gotty

nodiscc · May 29, 2021 · 369fcd3 · 369fcd3
1 parent 2cfdf4c
commit 369fcd3
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 183 deletions.
diff --git a/roles/gotty/defaults/main.yml b/roles/gotty/defaults/main.yml
@@ -24,5 +24,7 @@ gotty_reconnect: no
 gotty_reconnect_time: 10
 # (seconds) timeout seconds for waiting a client
 gotty_input_timeout: 0
+# IP address to listen on
+gotty_listen_address: "0.0.0.0"
 # gotty release/version number (https://github.com/sorenisanerd/gotty/releases, without leading v)
 gotty_version: "1.2.0"
diff --git a/roles/gotty/tasks/gotty.yml b/roles/gotty/tasks/gotty.yml
@@ -1,200 +1,88 @@
 ##### PACKAGES #####
 
-- name: install git
-  apt:
-    package: git
-    state: present
-
 ##### DOWNLOADS #####
 
-- name: download gitea binary
+- name: download gotty binary
   get_url:
     url: "{{ item.url }}"
     dest: "{{ item.dest }}"
   with_items:
-    - { url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64",
-        dest: "/root/gitea-{{ gitea_version }}-linux-amd64" }
-    - { url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64.asc",
-        dest: "/root/gitea-{{ gitea_version }}-linux-amd64.asc" }
-    - { url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64.sha256",
-        dest: "/root/gitea-{{ gitea_version }}-linux-amd64.sha256" }
-
-# Key from 'gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2; gpg --export --armor 7C9E68152594688862D62AF62D9AE806EC1592E2'
-- name: copy gitea GPG key
-  copy:
-    src: root_gitea.key
-    dest: /root/gitea.key
-    owner: root
-    group: root
-    mode: 0660
+    - { url: "https://github.com/sorenisanerd/gotty/releases/download/v{{ gotty_version }}/gotty_v{{ gotty_version }}_linux_amd64.tar.gz",
+        dest: "/root/gotty_v{{ gotty_version }}_linux_amd64.tar.gz" }
+    - { url: "https://github.com/sorenisanerd/gotty/releases/download/v{{ gotty_version }}/SHA256SUMS",
+        dest: "/root/gotty-SHA256SUMS" }
 
-- name: import gitea GPG key
-  command: gpg --import /root/gitea.key
-  register: gitea_import_gpgkey
-  changed_when: "'unchanged: 1' not in gitea_import_gpgkey.stderr"
+# TODO CHECK SHA256SUMS
 
-- name: verify gitea GPG signatures
-  command: gpg --verify /root/gitea-{{ gitea_version }}-linux-amd64.asc /root/gitea-{{ gitea_version }}-linux-amd64
-  changed_when: no
+- name: extract gotty tarball
+  unarchive:
+    src: "/root/otty_v{{ gotty_version }}_linux_amd64.tar.gz"
+    dest: "/root/gotty-unpack"
+    remote_src: yes
+    mode: u=rwX
+  no_log: True
 
 ##### USER #####
 
-- name: create gitea group
-  group:
-    name: gitea
-    state: present
-    system: yes
-
-- name: add gitea user
-  user:
-    name: 'gitea'
-    system: yes
-    shell: '/bin/bash'
-    comment: 'Gitea git service'
-    password: '*'
-    home: '{{ gitea_user_home }}'
-    groups:
-      - 'gitea'
-      - 'ssh'
-
-
 ##### FILES/PERMISSIONS #####
 
-- name: create gitea directories
-  file:
-    state: directory
-    path: "{{ item.path }}"
-    owner: "root"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-    recurse: no
-  with_items:
-    - { path: "/etc/gitea", group: "gitea", mode: "u=rwX,g=rX" }
-    - { path: "{{ gitea_user_home }}/custom", group: "root", mode: "u=rwX" }
-    - { path: "{{ gitea_user_home }}/public", group: "root", mode: "u=rwX" }
-    - { path: "{{ gitea_user_home }}/data", group: "gitea", mode: "u=rwX,g=rwX" }
-    - { path: "{{ gitea_user_home }}/indexers", group: "gitea", mode: "u=rwX,g=rwX" }
-    - { path: "{{ gitea_user_home }}/log", group: "gitea", mode: "u=rwX,g=rwX" }
-    - { path: '{{ gitea_user_home }}/repos', group: "gitea", mode: "u=rwX,g=rwX" }
-
-- name: install gitea systemd service/unit file
+- name: install gotty systemd service/unit file
   template:
-    src: "etc_systemd_system_gitea.service.j2"
-    dest: "/etc/systemd/system/gitea.service"
+    src: "etc_systemd_system_gotty.service.j2"
+    dest: "/etc/systemd/system/gotty.service"
     mode: 0644
   notify: reload systemd unit files
 
