Merge branch 'generic_services' into 'master'
Generic services See merge request aurore/ansible!37
This commit is contained in:
commit
98c6364394
20 changed files with 174 additions and 178 deletions
15
roles/codimd/defaults/main.yml
Normal file
15
roles/codimd/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
# service_name is the name of the project on GitHub
|
||||||
|
service_name: codimd
|
||||||
|
|
||||||
|
# URL to clone
|
||||||
|
service_repo: https://github.com/hackmdio/codimd.git
|
||||||
|
|
||||||
|
# name of the service user
|
||||||
|
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||||
|
service_user: "{{ service_name }}"
|
||||||
|
service_homedir: "/var/local/{{ service_name }}"
|
||||||
|
|
||||||
|
# service_path is where the project is cloned
|
||||||
|
# It can't be the home directory because of user hidden files.
|
||||||
|
service_path: "{{ service_homedir }}/{{ service_name }}"
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
# Security #1
|
|
||||||
- name: Create CodiMD system group
|
|
||||||
group:
|
|
||||||
name: codimd
|
|
||||||
system: true
|
|
||||||
state: present
|
|
||||||
|
|
||||||
# Security #2
|
|
||||||
- name: Create CodiMD user
|
|
||||||
user:
|
|
||||||
name: codimd
|
|
||||||
group: codimd
|
|
||||||
home: /var/local/codimd
|
|
||||||
comment: CodiMD
|
|
||||||
system: true
|
|
||||||
state: present
|
|
||||||
|
|
||||||
# Security #3
|
|
||||||
- name: Secure CodiMD home directory
|
|
||||||
file:
|
|
||||||
path: /var/local/codimd
|
|
||||||
state: directory
|
|
||||||
owner: codimd
|
|
||||||
group: codimd
|
|
||||||
mode: 0750
|
|
|
@ -2,26 +2,25 @@
|
||||||
# Install APT dependencies
|
# Install APT dependencies
|
||||||
- include_tasks: 0_apt_dependencies.yml
|
- include_tasks: 0_apt_dependencies.yml
|
||||||
|
|
||||||
# Create CodiMD user and group
|
# Create service user
|
||||||
- include_tasks: 1_user_group.yml
|
- include_tasks: service_user.yml
|
||||||
|
|
||||||
# Download CodiMD
|
- name: "Clone {{ service_name }} project"
|
||||||
- name: Clone CodiMD project
|
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/hackmdio/codimd.git
|
repo: "{{ service_repo }}"
|
||||||
dest: /var/local/codimd/codimd
|
dest: "{{ service_path }}"
|
||||||
version: 1.3.0
|
version: 1.3.0
|
||||||
become: true
|
become: true
|
||||||
become_user: codimd
|
become_user: "{{ service_user }}"
|
||||||
notify: Build front-end for CodiMD
|
notify: Build front-end for CodiMD
|
||||||
|
|
||||||
# Setup dependencies and configs
|
# Setup dependencies
|
||||||
- name: Install CodiMD dependencies
|
- name: "Install {{ service_name }} dependencies"
|
||||||
yarn:
|
yarn:
|
||||||
path: /var/local/codimd/codimd
|
path: "{{ service_path }}"
|
||||||
production: true
|
production: true
|
||||||
become: true
|
become: true
|
||||||
become_user: codimd
|
become_user: "{{ service_user }}"
|
||||||
register: yarn_result
|
register: yarn_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: yarn_result is succeeded
|
until: yarn_result is succeeded
|
||||||
|
@ -30,33 +29,32 @@
|
||||||
- name: Connect CodiMD to PostgreSQL db
|
- name: Connect CodiMD to PostgreSQL db
|
||||||
template:
|
template:
|
||||||
src: sequelizerc.j2
|
src: sequelizerc.j2
|
||||||
dest: /var/local/codimd/codimd/.sequelizerc
|
