services/discord_bot: New bottle-clip implementation

bitlair.yaml

@@ -58,6 +58,7 @@
 
 - hosts: services
   roles:
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: ["services"] }
 
 - hosts: wiki

group_vars/all.yaml

@@ -37,5 +37,7 @@ debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 
 deb_forgejo_repos:
+  - host: git.bitlair.nl
+    owner: bitlair
   - host: git.polyfloyd.net
     owner: polyfloyd

ldapclient.yaml

@@ -1,7 +0,0 @@
----
-
-- hosts: shell-jessie:shell-stretch:shell-sid:mediaserver:grafiekjes
-  become: no
-  user: root
-  roles:
-    - ldapclient

ldapclient/files/lets-encrypt-x1.pem

@@ -1 +0,0 @@
-../../../certs/lets-encrypt-x1.pem

ldapclient/files/lets-encrypt-x3-cross-signed.pem

@@ -1 +0,0 @@
-../../../certs/lets-encrypt-x3-cross-signed.pem

ldapclient/files/sub.class1.server.sha2.ca.pem

@@ -1 +0,0 @@
-../../../certs/sub.class1.server.sha2.ca.pem

ldapclient/handlers/main.yaml

@@ -1,7 +0,0 @@
----
-
-- name: reload nslcd
-  service: name=nslcd state=restarted enabled=true
-  tags:
-    - ldapclient
-    - nslcd

ldapclient/tasks/main.yaml

@@ -1,129 +0,0 @@
-# LDAP Client role for Revspace LDAP
-# Tested on: Debian Stable
-
----
-
-- name: Install LDAP client software
-  apt:
-    state: present
-    pkg:
-      - libpam-ldapd
-      - python3-ldap3
-  when: ansible_os_family == 'Debian'
-  tags:
-    - ldapclient
-    - apt
-
-- name: Enable pam_mkhomedir module
-  lineinfile:
-    dest: /etc/pam.d/common-account
-    line: "session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022"
-    regexp: "pam_mkhomedir.so"
-    insertafter: EOF
-  tags:
-    - ldapclient
-    - mkhomedir
-
-- name: Create login.group.allowed file
-  lineinfile:
-    dest: /etc/login.group.allowed
-    line: "board"
-    regexp: "^board$"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-    create: true
-  with_items:
-    - "{{ login_groups | default('board') }}"
-  tags:
-    - ldapclient
-    - logingroups
-  when:
-    - logingroups is defined
-
-- name: Limit access to listed groups
-  lineinfile:
-    dest: /etc/pam.d/common-auth
-    line: 'auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/login.group.allowed'
-    insertbefore: EOF
-    owner: "root"
-    group: "root"
-    mode: "0644"
-    regexp: "pam_listfile.*login.group.allowed"
-  tags:
-    - ldapclient
-    - logingroups
-  when:
-    - logingroups is defined
-  notify:
-    - reload nslcd
-
-- name: Copy CA certificate
-  copy:
-    src: "{{ ldap_cafile }}"
-    dest: "/etc/ldap/{{ ldap_cafile }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-
-- name: Template ldap.conf
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/ldap/{{ item }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  with_items:
-    - ldap.conf
-  notify:
-    - reload nslcd
-
-- name: Template nslcd.conf
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  with_items:
-    - nslcd.conf
-  notify:
-    - reload nslcd
-
-- name: Update /etc/nsswitch.conf
-  lineinfile:
-    dest: /etc/nsswitch.conf
-    line: "{{ item }}:	compat ldap systemd"
-    regexp: "^{{ item }}"
-  with_items:
-    - passwd
-    - group
-    - shadow
-
-- name: Template nslcd.conf
-  template:
-    src: ssh-getkey-ldap.j2
-    dest: /usr/sbin/ssh-getkey-ldap
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  with_items:
-    - ssh-getkey-ldap
-  tags:
-    - ssh-getkey-ldap
-
-- name: Update /etc/nsswitch.conf
-  lineinfile:
-    dest: /etc/nsswitch.conf
-    line: 'sudoers: ldap'
-    regexp: '^sudoers'
-    insertbefore: EOF"
-
-- name: Disable nscd service
-  service:
-    name: nscd
-    state: stopped
-    enabled: false
-  tags:
-    - ldapclient
-    - nscd

ldapclient/templates/ldap.conf.j2

@@ -1,28 +0,0 @@
-# {{ ansible_managed }}
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-BASE    {{ldap_base}}
-URI     {{ldap_uri}}
-
-#SIZELIMIT  12
-#TIMELIMIT  15
-#DEREF      never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT /etc/ldap/{{ldap_cafile}}
-#TLS_CIPHER_SUITE {{ldap_cipher_suite}}
-TLS_PROTOCOL_MIN 3.3
-TLS_REQCERT demand
-TLS_CRLCHECK none
-
-# Sudo settings
-SUDOERS_BASE ou=SUDOers,{{ldap_base}}
-#SUDOERS_SEARCH_FILTER objectClass=sudoRole
-SUDOERS_TIMED yes
-#SUDOERS_DEBUG 1
-

