bitlair/ansible
8
0
Fork 1
Code Issues Pull requests 1 Activity Actions

Compare commits

base: bitlair:main
Branches Tags
bitlair:main
bitlair:389-ldap
bitlair:ldap-van-revspace
bitlair:linting
BlackDragon:main
BlackDragon:linting
..
compare: BlackDragon:linting
Branches Tags
BlackDragon:main
BlackDragon:linting
bitlair:main
bitlair:389-ldap
bitlair:ldap-van-revspace
bitlair:linting

3 commits
main ... linting

Author SHA1 Message Date
Mark Janssen
a30d388422
Owner/group strings 2025-04-19 16:45:08 +02:00
Mark Janssen
77c1732623
Linting 2025-04-19 16:42:53 +02:00
Mark Janssen
d0cd352b4a
Linting 2025-04-19 16:24:47 +02:00
110 changed files with 804 additions and 1362 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.ansible-lint Normal file
View file

@ -0,0 +1,14 @@
#warn_list: # or 'skip_list' to silence them completely
skip_list:
- experimental
- var-naming[no-role-prefix]
- name
warn_list:
- '204' # Lines should be no longer than 160 chars
- no-handler
- ignore-errors
- fqcn-builtins
- fqcn
- partial-become[task]
- template-instead-of-copy
offline: true

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
.password-store
.gitignore
.envrc

5
.yamllint.yaml
View file

@ -15,3 +15,8 @@ rules:
max-spaces-after: -1 max-spaces-after: -1
commas: commas:
max-spaces-after: -1 max-spaces-after: -1
comments:
min-spaces-from-content: 1
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true

1
authorized_keys/blackdragon.keys
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre

53
bitlair.yaml
View file

@ -1,77 +1,80 @@
--- ---
- hosts: all - name: common
hosts: all
gather_facts: true gather_facts: true
roles: roles:
- { role: "common", tags: ["common"] } - { role: "common", tags: ["common"] }
- { role: "nft", tags: ["nft"] } - { role: "nft", tags: ["nft"] }
- hosts: bank - name: bank
hosts: bank
roles: roles:
- { role: "bank", tags: ["bank"] } - { role: "bank", tags: ["bank"] }
- hosts: homeassistant - name: homeassistant
hosts: homeassistant
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: ["nginx"] } - { role: "nginx", tags: ["nginx"] }
- hosts: raspi - name: raspi
hosts: raspi
roles: roles:
- { role: "raspi", tags: ["raspi"] } - { role: "raspi", tags: ["raspi"] }
- { role: "bank-terminal", tags: ["bank-terminal"] } - { role: "bank-terminal", tags: ["bank-terminal"] }
- hosts: fotos - name: fotos
hosts: fotos
roles: roles:
- { role: "photos", tags: ["photos"] } - { role: "photos", tags: ["photos"] }
- hosts: git-ci - name: CI
hosts: git-ci
roles: roles:
- { role: "git_ci", tags: ["git_ci"] } - { role: "git-ci", tags: ["git-ci"] }
- hosts: git - name: git
hosts: git
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: ["nginx"] } - { role: "nginx", tags: ["nginx"] }
- { role: "git-server", tags: ["git-server"] } - { role: "git-server", tags: ["git-server"] }
- hosts: monitoring - name: monitoring
hosts: monitoring
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: ["nginx"] } - { role: "nginx", tags: ["nginx"] }
- { role: "monitoring", tags: ["monitoring"] } - { role: "monitoring", tags: ["monitoring"] }
- hosts: mqtt - name: mqtt
hosts: mqtt
roles: roles:
- { role: "mqtt", tags: ["mqtt"] } - { role: "mqtt", tags: ["mqtt"] }
- hosts: music - name: music
hosts: music
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "go", tags: ["go"] }
- { role: "music", tags: ["music"] } - { role: "music", tags: ["music"] }
- hosts: pad - name: pad
hosts: pad
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: ["nginx"] } - { role: "nginx", tags: ["nginx"] }
- { role: "etherpad", tags: ["etherpad"] } - { role: "etherpad", tags: ["etherpad"] }
- hosts: services - name: services
hosts: services
roles: roles:
- { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
- { role: "services", tags: ["services"] } - { role: "services", tags: ["services"] }
- hosts: wiki - name: wiki
hosts: wiki
roles: roles:
- { role: "acme", tags: ["acme"] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: ["nginx"] } - { role: "nginx", tags: ["nginx"] }
- { role: "www", tags: ["www"] } - { role: "www", tags: ["www"] }
- hosts: chat
roles:
- { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "chat", tags: [ "chat" ] }
- hosts: ldap
roles:
- { role: "common", tags: [ "common" ] }

10
chat.yaml
View file

@ -1,10 +0,0 @@
---
- hosts: chat
roles:
- { role: "common", tags: [ "common" ] }
- { role: "nft", tags: [ "nft" ] }
- { role: "nginx", tags: [ "nginx" ] }
- { role: "acme", tags: [ "acme" ] }
- { role: "nodesource", tags: [ "nodesource" ] }
- { role: "chat", tags: [ "chat" ] }

2
git-ci.yaml
View file

@ -3,4 +3,4 @@
- hosts: git-ci - hosts: git-ci
roles: roles:
- { role: "common", tags: [ "common" ] } - { role: "common", tags: [ "common" ] }
- { role: "git_ci", tags: [ "git_ci" ] } - { role: "git-ci", tags: [ "git-ci" ] }

5
group_vars/all.yaml
View file

@ -36,8 +36,3 @@ mqtt_public_host: bitlair.nl
debian_repourl: "http://deb.debian.org/debian/" debian_repourl: "http://deb.debian.org/debian/"
debian_securityurl: "http://security.debian.org/debian-security" debian_securityurl: "http://security.debian.org/debian-security"
deb_forgejo_repos:
- host: git.bitlair.nl
owner: bitlair
- host: git.polyfloyd.net
owner: polyfloyd

36
group_vars/chat.yaml
View file

@ -1,36 +0,0 @@
---
root_access:
- blackdragon
- ak
- foobar
- polyfloyd
nodejs_version: 22.x
thelounge_version: "4.4.3"
thelounge_ldap_url: ldaps://ldap.bitlair.nl
thelounge_ldap_filter: (objectClass=inetOrgPerson)
thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
chat_hostname: chat.bitlair.nl
acme_domains:
- "{{ chat_hostname }}"
nginx_sites:
- server_name: "{{ chat_hostname }}"
config:
- |-
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# by default nginx times out connections in one minute
proxy_read_timeout 1d;
}
group_nft_input:
- "tcp dport { http, https } accept # Allow web-traffic from world"

8
group_vars/music.yaml
View file

@ -6,18 +6,12 @@ nft: false
root_access: root_access:
- ak - ak
- bob - bob
- eightdot
- foobar - foobar
- polyfloyd - polyfloyd
nginx_client_max_body_size: 512M nginx_client_max_body_size: 512M
nginx_sites:
- server_name: "music.bitlair.nl"
snippets:
- "music-nginx.j2"
music_domain: music.bitlair.nl music_domain: music.bitlair.nl
acme_san_domains: acme_san_domains:
- [ music.bitlair.nl ] - [ music.bitlair.nl ]
music_bitpanel_host: bitpanel.bitlair.nl
music_bitpanel_port: 1337

6
inventory
View file

@ -17,8 +17,7 @@ blockchain.bitlair.nl
git.bitlair.nl git.bitlair.nl
[git-ci] [git-ci]
git-ci01.bitlair.nl git-ci.bitlair.nl
git-ci02.bitlair.nl
[pad] [pad]
pad.bitlair.nl pad.bitlair.nl
@ -50,9 +49,6 @@ homeassistant.bitlair.nl
[chat] [chat]
chat.bitlair.nl chat.bitlair.nl
[ldap]
ldap-new.bitlair.nl
[debian:children] [debian:children]
bank bank
fotos fotos

1
lint.sh
View file

@ -1,5 +1,6 @@
#!/bin/bash #!/bin/bash
j2lint `find ./ -type f -name '*.j2'` j2lint `find ./ -type f -name '*.j2'`
yamllint -c .yamllint.yaml .
ansible-lint bitlair.yaml ansible-lint bitlair.yaml

1
monitoring.yaml
View file

@ -4,6 +4,5 @@
roles: roles:
- { role: "common", tags: [ "common" ] } - { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: [ "acme" ] }
- { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: [ "nginx" ] }
- { role: "monitoring", tags: [ "monitoring" ] } - { role: "monitoring", tags: [ "monitoring" ] }

4
music.yaml
View file

@ -4,6 +4,6 @@
roles: roles:
- { role: "common", tags: [ "common" ] } - { role: "common", tags: [ "common" ] }
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: [ "acme" ] }
- { role: "deb_forgejo", tags: [ "deb_forgejo" ] } - { role: "go", tags: [ "go" ] }
- { role: "nginx", tags: [ "nginx" ] } # - { role: "nginx", tags: [ "nginx" ] }
- { role: "music", tags: [ "music" ] } - { role: "music", tags: [ "music" ] }

1
pad.yaml
View file

@ -9,5 +9,4 @@
- { role: "nft", tags: [ "nft" ] } - { role: "nft", tags: [ "nft" ] }
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: [ "acme" ] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: [ "nginx" ] }
- { role: "nodesource", tags: [ "nodesource" ] }
- { role: "etherpad", tags: [ "etherpad" ] } - { role: "etherpad", tags: [ "etherpad" ] }

4
roles/acme/handlers/main.yaml
View file

@ -1,9 +1,5 @@
--- ---
- name: update_contact_info
ansible.builtin.command:
cmd: dehydrated --account
- name: run dehydrated - name: run dehydrated
ansible.builtin.command: ansible.builtin.command:
cmd: dehydrated --cron cmd: dehydrated --cron

