From 1952f5f96e4132735fac9064601a4544a88f85ef Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sat, 16 Mar 2024 18:00:27 +0000 Subject: [PATCH] rocketchat: First version of role --- container-ports.md | 1 + playbooks/oci-node.yml | 1 + roles/rocketchat/defaults/main.yml | 2 + roles/rocketchat/handlers/main.yml | 6 ++ roles/rocketchat/meta/main.yml | 3 + roles/rocketchat/tasks/main.yml | 74 +++++++++++++++++++ .../templates/rocketchat-container.service.j2 | 21 ++++++ .../rocketchat-container.sysconfig.j2 | 3 + 8 files changed, 111 insertions(+) create mode 100644 roles/rocketchat/defaults/main.yml create mode 100644 roles/rocketchat/handlers/main.yml create mode 100644 roles/rocketchat/meta/main.yml create mode 100644 roles/rocketchat/tasks/main.yml create mode 100644 roles/rocketchat/templates/rocketchat-container.service.j2 create mode 100644 roles/rocketchat/templates/rocketchat-container.sysconfig.j2 diff --git a/container-ports.md b/container-ports.md index 3fc1018..63429e3 100644 --- a/container-ports.md +++ b/container-ports.md @@ -10,3 +10,4 @@ | 8006 | scanservjs | SANE Scanner webui | | 8007 | frigate | Network video recorder | | 8008 | hoemeassistant | Home Assistant | +| 8009 | rocketchat | Rocket.Chat | diff --git a/playbooks/oci-node.yml b/playbooks/oci-node.yml index 5d2a8c7..77c57fd 100644 --- a/playbooks/oci-node.yml +++ b/playbooks/oci-node.yml @@ -33,3 +33,4 @@ when: ansible_fqdn == 'oci-node01.home.foo.sh' - role: roundcube when: ansible_fqdn == 'oci-node01.home.foo.sh' + - rocketchat diff --git a/roles/rocketchat/defaults/main.yml b/roles/rocketchat/defaults/main.yml new file mode 100644 index 0000000..6b40b0a --- /dev/null +++ b/roles/rocketchat/defaults/main.yml @@ -0,0 +1,2 @@ +--- +rocketchat_versin: default diff --git a/roles/rocketchat/handlers/main.yml b/roles/rocketchat/handlers/main.yml new file mode 100644 index 0000000..93b2616 --- /dev/null +++ b/roles/rocketchat/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart rocketchat + ansible.builtin.systemd: + name: rocketchat-container + daemon_reload: true + state: restarted diff --git a/roles/rocketchat/meta/main.yml b/roles/rocketchat/meta/main.yml new file mode 100644 index 0000000..700494e --- /dev/null +++ b/roles/rocketchat/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - {role: podman} diff --git a/roles/rocketchat/tasks/main.yml b/roles/rocketchat/tasks/main.yml new file mode 100644 index 0000000..07fd33a --- /dev/null +++ b/roles/rocketchat/tasks/main.yml @@ -0,0 +1,74 @@ +--- +- name: Create group + ansible.builtin.group: + name: rocketchat + +- name: Create user + ansible.builtin.user: + name: rocketchat + comment: Podman Rocket.Chat + group: rocketchat + shell: /sbin/nologin + +- name: Enable user lingering + ansible.builtin.command: + argv: + - loginctl + - enable-linger + - rocketchat + creates: /var/lib/systemd/linger/rocketchat + +- name: Generate combined certificate/private key file contents + ansible.builtin.command: + argv: + - /bin/cat + - "{{ tls_certs }}/{{ inventory_hostname }}.crt" + - "{{ tls_private }}/{{ inventory_hostname }}.key" + changed_when: false + check_mode: false + register: rocketchat_cert_key + +- name: Create combined certificate/private key file + ansible.builtin.copy: + dest: "{{ tls_private }}/rocketchat.pem" + content: "{{ rocketchat_cert_key.stdout }}" + mode: "0640" + owner: root + group: rocketchat + notify: Restart rocketchat + +- name: Create service config + ansible.builtin.template: + dest: /etc/sysconfig/rocketchat-container + src: rocketchat-container.sysconfig.j2 + mode: "0600" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart rocketchat + +- name: Create service file + ansible.builtin.template: + dest: /etc/systemd/system/rocketchat-container.service + src: rocketchat-container.service.j2 + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart rocketchat + +- name: Enable service + ansible.builtin.service: + name: rocketchat-container + state: started + enabled: true + +- name: Copy nginx config + ansible.builtin.copy: + dest: /etc/nginx/conf.d/{{ inventory_hostname }}/rocketchat-container.conf + content: | + location /rocketchat/ { + proxy_pass http://127.0.0.1:8008/; + } + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + notify: Restart nginx diff --git a/roles/rocketchat/templates/rocketchat-container.service.j2 b/roles/rocketchat/templates/rocketchat-container.service.j2 new file mode 100644 index 0000000..acbb866 --- /dev/null +++ b/roles/rocketchat/templates/rocketchat-container.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Rocket.Chat Container +Wants=network-online.target +After=network-online.target + +[Service] +User=rocketchat +EnvironmentFile=/etc/sysconfig/rocketchat-container +ExecStartPre=/usr/bin/podman pull docker.io/rocketchat/rocket.chat:{{ rocketchat_version }}-alpine +ExecStart=/usr/bin/podman run \ + --rm -p 127.0.0.1:8008:3000 \ + --name rocketchat \ + --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \ + --volume={{ tls_private }}/rocketchat.pem:/etc/ssl/private/rocketchat.pem:ro \ + --env ROOT_URL --env MONGO_URL --env MONGO_OPLOG_URL \ + docker.io/rocketchat/rocket.chat:{{ rocketchat_version }}-alpine +ExecStop=/usr/bin/podman stop --ignore rocketchat +ExecStopPost=/usr/bin/podman rm -f --ignore rocketchat + +[Install] +WantedBy=multi-user.target diff --git a/roles/rocketchat/templates/rocketchat-container.sysconfig.j2 b/roles/rocketchat/templates/rocketchat-container.sysconfig.j2 new file mode 100644 index 0000000..e023f32 --- /dev/null +++ b/roles/rocketchat/templates/rocketchat-container.sysconfig.j2 @@ -0,0 +1,3 @@ +ROOT_URL="https://chat.foo.sh/" +MONGO_URL="mongodb://rocketchat:{{ rocketchat_mongodb_pass }}@mongodb01.home.foo.sh:27017/rocketchat?tls=true&tlscafile=/etc/ssl/certs/ca.crt&tlscertificatekeyfile=/etc/ssl/private/rocketchat.pem" +MONGO_OPLOG_URL="mongodb://mongodb01.home.foo.sh:27017/local"