ldapclient/templates/nslcd.conf.j2

@@ -1,35 +0,0 @@
-# {{ ansible_managed }}
-# /etc/nslcd.conf
-# nslcd configuration file. See nslcd.conf(5)
-# for details.
-
-# The user and group nslcd should run as.
-uid nslcd
-gid nslcd
-
-# The location at which the LDAP server(s) should be reachable.
-#uri ldap://ldap.space.revspace.nl/
-uri {{ldap_uri}}
-
-# The search base that will be used for all queries.
-base {{ldap_base}}
-
-# The LDAP protocol version to use.
-#ldap_version 3
-
-# The DN to bind with for normal lookups.
-#binddn cn=annonymous,dc=example,dc=net
-#bindpw secret
-
-# The DN used for password modifications by root.
-#rootpwmoddn cn=admin,dc=example,dc=com
-
-# SSL options
-ssl on
-tls_reqcert demand
-tls_cacertfile /etc/ssl/certs/ca-certificates.crt
-#tls_ciphers {{ldap_cipher_suite}}
-
-# The search scope.
-#scope sub
-

ldapclient/templates/ssh-getkey-ldap.j2

@@ -1,33 +0,0 @@
-#!/usr/bin/python3
-# {{ansible_managed}}
-
-from ldap3 import Server, Connection, NONE, SUBTREE
-import sys
-
-try:
-    uid=str(sys.argv[1])
-except:
-    print("No user specified")
-    exit(1)
-
-if ( uid == "root" ):
-    exit(0)
-
-s = Server('{{ ldap_uri }}', get_info=NONE)
-c = Connection(s)
-if not c.bind():
-    print('error in bind', c.result)
-    exit(1)
-
-c.search(search_base = 'ou=People,{{ ldap_base }}',
-        search_filter = '(uid=' + uid + ')',
-        search_scope = SUBTREE,
-        attributes = ['sshPublicKey'],
-        time_limit = 2,
-        paged_size = 5)
-
-keys = c.response[0]['raw_attributes']['sshPublicKey']
-
-for x in range(len(keys)):
-    print( keys[x].decode('ascii') )
-

ldapclient/vars/main.yaml

@@ -1,7 +0,0 @@
----
-
-ldap_base:      dc=space,dc=revspace,dc=nl
-ldap_server:    ldap.space.revspace.nl
-ldap_uri:       ldaps://{{ ldap_server }}:636
-ldap_cafile:    lets-encrypt-x1.pem
-ldap_cipher_suite:  "SECURE256:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC"

roles/bank/defaults/main.yaml

@@ -1,3 +1,3 @@
 bank_user: bank
-bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git
 bank_local_tty: no
+bank_revbank_version: "10.3.0"

roles/bank/tasks/login.yaml

@@ -4,7 +4,7 @@
     name: bank
     password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
     home: /home/{{ bank_user }}
-    shell: /home/{{ bank_user }}/revbank.git/revbank
+    shell: /usr/local/share/revbank/revbank
     update_password: always
 
 - name: Allow password auth for bank user
@@ -13,7 +13,7 @@
     insertafter: EOF
     validate: "/usr/sbin/sshd -t -f %s"
     block: |-
-      Match User bank
+      Match User {{ bank_user }}
           PasswordAuthentication yes
   notify: reload sshd
 

roles/bank/tasks/revbank.yaml

@@ -1,50 +1,22 @@
 ---
 - name: Install dependencies
   ansible.builtin.apt:
-    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
+    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ]
     state: present
 
 - name: Clone revbank source
   ansible.builtin.git:
-    repo: "{{ bank_revbank_git }}"
+    repo: https://github.com/revspace/revbank.git
-    version: master
+    version: "v{{ bank_revbank_version }}"
-    dest: /home/{{ bank_user }}/revbank.git
+    dest: /usr/local/share/revbank
     accept_hostkey: yes
 
-- name: Create data files
+- name: Clone revbank-plugin source
-  ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
+  ansible.builtin.git:
-  args:
+    repo: https://git.bitlair.nl/bitlair/revbank-plugins.git
-    creates: /home/{{ bank_user }}/{{ item }}
+    version: main
-  with_items:
+    dest: /usr/local/share/revbank-plugins
-    - revbank.accounts
+    accept_hostkey: yes
-    - revbank.market
-    - revbank.products
-
-- name: Ensure data file permissions
-  ansible.builtin.file:
-    path: /home/{{ bank_user }}/{{ item }}
-    state: touch
-    owner: "{{ bank_user }}"
-    group: "{{ bank_user }}"
-    mode: 0644
-  with_items:
-    - revbank.accounts
-    - revbank.market
-    - revbank.products
-
-- name: Link plugins
-  ansible.builtin.file:
-    state: link
-    path: /home/{{ bank_user }}/{{ item }}
-    src: /home/{{ bank_user }}/revbank.git/{{ item }}
-  with_items:
-    - plugins
-    - revbank.plugins
-
-- name: Create git data dir
-  ansible.builtin.file:
-    path: /home/{{ bank_user }}/data.git
-    state: directory
 
