diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml index 567e034..35dc0b9 100644 --- a/inventory/group_vars/all/vars.yml +++ b/inventory/group_vars/all/vars.yml @@ -31,3 +31,6 @@ gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}" vieter_api_key: "{{ vault_vieter_api_key }}" site_api_key: "{{ vault_site_api_key }}" + +lander_api_key: "{{ vault_lander_api_key }}" +lander_version: '0.2.1' diff --git a/inventory/group_vars/all/vault.yml b/inventory/group_vars/all/vault.yml index cb2acab..09993c3 100644 --- a/inventory/group_vars/all/vault.yml +++ b/inventory/group_vars/all/vault.yml @@ -1,38 +1,42 @@ $ANSIBLE_VAULT;1.1;AES256 -63383436646334636234393830626134323666343733656139383235633233346239323335616531 -6138343436653662313466336339333133386361376232370a323038663962373733636539363166 -64376364653462316466333739633266656464376638303636316631636366643239376330353861 -6266663963626532360a666166343466326266343135326139333435396661393432316230386430 -31343339663862323230353266363239363532613564336536333262643231306435663964653535 -39653630653963363937656335633530613462656462633038363864386565383334383238613561 -64396163336234633837366565623239303835626334363334313132383530316631363039626161 -33653931656636393935643263636532313831613334613564383837636230373466383739323031 -34643633613432326437386137346263346438383836376130356262623531633535623537653661 -31666339313961306162393763646439636263303863376532366165656433383532353436616662 -34643334326461313665303130633461366665653064376566343763636362633634643661653739 -36666262383838656535356166353563393334336162616463626662383361646133373130653836 -61643233393163303232383566613566666332326432623139663135366263363536353762316666 -35393831396635616264346364633236393364376534323932346265393831323234616530373061 -36666433313162663738303462666430663261663666626339333837323838303734666436373935 -38666264626238376533303934636363333034336439343431326430646262303833393561383734 -30643734383030303261366133626531363932363162663136363866653635326363366530333033 -37396532663864333737613165383131383263373263303836363539633164656237663563323164 -38323564383163363834336633633265393562633461313665646633663231336662653834643130 -65303032333139643662323166313632333431616338313462613035626366653430623463663865 -64346634666132663935376532666362666636323134333633393030613965383761316530396132 -63343533323138323164633837363361633062323065356465623166633963313461656231396437 -64363861393466636435616439653266333963666137316332316565323431373930363130643662 -63353164633037653138393139616463643437663839653261353861626463356461313039383163 -33306637326234393237303264336537633538336634353830383839353864393366316536393734 -38633532633432323763623430393335613739636235346465363232643631303632383362643562 -33623966323065613563613865383630613634366338393464393563343361383831373736353936 -33613336343334633639626263626438623065643130356266323434613037636265633136396162 -38343631623034633336303731363334383036356133343832323433386565653233643438643437 -61393832323766633063353764363465316633343566323363393733333834623039383238373530 -37653939646562393830396364656333663463643361333461326561323638343539326266306235 -32393837353631633961373066356130383566346365653033356336333435613932653736376235 -33663237613437366364613731626162613761646364643061343531323761333132316535346530 -30646432653336313864323036313234616231333533343535663532643133666166613433656538 -38333038666634613333653831623463376261313864613736383862656362643731343637633736 -64343036376238643361613362646662623462353438333730656362373336616235626134666430 -37613134626637393762663562353432653439353333643665386265376561653036 +66313437656435656133346166653534646465333863366137326563343661613563623461356437 +6233623464323465393865306238393039396361366366330a613064313863623031613831383539 +38633466306662633134326635656532393632363138633139626338383361613335383132383932 +6534666564613034650a336663613537616132653166366130366535383634623961343438396634 +62626333313133303565646661656433303663303033383336313035333133323338643832623936 +35313030636239306461666537303933336338373130386434303938613763313437663031656362 +34356234613166383434346263373963656165653763616261616632313939653937373365633366 +64623637363066393364393063373264366432343638613639343861333263646362626265663734 +62373631633565356431653831613166653030376139383338346335613663633661393966633263 +34303734306534613333366339343131386634636135383630656136373430326236633730663235 +62653264343965393734383739346639363338623566306162376232363830633432643261313664 +36363637663266356133323534353035376266623237663535326430613061623335303534393066 +36663235656537616438343461373637623335633235393034343830333664343538653034643166 +62646564616363666531646436643338633639336262313361626534646163346131333734333964 +36373466343032303865316565393061663161633664626239373931323461316263323935653331 +39643834643338663164613061333833663665396636376135656636333561663062313731383530 +33393065326464316332666636656438353339353438626233613664643261663864373734343663 +39613833653232346462623562383062626462343564336535383362383938386664313539306634 +32633963346235393764656364313265656462336335643262303939383833336638633165393966 +36633166653563633266303764646530336638303661653136383161626637316664633835383461 +64346464636438376233313634633961323164373634313336346137393332633762613066323938 +37383938636135653135373634336566616536663161386361393466663062323064396662383865 +39363462636261653964653332396533356533633335646463616333376537396133363564343533 +66643031313165613632356235386561626230623534396465313131363766316137653530323531 +62626566613838343334356437666234343036366164353738356232363364653964663761643934 +36353835623433303132653433663938666162653664373666343235326433386364626233643737 +33623737346664656165373935643032613931366536636133303164353933333533616230396261 +31306364333066663165646364653961393836633431376261376163313735353134363062616361 +30376161323361353832383963373265383330616534623832623331663132316139336532366466 +38326531366562316536303662643834613836306331643331353437343863393134623932336165 +65386565636237646435636135336134353831303933346431636235643834616561313363376631 +30623764623332396162333464626435366134633538343337323262316337373435303161613966 +61333739396235323437643336306462343131336639333539353736313338616337323632613537 +64303031636461383462373634666562613130343864333666616564336564323936626464666336 +32306230373931373531303765346262313133336337323862393463343266626335303763653631 +63373232346466353138373136346435323639306637303034346130353664343363636164646236 +37363363343463626566643835396462653961653331626537346633333232613065323136346161 +39633232396663653966626237363761643735373739656239393566663133633633316632623265 +30633332306239326333373239373739376665313237643331633461333663393763333630363134 +36353135666332303163623963363130323937616236646263333361366364393133343935636330 +6466 diff --git a/plays/pearl.yml b/plays/pearl.yml index 086ac7f..e848325 100644 --- a/plays/pearl.yml +++ b/plays/pearl.yml @@ -31,3 +31,9 @@ roles: - 'any.software.site-podman' tags: site + +- hosts: pearl + become: true + roles: + - 'any.software.lander' + tags: lander diff --git a/roles/any.software.lander/files/lander.Caddyfile b/roles/any.software.lander/files/lander.Caddyfile new file mode 100644 index 0000000..a065c72 --- /dev/null +++ b/roles/any.software.lander/files/lander.Caddyfile @@ -0,0 +1,3 @@ +r8r.be { + reverse_proxy 127.0.0.1:8022 +} diff --git a/roles/any.software.lander/files/lander.data.backup.sh b/roles/any.software.lander/files/lander.data.backup.sh new file mode 100644 index 0000000..d388a87 --- /dev/null +++ b/roles/any.software.lander/files/lander.data.backup.