feat: Use the jriou.general Ansible collection

Signed-off-by: Julien Riou <julien@riou.xyz>
2026-03-23 10:11:03 +01:00 · 2026-03-23 10:11:03 +01:00 · 02d3ee924d
commit 02d3ee924d
parent 44c974c755
12 changed files with 49 additions and 199 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,6 +2,7 @@ ansible/venv
 ansible/ssh_key
 ansible/group_vars
 ansible/inventory
 ansible/collections
 tofu/clouds.yaml
 tofu/ovh.conf
 tofu/terraform.tfstate
--- a/README.md
+++ b/README.md
@ -78,6 +78,47 @@ tofu destroy
 # Ansible
 ## Installation
 ```
 cd ansible
 ansible-galaxy collection install -r requirements.yml
 ```
 ## Configuration
 File `group_vars/galene.yml`:
 ```yaml
 certbot_domain: &domain galene.tld
 certbot_email: contact@galene.tld
 galene_domain: *domain
 galene_groups:
  group1:
    users:
      admin:
        password: CHANGEME
        permissions: op
      user1:
        password: CHANGEME
        permissions: present
      user2:
        password: CHANGEME
        permissions: present
 ```
 ## Usage
 ```
 ansible-playbook site.yml
 ```
 Do not forget to destroy the infrastructure when you are done with the video
 conference.
 # Aliases
 ```bash
 alias galene-start='cd /path/to/galene-cloud/tofu && tofu apply && cd /path/to/galene-cloud/ansible && ansible-playbook site.yml'
 alias galene-stop='cd /path/to/galene-cloud/tofu && tofu destroy'
 ```
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,5 @@
 ---
 collections:
  - name: https://git.riou.xyz/jriou/ansible.git
    type: git
    version: 1.0.0
--- a/ansible/roles/certbot/tasks/main.yml
+++ b/ansible/roles/certbot/tasks/main.yml
@ -1,17 +0,0 @@
 ---
 - name: Check requirements
  ansible.builtin.assert:
    that:
      - certbot_email is defined
      - certbot_domain is defined
 - name: Install packages
  ansible.builtin.package:
    name: certbot
 - name: Request certificate
  ansible.builtin.command:
    cmd: >-
      certbot certonly --standalone -n --agree-tos
        --email {{ certbot_email }} -d {{ certbot_domain }}
    creates: /etc/letsencrypt/live/{{ certbot_domain }}/fullchain.pem
--- a/ansible/roles/galene/defaults/main.yml
+++ b/ansible/roles/galene/defaults/main.yml
@ -1,24 +0,0 @@
 ---
 galene_version: galene-1.0
 galene_http_port: 443
 galene_turn: ":1194"
 galene_user: galene
 galene_group: galene
 galene_base_directory: /var/lib/galene
 galene_data_directory: "{{ galene_base_directory }}/data"
 galene_groups_directory: "{{ galene_base_directory }}/groups"
 galene_recording_directory: "{{ galene_base_directory }}/recordings"
 galene_static_directory: "{{ galene_base_directory }}/static"
 # galene_domain:
 # galene_config:
 #   canonicalHost: galene.example.org
 galene_config: {}
 # galene_groups:
 #   example:
 #     users:
 #       bob:
 #         password: ***
 #         permissions: op
 galene_groups: {}
--- a/ansible/roles/galene/handlers/main.yml
+++ b/ansible/roles/galene/handlers/main.yml
@ -1,9 +0,0 @@
 ---
 - name: Reload systemd
  ansible.builtin.systemd_service:
    daemon_reload: true
 - name: Restart galene
  ansible.builtin.service:
    name: galene
    state: restarted
--- a/ansible/roles/galene/meta/main.yml
+++ b/ansible/roles/galene/meta/main.yml
@ -1,3 +0,0 @@
 ---
 dependencies:
  - role: golang
--- a/ansible/roles/galene/tasks/main.yml
+++ b/ansible/roles/galene/tasks/main.yml
@ -1,116 +0,0 @@
 ---
 # TODO: install in block
 - name: Install requirements
  ansible.builtin.package:
    name: git
 - name: Clone source code
  ansible.builtin.git:
    repo: https://github.com/jech/galene
    dest: /opt/galene
    version: "{{ galene_version }}"
 - name: Compile
  ansible.builtin.command:
    chdir: /opt/galene
    cmd: go build -ldflags='-s -w'
    creates: /opt/galene/galene
  environment:
    CGO_ENABLED: "0"
    PATH: /usr/local/go/bin
 - name: Install
  ansible.builtin.copy:
    remote_src: true
    src: /opt/galene/galene
    dest: /usr/local/bin/galene
    owner: root
    group: root
    mode: "0755"
 # TODO End of install in block
 - name: Create user
  ansible.builtin.user:
    name: "{{ galene_user }}"
    system: true
    password: '!'