dest: "{{ service_path }}/.sequelizerc"
|
||||||
owner: codimd
|
owner: "{{ service_user }}"
|
||||||
group: codimd
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Configure
|
- name: "Configure {{ service_name }}"
|
||||||
- name: Configure CodiMD
|
|
||||||
template:
|
template:
|
||||||
src: config.json.j2
|
src: config.json.j2
|
||||||
dest: /var/local/codimd/codimd/config.json
|
dest: "{{ service_path }}/config.json"
|
||||||
owner: codimd
|
owner: "{{ service_user }}"
|
||||||
group: codimd
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Service file
|
# Service file
|
||||||
- name: Install CodiMD systemd unit
|
- name: "Install {{ service_name }} systemd unit"
|
||||||
template:
|
template:
|
||||||
src: systemd/codimd.service.j2
|
src: systemd/codimd.service.j2
|
||||||
dest: /etc/systemd/system/codimd.service
|
dest: "/etc/systemd/system/{{ service_name }}.service"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: Reload systemd daemons
|
notify: Reload systemd daemons
|
||||||
|
|
||||||
# Run
|
# Run
|
||||||
- name: Ensure that CodiMD is started
|
- name: "Ensure that {{ service_name }} is started"
|
||||||
service:
|
service:
|
||||||
name: codimd
|
name: "{{ service_name }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
19
roles/codimd/tasks/service_user.yml
Normal file
19
roles/codimd/tasks/service_user.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
# Having a custom group is useless so use nogroup
|
||||||
|
- name: "Create {{ service_user }} user"
|
||||||
|
user:
|
||||||
|
name: "{{ service_user }}"
|
||||||
|
group: nogroup
|
||||||
|
home: "{{ service_homedir }}"
|
||||||
|
system: true
|
||||||
|
shell: /bin/false
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# Only service user should be able to go there
|
||||||
|
- name: "Secure {{ service_user }} home directory"
|
||||||
|
file:
|
||||||
|
path: "{{ service_homedir }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ service_user }}"
|
||||||
|
group: nogroup
|
||||||
|
mode: 0700
|
|
@ -7,12 +7,12 @@ Conflicts=shutdown.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
User=codimd
|
User={{ service_user }}
|
||||||
Group=codimd
|
WorkingDirectory={{ service_path }}
|
||||||
WorkingDirectory=/var/local/codimd/codimd
|
|
||||||
Environment="NODE_ENV=production"
|
Environment="NODE_ENV=production"
|
||||||
ExecStart=/usr/bin/nodejs /var/local/codimd/codimd/app.js
|
ExecStart=/usr/bin/nodejs ./app.js
|
||||||
Restart=always
|
Restart=always
|
||||||
|
RestartSec=3
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
# appservice_name is the name of the project on GitHub
|
# service_name is the name of the project on GitHub
|
||||||
appservice_name: matrix-appservice-discord
|
service_name: matrix-appservice-discord
|
||||||
|
|
||||||
# URL to clone
|
# URL to clone
|
||||||
appservice_repo: https://github.com/Half-Shot/matrix-appservice-discord.git
|
service_repo: https://github.com/Half-Shot/matrix-appservice-discord.git
|
||||||
|
|
||||||
# name of the service user
|
# name of the service user
|
||||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||||
appservice_user: "{{ appservice_name }}"
|
service_user: "{{ service_name }}"
|
||||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
service_homedir: "/var/local/{{ service_name }}"
