.nl/bitlair/wiki-calendar-exporter.git version: main dest: /usr/local/src/bitlair-calendar accept_hostkey: yes diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index 7c8a494..e6b7954 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -1,7 +1,7 @@ --- - name: Clone spaceapi source ansible.builtin.git: - repo: https://github.com/bitlair/spaceapi.git + repo: https://git.bitlair.nl/bitlair/spaceapi.git version: main dest: /opt/spaceapi accept_hostkey: true From cedacdec7dcd67e6bf53aadc6cb7fe1294595136 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Tue, 29 Apr 2025 18:47:52 +0200 Subject: [PATCH 13/56] bank: Increase git sync frequency --- roles/bank/templates/git.cron | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron index b703657..b334260 100644 --- a/roles/bank/templates/git.cron +++ b/roles/bank/templates/git.cron @@ -1,4 +1,4 @@ SHELL=/bin/bash -#m h dom mon dow user command - 0 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products) +#m h dom mon dow user command + */10 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products) From efd0604c3aa9d3c9ff558fdfd36c666d050cd57e Mon Sep 17 00:00:00 2001 From: BlackDragon Date: Wed, 30 Apr 2025 18:44:08 +0200 Subject: [PATCH 14/56] Update roles/chat/templates/config.js.j2 --- roles/chat/templates/config.js.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 index ba12695..69b1727 100644 --- a/roles/chat/templates/config.js.j2 +++ b/roles/chat/templates/config.js.j2 @@ -3,7 +3,8 @@ module.exports = { public: false, port: 9000, - bind: "127.0.0.1", + bind: "0.0.0.0", + host: "127.0.0.1", reverseProxy: true, lockNetwork: true, maxHistory: 10000, From 6dfb60165ae04f2e756179b53065377f3b2c4eac Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 30 Apr 2025 19:33:26 +0200 Subject: [PATCH 15/56] Add a distinct nodesource role --- chat.yaml | 1 + pad.yaml | 1 + roles/chat/tasks/main.yaml | 23 +----------- roles/chat/templates/nodejs-apt-pref | 5 --- roles/chat/templates/nodesource.list | 3 -- roles/etherpad/defaults/main.yaml | 1 - roles/etherpad/tasks/main.yaml | 37 +------------------ roles/nodesource/defaults/main.yaml | 2 + roles/nodesource/handlers/main.yaml | 3 ++ roles/nodesource/tasks/main.yaml | 33 +++++++++++++++++ .../templates/nodejs-apt-pref | 0 .../templates/nodesource.list | 2 +- 12 files changed, 44 insertions(+), 67 deletions(-) delete mode 100644 roles/chat/templates/nodejs-apt-pref delete mode 100644 roles/chat/templates/nodesource.list create mode 100644 roles/nodesource/defaults/main.yaml create mode 100644 roles/nodesource/handlers/main.yaml create mode 100644 roles/nodesource/tasks/main.yaml rename roles/{etherpad => nodesource}/templates/nodejs-apt-pref (100%) rename roles/{etherpad => nodesource}/templates/nodesource.list (56%) diff --git a/chat.yaml b/chat.yaml index a5b4c42..fdf3a9a 100644 --- a/chat.yaml +++ b/chat.yaml @@ -6,4 +6,5 @@ - { role: "nft", tags: [ "nft" ] } - { role: "nginx", tags: [ "nginx" ] } - { role: "acme", tags: [ "acme" ] } + - { role: "nodesource", tags: [ "nodesource" ] } - { role: "chat", tags: [ "chat" ] } diff --git a/pad.yaml b/pad.yaml index 380e790..1d35c0d 100644 --- a/pad.yaml +++ b/pad.yaml @@ -9,4 +9,5 @@ - { role: "nft", tags: [ "nft" ] } - { role: "acme", tags: [ "acme" ] } - { role: "nginx", tags: [ "nginx" ] } + - { role: "nodesource", tags: [ "nodesource" ] } - { role: "etherpad", tags: [ "etherpad" ] } diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 7b74982..696d5e5 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -4,17 +4,8 @@ ansible.builtin.apt: state: present pkg: - - gpg - - apt-transport-https - build-essential - -- name: Import nodesource signing key - ansible.builtin.shell: - cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor - -o /usr/share/keyrings/nodesource.gpg - args: - creates: /usr/share/keyrings/nodesource.gpg - notify: Apt update + - nodejs - name: Ensure directories are present ansible.builtin.file: @@ -30,20 +21,8 @@ notify: - Restart thelounge -- name: Configure templates - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner | default( chat_user ) }}" - group: "{{ item.group | default( chat_group ) }}" - mode: "{{ item.mode | default('0640') }}" - with_items: - - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list", owner: root, group: root } - - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs", owner: root, group: root } - - name: Install nodejs ansible.builtin.apt: - name: nodejs - name: Install yarn ansible.builtin.shell: diff --git a/roles/chat/templates/nodejs-apt-pref b/roles/chat/templates/nodejs-apt-pref deleted file mode 100644 index 6193912..0000000 --- a/roles/chat/templates/nodejs-apt-pref +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: nodejs -Pin: origin deb.nodesource.com -Pin-Priority: 1000 diff --git a/roles/chat/templates/nodesource.list b/roles/chat/templates/nodesource.list deleted file mode 100644 index 6ac9322..0000000 --- a/roles/chat/templates/nodesource.list +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} - -deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main diff --git a/roles/etherpad/defaults/main.yaml b/roles/etherpad/defaults/main.yaml index 7e1952a..4a05b97 100644 --- a/roles/etherpad/defaults/main.yaml +++ b/roles/etherpad/defaults/main.yaml @@ -1,4 +1,3 @@ -nodejs_version: 22.x etherpad_db_user: etherpad etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}" etherpad_db_name: etherpad diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index 38dc4d3..e19835c 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -3,43 +3,10 @@ - name: Install dependencies ansible.builtin.apt: state: present - pkg: - - gpg + pkg: + - nodejs - postgresql - python3-psycopg2 - - apt-transport-https - -- name: Import nodesource signing key - ansible.builtin.shell: - cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor - -o /usr/share/keyrings/nodesource.gpg - args: - creates: /usr/share/keyrings/nodesource.gpg - notify: apt update - -- name: Install nodesource source list - ansible.builtin.template: - src: nodesource.list - dest: /etc/apt/sources.list.d/nodesource.list - owner: root - group: root - mode: 0644 - notify: apt update - -- name: Install nodejs apt preference - ansible.builtin.template: - src: nodejs-apt-pref - dest: /etc/apt/preferences.d/nodejs - owner: root - group: root - mode: 0644 - notify: apt update - -- ansible.builtin.meta: flush_handlers - -- name: Install nodejs - ansible.builtin.apt: - name: nodejs - name: Add database user become: true diff --git a/roles/nodesource/defaults/main.yaml b/roles/nodesource/defaults/main.yaml new file mode 100644 index 0000000..6ab2293 --- /dev/null +++ b/roles/nodesource/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +nodesource_version: 22.x diff --git a/roles/nodesource/handlers/main.yaml b/roles/nodesource/handlers/main.yaml new file mode 100644 index 0000000..e7a11ce --- /dev/null +++ b/roles/nodesource/handlers/main.yaml @@ -0,0 +1,3 @@ +--- +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml diff --git a/roles/nodesource/tasks/main.yaml b/roles/nodesource/tasks/main.yaml new file mode 100644 index 0000000..f35afde --- /dev/null +++ b/roles/nodesource/tasks/main.yaml @@ -0,0 +1,33 @@ +--- +- name: Install dependencies + ansible.builtin.apt: + state: present + pkg: + - apt-transport-https + - gpg + +- name: Import nodesource signing key + ansible.builtin.shell: + cmd: | + set -o pipefail + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg + executable: /bin/bash + args: + creates: /usr/share/keyrings/nodesource.gpg + notify: apt update + +- name: Install nodesource apt files + ansible.builtin.template: + src: nodesource.list + dest: /etc/apt/sources.list.d/nodesource.list + owner: root + group: root + mode: 0644 + notify: apt update + with_items: + - src: nodesource.list + dest: /etc/apt/sources.list.d/nodesource.list + - src: nodejs-apt-pref + dest: /etc/apt/preferences.d/nodejs + +- ansible.builtin.meta: flush_handlers diff --git a/roles/etherpad/templates/nodejs-apt-pref b/roles/nodesource/templates/nodejs-apt-pref similarity index 100% rename from roles/etherpad/templates/nodejs-apt-pref rename to roles/nodesource/templates/nodejs-apt-pref diff --git a/roles/etherpad/templates/nodesource.list b/roles/nodesource/templates/nodesource.list similarity index 56% rename from roles/etherpad/templates/nodesource.list rename to roles/nodesource/templates/nodesource.list index 43defab..3600170 100644 --- a/roles/etherpad/templates/nodesource.list +++ b/roles/nodesource/templates/nodesource.list @@ -1,3 +1,3 @@ # {{ ansible_managed }} -deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main +deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodesource_version }} nodistro main From 33f7b0fc358331de65458a171f47886d97f0dce3 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 30 Apr 2025 20:47:29 +0200 Subject: [PATCH 16/56] git-server: Run update.sh as root --- roles/git-server/templates/cronjob | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/git-server/templates/cronjob b/roles/git-server/templates/cronjob index 9a71799..659b668 100644 --- a/roles/git-server/templates/cronjob +++ b/roles/git-server/templates/cronjob @@ -1,4 +1,4 @@ # {{ ansible_managed }} -#m h dom mon dow user command - 0 2 * * 1 {{ git_server_user }} {{ git_server_working_dir }}/update.sh +#m h dom mon dow user command + 0 2 * * 1 root {{ git_server_working_dir }}/update.sh From 46a28a9ead3e50abce6593e9240bf40bd5bd61d7 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 30 Apr 2025 20:59:31 +0200 Subject: [PATCH 17/56] Add ldap host --- bitlair.yaml | 4 ++++ inventory | 3 +++ 2 files changed, 7 insertions(+) diff --git a/bitlair.yaml b/bitlair.yaml index 19de646..b463ff7 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -71,3 +71,7 @@ - { role: "acme", tags: [ "acme" ] } - { role: "nginx", tags: [ "nginx" ] } - { role: "chat", tags: [ "chat" ] } + +- hosts: ldap + roles: + - { role: "common", tags: [ "common" ] } diff --git a/inventory b/inventory index 86d1bea..eca431d 100644 --- a/inventory +++ b/inventory @@ -50,6 +50,9 @@ homeassistant.bitlair.nl [chat] chat.bitlair.nl +[ldap] +ldap-new.bitlair.nl + [debian:children] bank fotos From 0a7dfab99fd4b1d495a9097653bccad81947e7ee Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Wed, 30 Apr 2025 21:43:16 +0200 Subject: [PATCH 18/56] Cleanup chat playbook --- roles/chat/tasks/main.