rocketchat: First version of role

container-ports.md

@@ -10,3 +10,4 @@
 | 8006 | scanservjs     | SANE Scanner webui     |
 | 8007 | frigate        | Network video recorder |
 | 8008 | hoemeassistant | Home Assistant         |
+| 8009 | rocketchat     | Rocket.Chat            |

playbooks/oci-node.yml

@@ -33,3 +33,4 @@
       when: ansible_fqdn == 'oci-node01.home.foo.sh'
     - role: roundcube
       when: ansible_fqdn == 'oci-node01.home.foo.sh'
+    - rocketchat

roles/rocketchat/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+rocketchat_versin: default

roles/rocketchat/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart rocketchat
+  ansible.builtin.systemd:
+    name: rocketchat-container
+    daemon_reload: true
+    state: restarted

roles/rocketchat/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: podman}

roles/rocketchat/tasks/main.yml

@@ -0,0 +1,74 @@
+---
+- name: Create group
+  ansible.builtin.group:
+    name: rocketchat
+
+- name: Create user
+  ansible.builtin.user:
+    name: rocketchat
+    comment: Podman Rocket.Chat
+    group: rocketchat
+    shell: /sbin/nologin
+
+- name: Enable user lingering
+  ansible.builtin.command:
+    argv:
+      - loginctl
+      - enable-linger
+      - rocketchat
+    creates: /var/lib/systemd/linger/rocketchat
+
+- name: Generate combined certificate/private key file contents
+  ansible.builtin.command:
+    argv:
+      - /bin/cat
+      - "{{ tls_certs }}/{{ inventory_hostname }}.crt"
+      - "{{ tls_private }}/{{ inventory_hostname }}.key"
+  changed_when: false
+  check_mode: false
+  register: rocketchat_cert_key
+
+- name: Create combined certificate/private key file
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/rocketchat.pem"
+    content: "{{ rocketchat_cert_key.stdout }}"
+    mode: "0640"
+    owner: root
+    group: rocketchat
+  notify: Restart rocketchat
+
+- name: Create service config
+  ansible.builtin.template:
+    dest: /etc/sysconfig/rocketchat-container
+    src: rocketchat-container.sysconfig.j2
+    mode: "0600"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart rocketchat
+
+- name: Create service file
+  ansible.builtin.template:
+    dest: /etc/systemd/system/rocketchat-container.service
+    src: rocketchat-container.service.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart rocketchat
+
+- name: Enable service
+  ansible.builtin.service:
+    name: rocketchat-container
+    state: started
+    enabled: true
+
+- name: Copy nginx config
+  ansible.builtin.copy:
+    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/rocketchat-container.conf
+    content: |
+      location /rocketchat/ {
+        proxy_pass http://127.0.0.1:8008/;
+      }
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx

roles/rocketchat/templates/rocketchat-container.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Rocket.Chat Container
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=rocketchat
+EnvironmentFile=/etc/sysconfig/rocketchat-container
+ExecStartPre=/usr/bin/podman pull docker.io/rocketchat/rocket.chat:{{ rocketchat_version }}-alpine
+ExecStart=/usr/bin/podman run \
+    --rm -p 127.0.0.1:8008:3000 \
+    --name rocketchat \
+    --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
+    --volume={{ tls_private }}/rocketchat.pem:/etc/ssl/private/rocketchat.pem:ro \
+    --env ROOT_URL --env MONGO_URL --env MONGO_OPLOG_URL \
+    docker.io/rocketchat/rocket.chat:{{ rocketchat_version }}-alpine
+ExecStop=/usr/bin/podman stop --ignore rocketchat
+ExecStopPost=/usr/bin/podman rm -f --ignore rocketchat
+
+[Install]
+WantedBy=multi-user.target

roles/rocketchat/templates/rocketchat-container.sysconfig.j2

@@ -0,0 +1,3 @@
+ROOT_URL="https://chat.foo.sh/"
+MONGO_URL="mongodb://rocketchat:{{ rocketchat_mongodb_pass }}@mongodb01.home.foo.sh:27017/rocketchat?tls=true&tlscafile=/etc/ssl/certs/ca.crt&tlscertificatekeyfile=/etc/ssl/private/rocketchat.pem"
+MONGO_OPLOG_URL="mongodb://mongodb01.home.foo.sh:27017/local"