From 9cbd01f4bcdd11a8b01903033eb4af3382ced2e6 Mon Sep 17 00:00:00 2001 From: Kyan Wanschers Date: Tue, 15 Apr 2025 16:31:57 +0200 Subject: [PATCH 1/6] maak chat.bitlair.nl --- authorized_keys/blackdragon.keys | 1 + chat.yaml | 7 + group_vars/chat.yaml | 35 +++++ inventory | 4 + roles/chat/defaults/main.yaml | 0 roles/chat/tasks/main.yaml | 152 +++++++++++++++++++ roles/chat/templates/config.js.j2 | 59 +++++++ roles/chat/templates/nodejs-apt-pref | 5 + roles/chat/templates/nodesource.list | 3 + roles/chat/templates/thelounge-bitlair.patch | 28 ++++ roles/chat/templates/thelounge.service | 17 +++ roles/common/tasks/main.yaml | 1 + 12 files changed, 312 insertions(+) create mode 100644 authorized_keys/blackdragon.keys create mode 100644 chat.yaml create mode 100644 group_vars/chat.yaml create mode 100644 roles/chat/defaults/main.yaml create mode 100644 roles/chat/tasks/main.yaml create mode 100644 roles/chat/templates/config.js.j2 create mode 100644 roles/chat/templates/nodejs-apt-pref create mode 100644 roles/chat/templates/nodesource.list create mode 100644 roles/chat/templates/thelounge-bitlair.patch create mode 100644 roles/chat/templates/thelounge.service diff --git a/authorized_keys/blackdragon.keys b/authorized_keys/blackdragon.keys new file mode 100644 index 0000000..49aa162 --- /dev/null +++ b/authorized_keys/blackdragon.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre \ No newline at end of file diff --git a/chat.yaml b/chat.yaml new file mode 100644 index 0000000..9560585 --- /dev/null +++ b/chat.yaml @@ -0,0 +1,7 @@ +- hosts: chat + roles: + - { role: "common", tags: [ "common" ] } + - { role: "nft", tags: [ "nft" ] } + - { role: "nginx", tags: [ "nginx" ] } + - { role: "acme", tags: [ "acme" ] } + - { role: "chat", tags: [ "chat" ] } diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml new file mode 100644 index 0000000..60ce3e3 --- /dev/null +++ b/group_vars/chat.yaml @@ -0,0 +1,35 @@ +--- +root_access: + - blackdragon + - ak + - foobar + - polyfloyd +nodejs_version: 22.x +thelounge_version: "4.4.3" +thelounge_ldap_url: ldaps://ldap.bitlair.nl +thelounge_ldap_filter: (objectClass=inetOrgPerson) +thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl +chat_hostname: chat.bitlair.nl + +acme_domains: + - "{{ chat_hostname }}" + +nginx_sites: + - server_name: "{{ chat_hostname }}" + config: + - |- + location / { + proxy_pass http://127.0.0.1:9000/; + proxy_http_version 1.1; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + + # by default nginx times out connections in one minute + proxy_read_timeout 1d; + } + +group_nft_input: + - "tcp dport { http, https } accept # Allow web-traffic from world" + - "tcp dport 113 accept # Allow identd from world" diff --git a/inventory b/inventory index 8d835ac..e6d6d1f 100644 --- a/inventory +++ b/inventory @@ -46,6 +46,9 @@ shell.bitlair.nl [homeassistant] homeassistant.bitlair.nl +[chat] +chat.bitlair.nl + [debian:children] bank fotos @@ -60,3 +63,4 @@ services wiki shell homeassistant +chat \ No newline at end of file diff --git a/roles/chat/defaults/main.yaml b/roles/chat/defaults/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml new file mode 100644 index 0000000..213270e --- /dev/null +++ b/roles/chat/tasks/main.yaml @@ -0,0 +1,152 @@ +- name: Install dependencies + ansible.builtin.apt: + state: present + pkg: + - gpg + - apt-transport-https + - build-essential + - authbind + +- name: Import nodesource signing key + ansible.builtin.shell: + cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor + -o /usr/share/keyrings/nodesource.gpg + args: + creates: /usr/share/keyrings/nodesource.gpg + notify: Apt update + +- name: Install