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 696d5e5..cad172f 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -28,7 +28,8 @@ ansible.builtin.shell: cmd: npm install --global yarn -- stat: path=/opt/thelounge +- ansible.builtin.stat: + path: /opt/thelounge register: src_path - name: Retreive thelounge source @@ -67,14 +68,14 @@ state: present - name: Ensure JS and JSON syntax checking packages are installed - yarn: + community.general.yarn: name: "{{ item }}" global: yes - state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + # state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in with_items: - esprima - jsonlint - changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + # changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in - name: Configure templates ansible.builtin.template: From eb0a72430908429308c283494406582b7e433abf Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 4 May 2025 23:05:15 +0200 Subject: [PATCH 19/56] bank: Changes required for RevBank 10.0 --- roles/bank/tasks/revbank.yaml | 36 ++++++----------------------------- roles/bank/templates/git.cron | 2 +- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index ec283d1..73e770a 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -11,40 +11,16 @@ dest: /home/{{ bank_user }}/revbank.git accept_hostkey: yes -- name: Create data files - ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} - args: - creates: /home/{{ bank_user }}/{{ item }} - with_items: - - revbank.accounts - - revbank.market - - revbank.products - -- name: Ensure data file permissions - ansible.builtin.file: - path: /home/{{ bank_user }}/{{ item }} - state: touch - owner: "{{ bank_user }}" - group: "{{ bank_user }}" - mode: 0644 - with_items: - - revbank.accounts - - revbank.market - - revbank.products - - name: Link plugins ansible.builtin.file: state: link - path: /home/{{ bank_user }}/{{ item }} - src: /home/{{ bank_user }}/revbank.git/{{ item }} + src: "{{ item.src }}" + path: "{{ item.dest }}" with_items: - - plugins - - revbank.plugins - -- name: Create git data dir - ansible.builtin.file: - path: /home/{{ bank_user }}/data.git - state: directory + - src: /home/{{ bank_user }}/revbank.git/plugins + dest: /home/{{ bank_user }}/plugins + - src: /home/{{ bank_user }}/revbank.git/data/plugins + dest: /home/{{ bank_user }}/.revbank/plugins - name: Install git cronjob ansible.builtin.template: diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron index b334260..32308cf 100644 --- a/roles/bank/templates/git.cron +++ b/roles/bank/templates/git.cron @@ -1,4 +1,4 @@ SHELL=/bin/bash #m h dom mon dow user command - */10 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products) + */10 * * * * {{ bank_user }} git -C ~/.revbank pull -r && git -C ~/.revbank push From a5930bb1aa8a39cf7aea847309c7fab0068c5837 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 4 May 2025 23:12:44 +0200 Subject: [PATCH 20/56] bank: qrencode is no longer needed --- roles/bank/tasks/revbank.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index 73e770a..5a0cf6c 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -1,7 +1,7 @@ --- - name: Install dependencies ansible.builtin.apt: - name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] + name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ] state: present - name: Clone revbank source From e65ffd5dc73fea19df70c43a1e2472156a84ae2e Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Mon, 5 May 2025 22:59:52 +0200 Subject: [PATCH 21/56] services/discord_bot: Some tweaks --- roles/services/tasks/discord_bot.yaml | 19 ++++++++----------- roles/services/templates/discord-bot.service | 3 ++- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 19a659f..4d742f6 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -2,23 +2,14 @@ - name: Install dependencies ansible.builtin.apt: - name: - - python3-paho-mqtt - - python3-tz - - virtualenv + name: virtualenv - name: Create virtualenv ansible.builtin.command: - cmd: virtualenv /opt/miflora_exporter/.venv + cmd: virtualenv /var/lib/discord-bot/.venv args: creates: /var/lib/discord-bot/.venv -- name: Install Python dependencies - ansible.builtin.shell: - cmd: . .venv/bin/activate && pip install -r requirements.txt - args: - chdir: /var/lib/discord-bot - - name: Clone source ansible.builtin.git: repo: https://git.bitlair.nl/bitlair/discord-bot.git @@ -28,6 +19,12 @@ notify: Restart discord-bot ignore_errors: true +- name: Install Python dependencies + ansible.builtin.shell: + cmd: . .venv/bin/activate && pip install -r requirements.txt + args: + chdir: /var/lib/discord-bot + - name: Install service file ansible.builtin.template: src: discord-bot.service diff --git a/roles/services/templates/discord-bot.service b/roles/services/templates/discord-bot.service index 2c73d05..ccac806 100644 --- a/roles/services/templates/discord-bot.service +++ b/roles/services/templates/discord-bot.service @@ -1,4 +1,4 @@ -# Managed by Ansible +# {{ ansible_managed }} [Unit] Description=HobbyBot @@ -13,6 +13,7 @@ DynamicUser=true Environment="MQTT_HOST={{ mqtt_internal_host }}" Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}" Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}" +Environment="BOTTLECLIP_GIT_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='bottleclip_git_token') }}" [Install] WantedBy=multi-user.target From 2f9ca22e90d3f1ad558daafcd9e8be19162949d7 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Tue, 6 May 2025 18:25:31 +0200 Subject: [PATCH 22/56] bank: Use new REVBANK_PLUGINS env var --- roles/bank/tasks/login.yaml | 12 ++++++++++-- roles/bank/tasks/revbank.yaml | 13 +------------ roles/bank/templates/login.sh | 6 ++++++ 3 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 roles/bank/templates/login.sh diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index 7ed568e..24fe3e0 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -1,10 +1,18 @@ --- +- name: Install revbank login shell + ansible.builtin.template: + src: login.sh + dest: /usr/local/bin/revbank-login + owner: root + group: root + mode: "0755" + - name: Add user ansible.builtin.user: name: bank password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" home: /home/{{ bank_user }} - shell: /home/{{ bank_user }}/revbank.git/revbank + shell: /usr/local/bin/revbank-login update_password: always - name: Allow password auth for bank user @@ -13,7 +21,7 @@ insertafter: EOF validate: "/usr/sbin/sshd -t -f %s" block: |- - Match User bank + Match User {{ bank_user }} PasswordAuthentication yes notify: reload sshd diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index 5a0cf6c..1870ff1 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -8,20 +8,9 @@ ansible.builtin.git: repo: "{{ bank_revbank_git }}" version: master - dest: /home/{{ bank_user }}/revbank.git + dest: /usr/local/share/revbank accept_hostkey: yes -- name: Link plugins - ansible.builtin.file: - state: link - src: "{{ item.src }}" - path: "{{ item.dest }}" - with_items: - - src: /home/{{ bank_user }}/revbank.git/plugins - dest: /home/{{ bank_user }}/plugins - - src: /home/{{ bank_user }}/revbank.git/data/plugins - dest: /home/{{ bank_user }}/.revbank/plugins - - name: Install git cronjob ansible.builtin.template: src: git.cron diff --git a/roles/bank/templates/login.sh b/roles/bank/templates/login.sh new file mode 100644 index 0000000..6deaf2b --- /dev/null +++ b/roles/bank/templates/login.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +export REVBANK_DIR=/usr/local/share/revbank +export REVBANK_PLUGINS="$(cat $REVBANK_DIR/data/plugins | sed 's/ *#.*$//g' | sed '/^$/d' | tr '\n' ' ')" + +$REVBANK_DIR/revbank From b9be1729b31ae22f3c96254893febf721002655a Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 7 May 2025 00:47:00 +0200 Subject: [PATCH 23/56] bank: RevBank 10.2 --- roles/bank/tasks/login.yaml | 10 +--------- roles/bank/tasks/revbank.yaml | 7 +++++++ roles/bank/templates/login.sh | 6 ------ 3 files changed, 8 insertions(+), 15 deletions(-) delete mode 100644 roles/bank/templates/login.sh diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index 24fe3e0..f54bbfd 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -1,18 +1,10 @@ --- -- name: Install revbank login shell - ansible.builtin.template: - src: login.sh - dest: /usr/local/bin/revbank-login - owner: root - group: root - mode: "0755" - - name: Add user ansible.builtin.user: name: bank password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" home: /home/{{ bank_user }} - shell: /usr/local/bin/revbank-login + shell: /usr/local/share/revbank/revbank update_password: always - name: Allow password auth for bank user diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index 1870ff1..e87f849 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -11,6 +11,13 @@ dest: /usr/local/share/revbank accept_hostkey: yes +- name: Clone revbank-plugin source + ansible.builtin.git: + repo: https://git.bitlair.nl/bitlair-bestuur/revbank-plugins.git + version: main + dest: /usr/local/share/revbank-plugins + accept_hostkey: yes + - name: Install git cronjob ansible.builtin.template: src: git.cron diff --git a/roles/bank/templates/login.sh b/roles/bank/templates/login.sh deleted file mode 100644 index 6deaf2b..0000000 --- a/roles/bank/templates/login.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -export REVBANK_DIR=/usr/local/share/revbank -export REVBANK_PLUGINS="$(cat $REVBANK_DIR/data/plugins | sed 's/ *#.*$//g' | sed '/^$/d' | tr '\n' ' ')" - -$REVBANK_DIR/revbank From 1b04d0f5c398627a53be6c1bdf7d73c4a8d9c0b1 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 7 May 2025 01:00:01 +0200 Subject: [PATCH 24/56] bank: RevBank 10.3 --- roles/bank/defaults/main.yaml | 2 +- roles/bank/tasks/revbank.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/bank/defaults/main.yaml b/roles/bank/defaults/main.yaml index b0fea92..d0a5ca6 100644 --- a/roles/bank/defaults/main.yaml +++ b/roles/bank/defaults/main.yaml @@ -1,3 +1,3 @@ bank_user: bank -bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git bank_local_tty: no +bank_revbank_version: "10.3.0" diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index e87f849..9f3f84c 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -6,8 +6,8 @@ - name: Clone revbank source ansible.builtin.git: - repo: "{{ bank_revbank_git }}" - version: master + repo: https://github.com/revspace/revbank.git + version: "v{{ bank_revbank_version }}" dest: /usr/local/share/revbank accept_hostkey: yes From 4f6025849f8215822c7e2be60cd3743126c71a49 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 7 May 2025 14:30:45 +0200 Subject: [PATCH 25/56] Update bitlair-plugin git upstream --- roles/bank/tasks/revbank.