From a2b76ad7b0ab377030c2d7443f2f1d22e91c85e9 Mon Sep 17 00:00:00 2001 From: saibotk Date: Thu, 20 Aug 2020 21:49:06 +0200 Subject: [PATCH] ts3audiobot: Add role Adds a simplified version of the role, without generating configuration. You still need to adjust the `rights.toml` and add a bot under `data/bots/BOTNAME/bot.toml`. --- roles/ts3audiobot/README.md | 36 +++++++++ roles/ts3audiobot/defaults/main.yml | 39 ++++++++++ roles/ts3audiobot/meta/main.yml | 16 ++++ roles/ts3audiobot/tasks/main.yml | 76 +++++++++++++++++++ .../ts3audiobot/templates/docker-compose.yml | 60 +++++++++++++++ teamspeak.yml | 2 + 6 files changed, 229 insertions(+) create mode 100644 roles/ts3audiobot/README.md create mode 100644 roles/ts3audiobot/defaults/main.yml create mode 100644 roles/ts3audiobot/meta/main.yml create mode 100644 roles/ts3audiobot/tasks/main.yml create mode 100644 roles/ts3audiobot/templates/docker-compose.yml diff --git a/roles/ts3audiobot/README.md b/roles/ts3audiobot/README.md new file mode 100644 index 0000000..36accb2 --- /dev/null +++ b/roles/ts3audiobot/README.md @@ -0,0 +1,36 @@ +ts3audiobot +========= + +This will setup a [TS3AudioBot](https://github.com/Splamy/TS3AudioBot) server using a docker container. + +Requirements +------------ + +You will need to have docker, docker-compose and, if using the web API, traefik installed or declared as dependencies with their respective roles. + +**This role assumes that, if using the web API, you have setup traefik with an endpoint called `websecure`.** + +Role Variables +-------------- + +**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.** + +**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!** + +### Global variables, that are used: +**Only needed with an enabled redirect and traefik:** + +- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional) +- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional) + +Dependencies +------------ + +- docker +- docker-compose +- traefik (optional, needed when using the redirect) + +License +------- + +GPL-3.0-only diff --git a/roles/ts3audiobot/defaults/main.yml b/roles/ts3audiobot/defaults/main.yml new file mode 100644 index 0000000..bdf6c9e --- /dev/null +++ b/roles/ts3audiobot/defaults/main.yml @@ -0,0 +1,39 @@ +--- +# Default variables for the ts3audiobot role + +# Infrastructure +# Ansible instructions to deploy the infrastructure +# Copyright (C) 2020 Saibotk +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 3 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# The install locations +ts3audiobot_install_location: /srv/ts3audiobot +ts3audiobot_data_location: "{{ ts3audiobot_install_location }}/data" + +# The docker image and version to use +ts3audiobot_baseimage: registry.git.saibotk.de/saibotk/ts3audiobot-docker +ts3audiobot_version: latest +ts3audiobot_image_version: "{{ ts3audiobot_version }}" + +# The SELinux level that should be applied to the container/data folder (default is omit and it will be unset) +ts3audiobot_selinux_level: "{{ omit }}" + +# Should the bot be available through the domain / be exposed via HTTP? +ts3audiobot_web_enabled: false + +# The certresolver for traefik to use on this domain (only needed when the redirect is enabled) +ts3audiobot_traefik_certresolver: letsencrypt_http + +# The domain under which the web api/interface should be available +ts3audiobot_traefik_domain: bot.ts.example.com diff --git a/roles/ts3audiobot/meta/main.yml b/roles/ts3audiobot/meta/main.yml new file mode 100644 index 0000000..cad0cbd --- /dev/null +++ b/roles/ts3audiobot/meta/main.yml @@ -0,0 +1,16 @@ +galaxy_info: + author: saibotk + description: Deploys a ts3audiobot server via docker. + license: GPL-3.0-only + min_ansible_version: 2.9 + + platforms: + - name: CentOS + versions: + - 7 + + galaxy_tags: [] + +dependencies: + - docker + - docker-compose diff --git a/roles/ts3audiobot/tasks/main.yml b/roles/ts3audiobot/tasks/main.yml new file mode 100644 index 0000000..8ced53c --- /dev/null +++ b/roles/ts3audiobot/tasks/main.yml @@ -0,0 +1,76 @@ +--- +# Tasks file for the ts3audiobot role + +# Infrastructure +# Ansible instructions to deploy the infrastructure +# Copyright (C) 2020 Saibotk +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 3 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +- name: Update default SELinux contexts + sefcontext: + target: '{{ item }}(/.