nodesource source list + ansible.builtin.template: + src: nodesource.list + dest: /etc/apt/sources.list.d/nodesource.list + owner: root + group: root + mode: 0644 + notify: Apt update + +- name: Install nodejs apt preference + ansible.builtin.template: + src: nodejs-apt-pref + dest: /etc/apt/preferences.d/nodejs + owner: root + group: root + mode: 0644 + notify: Apt update + +- ansible.builtin.meta: flush_handlers + +- name: Install nodejs + ansible.builtin.apt: + name: nodejs + +- name: Install yarn + ansible.builtin.shell: + cmd: npm install --global yarn + +- stat: path=/opt/thelounge + register: src_path + +- name: Retreive thelounge source + block: + - name: Checkout source + ansible.builtin.git: + repo: 'https://github.com/revspace/thelounge.git' + dest: /opt/thelounge + version: 9d6dc83 + force: true + + - name: Copy patch + ansible.builtin.template: + src: thelounge-bitlair.patch + dest: /tmp/thelounge-bitlair.patch + + - name: Apply patch + ansible.builtin.shell: + chdir: /opt/thelounge + cmd: git apply /tmp/thelounge-bitlair.patch + when: not src_path.stat.exists + +- name: Build and install thelounge + ansible.builtin.shell: + chdir: /opt/thelounge + cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge + +- name: Ensure user thelounge is present + user: + name: thelounge + createhome: no + comment: The Lounge (IRC client) + system: yes + state: present + become: yes + +- name: Give thelounge access to port 113 via authbind + file: + path: /etc/authbind/byport/113 + owner: thelounge + group: thelounge + mode: 0500 + state: touch + +- name: Ensure JS and JSON syntax checking packages are installed + yarn: + name: "{{ item }}" + global: yes + state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + with_items: + - esprima + - jsonlint + become: yes + changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in + +- name: Ensure thelounge configuration directory is present + file: + path: /etc/thelounge + owner: thelounge + group: thelounge + state: directory + become: yes + +- name: Ensure The Lounge is configured + template: + src: config.js.j2 + dest: /etc/thelounge/config.js + owner: thelounge + group: thelounge + validate: 'esvalidate %s' + become: yes + +- name: Ensure user configuration directory is present + file: + path: /etc/thelounge/users + owner: thelounge + group: thelounge + state: directory + become: yes + +- name: Ensure preview storage directory is present + file: + path: /etc/thelounge/storage + owner: thelounge + group: thelounge + mode: "0770" + state: directory + become: yes + +- name: Copy service file to systemd directory + ansible.builtin.template: + src: thelounge.service # Path to your service file in your Ansible project + dest: /etc/systemd/system/thelounge.service + owner: root + group: root + mode: '0644' + +- name: Reload systemd daemon to read new service file + ansible.builtin.systemd: + daemon_reload: yes + +- name: Enable and start the service + ansible.builtin.systemd: + name: thelounge + state: started + enabled: yes \ No newline at end of file diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 new file mode 100644 index 0000000..0ad4de5 --- /dev/null +++ b/roles/chat/templates/config.js.j2 @@ -0,0 +1,59 @@ +"use strict"; + +module.exports = { + public: false, + port: 9000, + bind: "0.0.0.0", + reverseProxy: true, + lockNetwork: true, + maxHistory: 10000, + leaveMessage: "Doei!", + defaults: { + name: "Smurfnet", + password: "", + rejectUnauthorized: true, + nick: "", + username: "", + realname: "", + join: "#bitlair", + }, + messageStorage: ["sqlite", "text"], + fileUpload: { + enable: true, + }, + networks: { + Smurfnet: { + host: "irc.smurfnet.ch", + port: 6697, + tls: true, + rejectUnauthorized: false, + }, + "Libera.Chat": { + host: "irc.libera.chat", + port: 6697, + tls: true, + rejectUnauthorized: true, + }, + OFTC: { + host: "irc.oftc.net", + port: 6697, + tls: true, + rejectUnauthorized: true, + }, + }, + identd: { + enable: true, + port: 113, + }, + ldap: { + enable: true, + url: "{{ thelounge_ldap_url }}", + primaryKey: "uid", + searchDN: { + rootDN: "{{ thelounge_ldap_rootDN }}", + rootPassword: "{{ thelounge_ldap_rootPassword }}", + filter: "{{ thelounge_ldap_filter }}", + base: "{{ thelounge_ldap_base }}", + }, + }, +}; diff --git a/roles/chat/templates/nodejs-apt-pref b/roles/chat/templates/nodejs-apt-pref new file mode 100644 index 0000000..6193912 --- /dev/null +++ b/roles/chat/templates/nodejs-apt-pref @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +Package: nodejs +Pin: origin deb.nodesource.com +Pin-Priority: 1000 diff --git a/roles/chat/templates/nodesource.list b/roles/chat/templates/nodesource.list new file mode 100644 index 0000000..6ac9322 --- /dev/null +++ b/roles/chat/templates/nodesource.list @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +deb [arch=amd64 signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main diff --git a/roles/chat/templates/thelounge-bitlair.patch b/roles/chat/templates/thelounge-bitlair.patch new file mode 100644 index 0000000..fdfb795 --- /dev/null +++ b/roles/chat/templates/thelounge-bitlair.patch @@ -0,0 +1,28 @@ +diff --git a/package.json b/package.json +index 2991a6ec..dac43f16 100644 +--- a/package.json ++++ b/package.json +@@ -84,9 +84,7 @@ + "ua-parser-js": "1.0.33", + "uuid": "8.3.2", + "web-push": "3.4.5", +- "yarn": "1.22.17" +- }, +- "optionalDependencies": { ++ "yarn": "1.22.17", + "sqlite3": "5.1.7" + }, + "devDependencies": { +diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts +index e6093b0f..d30b9a1c 100644 +--- a/server/plugins/auth/ldap.ts ++++ b/server/plugins/auth/ldap.ts +@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => { + // auth plugin API + function callbackWrapper(valid: boolean) { + if (valid && !client) { +- manager.addUser(user, null, false); ++ manager.addUser(user, null, true); + } + + callback(valid); diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service new file mode 100644 index 0000000..9170235 --- /dev/null +++ b/roles/chat/templates/thelounge.service @@ -0,0 +1,17 @@ +[Unit] +Description=The Lounge (IRC client) +After=network-online.target +Wants=network-online.target + +[Service] +User=thelounge +Group=thelounge +Type=simple +Environment=THELOUNGE_HOME=/etc/thelounge +ExecStart=/usr/bin/authbind --deep /usr/local/bin/thelounge start +ProtectSystem=yes +ProtectHome=yes +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 29f7744..f193e46 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -79,6 +79,7 @@ - unattended-upgrades - apt-listchanges - sudo-ldap + - cron - name: Configure FZF for Bash ansible.builtin.lineinfile: From 607a401cef6a0c48d9d981bb82b7aedc5f770d1e Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Wed, 16 Apr 2025 21:34:24 +0200 Subject: [PATCH 2/6] Add chat --- inventory | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inventory b/inventory index 8d835ac..c380b07 100644 --- a/inventory +++ b/inventory @@ -46,6 +46,9 @@ shell.bitlair.nl [homeassistant] homeassistant.bitlair.nl +[chat] +chat.bitlair.nl + [debian:children] bank fotos @@ -60,3 +63,4 @@ services wiki shell homeassistant +chat From e4c0e19613c6ecc11b6896327e372452f1799d0f Mon Sep 17 00:00:00 2001 From: Kyan Wanschers Date: Tue, 15 Apr 2025 16:31:57 +0200 Subject: [PATCH 3/6] fix dingen op chat.bitlair.nl --- group_vars/chat.yaml | 33 ++++++++++++++++++++++++++ roles/chat/tasks/main.yaml | 15 +++--------- roles/chat/templates/config.js.j2 | 3 +-- roles/chat/templates/thelounge.service | 4 ++-- 4 files changed, 39 insertions(+), 16 deletions(-) diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml index 60ce3e3..0aaaf94 100644 --- a/group_vars/chat.yaml +++ b/group_vars/chat.yaml @@ -33,3 +33,36 @@ nginx_sites: group_nft_input: - "tcp dport { http, https } accept # Allow web-traffic from world" - "tcp dport 113 accept # Allow identd from world" +--- +root_access: + - blackdragon + - ak + - foobar + - polyfloyd +nodejs_version: 22.x +thelounge_version: "4.4.3" +thelounge_ldap_url: ldaps://ldap.bitlair.nl +thelounge_ldap_filter: (objectClass=inetOrgPerson) +thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl +chat_hostname: chat.bitlair.nl +acme_domains: + - "{{ chat_hostname }}" + +nginx_sites: + - server_name: "{{ chat_hostname }}" + config: + - |- + location / { + proxy_pass http://127.0.0.1:9000/; + proxy_http_version 1.1; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + + # by default nginx times out connections in one minute + proxy_read_timeout 1d; + } + +group_nft_input: + - "tcp dport { http, https } accept # Allow web-traffic from world" diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml index 213270e..6fa26d1 100644 --- a/roles/chat/tasks/main.yaml +++ b/roles/chat/tasks/main.yaml @@ -5,7 +5,6 @@ - gpg - apt-transport-https - build-essential - - authbind - name: Import nodesource signing key ansible.builtin.shell: @@ -79,15 +78,7 @@ system: yes state: present become: yes - -- name: Give thelounge access to port 113 via authbind - file: - path: /etc/authbind/byport/113 - owner: thelounge - group: thelounge - mode: 0500 - state: touch - + - name: Ensure JS and JSON syntax checking packages are installed yarn: name: "{{ item }}" @@ -118,7 +109,7 @@ - name: Ensure user configuration directory is present file: - path: /etc/thelounge/users + path: /var/local/thelounge/users owner: thelounge group: thelounge state: directory @@ -126,7 +117,7 @@ - name: Ensure preview storage directory is present file: - path: /etc/thelounge/storage + path: /var/local/thelounge/storage owner: thelounge group: thelounge mode: "0770" diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2 index 0ad4de5..c606576 100644 --- a/roles/chat/templates/config.js.j2 +++ b/roles/chat/templates/config.js.j2 @@ -42,8 +42,7 @@ module.exports = { }, }, identd: { - enable: true, - port: 113, + enable: false, }, ldap: { enable: true, diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service index 9170235..3fc7396 100644 --- a/roles/chat/templates/thelounge.service +++ b/roles/chat/templates/thelounge.service @@ -7,8 +7,8 @@ Wants=network-online.target User=thelounge Group=thelounge Type=simple -Environment=THELOUNGE_HOME=/etc/thelounge -ExecStart=/usr/bin/authbind --deep /usr/local/bin/thelounge start +Environment=THELOUNGE_HOME=/var/local/thelounge +ExecStart=/usr/local/bin/thelounge start ProtectSystem=yes ProtectHome=yes PrivateTmp=yes From 6cff97e2bb594a700fca200349464c3978696990 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 19 Apr 2025 15:39:02 +0200 Subject: [PATCH 4/6] Add CI for ansible-lint --- .config/ansible-lint.yml | 8 ++++++++ .forgejo/workflows/test.yaml | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 .config/ansible-lint.yml create mode 100644 .forgejo/workflows/test.yaml diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml new file mode 100644 index 0000000..658acbd --- /dev/null +++ b/.config/ansible-lint.yml @@ -0,0 +1,8 @@ +--- +skip_list: + - fqcn[action-core] + - name[casing] + - name[missing] + +exclude_paths: + - .forgejo diff --git a/.forgejo/workflows/test.yaml b/.forgejo/workflows/test.yaml new file mode 100644 index 0000000..52f8c18 --- /dev/null +++ b/.forgejo/workflows/test.yaml @@ -0,0 +1,19 @@ +name: Test + +on: + push: + branches: + - main + +jobs: + + build: + runs-on: docker + container: + image: alpine:latest + + steps: + - run: apk add nodejs ansible ansible-lint + - uses: actions/checkout@v4 + + - run: ansible-lint From b74a9859b2dca47f23d08e5e90e24fe376aecb2e Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 26 Apr 2025 18:18:53 +0200 Subject: [PATCH 5/6] Update git_ci role from polyfloyd's infra --- bitlair.yaml | 2 +- git-ci.yaml | 2 +- roles/git-ci/defaults/main.yaml | 2 - roles/git-ci/tasks/main.yaml | 50 ----------- roles/git_ci/defaults/main.yaml | 2 + roles/{git-ci => git_ci}/handlers/main.yaml | 2 +- roles/git_ci/tasks/main.yaml | 83 +++++++++++++++++++ .../templates/forgejo-runner.service | 2 +- 8 files changed, 89 insertions(+), 56 deletions(-) delete mode 100644 roles/git-ci/defaults/main.yaml delete mode 100644 roles/git-ci/tasks/main.yaml create mode 100644 roles/git_ci/defaults/main.yaml rename roles/{git-ci => git_ci}/handlers/main.yaml (85%) create mode 100644 roles/git_ci/tasks/main.yaml rename roles/{git-ci => git_ci}/templates/forgejo-runner.service (84%) diff --git a/bitlair.yaml b/bitlair.yaml index 48db717..4016241 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -26,7 +26,7 @@ - hosts: git-ci roles: - - { role: "git-ci", tags: ["git-ci"] } + - { role: "git_ci", tags: ["git_ci"] } - hosts: git roles: diff --git a/git-ci.yaml b/git-ci.yaml index 711dac4..4a53a08 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -3,4 +3,4 @@ - hosts: git-ci roles: - { role: "common", tags: [ "common" ] } - - { role: "git-ci", tags: [ "git-ci" ] } + - { role: "git_ci", tags: [ "git_ci" ] } diff --git a/roles/git-ci/defaults/main.yaml b/roles/git-ci/defaults/main.yaml deleted file mode 100644 index 2e805ee..0000000 --- a/roles/git-ci/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -runner_wd: /var/lib/forgejo-runner -runner_version: 6.3.0 diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml deleted file mode 100644 index d677a61..0000000 --- a/roles/git-ci/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -- name: Install dependencies - ansible.builtin.apt: - name: docker.io - -- name: Download forgejo-runner - ansible.builtin.get_url: - url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" - dest: /usr/local/bin/forgejo-runner - mode: 0755 - notify: restart forgejo-runner - -- name: Create runner dir - ansible.builtin.file: - state: directory - path: "{{ runner_wd }}" - owner: root - group: root - mode: 0755 - -- name: Register runner - ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" - args: - chdir: "{{ runner_wd }}" - creates: "{{ runner_wd }}/.runner" - -- name: Install service file - ansible.builtin.template: - src: forgejo-runner.service - dest: /etc/systemd/system/forgejo-runner.service - owner: root - group: root - mode: 0644 - notify: restart forgejo-runner - -- name: Enable service - ansible.builtin.systemd: - name: forgejo-runner - enabled: true - daemon_reload: true - -- name: Start service - ansible.builtin.systemd: - name: forgejo-runner - state: started - daemon_reload: true - -- name: Flush handlers - ansible.builtin.meta: flush_handlers diff --git a/roles/git_ci/defaults/main.yaml b/roles/git_ci/defaults/main.yaml new file mode 100644 index 0000000..2c54fd9 --- /dev/null +++ b/roles/git_ci/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +git_ci_runner_wd: /var/lib/forgejo-runner diff --git a/roles/git-ci/handlers/main.yaml b/roles/git_ci/handlers/main.yaml similarity index 85% rename from roles/git-ci/handlers/main.yaml rename to roles/git_ci/handlers/main.yaml index 361ba38..05f3913 100644 --- a/roles/git-ci/handlers/main.yaml +++ b/roles/git_ci/handlers/main.yaml @@ -3,6 +3,6 @@ file: ../../common/handlers/main.yaml - name: restart forgejo-runner - ansible.builtin.systemd: + systemd: name: forgejo-runner state: restarted diff --git a/roles/git_ci/tasks/main.yaml b/roles/git_ci/tasks/main.yaml new file mode 100644 index 0000000..c2c4002 --- /dev/null +++ b/roles/git_ci/tasks/main.yaml @@ -0,0 +1,83 @@ +--- +- tags: git_ci + block: + - name: Install dependencies + apt: + name: docker.io + + - name: Query latest forgejo-runner version + uri: + url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags + return_content: true + register: response + changed_when: false + check_mode: false + failed_when: "response is failed or 'json' not in response" + + - name: Format forgejo-runner latest version + set_fact: + forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}" + + - name: Detect installed forgejo-runner version + shell: + cmd: | + set -o pipefail + forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none + executable: /bin/bash + register: forgejo_runner_installed_version_shell + changed_when: false + check_mode: false + + - name: Format installed forgejo-runner version + set_fact: + forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}" + + - debug: + msg: + - "Forgejo Runner latest version: {{ forgejo_runner_version }}" + - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}" + + - name: Download forgejo-runner + get_url: + url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64" + dest: /usr/local/bin/forgejo-runner + mode: "0755" + notify: restart forgejo-runner + when: forgejo_runner_installed_version != forgejo_runner_version + + - name: Create runner dir + file: + state: directory + path: "{{ git_ci_runner_wd }}" + owner: root + group: root + mode: "0755" + + - name: Register runner + command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" + args: + chdir: "{{ git_ci_runner_wd }}" + creates: "{{ git_ci_runner_wd }}/.runner" + + - name: Install service file + template: + src: forgejo-runner.service + dest: /etc/systemd/system/forgejo-runner.service + owner: root + group: root + mode: "0644" + notify: restart forgejo-runner + + - name: Enable service + systemd: + name: forgejo-runner + enabled: true + daemon_reload: true + + - name: Start service + systemd: + name: forgejo-runner + state: started + daemon_reload: true + + - meta: flush_handlers diff --git a/roles/git-ci/templates/forgejo-runner.service b/roles/git_ci/templates/forgejo-runner.service similarity index 84% rename from roles/git-ci/templates/forgejo-runner.service rename to roles/git_ci/templates/forgejo-runner.service index c9550d2..9cd5b5b 100644 --- a/roles/git-ci/templates/forgejo-runner.service +++ b/roles/git_ci/templates/forgejo-runner.service @@ -6,7 +6,7 @@ After=network.target [Service] ExecStart=/usr/local/bin/forgejo-runner daemon -WorkingDirectory={{ runner_wd }} +WorkingDirectory={{ git_ci_runner_wd }} Restart=on-failure RestartSec=10s From bb5f845c1bcd2be123cb9f58328bf4526172e82e Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Sat, 26 Apr 2025 18:23:08 +0200 Subject: [PATCH 6/6] Add new CI runner --- inventory | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/inventory b/inventory index c380b07..86d1bea 100644 --- a/inventory +++ b/inventory @@ -17,7 +17,8 @@ blockchain.bitlair.nl git.bitlair.nl [git-ci] -git-ci.bitlair.nl +git-ci01.bitlair.nl +git-ci02.bitlair.nl [pad] pad.bitlair.nl