|
||||||
|
|
||||||
# appservice_path is where the project is cloned
|
# service_path is where the project is cloned
|
||||||
# It can't be the home directory because of user hidden files.
|
# It can't be the home directory because of user hidden files.
|
||||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
service_path: "{{ service_homedir }}/{{ service_name }}"
|
||||||
|
|
|
@ -2,22 +2,22 @@
|
||||||
# Create service user
|
# Create service user
|
||||||
- include_tasks: service_user.yml
|
- include_tasks: service_user.yml
|
||||||
|
|
||||||
- name: "Clone {{ appservice_name }} project"
|
- name: "Clone {{ service_name }} project"
|
||||||
git:
|
git:
|
||||||
repo: "{{ appservice_repo }}"
|
repo: "{{ service_repo }}"
|
||||||
dest: "{{ appservice_path }}"
|
dest: "{{ service_path }}"
|
||||||
version: 14cf2829510e8b7b99b3238e2deaddf296ab4b76
|
version: 14cf2829510e8b7b99b3238e2deaddf296ab4b76
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
|
|
||||||
# Setup dependencies
|
# Setup dependencies
|
||||||
# May create issues with package-lock.json not in gitignore
|
# May create issues with package-lock.json not in gitignore
|
||||||
- name: "Install {{ appservice_name }} dependencies"
|
- name: "Install {{ service_name }} dependencies"
|
||||||
npm:
|
npm:
|
||||||
path: "{{ appservice_path }}"
|
path: "{{ service_path }}"
|
||||||
production: true
|
production: true
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
register: npm_result
|
register: npm_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: npm_result is succeeded
|
until: npm_result is succeeded
|
||||||
|
@ -26,25 +26,25 @@
|
||||||
- name: Compile matrix-appservice-discord
|
- name: Compile matrix-appservice-discord
|
||||||
command: ./node_modules/.bin/tsc
|
command: ./node_modules/.bin/tsc
|
||||||
args:
|
args:
|
||||||
chdir: "{{ appservice_path }}"
|
chdir: "{{ service_path }}"
|
||||||
register: npm_build_result
|
register: npm_build_result
|
||||||
changed_when: npm_build_result
|
changed_when: npm_build_result
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
|
|
||||||
- name: "Configure {{ appservice_name }}"
|
- name: "Configure {{ service_name }}"
|
||||||
template:
|
template:
|
||||||
src: config.yaml.j2
|
src: config.yaml.j2
|
||||||
dest: "{{ appservice_path }}/config.yaml"
|
dest: "{{ service_path }}/config.yaml"
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Service file
|
# Service file
|
||||||
- name: "Install {{ appservice_name }} systemd unit"
|
- name: "Install {{ service_name }} systemd unit"
|
||||||
template:
|
template:
|
||||||
src: systemd/matrix-appservice-discord.service.j2
|
src: systemd/appservice.service.j2
|
||||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
dest: "/etc/systemd/system/{{ service_name }}.service"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -54,16 +54,16 @@
|
||||||
|
|
||||||
- name: Copy appservice registration file
|
- name: Copy appservice registration file
|
||||||
copy:
|
copy:
|
||||||
src: "{{ appservice_path }}/discord-registration.yaml"
|
src: "{{ service_path }}/discord-registration.yaml"
|
||||||
dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml"
|
||||||
owner: matrix-synapse
|
owner: matrix-synapse
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
|
||||||
# Run
|
# Run
|
||||||
- name: "Ensure that {{ appservice_name }} is started"
|
- name: "Ensure that {{ service_name }} is started"
|
||||||
service:
|
service:
|
||||||
name: "{{ appservice_name }}"
|
name: "{{ service_name }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
---
|
---
|
||||||
# Having a custom group is useless so use nogroup
|
# Having a custom group is useless so use nogroup
|
||||||
- name: "Create {{ appservice_user }} user"
|
- name: "Create {{ service_user }} user"
|
||||||
user:
|
user:
|
||||||
name: "{{ appservice_user }}"
|
name: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
home: "{{ appservice_homedir }}"
|