 # reload systemd unit files as soon as possible
 - name: run all notified handlers now
   meta: flush_handlers
 
-- name: copy gitea binary
+- name: copy gotty binary
   copy:
-    src: "/root/gitea-{{ gitea_version }}-linux-amd64"
-    dest: "/usr/local/bin/gitea"
+    src: "/root/gotty-unpack/gotty"
+    dest: "/usr/local/bin/gotty"
     mode: 0755
     remote_src: yes
     owner: root
     group: root
-  notify: restart gitea
-  when: not ansible_check_mode
-
-- name: set gitea_root_url variable
-  set_fact:
-    gitea_root_url: "https://{{ gitea_fqdn }}{{ gitea_base_url }}"
-
-- name: copy gitea configuration file
-  template:
-    src: 'etc_gitea_app.ini'
-    dest: '/etc/gitea/app.ini'
-    owner: root
-    group: gitea
-    mode: 0640 # read only for gitea
-  notify: restart gitea
-
-# TODO not idempotent
-- name: create gitea database tables
-  become: yes
-  become_user: gitea
-  command: gitea migrate --config /etc/gitea/app.ini
-  args:
-    chdir: "{{ gitea_user_home }}"
-  when:
-    - (ansible_local.gitea.general.db_initialized is not defined) or (not ansible_local.gitea.general.db_initialized)
-    - not ansible_check_mode
-
-- name: create gitea admin user
-  become: yes
-  become_user: gitea
-  command: gitea admin create-user
-           --username "{{ gitea_admin_username }}"
-           --password "{{ gitea_admin_password }}"
-           --email "{{ gitea_admin_email }}"
-           --admin --config /etc/gitea/app.ini
-  args:
-    chdir: "{{ gitea_user_home }}"
-  register: "gitea_create_user"
-  failed_when: gitea_create_user.rc != 0 and 'user already exists' not in gitea_create_user.stdout
-  changed_when: "'user already exists' not in gitea_create_user.stdout"
+  notify: restart gotty
   when: not ansible_check_mode
 
-- name: create ansible local facts directory
-  file:
-    path: "{{ item }}"
-    state: directory
-    mode: 0755
-  with_items:
-    - /etc/ansible/
-    - /etc/ansible/facts.d
-
-- name: create gitea ansible facts file
-  template:
-    src: etc_ansible_facts.d_gitea.fact.j2
-    dest: /etc/ansible/facts.d/gitea.fact
-    mode: 0644
+# TODO
+# - name: copy gotty configuration file
+#   template:
+#     src: 'etc_gotty_app.ini'
+#     dest: '/etc/gotty/app.ini'
+#     owner: root
+#     group: gotty
+#     mode: 0640 # read only for gotty
+#   notify: restart gotty
 
 ###### FAIL2BAN ############
 
-- name: copy gitea fail2ban jail config
-  template:
-    src: etc_fail2ban_jail.d_gitea.conf.j2
-    dest: /etc/fail2ban/jail.d/gitea.conf
-    mode: 0600
-  tags: fail2ban
-  notify: reload fail2ban
-
-- name: copy fail2ban gitea-auth filter
-  template:
-    src: etc_fail2ban_filter.d_gitea-auth.conf.j2
-    dest: /etc/fail2ban/filter.d/gitea-auth.conf
-    mode: 0600
-  tags: fail2ban
-  notify: reload fail2ban
-
-
-##### BACKUPS #####
-
-- name: copy rsnapshot configuration for gitea backups
-  template:
-    src: etc_rsnapshot.d_gitea.conf.j2
-    dest: /etc/rsnapshot.d/gitea.conf
-    mode: 0600
-  notify: check rsnapshot configuration
-  when: '"nodiscc.xsrv.backup" in role_names'
-
+# todo
+# - name: copy gotty fail2ban jail config
+#   template:
+#     src: etc_fail2ban_jail.d_gotty.conf.j2
+#     dest: /etc/fail2ban/jail.d/gotty.conf
+#     mode: 0600
+#   tags: fail2ban
+#   notify: reload fail2ban
+
+# - name: copy fail2ban gotty-auth filter
+#   template:
+#     src: etc_fail2ban_filter.d_gotty-auth.conf.j2
+#     dest: /etc/fail2ban/filter.d/gotty-auth.conf
+#     mode: 0600
+#   tags: fail2ban
+#   notify: reload fail2ban
 
 ##### SERVICE #####
 
-- name: disable gitea now
-  service:
-    name: gitea
-    state: stopped
-    enabled: no
-  when: not gitea_enable_service
-
-- name: enable gitea now
-  service:
-    name: gitea
-    state: started
-    enabled: yes
-  when: gitea_enable_service
+- name: enable/disable start/stop gotty service
+  systemd:
+    name: gotty
+    enabled: "{{ gotty_enable_service }}"
+    state: "{{ 'started' if gotty_enable_service else 'stopped' }}"
+    daemon_reload: yes
+  ignore_errors: "{{ ansible_check_mode|bool }}"
diff --git a/roles/gotty/templates/etc_systemd_system_gitea.service.j2 b/roles/gotty/templates/etc_systemd_system_gitea.service.j2
diff --git a/roles/gotty/templates/etc_systemd_system_gotty.service.j2 b/roles/gotty/templates/etc_systemd_system_gotty.service.j2
@@ -0,0 +1,19 @@
+# Systemd unit file for gotty
+# https://github.com/go-gotty/gotty/blob/master/contrib/systemd/gotty.service
+[Unit]
+Description=gotty - share your terminal as a web application
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=5s
+Type=simple
+User={{ gotty_run_username }}
+Group={{ gotty_run_username }}
+WorkingDirectory={{ gotty_run_user_home }}/
+ExecStart=/usr/local/bin/gotty --address "{{ gotty_listen_address }}" {{ '--permit-write' if gotty_permit_write }} --credential "{{ gotty_auth_username }}:{{ gotty_auth_password }}" --port 3004 {{ '--reconnect' if gotty_reconnect }} --reconnect-time {{ gotty_reconnect_time }} --close-timeout {{ gotty_close_timeout }} --input-timeout {{ gotty_input_timeout }} "{{ gotty_run_command }}"
+Restart=always
+#Environment=
+
+[Install]
+WantedBy=multi-user.target