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index 9f3f84c..3b2ec65 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -13,7 +13,7 @@ - name: Clone revbank-plugin source ansible.builtin.git: - repo: https://git.bitlair.nl/bitlair-bestuur/revbank-plugins.git + repo: https://git.bitlair.nl/bitlair/revbank-plugins.git version: main dest: /usr/local/share/revbank-plugins accept_hostkey: yes From 3a0071abfa921de398aa751b9cabedefe2915b2d Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 9 May 2025 14:34:44 +0200 Subject: [PATCH 26/56] services/siahsd: Install from Debian package --- bitlair.yaml | 1 + group_vars/all.yaml | 2 ++ roles/services/tasks/siahsd.yaml | 19 ++++--------------- roles/services/templates/siahsd.conf | 25 ++----------------------- roles/services/templates/siahsd.service | 17 ----------------- services.yaml | 1 + 6 files changed, 10 insertions(+), 55 deletions(-) delete mode 100644 roles/services/templates/siahsd.service diff --git a/bitlair.yaml b/bitlair.yaml index b463ff7..950d555 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -58,6 +58,7 @@ - hosts: services roles: + - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "services", tags: ["services"] } - hosts: wiki diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 39de4c0..0169ce1 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -37,5 +37,7 @@ debian_repourl: "http://deb.debian.org/debian/" debian_securityurl: "http://security.debian.org/debian-security" deb_forgejo_repos: + - host: git.bitlair.nl + owner: bitlair - host: git.polyfloyd.net owner: polyfloyd diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index c7c3b0b..fc7fef5 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -1,16 +1,15 @@ --- -# TODO: Install and build +- name: Install siahsd + apt: + name: siahsd - name: Create directories ansible.builtin.file: - path: "{{ item }}" + path: /var/log/siahsd state: directory owner: siahsd group: nogroup mode: "0750" - with_items: - - /var/log/siahsd - - /var/lib/siahsd - name: Install config file ansible.builtin.template: @@ -21,19 +20,9 @@ mode: "0644" notify: Restart siahsd -- name: Install service file - ansible.builtin.template: - src: siahsd.service - dest: /etc/systemd/system/siahsd.service - owner: root - group: root - mode: "0644" - notify: Restart siahsd - - name: Start siahsd ansible.builtin.systemd: name: siahsd state: started enabled: true daemon_reload: true - diff --git a/roles/services/templates/siahsd.conf b/roles/services/templates/siahsd.conf index 5d8e94f..ee18220 100644 --- a/roles/services/templates/siahsd.conf +++ b/roles/services/templates/siahsd.conf @@ -1,3 +1,5 @@ +# {{ ansible_managed }} + [siahsd] pid file = /var/lib/siahsd/siahsd.pid log file = /var/log/siahsd/siahsd.log @@ -5,13 +7,6 @@ log level = 3 foreground = 0 event handlers = script -#[database] -#driver = mysql -#host = localhost -#name = siahsd -#username = siahsd -#password = MysbJxAaawmwKPqD - [siahs] port = 4000 @@ -19,21 +14,5 @@ port = 4000 port = 9000 rsa key file = something.sexp -#[jsonbot] -#address = 192.168.88.15 -#port = 5500 -#aes key = blablablablablaz -#password = mekker -#privmsg to = #bitlair - -#[spacestate] -#driver = mysql -#host = localhost -#name = bitwifi -#username = bitwifi -#password = aGWERQpLEQPUaXJV -#open script = /opt/alarm/disarmed.sh -#close script = /opt/alarm/armed.sh - [script] path = /opt/alarm/siahsd_handler.sh diff --git a/roles/services/templates/siahsd.service b/roles/services/templates/siahsd.service deleted file mode 100644 index 479324c..0000000 --- a/roles/services/templates/siahsd.service +++ /dev/null @@ -1,17 +0,0 @@ -# Managed by Ansible - -[Unit] -Description=Siahsd -After=network.target - -[Service] -Type=forking -PIDFile=/var/lib/siahsd/siahsd.pid -Restart=always -RestartSec=10s -ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid -ExecStart=/usr/local/src/siahsd/build/siahsd -User=siahsd - -[Install] -WantedBy=multi-user.target diff --git a/services.yaml b/services.yaml index e66fc11..52103e0 100644 --- a/services.yaml +++ b/services.yaml @@ -3,4 +3,5 @@ - hosts: services roles: - { role: "common", tags: [ "common" ] } + - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "services", tags: [ "services" ] } From 1d8e07bf0468a7440d4c2d26a5e68020983ea9d8 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 9 May 2025 17:40:10 +0200 Subject: [PATCH 27/56] services/discord_bot: New bottle-clip implementation --- roles/services/tasks/discord_bot.yaml | 15 ++++++++++++--- roles/services/templates/discord-bot.service | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 4d742f6..3ce4308 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -2,7 +2,9 @@ - name: Install dependencies ansible.builtin.apt: - name: virtualenv + name: + - openscad + - virtualenv - name: Create virtualenv ansible.builtin.command: @@ -10,14 +12,21 @@ args: creates: /var/lib/discord-bot/.venv -- name: Clone source +- name: Clone bottleclip source + ansible.builtin.git: + repo: https://git.bitlair.nl/bitlair/bottle-clip.git + version: main + dest: /var/lib/bottle-clip + accept_hostkey: yes + notify: Restart discord-bot + +- name: Clone discord-bot source ansible.builtin.git: repo: https://git.bitlair.nl/bitlair/discord-bot.git version: main dest: /var/lib/discord-bot accept_hostkey: yes notify: Restart discord-bot - ignore_errors: true - name: Install Python dependencies ansible.builtin.shell: diff --git a/roles/services/templates/discord-bot.service b/roles/services/templates/discord-bot.service index ccac806..7522fd9 100644 --- a/roles/services/templates/discord-bot.service +++ b/roles/services/templates/discord-bot.service @@ -13,7 +13,7 @@ DynamicUser=true Environment="MQTT_HOST={{ mqtt_internal_host }}" Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}" Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}" -Environment="BOTTLECLIP_GIT_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='bottleclip_git_token') }}" +Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" [Install] WantedBy=multi-user.target From 301529271dfdf6ab4be82a5c2d8d2788e1acbc13 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 17:40:30 +0200 Subject: [PATCH 28/56] music: Use nginx role --- group_vars/music.yaml | 4 ++ music.yaml | 2 +- roles/music/tasks/main.yaml | 9 ---- roles/music/templates/nginx-site.conf | 70 --------------------------- snippets/music-nginx.j2 | 49 +++++++++++++++++++ 5 files changed, 54 insertions(+), 80 deletions(-) delete mode 100644 roles/music/templates/nginx-site.conf create mode 100644 snippets/music-nginx.j2 diff --git a/group_vars/music.yaml b/group_vars/music.yaml index 8f0cc7c..457597a 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -11,6 +11,10 @@ root_access: - polyfloyd nginx_client_max_body_size: 512M +nginx_sites: + - server_name: "music.bitlair.nl" + snippets: + - "music-nginx.j2" music_domain: music.bitlair.nl acme_san_domains: diff --git a/music.yaml b/music.yaml index 17666f3..015c769 100644 --- a/music.yaml +++ b/music.yaml @@ -6,5 +6,5 @@ - { role: "acme", tags: [ "acme" ] } - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "go", tags: [ "go" ] } -# - { role: "nginx", tags: [ "nginx" ] } + - { role: "nginx", tags: [ "nginx" ] } - { role: "music", tags: [ "music" ] } diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index e8a751c..537746a 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -23,12 +23,3 @@ file: soundboard.yaml tags: - music_soundboard - -- name: Install nginx config - ansible.builtin.template: - src: nginx-site.conf - dest: /etc/nginx/sites-enabled/trollibox - owner: root - group: root - mode: 0644 - notify: Reload nginx diff --git a/roles/music/templates/nginx-site.conf b/roles/music/templates/nginx-site.conf deleted file mode 100644 index 185d689..0000000 --- a/roles/music/templates/nginx-site.conf +++ /dev/null @@ -1,70 +0,0 @@ -# {{ ansible_managed }} - -server { - listen 80 default_server; - listen [::]:80 default_server; - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - - server_name {{ music_domain }}; - - {% if acme_bootstrap_certs %} - include "snippets/snakeoil.conf"; - {% else %} - ssl_certificate "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem"; - ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem"; - {% endif %} - - {% for range in trusted_ranges %} - allow {{ range.cidr }}; - {% endfor %} - deny all; - - location / { - rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?; - } - - location /trollibox/ { - proxy_pass http://[::1]:3000/; - client_max_body_size 512M; - include proxy_params; - } - - location ~ ^/trollibox/(.+/events)$ { - proxy_pass http://[::1]:3000/$1; - include proxy_params; - proxy_http_version 1.1; - chunked_transfer_encoding off; - add_header X-Test "123"; - proxy_set_header Connection ''; - proxy_buffering off; - proxy_read_timeout 7d; - } - - location ~ ^/trollibox/(.+/listen)$ { - proxy_pass http://[::1]:3000/$1; - include proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 7d; - } - - location /bobdsp/ { - proxy_pass http://[::1]:8081/; - include proxy_params; - } - - location /vis/ { - allow all; - proxy_pass http://[::1]:13378/; - include proxy_params; - } - - location = /vis/ { - rewrite ^(.*)$ /vis/index.html; - include proxy_params; - } - - include "snippets/acme.conf"; -} diff --git a/snippets/music-nginx.j2 b/snippets/music-nginx.j2 new file mode 100644 index 0000000..d179b23 --- /dev/null +++ b/snippets/music-nginx.j2 @@ -0,0 +1,49 @@ +{% for range in trusted_ranges %} +allow {{ range.cidr }}; +{% endfor %} +deny all; + +location / { + rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?; +} + +location /trollibox/ { + proxy_pass http://[::1]:3000/; + include proxy_params; +} + +location ~ ^/trollibox/(.+/events)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + chunked_transfer_encoding off; + add_header X-Test "123"; + proxy_set_header Connection ''; + proxy_buffering off; + proxy_read_timeout 7d; +} + +location ~ ^/trollibox/(.+/listen)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 7d; +} + +location /bobdsp/ { + proxy_pass http://[::1]:8081/; + include proxy_params; +} + +location /vis/ { + allow all; + proxy_pass http://[::1]:13378/; + include proxy_params; +} + +location = /vis/ { + rewrite ^(.