add klipper related roles and noodlehub role

Signed-off-by: Thomas Schmid <tom@lfence.de>
2022-01-20 20:40:32 +01:00 · 2022-01-20 20:40:32 +01:00 · aa6286623d
commit aa6286623d
parent 2adfd65c79
24 changed files with 629 additions and 0 deletions
--- a/group_vars/Octoprint_hosts/vars.yml
+++ b/group_vars/Octoprint_hosts/vars.yml
@ -0,0 +1,18 @@
 octoprint_users_list:
  binarykitchen:
    active: true
    apikey: null
    groups:
    - users
    - admins
    password: fb5adb1fbecb856f2f37da607ea17faf4887cb353b0d28459b12fb814b59d325825b7856d604efddf30b7b0a08e95af0b5a78d6912830bac171d84fe0d8d2a33
    permissions: []
    roles:
    - user
    - admin
    settings: {}
 octoprint_app_keys:
  binarykitchen:
  - api_key: 966930451181429EAAR2D2B78EF0B1F5
    app_id: slicer_upload
--- a/roles/fluidd/defaults/main.yml
+++ b/roles/fluidd/defaults/main.yml
@ -0,0 +1,4 @@
 ---
 fluidd_dir: /var/www/fluidd
 fluidd_api_server: localhost:7125
--- a/roles/fluidd/meta/main.yml
+++ b/roles/fluidd/meta/main.yml
@ -0,0 +1,5 @@
 ---
 dependencies:
  - { role: acertmgr }
  - { role: nginx, nginx_ssl: true}
--- a/roles/fluidd/tasks/main.yml
+++ b/roles/fluidd/tasks/main.yml
@ -0,0 +1,26 @@
 ---
 - name: Create fluidd directory
  file:
    path: "{{ fluidd_dir }}"
    owner: www-data
    group: www-data
    state: directory
 - name: Get fluidd src
  unarchive:
    remote_src: yes
    src: https://github.com/fluidd-core/fluidd/releases/latest/download/fluidd.zip
    dest: "{{ fluidd_dir }}"
    group: www-data
 - name: Copy vhost
  template:
    src: vhost.j2
    dest: /etc/nginx/sites-available/fluidd
 - name: Enable vhost
  file:
    src: /etc/nginx/sites-available/fluidd
    dest: /etc/nginx/sites-enabled/fluidd
    state: link
--- a/roles/fluidd/templates/vhost.j2
+++ b/roles/fluidd/templates/vhost.j2
@ -0,0 +1,66 @@
 # /etc/nginx/sites-available/fluidd
 map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
 }
 upstream apiserver {
    ip_hash;
    server {{ fluidd_api_server }};
 }
 server {
    listen 80 ;
    server_name {{ fluidd_domain }};
    access_log /var/log/nginx/fluidd-access.log;
    error_log /var/log/nginx/fluidd-error.log;
    # disable this section on smaller hardware like a pi zero
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_proxied expired no-cache no-store private auth;
    gzip_comp_level 4;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml;
    # web_path from fluidd static files
    root {{ fluidd_dir }};
    index index.html;
    # disable max upload size checks
    client_max_body_size 0;
    # disable proxy request buffering
    proxy_request_buffering off;
    location / {
        try_files $uri $uri/ /index.html;
    }
    location = /index.html {
        add_header Cache-Control "no-store, no-cache, must-revalidate";
    }
    location /websocket {
        proxy_pass http://apiserver/websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 86400;
    }
    location ~ ^/(printer|api|access|machine|server)/ {
        proxy_pass http://apiserver$request_uri;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
    }
 }
--- a/roles/klipper/defaults/main.yml
+++ b/roles/klipper/defaults/main.yml
@ -0,0 +1,5 @@
 klipper_user: klipper
 klipper_group: klipper
 klipper_dir: /opt/klipper
 klipper_conf_dir: /etc/klipper
 klipper_venv: /opt/klipper/venv
--- a/roles/klipper/tasks/main.yml
+++ b/roles/klipper/tasks/main.yml
@ -0,0 +1,90 @@
 ---
 - name: Create group
  group:
    name: "{{ klipper_group }}"
 - name: Create user
  user: 
    name: "{{ klipper_user }}"
    home: "/home/{{ klipper_user }}"
    group: "{{ klipper_group }}"
    append: yes
    groups:
    - tty
    - dialout
    - video
 - name: Add klipper user to additional groups
  user:
    name: "{{ klipper_user }}"
    append: yes
    groups: "{{ klipper_groups }}"
  when: klipper_groups is defined
