lander configuration

roles/lander/files/lander.Caddyfile

@@ -0,0 +1,3 @@
+s.roosens.me {
+    reverse_proxy localhost:18080
+}

roles/lander/files/lander.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Lander
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=exec
+User=lander
+Group=lander
+ExecStart=/usr/local/bin/lander
+Restart=always
+EnvironmentFile=/etc/lander/lander.env
+
+[Install]
+WantedBy=multi-user.target

roles/lander/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: lander-restart
+  ansible.builtin.service:
+    name: 'lander'
+    state: 'restarted'

roles/lander/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy

roles/lander/tasks/main.yml

@@ -0,0 +1,78 @@
+---
+- name: Ensure newest binary is present
+  ansible.builtin.get_url:
+    url: "https://s3.rustybever.be/lander/commits/{{ lander_commit_sha }}/lander-linux-arm64"
+    dest: '/usr/local/bin/lander'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  notify: lander-restart
+
+- name: Ensure system group exists
+  ansible.builtin.group:
+    name: 'lander'
+    gid: 201
+    system: true
+    state: present
+
+- name: Ensure system user exists
+  ansible.builtin.user:
+    name: 'lander'
+    group: 'lander'
+    uid: 201
+    system: true
+    create_home: false
+
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/lander'
+    state: directory
+    mode: '0755'
+    owner: 'lander'
+    group: 'lander'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/lander'
+    state: directory
+    mode: '0755'
+    owner: 'lander'
+    group: 'lander'
+
+- name: Ensure environment file is present
+  ansible.builtin.template:
+    src: 'lander.env.j2'
+    dest: '/etc/lander/lander.env'
+    owner: 'lander'
+    group: 'lander'
+    mode: '0644'
+  notify: lander-restart
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'lander.service'
+    dest: '/lib/systemd/system/lander.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure lander service is enabled
+  ansible.builtin.service:
+    name: 'lander'
+    state: started
+    enabled: true
+
+- name: Ensure Caddyfile is present
+  copy:
+    src: 'lander.Caddyfile'
+    dest: '/etc/caddy/lander.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload

roles/lander/templates/lander.env.j2

@@ -0,0 +1,2 @@
+LANDER_DATA_DIR=/mnt/data1/lander
+LANDER_API_KEY={{ lander_api_key }}

roles/woodpecker/tasks/main.yml

@@ -36,6 +36,8 @@
   user:
     name: 'woodpecker'
     group: 'woodpecker'
+    groups:
+      - docker
     uid: 200
     system: true
     create_home: false