*)$ /vis/index.html; + include proxy_params; +} From 43075d27fea1a786ff04bbd8f0cc6ab84d5d7f88 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 19:57:30 +0200 Subject: [PATCH 29/56] music/librespot: Various tweaks * Use pulseaudio backend * Run as separate librespot user * Use linear volume mixer --- roles/music/defaults/main.yaml | 3 +++ roles/music/handlers/main.yaml | 6 +++--- roles/music/tasks/librespot.yaml | 19 ++++++++++++------- roles/music/templates/librespot.service | 9 ++++----- 4 files changed, 22 insertions(+), 15 deletions(-) diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index fa95b47..5db2f4c 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,2 +1,5 @@ music_audio_user: audio +music_audio_group: audio +music_librespot_user: librespot + music_mqtt_mpd_volume: bitlair/music/space/volume diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 2d77dbb..faf76f9 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -8,13 +8,13 @@ state: restarted daemon_reload: true -- name: Rebuild librespot +- name: rebuild librespot ansible.builtin.command: - cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend + cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend args: chdir: /opt/librespot -- name: Restart librespot +- name: restart librespot ansible.builtin.systemd: name: librespot state: restarted diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 2a8d19b..9d062ce 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -1,8 +1,11 @@ --- -- name: Install dependencies - ansible.builtin.apt: - name: libjack-jackd2-dev - state: present +- name: Create librespot user + user: + name: "{{ music_librespot_user }}" + system: true + home: /var/lib/librespot + groups: + - "{{ music_audio_group }}" - name: Clone librespot source ansible.builtin.git: @@ -11,8 +14,8 @@ dest: /opt/librespot accept_hostkey: yes notify: - - Rebuild librespot - - Restart librespot + - rebuild librespot + - restart librespot - name: Install service file ansible.builtin.template: @@ -21,7 +24,7 @@ owner: root group: root mode: 0644 - notify: Restart librespot + notify: restart librespot - name: Enable Librespot ansible.builtin.systemd: @@ -29,3 +32,5 @@ state: started enabled: true daemon_reload: true + +- meta: flush_handlers diff --git a/roles/music/templates/librespot.service b/roles/music/templates/librespot.service index 8d3b683..c6d8c4a 100644 --- a/roles/music/templates/librespot.service +++ b/roles/music/templates/librespot.service @@ -3,16 +3,15 @@ [Unit] Description=Spotify through Librespot After=network.target -Requires=jackd.service [Service] Type=simple Restart=always RestartSec=2s -ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio -User={{ music_audio_user }} -Group={{ music_audio_user }} -AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE +ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend pulseaudio --volume-ctrl linear +Environment="PULSE_SERVER=/tmp/pipewire-pulse-socket" +Environment="XDG_RUNTIME_DIR=/run/user/0" +User={{ music_librespot_user }} [Install] WantedBy=multi-user.target From 7cd44bbe53622c6569eda33aeee8b1dde356ea3f Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 21:26:36 +0200 Subject: [PATCH 30/56] music: Add MPD --- roles/music/handlers/main.yaml | 6 +++++ roles/music/tasks/mpd.yaml | 37 +++++++++++++++++++++++----- roles/music/templates/mpd.conf | 40 +++++++++++++++++++++++++++++++ roles/music/templates/mpd.service | 21 ++++++++++++++++ roles/music/templates/mpd_state | 17 +++++++++++++ 5 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 roles/music/templates/mpd.conf create mode 100644 roles/music/templates/mpd.service create mode 100644 roles/music/templates/mpd_state diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index faf76f9..19193d6 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -2,6 +2,12 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml +- name: restart mpd + ansible.builtin.systemd: + name: mpd + state: restarted + daemon_reload: true + - name: Restart trollibox ansible.builtin.systemd: name: trollibox diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index eb88133..317df4e 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -1,14 +1,32 @@ --- - - name: Install MPD ansible.builtin.apt: - name: - - jackd - - mpd - - python3-mpd - - python3-serial + name: mpd state: present +- name: Add mpd user to the {{ music_audio_group }} group + user: + name: mpd + groups: + - "{{ music_audio_group }}" + notify: restart mpd + +- name: Install mpd file + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + notify: restart mpd + with_items: + - src: mpd.conf + dest: /etc/mpd.conf + - src: mpd.service + dest: /etc/systemd/system/mpd.service + - src: mpd_state + dest: /var/lib/mpd/state.default + - name: Install mpd-volume-to-mqtt script ansible.builtin.template: src: mpd-volume-to-mqtt.sh @@ -34,6 +52,13 @@ enabled: true daemon_reload: true +- name: Install skipbutton depedencies + ansible.builtin.apt: + name: + - python3-mpd + - python3-serial + state: present + - name: Clone skipbutton source ansible.builtin.git: repo: https://github.com/bitlair/skipbutton.git diff --git a/roles/music/templates/mpd.conf b/roles/music/templates/mpd.conf new file mode 100644 index 0000000..efa28f7 --- /dev/null +++ b/roles/music/templates/mpd.conf @@ -0,0 +1,40 @@ +# {{ ansible_managed }} + +user "mpd" +group "{{ music_audio_group }}" + +bind_to_address "any" +port "6600" +max_connections "20" + +zeroconf_enabled "yes" +zeroconf_name "MPD @ %h" + +music_directory "/srv/media/music" +auto_update "yes" +filesystem_charset "UTF-8" + +playlist_directory "/var/lib/mpd/playlists" +db_file "/var/lib/mpd/tag_cache" +state_file "/var/lib/mpd/state" +sticker_file "/var/lib/mpd/sticker.sql" + +input { + plugin "curl" # Required for web streams. +} + +decoder { + plugin "hybrid_dsd" + enabled "no" +} + +decoder { + plugin "wildmidi" + enabled "no" +} + +audio_output { + type "pulse" + name "Pulse" + server "/tmp/pipewire-pulse-socket" +} diff --git a/roles/music/templates/mpd.service b/roles/music/templates/mpd.service new file mode 100644 index 0000000..fb9808d --- /dev/null +++ b/roles/music/templates/mpd.service @@ -0,0 +1,21 @@ +# {{ ansible_managed }} + +[Unit] +Description=Music Player Daemon +After=network.target + +[Service] +Type=simple +ExecStartPre=/bin/mkdir -p /run/mpd +ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd +ExecStartPre=/bin/touch /var/log/mpd.log +ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log +ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state +ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf +# MDP will fork itself to the user defined in its config +User=root +LimitMEMLOCK=infinity +LimitRTPRIO=99 + +[Install] +WantedBy=multi-user.target diff --git a/roles/music/templates/mpd_state b/roles/music/templates/mpd_state new file mode 100644 index 0000000..27b059b --- /dev/null +++ b/roles/music/templates/mpd_state @@ -0,0 +1,17 @@ +sw_volume: 20 +audio_device_state:1:Pulse +state: play +current: 0 +time: 0 +random: 0 +repeat: 0 +single: 0 +consume: 0 +crossfade: 0 +mixrampdb: 0.000000 +mixrampdelay: -1.000000 +playlist_begin +song_begin: http://ice4.somafm.com/groovesalad-256-mp3 +Name: SomaFM Groove Salad +song_end +playlist_end From 69278069729972162dd8a58a33a2f4dd3062ca53 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 23:45:03 +0200 Subject: [PATCH 31/56] music: Add the base audio server --- roles/music/defaults/main.yaml | 2 ++ roles/music/tasks/base.yaml | 42 +++++++++++++++++++++++++ roles/music/tasks/main.yaml | 5 +++ roles/music/templates/librespot.service | 3 +- roles/music/templates/mpd.conf | 2 +- 5 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 roles/music/tasks/base.yaml diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index 5db2f4c..40cc34e 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -2,4 +2,6 @@ music_audio_user: audio music_audio_group: audio music_librespot_user: librespot +music_pulse_server: /tmp/pipewire-pulse-socket + music_mqtt_mpd_volume: bitlair/music/space/volume diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml new file mode 100644 index 0000000..a17d7d3 --- /dev/null +++ b/roles/music/tasks/base.yaml @@ -0,0 +1,42 @@ +--- +- name: Install pipewire + apt: + name: + - pipewire + - pipewire-jack + - pipewire-pulse + - pulseaudio-utils + - pulsemixer + state: present + +- name: Add audio group + group: + name: audio + system: true + +- name: Set PULSE_SERVER env var for all shells + copy: + dest: /etc/profile.d/pulse-server.sh + content: |+ + # Ansible managed + export PULSE_SERVER={{ music_pulse_server }} + +- name: Create pipewire-pulse config dir + file: + path: /etc/pipewire/pipewire-pulse.conf.d/ + state: directory + +- name: Configure system socket + ansible.builtin.copy: + dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf + content: |+ + # Ansible managed + context.exec = [ + { path = "/bin/chgrp" args = "{{ music_audio_group }} {{ music_pulse_server }}" } + { path = "/bin/chmod" args = "g+rwx,o-rwx {{ music_pulse_server }}" } + ] + pulse.properties = { + server.address = [ + "unix:{{ music_pulse_server }}" + ] + } diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index 537746a..e8105ee 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -1,4 +1,9 @@ --- +- name: Import base + ansible.builtin.import_tasks: + file: base.yaml + tags: + - music_base - name: Import mpd ansible.builtin.import_tasks: diff --git a/roles/music/templates/librespot.service b/roles/music/templates/librespot.service index c6d8c4a..e90c3cb 100644 --- a/roles/music/templates/librespot.service +++ b/roles/music/templates/librespot.service @@ -9,8 +9,7 @@ Type=simple Restart=always RestartSec=2s ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend pulseaudio --volume-ctrl linear -Environment="PULSE_SERVER=/tmp/pipewire-pulse-socket" -Environment="XDG_RUNTIME_DIR=/run/user/0" +Environment="PULSE_SERVER={{ music_pulse_server }}" User={{ music_librespot_user }} [Install] diff --git a/roles/music/templates/mpd.conf b/roles/music/templates/mpd.conf index efa28f7..6906e54 100644 --- a/roles/music/templates/mpd.conf +++ b/roles/music/templates/mpd.conf @@ -36,5 +36,5 @@ decoder { audio_output { type "pulse" name "Pulse" - server "/tmp/pipewire-pulse-socket" + server "{{ music_pulse_server }}" } From 64ffeeb5128f02115871aab53603e65db4844646 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 23:52:52 +0200 Subject: [PATCH 32/56] music: Remove skipbutton service --- roles/music/tasks/mpd.yaml | 31 ------------------------ roles/music/templates/skipbutton.service | 17 ------------- 2 files changed, 48 deletions(-) delete mode 100644 roles/music/templates/skipbutton.service diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index 317df4e..ebf2406 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -51,34 +51,3 @@ state: started enabled: true daemon_reload: true - -- name: Install skipbutton depedencies - ansible.builtin.apt: - name: - - python3-mpd - - python3-serial - state: present - -- name: Clone skipbutton source - ansible.builtin.git: - repo: https://github.com/bitlair/skipbutton.git - version: master - dest: /opt/skipbutton - accept_hostkey: yes - notify: Restart skipbutton - -- name: Install skipbutton service - ansible.builtin.template: - src: skipbutton.service - dest: /etc/systemd/system/skipbutton.service - owner: root - group: root - mode: 0644 - notify: Restart skipbutton - -- name: Enable skipbutton - ansible.builtin.systemd: - name: skipbutton - state: started - enabled: true - daemon_reload: true diff --git a/roles/music/templates/skipbutton.service b/roles/music/templates/skipbutton.service deleted file mode 100644 index f2a5d6f..0000000 --- a/roles/music/templates/skipbutton.service +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=MPD Skipbutton -After=network.target -Requires=mpd.service - -[Service] -Type=simple -Restart=always -RestartSec=10s -ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0 -DynamicUser=true -Group=dialout - -[Install] -WantedBy=multi-user.target From 949cdbe7bcd623f5065f0774d06c13dd76732361 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 23:53:22 +0200 Subject: [PATCH 33/56] music: Install wireplumber --- roles/music/tasks/base.