389-ldap

bitlair.yaml

@@ -47,6 +47,7 @@
 - hosts: music
   roles:
     - { role: "acme", tags: ["acme"] }
+    - { role: "go", tags: ["go"] }
     - { role: "music", tags: ["music"] }
 
 - hosts: pad
@@ -57,7 +58,6 @@
 
 - hosts: services
   roles:
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: ["services"] }
 
 - hosts: wiki

group_vars/all.yaml

@@ -37,7 +37,5 @@ debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 
 deb_forgejo_repos:
-  - host: git.bitlair.nl
-    owner: bitlair
   - host: git.polyfloyd.net
     owner: polyfloyd

group_vars/ldap.yaml

@@ -0,0 +1,4 @@
+---
+
+group_nft_input:
+  - "tcp dport { ldap, ldaps } accept # Allow LDAP traffic"

group_vars/music.yaml

@@ -11,10 +11,6 @@ root_access:
   - polyfloyd
 
 nginx_client_max_body_size: 512M
-nginx_sites:
-  - server_name: "music.bitlair.nl"
-    snippets:
-      - "music-nginx.j2"
 
 music_domain: music.bitlair.nl
 acme_san_domains:

music.yaml

@@ -5,5 +5,6 @@
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
     - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
-    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "go", tags: [ "go" ] }
+#    - { role: "nginx", tags: [ "nginx" ] }
     - { role: "music", tags: [ "music" ] }

roles/389-ldap/tasks/main.yaml

@@ -0,0 +1,9 @@
+---
+
+- name: Install packages
+  ansible.builtin.apt:
+    state: present
+    pkg:
+      - 389-ds-base
+      - shelldap
+

roles/bank/defaults/main.yaml

@@ -1,3 +1,3 @@
 bank_user: bank
+bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git
 bank_local_tty: no
-bank_revbank_version: "10.3.0"

roles/bank/tasks/login.yaml

@@ -4,7 +4,7 @@
     name: bank
     password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
     home: /home/{{ bank_user }}
-    shell: /usr/local/share/revbank/revbank
+    shell: /home/{{ bank_user }}/revbank.git/revbank
     update_password: always
 
 - name: Allow password auth for bank user
@@ -13,7 +13,7 @@
     insertafter: EOF
     validate: "/usr/sbin/sshd -t -f %s"
     block: |-
-      Match User {{ bank_user }}
+      Match User bank
           PasswordAuthentication yes
   notify: reload sshd
 

roles/bank/tasks/revbank.yaml

@@ -1,22 +1,50 @@
 ---
 - name: Install dependencies
   ansible.builtin.apt:
-    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ]
+    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
     state: present
 
 - name: Clone revbank source
   ansible.builtin.git:
-    repo: https://github.com/revspace/revbank.git
+    repo: "{{ bank_revbank_git }}"
-    version: "v{{ bank_revbank_version }}"
+    version: master
-    dest: /usr/local/share/revbank
+    dest: /home/{{ bank_user }}/revbank.git
     accept_hostkey: yes
 
-- name: Clone revbank-plugin source
+- name: Create data files
-  ansible.builtin.git:
+  ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
-    repo: https://git.bitlair.nl/bitlair/revbank-plugins.git
+  args:
-    version: main
+    creates: /home/{{ bank_user }}/{{ item }}
-    dest: /usr/local/share/revbank-plugins
+  with_items:
-    accept_hostkey: yes
+    - revbank.accounts
+    - revbank.market
+    - revbank.products
+
+- name: Ensure data file permissions
+  ansible.builtin.file:
+    path: /home/{{ bank_user }}/{{ item }}
+    state: touch
+    owner: "{{ bank_user }}"
+    group: "{{ bank_user }}"
+    mode: 0644
+  with_items:
+    - revbank.accounts
+    - revbank.market
+    - revbank.products
+
+- name: Link plugins
+  ansible.builtin.file:
+    state: link
+    path: /home/{{ bank_user }}/{{ item }}
+    src: /home/{{ bank_user }}/revbank.git/{{ item }}
+  with_items:
+    - plugins
+    - revbank.plugins
+
+- name: Create git data dir
+  ansible.builtin.file:
+    path: /home/{{ bank_user }}/data.git
+    state: directory
 
