diff --git a/bitlair.yaml b/bitlair.yaml index f4ece91..b463ff7 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -47,6 +47,7 @@ - hosts: music roles: - { role: "acme", tags: ["acme"] } + - { role: "go", tags: ["go"] } - { role: "music", tags: ["music"] } - hosts: pad @@ -57,7 +58,6 @@ - hosts: services roles: - - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "services", tags: ["services"] } - hosts: wiki diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 0169ce1..39de4c0 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -37,7 +37,5 @@ debian_repourl: "http://deb.debian.org/debian/" debian_securityurl: "http://security.debian.org/debian-security" deb_forgejo_repos: - - host: git.bitlair.nl - owner: bitlair - host: git.polyfloyd.net owner: polyfloyd diff --git a/group_vars/ldap.yaml b/group_vars/ldap.yaml new file mode 100644 index 0000000..53187b1 --- /dev/null +++ b/group_vars/ldap.yaml @@ -0,0 +1,4 @@ +--- + +group_nft_input: + - "tcp dport { ldap, ldaps } accept # Allow LDAP traffic" diff --git a/group_vars/music.yaml b/group_vars/music.yaml index 457597a..8f0cc7c 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -11,10 +11,6 @@ root_access: - polyfloyd nginx_client_max_body_size: 512M -nginx_sites: - - server_name: "music.bitlair.nl" - snippets: - - "music-nginx.j2" music_domain: music.bitlair.nl acme_san_domains: diff --git a/music.yaml b/music.yaml index cc04425..17666f3 100644 --- a/music.yaml +++ b/music.yaml @@ -5,5 +5,6 @@ - { role: "common", tags: [ "common" ] } - { role: "acme", tags: [ "acme" ] } - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - - { role: "nginx", tags: [ "nginx" ] } + - { role: "go", tags: [ "go" ] } +# - { role: "nginx", tags: [ "nginx" ] } - { role: "music", tags: [ "music" ] } diff --git a/roles/389-ldap/tasks/main.yaml b/roles/389-ldap/tasks/main.yaml new file mode 100644 index 0000000..eaf4383 --- /dev/null +++ b/roles/389-ldap/tasks/main.yaml @@ -0,0 +1,9 @@ +--- + +- name: Install packages + ansible.builtin.apt: + state: present + pkg: + - 389-ds-base + - shelldap + diff --git a/roles/bank/defaults/main.yaml b/roles/bank/defaults/main.yaml index d0a5ca6..b0fea92 100644 --- a/roles/bank/defaults/main.yaml +++ b/roles/bank/defaults/main.yaml @@ -1,3 +1,3 @@ bank_user: bank +bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git bank_local_tty: no -bank_revbank_version: "10.3.0" diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index f54bbfd..7ed568e 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -4,7 +4,7 @@ name: bank password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" home: /home/{{ bank_user }} - shell: /usr/local/share/revbank/revbank + shell: /home/{{ bank_user }}/revbank.git/revbank update_password: always - name: Allow password auth for bank user @@ -13,7 +13,7 @@ insertafter: EOF validate: "/usr/sbin/sshd -t -f %s" block: |- - Match User {{ bank_user }} + Match User bank PasswordAuthentication yes notify: reload sshd diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index 3b2ec65..ec283d1 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -1,22 +1,50 @@ --- - name: Install dependencies ansible.builtin.apt: - name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ] + name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] state: present - name: Clone revbank source ansible.builtin.git: - repo: https://github.com/revspace/revbank.git - version: "v{{ bank_revbank_version }}" - dest: /usr/local/share/revbank + repo: "{{ bank_revbank_git }}" + version: master + dest: /home/{{ bank_user }}/revbank.git accept_hostkey: yes -- name: Clone revbank-plugin source - ansible.builtin.git: - repo: https://git.bitlair.nl/bitlair/revbank-plugins.git - version: main - dest: /usr/local/share/revbank-plugins - accept_hostkey: yes +- name: Create data files + ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} + args: + creates: /home/{{ bank_user }}/{{ item }} + with_items: + - revbank.accounts + - revbank.market + - revbank.products + +- name: Ensure data file permissions + ansible.builtin.file: + path: /home/{{ bank_user }}/{{ item }} + state: touch + owner: "{{ bank_user }}" + group: "{{ bank_user }}" + mode: 0644 + with_items: + - revbank.accounts + - revbank.market + - revbank.products + +- name: Link plugins + ansible.builtin.file: + state: link + path: /home/{{ bank_user }}/{{ item }} + src: /home/{{ bank_user }}/revbank.git/{{ item }} + with_items: + - plugins + - revbank.plugins + +- name: Create git data dir + ansible.builtin.file: + path: /home/{{ bank_user }}/data.git + state: directory - name: Install git cronjob ansible.builtin.template: diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron index 32308cf..b334260 100644 --- a/roles/bank/templates/git.cron +++ b/roles/bank/templates/git.cron @@ -1,4 +1,4 @@ SHELL=/bin/bash #m h dom mon dow user command - */10 * * * * {{ bank_user }} git -C ~/.revbank pull -r && git -C ~/.revbank push + */10 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products) diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index d08ae0b..fa95b47 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,8 +1,2 @@ music_audio_user: audio -music_audio_group: audio -music_librespot_user: librespot -music_trollibox_user: trollibox - -music_pulse_server: /tmp/pipewire-pulse-socket - music_mqtt_mpd_volume: bitlair/music/space/volume diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index d4465ab..2d77dbb 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -2,25 +2,19 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: restart mpd - ansible.builtin.systemd: - name: mpd - state: restarted - daemon_reload: true - -- name: restart trollibox +- name: Restart trollibox ansible.builtin.systemd: name: trollibox state: restarted daemon_reload: true -- name: rebuild librespot +- name: Rebuild librespot ansible.builtin.command: - cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend + cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend args: chdir: /opt/librespot -- name: restart librespot +- name: Restart librespot ansible.builtin.systemd: name: librespot state: restarted diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml deleted file mode 100644 index 7961b70..0000000 --- a/roles/music/tasks/base.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Install pipewire - apt: - name: - - pipewire - - pipewire-jack - - pipewire-pulse - - pulseaudio-utils - - pulsemixer - - wireplumber - state: present - -- name: Add audio group - group: - name: audio - system: true - -- name: Set PULSE_SERVER env var for all shells - copy: - dest: /etc/profile.d/pulse-server.sh - content: |+ - # Ansible managed - export PULSE_SERVER={{ music_pulse_server }} - -- name: Create pipewire-pulse config dir - file: - path: /etc/pipewire/pipewire-pulse.conf.d/ - state: directory - -- name: Configure system socket - ansible.builtin.copy: - dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf - content: |+ - # Ansible managed - context.exec = [ - { path = "/bin/chgrp" args = "{{ music_audio_group }} {{ music_pulse_server }}" } - { path = "/bin/chmod" args = "g+rwx,o-rwx {{ music_pulse_server }}" } - ] - pulse.properties = { - server.address = [ - "unix:{{ music_pulse_server }}" - ] - } diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 9d062ce..2a8d19b 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -1,11 +1,8 @@ --- -- name: Create librespot user - user: - name: "{{ music_librespot_user }}" - system: true - home: /var/lib/librespot - groups: - - "{{ music_audio_group }}" +- name: Install dependencies + ansible.builtin.apt: + name: libjack-jackd2-dev + state: present - name: Clone librespot source ansible.builtin.git: @@ -14,8 +11,8 @@ dest: /opt/librespot accept_hostkey: yes notify: - - rebuild librespot - - restart librespot + - Rebuild