7 files changed, 1 insertions(+), 159 deletions(-)

M playbooks/avalon.yml
D roles/gotify_server/files/gotify.conf
D roles/gotify_server/files/override.conf
D roles/gotify_server/handlers/main.yml
D roles/gotify_server/tasks/main.yml
D roles/gotify_server/templates/config.yml.j2
M terraform_hetzner/locals.tf

@@ 46,7 46,6 @@
     - { role: wireguard }
     - { role: wireguard_vpn_server }
     # - { role: uptime_kuma } # docker
-    - { role: gotify_server }
     - { role: matrix }
     - { role: coturn }
     - { role: hedgedoc }

@@ 1,32 0,0 @@
-server {
-    include /etc/nginx/snippets/http.conf;
-    server_name gotify.xenrox.net;
-}
-
-server {
-    include /etc/nginx/snippets/https.conf;
-    server_name gotify.xenrox.net;
-
-
-    location / {
-        proxy_pass http://127.0.0.1:9071;
-        proxy_http_version 1.1;
-
-        # Ensuring it can use websockets
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto http;
-        proxy_redirect http:// $scheme://;
-
-        # The proxy must preserve the host because gotify verifies the host with the origin
-        # for WebSocket connections
-        proxy_set_header Host $http_host;
-
-        # These sets the timeout so that the websocket can stay alive
-        proxy_connect_timeout 1m;
-        proxy_send_timeout 1m;
-        proxy_read_timeout 1m;
-    }
-}

@@ 1,3 0,0 @@
-[Unit]
-Requires=postgresql.service
-After=postgresql.service

@@ 1,5 0,0 @@
----
-- name: Restart gotify
-  ansible.builtin.systemd:
-    name: gotify-server
-    state: restarted

@@ 1,67 0,0 @@
----
-- name: Get secrets
-  ansible.builtin.set_fact:
-    gotify_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/gotify') }}"
-
-- name: Install
-  community.general.pacman:
-    name: gotify-server
-    state: present
-
-- name: Configure
-  ansible.builtin.template:
-    src: config.yml.j2
-    dest: /etc/gotify/config.yml
-    owner: gotify
-    group: gotify
-    # TODO: permissions
-    mode: 0600
-    # TODO: nginx
-  notify: Restart gotify
-
-- name: Create db user
-  community.general.postgresql_user:
-    name: gotify
-    password: "{{ gotify_secrets['psql_password'] }}"
-  become: true
-  become_user: postgres
-  no_log: true
-
-- name: Create db
-  community.general.postgresql_db:
-    db: gotify
-    owner: gotify
-  become: true
-  become_user: postgres
-
-- name: Copy nginx conf
-  ansible.builtin.copy:
-    src: gotify.conf
-    dest: /etc/nginx/nginx.d/gotify.conf
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart nginx
-
-- name: Create systemd unit override path
-  ansible.builtin.file:
-    path: /etc/systemd/system/gotify-server.service.d
-    state: directory
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Install systemd unit override file
-  ansible.builtin.copy:
-    src: override.conf
-    dest: /etc/systemd/system/gotify-server.service.d/override.conf
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Start and enable
-  ansible.builtin.systemd:
-    name: gotify-server
-    enabled: true
-    state: started
-    daemon_reload: true

@@ 1,50 0,0 @@
-server:
-  keepaliveperiodseconds: 0 # 0 = use Go default (15s); -1 = disable keepalive; set the interval in which keepalive packets will be sent. Only change this value if you know what you are doing.
-  listenaddr: "127.0.0.1" # the address to bind on, leave empty to bind on all addresses
-  port: 9071 # the port the HTTP server will listen on
-
-  ssl:
-    enabled: false # if https should be enabled
-    redirecttohttps: true # redirect to https if site is accessed by http
-    listenaddr: "" # the address to bind on, leave empty to bind on all addresses
-    port: 443 # the https port
-    certfile: # the cert file (leave empty when using letsencrypt)
-    certkey: # the cert key (leave empty when using letsencrypt)
-    letsencrypt:
-      enabled: false # if the certificate should be requested from letsencrypt
-      accepttos: false # if you accept the tos from letsencrypt
-      cache: /var/lib/gotify/certs # the directory of the cache from letsencrypt
-      hosts: # the hosts for which letsencrypt should request certificates
-#      - mydomain.tld
-#      - myotherdomain.tld
-
-  responseheaders: # response headers are added to every response (default: none)
-#    X-Custom-Header: "custom value"
-
-  cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
-    alloworigins:
-#      - ".+.example.com"
-#      - "otherdomain.com"
-    allowmethods:
-#      - "GET"
-#      - "POST"
-    allowheaders:
-#      - "Authorization"
-#      - "content-type"
-  stream:
-    pingperiodseconds: 45 # the interval in which websocket pings will be sent. Only change this value if you know what you are doing.
-    allowedorigins: # allowed origins for websocket connections (same origin is always allowed)
-#      - ".+.example.com"
-#      - "otherdomain.com"
-
-database: # for database see (configure database section)
-  dialect: postgres
-  connection: host=localhost port=5432 user=gotify dbname=gotify password={{ gotify_secrets['psql_password'] }}
-
-defaultuser: # on database creation, gotify creates an admin user
-  name: {{ gotify_secrets['user'] }}
-  pass: {{ gotify_secrets['password'] }}
-passstrength: 10 # the bcrypt password strength (higher = better but also slower)
-uploadedimagesdir: /var/lib/gotify/images # the directory for storing uploaded images
-pluginsdir: /var/lib/gotify/plugins # the directory where plugin resides
-registration: false # enable registrations

@@ 22,7 22,7 @@ locals {
 
     "bot", "faceit", "gamja", "pass", "search",
 
-    "push", "music", "screego", "status", "gotify", "ntfy",
+    "push", "music", "screego", "status", "ntfy",
   ])
 
   xenrox_net_cname = {