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml index a17d7d3..7961b70 100644 --- a/roles/music/tasks/base.yaml +++ b/roles/music/tasks/base.yaml @@ -7,6 +7,7 @@ - pipewire-pulse - pulseaudio-utils - pulsemixer + - wireplumber state: present - name: Add audio group From e9f31417b7903463fea97657fde725bcb7812639 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 14 May 2025 23:53:40 +0200 Subject: [PATCH 34/56] music: Fix mpd-volume-to-mqtt --- roles/music/templates/mpd-volume-to-mqtt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/music/templates/mpd-volume-to-mqtt.sh b/roles/music/templates/mpd-volume-to-mqtt.sh index ac3230b..5f89374 100644 --- a/roles/music/templates/mpd-volume-to-mqtt.sh +++ b/roles/music/templates/mpd-volume-to-mqtt.sh @@ -14,7 +14,7 @@ prev_volume=x if [ $event = "mixer" ]; then volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'` if [ "$prev_volume" != "$volume" ]; then - mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume" + mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume" fi prev_volume=$volume fi From 8e5b9f6b30955d536612de12b28700aa1ffadd24 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 16 May 2025 17:35:47 +0200 Subject: [PATCH 35/56] music/trollibox: Run as a distinct user --- roles/music/defaults/main.yaml | 1 + roles/music/handlers/main.yaml | 2 +- roles/music/tasks/trollibox.yaml | 30 ++++++++++++++++--------- roles/music/templates/trollibox.service | 3 +-- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index 40cc34e..d08ae0b 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,6 +1,7 @@ music_audio_user: audio music_audio_group: audio music_librespot_user: librespot +music_trollibox_user: trollibox music_pulse_server: /tmp/pipewire-pulse-socket diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 19193d6..d4465ab 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -8,7 +8,7 @@ state: restarted daemon_reload: true -- name: Restart trollibox +- name: restart trollibox ansible.builtin.systemd: name: trollibox state: restarted diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 0b20b4a..34b3df2 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,4 +1,10 @@ --- +- name: Create trollibox user + user: + name: "{{ music_trollibox_user }}" + system: true + home: /var/lib/trollibox + - name: Install Trollibox config ansible.builtin.template: src: trollibox.yaml @@ -6,27 +12,29 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Get latest Trollibox version from Github API - ansible.builtin.get_url: + uri: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" - dest: "/tmp/_ansible_trollibox_latest_release.json" + return_content: true + register: response + changed_when: false + check_mode: false + failed_when: "response is failed or 'json' not in response" -- name: Get download url - ansible.builtin.shell: - cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name - | contains("linux-amd64")) | .browser_download_url -r - register: "trollibox_download_url" +- name: Format trollibox latest version + set_fact: + trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}" - name: Download Trollibox ansible.builtin.unarchive: - src: "{{ trollibox_download_url.stdout }}" + src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz" remote_src: yes dest: /usr/local/bin include: [ trollibox ] mode: "0755" - notify: Restart trollibox + notify: restart trollibox - name: Install service file ansible.builtin.template: @@ -35,7 +43,7 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Enable Trollibox ansible.builtin.systemd: diff --git a/roles/music/templates/trollibox.service b/roles/music/templates/trollibox.service index ddddd2f..66d581d 100644 --- a/roles/music/templates/trollibox.service +++ b/roles/music/templates/trollibox.service @@ -10,8 +10,7 @@ Type=simple Restart=always RestartSec=2s ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml -User={{ music_audio_user }} -Group={{ music_audio_user }} +User={{ music_trollibox_user }} [Install] WantedBy=multi-user.target From 82739c1ff071fb6a16df972024c70c082cb52224 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 16 May 2025 17:40:51 +0200 Subject: [PATCH 36/56] music: Remove go --- bitlair.yaml | 1 - music.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/bitlair.yaml b/bitlair.yaml index 950d555..f4ece91 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -47,7 +47,6 @@ - hosts: music roles: - { role: "acme", tags: ["acme"] } - - { role: "go", tags: ["go"] } - { role: "music", tags: ["music"] } - hosts: pad diff --git a/music.yaml b/music.yaml index 015c769..cc04425 100644 --- a/music.yaml +++ b/music.yaml @@ -5,6 +5,5 @@ - { role: "common", tags: [ "common" ] } - { role: "acme", tags: [ "acme" ] } - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - - { role: "go", tags: [ "go" ] } - { role: "nginx", tags: [ "nginx" ] } - { role: "music", tags: [ "music" ] } From b85f87820175721d41161f61348e55cbfdb69fb8 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 18 May 2025 19:39:07 +0200 Subject: [PATCH 37/56] music: Add bitvis --- group_vars/music.yaml | 3 ++ roles/music/defaults/main.yaml | 2 + roles/music/handlers/main.yaml | 12 ++++++ roles/music/tasks/base.yaml | 13 ++++++ roles/music/tasks/bitvis.yaml | 50 ++++++++++++++++++++++++ roles/music/tasks/main.yaml | 12 ++++++ roles/music/templates/bitvis-tee.service | 15 +++++++ roles/music/templates/bitvis-tee.sh | 10 +++++ roles/music/templates/bitvis.service | 16 ++++++++ 9 files changed, 133 insertions(+) create mode 100644 roles/music/tasks/bitvis.yaml create mode 100644 roles/music/templates/bitvis-tee.service create mode 100644 roles/music/templates/bitvis-tee.sh create mode 100644 roles/music/templates/bitvis.service diff --git a/group_vars/music.yaml b/group_vars/music.yaml index 457597a..123da07 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -19,3 +19,6 @@ nginx_sites: music_domain: music.bitlair.nl acme_san_domains: - [ music.bitlair.nl ] + +music_bitpanel_host: bitpanel.bitlair.nl +music_bitpanel_port: 1337 diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index d08ae0b..91ebc45 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,5 +1,7 @@ music_audio_user: audio +music_audio_user_id: 998 music_audio_group: audio +music_bitvis_user: bitvis music_librespot_user: librespot music_trollibox_user: trollibox diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index d4465ab..ad03474 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -2,6 +2,18 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml +- name: restart bitvis + ansible.builtin.systemd: + name: bitvis + state: restarted + daemon_reload: true + +- name: restart bitvis-tee + ansible.builtin.systemd: + name: bitvis-tee + state: restarted + daemon_reload: true + - name: restart mpd ansible.builtin.systemd: name: mpd diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml index 7961b70..a10cfca 100644 --- a/roles/music/tasks/base.yaml +++ b/roles/music/tasks/base.yaml @@ -15,6 +15,19 @@ name: audio system: true +- name: Add {{ music_audio_user }} user + user: + name: "{{ music_audio_user }}" + uid: "{{ music_audio_user_id }}" + system: true + groups: + - audio + +- name: Enable linger for {{ music_audio_user }} + copy: + dest: "/var/lib/systemd/linger/{{ music_audio_user }}" + content: "" + - name: Set PULSE_SERVER env var for all shells copy: dest: /etc/profile.d/pulse-server.sh diff --git a/roles/music/tasks/bitvis.yaml b/roles/music/tasks/bitvis.yaml new file mode 100644 index 0000000..e88363a --- /dev/null +++ b/roles/music/tasks/bitvis.yaml @@ -0,0 +1,50 @@ +--- +- name: Install bitvis dependencies + apt: + name: + - bitvis + - bitvis-http + +- name: Create bitvis user + user: + name: "{{ music_bitvis_user }}" + system: true + home: /var/lib/bitvis + groups: + - "{{ music_audio_group }}" + +- name: Install bitvis-tee + ansible.builtin.template: + src: bitvis-tee.sh + dest: /opt/bitvis-tee.sh + owner: root + group: root + mode: 0755 + notify: restart {{ item }} + with_items: + - bitvis + - bitvis-tee + +- name: Install service file + ansible.builtin.template: + src: "{{ item }}.service" + dest: /etc/systemd/system/{{ item }}.service + owner: root + group: root + mode: 0644 + notify: restart {{ item }} + with_items: + - bitvis + - bitvis-tee + +- name: Enable service + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: true + daemon_reload: true + with_items: + - bitvis + - bitvis-tee + +- meta: flush_handlers diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index e8105ee..ced3697 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -11,6 +11,18 @@ tags: - music_mpd +- name: Bitvis + ansible.builtin.import_tasks: + file: bitvis.yaml + tags: + - music_bitvis + +- name: Import airplay + ansible.builtin.import_tasks: + file: airplay.yaml + tags: + - music_airplay + - name: Import trollibox ansible.builtin.import_tasks: file: trollibox.yaml diff --git a/roles/music/templates/bitvis-tee.service b/roles/music/templates/bitvis-tee.service new file mode 100644 index 0000000..6516b58 --- /dev/null +++ b/roles/music/templates/bitvis-tee.service @@ -0,0 +1,15 @@ +[Unit] +Description=Multiplexer for bitvis +Before=bitvis.service +After=bitvis-http.service +Requires=bitvis-http.service +PropagatesStopTo=bitvis.service +StopPropagatedFrom=bitvis.service + +[Service] +Type=forking +ExecStart=/usr/bin/screen -dmS bitvis-tee /opt/bitvis-tee.sh +User={{ music_bitvis_user }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/music/templates/bitvis-tee.sh b/roles/music/templates/bitvis-tee.sh new file mode 100644 index 0000000..275dc25 --- /dev/null +++ b/roles/music/templates/bitvis-tee.