heisenbridge: new role

This commit is contained in:
Markus 2023-09-06 21:37:39 +02:00
parent 1c0b1e6032
commit 586a02e545
6 changed files with 103 additions and 2 deletions

View File

@ -0,0 +1,7 @@
---
heisenbridge_user: heisenbridge
heisenbridge_group: heisenbridge
heisenbridge_directory: /opt/heisenbridge
heisenbridge_config: "{{ heisenbridge_directory }}/heisenbridge.yaml"

View File

@ -0,0 +1,7 @@
---
- name: Reload systemd
systemd: daemon_reload=yes
- name: Restart heisenbridge
service: name=heisenbridge state=restarted

View File

@ -0,0 +1,56 @@
---
- name: Install dependencies
apt:
name:
- python3-pip
- python3-venv
- name: Create group
group:
name: "{{ heisenbridge_group }}"
system: yes
- name: Create user
user:
name: "{{ heisenbridge_user }}"
group: "{{ heisenbridge_group }}"
system: yes
create_home: no
home: "{{ heisenbridge_directory }}"
- name: Create directory
file:
path: "{{ heisenbridge_directory }}"
state: directory
owner: "{{ heisenbridge_user }}"
group: "{{ heisenbridge_group }}"
mode: 0755
- name: Install heisenbridge
pip:
name: heisenbridge
virtualenv: "{{ heisenbridge_directory }}"
virtualenv_command: python3 -m venv
become: true
become_user: "{{ heisenbridge_user }}"
environment:
MULTIDICT_NO_EXTENSIONS: 1
YARL_NO_EXTENSIONS: 1
- name: Create configuration
command:
cmd: "{{ heisenbridge_directory }}/bin/heisenbridge -c {{ heisenbridge_config }} --generate"
creates: "{{ heisenbridge_config }}"
become: true
become_user: "{{ heisenbridge_user }}"
notify: Restart heisenbridge
- name: Install systemd unit
template: src=heisenbridge.service.j2 dest=/lib/systemd/system/heisenbridge.service
notify:
- Reload systemd
- Restart heisenbridge
- name: Enable heisenbridge
service: name=heisenbridge enabled=yes

View File

@ -0,0 +1,15 @@
[Unit]
Description=Heisenbridge
After=network.target
[Service]
RestartSec=2s
Type=simple
User={{ heisenbridge_user }}
Group={{ heisenbridge_user }}
WorkingDirectory={{ heisenbridge_directory }}
ExecStart={{ heisenbridge_directory }}/bin/heisenbridge -c {{ heisenbridge_config }}
Restart=always
[Install]
WantedBy=multi-user.target

View File

@ -1512,11 +1512,26 @@ room_prejoin_state:
#additional_event_types:
# - org.example.custom.event.type
# We record the IP address of clients used to access the API for various
# reasons, including displaying it to the user in the "Where you're signed in"
# dialog.
#
# By default, when puppeting another user via the admin API, the client IP
# address is recorded against the user who created the access token (ie, the
# admin user), and *not* the puppeted user.
#
# Uncomment the following to also record the IP address against the puppeted
# user. (This also means that the puppeted user will count as an "active" user
# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc
# above.)
#
#track_puppeted_user_ips: true
# A list of application service config files to use
#
#app_service_config_files:
# - app_service_1.yaml
app_service_config_files:
- /opt/heisenbridge/heisenbridge.yaml
# - app_service_2.yaml
# Uncomment to enable tracking of application service IP addresses. Implicitly

View File

@ -116,6 +116,7 @@
hosts: sodium.binary-kitchen.net
roles:
- matrix
- heisenbridge
- name: Setup turn server
hosts: magnesium.binary-kitchen.net