librespot + - Restart librespot - name: Install service file ansible.builtin.template: @@ -24,7 +21,7 @@ owner: root group: root mode: 0644 - notify: restart librespot + notify: Restart librespot - name: Enable Librespot ansible.builtin.systemd: @@ -32,5 +29,3 @@ state: started enabled: true daemon_reload: true - -- meta: flush_handlers diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index e8105ee..e8a751c 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -1,9 +1,4 @@ --- -- name: Import base - ansible.builtin.import_tasks: - file: base.yaml - tags: - - music_base - name: Import mpd ansible.builtin.import_tasks: @@ -28,3 +23,12 @@ file: soundboard.yaml tags: - music_soundboard + +- name: Install nginx config + ansible.builtin.template: + src: nginx-site.conf + dest: /etc/nginx/sites-enabled/trollibox + owner: root + group: root + mode: 0644 + notify: Reload nginx diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index ebf2406..eb88133 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -1,32 +1,14 @@ --- + - name: Install MPD ansible.builtin.apt: - name: mpd + name: + - jackd + - mpd + - python3-mpd + - python3-serial state: present -- name: Add mpd user to the {{ music_audio_group }} group - user: - name: mpd - groups: - - "{{ music_audio_group }}" - notify: restart mpd - -- name: Install mpd file - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - notify: restart mpd - with_items: - - src: mpd.conf - dest: /etc/mpd.conf - - src: mpd.service - dest: /etc/systemd/system/mpd.service - - src: mpd_state - dest: /var/lib/mpd/state.default - - name: Install mpd-volume-to-mqtt script ansible.builtin.template: src: mpd-volume-to-mqtt.sh @@ -51,3 +33,27 @@ state: started enabled: true daemon_reload: true + +- name: Clone skipbutton source + ansible.builtin.git: + repo: https://github.com/bitlair/skipbutton.git + version: master + dest: /opt/skipbutton + accept_hostkey: yes + notify: Restart skipbutton + +- name: Install skipbutton service + ansible.builtin.template: + src: skipbutton.service + dest: /etc/systemd/system/skipbutton.service + owner: root + group: root + mode: 0644 + notify: Restart skipbutton + +- name: Enable skipbutton + ansible.builtin.systemd: + name: skipbutton + state: started + enabled: true + daemon_reload: true diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 34b3df2..0b20b4a 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,10 +1,4 @@ --- -- name: Create trollibox user - user: - name: "{{ music_trollibox_user }}" - system: true - home: /var/lib/trollibox - - name: Install Trollibox config ansible.builtin.template: src: trollibox.yaml @@ -12,29 +6,27 @@ owner: root group: root mode: "0644" - notify: restart trollibox + notify: Restart trollibox - name: Get latest Trollibox version from Github API - uri: + ansible.builtin.get_url: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" - return_content: true - register: response - changed_when: false - check_mode: false - failed_when: "response is failed or 'json' not in response" + dest: "/tmp/_ansible_trollibox_latest_release.json" -- name: Format trollibox latest version - set_fact: - trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}" +- name: Get download url + ansible.builtin.shell: + cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name + | contains("linux-amd64")) | .browser_download_url -r + register: "trollibox_download_url" - name: Download Trollibox ansible.builtin.unarchive: - src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz" + src: "{{ trollibox_download_url.stdout }}" remote_src: yes dest: /usr/local/bin include: [ trollibox ] mode: "0755" - notify: restart trollibox + notify: Restart trollibox - name: Install service file ansible.builtin.template: @@ -43,7 +35,7 @@ owner: root group: root mode: "0644" - notify: restart trollibox + notify: Restart trollibox - name: Enable Trollibox ansible.builtin.systemd: diff --git a/roles/music/templates/librespot.service b/roles/music/templates/librespot.service index e90c3cb..8d3b683 100644 --- a/roles/music/templates/librespot.service +++ b/roles/music/templates/librespot.service @@ -3,14 +3,16 @@ [Unit] Description=Spotify through Librespot After=network.target +Requires=jackd.service [Service] Type=simple Restart=always RestartSec=2s -ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend pulseaudio --volume-ctrl linear -Environment="PULSE_SERVER={{ music_pulse_server }}" -User={{ music_librespot_user }} +ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio +User={{ music_audio_user }} +Group={{ music_audio_user }} +AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE [Install] WantedBy=multi-user.target diff --git a/roles/music/templates/mpd-volume-to-mqtt.sh b/roles/music/templates/mpd-volume-to-mqtt.sh index 5f89374..ac3230b 100644 --- a/roles/music/templates/mpd-volume-to-mqtt.sh +++ b/roles/music/templates/mpd-volume-to-mqtt.sh @@ -14,7 +14,7 @@ prev_volume=x if [ $event = "mixer" ]; then volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'` if [ "$prev_volume" != "$volume" ]; then - mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume" + mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume" fi prev_volume=$volume fi diff --git a/roles/music/templates/mpd.conf b/roles/music/templates/mpd.conf deleted file mode 100644 index 6906e54..0000000 --- a/roles/music/templates/mpd.conf +++ /dev/null @@ -1,40 +0,0 @@ -# {{ ansible_managed }} - -user "mpd" -group "{{ music_audio_group }}" - -bind_to_address "any" -port "6600" -max_connections "20" - -zeroconf_enabled "yes" -zeroconf_name "MPD @ %h" - -music_directory "/srv/media/music" -auto_update "yes" -filesystem_charset "UTF-8" - -playlist_directory "/var/lib/mpd/playlists" -db_file "/var/lib/mpd/tag_cache" -state_file "/var/lib/mpd/state" -sticker_file "/var/lib/mpd/sticker.sql" - -input { - plugin "curl" # Required for web streams. -} - -decoder { - plugin "hybrid_dsd" - enabled "no" -} - -decoder { - plugin "wildmidi" - enabled "no" -} - -audio_output { - type "pulse" - name "Pulse" - server "{{ music_pulse_server }}" -} diff --git a/roles/music/templates/mpd.service b/roles/music/templates/mpd.service deleted file mode 100644 index fb9808d..0000000 --- a/roles/music/templates/mpd.service +++ /dev/null @@ -1,21 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=Music Player Daemon -After=network.target - -[Service] -Type=simple -ExecStartPre=/bin/mkdir -p /run/mpd -ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd -ExecStartPre=/bin/touch /var/log/mpd.log -ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log -ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state -ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf -# MDP will fork itself to the user defined in its config -User=root -LimitMEMLOCK=infinity -LimitRTPRIO=99 - -[Install] -WantedBy=multi-user.target diff --git a/roles/music/templates/mpd_state b/roles/music/templates/mpd_state deleted file mode 100644 index 27b059b..0000000 --- a/roles/music/templates/mpd_state +++ /dev/null @@ -1,17 +0,0 @@ -sw_volume: 20 -audio_device_state:1:Pulse -state: play -current: 0 -time: 0 -random: 0 -repeat: 0 -single: 0 -consume: 0 -crossfade: 0 -mixrampdb: 0.000000 -mixrampdelay: -1.000000 -playlist_begin -song_begin: http://ice4.somafm.com/groovesalad-256-mp3 -Name: SomaFM Groove Salad -song_end -playlist_end diff --git a/roles/music/templates/nginx-site.conf b/roles/music/templates/nginx-site.conf new file mode 100644 index 0000000..185d689 --- /dev/null +++ b/roles/music/templates/nginx-site.conf @@ -0,0 +1,70 @@ +# {{ ansible_managed }} + +server { + listen 80 default_server; + listen [::]:80 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + server_name {{ music_domain }}; + + {% if acme_bootstrap_certs %} + include "snippets/snakeoil.conf"; + {% else %} + ssl_certificate "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem"; + ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem"; + {% endif %} + + {% for range in trusted_ranges %} + allow {{ range.cidr }}; + {% endfor %} + deny all; + + location / { + rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?; + } + + location /trollibox/ { + proxy_pass http://[::1]:3000/; + client_max_body_size 512M; + include proxy_params; + } + + location ~ ^/trollibox/(.