feat: add lander role for pearl

roles/any.software.lander/files/lander.Caddyfile

@@ -0,0 +1,3 @@
+r8r.be {
+    reverse_proxy 127.0.0.1:8022
+}

roles/any.software.lander/files/lander.data.backup.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+data_dir='/mnt/data1/lander/data'
+snapshot_dir="${data_dir}.snapshot"
+
+# Read-only snapshot for atomic backup
+btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
+
+/usr/local/bin/restic backup "$snapshot_dir"
+
+# Always remove snapshot subvolume, even if restic fails
+btrfs subvolume delete "$snapshot_dir"

roles/any.software.lander/files/lander.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Lander
+After=network.target network-online.target
+Requires=network-online.target
+
+[Service]
+Type=exec
+User=lander
+Group=lander
+ExecStart=/usr/local/bin/lander
+Restart=always
+EnvironmentFile=/etc/lander/lander.env
+
+[Install]
+WantedBy=multi-user.target

roles/any.software.lander/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: 'restart lander'
+  ansible.builtin.service:
+    name: 'lander'
+    state: 'restarted'

roles/any.software.lander/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: 'any.tools.caddy'

roles/any.software.lander/tasks/main.yml

@@ -0,0 +1,105 @@
+---
+- name: Ensure newest binary is present
+  ansible.builtin.get_url:
+    url: "https://git.rustybever.be/api/packages/Chewing_Bever/generic/lander/{{ lander_version }}/lander-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+    dest: '/usr/local/bin/lander'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+  notify: 'restart lander'
+
+- name: Ensure system group exists
+  ansible.builtin.group:
+    name: 'lander'
+    gid: 201
+    system: true
+    state: present
+
+- name: Ensure system user exists
+  ansible.builtin.user:
+    name: 'lander'
+    group: 'lander'
+    uid: 201
+    system: true
+    create_home: false
+
+- name: Ensure data directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/lander'
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+
+# Only one BTRFS file system should be mounted, so this will match that one
+- name: Ensure data subvolume is present
+  community.general.btrfs_subvolume:
+    name: '/lander/{{ item }}'
+  loop:
+    - 'data'
+
+- name: Ensure data subvolume permissions are correct
+  ansible.builtin.file:
+    path: '/mnt/data1/lander/{{ item }}'
+    state: directory
+    mode: '0755'
+    owner: 'lander'
+    group: 'lander'
+  loop:
+    - 'data'
+
+- name: Ensure configuration directory is present
+  ansible.builtin.file:
+    path: '/etc/lander'
+    state: directory
+    mode: '0755'
+    owner: 'lander'
+    group: 'lander'
+
+- name: Ensure environment file is present
+  ansible.builtin.template:
+    src: 'lander.env.j2'
+    dest: '/etc/lander/lander.env'
+    owner: 'lander'
+    group: 'lander'
+    mode: '0644'
+  notify: 'restart lander'
+
+- name: Ensure backup script is present
+  ansible.builtin.copy:
+    src: 'lander.{{ item }}.backup.sh'
+    dest: '/etc/backups/lander.{{ item }}.backup.sh'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  loop:
+    - 'data'
+
+- name: Ensure service file is present
+  ansible.builtin.copy:
+    src: 'lander.service'
+    dest: '/lib/systemd/system/lander.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  register: res
+
+- name: systemd-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: 'res.changed'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'lander.Caddyfile'
+    dest: '/etc/caddy/lander.Caddyfile'
+    mode: '0644'
+    owner: 'root'
+    group: 'root'
+  notify: 'reload caddy'
+
+- name: Ensure lander service is enabled
+  ansible.builtin.service:
+    name: 'lander'
+    state: 'started'
+    enabled: true

roles/any.software.lander/templates/lander.env.j2

@@ -0,0 +1,3 @@
+LANDER_DATA_DIR=/mnt/data1/lander/data
+LANDER_PORT=8022
+LANDER_API_KEY={{ lander_api_key }}