home: "{{ service_homedir }}"
|
||||||
system: true
|
system: true
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# Only service user should be able to go there
|
# Only service user should be able to go there
|
||||||
- name: "Secure {{ appservice_user }} home directory"
|
- name: "Secure {{ service_user }} home directory"
|
||||||
file:
|
file:
|
||||||
path: "{{ appservice_homedir }}"
|
path: "{{ service_homedir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
|
|
@ -7,12 +7,12 @@ Conflicts=shutdown.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
User=matrix-appservice-discord
|
User={{ service_user }}
|
||||||
Group=matrix-appservice-discord
|
WorkingDirectory={{ service_path }}
|
||||||
WorkingDirectory=/var/local/matrix-appservice-discord/matrix-appservice-discord
|
|
||||||
Environment="NODE_ENV=production"
|
Environment="NODE_ENV=production"
|
||||||
ExecStart=/usr/bin/nodejs ./build/src/discordas.js -p 9005 -c config.yaml
|
ExecStart=/usr/bin/nodejs ./build/src/discordas.js -p 9005 -c config.yaml
|
||||||
Restart=always
|
Restart=always
|
||||||
|
RestartSec=3
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
# appservice_name is the name of the project on GitHub
|
# service_name is the name of the project on GitHub
|
||||||
appservice_name: matrix-appservice-irc
|
service_name: matrix-appservice-irc
|
||||||
|
|
||||||
# URL to clone
|
# URL to clone
|
||||||
appservice_repo: https://github.com/matrix-org/matrix-appservice-irc.git
|
service_repo: https://github.com/matrix-org/matrix-appservice-irc.git
|
||||||
|
|
||||||
# name of the service user
|
# name of the service user
|
||||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||||
appservice_user: "{{ appservice_name }}"
|
service_user: "{{ service_name }}"
|
||||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
service_homedir: "/var/local/{{ service_name }}"
|
||||||
|
|
||||||
# appservice_path is where the project is cloned
|
# service_path is where the project is cloned
|
||||||
# It can't be the home directory because of user hidden files.
|
# It can't be the home directory because of user hidden files.
|
||||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
service_path: "{{ service_homedir }}/{{ service_name }}"
|
||||||
|
|
|
@ -2,38 +2,38 @@
|
||||||
# Create service user
|
# Create service user
|
||||||
- include_tasks: service_user.yml
|
- include_tasks: service_user.yml
|
||||||
|
|
||||||
- name: "Clone {{ appservice_name }} project"
|
- name: "Clone {{ service_name }} project"
|
||||||
git:
|
git:
|
||||||
repo: "{{ appservice_repo }}"
|
repo: "{{ service_repo }}"
|
||||||
dest: "{{ appservice_path }}"
|
dest: "{{ service_path }}"
|
||||||
version: 0.11.2
|
version: 0.11.2
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
|
|
||||||
# Setup dependencies
|
# Setup dependencies
|
||||||
- name: "Install {{ appservice_name }} dependencies"
|
- name: "Install {{ service_name }} dependencies"
|
||||||
npm:
|
npm:
|
||||||
path: "{{ appservice_path }}"
|
path: "{{ service_path }}"
|
||||||
production: true
|
production: true
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
register: npm_result
|
register: npm_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: npm_result is succeeded
|
until: npm_result is succeeded
|
||||||
|
|
||||||
- name: "Configure {{ appservice_name }}"
|
- name: "Configure {{ service_name }}"
|
||||||
template:
|
template:
|
||||||
src: config.yaml.j2
|
src: config.yaml.j2
|
||||||
dest: "{{ appservice_path }}/config.yaml"
|
dest: "{{ service_path }}/config.yaml"
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Service file
|
# Service file
|
||||||
- name: "Install {{ appservice_name }} systemd unit"
|
- name: "Install {{ service_name }} systemd unit"
|
||||||
template:
|
template:
|
||||||
src: systemd/matrix-appservice-irc.service.j2
|
src: systemd/appservice.service.j2
|
||||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
