feat: Initial code

Signed-off-by: Julien Riou <julien@riou.xyz>

ansible/ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+inventory = inventory/hosts
+remote_user = debian
+host_key_checking = False
+private_key_file = ssh_key
+
+[ssh_connection]
+pipelining = True

ansible/galene.yml

@@ -0,0 +1,6 @@
+- name: Install galene
+  become: true
+  hosts:
+    - galene
+  roles:
+    - galene

ansible/roles/certbot/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Check requirements
+  ansible.builtin.assert:
+    that:
+      - certbot_email is defined
+      - certbot_domain is defined
+
+- name: Install packages
+  ansible.builtin.package:
+    name: certbot
+
+- name: Request certificate
+  ansible.builtin.command:
+    cmd: >-
+      certbot certonly --standalone -n --agree-tos
+        --email {{ certbot_email }} -d {{ certbot_domain }}
+    creates: /etc/letsencrypt/live/{{ certbot_domain }}/fullchain.pem

ansible/roles/galene/defaults/main.yml

@@ -0,0 +1,25 @@
+---
+galene_go_version: 1.24.1
+galene_version: galene-0.96.3
+galene_http_port: 443
+galene_turn: ":1194"
+galene_user: galene
+galene_group: galene
+galene_base_directory: /var/lib/galene
+galene_data_directory: "{{ galene_base_directory }}/data"
+galene_groups_directory: "{{ galene_base_directory }}/groups"
+galene_recording_directory: "{{ galene_base_directory }}/recordings"
+galene_static_directory: "{{ galene_base_directory }}/static"
+# galene_domain:
+
+# galene_config:
+#   canonicalHost: galene.example.org
+galene_config: {}
+
+# galene_groups:
+#   example:
+#     users:
+#       bob:
+#         password: ***
+#         permissions: op
+galene_groups: {}

ansible/roles/galene/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Reload systemd
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Restart galene
+  ansible.builtin.service:
+    name: galene
+    state: restarted

ansible/roles/galene/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: golang

ansible/roles/galene/tasks/main.yml

@@ -0,0 +1,116 @@
+---
+# TODO: install in block
+- name: Install requirements
+  ansible.builtin.package:
+    name: git
+
+- name: Clone source code
+  ansible.builtin.git:
+    repo: https://github.com/jech/galene
+    dest: /opt/galene
+    version: "{{ galene_version }}"
+
+- name: Compile
+  ansible.builtin.command:
+    chdir: /opt/galene
+    cmd: go build -ldflags='-s -w'
+    creates: /opt/galene/galene
+  environment:
+    CGO_ENABLED: "0"
+    PATH: /usr/local/go/bin
+
+- name: Install
+  ansible.builtin.copy:
+    remote_src: true
+    src: /opt/galene/galene
+    dest: /usr/local/bin/galene
+    owner: root
+    group: root
+    mode: "0755"
+# TODO End of install in block
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ galene_user }}"
+    system: true
+    password: '!'
+    home: "{{ galene_base_directory }}"
+    create_home: false
+
+- name: Create directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ galene_user }}"
+    group: "{{ galene_group }}"
+    mode: "0755"
+  loop:
+    - "{{ galene_base_directory }}"
+    - "{{ galene_data_directory }}"
+    - "{{ galene_groups_directory }}"
+    - "{{ galene_recording_directory }}"
+    - "{{ galene_static_directory }}"
+
+- name: Copy static directory
+  ansible.builtin.copy:
+    src: /opt/galene/static/
+    dest: "{{ galene_static_directory }}/"
+    remote_src: true
+    mode: "0755"
+    owner: "{{ galene_user }}"
+    group: "{{ galene_group }}"
+  when: galene_static_directory != "/opt/galene/static"
+
+- name: Configure groups
+  ansible.builtin.copy:
+    content: "{{ item.value | to_json }}"
+    dest: "{{ galene_groups_directory }}/{{ item.key }}.json"
+    owner: "{{ galene_user }}"
+    group: "{{ galene_group }}"
+    mode: "0600"
+  loop: "{{ galene_groups | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  notify: Restart galene
+
+- name: Create global configuration
+  ansible.builtin.copy:
+    content: "{{ galene_config | to_json }}"
+    dest: "{{ galene_data_directory }}/config.json"
+    owner: "{{ galene_user }}"
+    group: "{{ galene_group }}"
+    mode: "0600"
+  notify: Restart galene
+
+- name: Configure TLS certificates
+  when: galene_domain is defined
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ galene_user }}"
+    group: "{{ galene_group }}"
+  loop:
+    - src: "/etc/letsencrypt/live/{{ galene_domain }}/fullchain.pem"
+      dest: "{{ galene_data_directory }}/cert.pem"
+      mode: "0644"
+    - src: "/etc/letsencrypt/live/{{ galene_domain }}/privkey.pem"
+      dest: "{{ galene_data_directory }}/key.pem"
+      mode: "0600"
+
+- name: Create service
+  ansible.builtin.template:
+    src: galene.service.j2
+    dest: /etc/systemd/system/galene.service
+    mode: "0644"
+    owner: root
+    group: root
+  notify:
+    - Reload systemd
+    - Restart galene
+
+- name: Start service
+  ansible.builtin.service:
+    name: galene
+    state: started
+    enabled: true

ansible/roles/galene/templates/galene.service.j2

@@ -0,0 +1,19 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=Galene
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory={{ galene_base_directory }}
+User={{ galene_user }}
+Group={{ galene_group }}
+{% if galene_http_port < 1024 %}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+{% endif %}
+ExecStart=/usr/local/bin/galene -http :{{ galene_http_port }} -data {{ galene_data_directory }} -groups {{ galene_groups_directory }} -recordings {{ galene_recording_directory }} -static {{ galene_static_directory }} -turn "{{ galene_turn }}"
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/golang/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+golang_version: 1.24.1

ansible/roles/golang/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- name: Install
+  ansible.builtin.unarchive:
+    src: "https://go.dev/dl/go{{ golang_version }}.linux-amd64.tar.gz"
+    dest: /usr/local
+    remote_src: true
+    creates: /usr/local/go

ansible/site.yml

@@ -0,0 +1,17 @@
+- name: Pre install
+  become: true
+  hosts:
+    - galene
+  tasks:
+    - name: Update repositories
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: full
+
+- name: Install galene
+  become: true
+  hosts:
+    - galene
+  roles:
+    - certbot
+    - galene