 - name: Install git cronjob
   ansible.builtin.template:

roles/bank/templates/git.cron

@@ -1,4 +1,4 @@
 SHELL=/bin/bash
 
 #m    h  dom mon dow user             command
- */10 *  *   *   *   {{ bank_user }}  git -C ~/.revbank pull -r && git -C ~/.revbank push
+ */10 *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)

roles/music/defaults/main.yaml

@@ -1,8 +1,2 @@
 music_audio_user: audio
-music_audio_group: audio
-music_librespot_user: librespot
-music_trollibox_user: trollibox
-
-music_pulse_server: /tmp/pipewire-pulse-socket
-
 music_mqtt_mpd_volume: bitlair/music/space/volume

roles/music/handlers/main.yaml

@@ -2,25 +2,19 @@
 - ansible.builtin.import_tasks:
     file: ../../common/handlers/main.yaml
 
-- name: restart mpd
+- name: Restart trollibox
-  ansible.builtin.systemd:
-    name: mpd
-    state: restarted
-    daemon_reload: true
-
-- name: restart trollibox
   ansible.builtin.systemd:
     name: trollibox
     state: restarted
     daemon_reload: true
 
-- name: rebuild librespot
+- name: Rebuild librespot
   ansible.builtin.command:
-    cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend
+    cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
   args:
     chdir: /opt/librespot
 
-- name: restart librespot
+- name: Restart librespot
   ansible.builtin.systemd:
     name: librespot
     state: restarted

roles/music/tasks/base.yaml

@@ -1,43 +0,0 @@
----
-- name: Install pipewire
-  apt:
-    name:
-      - pipewire
-      - pipewire-jack
-      - pipewire-pulse
-      - pulseaudio-utils
-      - pulsemixer
-      - wireplumber
-    state: present
-
-- name: Add audio group
-  group:
-    name: audio
-    system: true
-
-- name: Set PULSE_SERVER env var for all shells
-  copy:
-    dest: /etc/profile.d/pulse-server.sh
-    content: |+
-      # Ansible managed
-      export PULSE_SERVER={{ music_pulse_server }}
-
-- name: Create pipewire-pulse config dir
-  file:
-    path: /etc/pipewire/pipewire-pulse.conf.d/
-    state: directory
-
-- name: Configure system socket
-  ansible.builtin.copy:
-    dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf
-    content: |+
-      # Ansible managed
-      context.exec = [
-        { path = "/bin/chgrp"  args = "{{ music_audio_group }} {{ music_pulse_server }}" }
-        { path = "/bin/chmod"  args = "g+rwx,o-rwx {{ music_pulse_server }}" }
-      ]
-      pulse.properties = {
-        server.address = [
-          "unix:{{ music_pulse_server }}"
-        ]
-      }

roles/music/tasks/librespot.yaml

@@ -1,11 +1,8 @@
 ---
-- name: Create librespot user
+- name: Install dependencies
-  user:
+  ansible.builtin.apt:
-    name: "{{ music_librespot_user }}"
+    name: libjack-jackd2-dev
-    system: true
+    state: present
-    home: /var/lib/librespot
-    groups:
-      - "{{ music_audio_group }}"
 
 - name: Clone librespot source
   ansible.builtin.git:
@@ -14,8 +11,8 @@
     dest: /opt/librespot
     accept_hostkey: yes
   notify:
-    - rebuild librespot
+    - Rebuild librespot
-    - restart librespot
+    - Restart librespot
 
 - name: Install service file
   ansible.builtin.template:
@@ -24,7 +21,7 @@
     owner: root
     group: root
     mode: 0644
-  notify: restart librespot
+  notify: Restart librespot
 
 - name: Enable Librespot
   ansible.builtin.systemd:
@@ -32,5 +29,3 @@
     state: started
     enabled: true
     daemon_reload: true
-
-- meta: flush_handlers

roles/music/tasks/main.yaml

@@ -1,9 +1,4 @@
 ---
-- name: Import base
-  ansible.builtin.import_tasks:
-    file: base.yaml
-  tags:
-    - music_base
 
 - name: Import mpd
   ansible.builtin.import_tasks:
@@ -28,3 +23,12 @@
     file: soundboard.yaml
   tags:
     - music_soundboard
+
+- name: Install nginx config
+  ansible.builtin.template:
+    src: nginx-site.conf
+    dest: /etc/nginx/sites-enabled/trollibox
+    owner: root
+    group: root
+    mode: 0644
+  notify: Reload nginx

roles/music/tasks/mpd.yaml

@@ -1,32 +1,14 @@
 ---
+
 - name: Install MPD
   ansible.builtin.apt:
-    name: mpd
+    name:
+      - jackd
+      - mpd
+      - python3-mpd
+      - python3-serial
     state: present
 