dest: "/etc/systemd/system/{{ service_name }}.service"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -43,16 +43,16 @@
|
||||||
|
|
||||||
#- name: Copy appservice registration file
|
#- name: Copy appservice registration file
|
||||||
# copy:
|
# copy:
|
||||||
# src: "{{ appservice_path }}/discord-registration.yaml"
|
# src: "{{ service_path }}/discord-registration.yaml"
|
||||||
# dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
# dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml"
|
||||||
# owner: matrix-synapse
|
# owner: matrix-synapse
|
||||||
# group: nogroup
|
# group: nogroup
|
||||||
# mode: 0600
|
# mode: 0600
|
||||||
# remote_src: yes
|
# remote_src: yes
|
||||||
|
|
||||||
# Run
|
# Run
|
||||||
#- name: Ensure that matrix-appservice-irc is started
|
#- name: "Ensure that {{ service_name }} is started"
|
||||||
# service:
|
# service:
|
||||||
# name: matrix-appservice-irc
|
# name: "{{ service_name }}"
|
||||||
# state: started
|
# state: started
|
||||||
# enabled: true
|
# enabled: true
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
---
|
---
|
||||||
# Having a custom group is useless so use nogroup
|
# Having a custom group is useless so use nogroup
|
||||||
- name: "Create {{ appservice_user }} user"
|
- name: "Create {{ service_user }} user"
|
||||||
user:
|
user:
|
||||||
name: "{{ appservice_user }}"
|
name: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
home: "{{ appservice_homedir }}"
|
home: "{{ service_homedir }}"
|
||||||
system: true
|
system: true
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# Only service user should be able to go there
|
# Only service user should be able to go there
|
||||||
- name: "Secure {{ appservice_user }} home directory"
|
- name: "Secure {{ service_user }} home directory"
|
||||||
file:
|
file:
|
||||||
path: "{{ appservice_homedir }}"
|
path: "{{ service_homedir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Package: node* libuv1*
|
|
||||||
Pin: release a=stretch-backports
|
|
||||||
Pin-Priority: 600
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=A bridge between Matrix and IRC
|
||||||
|
After=syslog.target network-online.target mysql.service postgresql.service
|
||||||
|
Conflicts=shutdown.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User={{ service_user }}
|
||||||
|
WorkingDirectory={{ service_path }}
|
||||||
|
ExecStart=/usr/bin/nodejs ./app.js -c config.yaml -f my_registration_file.yaml -p 9999
|
||||||
|
Restart=always
|
||||||
|
RestartSec=3
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,17 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
[Unit]
|
|
||||||
Description=A bridge between Matrix and IRC
|
|
||||||
After=syslog.target network-online.target mysql.service postgresql.service
|
|
||||||
Conflicts=shutdown.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
User=matrix-appservice-irc
|
|
||||||
Group=matrix-appservice-irc
|
|
||||||
WorkingDirectory=/var/local/matrix-appservice-irc/matrix-appservice-irc
|
|
||||||
ExecStart=/usr/bin/nodejs /var/local/matrix-appservice-irc/matrix-appservice-irc/app.js -c config.yaml -f my_registration_file.yaml -p 9999
|
|
||||||
Restart=always
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
# appservice_name is the name of the project on GitHub
|
# service_name is the name of the project on GitHub
|
||||||
appservice_name: matrix-appservice-webhooks
|
service_name: matrix-appservice-webhooks
|
||||||
|
|
||||||
# URL to clone
|
# URL to clone
|
||||||
appservice_repo: https://github.com/turt2live/matrix-appservice-webhooks.git
|
service_repo: https://github.com/turt2live/matrix-appservice-webhooks.git
|
||||||
|
|
||||||
# name of the service user
|
# name of the service user
|
||||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||||
appservice_user: "{{ appservice_name }}"
|
service_user: "{{ service_name }}"
|
||||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
service_homedir: "/var/local/{{ service_name }}"