    home: "{{ galene_base_directory }}"
    create_home: false
 - name: Create directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ galene_user }}"
    group: "{{ galene_group }}"
    mode: "0755"
  loop:
    - "{{ galene_base_directory }}"
    - "{{ galene_data_directory }}"
    - "{{ galene_groups_directory }}"
    - "{{ galene_recording_directory }}"
    - "{{ galene_static_directory }}"
 - name: Copy static directory
  ansible.builtin.copy:
    src: /opt/galene/static/
    dest: "{{ galene_static_directory }}/"
    remote_src: true
    mode: "0755"
    owner: "{{ galene_user }}"
    group: "{{ galene_group }}"
  when: galene_static_directory != "/opt/galene/static"
 - name: Configure groups
  ansible.builtin.copy:
    content: "{{ item.value | to_json }}"
    dest: "{{ galene_groups_directory }}/{{ item.key }}.json"
    owner: "{{ galene_user }}"
    group: "{{ galene_group }}"
    mode: "0600"
  loop: "{{ galene_groups | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  notify: Restart galene
 - name: Create global configuration
  ansible.builtin.copy:
    content: "{{ galene_config | to_json }}"
    dest: "{{ galene_data_directory }}/config.json"
    owner: "{{ galene_user }}"
    group: "{{ galene_group }}"
    mode: "0600"
  notify: Restart galene
 - name: Configure TLS certificates
  when: galene_domain is defined
  ansible.builtin.copy:
    remote_src: true
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ galene_user }}"
    group: "{{ galene_group }}"
  loop:
    - src: "/etc/letsencrypt/live/{{ galene_domain }}/fullchain.pem"
      dest: "{{ galene_data_directory }}/cert.pem"
      mode: "0644"
    - src: "/etc/letsencrypt/live/{{ galene_domain }}/privkey.pem"
      dest: "{{ galene_data_directory }}/key.pem"
      mode: "0600"
 - name: Create service
  ansible.builtin.template:
    src: galene.service.j2
    dest: /etc/systemd/system/galene.service
    mode: "0644"
    owner: root
    group: root
  notify:
    - Reload systemd
    - Restart galene
 - name: Start service
  ansible.builtin.service:
    name: galene
    state: started
    enabled: true
--- a/ansible/roles/galene/templates/galene.service.j2
+++ b/ansible/roles/galene/templates/galene.service.j2
@ -1,19 +0,0 @@
 {{ ansible_managed | comment }}
 [Unit]
 Description=Galene
 After=network.target
 [Service]
 Type=simple
 WorkingDirectory={{ galene_base_directory }}
 User={{ galene_user }}
 Group={{ galene_group }}
 {% if galene_http_port < 1024 %}
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 {% endif %}
 ExecStart=/usr/local/bin/galene -http :{{ galene_http_port }} -data {{ galene_data_directory }} -groups {{ galene_groups_directory }} -recordings {{ galene_recording_directory }} -static {{ galene_static_directory }} -turn "{{ galene_turn }}"
 LimitNOFILE=65536
 [Install]
 WantedBy=multi-user.target
--- a/ansible/roles/golang/defaults/main.yml
+++ b/ansible/roles/golang/defaults/main.yml
@ -1,2 +0,0 @@
 ---
 golang_version: 1.25.4
--- a/ansible/roles/golang/tasks/main.yml
+++ b/ansible/roles/golang/tasks/main.yml
@ -1,7 +0,0 @@
 ---
 - name: Install
  ansible.builtin.unarchive:
    src: "https://go.dev/dl/go{{ golang_version }}.linux-amd64.tar.gz"
    dest: /usr/local
    remote_src: true
    creates: /usr/local/go
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -21,5 +21,5 @@
  hosts:
    - galene
  roles:
-    - certbot
+    - jriou.general.certbot
-    - galene
+    - jriou.general.galene