*)?' + setype: "container_file_t" + selevel: "{{ ts3audiobot_selinux_level }}" + state: present + with_items: + - "{{ ts3audiobot_data_location }}" + become: true + +- name: Create install directory + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ ts3audiobot_install_location }}" + tags: + - ts3audiobot + become: true + +- name: Create data directory + file: + path: "{{ item }}" + state: directory + owner: '9999' + group: '9999' + setype: "container_file_t" + selevel: "{{ ts3audiobot_selinux_level }}" + with_items: + - "{{ ts3audiobot_data_location }}" + tags: + - ts3audiobot + become: true + +- name: Deploy docker-compose.yml + template: + src: docker-compose.yml + dest: "{{ ts3audiobot_install_location }}/docker-compose.yml" + mode: '0600' + owner: 'root' + group: 'root' + validate: python2 -m compose -f %s config -q + tags: + - docker + - ts3audiobot + become: true + +- name: Compose ts3audiobot + docker_compose: + state: present + project_src: "{{ ts3audiobot_install_location }}" + pull: yes + remove_orphans: yes + tags: + - docker + - ts3audiobot + become: true diff --git a/roles/ts3audiobot/templates/docker-compose.yml b/roles/ts3audiobot/templates/docker-compose.yml new file mode 100644 index 0000000..d962144 --- /dev/null +++ b/roles/ts3audiobot/templates/docker-compose.yml @@ -0,0 +1,60 @@ +{{ ansible_managed | comment }} + +# Infrastructure +# Ansible instructions to deploy the infrastructure +# Copyright (C) 2020 Saibotk +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 3 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +version: '2.1' +services: + ts3audiobot: + image: {{ ts3audiobot_baseimage }}:{{ ts3audiobot_image_version }} + mem_limit: 100mb + memswap_limit: 128mb + security_opt: + - no-new-privileges +{% if ts3audiobot_selinux_level != omit %} + - label=level:{{ ts3audiobot_selinux_level }} +{% endif %} + restart: always + volumes: + - "{{ ts3audiobot_data_location }}:/data" +{% if ts3audiobot_web_enabled %} + labels: + - "traefik.enable=true" + - "traefik.http.routers.ts3audiobot.rule=Host(`{{ ts3audiobot_traefik_domain }}`) && PathPrefix(`/`)" + - "traefik.http.routers.ts3audiobot.entrypoints=websecure" + - "traefik.http.routers.ts3audiobot.tls.certresolver={{ ts3audiobot_traefik_certresolver }}" + - "traefik.http.routers.ts3audiobot.middlewares=ts3audiobot,compress" + - "traefik.http.services.ts3audiobot.loadbalancer.server.port=58913" + - "traefik.http.middlewares.ts3audiobot.headers.sslredirect=true" + - "traefik.http.middlewares.ts3audiobot.headers.stsSeconds=63072000" + - "traefik.http.middlewares.ts3audiobot.headers.referrerPolicy=same-origin" +{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %} + - "traefik.http.middlewares.ts3audiobot.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000" +{% endif %} +{% if proxy_network is defined %} + - "traefik.docker.network={{ proxy_network }}" +{% endif %} +{% endif %} +{% if proxy_network is defined %} + networks: + {{ proxy_network }}: +{% endif %} + +{% if proxy_network is defined %} +networks: + {{ proxy_network }}: + external: true +{% endif %} diff --git a/teamspeak.yml b/teamspeak.yml index c77a7b1..e182c63 100644 --- a/teamspeak.yml +++ b/teamspeak.yml @@ -21,6 +21,8 @@ - docker - docker-compose - docker-cleanup + - traefik - teamspeak + - ts3audiobot environment: PYTHONPATH: /opt/python2/ansible-dependencies/lib/python2.7/site-packages