From 8e5b9f6b30955d536612de12b28700aa1ffadd24 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 16 May 2025 17:35:47 +0200 Subject: [PATCH 1/2] music/trollibox: Run as a distinct user --- roles/music/defaults/main.yaml | 1 + roles/music/handlers/main.yaml | 2 +- roles/music/tasks/trollibox.yaml | 30 ++++++++++++++++--------- roles/music/templates/trollibox.service | 3 +-- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index 40cc34e..d08ae0b 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,6 +1,7 @@ music_audio_user: audio music_audio_group: audio music_librespot_user: librespot +music_trollibox_user: trollibox music_pulse_server: /tmp/pipewire-pulse-socket diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 19193d6..d4465ab 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -8,7 +8,7 @@ state: restarted daemon_reload: true -- name: Restart trollibox +- name: restart trollibox ansible.builtin.systemd: name: trollibox state: restarted diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 0b20b4a..34b3df2 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,4 +1,10 @@ --- +- name: Create trollibox user + user: + name: "{{ music_trollibox_user }}" + system: true + home: /var/lib/trollibox + - name: Install Trollibox config ansible.builtin.template: src: trollibox.yaml @@ -6,27 +12,29 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Get latest Trollibox version from Github API - ansible.builtin.get_url: + uri: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" - dest: "/tmp/_ansible_trollibox_latest_release.json" + return_content: true + register: response + changed_when: false + check_mode: false + failed_when: "response is failed or 'json' not in response" -- name: Get download url - ansible.builtin.shell: - cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name - | contains("linux-amd64")) | .browser_download_url -r - register: "trollibox_download_url" +- name: Format trollibox latest version + set_fact: + trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}" - name: Download Trollibox ansible.builtin.unarchive: - src: "{{ trollibox_download_url.stdout }}" + src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz" remote_src: yes dest: /usr/local/bin include: [ trollibox ] mode: "0755" - notify: Restart trollibox + notify: restart trollibox - name: Install service file ansible.builtin.template: @@ -35,7 +43,7 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Enable Trollibox ansible.builtin.systemd: diff --git a/roles/music/templates/trollibox.service b/roles/music/templates/trollibox.service index ddddd2f..66d581d 100644 --- a/roles/music/templates/trollibox.service +++ b/roles/music/templates/trollibox.service @@ -10,8 +10,7 @@ Type=simple Restart=always RestartSec=2s ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml -User={{ music_audio_user }} -Group={{ music_audio_user }} +User={{ music_trollibox_user }} [Install] WantedBy=multi-user.target From 82739c1ff071fb6a16df972024c70c082cb52224 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 16 May 2025 17:40:51 +0200 Subject: [PATCH 2/2] music: Remove go --- bitlair.yaml | 1 - music.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/bitlair.yaml b/bitlair.yaml index 950d555..f4ece91 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -47,7 +47,6 @@ - hosts: music roles: - { role: "acme", tags: ["acme"] } - - { role: "go", tags: ["go"] } - { role: "music", tags: ["music"] } - hosts: pad diff --git a/music.yaml b/music.yaml index 015c769..cc04425 100644 --- a/music.yaml +++ b/music.yaml @@ -5,6 +5,5 @@ - { role: "common", tags: [ "common" ] } - { role: "acme", tags: [ "acme" ] } - { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - - { role: "go", tags: [ "go" ] } - { role: "nginx", tags: [ "nginx" ] } - { role: "music", tags: [ "music" ] }