-- name: Add mpd user to the {{ music_audio_group }} group
-  user:
-    name: mpd
-    groups:
-      - "{{ music_audio_group }}"
-  notify: restart mpd
-
-- name: Install mpd file
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart mpd
-  with_items:
-    - src: mpd.conf
-      dest: /etc/mpd.conf
-    - src: mpd.service
-      dest: /etc/systemd/system/mpd.service
-    - src: mpd_state
-      dest: /var/lib/mpd/state.default
-
 - name: Install mpd-volume-to-mqtt script
   ansible.builtin.template:
     src: mpd-volume-to-mqtt.sh
@@ -51,3 +33,27 @@
     state: started
     enabled: true
     daemon_reload: true
+
+- name: Clone skipbutton source
+  ansible.builtin.git:
+    repo: https://github.com/bitlair/skipbutton.git
+    version: master
+    dest: /opt/skipbutton
+    accept_hostkey: yes
+  notify: Restart skipbutton
+
+- name: Install skipbutton service
+  ansible.builtin.template:
+    src: skipbutton.service
+    dest: /etc/systemd/system/skipbutton.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart skipbutton
+
+- name: Enable skipbutton
+  ansible.builtin.systemd:
+    name: skipbutton
+    state: started
+    enabled: true
+    daemon_reload: true

roles/music/tasks/trollibox.yaml

@@ -1,10 +1,4 @@
 ---
-- name: Create trollibox user
-  user:
-    name: "{{ music_trollibox_user }}"
-    system: true
-    home: /var/lib/trollibox
-
 - name: Install Trollibox config
   ansible.builtin.template:
     src: trollibox.yaml
@@ -12,29 +6,27 @@
     owner: root
     group: root
     mode: "0644"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Get latest Trollibox version from Github API
-  uri:
+  ansible.builtin.get_url:
     url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
-    return_content: true
+    dest: "/tmp/_ansible_trollibox_latest_release.json"
-  register: response
-  changed_when: false
-  check_mode: false
-  failed_when: "response is failed or 'json' not in response"
 
-- name: Format trollibox latest version
+- name: Get download url
-  set_fact:
+  ansible.builtin.shell:
-    trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}"
+    cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
+      | contains("linux-amd64")) | .browser_download_url -r
+  register: "trollibox_download_url"
 
 - name: Download Trollibox
   ansible.builtin.unarchive:
-    src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz"
+    src: "{{ trollibox_download_url.stdout }}"
     remote_src: yes
     dest: /usr/local/bin
     include: [ trollibox ]
     mode: "0755"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Install service file
   ansible.builtin.template:
@@ -43,7 +35,7 @@
     owner: root
     group: root
     mode: "0644"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Enable Trollibox
   ansible.builtin.systemd:

roles/music/templates/librespot.service

@@ -3,14 +3,16 @@
 [Unit]
 Description=Spotify through Librespot
 After=network.target
+Requires=jackd.service
 
 [Service]
 Type=simple
 Restart=always
 RestartSec=2s
-ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend pulseaudio --volume-ctrl linear
+ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
-Environment="PULSE_SERVER={{ music_pulse_server }}"
+User={{ music_audio_user }}
-User={{ music_librespot_user }}
+Group={{ music_audio_user }}
+AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE
 
 [Install]
 WantedBy=multi-user.target

roles/music/templates/mpd-volume-to-mqtt.sh

@@ -14,7 +14,7 @@ prev_volume=x
     if [ $event = "mixer" ]; then
         volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'`
         if [ "$prev_volume" != "$volume" ]; then
-            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume"
+            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume"
         fi
         prev_volume=$volume
     fi

roles/music/templates/mpd.conf

@@ -1,40 +0,0 @@
-# {{ ansible_managed }}
-
-user "mpd"
-group "{{ music_audio_group }}"
-
-bind_to_address "any"
-port "6600"
-max_connections "20"
-
-zeroconf_enabled "yes"
-zeroconf_name "MPD @ %h"
-
-music_directory "/srv/media/music"
-auto_update "yes"
-filesystem_charset "UTF-8"
-
-playlist_directory "/var/lib/mpd/playlists"
-db_file "/var/lib/mpd/tag_cache"
-state_file "/var/lib/mpd/state"
-sticker_file "/var/lib/mpd/sticker.sql"
-
-input {
-        plugin "curl" # Required for web streams.
-}
-
-decoder {
-        plugin  "hybrid_dsd"
-        enabled "no"
-}
-
-decoder {
-        plugin  "wildmidi"
-        enabled "no"
-}
-
-audio_output {
-       type     "pulse"
-       name     "Pulse"
-       server   "{{ music_pulse_server }}"
-}

roles/music/templates/mpd.service

@@ -1,21 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Music Player Daemon
-After=network.target
-
-[Service]
-Type=simple
-ExecStartPre=/bin/mkdir -p /run/mpd
-ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd
-ExecStartPre=/bin/touch /var/log/mpd.log
-ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log
-ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state
-ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf
-# MDP will fork itself to the user defined in its config
-User=root
-LimitMEMLOCK=infinity
-LimitRTPRIO=99
-
-[Install]
-WantedBy=multi-user.target

roles/music/templates/mpd_state

@@ -1,17 +0,0 @@
-sw_volume: 20
-audio_device_state:1:Pulse
-state: play
-current: 0
-time: 0
-random: 0
-repeat: 0
-single: 0
-consume: 0
-crossfade: 0
-mixrampdb: 0.000000
-mixrampdelay: -1.000000
-playlist_begin
-song_begin: http://ice4.somafm.com/groovesalad-256-mp3
-Name: SomaFM Groove Salad
-song_end
-playlist_end

roles/music/templates/nginx-site.conf

@@ -0,0 +1,70 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    server_name {{ music_domain }};
+
+    {% if acme_bootstrap_certs %}
+    include "snippets/snakeoil.conf";
+    {% else %}
+    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
+    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
+    {% endif %}
+
+    {% for range in trusted_ranges %}
+    allow {{ range.cidr }};
+    {% endfor %}
+    deny all;
+
+    location / {
+        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
+    }
+
+    location /trollibox/ {
+        proxy_pass http://[::1]:3000/;
+        client_max_body_size 512M;
+        include proxy_params;
+    }
+
+    location ~ ^/trollibox/(.+/events)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        chunked_transfer_encoding off;
+        add_header X-Test "123";
+        proxy_set_header Connection '';
+        proxy_buffering off;
+        proxy_read_timeout 7d;
+    }
+
+    location ~ ^/trollibox/(.+/listen)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 7d;
+    }
+
+    location /bobdsp/ {
+        proxy_pass http://[::1]:8081/;
+        include proxy_params;
+    }
+
+    location /vis/ {
+        allow all;
+        proxy_pass http://[::1]:13378/;
+        include proxy_params;
+    }
+
+    location = /vis/ {
+        rewrite ^(.*)$ /vis/index.html;
+        include proxy_params;
+    }
+
+    include "snippets/acme.conf";
+}

roles/music/templates/skipbutton.service

@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=MPD Skipbutton
+After=network.target
+Requires=mpd.service
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=10s
+ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0
+DynamicUser=true
+Group=dialout
+
+[Install]
+WantedBy=multi-user.target

roles/music/templates/trollibox.service

@@ -10,7 +10,8 @@ Type=simple
 Restart=always
 RestartSec=2s
 ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml
-User={{ music_trollibox_user }}
+User={{ music_audio_user }}
+Group={{ music_audio_user }}
 
 [Install]
 WantedBy=multi-user.target

roles/services/tasks/discord_bot.yaml

@@ -3,37 +3,31 @@
 - name: Install dependencies
   ansible.builtin.apt:
     name:
-      - openscad
+      - python3-paho-mqtt
+      - python3-tz
       - virtualenv
 
 - name: Create virtualenv
   ansible.builtin.command:
-    cmd: virtualenv /var/lib/discord-bot/.venv
+    cmd: virtualenv /opt/miflora_exporter/.venv
   args:
     creates: /var/lib/discord-bot/.venv
 
-- name: Clone bottleclip source
-  ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/bottle-clip.git
-    version: main
-    dest: /var/lib/bottle-clip
-    accept_hostkey: yes
-  notify: Restart discord-bot
-
-- name: Clone discord-bot source
-  ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/discord-bot.git
-    version: main
-    dest: /var/lib/discord-bot
-    accept_hostkey: yes
-  notify: Restart discord-bot
-
 - name: Install Python dependencies
   ansible.builtin.shell:
     cmd: . .venv/bin/activate && pip install -r requirements.txt
   args:
     chdir: /var/lib/discord-bot
 
+- name: Clone source
+  ansible.builtin.git:
+    repo: https://git.bitlair.nl/bitlair/discord-bot.git
+    version: main
+    dest: /var/lib/discord-bot
+    accept_hostkey: yes
+  notify: Restart discord-bot
+  ignore_errors: true
+
 - name: Install service file
   ansible.builtin.template:
     src: discord-bot.service

roles/services/tasks/siahsd.yaml

@@ -1,15 +1,16 @@
 ---
-- name: Install siahsd
+# TODO: Install and build
-  apt:
-    name: siahsd
 
 - name: Create directories
   ansible.builtin.file:
-    path: /var/log/siahsd
+    path: "{{ item }}"
     state: directory
     owner: siahsd
     group: nogroup
     mode: "0750"
+  with_items:
+    - /var/log/siahsd
+    - /var/lib/siahsd
 
 - name: Install config file
   ansible.builtin.template:
@@ -20,9 +21,19 @@
     mode: "0644"
   notify: Restart siahsd
 
+- name: Install service file
+  ansible.builtin.template:
+    src: siahsd.service
+    dest: /etc/systemd/system/siahsd.service
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart siahsd
+
 - name: Start siahsd
   ansible.builtin.systemd:
     name: siahsd
     state: started
     enabled: true
     daemon_reload: true
+

roles/services/templates/discord-bot.service

@@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+# Managed by Ansible
 
 [Unit]
 Description=HobbyBot
@@ -13,7 +13,6 @@ DynamicUser=true
 Environment="MQTT_HOST={{ mqtt_internal_host }}"
 Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}"
 Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}"
-Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
 
 [Install]
 WantedBy=multi-user.target

roles/services/templates/siahsd.conf

@@ -1,5 +1,3 @@
-# {{ ansible_managed }}
-
 [siahsd]
 pid file = /var/lib/siahsd/siahsd.pid
 log file = /var/log/siahsd/siahsd.log
@@ -7,6 +5,13 @@ log level = 3
 foreground = 0
 event handlers = script
 
+#[database]
+#driver = mysql
+#host = localhost
+#name = siahsd
+#username = siahsd
+#password = MysbJxAaawmwKPqD
+
 [siahs]
 port = 4000
 
@@ -14,5 +19,21 @@ port = 4000
 port = 9000
 rsa key file = something.sexp
 
+#[jsonbot]
+#address = 192.168.88.15
+#port = 5500
+#aes key = blablablablablaz
+#password = mekker
+#privmsg to = #bitlair
+
+#[spacestate]
+#driver = mysql
+#host = localhost
+#name = bitwifi
+#username = bitwifi
+#password = aGWERQpLEQPUaXJV
+#open script = /opt/alarm/disarmed.sh
+#close script = /opt/alarm/armed.sh
+
 [script]
 path = /opt/alarm/siahsd_handler.sh

roles/services/templates/siahsd.service

@@ -0,0 +1,17 @@
+# Managed by Ansible
+
+[Unit]
+Description=Siahsd
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/var/lib/siahsd/siahsd.pid
+Restart=always
+RestartSec=10s
+ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid
+ExecStart=/usr/local/src/siahsd/build/siahsd
+User=siahsd
+
+[Install]
+WantedBy=multi-user.target

services.yaml

@@ -3,5 +3,4 @@
 - hosts: services
   roles:
     - { role: "common", tags: [ "common" ] }
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: [ "services" ] }

snippets/music-nginx.j2

@@ -1,49 +0,0 @@
-{% for range in trusted_ranges %}
-allow {{ range.cidr }};
-{% endfor %}
-deny all;
-
-location / {
-    rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
-}
-
-location /trollibox/ {
-    proxy_pass http://[::1]:3000/;
-    include proxy_params;
-}
-
-location ~ ^/trollibox/(.+/events)$ {
-    proxy_pass http://[::1]:3000/$1;
-    include proxy_params;
-    proxy_http_version 1.1;
-    chunked_transfer_encoding off;
-    add_header X-Test "123";
-    proxy_set_header Connection '';
-    proxy_buffering off;
-    proxy_read_timeout 7d;
-}
-
-location ~ ^/trollibox/(.+/listen)$ {
-    proxy_pass http://[::1]:3000/$1;
-    include proxy_params;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_read_timeout 7d;
-}
-
-location /bobdsp/ {
-    proxy_pass http://[::1]:8081/;
-    include proxy_params;
-}
-
-location /vis/ {
-    allow all;
-    proxy_pass http://[::1]:13378/;
-    include proxy_params;
-}
-
-location = /vis/ {
-    rewrite ^(.*)$ /vis/index.html;
-    include proxy_params;
-}