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# {{ ansible_managed }} + +loop=`mktemp --suffix -bitvis` +mkfifo -f "$loop" +trap "rm -f $loop" EXIT TERM + +cat "$loop" | while true; do nc -4 -w 2 localhost 1338; done & +nc -klp 1337 | tee "$loop" | while true; do nc -w 2 {{ music_bitpanel_host }} {{ music_bitpanel_port }}; done diff --git a/roles/music/templates/bitvis.service b/roles/music/templates/bitvis.service new file mode 100644 index 0000000..a4cc1dd --- /dev/null +++ b/roles/music/templates/bitvis.service @@ -0,0 +1,16 @@ +[Unit] +Description=Audio visualizer for the bitpanel +After=network.target + +[Service] +Type=simple +Restart=always +RestartSec=10s +ExecStart=/usr/bin/pw-jack bitvis -a localhost -p 1337 -m localhost -o 6600 +ExecStartPost=/usr/bin/sleep 4 +ExecStartPost=/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis:input +User={{ music_audio_user }} +Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" + +[Install] +WantedBy=multi-user.target From aa32225eea946c70853b892b04f69956f2678636 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 21 May 2025 19:50:08 +0200 Subject: [PATCH 38/56] music/bitvis: Add a gain filter --- roles/music/tasks/bitvis.yaml | 9 +++++ roles/music/templates/bitvis.service | 5 ++- roles/music/templates/pw-bitvis-mixer.conf | 38 ++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 roles/music/templates/pw-bitvis-mixer.conf diff --git a/roles/music/tasks/bitvis.yaml b/roles/music/tasks/bitvis.yaml index e88363a..c4165e4 100644 --- a/roles/music/tasks/bitvis.yaml +++ b/roles/music/tasks/bitvis.yaml @@ -47,4 +47,13 @@ - bitvis - bitvis-tee +- name: Install bitvis gain filter + ansible.builtin.template: + src: pw-bitvis-mixer.conf + dest: /etc/pipewire/filter-chain.conf.d/bitvis-mixer.conf + owner: root + group: root + mode: 0644 + notify: restart bitvis + - meta: flush_handlers diff --git a/roles/music/templates/bitvis.service b/roles/music/templates/bitvis.service index a4cc1dd..6d5efd8 100644 --- a/roles/music/templates/bitvis.service +++ b/roles/music/templates/bitvis.service @@ -8,7 +8,10 @@ Restart=always RestartSec=10s ExecStart=/usr/bin/pw-jack bitvis -a localhost -p 1337 -m localhost -o 6600 ExecStartPost=/usr/bin/sleep 4 -ExecStartPost=/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis:input +ExecStartPost=-/usr/bin/pw-link bitvis-mixer:output_FL bitvis:input +ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FL bitvis-mixer:playback_FL +ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis-mixer:playback_FR + User={{ music_audio_user }} Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" diff --git a/roles/music/templates/pw-bitvis-mixer.conf b/roles/music/templates/pw-bitvis-mixer.conf new file mode 100644 index 0000000..f1dca3a --- /dev/null +++ b/roles/music/templates/pw-bitvis-mixer.conf @@ -0,0 +1,38 @@ +# {{ ansible_managed }} + +context.modules = [ + { + name = libpipewire-module-filter-chain + args = { + node.description = "bitvis-mixer" + media.name = "bitvis-mixer" + filter.graph = { + nodes = [ + { + name = mix + type = builtin + label = mixer + control = { + "Gain 1" = 10 + "Gain 2" = 10 + } + } + ] + inputs = [ "mix:In 1" "mix:In 2" ] + outputs = [ "mix:Out" ] + } + capture.props = { + node.name = "mix_input.bitvis" + audio.position = [ FL FR ] + media.class = "Audio/Sink" + } + playback.props = { + node.name = "mix_output.bitvis" + audio.position = [ FL ] + stream.dont-remix = true + node.passive = true + node.autoconnect = false + } + } + } +] From 681f25382acaa6c07a0674064680c9b35942b461 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 21 May 2025 20:31:26 +0200 Subject: [PATCH 39/56] music: Add systemd --user operations --- roles/music/handlers/main.yaml | 20 ++++++++++++++++++++ roles/music/tasks/base.yaml | 12 ++++++++++++ roles/music/tasks/bitvis.yaml | 14 +++++++++++++- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index ad03474..28b6f59 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -2,6 +2,26 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml +- name: restart pipewire + become: true + become_user: "{{ music_audio_user }}" + become_method: machinectl + ansible.builtin.systemd: + name: pipewire + state: restarted + daemon_reload: true + scope: user + +- name: restart filter-chain + become: true + become_user: "{{ music_audio_user }}" + become_method: machinectl + ansible.builtin.systemd: + name: filter-chain + state: restarted + daemon_reload: true + scope: user + - name: restart bitvis ansible.builtin.systemd: name: bitvis diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml index a10cfca..bd51428 100644 --- a/roles/music/tasks/base.yaml +++ b/roles/music/tasks/base.yaml @@ -2,6 +2,7 @@ - name: Install pipewire apt: name: + - systemd-container - pipewire - pipewire-jack - pipewire-pulse @@ -28,6 +29,16 @@ dest: "/var/lib/systemd/linger/{{ music_audio_user }}" content: "" +- name: Enable pipewire + become: true + become_user: "{{ music_audio_user }}" + become_method: machinectl + ansible.builtin.systemd: + name: pipewire + state: started + enabled: true + scope: user + - name: Set PULSE_SERVER env var for all shells copy: dest: /etc/profile.d/pulse-server.sh @@ -54,3 +65,4 @@ "unix:{{ music_pulse_server }}" ] } + notify: restart pipewire diff --git a/roles/music/tasks/bitvis.yaml b/roles/music/tasks/bitvis.yaml index c4165e4..a0a4ee4 100644 --- a/roles/music/tasks/bitvis.yaml +++ b/roles/music/tasks/bitvis.yaml @@ -54,6 +54,18 @@ owner: root group: root mode: 0644 - notify: restart bitvis + notify: + - restart filter-chain + - restart bitvis + +- name: Enable filter-chain + become: true + become_user: "{{ music_audio_user }}" + become_method: machinectl + ansible.builtin.systemd: + name: filter-chain + state: started + enabled: true + scope: user - meta: flush_handlers From 2b21833551b773e29ffe4a066a3c3f2d4784bce0 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 21 May 2025 20:31:49 +0200 Subject: [PATCH 40/56] music: Update access --- group_vars/music.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/group_vars/music.yaml b/group_vars/music.yaml index 123da07..85f4ce8 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -6,7 +6,6 @@ nft: false root_access: - ak - bob - - eightdot - foobar - polyfloyd From 6eb35523c755a7b24926a541be69207396c102f7 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 21 May 2025 20:49:24 +0200 Subject: [PATCH 41/56] music: Remove bobdsp --- snippets/music-nginx.j2 | 5 ----- 1 file changed, 5 deletions(-) diff --git a/snippets/music-nginx.j2 b/snippets/music-nginx.j2 index d179b23..8ef1c12 100644 --- a/snippets/music-nginx.j2 +++ b/snippets/music-nginx.j2 @@ -32,11 +32,6 @@ location ~ ^/trollibox/(.+/listen)$ { proxy_read_timeout 7d; } -location /bobdsp/ { - proxy_pass http://[::1]:8081/; - include proxy_params; -} - location /vis/ { allow all; proxy_pass http://[::1]:13378/; From c56ead77b4889441c99a72347c5b71a24eb5dc3c Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 25 May 2025 13:37:19 +0200 Subject: [PATCH 42/56] mqtt: Bridge all Bambu printers --- roles/mqtt/defaults/main.yaml | 1 - roles/mqtt/tasks/main.yaml | 6 ++++-- roles/mqtt/templates/bambulab.conf | 13 +++++++------ 3 files changed, 11 insertions(+), 9 deletions(-) delete mode 100644 roles/mqtt/defaults/main.yaml diff --git a/roles/mqtt/defaults/main.yaml b/roles/mqtt/defaults/main.yaml deleted file mode 100644 index 8cf4403..0000000 --- a/roles/mqtt/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -mqtt_bambulab_cafile: /etc/mosquitto/ca_certificates/bambulab.pem diff --git a/roles/mqtt/tasks/main.yaml b/roles/mqtt/tasks/main.yaml index 498f49c..c2e46ab 100644 --- a/roles/mqtt/tasks/main.yaml +++ b/roles/mqtt/tasks/main.yaml @@ -9,8 +9,10 @@ - name: Install bambulab cafile # openssl s_client -showcerts -connect :8883 Date: Sun, 25 May 2025 20:13:31 +0200 Subject: [PATCH 43/56] services/ircbot: Update git url --- roles/services/tasks/ircbot.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index e635302..1889103 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -1,8 +1,8 @@ --- - name: Clone source ansible.builtin.git: - repo: https://github.com/bitlair/irc-bot.git - version: master + repo: https://git.bitlair.nl/bitlair/irc-bot.git + version: main dest: /var/lib/irc-bot accept_hostkey: yes ignore_errors: true From 2698e8a613c766156d0755c68a5344457c07ef44 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 14:23:00 +0200 Subject: [PATCH 44/56] services/siahsd: Add alarm-handlers --- roles/services/tasks/siahsd.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index fc7fef5..f887b71 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -1,9 +1,18 @@ --- - name: Install siahsd apt: - name: siahsd + name: + - debianutils + - siahsd -- name: Create directories +- name: Clone alarm-handlers + ansible.builtin.git: + repo: https://git.bitlair.nl/bitlair/alarm-handlers.git + version: main + dest: /opt/alarm + accept_hostkey: yes + +- name: Create log directory ansible.builtin.file: path: /var/log/siahsd state: directory From 0d2fc3ebb5cdad27a5bd50453663db592ae2a9b9 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 18:21:40 +0200 Subject: [PATCH 45/56] services/discord_bot: Update deployment --- roles/services/handlers/main.yaml | 2 +- roles/services/tasks/discord_bot.yaml | 10 +++++----- roles/services/templates/discord-bot.service | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index ed04c9f..47e319a 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -20,7 +20,7 @@ state: restarted daemon_reload: true -- name: Restart discord-bot +- name: restart discord-bot ansible.builtin.systemd: name: discord-bot state: restarted diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 3ce4308..6e5c400 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -18,7 +18,6 @@ version: main dest: /var/lib/bottle-clip accept_hostkey: yes - notify: Restart discord-bot - name: Clone discord-bot source ansible.builtin.git: @@ -26,22 +25,23 @@ version: main dest: /var/lib/discord-bot accept_hostkey: yes - notify: Restart discord-bot + notify: restart discord-bot - name: Install Python dependencies ansible.builtin.shell: - cmd: . .venv/bin/activate && pip install -r requirements.txt + cmd: . .venv/bin/activate && pip install -e . args: chdir: /var/lib/discord-bot + notify: restart discord-bot -- name: Install service file +- name: Install discord-bot service file ansible.builtin.template: src: discord-bot.service dest: /etc/systemd/system/discord-bot.service owner: root group: root mode: "0644" - notify: Restart discord-bot + notify: restart discord-bot - name: Start discord-bot ansible.builtin.systemd: diff --git a/roles/services/templates/discord-bot.service b/roles/services/templates/discord-bot.service index 7522fd9..5358bd5 100644 --- a/roles/services/templates/discord-bot.service +++ b/roles/services/templates/discord-bot.service @@ -1,19 +1,19 @@ # {{ ansible_managed }} [Unit] -Description=HobbyBot +Description=Bitlair Discord Bot After=network.target [Service] Type=simple -Restart=on-failure +Restart=always RestartSec=10s -ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/main.py +ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/discordbot.py DynamicUser=true Environment="MQTT_HOST={{ mqtt_internal_host }}" +Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}" Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}" -Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" [Install] WantedBy=multi-user.target From 3d6d71e0686f3506d98a6bb9d4d960e9b53f07df Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 18:22:56 +0200 Subject: [PATCH 46/56] services/ircbot: Rename service to ircbot --- roles/services/handlers/main.yaml | 4 ++-- roles/services/tasks/ircbot.yaml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index 47e319a..c718c88 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -2,9 +2,9 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: Restart irc-bot +- name: Restart ircbot ansible.builtin.systemd: - name: irc-bot + name: ircbot state: restarted daemon_reload: true diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index 1889103..19a5c60 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -6,7 +6,7 @@ dest: /var/lib/irc-bot accept_hostkey: yes ignore_errors: true - notify: Restart irc-bot + notify: Restart