 - name: Install git cronjob
   ansible.builtin.template:

roles/bank/templates/git.cron

@@ -1,4 +1,4 @@
 SHELL=/bin/bash
 
 #m    h  dom mon dow user             command
- */10 *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)
+ */10 *  *   *   *   {{ bank_user }}  git -C ~/.revbank pull -r && git -C ~/.revbank push

roles/ldapclient/files/lets-encrypt-x1.pem

@@ -1 +0,0 @@
-../../../certs/lets-encrypt-x1.pem

roles/ldapclient/files/lets-encrypt-x3-cross-signed.pem

@@ -1 +0,0 @@
-../../../certs/lets-encrypt-x3-cross-signed.pem

roles/ldapclient/files/sub.class1.server.sha2.ca.pem

@@ -1 +0,0 @@
-../../../certs/sub.class1.server.sha2.ca.pem

roles/ldapclient/handlers/main.yaml

@@ -1,7 +0,0 @@
----
-
-- name: reload nslcd
-  service: name=nslcd state=restarted enabled=true
-  tags:
-    - ldapclient
-    - nslcd

roles/ldapclient/tasks/main.yaml

@@ -1,129 +0,0 @@
-# LDAP Client role for Revspace LDAP
-# Tested on: Debian Stable
-
----
-
-- name: Install LDAP client software
-  apt:
-    state: present
-    pkg:
-      - libpam-ldapd
-      - python3-ldap3
-  when: ansible_os_family == 'Debian'
-  tags:
-    - ldapclient
-    - apt
-
-- name: Enable pam_mkhomedir module
-  lineinfile:
-    dest: /etc/pam.d/common-account
-    line: "session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022"
-    regexp: "pam_mkhomedir.so"
-    insertafter: EOF
-  tags:
-    - ldapclient
-    - mkhomedir
-
-- name: Create login.group.allowed file
-  lineinfile:
-    dest: /etc/login.group.allowed
-    line: "board"
-    regexp: "^board$"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-    create: true
-  with_items:
-    - "{{ login_groups | default('board') }}"
-  tags:
-    - ldapclient
-    - logingroups
-  when:
-    - logingroups is defined
-
-- name: Limit access to listed groups
-  lineinfile:
-    dest: /etc/pam.d/common-auth
-    line: 'auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/login.group.allowed'
-    insertbefore: EOF
-    owner: "root"
-    group: "root"
-    mode: "0644"
-    regexp: "pam_listfile.*login.group.allowed"
-  tags:
-    - ldapclient
-    - logingroups
-  when:
-    - logingroups is defined
-  notify:
-    - reload nslcd
-
-- name: Copy CA certificate
-  copy:
-    src: "{{ ldap_cafile }}"
-    dest: "/etc/ldap/{{ ldap_cafile }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-
-- name: Template ldap.conf
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/ldap/{{ item }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  with_items:
-    - ldap.conf
-  notify:
-    - reload nslcd
-
-- name: Template nslcd.conf
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/{{ item }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  with_items:
-    - nslcd.conf
-  notify:
-    - reload nslcd
-
-- name: Update /etc/nsswitch.conf
-  lineinfile:
-    dest: /etc/nsswitch.conf
-    line: "{{ item }}:	compat ldap systemd"
-    regexp: "^{{ item }}"
-  with_items:
-    - passwd
-    - group
-    - shadow
-
-- name: Template nslcd.conf
-  template:
-    src: ssh-getkey-ldap.j2
-    dest: /usr/sbin/ssh-getkey-ldap
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  with_items:
-    - ssh-getkey-ldap
-  tags:
-    - ssh-getkey-ldap
-
-- name: Update /etc/nsswitch.conf
-  lineinfile:
-    dest: /etc/nsswitch.conf
-    line: 'sudoers: ldap'
-    regexp: '^sudoers'
-    insertbefore: EOF"
-
-- name: Disable nscd service
-  service:
-    name: nscd
-    state: stopped
-    enabled: false
-  tags:
-    - ldapclient
-    - nscd

roles/ldapclient/templates/ldap.conf.j2

@@ -1,28 +0,0 @@
-# {{ ansible_managed }}
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-BASE    {{ldap_base}}
-URI     {{ldap_uri}}
-
-#SIZELIMIT  12
-#TIMELIMIT  15
-#DEREF      never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT /etc/ldap/{{ldap_cafile}}
-#TLS_CIPHER_SUITE {{ldap_cipher_suite}}
-TLS_PROTOCOL_MIN 3.3
-TLS_REQCERT demand
-TLS_CRLCHECK none
-
-# Sudo settings
-SUDOERS_BASE ou=SUDOers,{{ldap_base}}
-#SUDOERS_SEARCH_FILTER objectClass=sudoRole
-SUDOERS_TIMED yes
-#SUDOERS_DEBUG 1
-