+/events)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + chunked_transfer_encoding off; + add_header X-Test "123"; + proxy_set_header Connection ''; + proxy_buffering off; + proxy_read_timeout 7d; + } + + location ~ ^/trollibox/(.+/listen)$ { + proxy_pass http://[::1]:3000/$1; + include proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 7d; + } + + location /bobdsp/ { + proxy_pass http://[::1]:8081/; + include proxy_params; + } + + location /vis/ { + allow all; + proxy_pass http://[::1]:13378/; + include proxy_params; + } + + location = /vis/ { + rewrite ^(.*)$ /vis/index.html; + include proxy_params; + } + + include "snippets/acme.conf"; +} diff --git a/roles/music/templates/skipbutton.service b/roles/music/templates/skipbutton.service new file mode 100644 index 0000000..f2a5d6f --- /dev/null +++ b/roles/music/templates/skipbutton.service @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Unit] +Description=MPD Skipbutton +After=network.target +Requires=mpd.service + +[Service] +Type=simple +Restart=always +RestartSec=10s +ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0 +DynamicUser=true +Group=dialout + +[Install] +WantedBy=multi-user.target diff --git a/roles/music/templates/trollibox.service b/roles/music/templates/trollibox.service index 66d581d..ddddd2f 100644 --- a/roles/music/templates/trollibox.service +++ b/roles/music/templates/trollibox.service @@ -10,7 +10,8 @@ Type=simple Restart=always RestartSec=2s ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml -User={{ music_trollibox_user }} +User={{ music_audio_user }} +Group={{ music_audio_user }} [Install] WantedBy=multi-user.target diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 3ce4308..19a659f 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -3,37 +3,31 @@ - name: Install dependencies ansible.builtin.apt: name: - - openscad + - python3-paho-mqtt + - python3-tz - virtualenv - name: Create virtualenv ansible.builtin.command: - cmd: virtualenv /var/lib/discord-bot/.venv + cmd: virtualenv /opt/miflora_exporter/.venv args: creates: /var/lib/discord-bot/.venv -- name: Clone bottleclip source - ansible.builtin.git: - repo: https://git.bitlair.nl/bitlair/bottle-clip.git - version: main - dest: /var/lib/bottle-clip - accept_hostkey: yes - notify: Restart discord-bot - -- name: Clone discord-bot source - ansible.builtin.git: - repo: https://git.bitlair.nl/bitlair/discord-bot.git - version: main - dest: /var/lib/discord-bot - accept_hostkey: yes - notify: Restart discord-bot - - name: Install Python dependencies ansible.builtin.shell: cmd: . .venv/bin/activate && pip install -r requirements.txt args: chdir: /var/lib/discord-bot +- name: Clone source + ansible.builtin.git: + repo: https://git.bitlair.nl/bitlair/discord-bot.git + version: main + dest: /var/lib/discord-bot + accept_hostkey: yes + notify: Restart discord-bot + ignore_errors: true + - name: Install service file ansible.builtin.template: src: discord-bot.service diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index fc7fef5..c7c3b0b 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -1,15 +1,16 @@ --- -- name: Install siahsd - apt: - name: siahsd +# TODO: Install and build - name: Create directories ansible.builtin.file: - path: /var/log/siahsd + path: "{{ item }}" state: directory owner: siahsd group: nogroup mode: "0750" + with_items: + - /var/log/siahsd + - /var/lib/siahsd - name: Install config file ansible.builtin.template: @@ -20,9 +21,19 @@ mode: "0644" notify: Restart siahsd +- name: Install service file + ansible.builtin.template: + src: siahsd.service + dest: /etc/systemd/system/siahsd.service + owner: root + group: root + mode: "0644" + notify: Restart siahsd + - name: Start siahsd ansible.builtin.systemd: name: siahsd state: started enabled: true daemon_reload: true + diff --git a/roles/services/templates/discord-bot.service b/roles/services/templates/discord-bot.service index 7522fd9..2c73d05 100644 --- a/roles/services/templates/discord-bot.service +++ b/roles/services/templates/discord-bot.service @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# Managed by Ansible [Unit] Description=HobbyBot @@ -13,7 +13,6 @@ DynamicUser=true Environment="MQTT_HOST={{ mqtt_internal_host }}" Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}" Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}" -Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip" [Install] WantedBy=multi-user.target diff --git a/roles/services/templates/siahsd.conf b/roles/services/templates/siahsd.conf index ee18220..5d8e94f 100644 --- a/roles/services/templates/siahsd.conf +++ b/roles/services/templates/siahsd.conf @@ -1,5 +1,3 @@ -# {{ ansible_managed }} - [siahsd] pid file = /var/lib/siahsd/siahsd.pid log file = /var/log/siahsd/siahsd.log @@ -7,6 +5,13 @@ log level = 3 foreground = 0 event handlers = script +#[database] +#driver = mysql +#host = localhost +#name = siahsd +#username = siahsd +#password = MysbJxAaawmwKPqD + [siahs] port = 4000 @@ -14,5 +19,21 @@ port = 4000 port = 9000 rsa key file = something.sexp +#[jsonbot] +#address = 192.168.88.15 +#port = 5500 +#aes key = blablablablablaz +#password = mekker +#privmsg to = #bitlair + +#[spacestate] +#driver = mysql +#host = localhost +#name = bitwifi +#username = bitwifi +#password = aGWERQpLEQPUaXJV +#open script = /opt/alarm/disarmed.sh +#close script = /opt/alarm/armed.sh + [script] path = /opt/alarm/siahsd_handler.sh diff --git a/roles/services/templates/siahsd.service b/roles/services/templates/siahsd.service new file mode 100644 index 0000000..479324c --- /dev/null +++ b/roles/services/templates/siahsd.service @@ -0,0 +1,17 @@ +# Managed by Ansible + +[Unit] +Description=Siahsd +After=network.target + +[Service] +Type=forking +PIDFile=/var/lib/siahsd/siahsd.pid +Restart=always +RestartSec=10s +ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid +ExecStart=/usr/local/src/siahsd/build/siahsd +User=siahsd + +[Install] +WantedBy=multi-user.target diff --git a/services.yaml b/services.yaml index 52103e0..e66fc11 100644 --- a/services.yaml +++ b/services.yaml @@ -3,5 +3,4 @@ - hosts: services roles: - { role: "common", tags: [ "common" ] } - - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "services", tags: [ "services" ] } diff --git a/snippets/music-nginx.j2 b/snippets/music-nginx.j2 deleted file mode 100644 index d179b23..0000000 --- a/snippets/music-nginx.j2 +++ /dev/null @@ -1,49 +0,0 @@ -{% for range in trusted_ranges %} -allow {{ range.cidr }}; -{% endfor %} -deny all; - -location / { - rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?; -} - -location /trollibox/ { - proxy_pass http://[::1]:3000/; - include proxy_params; -} - -location ~ ^/trollibox/(.+/events)$ { - proxy_pass http://[::1]:3000/$1; - include proxy_params; - proxy_http_version 1.1; - chunked_transfer_encoding off; - add_header X-Test "123"; - proxy_set_header Connection ''; - proxy_buffering off; - proxy_read_timeout 7d; -} - -location ~ ^/trollibox/(.+/listen)$ { - proxy_pass http://[::1]:3000/$1; - include proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 7d; -} - -location /bobdsp/ { - proxy_pass http://[::1]:8081/; - include proxy_params; -} - -location /vis/ { - allow all; - proxy_pass http://[::1]:13378/; - include proxy_params; -} - -location = /vis/ { - rewrite ^(.*)$ /vis/index.html; - include proxy_params; -}