39
roles/bank-terminal/tasks/main.yaml
View file

@ -4,11 +4,11 @@
block: block:
- name: Add user - name: Add user
ansible.builtin.user: ansible.builtin.user:
name: bank-terminal name: "bank-terminal"
home: /home/{{ bank_terminal_user }} home: "/home/{{ bank_terminal_user }}"
shell: /home/{{ bank_terminal_user }}/login shell: "/home/{{ bank_terminal_user }}/login"
generate_ssh_key: yes generate_ssh_key: yes
ssh_key_type: ed25519 ssh_key_type: "ed25519"
- name: Locate agetty - name: Locate agetty
ansible.builtin.command: ansible.builtin.command:
@ -16,34 +16,35 @@
register: agetty_location_cmd register: agetty_location_cmd
- name: Set agetty var - name: Set agetty var
ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" ansible.builtin.set_fact:
agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"
- name: Install login script - name: Install login script
ansible.builtin.template: ansible.builtin.template:
src: login src: "login"
dest: /home/{{ bank_terminal_user }}/login dest: "/home/{{ bank_terminal_user }}/login"
owner: bank-terminal owner: "bank-terminal"
group: bank-terminal group: "bank-terminal"
mode: 0755 mode: "0755"
- name: Autologin User - name: Autologin User
ansible.builtin.template: ansible.builtin.template:
src: tty_autologin.conf src: "tty_autologin.conf"
dest: /etc/systemd/system/getty@tty1.service.d/override.conf dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: daemon_reload notify: daemon_reload
- name: Clear MOTD - name: Clear MOTD
ansible.builtin.copy: ansible.builtin.copy:
content: "" content: ""
dest: /etc/motd dest: "/etc/motd"
# Set console font so the Revbank QR codes are rendered correctly. # Set console font so the Revbank QR codes are rendered correctly.
- name: Console setup - name: Console setup
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/default/console-setup path: "/etc/default/console-setup"
line: '{{ item.k }}="{{ item.v }}"' line: '{{ item.k }}="{{ item.v }}"'
regexp: "^#?{{ item.k }}" regexp: "^#?{{ item.k }}"
with_items: with_items:
@ -56,8 +57,8 @@
- name: Console Setup Management Note - name: Console Setup Management Note
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/default/console-setup path: "/etc/default/console-setup"
line: '# Managed by Ansible' line: "# Managed by Ansible"
insertafter: "CONFIGURATION FILE" insertafter: "CONFIGURATION FILE"
- name: Read pubkey - name: Read pubkey

2
roles/bank/defaults/main.yaml
View file

@ -1,3 +1,3 @@
bank_user: bank bank_user: bank
bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git
bank_local_tty: no bank_local_tty: no
bank_revbank_version: "10.5.1"

16
roles/bank/tasks/login.yaml
View file

@ -4,7 +4,7 @@
name: bank name: bank
password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
home: /home/{{ bank_user }} home: /home/{{ bank_user }}
shell: /usr/local/share/revbank/revbank shell: /home/{{ bank_user }}/revbank.git/revbank
update_password: always update_password: always
- name: Allow password auth for bank user - name: Allow password auth for bank user
@ -13,7 +13,7 @@
insertafter: EOF insertafter: EOF
validate: "/usr/sbin/sshd -t -f %s" validate: "/usr/sbin/sshd -t -f %s"
block: |- block: |-
Match User {{ bank_user }} Match User bank
PasswordAuthentication yes PasswordAuthentication yes
notify: reload sshd notify: reload sshd
@ -41,14 +41,14 @@
- name: Create getty dir - name: Create getty dir
ansible.builtin.file: ansible.builtin.file:
path: /etc/systemd/system/getty@tty1.service.d path: "/etc/systemd/system/getty@tty1.service.d"
state: directory state: directory
- name: Autologin User - name: Autologin User
ansible.builtin.template: ansible.builtin.template:
src: tty_autologin.conf src: "tty_autologin.conf"
dest: /etc/systemd/system/getty@tty1.service.d/override.conf dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: daemon reload notify: daemon reload

14
roles/bank/tasks/revbank-deposit.yaml
View file

@ -23,18 +23,18 @@
ansible.builtin.template: ansible.builtin.template:
src: revbank-deposit.conf src: revbank-deposit.conf
dest: /etc/revbank-deposit.conf dest: /etc/revbank-deposit.conf
owner: root owner: "root"
group: root group: "root"
mode: 0600 mode: "0600"
notify: Restart revbank-deposit notify: Restart revbank-deposit
- name: Install revbank-deposit service - name: Install revbank-deposit service
ansible.builtin.template: ansible.builtin.template:
src: revbank-deposit.service src: revbank-deposit.service
dest: /etc/systemd/system/revbank-deposit.service dest: /etc/systemd/system/revbank-deposit.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart revbank-deposit notify: Restart revbank-deposit
- name: Start revbank-deposit - name: Start revbank-deposit
@ -44,4 +44,4 @@
state: started state: started
enabled: true enabled: true
- meta: flush_handlers - ansible.builtin.meta: flush_handlers

48
roles/bank/tasks/revbank.yaml
View file

@ -1,22 +1,50 @@
--- ---
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ] name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
state: present state: present
- name: Clone revbank source - name: Clone revbank source
ansible.builtin.git: ansible.builtin.git:
repo: https://github.com/revspace/revbank.git repo: "{{ bank_revbank_git }}"
version: "v{{ bank_revbank_version }}" version: master
dest: /usr/local/share/revbank dest: /home/{{ bank_user }}/revbank.git
accept_hostkey: yes accept_hostkey: yes
- name: Clone revbank-plugin source - name: Create data files
ansible.builtin.git: ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
repo: https://git.bitlair.nl/bitlair/revbank-plugins.git args:
version: main creates: /home/{{ bank_user }}/{{ item }}
dest: /usr/local/share/revbank-plugins with_items:
accept_hostkey: yes - revbank.accounts
- revbank.market
- revbank.products
- name: Ensure data file permissions
ansible.builtin.file:
path: /home/{{ bank_user }}/{{ item }}
state: touch
owner: "{{ bank_user }}"
group: "{{ bank_user }}"
mode: "0644"
with_items:
- revbank.accounts
- revbank.market
- revbank.products
- name: Link plugins
ansible.builtin.file:
state: link
path: /home/{{ bank_user }}/{{ item }}
src: /home/{{ bank_user }}/revbank.git/{{ item }}
with_items:
- plugins
- revbank.plugins
- name: Create git data dir
ansible.builtin.file:
path: /home/{{ bank_user }}/data.git
state: directory
- name: Install git cronjob - name: Install git cronjob
ansible.builtin.template: ansible.builtin.template:

4
roles/bank/templates/git.cron
View file

@ -1,4 +1,4 @@
SHELL=/bin/bash SHELL=/bin/bash
#m h dom mon dow user command #m h dom mon dow user command
*/10 * * * * {{ bank_user }} git -C ~/.revbank pull -r && git -C ~/.revbank push && git -C ~/.revbank gc 0 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)

5
roles/chat/defaults/main.yaml
View file

@ -1,5 +0,0 @@
---
chat_user: thelounge
chat_group: thelounge
chat_configdir: "/etc/thelounge"

11
roles/chat/handlers/main.yaml
View file

@ -1,11 +0,0 @@
---
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: yes
- name: Restart thelounge
ansible.builtin.systemd:
name: thelounge
state: restarted
enabled: true

92
roles/chat/tasks/main.yaml
View file

@ -1,92 +0,0 @@
---
- name: Install dependencies
ansible.builtin.apt:
state: present
pkg:
- build-essential
- nodejs
- name: Ensure directories are present
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ chat_user }}"
group: "{{ chat_group }}"
state: "{{ item.state | default('directory') }}"
mode: "{{ item.mode | default('0770') }}"
with_items:
- { path: "{{ chat_configdir }}" }
- { path: "/var/local/thelounge/users" }
- { path: "/var/local/thelounge/storage" }
notify:
- Restart thelounge
- name: Install nodejs
ansible.builtin.apt:
- name: Install yarn
ansible.builtin.shell:
cmd: npm install --global yarn
- ansible.builtin.stat:
path: /opt/thelounge
register: src_path
- name: Retreive thelounge source
block:
- name: Checkout source
ansible.builtin.git:
repo: 'https://github.com/revspace/thelounge.git'
dest: /opt/thelounge
version: 9d6dc83
force: true
- name: Copy patch
ansible.builtin.template:
src: thelounge-bitlair.patch
dest: /tmp/thelounge-bitlair.patch
- name: Apply patch
ansible.builtin.shell:
chdir: /opt/thelounge
cmd: git apply /tmp/thelounge-bitlair.patch
when: not src_path.stat.exists
- name: Build and install thelounge
ansible.builtin.shell:
chdir: /opt/thelounge
cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
notify:
- Restart thelounge
- name: Ensure user thelounge is present
ansible.builtin.user:
name: thelounge
createhome: no
comment: The Lounge (IRC client)
system: yes
state: present
- name: Ensure JS and JSON syntax checking packages are installed
community.general.yarn:
name: "{{ item }}"
global: yes
# state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
with_items:
- esprima
- jsonlint
# changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
- name: Configure templates
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner | default( chat_user ) }}"
group: "{{ item.group | default( chat_group ) }}"
mode: "{{ item.mode | default('0640') }}"
validate: "{{ item.validate | default([]) }}"
with_items:
- { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' }
- { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" }
notify: "{{ item.notify | default('Restart thelounge') }}"

59
roles/chat/templates/config.js.j2
View file

@ -1,59 +0,0 @@
"use strict";
module.exports = {
public: false,
port: 9000,
bind: "0.0.0.0",
host: "127.0.0.1",
reverseProxy: true,
lockNetwork: true,
maxHistory: 10000,
leaveMessage: "Doei!",
defaults: {
name: "Smurfnet",
password: "",
rejectUnauthorized: true,
nick: "",
username: "",
realname: "",
join: "#bitlair",
},
messageStorage: ["sqlite", "text"],
fileUpload: {
enable: true,
},
networks: {
Smurfnet: {
host: "irc.smurfnet.ch",
port: 6697,
tls: true,
rejectUnauthorized: false,
},
"Libera.Chat": {
host: "irc.libera.chat",
port: 6697,
tls: true,
rejectUnauthorized: true,
},
OFTC: {
host: "irc.oftc.net",
port: 6697,
tls: true,
rejectUnauthorized: true,
},
},
identd: {
enable: false,
},
ldap: {
enable: true,
url: "{{ thelounge_ldap_url }}",
primaryKey: "uid",
searchDN: {
rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}",
rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}",
filter: "{{ thelounge_ldap_filter }}",
base: "{{ thelounge_ldap_base }}",
},
},
};

28
roles/chat/templates/thelounge-bitlair.patch
View file

@ -1,28 +0,0 @@
diff --git a/package.json b/package.json
index 2991a6ec..dac43f16 100644
--- a/package.json
+++ b/package.json
@@ -84,9 +84,7 @@
"ua-parser-js": "1.0.33",
"uuid": "8.3.2",
"web-push": "3.4.5",
- "yarn": "1.22.17"
- },
- "optionalDependencies": {
+ "yarn": "1.22.17",
"sqlite3": "5.1.7"
},
"devDependencies": {
diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
index e6093b0f..d30b9a1c 100644
--- a/server/plugins/auth/ldap.ts
+++ b/server/plugins/auth/ldap.ts
@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
// auth plugin API
function callbackWrapper(valid: boolean) {
if (valid && !client) {
- manager.addUser(user, null, false);
+ manager.addUser(user, null, true);
}
callback(valid);

17
roles/chat/templates/thelounge.service
View file

@ -1,17 +0,0 @@
[Unit]
Description=The Lounge (IRC client)
After=network-online.target
Wants=network-online.target
[Service]
User={{ chat_user }}
Group={{ chat_group }}
Type=simple
Environment=THELOUNGE_HOME=/var/local/thelounge
ExecStart=/usr/local/bin/thelounge start
ProtectSystem=yes
ProtectHome=yes
PrivateTmp=yes
[Install]
WantedBy=multi-user.target

2
roles/common/handlers/main.yaml
View file

@ -3,7 +3,7 @@
ansible.builtin.command: ansible.builtin.command:
cmd: update-grub cmd: update-grub
- name: apt update - name: Apt update
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true

6
roles/common/tasks/debian-upgrade.yaml
View file

@ -4,9 +4,9 @@
ansible.builtin.template: ansible.builtin.template:
src: stable-sources.list src: stable-sources.list
dest: /etc/apt/sources.list dest: /etc/apt/sources.list
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
- name: Remove backports - name: Remove backports
ansible.builtin.file: ansible.builtin.file:

2
roles/common/tasks/main.yaml
View file

@ -30,7 +30,7 @@
ansible.builtin.template: ansible.builtin.template:
src: authorized_keys.j2 src: authorized_keys.j2
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
mode: 0600 mode: "0600"
when: root_access is defined and root_access when: root_access is defined and root_access
tags: authorized_keys tags: authorized_keys

6
roles/common/tasks/network.yaml
View file

@ -28,9 +28,9 @@
ansible.builtin.template: ansible.builtin.template:
src: network-interfaces src: network-interfaces
dest: /etc/network/interfaces dest: /etc/network/interfaces
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
when: network_br or network_dhcp or network_static when: network_br or network_dhcp or network_static
- ansible.builtin.meta: flush_handlers - ansible.builtin.meta: flush_handlers

1
roles/deb_forgejo/defaults/main.yaml
View file

@ -1 +0,0 @@
deb_private_host: git.polyfloyd.net

3
roles/deb_forgejo/handlers/default.yaml
View file

@ -1,3 +0,0 @@
---
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

26
roles/deb_forgejo/tasks/main.yaml
View file

@ -1,26 +0,0 @@
---
- tags: deb_forgejo
block:
- name: Install dependencies
apt:
name: apt-transport-https
state: present
- name: Install packaging key
get_url:
url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
mode: "0644"
with_items: "{{ deb_forgejo_repos }}"
notify: apt update
- name: Install sources.list
template:
src: sources.list
dest: /etc/apt/sources.list.d/deb-forgejo.list
owner: root
group: root
mode: "0644"
notify: apt update
- meta: flush_handlers

5
roles/deb_forgejo/templates/sources.list
View file

@ -1,5 +0,0 @@
# {{ ansible_managed }}
{% for repo in deb_forgejo_repos %}
deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
{% endfor %}

1
roles/etherpad/defaults/main.yaml
View file

@ -1,3 +1,4 @@
nodejs_version: 22.x
etherpad_db_user: etherpad etherpad_db_user: etherpad
etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}" etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}"
etherpad_db_name: etherpad etherpad_db_name: etherpad

60
roles/etherpad/tasks/main.yaml
View file

@ -3,10 +3,36 @@
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
state: present state: present
pkg: pkg:
- nodejs - gpg
- postgresql - postgresql
- python3-psycopg2 - python3-psycopg2
- apt-transport-https
- name: Import nodesource signing key
ansible.builtin.shell:
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: Apt update
- name: Install nodesource source list
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner | default('root') }}"
group: "{{ item.group | default('root') }}"
with_items:
- { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list" }
- { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs" }
notify: Apt update
- ansible.builtin.meta: flush_handlers
- name: Install nodejs
ansible.builtin.apt:
name: nodejs
- name: Add database user - name: Add database user
become: true become: true
@ -34,17 +60,17 @@
ansible.builtin.file: ansible.builtin.file:
path: /var/log/etherpad.log path: /var/log/etherpad.log
state: touch state: touch
owner: etherpad owner: "etherpad"
group: etherpad group: "etherpad"
mode: 0644 mode: "0644"
- name: Create source directory - name: Create source directory
ansible.builtin.file: ansible.builtin.file:
path: /opt/etherpad path: /opt/etherpad
state: directory state: directory
owner: etherpad owner: "etherpad"
group: etherpad group: "etherpad"
mode: 0755 mode: "0755"
- name: Clone etherpad source - name: Clone etherpad source
become: yes become: yes
@ -61,18 +87,18 @@
ansible.builtin.template: ansible.builtin.template:
src: settings.json src: settings.json
dest: /opt/etherpad/settings.json dest: /opt/etherpad/settings.json
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart etherpad notify: Restart etherpad
- name: Install etherpad service - name: Install etherpad service
ansible.builtin.template: ansible.builtin.template:
src: etherpad.service src: etherpad.service
dest: /etc/systemd/system/etherpad.service dest: /etc/systemd/system/etherpad.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart etherpad notify: Restart etherpad
- name: Start etherpad - name: Start etherpad
@ -86,8 +112,8 @@
ansible.builtin.template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-enabled/etherpad dest: /etc/nginx/sites-enabled/etherpad
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Reload nginx notify: Reload nginx

0
roles/nodesource/templates/nodejs-apt-pref → roles/etherpad/templates/nodejs-apt-pref
View file

2
roles/nodesource/templates/nodesource.list → roles/etherpad/templates/nodesource.list
View file

@ -1,3 +1,3 @@
# {{ ansible_managed }} # {{ ansible_managed }}
deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodesource_version }} nodistro main deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main

2
roles/git-ci/defaults/main.yaml Normal file
View file

@ -0,0 +1,2 @@
runner_wd: /var/lib/forgejo-runner
runner_version: 6.3.0

2
roles/git_ci/handlers/main.yaml → roles/git-ci/handlers/main.yaml
View file

@ -3,6 +3,6 @@
file: ../../common/handlers/main.yaml file: ../../common/handlers/main.yaml
- name: restart forgejo-runner - name: restart forgejo-runner
systemd: ansible.builtin.systemd:
name: forgejo-runner name: forgejo-runner
state: restarted state: restarted

50
roles/git-ci/tasks/main.yaml Normal file
View file

@ -0,0 +1,50 @@
---
- name: Install dependencies
ansible.builtin.apt:
name: docker.io
- name: Download forgejo-runner
ansible.builtin.get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner
mode: "0755"
notify: restart forgejo-runner
- name: Create runner dir
ansible.builtin.file:
state: directory
path: "{{ runner_wd }}"
owner: "root"
group: "root"
mode: "0755"
- name: Register runner
ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args:
chdir: "{{ runner_wd }}"
creates: "{{ runner_wd }}/.runner"
- name: Install service file
ansible.builtin.template:
src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service
owner: "root"
group: "root"
mode: "0644"
notify: restart forgejo-runner
- name: Enable service
ansible.builtin.systemd:
name: forgejo-runner
enabled: true
daemon_reload: true
- name: Start service
ansible.builtin.systemd:
name: forgejo-runner
state: started
daemon_reload: true
- name: Flush handlers
ansible.builtin.meta: flush_handlers

2
roles/git_ci/templates/forgejo-runner.service → roles/git-ci/templates/forgejo-runner.service
View file

@ -6,7 +6,7 @@ After=network.target
[Service] [Service]
ExecStart=/usr/local/bin/forgejo-runner daemon ExecStart=/usr/local/bin/forgejo-runner daemon
WorkingDirectory={{ git_ci_runner_wd }} WorkingDirectory={{ runner_wd }}
Restart=on-failure Restart=on-failure
RestartSec=10s RestartSec=10s

16
roles/git-server/tasks/main.yaml
View file

@ -11,9 +11,9 @@
ansible.builtin.template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-available/forgejo
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Reload nginx notify: Reload nginx
- name: Enable nginx site - name: Enable nginx site
@ -36,7 +36,7 @@
path: /var/log/forgejo path: /var/log/forgejo
owner: "{{ git_server_user }}" owner: "{{ git_server_user }}"
group: "{{ git_server_user }}" group: "{{ git_server_user }}"
mode: 0755 mode: "0755"
# TODO: Install initial config # TODO: Install initial config
@ -44,9 +44,9 @@
ansible.builtin.template: ansible.builtin.template:
src: forgejo.service src: forgejo.service
dest: /etc/systemd/system/forgejo.service dest: /etc/systemd/system/forgejo.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Reload forgejo notify: Reload forgejo
- name: Install update script - name: Install update script
@ -55,7 +55,7 @@
dest: "{{ git_server_working_dir }}/update.sh" dest: "{{ git_server_working_dir }}/update.sh"
owner: "{{ git_server_user }}" owner: "{{ git_server_user }}"
group: "{{ git_server_user }}" group: "{{ git_server_user }}"
mode: 0755 mode: "0755"
- name: Perform initial update - name: Perform initial update
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"

4
roles/git-server/templates/cronjob
View file

@ -1,4 +1,4 @@
# {{ ansible_managed }} # {{ ansible_managed }}
#m h dom mon dow user command #m h dom mon dow user command
0 2 * * 1 root {{ git_server_working_dir }}/update.sh 0 2 * * 1 {{ git_server_user }} {{ git_server_working_dir }}/update.sh

2
roles/git_ci/defaults/main.yaml
View file

@ -1,2 +0,0 @@
---
git_ci_runner_wd: /var/lib/forgejo-runner

83
roles/git_ci/tasks/main.yaml
View file

@ -1,83 +0,0 @@
---
- tags: git_ci
block:
- name: Install dependencies
apt:
name: docker.io
- name: Query latest forgejo-runner version
uri:
url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
return_content: true
register: response
changed_when: false
check_mode: false
failed_when: "response is failed or 'json' not in response"
- name: Format forgejo-runner latest version
set_fact:
forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
- name: Detect installed forgejo-runner version
shell:
cmd: |
set -o pipefail
forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
executable: /bin/bash
register: forgejo_runner_installed_version_shell
changed_when: false
check_mode: false
- name: Format installed forgejo-runner version
set_fact:
forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
- debug:
msg:
- "Forgejo Runner latest version: {{ forgejo_runner_version }}"
- "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
- name: Download forgejo-runner
get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner
mode: "0755"
notify: restart forgejo-runner
when: forgejo_runner_installed_version != forgejo_runner_version
- name: Create runner dir
file:
state: directory
path: "{{ git_ci_runner_wd }}"
owner: root
group: root
mode: "0755"
- name: Register runner
command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args:
chdir: "{{ git_ci_runner_wd }}"
creates: "{{ git_ci_runner_wd }}/.runner"
- name: Install service file
template:
src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service
owner: root
group: root
mode: "0644"
notify: restart forgejo-runner
- name: Enable service
systemd:
name: forgejo-runner
enabled: true
daemon_reload: true
- name: Start service
systemd:
name: forgejo-runner
state: started
daemon_reload: true
- meta: flush_handlers

10
roles/go/tasks/main.yaml
View file

@ -48,17 +48,17 @@
src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
dest: /usr/local dest: /usr/local
remote_src: yes remote_src: yes
owner: root owner: "root"
group: root group: "root"
when: go_installed_version != go_latest_version when: go_installed_version != go_latest_version
- name: Configure Go environment - name: Configure Go environment
ansible.builtin.template: ansible.builtin.template:
src: go.profile src: go.profile
dest: /etc/profile.d/go.sh dest: /etc/profile.d/go.sh
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
- name: Link go binary - name: Link go binary
ansible.builtin.file: ansible.builtin.file:

12
roles/monitoring/tasks/grafana.yaml
View file

@ -21,9 +21,9 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart grafana notify: restart grafana
with_items: with_items:
- { src: grafana.ini, dest: /etc/grafana/grafana.ini } - { src: grafana.ini, dest: /etc/grafana/grafana.ini }
@ -33,9 +33,9 @@
ansible.builtin.template: ansible.builtin.template:
src: grafana-data-source.yml src: grafana-data-source.yml
dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml" dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart grafana notify: restart grafana
with_items: with_items:
- name: Prometheus - name: Prometheus

6
roles/monitoring/tasks/main.yaml
View file

@ -4,9 +4,9 @@
ansible.builtin.template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-available/monitoring dest: /etc/nginx/sites-available/monitoring
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Reload nginx notify: Reload nginx
- name: Enable nginx site - name: Enable nginx site

39
roles/monitoring/tasks/mqtt_exporter.yaml
View file

@ -1,22 +1,47 @@
--- ---
- name: Clone source
ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-exporter.git
version: main
dest: /opt/mqtt_exporter
accept_hostkey: yes
notify: restart mqtt_exporter
- name: Install apt dependencies - name: Install apt dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: mqtt-exporter name:
- jq
- python3-paho-mqtt
- python3-prometheus-client
- python3-yaml
state: present state: present
- name: Install service
ansible.builtin.template:
src: mqtt_exporter.service
dest: /etc/systemd/system/mqtt_exporter.service
owner: "root"
group: "root"
mode: "0644"
notify:
- Daemon reload
- restart mqtt_exporter
- name: Install config file - name: Install config file
ansible.builtin.template: ansible.builtin.template:
src: mqtt_exporter_config.yaml src: mqtt_exporter_config.yaml
dest: /etc/mqtt-exporter.yaml dest: /etc/mqtt_exporter.yaml
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart mqtt_exporter notify:
- Daemon reload
- restart mqtt_exporter
- ansible.builtin.meta: flush_handlers - ansible.builtin.meta: flush_handlers
- name: Start service - name: Start service
ansible.builtin.systemd: ansible.builtin.systemd:
name: mqtt-exporter name: mqtt_exporter
state: started state: started
enabled: true enabled: true

6
roles/monitoring/tasks/prometheus.yaml
View file

@ -7,9 +7,9 @@
ansible.builtin.template: ansible.builtin.template:
src: prometheus.yml src: prometheus.yml
dest: "{{ prometheus_config_dir }}/prometheus.yml" dest: "{{ prometheus_config_dir }}/prometheus.yml"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart prometheus notify: restart prometheus
- name: Configure Prometheus args - name: Configure Prometheus args

1
roles/mqtt/defaults/main.yaml Normal file
View file

@ -0,0 +1 @@
mqtt_bambulab_cafile: /etc/mosquitto/ca_certificates/bambulab.pem

12
roles/mqtt/tasks/main.yaml
View file

@ -9,18 +9,16 @@
- name: Install bambulab cafile - name: Install bambulab cafile
# openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' # openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
ansible.builtin.copy: ansible.builtin.copy:
dest: "/etc/mosquitto/ca_certificates/bambu_{{ item.name }}.pem" dest: "{{ mqtt_bambulab_cafile }}"
content: "{{ item.cafile }}" content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
notify: restart mosquitto
with_items: "{{ lookup('passwordstore', 'bambulab subkey=printers') }}"
- name: Configure Mosquitto - name: Configure Mosquitto
ansible.builtin.template: ansible.builtin.template:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/mosquitto/conf.d/{{ item }}" dest: "/etc/mosquitto/conf.d/{{ item }}"
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart mosquitto notify: restart mosquitto
with_items: with_items:
- bambulab.conf - bambulab.conf

13
roles/mqtt/templates/bambulab.conf
View file

@ -1,11 +1,10 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% for bambu in lookup('passwordstore', 'bambulab subkey=printers') %}
connection bambulab_{{ bambu.name }} connection bambulab
address {{ bambu.host }}:8883 address {{ lookup('passwordstore', 'bambulab subkey=host') }}:8883
bridge_cafile /etc/mosquitto/ca_certificates/bambu_{{ bambu.name }}.pem bridge_cafile {{ mqtt_bambulab_cafile }}
bridge_insecure true bridge_insecure true
remote_username bblp remote_username bblp
remote_password {{ bambu.key }} remote_password {{ lookup('passwordstore', 'bambulab subkey=key') }}
topic # in 2 bambulab/{{ bambu.name }}/ ""
{% endfor %} topic # in 2 bambulab/ ""

8
roles/music/defaults/main.yaml
View file

@ -1,10 +1,2 @@
music_audio_user: audio music_audio_user: audio
music_audio_user_id: 998
music_audio_group: audio
music_bitvis_user: bitvis
music_librespot_user: librespot
music_trollibox_user: trollibox
music_pulse_server: /tmp/pipewire-pulse-socket
music_mqtt_mpd_volume: bitlair/music/space/volume music_mqtt_mpd_volume: bitlair/music/space/volume

59
roles/music/handlers/main.yaml
View file

@ -2,65 +2,27 @@
- ansible.builtin.import_tasks: - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml file: ../../common/handlers/main.yaml
- name: restart pipewire - name: Restart trollibox
become: true
become_user: "{{ music_audio_user }}"
become_method: machinectl
ansible.builtin.systemd:
name: pipewire
state: restarted
daemon_reload: true
scope: user
- name: restart filter-chain
become: true
become_user: "{{ music_audio_user }}"
become_method: machinectl
ansible.builtin.systemd:
name: filter-chain
state: restarted
daemon_reload: true
scope: user
- name: restart bitvis
ansible.builtin.systemd:
name: bitvis
state: restarted
daemon_reload: true
- name: restart bitvis-tee
ansible.builtin.systemd:
name: bitvis-tee
state: restarted
daemon_reload: true
- name: restart mpd
ansible.builtin.systemd:
name: mpd
state: restarted
daemon_reload: true
- name: restart trollibox
ansible.builtin.systemd: ansible.builtin.systemd:
name: trollibox name: trollibox
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: rebuild librespot - name: Rebuild librespot
ansible.builtin.command: ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend,jackaudio-backend cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args: args:
chdir: /opt/librespot chdir: /opt/librespot
- name: restart librespot - name: Restart librespot
ansible.builtin.systemd: ansible.builtin.systemd:
name: librespot name: librespot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mqtt-soundboard - name: Restart soundboard
ansible.builtin.systemd: ansible.builtin.systemd:
name: mqtt-soundboard name: soundboard
state: restarted state: restarted
daemon_reload: true daemon_reload: true
@ -75,12 +37,3 @@
name: skipbutton name: skipbutton
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart ampswitch
ansible.builtin.systemd:
name: "ampswitch-{{ item }}"
state: restarted
daemon_reload: true
with_items:
- librespot
- mpd

31
roles/music/tasks/ampswitch.yaml
View file

@ -1,31 +0,0 @@
---
- name: Install ampswitch
apt:
name: ampswitch
- name: Install ampswitch service file
template:
src: ampswitch.service
dest: /etc/systemd/system/ampswitch-{{ item.instance }}.service
owner: root
group: root
mode: 0755
with_items:
- instance: mpd
pw_inputs:
- "Music Player Daemon:output_FL"
- "Music Player Daemon:output_FR"
- instance: librespot
pw_inputs:
- "librespot:out_0"
- "librespot:out_1"
notify: restart ampswitch
- name: Enable ampswitch
ansible.builtin.systemd:
name: "ampswitch-{{ item }}"
state: started
enabled: true
with_items:
- librespot
- mpd

68
roles/music/tasks/base.yaml
View file

@ -1,68 +0,0 @@
---
- name: Install pipewire
apt:
name:
- systemd-container
- pipewire
- pipewire-jack
- pipewire-pulse
- pulseaudio-utils
- pulsemixer
- wireplumber
state: present
- name: Add audio group
group:
name: audio
system: true
- name: Add {{ music_audio_user }} user
user:
name: "{{ music_audio_user }}"
uid: "{{ music_audio_user_id }}"
system: true
groups:
- audio
- name: Enable linger for {{ music_audio_user }}
copy:
dest: "/var/lib/systemd/linger/{{ music_audio_user }}"
content: ""
- name: Enable pipewire
become: true
become_user: "{{ music_audio_user }}"
become_method: machinectl
ansible.builtin.systemd:
name: pipewire
state: started
enabled: true
scope: user
- name: Set PULSE_SERVER env var for all shells
copy:
dest: /etc/profile.d/pulse-server.sh
content: |+
# Ansible managed
export PULSE_SERVER={{ music_pulse_server }}
- name: Create pipewire-pulse config dir
file:
path: /etc/pipewire/pipewire-pulse.conf.d/
state: directory
- name: Configure system socket
ansible.builtin.copy:
dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf
content: |+
# Ansible managed
context.exec = [
{ path = "/bin/chgrp" args = "{{ music_audio_group }} {{ music_pulse_server }}" }
{ path = "/bin/chmod" args = "g+rwx,o-rwx {{ music_pulse_server }}" }
]
pulse.properties = {
server.address = [
"unix:{{ music_pulse_server }}"
]
}
notify: restart pipewire

72
roles/music/tasks/bitvis.yaml
View file

@ -1,72 +0,0 @@
---
- name: Install bitvis dependencies
apt:
name:
- bitvis
- bitvis-http
- swh-plugins
- name: Create bitvis user
user:
name: "{{ music_bitvis_user }}"
system: true
home: /var/lib/bitvis
groups:
- "{{ music_audio_group }}"
- name: Install bitvis-tee
ansible.builtin.template:
src: bitvis-tee.sh
dest: /opt/bitvis-tee.sh
owner: root
group: root
mode: 0755
notify: restart {{ item }}
with_items:
- bitvis
- bitvis-tee
- name: Install service file
ansible.builtin.template:
src: "{{ item }}.service"
dest: /etc/systemd/system/{{ item }}.service
owner: root
group: root
mode: 0644
notify: restart {{ item }}
with_items:
- bitvis
- bitvis-tee
- name: Enable service
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
daemon_reload: true
with_items:
- bitvis
- bitvis-tee
- name: Install bitvis gain filter
ansible.builtin.template:
src: pw-bitvis-mixer.conf
dest: /etc/pipewire/filter-chain.conf.d/bitvis-mixer.conf
owner: root
group: root
mode: 0644
notify:
- restart filter-chain
- restart bitvis
- name: Enable filter-chain
become: true
become_user: "{{ music_audio_user }}"
become_method: machinectl
ansible.builtin.systemd:
name: filter-chain
state: started
enabled: true
scope: user
- meta: flush_handlers

32
roles/music/tasks/librespot.yaml
View file

@ -1,18 +1,8 @@
--- ---
- name: Install apt dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name: libjack-jackd2-dev
- libasound2-dev state: present
- libjack-dev
- pkg-config
- name: Create librespot user
user:
name: "{{ music_librespot_user }}"
system: true
home: /var/lib/librespot
groups:
- "{{ music_audio_group }}"
- name: Clone librespot source - name: Clone librespot source
ansible.builtin.git: ansible.builtin.git:
@ -21,17 +11,17 @@
dest: /opt/librespot dest: /opt/librespot
accept_hostkey: yes accept_hostkey: yes
notify: notify:
- rebuild librespot - Rebuild librespot
- restart librespot - Restart librespot
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
src: librespot.service src: librespot.service
dest: /etc/systemd/system/librespot.service dest: /etc/systemd/system/librespot.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart librespot notify: Restart librespot
- name: Enable Librespot - name: Enable Librespot
ansible.builtin.systemd: ansible.builtin.systemd:
@ -39,5 +29,3 @@
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
- meta: flush_handlers

30
roles/music/tasks/main.yaml
View file

@ -1,9 +1,4 @@
--- ---
- name: Import base
ansible.builtin.import_tasks:
file: base.yaml
tags:
- music_base
- name: Import mpd - name: Import mpd
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
@ -11,18 +6,6 @@
tags: tags:
- music_mpd - music_mpd
- name: Bitvis
ansible.builtin.import_tasks:
file: bitvis.yaml
tags:
- music_bitvis
- name: Import airplay
ansible.builtin.import_tasks:
file: airplay.yaml
tags:
- music_airplay
- name: Import trollibox - name: Import trollibox
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: trollibox.yaml file: trollibox.yaml
@ -41,8 +24,11 @@
tags: tags:
- music_soundboard - music_soundboard
- name: Ampswitch - name: Install nginx config
ansible.builtin.import_tasks: ansible.builtin.template:
file: ampswitch.yaml src: nginx-site.conf
tags: dest: /etc/nginx/sites-enabled/trollibox
- music_ampswitch owner: "root"
group: "root"
mode: "0644"
notify: Reload nginx

66
roles/music/tasks/mpd.yaml
View file

@ -1,48 +1,30 @@
--- ---
- name: Install MPD - name: Install MPD
ansible.builtin.apt: ansible.builtin.apt:
name: mpd name:
- jackd
- mpd
- python3-mpd
- python3-serial
state: present state: present
- name: Add mpd user to the {{ music_audio_group }} group
user:
name: mpd
groups:
- "{{ music_audio_group }}"
notify: restart mpd
- name: Install mpd file
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
notify: restart mpd
with_items:
- src: mpd.conf
dest: /etc/mpd.conf
- src: mpd.service
dest: /etc/systemd/system/mpd.service
- src: mpd_state
dest: /var/lib/mpd/state.default
- name: Install mpd-volume-to-mqtt script - name: Install mpd-volume-to-mqtt script
ansible.builtin.template: ansible.builtin.template:
src: mpd-volume-to-mqtt.sh src: mpd-volume-to-mqtt.sh
dest: /opt/mpd-volume-to-mqtt.sh dest: /opt/mpd-volume-to-mqtt.sh
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart mpd-volume-to-mqtt notify: Restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service - name: Install mpd-volume-to-mqtt service
ansible.builtin.template: ansible.builtin.template:
src: mpd-volume-to-mqtt.service src: mpd-volume-to-mqtt.service
dest: /etc/systemd/system/mpd-volume-to-mqtt.service dest: /etc/systemd/system/mpd-volume-to-mqtt.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart mpd-volume-to-mqtt notify: Restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt
@ -51,3 +33,27 @@
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
- name: Clone skipbutton source
ansible.builtin.git:
repo: https://github.com/bitlair/skipbutton.git
version: master
dest: /opt/skipbutton
accept_hostkey: yes
notify: Restart skipbutton
- name: Install skipbutton service
ansible.builtin.template:
src: skipbutton.service
dest: /etc/systemd/system/skipbutton.service
owner: "root"
group: "root"
mode: "0644"
notify: Restart skipbutton
- name: Enable skipbutton
ansible.builtin.systemd:
name: skipbutton
state: started
enabled: true
daemon_reload: true

52
roles/music/tasks/soundboard.yaml
View file

@ -1,28 +1,50 @@
--- ---
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: name: virtualenv
- mqtt-soundboard
- mplayer
state: present state: present
- name: Clone soundboard source
ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-soundboard.git
version: main
dest: /opt/soundboard
accept_hostkey: yes
notify: Restart soundboard
- name: Create virtualenv
ansible.builtin.command:
cmd: virtualenv /opt/soundboard/.venv
args:
creates: /opt/soundboard/.venv
- name: Install Python dependencies
ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -r requirements.txt
args:
chdir: /opt/soundboard
- name: Install soundboard config file - name: Install soundboard config file
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: soundboard.yaml
dest: "{{ item.dest }}" dest: /etc/soundboard.yaml
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart mqtt-soundboard notify: Restart soundboard
with_items:
- src: mqtt-soundboard.service - name: Install soundboard service file
dest: /etc/systemd/system/mqtt-soundboard.service ansible.builtin.template:
- src: mqtt-soundboard.yaml src: soundboard.service
dest: /etc/mqtt-soundboard.yaml dest: /etc/systemd/system/soundboard.service
owner: "root"
group: "root"
mode: "0644"
notify: Restart soundboard
- name: Enable soundboard - name: Enable soundboard
ansible.builtin.systemd: ansible.builtin.systemd:
name: mqtt-soundboard name: soundboard
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true

38
roles/music/tasks/trollibox.yaml
View file

@ -1,49 +1,41 @@
--- ---
- name: Create trollibox user
user:
name: "{{ music_trollibox_user }}"
system: true
home: /var/lib/trollibox
- name: Install Trollibox config - name: Install Trollibox config
ansible.builtin.template: ansible.builtin.template:
src: trollibox.yaml src: trollibox.yaml
dest: /etc/trollibox.yaml dest: /etc/trollibox.yaml
owner: root owner: "root"
group: root group: "root"
mode: "0644" mode: "0644"
notify: restart trollibox notify: Restart trollibox
- name: Get latest Trollibox version from Github API - name: Get latest Trollibox version from Github API
uri: ansible.builtin.get_url:
url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
return_content: true dest: "/tmp/_ansible_trollibox_latest_release.json"
register: response
changed_when: false
check_mode: false
failed_when: "response is failed or 'json' not in response"
- name: Format trollibox latest version - name: Get download url
set_fact: ansible.builtin.shell:
trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}" cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
| contains("linux-amd64")) | .browser_download_url -r
register: "trollibox_download_url"
- name: Download Trollibox - name: Download Trollibox
ansible.builtin.unarchive: ansible.builtin.unarchive:
src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz" src: "{{ trollibox_download_url.stdout }}"
remote_src: yes remote_src: yes
dest: /usr/local/bin dest: /usr/local/bin
include: [ trollibox ] include: [ trollibox ]
mode: "0755" mode: "0755"
notify: restart trollibox notify: Restart trollibox
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
src: trollibox.service src: trollibox.service
dest: /etc/systemd/system/trollibox.service dest: /etc/systemd/system/trollibox.service
owner: root owner: "root"
group: root group: "root"
mode: "0644" mode: "0644"
notify: restart trollibox notify: Restart trollibox
- name: Enable Trollibox - name: Enable Trollibox
ansible.builtin.systemd: ansible.builtin.systemd:

20
roles/music/templates/ampswitch.service
View file

@ -1,20 +0,0 @@
[Unit]
Description=Script hook for {{ item }} playback
After=network.target {{ item.instance }}.service
Requires={{ item.instance }}.service
StopPropagatedFrom={{ item.instance }}.service
[Service]
Type=simple
Restart=always
RestartSec=10s
ExecStart=/usr/bin/pw-jack ampswitch --jack-name ampswitch-{{ item.instance }} --on-command /opt/on-{{ item.instance }}-start.sh --switch-time 10 --trigger-level 0.001
ExecStartPost=/usr/bin/sleep 4
{% for pw_input in item.pw_inputs %}
ExecStartPost=-/usr/bin/pw-link "{{ pw_input }}" ampswitch-{{ item.instance }}:Input
{% endfor %}
User=root
Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
[Install]
WantedBy=multi-user.target

15
roles/music/templates/bitvis-tee.service
View file

@ -1,15 +0,0 @@
[Unit]
Description=Multiplexer for bitvis
Before=bitvis.service
After=bitvis-http.service
Requires=bitvis-http.service
PropagatesStopTo=bitvis.service
StopPropagatedFrom=bitvis.service
[Service]
Type=forking
ExecStart=/usr/bin/screen -dmS bitvis-tee /opt/bitvis-tee.sh
User={{ music_bitvis_user }}
[Install]
WantedBy=multi-user.target

10
roles/music/templates/bitvis-tee.sh
View file

@ -1,10 +0,0 @@
#!/bin/bash
# {{ ansible_managed }}
loop=`mktemp --suffix -bitvis`
mkfifo -f "$loop"
trap "rm -f $loop" EXIT TERM
cat "$loop" | while true; do nc -4 -w 2 localhost 1338; done &
nc -klp 1337 | tee "$loop" | while true; do nc -w 2 {{ music_bitpanel_host }} {{ music_bitpanel_port }}; done

19
roles/music/templates/bitvis.service
View file

@ -1,19 +0,0 @@
[Unit]
Description=Audio visualizer for the bitpanel
After=network.target
[Service]
Type=simple
Restart=always
RestartSec=10s
ExecStart=/usr/bin/pw-jack bitvis -a localhost -p 1337 -m localhost -o 6600
ExecStartPost=/usr/bin/sleep 4
ExecStartPost=-/usr/bin/pw-link bitvis-mixer:output_FL bitvis:input
ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FL bitvis-mixer:playback_FL
ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis-mixer:playback_FR
User={{ music_audio_user }}
Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
[Install]
WantedBy=multi-user.target

14
roles/music/templates/librespot.service
View file

@ -3,18 +3,16 @@
[Unit] [Unit]
Description=Spotify through Librespot Description=Spotify through Librespot
After=network.target After=network.target
Requires=jackd.service
[Service] [Service]
Type=simple Type=simple
Restart=always Restart=always
RestartSec=10s RestartSec=2s
ExecStart=/usr/bin/pw-jack -s 44100 /opt/librespot/target/release/librespot --name Trollibox --backend jackaudio ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
ExecStartPost=/usr/bin/sleep 4 User={{ music_audio_user }}
ExecStartPost=-/usr/bin/pw-link librespot:out_0 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FL Group={{ music_audio_user }}
ExecStartPost=-/usr/bin/pw-link librespot:out_1 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FR AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE
# User={{ music_librespot_user }}
User=root
Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

2
roles/music/templates/mpd-volume-to-mqtt.sh
View file

@ -14,7 +14,7 @@ prev_volume=x
if [ $event = "mixer" ]; then if [ $event = "mixer" ]; then
volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'` volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'`
if [ "$prev_volume" != "$volume" ]; then if [ "$prev_volume" != "$volume" ]; then
mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume" mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume"
fi fi
prev_volume=$volume prev_volume=$volume
fi fi

40
roles/music/templates/mpd.conf
View file

@ -1,40 +0,0 @@
# {{ ansible_managed }}
user "mpd"
group "{{ music_audio_group }}"
bind_to_address "any"
port "6600"
max_connections "20"
zeroconf_enabled "yes"
zeroconf_name "MPD @ %h"
music_directory "/srv/media/music"
auto_update "yes"
filesystem_charset "UTF-8"
playlist_directory "/var/lib/mpd/playlists"
db_file "/var/lib/mpd/tag_cache"
state_file "/var/lib/mpd/state"
sticker_file "/var/lib/mpd/sticker.sql"
input {
plugin "curl" # Required for web streams.
}
decoder {
plugin "hybrid_dsd"
enabled "no"
}
decoder {
plugin "wildmidi"
enabled "no"
}
audio_output {
type "pulse"
name "Pulse"
server "{{ music_pulse_server }}"
}

21
roles/music/templates/mpd.service
View file

@ -1,21 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=Music Player Daemon
After=network.target
[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /run/mpd
ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd
ExecStartPre=/bin/touch /var/log/mpd.log
ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log
ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state
ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf
# MDP will fork itself to the user defined in its config
User=root
LimitMEMLOCK=infinity
LimitRTPRIO=99
[Install]
WantedBy=multi-user.target

17
roles/music/templates/mpd_state
View file

@ -1,17 +0,0 @@
sw_volume: 20
audio_device_state:1:Pulse
state: play
current: 0
time: 0
random: 0
repeat: 0
single: 0
consume: 0
crossfade: 0
mixrampdb: 0.000000
mixrampdelay: -1.000000
playlist_begin
song_begin: http://ice4.somafm.com/groovesalad-256-mp3
Name: SomaFM Groove Salad
song_end
playlist_end

70
roles/music/templates/nginx-site.conf Normal file
View file

@ -0,0 +1,70 @@
# {{ ansible_managed }}
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name {{ music_domain }};
{% if acme_bootstrap_certs %}
include "snippets/snakeoil.conf";
{% else %}
ssl_certificate "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
{% endif %}
{% for range in trusted_ranges %}
allow {{ range.cidr }};
{% endfor %}
deny all;
location / {
rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
}
location /trollibox/ {
proxy_pass http://[::1]:3000/;
client_max_body_size 512M;
include proxy_params;
}
location ~ ^/trollibox/(.+/events)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
chunked_transfer_encoding off;
add_header X-Test "123";
proxy_set_header Connection '';
proxy_buffering off;
proxy_read_timeout 7d;
}
location ~ ^/trollibox/(.+/listen)$ {
proxy_pass http://[::1]:3000/$1;
include proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 7d;
}
location /bobdsp/ {
proxy_pass http://[::1]:8081/;
include proxy_params;
}
location /vis/ {
allow all;
proxy_pass http://[::1]:13378/;
include proxy_params;
}
location = /vis/ {
rewrite ^(.*)$ /vis/index.html;
include proxy_params;
}
include "snippets/acme.conf";
}

49
roles/music/templates/pw-bitvis-mixer.conf
View file

@ -1,49 +0,0 @@
# {{ ansible_managed }}
context.modules = [
{
name = libpipewire-module-filter-chain
args = {
node.description = "bitvis-mixer"
media.name = "bitvis-mixer"
filter.graph = {
nodes = [
{
name = normalize
type = ladspa
plugin = fast_lookahead_limiter_1913
label = fastLookaheadLimiter
control = {
"Input gain (dB)" = 40
"Limit (dB)" = 0
"Release time (s)" = 1
}
}
{
name = mono
type = builtin
label = mixer
}
]
links = [
{ output = "normalize:Output 1", input = "mono:In 1" }
{ output = "normalize:Output 2", input = "mono:In 2" }
]
inputs = [ "normalize:Input 1" "normalize:Input 2" ]
outputs = [ "mono:Out" ]
}
capture.props = {
node.name = "mix_input.bitvis"
audio.position = [ FL FR ]
media.class = "Audio/Sink"
}
playback.props = {
node.name = "mix_output.bitvis"
audio.position = [ FL ]
stream.dont-remix = true
node.passive = true
node.autoconnect = false
}
}
}
]

17
roles/music/templates/skipbutton.service Normal file
View file

@ -0,0 +1,17 @@
# {{ ansible_managed }}
[Unit]
Description=MPD Skipbutton
After=network.target
Requires=mpd.service
[Service]
Type=simple
Restart=always
RestartSec=10s
ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0
DynamicUser=true
Group=dialout
[Install]
WantedBy=multi-user.target

7
roles/music/templates/mqtt-soundboard.service → roles/music/templates/soundboard.service
View file

@ -6,11 +6,12 @@ After=network.target
[Service] [Service]
Type=simple Type=simple
ExecStart=/lib/python3/dist-packages/mqtt-soundboard.py /etc/mqtt-soundboard.yaml ExecStart=/opt/soundboard/.venv/bin/python /opt/soundboard/soundboard.py /etc/soundboard.yaml
Restart=always Restart=always
RestartSec=10 RestartSec=10
User=root User=audio
Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}" LimitMEMLOCK=infinity
LimitRTPRIO=99
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

4
roles/music/templates/mqtt-soundboard.yaml → roles/music/templates/soundboard.yaml
View file

@ -1,13 +1,13 @@
# {{ ansible_managed }} # {{ ansible_managed }}
loglevel: DEBUG loglevel: INFO
mqtt: mqtt:
host: {{ mqtt_internal_host }} host: {{ mqtt_internal_host }}
sounds: sounds:
directory: /opt/sounds directory: /opt/sounds
play_cmd: "pw-jack mplayer -volume 20 -ao jack:name=MPlayer %s" play_cmd: "mplayer -volume 10 -ao jack:name=MPlayer %s"
topic: bitlair/soundboard topic: bitlair/soundboard
aliases: aliases:

3
roles/music/templates/trollibox.service
View file

@ -10,7 +10,8 @@ Type=simple
Restart=always Restart=always
RestartSec=2s RestartSec=2s
ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml
User={{ music_trollibox_user }} User={{ music_audio_user }}
Group={{ music_audio_user }}
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

2
roles/nodesource/defaults/main.yaml
View file

@ -1,2 +0,0 @@
---
nodesource_version: 22.x

3
roles/nodesource/handlers/main.yaml
View file

@ -1,3 +0,0 @@
---
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

33
roles/nodesource/tasks/main.yaml
View file

@ -1,33 +0,0 @@
---
- name: Install dependencies
ansible.builtin.apt:
state: present
pkg:
- apt-transport-https
- gpg
- name: Import nodesource signing key
ansible.builtin.shell:
cmd: |
set -o pipefail
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
executable: /bin/bash
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: apt update
- name: Install nodesource apt files
ansible.builtin.template:
src: nodesource.list
dest: /etc/apt/sources.list.d/nodesource.list
owner: root
group: root
mode: 0644
notify: apt update
with_items:
- src: nodesource.list
dest: /etc/apt/sources.list.d/nodesource.list
- src: nodejs-apt-pref
dest: /etc/apt/preferences.d/nodejs
- ansible.builtin.meta: flush_handlers

32
roles/photos/tasks/bambulab-fetch.yaml
View file

@ -5,28 +5,16 @@
- name: Install fetch script - name: Install fetch script
ansible.builtin.template: ansible.builtin.template:
src: bambulab-fetch.sh src: "{{ item.src }}"
dest: /opt/bambulab-fetch.sh dest: "{{ item.dest }}"
owner: root owner: "{{ item.owner | default('root') }}"
group: root group: "{{ item.group | default('root') }}"
mode: 0755 mode: "{{ item.mode | default('0644') }}"
force: "{{ item.force | default('yes') }}"
- name: Install service with_items:
ansible.builtin.template: - { src: "bambulab-fetch.sh", dest: "/opt/bambulab-fetch.sh", mode: "0755" }
src: bambulab-fetch.service - { src: "bambulab-fetch.service", dest: "/etc/systemd/system/bambulab-fetch.service" }
dest: /etc/systemd/system/bambulab-fetch.service - { src: "bambulab-fetch.timer", dest: "/etc/systemd/system/bambulab-fetch.timer" }
owner: root
group: root
mode: 0644
notify: daemon reload
- name: Install timer
ansible.builtin.template:
src: bambulab-fetch.timer
dest: /etc/systemd/system/bambulab-fetch.timer
owner: root
group: root
mode: 0644
notify: daemon reload notify: daemon reload
- name: Enable timer - name: Enable timer

12
roles/photos/tasks/photo-gallery.yaml
View file

@ -15,18 +15,18 @@
ansible.builtin.template: ansible.builtin.template:
src: photo-gallery-config.json src: photo-gallery-config.json
dest: /opt/photo-gallery/config.json dest: /opt/photo-gallery/config.json
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart photo-gallery notify: restart photo-gallery
- name: Install photo-gallery service file - name: Install photo-gallery service file
ansible.builtin.template: ansible.builtin.template:
src: photo-gallery.service src: photo-gallery.service
dest: /etc/systemd/system/photo-gallery.service dest: /etc/systemd/system/photo-gallery.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart photo-gallery notify: restart photo-gallery
- name: Start photo-gallery - name: Start photo-gallery

12
roles/photos/tasks/photos2mqtt.yaml
View file

@ -14,18 +14,18 @@
ansible.builtin.template: ansible.builtin.template:
src: photos2mqtt.pl src: photos2mqtt.pl
dest: /opt/photos2mqtt.pl dest: /opt/photos2mqtt.pl
owner: root owner: "root"
group: root group: "root"
mode: 0755 mode: "0755"
notify: restart photos2mqtt notify: restart photos2mqtt
- name: Install photos2mqtt service file - name: Install photos2mqtt service file
ansible.builtin.template: ansible.builtin.template:
src: photos2mqtt.service src: photos2mqtt.service
dest: /etc/systemd/system/photos2mqtt.service dest: /etc/systemd/system/photos2mqtt.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: restart photos2mqtt notify: restart photos2mqtt
- name: Start photos2mqtt - name: Start photos2mqtt

32
roles/services/handlers/main.yaml
View file

@ -2,24 +2,30 @@
- ansible.builtin.import_tasks: - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml file: ../../common/handlers/main.yaml
- name: Restart ircbot - name: Restart irc-bot
ansible.builtin.systemd:
name: ircbot
state: restarted
daemon_reload: true
- name: restart discord-bot
ansible.builtin.systemd:
name: discord-bot
state: restarted
daemon_reload: true
- name: restart irc-bot
ansible.builtin.systemd: ansible.builtin.systemd:
name: irc-bot name: irc-bot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: Restart irc-photos
ansible.builtin.systemd:
name: irc-photos
state: restarted
daemon_reload: true
- name: Restart irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: restarted
daemon_reload: true
- name: Restart discord-bot
ansible.builtin.systemd:
name: discord-bot
state: restarted
daemon_reload: true
- name: Restart siahsd - name: Restart siahsd
ansible.builtin.systemd: ansible.builtin.systemd:
name: siahsd name: siahsd

58
roles/services/tasks/discord_bot.yaml
View file

@ -3,58 +3,39 @@
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: name:
- openscad - python3-paho-mqtt
- python3-tz
- virtualenv - virtualenv
- name: Create virtualenv - name: Create virtualenv
ansible.builtin.command: ansible.builtin.command:
cmd: virtualenv /var/lib/discord-bot/.venv cmd: virtualenv /opt/miflora_exporter/.venv
args: args:
creates: /var/lib/discord-bot/.venv creates: /var/lib/discord-bot/.venv
- name: Clone bottleclip source - name: Install Python dependencies
ansible.builtin.git: ansible.builtin.shell:
repo: https://git.bitlair.nl/bitlair/bottle-clip.git cmd: . .venv/bin/activate && pip install -r requirements.txt
version: main args:
dest: /var/lib/bottle-clip chdir: /var/lib/discord-bot
accept_hostkey: yes
- name: Clone discord-bot source - name: Clone source
ansible.builtin.git: ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/discord-bot.git repo: https://github.com/bitlair/discord-bot.git
version: main version: main
dest: /var/lib/discord-bot dest: /var/lib/discord-bot
accept_hostkey: yes accept_hostkey: yes
notify: notify: Restart discord-bot
- restart discord-bot ignore_errors: true
- restart irc-bot
- name: Install Python dependencies - name: Install service file
ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -e .
args:
chdir: /var/lib/discord-bot
notify:
- restart discord-bot
- restart irc-bot
- name: Install discord-bot service file
ansible.builtin.template: ansible.builtin.template:
src: discord-bot.service src: discord-bot.service
dest: /etc/systemd/system/discord-bot.service dest: /etc/systemd/system/discord-bot.service
owner: root owner: "root"
group: root group: "root"
mode: "0644" mode: "0644"
notify: restart discord-bot notify: Restart discord-bot
- name: Install irc-bot service file
ansible.builtin.template:
src: irc-bot.service
dest: /etc/systemd/system/irc-bot.service
owner: root
group: root
mode: "0644"
notify: restart irc-bot
- name: Start discord-bot - name: Start discord-bot
ansible.builtin.systemd: ansible.builtin.systemd:
@ -62,10 +43,3 @@
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
- name: Start irc-bot
ansible.builtin.systemd:
name: irc-bot
state: started
enabled: true
daemon_reload: true

83
roles/services/tasks/ircbot.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: Clone source - name: Clone source
ansible.builtin.git: ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/irc-bot.git repo: https://github.com/bitlair/irc-bot.git
version: main version: master
dest: /var/lib/irc-bot dest: /var/lib/irc-bot
accept_hostkey: yes accept_hostkey: yes
ignore_errors: true ignore_errors: true
notify: Restart ircbot notify: Restart irc-bot
- name: Link irc-say - name: Link irc-say
ansible.builtin.file: ansible.builtin.file:
@ -17,18 +17,81 @@
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/ircbot.service dest: /etc/systemd/system/irc-bot.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
vars: vars:
description: Bitlair IRC bot description: Bitlair IRC bot
exec: /bin/bash /var/lib/irc-bot/irc-bot exec: /bin/bash /var/lib/irc-bot/irc-bot
notify: Restart ircbot notify: Restart irc-bot
- name: Start ircbot - name: Start irc-bot
ansible.builtin.systemd: ansible.builtin.systemd:
name: ircbot name: irc-bot
state: started
enabled: true
daemon_reload: true
- name: Create helpers dir
ansible.builtin.file:
path: /var/lib/irc-helpers
state: directory
- name: Install photos notification
ansible.builtin.template:
src: irc-photos.sh
dest: /var/lib/irc-helpers/photos.sh
owner: "root"
group: "root"
mode: "0755"
notify: Restart irc-photos
- name: Install photos notification service
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/irc-photos.service
owner: "root"
group: "root"
mode: "0644"
vars:
description: Bitlair IRC photos notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/photos.sh
notify: Restart irc-photos
- name: Start irc-photos
ansible.builtin.systemd:
name: irc-photos
state: started
enabled: true
daemon_reload: true
- name: Install doorduino notification
ansible.builtin.template:
src: irc-doorduino.sh
dest: /var/lib/irc-helpers/doorduino.sh
owner: "root"
group: "root"
mode: "0755"
notify: Restart irc-doorduino
- name: Install doorduino notification service
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/irc-doorduino.service
owner: "root"
group: "root"
mode: "0644"
vars:
description: Bitlair IRC doorduino notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/doorduino.sh
notify: Restart irc-doorduino
- name: Start irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true

14
roles/services/tasks/mastodon_spacestate.yaml
View file

@ -7,7 +7,7 @@
- name: Clone source - name: Clone source
ansible.builtin.git: ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/mastodon-spacestate.git repo: https://github.com/bitlair/mastodon-spacestate.git
version: main version: main
dest: /var/lib/mastodon-spacestate dest: /var/lib/mastodon-spacestate
accept_hostkey: yes accept_hostkey: yes
@ -18,18 +18,18 @@
ansible.builtin.template: ansible.builtin.template:
src: mastodon-spacestate-config.py src: mastodon-spacestate-config.py
dest: /var/lib/mastodon-spacestate/config.py dest: /var/lib/mastodon-spacestate/config.py
owner: root owner: "root"
group: root group: "root"
mode: 0655 mode: "0655"
notify: Restart mastodon-spacestate notify: Restart mastodon-spacestate
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
src: mastodon-spacestate.service src: mastodon-spacestate.service
dest: /etc/systemd/system/mastodon-spacestate.service dest: /etc/systemd/system/mastodon-spacestate.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart mastodon-spacestate notify: Restart mastodon-spacestate
- name: Start mastodon-spacestate - name: Start mastodon-spacestate

12
roles/services/tasks/power_mqtt.yaml
View file

@ -7,9 +7,9 @@
ansible.builtin.template: ansible.builtin.template:
src: power-mqtt.py src: power-mqtt.py
dest: /var/lib/power-mqtt.py dest: /var/lib/power-mqtt.py
owner: root owner: "root"
group: root group: "root"
mode: 0755 mode: "0755"
notify: Restart power-mqtt notify: Restart power-mqtt
- name: Remove old service - name: Remove old service
@ -21,9 +21,9 @@
ansible.builtin.template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/power-mqtt@.service dest: /etc/systemd/system/power-mqtt@.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
vars: vars:
description: "SMD630 to MQTT Probe" description: "SMD630 to MQTT Probe"
exec: "/var/lib/power-mqtt.py %i" exec: "/var/lib/power-mqtt.py %i"

34
roles/services/tasks/siahsd.yaml
View file

@ -1,31 +1,32 @@
--- ---
- name: Install siahsd # TODO: Install and build
apt:
name:
- debianutils
- siahsd
- name: Clone alarm-handlers - name: Create directories
ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/alarm-handlers.git
version: main
dest: /opt/alarm
accept_hostkey: yes
- name: Create log directory
ansible.builtin.file: ansible.builtin.file:
path: /var/log/siahsd path: "{{ item }}"
state: directory state: directory
owner: siahsd owner: siahsd
group: nogroup group: nogroup
mode: "0750" mode: "0750"
with_items:
- /var/log/siahsd
- /var/lib/siahsd
- name: Install config file - name: Install config file
ansible.builtin.template: ansible.builtin.template:
src: siahsd.conf src: siahsd.conf
dest: /etc/siahsd.conf dest: /etc/siahsd.conf
owner: root owner: "root"
group: root group: "root"
mode: "0644"
notify: Restart siahsd
- name: Install service file
ansible.builtin.template:
src: siahsd.service
dest: /etc/systemd/system/siahsd.service
owner: "root"
group: "root"
mode: "0644" mode: "0644"
notify: Restart siahsd notify: Restart siahsd
@ -35,3 +36,4 @@
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true

8
roles/services/tasks/spacestated.yaml
View file

@ -21,7 +21,7 @@
- name: Clone source - name: Clone source
ansible.builtin.git: ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/spacestated.git repo: https://github.com/bitlair/spacestated.git
version: main version: main
dest: /var/lib/spacestated/spacestated dest: /var/lib/spacestated/spacestated
accept_hostkey: yes accept_hostkey: yes
@ -32,9 +32,9 @@
ansible.builtin.template: ansible.builtin.template:
src: spacestated.service src: spacestated.service
dest: /etc/systemd/system/spacestated.service dest: /etc/systemd/system/spacestated.service
owner: root owner: "root"
group: root group: "root"
mode: 0644 mode: "0644"
notify: Restart spacestated notify: Restart spacestated
- name: Start spacestated - name: Start spacestated

6
roles/services/tasks/wifi_mqtt.yaml
View file

@ -8,7 +8,7 @@
- name: Clone source - name: Clone source
ansible.builtin.git: ansible.builtin.git:
repo: https://git.bitlair.nl/bitlair/wifi-mqtt.git repo: https://github.com/bitlair/wifi-mqtt.git
version: main version: main
dest: /var/lib/wifi-mqtt dest: /var/lib/wifi-mqtt
accept_hostkey: yes accept_hostkey: yes
@ -19,8 +19,8 @@
ansible.builtin.template: ansible.builtin.template:
src: wifi-mqtt.service src: wifi-mqtt.service
dest: /etc/systemd/system/wifi-mqtt.service dest: /etc/systemd/system/wifi-mqtt.service
owner: root owner: "root"
group: root group: "root"
mode: "0644" mode: "0644"
notify: Restart wifi-mqtt notify: Restart wifi-mqtt

9
roles/services/templates/discord-bot.service
View file

@ -1,17 +1,16 @@
# {{ ansible_managed }} # Managed by Ansible
[Unit] [Unit]
Description=Bitlair Discord Bot Description=HobbyBot
After=network.target After=network.target
[Service] [Service]
Type=simple Type=simple
Restart=always Restart=on-failure
RestartSec=10s RestartSec=10s
ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/discordbot.py ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/main.py
DynamicUser=true DynamicUser=true
Environment="MQTT_HOST={{ mqtt_internal_host }}" Environment="MQTT_HOST={{ mqtt_internal_host }}"
Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}" Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}"
Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}" Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}"

20
roles/services/templates/irc-bot.service
View file

@ -1,20 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=Bitlair IRC Bot
After=network.target
[Service]
Type=simple
Restart=always
RestartSec=10s
ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/ircbot.py
DynamicUser=true
Environment="MQTT_HOST={{ mqtt_internal_host }}"
Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
Environment="IRC_SERVER=irc.smurfnet.ch"
Environment="IRC_CHANNEL=#bitlair"
Environment="IRC_NICK=bitlair"
[Install]
WantedBy=multi-user.target

24
roles/services/templates/irc-doorduino.sh Normal file
View file

@ -0,0 +1,24 @@
#!/bin/bash
# Managed by Ansible
set -eu
set -o pipefail
initial=1
mqtt-simple -h {{ mqtt_internal_host }} -t "bitlair/doorduino/+" |
while read line; do
topic=$(echo "$line" | cut -d' ' -f1 | sed "s/bitlair\/doorduino\///")
value=$(echo "$line" | cut -s -d' ' -f2-)
if [ $initial == 0 ] && [ $value != 0 ]; then
if [ $topic == "doorbell" ]; then
irc-say "DEURBEL! Open de deur beneden!"
elif [ $topic != "dooropen" ]; then
irc-say "Doorduino: $topic $value"
fi
fi
initial=0
done

13
roles/services/templates/irc-photos.sh Normal file
View file

@ -0,0 +1,13 @@
#!/bin/bash
# Managed by Ansible
set -eu
set -o pipefail
mqtt-simple -h {{ mqtt_internal_host }} -s "bitlair/photos" |
while read event; do
path=$(echo $event | cut -d ' ' -f 2)
url="https://bitlair.nl/fotos/view/$path"
irc-say "WIP: $url"
done

25
roles/services/templates/siahsd.conf
View file

@ -1,5 +1,3 @@
# {{ ansible_managed }}
[siahsd] [siahsd]
pid file = /var/lib/siahsd/siahsd.pid pid file = /var/lib/siahsd/siahsd.pid
log file = /var/log/siahsd/siahsd.log log file = /var/log/siahsd/siahsd.log
@ -7,6 +5,13 @@ log level = 3
foreground = 0 foreground = 0
event handlers = script event handlers = script
#[database]
#driver = mysql
#host = localhost
#name = siahsd
#username = siahsd
#password = MysbJxAaawmwKPqD
[siahs] [siahs]
port = 4000 port = 4000
@ -14,5 +19,21 @@ port = 4000
port = 9000 port = 9000
rsa key file = something.sexp rsa key file = something.sexp
#[jsonbot]
#address = 192.168.88.15
#port = 5500
#aes key = blablablablablaz
#password = mekker
#privmsg to = #bitlair
#[spacestate]
#driver = mysql
#host = localhost
#name = bitwifi
#username = bitwifi
#password = aGWERQpLEQPUaXJV
#open script = /opt/alarm/disarmed.sh
#close script = /opt/alarm/armed.sh
[script] [script]
path = /opt/alarm/siahsd_handler.sh path = /opt/alarm/siahsd_handler.sh

Some files were not shown because too many files have changed in this diff Show more