158 lines
6.0 KiB
YAML
158 lines
6.0 KiB
YAML
- name: OpenTogetherTube
|
|
hosts: beepi
|
|
become: true
|
|
vars:
|
|
user: ott
|
|
user_home: /home/ott
|
|
ott_db_password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
33383832303231323133626563623336323137383136623335653063623365616334613338373832
|
|
3862613733313565343164383437373165343134303637620a386438383839623431363163366137
|
|
31653061353731346261383565373433623938383033306332303035323762353761393435306661
|
|
6332663866323861330a653634666464316539396665626366386565306233346563303839616639
|
|
61363334373265633930636635663339343461383061353963633762326664376464
|
|
ott_api_key: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
66616532636462386435626536656136366664643539653639393931653337303061326139356138
|
|
3665663430643332653931646637373733376639363262360a396430633663623135383731396430
|
|
34666563333239326131623337653765633132383136633231393561326566326536663135333035
|
|
3937626134376264340a323437626435373330376636353538653736376432643261393364303434
|
|
38656639303335633534613832313334373762336364343163623338393037323933343134366238
|
|
3532356231333830373063313936373830393035643731653735
|
|
google_api_key: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
65336339346437343062633462393630356139623334353033653937306631336661383138613538
|
|
3735333930613365326366393461343462656530616462350a613636623738653232373266303031
|
|
36643835383361386161323431323562346666366236666163643936613538616633303663323132
|
|
3063366466353937390a633162663635373962313464363166653339353662613162376534623634
|
|
66336137383963326461306530636439376465646633356139333739333536396639373861613866
|
|
3862376437303236373564393461336263346634393834376562
|
|
ott_session_secret: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
34376530366330626433306637633034663237326234373738613934356131386466323530303333
|
|
6264303933366264623564316638383365643134663437650a326165383538376636323237663962
|
|
36366362663930633231346230643132386565373733633262303234326636373864626362393031
|
|
6534313162396137630a326532663037323161316339643163366532626632336632616535303734
|
|
37356562626337366638313666326135343837323665343233363833663961373939336562343462
|
|
31323638383336313466643137643037343265613534333963366336666133303031316231313061
|
|
63376166666261316436356435623365343335643133326465386239396136363739366635653037
|
|
33363965666364376364393132643562633831316361346562386662666637343263363064346136
|
|
6162
|
|
tasks:
|
|
- name: Install dependencies
|
|
ansible.builtin.apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- podman
|
|
- systemd-container
|
|
- passt
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: "{{ user }}"
|
|
home: "{{ user_home }}"
|
|
shell: /usr/sbin/nologin
|
|
create_home: true
|
|
register: user_info
|
|
|
|
- name: Enable linger
|
|
ansible.builtin.command:
|
|
cmd: "loginctl enable-linger {{ user }}"
|
|
creates: "/var/lib/systemd/linger/{{ user }}"
|
|
|
|
- name: Create quadlet directory
|
|
ansible.builtin.file:
|
|
path: "{{ user_home }}/.config/containers/systemd"
|
|
state: directory
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0755'
|
|
|
|
- name: Create data directories
|
|
ansible.builtin.file:
|
|
path: "{{ user_home }}/data/{{ item }}"
|
|
state: directory
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0755'
|
|
loop:
|
|
- postgres
|
|
- redis
|
|
- env
|
|
|
|
- name: Copy production.toml
|
|
ansible.builtin.template:
|
|
src: production.toml.j2
|
|
dest: "{{ user_home }}/data/env/production.toml"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0600'
|
|
|
|
- name: Copy network
|
|
ansible.builtin.copy:
|
|
dest: "{{ user_home }}/.config/containers/systemd/ott.network"
|
|
content: "[Network]\n"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0644'
|
|
|
|
- name: Deploy db quadlet
|
|
ansible.builtin.template:
|
|
src: ott-db.container.j2
|
|
dest: "{{ user_home }}/.config/containers/systemd/ott-db.container"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0600'
|
|
|
|
- name: Deploy redis quadlet
|
|
ansible.builtin.copy:
|
|
src: ott-redis.container
|
|
dest: "{{ user_home }}/.config/containers/systemd/ott-redis.container"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0644'
|
|
|
|
- name: Deploy server quadlet
|
|
ansible.builtin.template:
|
|
src: ott-server.container.j2
|
|
dest: "{{ user_home }}/.config/containers/systemd/ott-server.container"
|
|
owner: "{{ user }}"
|
|
group: "{{ user }}"
|
|
mode: '0600'
|
|
|
|
- name: Reload user systemd
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
environment:
|
|
XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
|
|
DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
scope: user
|
|
|
|
- name: Start user manager
|
|
ansible.builtin.systemd:
|
|
name: "user@{{ user_info.uid }}.service"
|
|
state: started
|
|
|
|
- name: Start ott-server
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
environment:
|
|
XDG_RUNTIME_DIR: "/run/user/{{ user_info.uid }}"
|
|
DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ user_info.uid }}/bus"
|
|
ansible.builtin.systemd:
|
|
name: ott-server.service
|
|
state: started
|
|
scope: user
|
|
|
|
- name: Debug
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "Service status: systemctl --user --machine {{ user_info.name }}@.host status ott-server"
|
|
- "Read logs: sudo journalctl _UID={{ user_info.uid }} -n 200 --no-pager"
|
|
- "Shell: machinectl shell {{ user_info.name }}@.host /bin/bash"
|
|
tags:
|
|
- always
|