|
||||||
|
|
||||||
# appservice_path is where the project is cloned
|
# service_path is where the project is cloned
|
||||||
# It can't be the home directory because of user hidden files.
|
# It can't be the home directory because of user hidden files.
|
||||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
service_path: "{{ service_homedir }}/{{ service_name }}"
|
||||||
|
|
|
@ -2,38 +2,38 @@
|
||||||
# Create service user
|
# Create service user
|
||||||
- include_tasks: service_user.yml
|
- include_tasks: service_user.yml
|
||||||
|
|
||||||
- name: "Clone {{ appservice_name }} project"
|
- name: "Clone {{ service_name }} project"
|
||||||
git:
|
git:
|
||||||
repo: "{{ appservice_repo }}"
|
repo: "{{ service_repo }}"
|
||||||
dest: "{{ appservice_path }}"
|
dest: "{{ service_path }}"
|
||||||
version: master
|
version: master
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
|
|
||||||
# Setup dependencies
|
# Setup dependencies
|
||||||
- name: "Install {{ appservice_name }} dependencies"
|
- name: "Install {{ service_name }} dependencies"
|
||||||
npm:
|
npm:
|
||||||
path: "{{ appservice_path }}"
|
path: "{{ service_path }}"
|
||||||
production: true
|
production: true
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ appservice_user }}"
|
become_user: "{{ service_user }}"
|
||||||
register: npm_result
|
register: npm_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: npm_result is succeeded
|
until: npm_result is succeeded
|
||||||
|
|
||||||
- name: "Configure {{ appservice_name }}"
|
- name: "Configure {{ service_name }}"
|
||||||
template:
|
template:
|
||||||
src: config.yaml.j2
|
src: config.yaml.j2
|
||||||
dest: "{{ appservice_path }}/config/config.yaml"
|
dest: "{{ service_path }}/config/config.yaml"
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Service file
|
# Service file
|
||||||
- name: "Install {{ appservice_name }} systemd unit"
|
- name: "Install {{ service_name }} systemd unit"
|
||||||
template:
|
template:
|
||||||
src: systemd/matrix-appservice-webhooks.service.j2
|
src: systemd/appservice.service.j2
|
||||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
dest: "/etc/systemd/system/{{ service_name }}.service"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -43,16 +43,16 @@
|
||||||
|
|
||||||
- name: Copy appservice registration file
|
- name: Copy appservice registration file
|
||||||
copy:
|
copy:
|
||||||
src: "{{ appservice_path }}/appservice-registration-webhooks.yaml"
|
src: "{{ service_path }}/appservice-registration-webhooks.yaml"
|
||||||
dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
dest: "/etc/matrix-synapse/{{ service_name }}-registration.yaml"
|
||||||
owner: matrix-synapse
|
owner: matrix-synapse
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0600
|
mode: 0600
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
|
||||||
# Run
|
# Run
|
||||||
- name: "Ensure that {{ appservice_name }} is started"
|
- name: "Ensure that {{ service_name }} is started"
|
||||||
service:
|
service:
|
||||||
name: "{{ appservice_name }}"
|
name: "{{ service_name }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
---
|
---
|
||||||
# Having a custom group is useless so use nogroup
|
# Having a custom group is useless so use nogroup
|
||||||
- name: "Create {{ appservice_user }} user"
|
- name: "Create {{ service_user }} user"
|
||||||
user:
|
user:
|
||||||
name: "{{ appservice_user }}"
|
name: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
home: "{{ appservice_homedir }}"
|
home: "{{ service_homedir }}"
|
||||||
system: true
|
system: true
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# Only service user should be able to go there
|
# Only service user should be able to go there
|
||||||
- name: "Secure {{ appservice_user }} home directory"
|
- name: "Secure {{ service_user }} home directory"
|
||||||
file:
|
file:
|
||||||
path: "{{ appservice_homedir }}"
|
path: "{{ service_homedir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ appservice_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Package: node* libuv1*
|
|
||||||
Pin: release a=stretch-backports
|
|
||||||
Pin-Priority: 600
|
|
|
@ -7,11 +7,11 @@ Conflicts=shutdown.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
User=matrix-appservice-webhooks
|
User={{ service_user }}
|
||||||
Group=matrix-appservice-webhooks
|
WorkingDirectory={{ service_path }}
|
||||||
WorkingDirectory=/var/local/matrix-appservice-webhooks/matrix-appservice-webhooks
|
|
||||||
ExecStart=/usr/bin/nodejs index.js -p 9000 -c config/config.yaml -f appservice-registration-webhooks.yaml
|
ExecStart=/usr/bin/nodejs index.js -p 9000 -c config/config.yaml -f appservice-registration-webhooks.yaml
|
||||||
Restart=always
|
Restart=always
|
||||||
|
RestartSec=3
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue