ts3audiobot: Add role

Adds a simplified version of the role, without generating configuration. You still need to adjust the `rights.toml` and add a bot under `data/bots/BOTNAME/bot.toml`.

roles/ts3audiobot/README.md

@@ -0,0 +1,36 @@
+ts3audiobot
+=========
+
+This will setup a [TS3AudioBot](https://github.com/Splamy/TS3AudioBot) server using a docker container.
+
+Requirements
+------------
+
+You will need to have docker, docker-compose and, if using the web API, traefik installed or declared as dependencies with their respective roles.
+
+**This role assumes that, if using the web API, you have setup traefik with an endpoint called `websecure`.**
+
+Role Variables
+--------------
+
+**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
+
+**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**  
+
+### Global variables, that are used:
+**Only needed with an enabled redirect and traefik:**
+
+- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
+- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
+
+Dependencies
+------------
+
+- docker
+- docker-compose
+- traefik (optional, needed when using the redirect)
+
+License
+-------
+
+GPL-3.0-only

roles/ts3audiobot/defaults/main.yml

@@ -0,0 +1,39 @@
+---
+# Default variables for the ts3audiobot role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2020       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# The install locations
+ts3audiobot_install_location: /srv/ts3audiobot
+ts3audiobot_data_location: "{{ ts3audiobot_install_location }}/data"
+
+# The docker image and version to use
+ts3audiobot_baseimage: registry.git.saibotk.de/saibotk/ts3audiobot-docker
+ts3audiobot_version: latest
+ts3audiobot_image_version: "{{ ts3audiobot_version }}"
+
+# The SELinux level that should be applied to the container/data folder (default is omit and it will be unset)
+ts3audiobot_selinux_level: "{{ omit }}"
+
+# Should the bot be available through the domain / be exposed via HTTP?
+ts3audiobot_web_enabled: false
+
+# The certresolver for traefik to use on this domain (only needed when the redirect is enabled)
+ts3audiobot_traefik_certresolver: letsencrypt_http
+
+# The domain under which the web api/interface should be available
+ts3audiobot_traefik_domain: bot.ts.example.com

roles/ts3audiobot/meta/main.yml

@@ -0,0 +1,16 @@
+galaxy_info:
+  author: saibotk
+  description: Deploys a ts3audiobot server via docker.
+  license: GPL-3.0-only
+  min_ansible_version: 2.9
+
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+
+  galaxy_tags: []
+
+dependencies:
+  - docker
+  - docker-compose

roles/ts3audiobot/tasks/main.yml

@@ -0,0 +1,76 @@
+---
+# Tasks file for the ts3audiobot role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2020       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: Update default SELinux contexts
+  sefcontext:
+    target: '{{ item }}(/.*)?'
+    setype: "container_file_t"
+    selevel: "{{ ts3audiobot_selinux_level }}"
+    state: present
+  with_items:
+    - "{{ ts3audiobot_data_location }}"
+  become: true
+
+- name: Create install directory
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ ts3audiobot_install_location }}"
+  tags:
+    - ts3audiobot
+  become: true
+
+- name: Create data directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: '9999'
+    group: '9999'
+    setype: "container_file_t"
+    selevel: "{{ ts3audiobot_selinux_level }}"
+  with_items:
+    - "{{ ts3audiobot_data_location }}"
+  tags:
+    - ts3audiobot
+  become: true
+
+- name: Deploy docker-compose.yml
+  template:
+    src: docker-compose.yml
+    dest: "{{ ts3audiobot_install_location }}/docker-compose.yml"
+    mode: '0600'
+    owner: 'root'
+    group: 'root'
+    validate: python2 -m compose -f %s config -q
+  tags:
+    - docker
+    - ts3audiobot
+  become: true
+
+- name: Compose ts3audiobot
+  docker_compose:
+    state: present
+    project_src: "{{ ts3audiobot_install_location }}"
+    pull: yes
+    remove_orphans: yes
+  tags:
+    - docker
+    - ts3audiobot
+  become: true

roles/ts3audiobot/templates/docker-compose.yml

@@ -0,0 +1,60 @@
+{{ ansible_managed | comment }}
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2020       Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+version: '2.1'
+services:
+  ts3audiobot:
+    image: {{ ts3audiobot_baseimage }}:{{ ts3audiobot_image_version }}
+    mem_limit: 100mb
+    memswap_limit: 128mb
+    security_opt:
+      - no-new-privileges
+{% if ts3audiobot_selinux_level != omit %}
+      - label=level:{{ ts3audiobot_selinux_level }}
+{% endif %}
+    restart: always
+    volumes:
+      - "{{ ts3audiobot_data_location }}:/data"
+{% if ts3audiobot_web_enabled %}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ts3audiobot.rule=Host(`{{ ts3audiobot_traefik_domain }}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.ts3audiobot.entrypoints=websecure"
+      - "traefik.http.routers.ts3audiobot.tls.certresolver={{ ts3audiobot_traefik_certresolver }}"
+      - "traefik.http.routers.ts3audiobot.middlewares=ts3audiobot,compress"
+      - "traefik.http.services.ts3audiobot.loadbalancer.server.port=58913"
+      - "traefik.http.middlewares.ts3audiobot.headers.sslredirect=true"
+      - "traefik.http.middlewares.ts3audiobot.headers.stsSeconds=63072000"
+      - "traefik.http.middlewares.ts3audiobot.headers.referrerPolicy=same-origin"
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+      - "traefik.http.middlewares.ts3audiobot.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
+{% if proxy_network is defined %}
+      - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% endif %}
+{% if proxy_network is defined %}
+    networks:
+      {{ proxy_network }}:
+{% endif %}
+
+{% if proxy_network is defined %}
+networks:
+  {{ proxy_network }}:
+    external: true
+{% endif %}

teamspeak.yml

@@ -21,6 +21,8 @@
     - docker
     - docker-compose
     - docker-cleanup
+    - traefik
     - teamspeak
+    - ts3audiobot
   environment:
     PYTHONPATH: /opt/python2/ansible-dependencies/lib/python2.7/site-packages