 - name: Create config directory
  file:
    path: "{{ klipper_conf_dir }}"
    owner: "{{ klipper_user }}"
    group: "{{ klipper_group }}"
    recurse: true
    state: directory
 - name: Install requirements
  apt:
    name:
    - python3-pip
    - python3-virtualenv
    - virtualenv
    - python-dev
    - libffi-dev
    - build-essential
    - libncurses-dev
    - libusb-dev
    - avrdude
    - gcc-avr
    - binutils-avr
    - avr-libc
    - stm32flash
    - dfu-util
    - libnewlib-arm-none-eabi
    - gcc-arm-none-eabi
    - binutils-arm-none-eabi
    - libusb-1.0-0
    - git
 - name: Clone klipper
  git:
    repo: https://github.com/Klipper3d/klipper.git
    dest: "{{ klipper_dir }}"
 - name: Set user and group for klipper src
  file:
    path: "{{ klipper_dir }}"
    owner: "{{ klipper_user }}"
    group: "{{ klipper_group }}"
    recurse: true
    state: directory
 - name: Create virtual env and install python dependencies
  pip:
    requirements: /opt/klipper/scripts/klippy-requirements.txt
    virtualenv: /opt/klipper/venv
    virtualenv_python: python2.7
 - name: Install klipper config
  git:
    repo: https://git.binary-kitchen.de/3D-Printers/Voron2_Config.git
    dest: "{{ klipper_conf_dir }}"
    umask: "002"
  become: yes
  become_user: "{{ klipper_user }}"
 - name: Install service file
  template:
    src: klipper.service.j2
    dest: /usr/lib/systemd/system/klipper.service
 - name: Enable klipper
  service: name=klipper enabled=yes
--- a/roles/klipper/templates/klipper.service.j2
+++ b/roles/klipper/templates/klipper.service.j2
@ -0,0 +1,16 @@
 #Systemd service file for klipper
 [Unit]
 Description=Starts klipper on startup
 After=network.target
 [Install]
 WantedBy=multi-user.target
 [Service]
 Type=simple
 User= {{ klipper_user }}
 RemainAfterExit=yes
 ExecStart={{ klipper_dir }}/venv/bin/python {{ klipper_dir }}/klippy/klippy.py {{ klipper_conf_dir }}/printer.cfg -l /tmp/klippy.log -a /tmp/klipper_uds -I /home/klipper/printer
 Restart=always
 RestartSec=10
--- a/roles/mainsail/defaults/main.yml
+++ b/roles/mainsail/defaults/main.yml
@ -0,0 +1,4 @@
 ---
 mainsail_dir: /var/www/mainsail
 mainsail_api_server: localhost:7125
--- a/roles/mainsail/meta/main.yml
+++ b/roles/mainsail/meta/main.yml
@ -0,0 +1,5 @@
 ---
 dependencies:
  - { role: acertmgr }
  - { role: nginx, nginx_ssl: true}
--- a/roles/mainsail/tasks/main.yml
+++ b/roles/mainsail/tasks/main.yml
@ -0,0 +1,26 @@
 ---
 - name: Create mainsail directory
  file:
    path: "{{ mainsail_dir }}"
    owner: www-data
    group: www-data
    state: directory
 - name: Get Mainsail src
  unarchive:
    remote_src: yes
    src: https://github.com/mainsail-crew/mainsail/releases/latest/download/mainsail.zip
    dest: "{{ mainsail_dir }}"
    group: www-data
 - name: Copy vhost
  template:
    src: vhost.j2
    dest: /etc/nginx/sites-available/mainsail
 - name: Enable vhost
  file:
    src: /etc/nginx/sites-available/mainsail
    dest: /etc/nginx/sites-enabled/mainsail
    state: link
--- a/roles/mainsail/templates/vhost.j2
+++ b/roles/mainsail/templates/vhost.j2
@ -0,0 +1,66 @@
 # /etc/nginx/sites-available/mainsail
 map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
 }
 upstream apiserver {
    ip_hash;
    server {{ mainsail_api_server }};
 }
 server {
    listen 80 ;
    server_name {{ mainsail_domain }};
    access_log /var/log/nginx/mainsail-access.log;
    error_log /var/log/nginx/mainsail-error.log;
    # disable this section on smaller hardware like a pi zero
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_proxied expired no-cache no-store private auth;
    gzip_comp_level 4;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/json application/xml;
    # web_path from mainsail static files
    root {{ mainsail_dir }};
    index index.html;
    # disable max upload size checks
    client_max_body_size 0;