roles/ldapclient/templates/nslcd.conf.j2

@@ -1,35 +0,0 @@
-# {{ ansible_managed }}
-# /etc/nslcd.conf
-# nslcd configuration file. See nslcd.conf(5)
-# for details.
-
-# The user and group nslcd should run as.
-uid nslcd
-gid nslcd
-
-# The location at which the LDAP server(s) should be reachable.
-#uri ldap://ldap.space.revspace.nl/
-uri {{ldap_uri}}
-
-# The search base that will be used for all queries.
-base {{ldap_base}}
-
-# The LDAP protocol version to use.
-#ldap_version 3
-
-# The DN to bind with for normal lookups.
-#binddn cn=annonymous,dc=example,dc=net
-#bindpw secret
-
-# The DN used for password modifications by root.
-#rootpwmoddn cn=admin,dc=example,dc=com
-
-# SSL options
-ssl on
-tls_reqcert demand
-tls_cacertfile /etc/ssl/certs/ca-certificates.crt
-#tls_ciphers {{ldap_cipher_suite}}
-
-# The search scope.
-#scope sub
-

roles/ldapclient/templates/ssh-getkey-ldap.j2

@@ -1,33 +0,0 @@
-#!/usr/bin/python3
-# {{ansible_managed}}
-
-from ldap3 import Server, Connection, NONE, SUBTREE
-import sys
-
-try:
-    uid=str(sys.argv[1])
-except:
-    print("No user specified")
-    exit(1)
-
-if ( uid == "root" ):
-    exit(0)
-
-s = Server('{{ ldap_uri }}', get_info=NONE)
-c = Connection(s)
-if not c.bind():
-    print('error in bind', c.result)
-    exit(1)
-
-c.search(search_base = 'ou=People,{{ ldap_base }}',
-        search_filter = '(uid=' + uid + ')',
-        search_scope = SUBTREE,
-        attributes = ['sshPublicKey'],
-        time_limit = 2,
-        paged_size = 5)
-
-keys = c.response[0]['raw_attributes']['sshPublicKey']
-
-for x in range(len(keys)):
-    print( keys[x].decode('ascii') )
-

roles/ldapclient/vars/main.yaml

@@ -1,7 +0,0 @@
----
-
-ldap_base:      dc=space,dc=revspace,dc=nl
-ldap_server:    ldap.space.revspace.nl
-ldap_uri:       ldaps://{{ ldap_server }}:636
-ldap_cafile:    lets-encrypt-x1.pem
-ldap_cipher_suite:  "SECURE256:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC"

roles/ldapserver/files/cn={4}revspace.ldif

@@ -1,49 +0,0 @@
-# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-dn: cn={4}revspace
-objectClass: olcSchemaConfig
-cn: {4}revspace
-olcObjectIdentifier: {0}revspaceOID 1.3.6.1.4.1.36206
-olcObjectIdentifier: {1}revspaceLDAP revspaceOID:1
-olcObjectIdentifier: {2}revspaceAttributeType revspaceLDAP:16
-olcObjectIdentifier: {3}revspaceObjectClass revspaceLDAP:17
-olcAttributeTypes: {0}( revspaceAttributeType:1 NAME 'accountBalance' DESC '
- RevSpace bank account balance in eurocent' EQUALITY integerMatch SYNTAX 1.3
- .6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-olcAttributeTypes: {1}( revspaceAttributeType:2 NAME 'iButtonSerial' DESC 'i
- Button serial' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SU
- BSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-olcAttributeTypes: {2}( revspaceAttributeType:7 NAME 'tweetEntry' DESC 'Twee
- t entry' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-olcAttributeTypes: {3}( revspaceAttributeType:8 NAME 'chanmsgEntry' DESC 'An
- nounce entry on irc channel' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.
- 115.121.1.7 )
-olcAttributeTypes: {4}( revspaceAttributeType:9 NAME 'statusEntry' DESC 'Ann
- ounce entry in JSON status' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.1
- 15.121.1.7 )
-olcAttributeTypes: {5}( revspaceAttributeType:3 NAME 'articleName' DESC 'Rev
- Space stock management item name' EQUALITY caseIgnoreMatch ORDERING caseIgn
- oreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1
- 15.121.1.15 )
-olcAttributeTypes: {6}( revspaceAttributeType:6 NAME 'barCode' DESC 'RevSpac
- e stock management item barcode' EQUALITY caseIgnoreMatch ORDERING caseIgno
- reOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
- 5.121.1.15 )
-olcAttributeTypes: {7}( revspaceAttributeType:4 NAME 'stock' DESC 'Amount of
-  items in stock' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-  SINGLE-VALUE )
-olcAttributeTypes: {8}( revspaceAttributeType:5 NAME 'price' DESC 'Price per
-  item in eurocent' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
- 27 SINGLE-VALUE )
-olcObjectClasses: {0}( revspaceObjectClass:1 NAME 'revspaceAccount' DESC 'mi
- xin RevSpace account details' AUXILIARY MAY ( accountBalance $ iButtonSeria
- l $ tweetEntry $ chanmsgEntry $ statusEntry ) )
-olcObjectClasses: {1}( revspaceObjectClass:2 NAME 'revspaceProduct' DESC 'mi
- xin RevSpace product details' STRUCTURAL MUST ( articleName $ price ) MAY (
-  stock $ barCode ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: 2d92bbae-fbff-1034-865e-79a954a03d07
-creatorsName: cn=config
-createTimestamp: 20150930204006Z
-entryCSN: 20150930204006.374158Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20150930204006Z

roles/ldapserver/files/cn={5}sudoers.ldif

@@ -1,48 +0,0 @@
-# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-dn: cn={5}sudoers
-objectClass: olcSchemaConfig
-cn: {5}sudoers
-olcAttributeTypes: {0}( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s
- ) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substrin
- gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: {1}( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s
- ) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5Substring
- sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-olcAttributeTypes: {2}( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Com
- mand(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4
- .1.1466.115.121.1.26 )
-olcAttributeTypes: {3}( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(
- s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466
- .115.121.1.26 )
-olcAttributeTypes: {4}( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Opti
- ons(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466
- .115.121.1.26 )
-olcAttributeTypes: {5}( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'U
- ser(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.
- 1466.115.121.1.26 )
-olcAttributeTypes: {6}( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC '
- Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.
- 1.1466.115.121.1.26 )
-olcAttributeTypes: {7}( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'S
- tart of time interval for which the entry is valid' EQUALITY generalizedTim
- eMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12
- 1.1.24 )
-olcAttributeTypes: {8}( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'En
- d of time interval for which the entry is valid' EQUALITY generalizedTimeMa
- tch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
- .24 )
-olcAttributeTypes: {9}( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an i
- nteger to order the sudoRole entries' EQUALITY integerMatch ORDERING intege
- rOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-olcObjectClasses: {0}( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer
- Entries' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand
-  $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore
- $ sudoNotAfter $ sudoOrder $ description ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: 3a967b84-0248-1035-954b-037a0fbd2d2a
-creatorsName: cn=config
-createTimestamp: 20151008203808Z
-entryCSN: 20151008203808.446725Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20151008203808Z
-

roles/ldapserver/files/revspace.schema

@@ -1,94 +0,0 @@
-#
-# Author: "Koen Martens" <gmc@revspace.nl>
-# Desc. : RevSpaceBank account balance field definition and 
-#         mixin objectClass for RevSpace ldap directory
-#	  RevSpace stock management object class and attributes
-
-# to be replaced with assigned PEN
-objectIdentifier revspaceOID            1.3.6.1.4.1.36206
-
-# some further derived short-hands
-objectIdentifier revspaceLDAP           revspaceOID:1
-objectIdentifier revspaceAttributeType  revspaceLDAP:16
-objectIdentifier revspaceObjectClass    revspaceLDAP:17
-
-# the account balance, in eurocent
-#attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
-#	EQUALITY integerMatch
-#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributeType ( revspaceAttributeType:1 NAME 'accountBalance'
-        DESC 'RevSpace bank account balance in eurocent'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-        EQUALITY integerMatch
-        SINGLE-VALUE )
-
-attributeType ( revspaceAttributeType:2 NAME 'iButtonSerial'
-	DESC 'iButton serial'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	ORDERING caseIgnoreOrderingMatch )
-
-attributeType ( revspaceAttributeType:7 NAME 'tweetEntry'
-	DESC 'Tweet entry'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	EQUALITY booleanMatch )
-
-attributeType ( revspaceAttributeType:8 NAME 'chanmsgEntry'
-	DESC 'Announce entry on irc channel'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	EQUALITY booleanMatch )
-
-attributeType ( revspaceAttributeType:9 NAME 'statusEntry'
-	DESC 'Announce entry in JSON status'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	EQUALITY booleanMatch )
-
-#attributeType ( revspaceAttributeType:2 NAME 'iButtonSerial'
-#        DESC 'iButton serial'
-#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.16
-#        EQUALITY caseIgnoreMatch
-#        SUBSTR caseIgnoreSubstringsMatch
-#        ORDERING caseIgnoreOrderingMatch )
-
-objectclass ( revspaceObjectClass:1 NAME 'revspaceAccount'
-        DESC 'mixin RevSpace account details'
-        AUXILIARY
-        MAY ( accountBalance $ iButtonSerial $ tweetEntry $ chanmsgEntry $ statusEntry ) )
-
-# RevSpace stock management (bar items)
-#
-
-attributeType ( revspaceAttributeType:3 NAME 'articleName'
-	DESC 'RevSpace stock management item name'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	ORDERING caseIgnoreOrderingMatch )
-
-attributeType ( revspaceAttributeType:6 NAME 'barCode'
-	DESC 'RevSpace stock management item barcode'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	ORDERING caseIgnoreOrderingMatch )
-
-attributeType ( revspaceAttributeType:4 NAME 'stock'
-        DESC 'Amount of items in stock'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-        EQUALITY integerMatch
-        SINGLE-VALUE )
-
-attributeType ( revspaceAttributeType:5 NAME 'price'
-        DESC 'Price per item in eurocent'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-        EQUALITY integerMatch
-        SINGLE-VALUE )
-
-objectclass ( revspaceObjectClass:2 NAME 'revspaceProduct'
-        DESC 'mixin RevSpace product details'
-        STRUCTURAL
- 	MUST ( articleName $ price )
-        MAY ( stock $ barCode ) )
-

roles/ldapserver/files/ssl/cacert.pem

@@ -1 +0,0 @@
-../../../../certs/lets-encrypt-x1.pem

roles/ldapserver/files/ssl/server-cert.pem

@@ -1 +0,0 @@
-../../../../certs/ldap/ldap.space.revspace.nl.cert

roles/ldapserver/files/ssl/server-key.pem

@@ -1 +0,0 @@
-../../../../certs/ldap/space.revspace.nl.key

roles/ldapserver/files/sudoers.ldif

@@ -1,77 +0,0 @@
-dn: cn=sudoers,cn=schema,cn=config
-objectClass: olcSchemaConfig
-cn: sudoers
-
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1
-   NAME 'sudoUser'
-   DESC 'User(s) who may  run sudo'
-   EQUALITY caseExactIA5Match
-   SUBSTR caseExactIA5SubstringsMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2
-   NAME 'sudoHost'
-   DESC 'Host(s) who may run sudo'
-   EQUALITY caseExactIA5Match
-   SUBSTR caseExactIA5SubstringsMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3
-   NAME 'sudoCommand'
-   DESC 'Command(s) to be executed by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4
-   NAME 'sudoRunAs'
-   DESC 'User(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5
-   NAME 'sudoOption'
-   DESC 'Options(s) followed by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6
-   NAME 'sudoRunAsUser'
-   DESC 'User(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7
-   NAME 'sudoRunAsGroup'
-   DESC 'Group(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.8
-   NAME 'sudoNotBefore'
-   DESC 'Start of time interval for which the entry is valid'
-   EQUALITY generalizedTimeMatch
-   ORDERING generalizedTimeOrderingMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.9
-   NAME 'sudoNotAfter'
-   DESC 'End of time interval for which the entry is valid'
-   EQUALITY generalizedTimeMatch
-   ORDERING generalizedTimeOrderingMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
- 
-olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.10
-    NAME 'sudoOrder'
-    DESC 'an integer to order the sudoRole entries'
-    EQUALITY integerMatch
-    ORDERING integerOrderingMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
- 
-olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
-   DESC 'Sudoer Entries'
-   MUST ( cn )
-   MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
-     sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $
-     sudoOrder $ description )
-   )
-

roles/ldapserver/files/sudoers.schema

@@ -1,73 +0,0 @@
-attributetype ( 1.3.6.1.4.1.15953.9.1.1
-   NAME 'sudoUser'
-   DESC 'User(s) who may  run sudo'
-   EQUALITY caseExactIA5Match
-   SUBSTR caseExactIA5SubstringsMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.2
-   NAME 'sudoHost'
-   DESC 'Host(s) who may run sudo'
-   EQUALITY caseExactIA5Match
-   SUBSTR caseExactIA5SubstringsMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.3
-   NAME 'sudoCommand'
-   DESC 'Command(s) to be executed by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.4
-   NAME 'sudoRunAs'
-   DESC 'User(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.5
-   NAME 'sudoOption'
-   DESC 'Options(s) followed by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.6
-   NAME 'sudoRunAsUser'
-   DESC 'User(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.7
-   NAME 'sudoRunAsGroup'
-   DESC 'Group(s) impersonated by sudo'
-   EQUALITY caseExactIA5Match
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.8
-   NAME 'sudoNotBefore'
-   DESC 'Start of time interval for which the entry is valid'
-   EQUALITY generalizedTimeMatch
-   ORDERING generalizedTimeOrderingMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
- 
-attributetype ( 1.3.6.1.4.1.15953.9.1.9
-   NAME 'sudoNotAfter'
-   DESC 'End of time interval for which the entry is valid'
-   EQUALITY generalizedTimeMatch
-   ORDERING generalizedTimeOrderingMatch
-   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
- 
-attributeTypes ( 1.3.6.1.4.1.15953.9.1.10
-    NAME 'sudoOrder'
-    DESC 'an integer to order the sudoRole entries'
-    EQUALITY integerMatch
-    ORDERING integerOrderingMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
- 
-objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
-   DESC 'Sudoer Entries'
-   MUST ( cn )
-   MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
-     sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $
-     sudoOrder $ description )
-   )
-