ircbot - name: Link irc-say ansible.builtin.file: @@ -17,18 +17,18 @@ - name: Install service file ansible.builtin.template: src: generic.service - dest: /etc/systemd/system/irc-bot.service + dest: /etc/systemd/system/ircbot.service owner: root group: root mode: 0644 vars: description: Bitlair IRC bot exec: /bin/bash /var/lib/irc-bot/irc-bot - notify: Restart irc-bot + notify: Restart ircbot -- name: Start irc-bot +- name: Start ircbot ansible.builtin.systemd: - name: irc-bot + name: ircbot state: started enabled: true daemon_reload: true @@ -56,7 +56,7 @@ mode: 0644 vars: description: Bitlair IRC photos notification - requires: irc-bot.service + requires: ircbot.service exec: /bin/bash /var/lib/irc-helpers/photos.sh notify: Restart irc-photos @@ -85,7 +85,7 @@ mode: 0644 vars: description: Bitlair IRC doorduino notification - requires: irc-bot.service + requires: ircbot.service exec: /bin/bash /var/lib/irc-helpers/doorduino.sh notify: Restart irc-doorduino From 7529832deaf4655d14752834e51a5bf66f80ff57 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 18:47:48 +0200 Subject: [PATCH 47/56] services: Add new IRC bot in #bitlair-bot-test --- roles/services/handlers/main.yaml | 6 ++++++ roles/services/tasks/discord_bot.yaml | 24 ++++++++++++++++++++++-- roles/services/templates/irc-bot.service | 20 ++++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 roles/services/templates/irc-bot.service diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index c718c88..61e0d31 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -26,6 +26,12 @@ state: restarted daemon_reload: true +- name: restart irc-bot + ansible.builtin.systemd: + name: irc-bot + state: restarted + daemon_reload: true + - name: Restart siahsd ansible.builtin.systemd: name: siahsd diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 6e5c400..a0f394b 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -25,14 +25,18 @@ version: main dest: /var/lib/discord-bot accept_hostkey: yes - notify: restart discord-bot + notify: + - restart discord-bot + - restart irc-bot - name: Install Python dependencies ansible.builtin.shell: cmd: . .venv/bin/activate && pip install -e . args: chdir: /var/lib/discord-bot - notify: restart discord-bot + notify: + - restart discord-bot + - restart irc-bot - name: Install discord-bot service file ansible.builtin.template: @@ -43,9 +47,25 @@ mode: "0644" notify: restart discord-bot +- name: Install irc-bot service file + ansible.builtin.template: + src: irc-bot.service + dest: /etc/systemd/system/irc-bot.service + owner: root + group: root + mode: "0644" + notify: restart irc-bot + - name: Start discord-bot ansible.builtin.systemd: name: discord-bot state: started enabled: true daemon_reload: true + +- name: Start irc-bot + ansible.builtin.systemd: + name: irc-bot + state: started + enabled: true + daemon_reload: true diff --git a/roles/services/templates/irc-bot.service b/roles/services/templates/irc-bot.service new file mode 100644 index 0000000..ce3018b --- /dev/null +++ b/roles/services/templates/irc-bot.service @@ -0,0 +1,20 @@ +# {{ ansible_managed }} + +[Unit] +Description=Bitlair IRC Bot +After=network.target + +[Service] +Type=simple +Restart=always +RestartSec=10s +ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/ircbot.py +DynamicUser=true +Environment="MQTT_HOST={{ mqtt_internal_host }}" +Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" +Environment="IRC_SERVER=irc.smurfnet.ch" +Environment="IRC_CHANNEL=#bitlair-bot-test" +Environment="IRC_NICK=Bitlair" + +[Install] +WantedBy=multi-user.target From 0f1740005af89d0ed67b441ef86f93ee468034af Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 19:49:38 +0200 Subject: [PATCH 48/56] services: Switch new IRC bot to #bitlair --- roles/services/handlers/main.yaml | 12 ----- roles/services/tasks/ircbot.yaml | 63 ----------------------- roles/services/templates/irc-bot.service | 4 +- roles/services/templates/irc-doorduino.sh | 24 --------- roles/services/templates/irc-photos.sh | 13 ----- 5 files changed, 2 insertions(+), 114 deletions(-) delete mode 100644 roles/services/templates/irc-doorduino.sh delete mode 100644 roles/services/templates/irc-photos.sh diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index 61e0d31..d8675bf 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -8,18 +8,6 @@ state: restarted daemon_reload: true -- name: Restart irc-photos - ansible.builtin.systemd: - name: irc-photos - state: restarted - daemon_reload: true - -- name: Restart irc-doorduino - ansible.builtin.systemd: - name: irc-doorduino - state: restarted - daemon_reload: true - - name: restart discord-bot ansible.builtin.systemd: name: discord-bot diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index 19a5c60..9be8246 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -32,66 +32,3 @@ state: started enabled: true daemon_reload: true - -- name: Create helpers dir - ansible.builtin.file: - path: /var/lib/irc-helpers - state: directory - -- name: Install photos notification - ansible.builtin.template: - src: irc-photos.sh - dest: /var/lib/irc-helpers/photos.sh - owner: root - group: root - mode: 0755 - notify: Restart irc-photos - -- name: Install photos notification service - ansible.builtin.template: - src: generic.service - dest: /etc/systemd/system/irc-photos.service - owner: root - group: root - mode: 0644 - vars: - description: Bitlair IRC photos notification - requires: ircbot.service - exec: /bin/bash /var/lib/irc-helpers/photos.sh - notify: Restart irc-photos - -- name: Start irc-photos - ansible.builtin.systemd: - name: irc-photos - state: started - enabled: true - daemon_reload: true - -- name: Install doorduino notification - ansible.builtin.template: - src: irc-doorduino.sh - dest: /var/lib/irc-helpers/doorduino.sh - owner: root - group: root - mode: 0755 - notify: Restart irc-doorduino - -- name: Install doorduino notification service - ansible.builtin.template: - src: generic.service - dest: /etc/systemd/system/irc-doorduino.service - owner: root - group: root - mode: 0644 - vars: - description: Bitlair IRC doorduino notification - requires: ircbot.service - exec: /bin/bash /var/lib/irc-helpers/doorduino.sh - notify: Restart irc-doorduino - -- name: Start irc-doorduino - ansible.builtin.systemd: - name: irc-doorduino - state: started - enabled: true - daemon_reload: true diff --git a/roles/services/templates/irc-bot.service b/roles/services/templates/irc-bot.service index ce3018b..1ea843b 100644 --- a/roles/services/templates/irc-bot.service +++ b/roles/services/templates/irc-bot.service @@ -13,8 +13,8 @@ DynamicUser=true Environment="MQTT_HOST={{ mqtt_internal_host }}" Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" Environment="IRC_SERVER=irc.smurfnet.ch" -Environment="IRC_CHANNEL=#bitlair-bot-test" -Environment="IRC_NICK=Bitlair" +Environment="IRC_CHANNEL=#bitlair" +Environment="IRC_NICK=bitlair" [Install] WantedBy=multi-user.target diff --git a/roles/services/templates/irc-doorduino.sh b/roles/services/templates/irc-doorduino.sh deleted file mode 100644 index 29e0eea..0000000 --- a/roles/services/templates/irc-doorduino.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Managed by Ansible - -set -eu -set -o pipefail - -initial=1 - -mqtt-simple -h {{ mqtt_internal_host }} -t "bitlair/doorduino/+" | - while read line; do - topic=$(echo "$line" | cut -d' ' -f1 | sed "s/bitlair\/doorduino\///") - value=$(echo "$line" | cut -s -d' ' -f2-) - - if [ $initial == 0 ] && [ $value != 0 ]; then - if [ $topic == "doorbell" ]; then - irc-say "DEURBEL! Open de deur beneden!" - elif [ $topic != "dooropen" ]; then - irc-say "Doorduino: $topic $value" - fi - fi - initial=0 - done - diff --git a/roles/services/templates/irc-photos.sh b/roles/services/templates/irc-photos.sh deleted file mode 100644 index acd505c..0000000 --- a/roles/services/templates/irc-photos.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Managed by Ansible - -set -eu -set -o pipefail - -mqtt-simple -h {{ mqtt_internal_host }} -s "bitlair/photos" | - while read event; do - path=$(echo $event | cut -d ' ' -f 2) - url="https://bitlair.nl/fotos/view/$path" - irc-say "WIP: $url" - done From 5254769a9cd72338a7b2c530545bcb9073ca0068 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 20:57:07 +0200 Subject: [PATCH 49/56] music/bitvis: Use fastLookaheadLimiter --- roles/music/tasks/bitvis.yaml | 1 + roles/music/templates/pw-bitvis-mixer.conf | 25 ++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/roles/music/tasks/bitvis.yaml b/roles/music/tasks/bitvis.yaml index a0a4ee4..81688b4 100644 --- a/roles/music/tasks/bitvis.yaml +++ b/roles/music/tasks/bitvis.yaml @@ -4,6 +4,7 @@ name: - bitvis - bitvis-http + - swh-plugins - name: Create bitvis user user: diff --git a/roles/music/templates/pw-bitvis-mixer.conf b/roles/music/templates/pw-bitvis-mixer.conf index f1dca3a..c2a98b1 100644 --- a/roles/music/templates/pw-bitvis-mixer.conf +++ b/roles/music/templates/pw-bitvis-mixer.conf @@ -9,17 +9,28 @@ context.modules = [ filter.graph = { nodes = [ { - name = mix - type = builtin - label = mixer + name = normalize + type = ladspa + plugin = fast_lookahead_limiter_1913 + label = fastLookaheadLimiter control = { - "Gain 1" = 10 - "Gain 2" = 10 + "Input gain (dB)" = 40 + "Limit (dB)" = 0 + "Release time (s)" = 1 } } + { + name = mono + type = builtin + label = mixer + } ] - inputs = [ "mix:In 1" "mix:In 2" ] - outputs = [ "mix:Out" ] + links = [ + { output = "normalize:Output 1", input = "mono:In 1" } + { output = "normalize:Output 2", input = "mono:In 2" } + ] + inputs = [ "normalize:Input 1" "normalize:Input 2" ] + outputs = [ "mono:Out" ] } capture.props = { node.name = "mix_input.bitvis" From 32b75696c24baa94eb4d5b1360da251472e8b8f1 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 21:37:30 +0200 Subject: [PATCH 50/56] music/librespot: Use jackaudio backend --- roles/music/handlers/main.yaml | 2 +- roles/music/tasks/librespot.yaml | 7 +++++++ roles/music/templates/librespot.service | 12 ++++++++---- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 28b6f59..71351d1 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -48,7 +48,7 @@ - name: rebuild librespot ansible.builtin.command: - cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend + cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend,jackaudio-backend args: chdir: /opt/librespot diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 9d062ce..0857eaa 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -1,4 +1,11 @@ --- +- name: Install apt dependencies + apt: + name: + - libasound2-dev + - libjack-dev + - pkg-config + - name: Create librespot user user: name: "{{ music_librespot_user }}" diff --git a/roles/music/templates/librespot.service b/roles/music/templates/librespot.service index e90c3cb..419d52b 100644 --- a/roles/music/templates/librespot.service +++ b/roles/music/templates/librespot.service @@ -7,10 +7,14 @@ After=network.target [Service] Type=simple Restart=always -RestartSec=2s -ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend pulseaudio --volume-ctrl linear -Environment="PULSE_SERVER={{ music_pulse_server }}" -User={{ music_librespot_user }} +RestartSec=10s +ExecStart=/usr/bin/pw-jack -s 44100 /opt/librespot/target/release/librespot --name Trollibox --backend jackaudio +ExecStartPost=/usr/bin/sleep 4 +ExecStartPost=-/usr/bin/pw-link librespot:out_0 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FL +ExecStartPost=-/usr/bin/pw-link librespot:out_1 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FR +# User={{ music_librespot_user }} +User=root +Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" [Install] WantedBy=multi-user.target From c784d4d21735bfb86f7055804d338b2ec124262a Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sun, 1 Jun 2025 22:43:04 +0200 Subject: [PATCH 51/56] music: Set up ampswitch for MPD and Librespot --- roles/music/handlers/main.yaml | 9 +++++++ roles/music/tasks/ampswitch.yaml | 34 +++++++++++++++++++++++++ roles/music/tasks/main.yaml | 6 +++++ roles/music/templates/ampswitch.service | 20 +++++++++++++++ 4 files changed, 69 insertions(+) create mode 100644 roles/music/tasks/ampswitch.yaml create mode 100644 roles/music/templates/ampswitch.service diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 71351d1..18e7f74 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -75,3 +75,12 @@ name: skipbutton state: restarted daemon_reload: true + +- name: restart ampswitch + ansible.builtin.systemd: + name: "ampswitch-{{ item }}" + state: restarted + daemon_reload: true + with_items: + - librespot + - mpd diff --git a/roles/music/tasks/ampswitch.yaml b/roles/music/tasks/ampswitch.yaml new file mode 100644 index 0000000..b145b63 --- /dev/null +++ b/roles/music/tasks/ampswitch.yaml @@ -0,0 +1,34 @@ +--- +- name: Install ampswitch depencies + apt: + name: + - libboost-dev + - libboost-dev + - nlohmann-json3-dev + +- name: Install ampswitch service file + template: + src: ampswitch.service + dest: /etc/systemd/system/ampswitch-{{ item.instance }}.service + owner: root + group: root + mode: 0755 + with_items: + - instance: mpd + pw_inputs: + - "Music Player Daemon:output_FL" + - "Music Player Daemon:output_FR" + - instance: librespot + pw_inputs: + - "librespot:out_0" + - "librespot:out_1" + notify: restart ampswitch + +- name: Enable ampswitch + ansible.builtin.systemd: + name: "ampswitch-{{ item }}" + state: started + enabled: true + with_items: + - librespot + - mpd diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index ced3697..c9a2c9f 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -40,3 +40,9 @@ file: soundboard.yaml tags: - music_soundboard + +- name: Ampswitch + ansible.builtin.import_tasks: + file: ampswitch.yaml + tags: + - music_ampswitch diff --git a/roles/music/templates/ampswitch.service b/roles/music/templates/ampswitch.service new file mode 100644 index 0000000..c374ca1 --- /dev/null +++ b/roles/music/templates/ampswitch.service @@ -0,0 +1,20 @@ +[Unit] +Description=Script hook for {{ item }} playback +After=network.target {{ item.instance }}.service +Requires={{ item.instance }}.service +StopPropagatedFrom={{ item.instance }}.service + +[Service] +Type=simple +Restart=always +RestartSec=10s +ExecStart=/usr/bin/pw-jack ampswitch --jack-name ampswitch-{{ item.instance }} --on-command /opt/on-{{ item.instance }}-start.sh --switch-time 10 --trigger-level 0.001 +ExecStartPost=/usr/bin/sleep 4 +{% for pw_input in item.pw_inputs %} +ExecStartPost=-/usr/bin/pw-link "{{ pw_input }}" ampswitch-{{ item.instance }}:Input +{% endfor %} +User=root +Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" + +[Install] +WantedBy=multi-user.target From c80a489ec10cb593b0f4a665fe43e871f0581a34 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 4 Jun 2025 17:18:31 +0200 Subject: [PATCH 52/56] Remove matrix-homeserver stuff --- roles/www/templates/matrix-delegation.json | 3 --- roles/www/templates/nginx-site.conf | 7 ------- snippets/www-nginx.j2 | 7 ------- 3 files changed, 17 deletions(-) delete mode 100644 roles/www/templates/matrix-delegation.json diff --git a/roles/www/templates/matrix-delegation.json b/roles/www/templates/matrix-delegation.json deleted file mode 100644 index 9a49cc7..0000000 --- a/roles/www/templates/matrix-delegation.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "m.server": "matrix.bitlair.nl" -} diff --git a/roles/www/templates/nginx-site.conf b/roles/www/templates/nginx-site.conf index f34edee..8a5255a 100644 --- a/roles/www/templates/nginx-site.conf +++ b/roles/www/templates/nginx-site.conf @@ -119,13 +119,6 @@ server { rewrite ^/Pages/(.*) https://$server_name/$1$args redirect; } - # Matrix realm delegation - location = /.well-known/matrix/server { - add_header "Content-Type" "application/json"; - add_header "Access-Control-Allow-Origin" "*"; - alias /opt/matrix-delegation.json; - } - location = /.well-known/security.txt { alias /opt/security.txt; } diff --git a/snippets/www-nginx.j2 b/snippets/www-nginx.j2 index a831121..07ac856 100644 --- a/snippets/www-nginx.j2 +++ b/snippets/www-nginx.j2 @@ -78,13 +78,6 @@ location /Pages/ { rewrite ^/Pages/(.*) https://$server_name/$1$args redirect; } -# Matrix realm delegation -location = /.well-known/matrix/server { - add_header "Content-Type" "application/json"; - add_header "Access-Control-Allow-Origin" "*"; - alias /opt/matrix-delegation.json; -} - location = /.well-known/security.txt { alias /opt/security.txt; } From d7dd9b73bde82138be295c1707643e2cc13c9bd7 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Wed, 4 Jun 2025 18:35:41 +0200 Subject: [PATCH 53/56] wiki: Update MediaWiki --- snippets/www-nginx.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snippets/www-nginx.j2 b/snippets/www-nginx.j2 index 07ac856..1dd1a88 100644 --- a/snippets/www-nginx.j2 +++ b/snippets/www-nginx.j2 @@ -1,4 +1,4 @@ -root /opt/mediawiki-1.41.1/; +root /opt/mediawiki-1.43.0/; index index.php index.html index.htm; # Photo gallery From 5ada26be1362d2cce71f88aa9eba42bd7d037064 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Thu, 5 Jun 2025 16:32:26 +0200 Subject: [PATCH 54/56] music/ampswitch: Install from apt --- roles/music/tasks/ampswitch.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/music/tasks/ampswitch.yaml b/roles/music/tasks/ampswitch.yaml index b145b63..5ee9649 100644 --- a/roles/music/tasks/ampswitch.yaml +++ b/roles/music/tasks/ampswitch.yaml @@ -1,10 +1,7 @@ --- -- name: Install ampswitch depencies +- name: Install ampswitch apt: - name: - - libboost-dev - - libboost-dev - - nlohmann-json3-dev + name: ampswitch - name: Install ampswitch service file template: From d0ecc5f105b822895a26fb96a0e3e50a08aa9658 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 6 Jun 2025 22:11:38 +0200 Subject: [PATCH 55/56] bank/revbank: Update to 10.5.1 --- roles/bank/defaults/main.yaml | 2 +- roles/bank/templates/git.cron | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/bank/defaults/main.yaml b/roles/bank/defaults/main.yaml index d0a5ca6..922bb73 100644 --- a/roles/bank/defaults/main.yaml +++ b/roles/bank/defaults/main.yaml @@ -1,3 +1,3 @@ bank_user: bank bank_local_tty: no -bank_revbank_version: "10.3.0" +bank_revbank_version: "10.5.1" diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron index 32308cf..b5ad03c 100644 --- a/roles/bank/templates/git.cron +++ b/roles/bank/templates/git.cron @@ -1,4 +1,4 @@ SHELL=/bin/bash #m h dom mon dow user command - */10 * * * * {{ bank_user }} git -C ~/.revbank pull -r && git -C ~/.revbank push + */10 * * * * {{ bank_user }} git -C ~/.revbank pull -r && git -C ~/.revbank push && git -C ~/.revbank gc From 5d708d2808b1d4de8304c0a84d961db40a0802d0 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 7 Jun 2025 19:40:34 +0200 Subject: [PATCH 56/56] music: Fix mqtt-soundboard --- roles/music/handlers/main.yaml | 4 ++-- roles/music/tasks/soundboard.yaml | 20 +++++++++---------- ...dboard.service => mqtt-soundboard.service} | 7 +++---- .../{soundboard.yaml => mqtt-soundboard.yaml} | 4 ++-- 4 files changed, 16 insertions(+), 19 deletions(-) rename roles/music/templates/{soundboard.service => mqtt-soundboard.service} (51%) rename roles/music/templates/{soundboard.yaml => mqtt-soundboard.yaml} (81%) diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 18e7f74..f6507f0 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -58,9 +58,9 @@ state: restarted daemon_reload: true -- name: Restart soundboard +- name: restart mqtt-soundboard ansible.builtin.systemd: - name: soundboard + name: mqtt-soundboard state: restarted daemon_reload: true diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index 1b72dbf..92619b1 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -6,25 +6,23 @@ - mplayer state: present -- ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - /opt/soundboard - - /etc/systemd/system/soundboard.service - - name: Install soundboard config file ansible.builtin.template: - src: soundboard.yaml - dest: /etc/soundboard.yaml + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: root mode: 0644 - notify: Restart soundboard + notify: restart mqtt-soundboard + with_items: + - src: mqtt-soundboard.service + dest: /etc/systemd/system/mqtt-soundboard.service + - src: mqtt-soundboard.yaml + dest: /etc/mqtt-soundboard.yaml - name: Enable soundboard ansible.builtin.systemd: - name: soundboard + name: mqtt-soundboard state: started enabled: true daemon_reload: true diff --git a/roles/music/templates/soundboard.service b/roles/music/templates/mqtt-soundboard.service similarity index 51% rename from roles/music/templates/soundboard.service rename to roles/music/templates/mqtt-soundboard.service index 38b31ab..4429bfa 100644 --- a/roles/music/templates/soundboard.service +++ b/roles/music/templates/mqtt-soundboard.service @@ -6,12 +6,11 @@ After=network.target [Service] Type=simple -ExecStart=/opt/soundboard/.venv/bin/python /opt/soundboard/soundboard.py /etc/soundboard.yaml +ExecStart=/lib/python3/dist-packages/mqtt-soundboard.py /etc/mqtt-soundboard.yaml Restart=always RestartSec=10 -User=audio -LimitMEMLOCK=infinity -LimitRTPRIO=99 +User=root +Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" [Install] WantedBy=multi-user.target diff --git a/roles/music/templates/soundboard.yaml b/roles/music/templates/mqtt-soundboard.yaml similarity index 81% rename from roles/music/templates/soundboard.yaml rename to roles/music/templates/mqtt-soundboard.yaml index 106dc30..9056002 100644 --- a/roles/music/templates/soundboard.yaml +++ b/roles/music/templates/mqtt-soundboard.yaml @@ -1,13 +1,13 @@ # {{ ansible_managed }} -loglevel: INFO +loglevel: DEBUG mqtt: host: {{ mqtt_internal_host }} sounds: directory: /opt/sounds - play_cmd: "mplayer -volume 10 -ao jack:name=MPlayer %s" + play_cmd: "pw-jack mplayer -volume 20 -ao jack:name=MPlayer %s" topic: bitlair/soundboard aliases: