From 48d521fb00cd5a4f6982e14b75972c4acaf8d958 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 30 Mar 2019 13:26:20 +0100 Subject: [PATCH] Use generic service model for matrix appservices --- .../defaults/main.yml | 14 +++---- .../matrix-appservice-discord/tasks/main.yml | 38 +++++++++---------- .../tasks/service_user.yml | 12 +++--- ...scord.service.j2 => appservice.service.j2} | 6 +-- roles/matrix-appservice-irc/defaults/main.yml | 14 +++---- roles/matrix-appservice-irc/tasks/main.yml | 34 ++++++++--------- .../tasks/service_user.yml | 12 +++--- .../templates/apt/nodejs.j2 | 5 --- .../templates/systemd/appservice.service.j2 | 17 +++++++++ .../systemd/matrix-appservice-irc.service.j2 | 17 --------- .../defaults/main.yml | 14 +++---- .../matrix-appservice-webhooks/tasks/main.yml | 34 ++++++++--------- .../tasks/service_user.yml | 12 +++--- .../templates/apt/nodejs.j2 | 5 --- ...hooks.service.j2 => appservice.service.j2} | 6 +-- 15 files changed, 115 insertions(+), 125 deletions(-) rename roles/matrix-appservice-discord/templates/systemd/{matrix-appservice-discord.service.j2 => appservice.service.j2} (71%) delete mode 100644 roles/matrix-appservice-irc/templates/apt/nodejs.j2 create mode 100644 roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 delete mode 100644 roles/matrix-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 delete mode 100644 roles/matrix-appservice-webhooks/templates/apt/nodejs.j2 rename roles/matrix-appservice-webhooks/templates/systemd/{matrix-appservice-webhooks.service.j2 => appservice.service.j2} (71%) diff --git a/roles/matrix-appservice-discord/defaults/main.yml b/roles/matrix-appservice-discord/defaults/main.yml index d282592..6ad40a4 100644 --- a/roles/matrix-appservice-discord/defaults/main.yml +++ b/roles/matrix-appservice-discord/defaults/main.yml @@ -1,15 +1,15 @@ --- -# appservice_name is the name of the project on GitHub -appservice_name: matrix-appservice-discord +# service_name is the name of the project on GitHub +service_name: matrix-appservice-discord # URL to clone -appservice_repo: https://github.com/Half-Shot/matrix-appservice-discord.git +service_repo: https://github.com/Half-Shot/matrix-appservice-discord.git # name of the service user # It means that you will have to `sudo -u THISUSER zsh` to debug -appservice_user: "{{ appservice_name }}" -appservice_homedir: "/var/local/{{ appservice_name }}" +service_user: "{{ service_name }}" +service_homedir: "/var/local/{{ service_name }}" -# appservice_path is where the project is cloned +# service_path is where the project is cloned # It can't be the home directory because of user hidden files. -appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}" +service_path: "{{ service_homedir }}/{{ service_name }}" diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml index 0ee9eb7..b7cb95b 100644 --- a/roles/matrix-appservice-discord/tasks/main.yml +++ b/roles/matrix-appservice-discord/tasks/main.yml @@ -2,22 +2,22 @@ # Create service user - include_tasks: service_user.yml -- name: "Clone {{ appservice_name }} project" +- name: "Clone {{ service_name }} project" git: - repo: "{{ appservice_repo }}" - dest: "{{ appservice_path }}" + repo: "{{ service_repo }}" + dest: "{{ service_path }}" version: 14cf2829510e8b7b99b3238e2deaddf296ab4b76 become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" # Setup dependencies # May create issues with package-lock.json not in gitignore -- name: "Install {{ appservice_name }} dependencies" +- name: "Install {{ service_name }} dependencies" npm: - path: "{{ appservice_path }}" + path: "{{ service_path }}" production: true become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" register: npm_result retries: 3 until: npm_result is succeeded @@ -26,25 +26,25 @@ - name: Compile matrix-appservice-discord command: ./node_modules/.bin/tsc args: - chdir: "{{ appservice_path }}" + chdir: "{{ service_path }}" register: npm_build_result changed_when: npm_build_result become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" -- name: "Configure {{ appservice_name }}" +- name: "Configure {{ service_name }}" template: src: config.yaml.j2 - dest: "{{ appservice_path }}/config.yaml" - owner: "{{ appservice_user }}" + dest: "{{ service_path }}/config.yaml" + owner: "{{ service_user }}" group: nogroup mode: 0600 # Service file -- name: "Install {{ appservice_name }} systemd unit" +- name: "Install {{ service_name }} systemd unit" template: - src: systemd/matrix-appservice-discord.service.j2 - dest: "/etc/systemd/system/{{ appservice_name }}.service" + src: systemd/appservice.service.j2 + dest: "/etc/systemd/system/{{ service_name }}.service" owner: root group: root mode: 0644 @@ -54,16 +54,16 @@ - name: Copy appservice registration file copy: - src: "{{ appservice_path }}/discord-registration.yaml" - dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml" + src: "{{ service_path }}/discord-registration.yaml" + dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml" owner: matrix-synapse group: nogroup mode: 0600 remote_src: yes # Run -- name: "Ensure that {{ appservice_name }} is started" +- name: "Ensure that {{ service_name }} is started" service: - name: "{{ appservice_name }}" + name: "{{ service_name }}" state: started enabled: true diff --git a/roles/matrix-appservice-discord/tasks/service_user.yml b/roles/matrix-appservice-discord/tasks/service_user.yml index 4d73739..0818676 100644 --- a/roles/matrix-appservice-discord/tasks/service_user.yml +++ b/roles/matrix-appservice-discord/tasks/service_user.yml @@ -1,19 +1,19 @@ --- # Having a custom group is useless so use nogroup -- name: "Create {{ appservice_user }} user" +- name: "Create {{ service_user }} user" user: - name: "{{ appservice_user }}" + name: "{{ service_user }}" group: nogroup - home: "{{ appservice_homedir }}" + home: "{{ service_homedir }}" system: true shell: /bin/false state: present # Only service user should be able to go there -- name: "Secure {{ appservice_user }} home directory" +- name: "Secure {{ service_user }} home directory" file: - path: "{{ appservice_homedir }}" + path: "{{ service_homedir }}" state: directory - owner: "{{ appservice_user }}" + owner: "{{ service_user }}" group: nogroup mode: 0700 diff --git a/roles/matrix-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-appservice-discord/templates/systemd/appservice.service.j2 similarity index 71% rename from roles/matrix-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 rename to roles/matrix-appservice-discord/templates/systemd/appservice.service.j2 index be11020..29ebdb6 100644 --- a/roles/matrix-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-appservice-discord/templates/systemd/appservice.service.j2 @@ -7,12 +7,12 @@ Conflicts=shutdown.target [Service] Type=simple -User=matrix-appservice-discord -Group=matrix-appservice-discord -WorkingDirectory=/var/local/matrix-appservice-discord/matrix-appservice-discord +User={{ service_user }} +WorkingDirectory={{ service_path }} Environment="NODE_ENV=production" ExecStart=/usr/bin/nodejs ./build/src/discordas.js -p 9005 -c config.yaml Restart=always +RestartSec=3 [Install] WantedBy=multi-user.target diff --git a/roles/matrix-appservice-irc/defaults/main.yml b/roles/matrix-appservice-irc/defaults/main.yml index 517275e..845dbab 100644 --- a/roles/matrix-appservice-irc/defaults/main.yml +++ b/roles/matrix-appservice-irc/defaults/main.yml @@ -1,15 +1,15 @@ --- -# appservice_name is the name of the project on GitHub -appservice_name: matrix-appservice-irc +# service_name is the name of the project on GitHub +service_name: matrix-appservice-irc # URL to clone -appservice_repo: https://github.com/matrix-org/matrix-appservice-irc.git +service_repo: https://github.com/matrix-org/matrix-appservice-irc.git # name of the service user # It means that you will have to `sudo -u THISUSER zsh` to debug -appservice_user: "{{ appservice_name }}" -appservice_homedir: "/var/local/{{ appservice_name }}" +service_user: "{{ service_name }}" +service_homedir: "/var/local/{{ service_name }}" -# appservice_path is where the project is cloned +# service_path is where the project is cloned # It can't be the home directory because of user hidden files. -appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}" +service_path: "{{ service_homedir }}/{{ service_name }}" diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml index 971ca21..7c77af0 100644 --- a/roles/matrix-appservice-irc/tasks/main.yml +++ b/roles/matrix-appservice-irc/tasks/main.yml @@ -2,38 +2,38 @@ # Create service user - include_tasks: service_user.yml -- name: "Clone {{ appservice_name }} project" +- name: "Clone {{ service_name }} project" git: - repo: "{{ appservice_repo }}" - dest: "{{ appservice_path }}" + repo: "{{ service_repo }}" + dest: "{{ service_path }}" version: 0.11.2 become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" # Setup dependencies -- name: "Install {{ appservice_name }} dependencies" +- name: "Install {{ service_name }} dependencies" npm: - path: "{{ appservice_path }}" + path: "{{ service_path }}" production: true become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" register: npm_result retries: 3 until: npm_result is succeeded -- name: "Configure {{ appservice_name }}" +- name: "Configure {{ service_name }}" template: src: config.yaml.j2 - dest: "{{ appservice_path }}/config.yaml" - owner: "{{ appservice_user }}" + dest: "{{ service_path }}/config.yaml" + owner: "{{ service_user }}" group: nogroup mode: 0600 # Service file -- name: "Install {{ appservice_name }} systemd unit" +- name: "Install {{ service_name }} systemd unit" template: - src: systemd/matrix-appservice-irc.service.j2 - dest: "/etc/systemd/system/{{ appservice_name }}.service" + src: systemd/appservice.service.j2 + dest: "/etc/systemd/system/{{ service_name }}.service" owner: root group: root mode: 0644 @@ -43,16 +43,16 @@ #- name: Copy appservice registration file # copy: -# src: "{{ appservice_path }}/discord-registration.yaml" -# dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml" +# src: "{{ service_path }}/discord-registration.yaml" +# dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml" # owner: matrix-synapse # group: nogroup # mode: 0600 # remote_src: yes # Run -#- name: Ensure that matrix-appservice-irc is started +#- name: "Ensure that {{ service_name }} is started" # service: -# name: matrix-appservice-irc +# name: "{{ service_name }}" # state: started # enabled: true diff --git a/roles/matrix-appservice-irc/tasks/service_user.yml b/roles/matrix-appservice-irc/tasks/service_user.yml index 4d73739..0818676 100644 --- a/roles/matrix-appservice-irc/tasks/service_user.yml +++ b/roles/matrix-appservice-irc/tasks/service_user.yml @@ -1,19 +1,19 @@ --- # Having a custom group is useless so use nogroup -- name: "Create {{ appservice_user }} user" +- name: "Create {{ service_user }} user" user: - name: "{{ appservice_user }}" + name: "{{ service_user }}" group: nogroup - home: "{{ appservice_homedir }}" + home: "{{ service_homedir }}" system: true shell: /bin/false state: present # Only service user should be able to go there -- name: "Secure {{ appservice_user }} home directory" +- name: "Secure {{ service_user }} home directory" file: - path: "{{ appservice_homedir }}" + path: "{{ service_homedir }}" state: directory - owner: "{{ appservice_user }}" + owner: "{{ service_user }}" group: nogroup mode: 0700 diff --git a/roles/matrix-appservice-irc/templates/apt/nodejs.j2 b/roles/matrix-appservice-irc/templates/apt/nodejs.j2 deleted file mode 100644 index 65e5110..0000000 --- a/roles/matrix-appservice-irc/templates/apt/nodejs.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: node* libuv1* -Pin: release a=stretch-backports -Pin-Priority: 600 diff --git a/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 b/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 new file mode 100644 index 0000000..0680720 --- /dev/null +++ b/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Unit] +Description=A bridge between Matrix and IRC +After=syslog.target network-online.target mysql.service postgresql.service +Conflicts=shutdown.target + +[Service] +Type=simple +User={{ service_user }} +WorkingDirectory={{ service_path }} +ExecStart=/usr/bin/nodejs ./app.js -c config.yaml -f my_registration_file.yaml -p 9999 +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 deleted file mode 100644 index 1f25539..0000000 --- a/roles/matrix-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# {{ ansible_managed }} - -[Unit] -Description=A bridge between Matrix and IRC -After=syslog.target network-online.target mysql.service postgresql.service -Conflicts=shutdown.target - -[Service] -Type=simple -User=matrix-appservice-irc -Group=matrix-appservice-irc -WorkingDirectory=/var/local/matrix-appservice-irc/matrix-appservice-irc -ExecStart=/usr/bin/nodejs /var/local/matrix-appservice-irc/matrix-appservice-irc/app.js -c config.yaml -f my_registration_file.yaml -p 9999 -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/matrix-appservice-webhooks/defaults/main.yml b/roles/matrix-appservice-webhooks/defaults/main.yml index ba9de6d..e4425c8 100644 --- a/roles/matrix-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-appservice-webhooks/defaults/main.yml @@ -1,15 +1,15 @@ --- -# appservice_name is the name of the project on GitHub -appservice_name: matrix-appservice-webhooks +# service_name is the name of the project on GitHub +service_name: matrix-appservice-webhooks # URL to clone -appservice_repo: https://github.com/turt2live/matrix-appservice-webhooks.git +service_repo: https://github.com/turt2live/matrix-appservice-webhooks.git # name of the service user # It means that you will have to `sudo -u THISUSER zsh` to debug -appservice_user: "{{ appservice_name }}" -appservice_homedir: "/var/local/{{ appservice_name }}" +service_user: "{{ service_name }}" +service_homedir: "/var/local/{{ service_name }}" -# appservice_path is where the project is cloned +# service_path is where the project is cloned # It can't be the home directory because of user hidden files. -appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}" +service_path: "{{ service_homedir }}/{{ service_name }}" diff --git a/roles/matrix-appservice-webhooks/tasks/main.yml b/roles/matrix-appservice-webhooks/tasks/main.yml index 9780b60..e8ef646 100644 --- a/roles/matrix-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-appservice-webhooks/tasks/main.yml @@ -2,38 +2,38 @@ # Create service user - include_tasks: service_user.yml -- name: "Clone {{ appservice_name }} project" +- name: "Clone {{ service_name }} project" git: - repo: "{{ appservice_repo }}" - dest: "{{ appservice_path }}" + repo: "{{ service_repo }}" + dest: "{{ service_path }}" version: master become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" # Setup dependencies -- name: "Install {{ appservice_name }} dependencies" +- name: "Install {{ service_name }} dependencies" npm: - path: "{{ appservice_path }}" + path: "{{ service_path }}" production: true become: true - become_user: "{{ appservice_user }}" + become_user: "{{ service_user }}" register: npm_result retries: 3 until: npm_result is succeeded -- name: "Configure {{ appservice_name }}" +- name: "Configure {{ service_name }}" template: src: config.yaml.j2 - dest: "{{ appservice_path }}/config/config.yaml" - owner: "{{ appservice_user }}" + dest: "{{ service_path }}/config/config.yaml" + owner: "{{ service_user }}" group: nogroup mode: 0600 # Service file -- name: "Install {{ appservice_name }} systemd unit" +- name: "Install {{ service_name }} systemd unit" template: - src: systemd/matrix-appservice-webhooks.service.j2 - dest: "/etc/systemd/system/{{ appservice_name }}.service" + src: systemd/appservice.service.j2 + dest: "/etc/systemd/system/{{ service_name }}.service" owner: root group: root mode: 0644 @@ -43,16 +43,16 @@ - name: Copy appservice registration file copy: - src: "{{ appservice_path }}/appservice-registration-webhooks.yaml" - dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml" + src: "{{ service_path }}/appservice-registration-webhooks.yaml" + dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml" owner: matrix-synapse group: nogroup mode: 0600 remote_src: yes # Run -- name: "Ensure that {{ appservice_name }} is started" +- name: "Ensure that {{ service_name }} is started" service: - name: "{{ appservice_name }}" + name: "{{ service_name }}" state: started enabled: true diff --git a/roles/matrix-appservice-webhooks/tasks/service_user.yml b/roles/matrix-appservice-webhooks/tasks/service_user.yml index 4d73739..0818676 100644 --- a/roles/matrix-appservice-webhooks/tasks/service_user.yml +++ b/roles/matrix-appservice-webhooks/tasks/service_user.yml @@ -1,19 +1,19 @@ --- # Having a custom group is useless so use nogroup -- name: "Create {{ appservice_user }} user" +- name: "Create {{ service_user }} user" user: - name: "{{ appservice_user }}" + name: "{{ service_user }}" group: nogroup - home: "{{ appservice_homedir }}" + home: "{{ service_homedir }}" system: true shell: /bin/false state: present # Only service user should be able to go there -- name: "Secure {{ appservice_user }} home directory" +- name: "Secure {{ service_user }} home directory" file: - path: "{{ appservice_homedir }}" + path: "{{ service_homedir }}" state: directory - owner: "{{ appservice_user }}" + owner: "{{ service_user }}" group: nogroup mode: 0700 diff --git a/roles/matrix-appservice-webhooks/templates/apt/nodejs.j2 b/roles/matrix-appservice-webhooks/templates/apt/nodejs.j2 deleted file mode 100644 index 65e5110..0000000 --- a/roles/matrix-appservice-webhooks/templates/apt/nodejs.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# {{ ansible_managed }} - -Package: node* libuv1* -Pin: release a=stretch-backports -Pin-Priority: 600 diff --git a/roles/matrix-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 similarity index 71% rename from roles/matrix-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 rename to roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 index 9d8c6b6..48239a8 100644 --- a/roles/matrix-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 @@ -7,11 +7,11 @@ Conflicts=shutdown.target [Service] Type=simple -User=matrix-appservice-webhooks -Group=matrix-appservice-webhooks -WorkingDirectory=/var/local/matrix-appservice-webhooks/matrix-appservice-webhooks +User={{ service_user }} +WorkingDirectory={{ service_path }} ExecStart=/usr/bin/nodejs index.js -p 9000 -c config/config.yaml -f appservice-registration-webhooks.yaml Restart=always +RestartSec=3 [Install] WantedBy=multi-user.target