2 files changed, 24 insertions(+), 5 deletions(-)
M roles/soju/tasks/main.yml
R roles/soju/{files/config => templates/config.j2}
M roles/soju/tasks/main.yml => roles/soju/tasks/main.yml +23 -4
@@ 1,7 1,11 @@
---
+- name: Get secrets
+ ansible.builtin.set_fact:
+ soju_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/soju') }}"
+
- name: Install
community.general.pacman:
- name: soju-git
+ name: soju-srht
state: present
- name: Copy certificate
@@ 17,14 21,29 @@
- privkey.pem
- name: Configure
- ansible.builtin.copy:
- src: config
+ ansible.builtin.template:
+ src: config.j2
dest: /etc/soju/config
owner: soju
group: soju
- mode: 0644
+ mode: 0600
notify: Restart soju
+- name: Create db user
+ community.general.postgresql_user:
+ name: soju
+ password: "{{ soju_secrets['psql_password'] }}"
+ become: true
+ become_user: postgres
+ no_log: true
+
+- name: Create db
+ community.general.postgresql_db:
+ db: soju
+ owner: soju
+ become: true
+ become_user: postgres
+
- name: Start and enable
ansible.builtin.systemd:
name: soju
R roles/soju/files/config => roles/soju/templates/config.j2 +1 -1
@@ 1,5 1,5 @@
tls /var/lib/soju/fullchain.pem /var/lib/soju/privkey.pem
-db sqlite3 /var/lib/soju/main.db
+db postgres postgresql://soju:{{ soju_secrets['psql_password'] }}@localhost/soju?sslmode=disable
log fs /var/lib/soju/logs
listen ircs://0.0.0.0:6697
listen wss://127.0.0.1:8082