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +data_dir='/mnt/data1/lander/data' +snapshot_dir="${data_dir}.snapshot" + +# Read-only snapshot for atomic backup +btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $? + +/usr/local/bin/restic backup "$snapshot_dir" + +# Always remove snapshot subvolume, even if restic fails +btrfs subvolume delete "$snapshot_dir" diff --git a/roles/any.software.lander/files/lander.service b/roles/any.software.lander/files/lander.service new file mode 100644 index 0000000..635d21d --- /dev/null +++ b/roles/any.software.lander/files/lander.service @@ -0,0 +1,15 @@ +[Unit] +Description=Lander +After=network.target network-online.target +Requires=network-online.target + +[Service] +Type=exec +User=lander +Group=lander +ExecStart=/usr/local/bin/lander +Restart=always +EnvironmentFile=/etc/lander/lander.env + +[Install] +WantedBy=multi-user.target diff --git a/roles/any.software.lander/handlers/main.yml b/roles/any.software.lander/handlers/main.yml new file mode 100644 index 0000000..45bee7f --- /dev/null +++ b/roles/any.software.lander/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: 'restart lander' + ansible.builtin.service: + name: 'lander' + state: 'restarted' diff --git a/roles/any.software.lander/meta/main.yml b/roles/any.software.lander/meta/main.yml new file mode 100644 index 0000000..6e47e89 --- /dev/null +++ b/roles/any.software.lander/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: 'any.tools.caddy' diff --git a/roles/any.software.lander/tasks/main.yml b/roles/any.software.lander/tasks/main.yml new file mode 100644 index 0000000..a45db37 --- /dev/null +++ b/roles/any.software.lander/tasks/main.yml @@ -0,0 +1,105 @@ +--- +- name: Ensure newest binary is present + ansible.builtin.get_url: + url: "https://git.rustybever.be/api/packages/Chewing_Bever/generic/lander/{{ lander_version }}/lander-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" + dest: '/usr/local/bin/lander' + owner: 'root' + group: 'root' + mode: '0755' + notify: 'restart lander' + +- name: Ensure system group exists + ansible.builtin.group: + name: 'lander' + gid: 201 + system: true + state: present + +- name: Ensure system user exists + ansible.builtin.user: + name: 'lander' + group: 'lander' + uid: 201 + system: true + create_home: false + +- name: Ensure data directory is present + ansible.builtin.file: + path: '/mnt/data1/lander' + state: directory + mode: '0755' + owner: 'root' + group: 'root' + +# Only one BTRFS file system should be mounted, so this will match that one +- name: Ensure data subvolume is present + community.general.btrfs_subvolume: + name: '/lander/{{ item }}' + loop: + - 'data' + +- name: Ensure data subvolume permissions are correct + ansible.builtin.file: + path: '/mnt/data1/lander/{{ item }}' + state: directory + mode: '0755' + owner: 'lander' + group: 'lander' + loop: + - 'data' + +- name: Ensure configuration directory is present + ansible.builtin.file: + path: '/etc/lander' + state: directory + mode: '0755' + owner: 'lander' + group: 'lander' + +- name: Ensure environment file is present + ansible.builtin.template: + src: 'lander.env.j2' + dest: '/etc/lander/lander.env' + owner: 'lander' + group: 'lander' + mode: '0644' + notify: 'restart lander' + +- name: Ensure backup script is present + ansible.builtin.copy: + src: 'lander.{{ item }}.backup.sh' + dest: '/etc/backups/lander.{{ item }}.backup.sh' + owner: 'root' + group: 'root' + mode: '0644' + loop: + - 'data' + +- name: Ensure service file is present + ansible.builtin.copy: + src: 'lander.service' + dest: '/lib/systemd/system/lander.service' + owner: 'root' + group: 'root' + mode: '0644' + register: res + +- name: systemd-reload + ansible.builtin.systemd_service: + daemon_reload: true + when: 'res.changed' + +- name: Ensure Caddyfile is present + ansible.builtin.copy: + src: 'lander.Caddyfile' + dest: '/etc/caddy/lander.Caddyfile' + mode: '0644' + owner: 'root' + group: 'root' + notify: 'reload caddy' + +- name: Ensure lander service is enabled + ansible.builtin.service: + name: 'lander' + state: 'started' + enabled: true diff --git a/roles/any.software.lander/templates/lander.env.j2 b/roles/any.software.lander/templates/lander.env.j2 new file mode 100644 index 0000000..0c072ed --- /dev/null +++ b/roles/any.software.lander/templates/lander.env.j2 @@ -0,0 +1,3 @@ +LANDER_DATA_DIR=/mnt/data1/lander/data +LANDER_PORT=8022 +LANDER_API_KEY={{ lander_api_key }}