    # disable proxy request buffering
    proxy_request_buffering off;
    location / {
        try_files $uri $uri/ /index.html;
    }
    location = /index.html {
        add_header Cache-Control "no-store, no-cache, must-revalidate";
    }
    location /websocket {
        proxy_pass http://apiserver/websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 86400;
    }
    location ~ ^/(printer|api|access|machine|server)/ {
        proxy_pass http://apiserver$request_uri;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
    }
 }
--- a/roles/moonraker/defaults/main.yml
+++ b/roles/moonraker/defaults/main.yml
@ -0,0 +1,12 @@
 moonraker_user: klipper
 moonraker_group: klipper
 moonraker_src_dir: /opt/moonraker
 moonraker_conf_dir: /etc/moonraker
 moonraker_file_manager_config_path: /etc/klipper
 moonraker_file_manager_log_path: /tmp
 moonraker_klippy_uds_address: /tmp/klipper_uds
 moonraker_host: 127.0.0.1
 moonraker_port: 7125
--- a/roles/moonraker/tasks/main.yml
+++ b/roles/moonraker/tasks/main.yml
@ -0,0 +1,66 @@
 ---
 - name: Create group
  group:
    name: "{{ moonraker_group }}"
 - name: Create user
  user: 
    name: "{{ moonraker_user }}"
    home: "/home/{{ moonraker_user }}"
    group: "{{ moonraker_group }}"
    append: yes
    groups:
    - video
    - klipper
 - name: Install dependencies
  apt:
    name:
    - python3-virtualenv
    - python3-dev
    - libopenjp2-7
    - python3-libgpiod
    - curl
    - libcurl4-openssl-dev
    - libssl-dev
    - liblmdb-dev
    - libsodium-dev
    - zlib1g-dev
    - libjpeg-dev
 - name: Create config directory
  file:
    path: "{{ moonraker_conf_dir }}"
    state: directory
    owner: "{{ moonraker_user }}"
    group: "{{ moonraker_group }}"
 - name: Copy moonraker config
  template:
    src: moonraker.conf.j2
    dest: "{{ moonraker_conf_dir }}/moonraker.conf"
  become: yes
  become_user: "{{ moonraker_user }}"
 - name: Clone moonraker src
  git:
    repo: https://github.com/Arksine/moonraker.git
    dest: "{{ moonraker_src_dir }}"
 - name: Create python virtual environment
  pip:
    requirements: "{{ moonraker_src_dir }}/scripts/moonraker-requirements.txt"
    virtualenv: "{{ moonraker_src_dir }}/venv"
 - name: Copy systemd service file
  template:
    src: moonraker.service.j2
    dest: /etc/systemd/system/moonraker.service
 - name: Enable moonraker
  service:
    name: moonraker
    enabled: yes
--- a/roles/moonraker/templates/moonraker.conf.j2
+++ b/roles/moonraker/templates/moonraker.conf.j2
@ -0,0 +1,24 @@
 [server]
 host: {{ moonraker_host }}
 port: {{ moonraker_port }}
 [file_manager]
 config_path: {{ moonraker_file_manager_config_path }}
 log_path: {{ moonraker_file_manager_log_path }}
 queue_gcode_uploads: True
 enable_object_processing: True
 [authorization]
 trusted_clients:
  0.0.0.0/0
 [secrets]
 secrets_path: /etc/moonraker/passwd
 [octoprint_compat]
 [history]
 [zeroconf]
--- a/roles/moonraker/templates/moonraker.service.j2
+++ b/roles/moonraker/templates/moonraker.service.j2
@ -0,0 +1,17 @@
 #Systemd service file for moonraker
 [Unit]
 Description=API Server for Klipper
 Requires=network-online.target
 After=network-online.target
 [Install]
 WantedBy=multi-user.target
 [Service]
 Type=simple
 User={{ moonraker_user }}
 RemainAfterExit=yes
 WorkingDirectory={{ moonraker_src_dir }}
 ExecStart={{moonraker_src_dir}}/venv/bin/python {{moonraker_src_dir}}/moonraker/moonraker.py -c {{moonraker_conf_dir}}/moonraker.conf -l /tmp/moonraker.log
 Restart=always
 RestartSec=10
--- a/roles/moonraker/templates/passwd.j2
+++ b/roles/moonraker/templates/passwd.j2
@ -0,0 +1 @@
 [
--- a/roles/noodlehub/defaults/main.yml
+++ b/roles/noodlehub/defaults/main.yml
@ -0,0 +1,5 @@
 noodlehub_user: noodlehub
 noodlehub_group: noodlehub
 noodlehub_dir: /opt/noodlehub
 noodlehub_venv: /opt/noodlehub/venv
 noodlehub_ssl: false
--- a/roles/noodlehub/handlers/main.yml
+++ b/roles/noodlehub/handlers/main.yml
@ -0,0 +1,8 @@
 - name: Reload systemd
  systemd: daemon_reload=yes
 - name: Restart noodlehub
  service: name=noodlehub state=restarted
 - name: Restart nginx
  service: name=nginx state=restarted
--- a/roles/noodlehub/meta/main.yml
+++ b/roles/noodlehub/meta/main.yml
@ -0,0 +1,5 @@
 ---
 dependencies:
  - { role: acertmgr, when: noodlehub_ssl}
  - { role: nginx, nginx_ssl: noodlehub_ssl}
--- a/roles/noodlehub/tasks/main.yml
+++ b/roles/noodlehub/tasks/main.yml
@ -0,0 +1,73 @@
 ---
 - name: Install dependencies
  apt:
    name:
    - python3-pip
    - python3-virtualenv
    - gpiod
    - python3-libgpiod
    - git
 - name: Create group
  group:
    name: "{{ noodlehub_user }}"
 - name: Create user
  user:
    name: "{{ noodlehub_user }}"
    group: "{{ noodlehub_group }}"
    home: /home/{{ noodlehub_user }}
    groups:
    - gpio
 - name: Create directory
  file:
    owner: "{{ noodlehub_user }}"
    group: "{{ noodlehub_group }}"
    path: "{{ noodlehub_dir }}"
    state: directory
 - name: Clone noodlehub repository
  git:
    repo: https://github.com/binary-kitchen/noodle_hub.git
    version: devel
    dest: "{{ noodlehub_dir }}"
    update: true
  become: true
  become_user: "{{ noodlehub_user }}"
 - name: Create virtualenv and install python dependencies
  pip:
    name:
    - pyyaml
    - flask
    - jinja2
    - paho-mqtt
    - utils
    virtualenv: "{{ noodlehub_venv }}"
  become: true
  become_user: "{{ noodlehub_user }}"
 - name: Configure vhost
  template: src=nginx_vhost.j2 dest=/etc/nginx/sites-available/noodlehub
  notify: Restart nginx
 - name: Enable vhost
  file: src=/etc/nginx/sites-available/noodlehub dest=/etc/nginx/sites-enabled/noodlehub state=link
  notify: Restart nginx
 - name: Install systemd unit file
  template:
    src: noodlehub.service.j2
    dest: /usr/lib/systemd/system/noodlehub.service
  notify: Reload systemd
 - name: Enable noodlehub
  service:
    name: noodlehub
    enabled: yes
    state: started
--- a/roles/noodlehub/templates/nginx_vhost.j2
+++ b/roles/noodlehub/templates/nginx_vhost.j2
@ -0,0 +1,59 @@
 {% if not noodlehub_ssl %}
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ noodlehub_domain }};
 	location / {
 		client_max_body_size 1024M;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_http_version 1.1;
 		proxy_pass http://localhost:5000;
 	}
 }
 {% else %}
 server {
 	listen 80;
 	listen [::]:80;
 	server_name {{ octoprint_domain }};
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		alias /var/www/acme-challenge;
 	}
 	location / {
 		return 301 https://{{ octoprint_domain }}$request_uri;
 	}
 }
 server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	server_name {{ gitea_domain }};
 	ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key;
 	ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt;
 	location / {
 		client_max_body_size 1024M;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Script-Name /octoprint;
        proxy_http_version 1.1;
 		proxy_pass http://localhost:5000;
 	}
 }
 {% endif %}
--- a/roles/noodlehub/templates/noodlehub.service.j2
+++ b/roles/noodlehub/templates/noodlehub.service.j2
@ -0,0 +1,16 @@
 [Unit]
 Description=Noodlehub
 After=syslog.target
 After=network.target
 [Service]
 RestartSec=2s
 Type=simple
 User={{ noodlehub_user }}
 Group={{ noodlehub_user }}
 WorkingDirectory={{ noodlehub_dir }}
 ExecStart={{ noodlehub_dir }}/venv/bin/python ./noodle_hub
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/site.yml
+++ b/site.yml
@ -4,6 +4,18 @@
  - common
  - root_keys
 - name: Setup noodlehub
  hosts: noodlehub.binary.kitchen
  roles:
  - noodlehub
  tags: noodlehub
 - name: Setup klipper
  hosts: cannelloni.binary.kitchen
  roles:
  - klipper
  tags: klipper
 - name: Setup octoprint
  hosts: [Octoprint_hosts]
  roles: