From a8f80e439f22108438bbcf8907799ffee412de80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Thu, 21 Oct 2021 13:26:59 +0200 Subject: [PATCH] soju: Change to soju-srht Use postgres instead of sqlite3. --- roles/soju/tasks/main.yml | 27 ++++++++++++++++--- .../{files/config => templates/config.j2} | 2 +- 2 files changed, 24 insertions(+), 5 deletions(-) rename roles/soju/{files/config => templates/config.j2} (58%) diff --git a/roles/soju/tasks/main.yml b/roles/soju/tasks/main.yml index 3c6883a..71ba240 100644 --- a/roles/soju/tasks/main.yml +++ b/roles/soju/tasks/main.yml @@ -1,7 +1,11 @@ --- +- name: Get secrets + ansible.builtin.set_fact: + soju_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/soju') }}" + - name: Install community.general.pacman: - name: soju-git + name: soju-srht state: present - name: Copy certificate @@ -17,14 +21,29 @@ - privkey.pem - name: Configure - ansible.builtin.copy: - src: config + ansible.builtin.template: + src: config.j2 dest: /etc/soju/config owner: soju group: soju - mode: 0644 + mode: 0600 notify: Restart soju +- name: Create db user + community.general.postgresql_user: + name: soju + password: "{{ soju_secrets['psql_password'] }}" + become: true + become_user: postgres + no_log: true + +- name: Create db + community.general.postgresql_db: + db: soju + owner: soju + become: true + become_user: postgres + - name: Start and enable ansible.builtin.systemd: name: soju diff --git a/roles/soju/files/config b/roles/soju/templates/config.j2 similarity index 58% rename from roles/soju/files/config rename to roles/soju/templates/config.j2 index ff8d2c3..285cb2b 100644 --- a/roles/soju/files/config +++ b/roles/soju/templates/config.j2 @@ -1,5 +1,5 @@ tls /var/lib/soju/fullchain.pem /var/lib/soju/privkey.pem -db sqlite3 /var/lib/soju/main.db +db postgres postgresql://soju:{{ soju_secrets['psql_password'] }}@localhost/soju?sslmode=disable log fs /var/lib/soju/logs listen ircs://0.0.0.0:6697 listen wss://127.0.0.1:8082 -- 2.44.0