roles/ldapserver/handlers/main.yaml

@@ -1,4 +0,0 @@
----
-
-- name: Restart slapd
-  service: name=slapd state=restarted

roles/ldapserver/tasks/main.yaml

@@ -1,99 +0,0 @@
----
-
-- name: Configure debconf items for slapd
-  debconf:
-    name: slapd
-    question: "slapd/{{ item.q }}"
-    value: "{{ item.v }}"
-    vtype: "{{ item.t }}"
-  with_items:
-    - { q: 'domain', v: "{{ slapd_domain }}", t: 'string' }
-    - { q: 'backend', v: "MDB", t: 'select' }
-  notify:
-    - Restart slapd
-
-- name: Configure debconf items for slapd (passwords)
-  debconf:
-    name: slapd
-    question: "slapd/{{ item.q }}"
-    value: "{{ item.v }}"
-    vtype: "{{ item.t }}"
-  with_items:
-    - { q: 'password1', v: "{{ slapd_admin_pass }}", t: 'password' }
-    - { q: 'password2', v: "{{ slapd_admin_pass }}", t: 'password' }
-  changed_when: false
-  no_log: "{{ filter_logs|default('true') }}"
-
-- name: Install required software
-  apt:
-    pkg:
-      - slapd
-      - ldap-utils
-    state: present
-
-- name: Set ldap OLC password
-  lineinfile:
-    dest: "/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
-    line: "olcRootPW: {{ slapd_config_pass }}"
-    insertafter: "^modifyTimeStamp:"
-    regexp: "^olcRootPW"
-  notify:
-    - Restart slapd
-
-- name: Copy revspace schema and olcConfig
-  copy:
-    src: "{{ item.src }}"
-    dest: "/etc/ldap/{{ item.dst }}"
-    owner: "openldap"
-    group: "openldap"
-    mode: "0644"
-  with_items:
-    - { src: "revspace.schema", dst: "schema/revspace.schema" }
-    - { src: "sudoers.schema", dst: "schema/sudoers.schema" }
-    - { src: "cn={4}revspace.ldif", dst: "slapd.d/cn=config/cn=schema/cn={4}revspace.ldif" }
-    - { src: "cn={5}sudoers.ldif", dst: "slapd.d/cn=config/cn=schema/cn={5}sudoers.ldif" }
-  notify:
-    - Restart slapd
-
-#- name: Create directory for certificates
-#  file: path={{ slapd_certpath }} state=directory owner=openldap group=openldap mode=0700
-#
-#- name: Copy TLS files
-#  copy: src=ssl/{{ item }} dest={{ slapd_certpath }}/{{ item }} owner=openldap group=openldap mode=0400
-#  with_items:
-#    - cacert.pem
-#    - server-key.pem
-#    - server-cert.pem
-
-- name: Template olc edits
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/ldap/{{ item }}.ldif"
-    owner: "openldap"
-    group: "openldap"
-    mode: "0600"
-  with_items:
-    - olcAccess
-    - olcSSL
-  register: olcedits
-  notify:
-    - Restart slapd
-
-- name: Update olcConfig
-  command: "ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/{{ item }}.ldif"
-  with_items:
-    - olcAccess
-    - olcSSL
-  when: olcedits is changed
-  ignore_errors: true
-  changed_when: false
-  notify:
-    - Restart slapd
-
-- name: Enable SSL listener
-  lineinfile:
-    dest: "/etc/default/slapd"
-    line: "SLAPD_SERVICES=\"ldap:/// ldaps:/// ldapi:///\""
-    regexp: "^SLAPD_SERVICES"
-  notify:
-    - Restart slapd

roles/ldapserver/templates/olcAccess.j2

@@ -1,8 +0,0 @@
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-add: olcAccess
-olcAccess: {1}to attrs=loginShell,gecos
-  by dn="cn=admin,{{slapd_root}}" write
-  by self write
-  by * read
-

roles/ldapserver/templates/olcSSL.j2

@@ -1,15 +0,0 @@
-# {{ansible_managed }}
-dn: cn=config
-changetype: modify
-replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: {{slapd_certpath}}/fullchain.pem
--
-replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: {{slapd_certpath}}/privkey.pem
--
-replace: olcTLSCertificateFile
-olcTLSCertificateFile: {{slapd_certpath}}/cert.pem
--
-replace: olcTLSCipherSuite
-olcTLSCipherSuite: {{slapd_cipher_suite}}
-

roles/ldapserver/vars/.gitignore

@@ -1 +0,0 @@
-secret.yaml

roles/ldapserver/vars/main.yaml

@@ -1,9 +0,0 @@
----
-
-slapd_config_pass:  "{{ lookup('passwordstore', 'revspace/ldap/config') }}"
-slapd_admin_pass:   "{{ lookup('passwordstore', 'revspace/ldap/admin') }}"
-
-slapd_domain:       "space.revspace.nl"
-slapd_root:         "dc=space,dc=revspace,dc=nl"
-slapd_certpath:     "/etc/dehydrated/certs/ldap.space.revspace.nl/"
-slapd_cipher_suite: "SECURE256:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC"

roles/services/tasks/discord_bot.yaml

@@ -3,30 +3,36 @@
 - name: Install dependencies
   ansible.builtin.apt:
     name:
-      - python3-paho-mqtt
+      - openscad
-      - python3-tz
       - virtualenv
 
 - name: Create virtualenv
   ansible.builtin.command:
-    cmd: virtualenv /opt/miflora_exporter/.venv
+    cmd: virtualenv /var/lib/discord-bot/.venv
   args:
     creates: /var/lib/discord-bot/.venv
 
-- name: Install Python dependencies
+- name: Clone bottleclip source
-  ansible.builtin.shell:
+  ansible.builtin.git:
-    cmd: . .venv/bin/activate && pip install -r requirements.txt
+    repo: https://git.bitlair.nl/bitlair/bottle-clip.git
-  args:
+    version: main
-    chdir: /var/lib/discord-bot
+    dest: /var/lib/bottle-clip
+    accept_hostkey: yes
+  notify: Restart discord-bot
 
-- name: Clone source
+- name: Clone discord-bot source
   ansible.builtin.git:
     repo: https://git.bitlair.nl/bitlair/discord-bot.git
     version: main
     dest: /var/lib/discord-bot
     accept_hostkey: yes
   notify: Restart discord-bot
-  ignore_errors: true
+
+- name: Install Python dependencies
+  ansible.builtin.shell:
+    cmd: . .venv/bin/activate && pip install -r requirements.txt
+  args:
+    chdir: /var/lib/discord-bot
 
 - name: Install service file
   ansible.builtin.template:

roles/services/tasks/siahsd.yaml

@@ -1,16 +1,15 @@
 ---
-# TODO: Install and build
+- name: Install siahsd
+  apt:
+    name: siahsd
 
 - name: Create directories
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: /var/log/siahsd
     state: directory
     owner: siahsd
     group: nogroup
     mode: "0750"
-  with_items:
-    - /var/log/siahsd
-    - /var/lib/siahsd
 
 - name: Install config file
   ansible.builtin.template:
@@ -21,19 +20,9 @@
     mode: "0644"
   notify: Restart siahsd
 
-- name: Install service file
-  ansible.builtin.template:
-    src: siahsd.service
-    dest: /etc/systemd/system/siahsd.service
-    owner: root
-    group: root
-    mode: "0644"
-  notify: Restart siahsd
-
 - name: Start siahsd
   ansible.builtin.systemd:
     name: siahsd
     state: started
     enabled: true
     daemon_reload: true
-

roles/services/templates/discord-bot.service

@@ -1,4 +1,4 @@
-# Managed by Ansible
+# {{ ansible_managed }}
 
 [Unit]
 Description=HobbyBot
@@ -13,6 +13,7 @@ DynamicUser=true
 Environment="MQTT_HOST={{ mqtt_internal_host }}"
 Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}"
 Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}"
+Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
 
 [Install]
 WantedBy=multi-user.target

roles/services/templates/siahsd.conf

@@ -1,3 +1,5 @@
+# {{ ansible_managed }}
+
 [siahsd]
 pid file = /var/lib/siahsd/siahsd.pid
 log file = /var/log/siahsd/siahsd.log
@@ -5,13 +7,6 @@ log level = 3
 foreground = 0
 event handlers = script
 
-#[database]
-#driver = mysql
-#host = localhost
-#name = siahsd
-#username = siahsd
-#password = MysbJxAaawmwKPqD
-
 [siahs]
 port = 4000
 
@@ -19,21 +14,5 @@ port = 4000
 port = 9000
 rsa key file = something.sexp
 
-#[jsonbot]
-#address = 192.168.88.15
-#port = 5500
-#aes key = blablablablablaz
-#password = mekker
-#privmsg to = #bitlair
-
-#[spacestate]
-#driver = mysql
-#host = localhost
-#name = bitwifi
-#username = bitwifi
-#password = aGWERQpLEQPUaXJV
-#open script = /opt/alarm/disarmed.sh
-#close script = /opt/alarm/armed.sh
-
 [script]
 path = /opt/alarm/siahsd_handler.sh

roles/services/templates/siahsd.service

@@ -1,17 +0,0 @@
-# Managed by Ansible
-
-[Unit]
-Description=Siahsd
-After=network.target
-
-[Service]
-Type=forking
-PIDFile=/var/lib/siahsd/siahsd.pid
-Restart=always
-RestartSec=10s
-ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid
-ExecStart=/usr/local/src/siahsd/build/siahsd
-User=siahsd
-
-[Install]
-WantedBy=multi-user.target

services.yaml

@@ -3,4 +3,5 @@
 - hosts: services
   roles:
     - { role: "common", tags: [ "common" ] }
+    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: [ "services" ] }