feat: add lander role for pearl

main
Jef Roosens 2025-07-06 17:01:45 +02:00
parent 6b93b3f7ed
commit ef6d5e481e
No known key found for this signature in database
GPG Key ID: 21FD3D77D56BAF49
10 changed files with 196 additions and 37 deletions

View File

@ -31,3 +31,6 @@ gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
vieter_api_key: "{{ vault_vieter_api_key }}"
site_api_key: "{{ vault_site_api_key }}"
lander_api_key: "{{ vault_lander_api_key }}"
lander_version: '0.2.1'

View File

@ -1,38 +1,42 @@
$ANSIBLE_VAULT;1.1;AES256
63383436646334636234393830626134323666343733656139383235633233346239323335616531
6138343436653662313466336339333133386361376232370a323038663962373733636539363166
64376364653462316466333739633266656464376638303636316631636366643239376330353861
6266663963626532360a666166343466326266343135326139333435396661393432316230386430
31343339663862323230353266363239363532613564336536333262643231306435663964653535
39653630653963363937656335633530613462656462633038363864386565383334383238613561
64396163336234633837366565623239303835626334363334313132383530316631363039626161
33653931656636393935643263636532313831613334613564383837636230373466383739323031
34643633613432326437386137346263346438383836376130356262623531633535623537653661
31666339313961306162393763646439636263303863376532366165656433383532353436616662
34643334326461313665303130633461366665653064376566343763636362633634643661653739
36666262383838656535356166353563393334336162616463626662383361646133373130653836
61643233393163303232383566613566666332326432623139663135366263363536353762316666
35393831396635616264346364633236393364376534323932346265393831323234616530373061
36666433313162663738303462666430663261663666626339333837323838303734666436373935
38666264626238376533303934636363333034336439343431326430646262303833393561383734
30643734383030303261366133626531363932363162663136363866653635326363366530333033
37396532663864333737613165383131383263373263303836363539633164656237663563323164
38323564383163363834336633633265393562633461313665646633663231336662653834643130
65303032333139643662323166313632333431616338313462613035626366653430623463663865
64346634666132663935376532666362666636323134333633393030613965383761316530396132
63343533323138323164633837363361633062323065356465623166633963313461656231396437
64363861393466636435616439653266333963666137316332316565323431373930363130643662
63353164633037653138393139616463643437663839653261353861626463356461313039383163
33306637326234393237303264336537633538336634353830383839353864393366316536393734
38633532633432323763623430393335613739636235346465363232643631303632383362643562
33623966323065613563613865383630613634366338393464393563343361383831373736353936
33613336343334633639626263626438623065643130356266323434613037636265633136396162
38343631623034633336303731363334383036356133343832323433386565653233643438643437
61393832323766633063353764363465316633343566323363393733333834623039383238373530
37653939646562393830396364656333663463643361333461326561323638343539326266306235
32393837353631633961373066356130383566346365653033356336333435613932653736376235
33663237613437366364613731626162613761646364643061343531323761333132316535346530
30646432653336313864323036313234616231333533343535663532643133666166613433656538
38333038666634613333653831623463376261313864613736383862656362643731343637633736
64343036376238643361613362646662623462353438333730656362373336616235626134666430
37613134626637393762663562353432653439353333643665386265376561653036
66313437656435656133346166653534646465333863366137326563343661613563623461356437
6233623464323465393865306238393039396361366366330a613064313863623031613831383539
38633466306662633134326635656532393632363138633139626338383361613335383132383932
6534666564613034650a336663613537616132653166366130366535383634623961343438396634
62626333313133303565646661656433303663303033383336313035333133323338643832623936
35313030636239306461666537303933336338373130386434303938613763313437663031656362
34356234613166383434346263373963656165653763616261616632313939653937373365633366
64623637363066393364393063373264366432343638613639343861333263646362626265663734
62373631633565356431653831613166653030376139383338346335613663633661393966633263
34303734306534613333366339343131386634636135383630656136373430326236633730663235
62653264343965393734383739346639363338623566306162376232363830633432643261313664
36363637663266356133323534353035376266623237663535326430613061623335303534393066
36663235656537616438343461373637623335633235393034343830333664343538653034643166
62646564616363666531646436643338633639336262313361626534646163346131333734333964
36373466343032303865316565393061663161633664626239373931323461316263323935653331
39643834643338663164613061333833663665396636376135656636333561663062313731383530
33393065326464316332666636656438353339353438626233613664643261663864373734343663
39613833653232346462623562383062626462343564336535383362383938386664313539306634
32633963346235393764656364313265656462336335643262303939383833336638633165393966
36633166653563633266303764646530336638303661653136383161626637316664633835383461
64346464636438376233313634633961323164373634313336346137393332633762613066323938
37383938636135653135373634336566616536663161386361393466663062323064396662383865
39363462636261653964653332396533356533633335646463616333376537396133363564343533
66643031313165613632356235386561626230623534396465313131363766316137653530323531
62626566613838343334356437666234343036366164353738356232363364653964663761643934
36353835623433303132653433663938666162653664373666343235326433386364626233643737
33623737346664656165373935643032613931366536636133303164353933333533616230396261
31306364333066663165646364653961393836633431376261376163313735353134363062616361
30376161323361353832383963373265383330616534623832623331663132316139336532366466
38326531366562316536303662643834613836306331643331353437343863393134623932336165
65386565636237646435636135336134353831303933346431636235643834616561313363376631
30623764623332396162333464626435366134633538343337323262316337373435303161613966
61333739396235323437643336306462343131336639333539353736313338616337323632613537
64303031636461383462373634666562613130343864333666616564336564323936626464666336
32306230373931373531303765346262313133336337323862393463343266626335303763653631
63373232346466353138373136346435323639306637303034346130353664343363636164646236
37363363343463626566643835396462653961653331626537346633333232613065323136346161
39633232396663653966626237363761643735373739656239393566663133633633316632623265
30633332306239326333373239373739376665313237643331633461333663393763333630363134
36353135666332303163623963363130323937616236646263333361366364393133343935636330
6466

View File

@ -31,3 +31,9 @@
roles:
- 'any.software.site-podman'
tags: site
- hosts: pearl
become: true
roles:
- 'any.software.lander'
tags: lander

View File

@ -0,0 +1,3 @@
r8r.be {
reverse_proxy 127.0.0.1:8022
}

View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/lander/data'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

View File

@ -0,0 +1,15 @@
[Unit]
Description=Lander
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=exec
User=lander
Group=lander
ExecStart=/usr/local/bin/lander
Restart=always
EnvironmentFile=/etc/lander/lander.env
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,5 @@
---
- name: 'restart lander'
ansible.builtin.service:
name: 'lander'
state: 'restarted'

View File

@ -0,0 +1,3 @@
---
dependencies:
- role: 'any.tools.caddy'

View File

@ -0,0 +1,105 @@
---
- name: Ensure newest binary is present
ansible.builtin.get_url:
url: "https://git.rustybever.be/api/packages/Chewing_Bever/generic/lander/{{ lander_version }}/lander-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
dest: '/usr/local/bin/lander'
owner: 'root'
group: 'root'
mode: '0755'
notify: 'restart lander'
- name: Ensure system group exists
ansible.builtin.group:
name: 'lander'
gid: 201
system: true
state: present
- name: Ensure system user exists
ansible.builtin.user:
name: 'lander'
group: 'lander'
uid: 201
system: true
create_home: false
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/lander'
state: directory
mode: '0755'
owner: 'root'
group: 'root'
# Only one BTRFS file system should be mounted, so this will match that one
- name: Ensure data subvolume is present
community.general.btrfs_subvolume:
name: '/lander/{{ item }}'
loop:
- 'data'
- name: Ensure data subvolume permissions are correct
ansible.builtin.file:
path: '/mnt/data1/lander/{{ item }}'
state: directory
mode: '0755'
owner: 'lander'
group: 'lander'
loop:
- 'data'
- name: Ensure configuration directory is present
ansible.builtin.file:
path: '/etc/lander'
state: directory
mode: '0755'
owner: 'lander'
group: 'lander'
- name: Ensure environment file is present
ansible.builtin.template:
src: 'lander.env.j2'
dest: '/etc/lander/lander.env'
owner: 'lander'
group: 'lander'
mode: '0644'
notify: 'restart lander'
- name: Ensure backup script is present
ansible.builtin.copy:
src: 'lander.{{ item }}.backup.sh'
dest: '/etc/backups/lander.{{ item }}.backup.sh'
owner: 'root'
group: 'root'
mode: '0644'
loop:
- 'data'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'lander.service'
dest: '/lib/systemd/system/lander.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure Caddyfile is present
ansible.builtin.copy:
src: 'lander.Caddyfile'
dest: '/etc/caddy/lander.Caddyfile'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'reload caddy'
- name: Ensure lander service is enabled
ansible.builtin.service:
name: 'lander'
state: 'started'
enabled: true

View File

@ -0,0 +1,3 @@
LANDER_DATA_DIR=/mnt/data1/lander/data
LANDER_PORT=8022
LANDER_API_KEY={{ lander_api_key }}