7 files changed, 1 insertions(+), 159 deletions(-)
M playbooks/avalon.yml
D roles/gotify_server/files/gotify.conf
D roles/gotify_server/files/override.conf
D roles/gotify_server/handlers/main.yml
D roles/gotify_server/tasks/main.yml
D roles/gotify_server/templates/config.yml.j2
M terraform_hetzner/locals.tf
M playbooks/avalon.yml => playbooks/avalon.yml +0 -1
@@ 46,7 46,6 @@
- { role: wireguard }
- { role: wireguard_vpn_server }
# - { role: uptime_kuma } # docker
- - { role: gotify_server }
- { role: matrix }
- { role: coturn }
- { role: hedgedoc }
D roles/gotify_server/files/gotify.conf => roles/gotify_server/files/gotify.conf +0 -32
@@ 1,32 0,0 @@
-server {
- include /etc/nginx/snippets/http.conf;
- server_name gotify.xenrox.net;
-}
-
-server {
- include /etc/nginx/snippets/https.conf;
- server_name gotify.xenrox.net;
-
-
- location / {
- proxy_pass http://127.0.0.1:9071;
- proxy_http_version 1.1;
-
- # Ensuring it can use websockets
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto http;
- proxy_redirect http:// $scheme://;
-
- # The proxy must preserve the host because gotify verifies the host with the origin
- # for WebSocket connections
- proxy_set_header Host $http_host;
-
- # These sets the timeout so that the websocket can stay alive
- proxy_connect_timeout 1m;
- proxy_send_timeout 1m;
- proxy_read_timeout 1m;
- }
-}
D roles/gotify_server/files/override.conf => roles/gotify_server/files/override.conf +0 -3
@@ 1,3 0,0 @@
-[Unit]
-Requires=postgresql.service
-After=postgresql.service
D roles/gotify_server/handlers/main.yml => roles/gotify_server/handlers/main.yml +0 -5
@@ 1,5 0,0 @@
----
-- name: Restart gotify
- ansible.builtin.systemd:
- name: gotify-server
- state: restarted
D roles/gotify_server/tasks/main.yml => roles/gotify_server/tasks/main.yml +0 -67
@@ 1,67 0,0 @@
----
-- name: Get secrets
- ansible.builtin.set_fact:
- gotify_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/gotify') }}"
-
-- name: Install
- community.general.pacman:
- name: gotify-server
- state: present
-
-- name: Configure
- ansible.builtin.template:
- src: config.yml.j2
- dest: /etc/gotify/config.yml
- owner: gotify
- group: gotify
- # TODO: permissions
- mode: 0600
- # TODO: nginx
- notify: Restart gotify
-
-- name: Create db user
- community.general.postgresql_user:
- name: gotify
- password: "{{ gotify_secrets['psql_password'] }}"
- become: true
- become_user: postgres
- no_log: true
-
-- name: Create db
- community.general.postgresql_db:
- db: gotify
- owner: gotify
- become: true
- become_user: postgres
-
-- name: Copy nginx conf
- ansible.builtin.copy:
- src: gotify.conf
- dest: /etc/nginx/nginx.d/gotify.conf
- owner: root
- group: root
- mode: 0644
- notify: restart nginx
-
-- name: Create systemd unit override path
- ansible.builtin.file:
- path: /etc/systemd/system/gotify-server.service.d
- state: directory
- owner: root
- group: root
- mode: 0755
-
-- name: Install systemd unit override file
- ansible.builtin.copy:
- src: override.conf
- dest: /etc/systemd/system/gotify-server.service.d/override.conf
- owner: root
- group: root
- mode: 0644
-
-- name: Start and enable
- ansible.builtin.systemd:
- name: gotify-server
- enabled: true
- state: started
- daemon_reload: true
D roles/gotify_server/templates/config.yml.j2 => roles/gotify_server/templates/config.yml.j2 +0 -50
@@ 1,50 0,0 @@
-server:
- keepaliveperiodseconds: 0 # 0 = use Go default (15s); -1 = disable keepalive; set the interval in which keepalive packets will be sent. Only change this value if you know what you are doing.
- listenaddr: "127.0.0.1" # the address to bind on, leave empty to bind on all addresses
- port: 9071 # the port the HTTP server will listen on
-
- ssl:
- enabled: false # if https should be enabled
- redirecttohttps: true # redirect to https if site is accessed by http
- listenaddr: "" # the address to bind on, leave empty to bind on all addresses
- port: 443 # the https port
- certfile: # the cert file (leave empty when using letsencrypt)
- certkey: # the cert key (leave empty when using letsencrypt)
- letsencrypt:
- enabled: false # if the certificate should be requested from letsencrypt
- accepttos: false # if you accept the tos from letsencrypt
- cache: /var/lib/gotify/certs # the directory of the cache from letsencrypt
- hosts: # the hosts for which letsencrypt should request certificates
-# - mydomain.tld
-# - myotherdomain.tld
-
- responseheaders: # response headers are added to every response (default: none)
-# X-Custom-Header: "custom value"
-
- cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
- alloworigins:
-# - ".+.example.com"
-# - "otherdomain.com"
- allowmethods:
-# - "GET"
-# - "POST"
- allowheaders:
-# - "Authorization"
-# - "content-type"
- stream:
- pingperiodseconds: 45 # the interval in which websocket pings will be sent. Only change this value if you know what you are doing.
- allowedorigins: # allowed origins for websocket connections (same origin is always allowed)
-# - ".+.example.com"
-# - "otherdomain.com"
-
-database: # for database see (configure database section)
- dialect: postgres
- connection: host=localhost port=5432 user=gotify dbname=gotify password={{ gotify_secrets['psql_password'] }}
-
-defaultuser: # on database creation, gotify creates an admin user
- name: {{ gotify_secrets['user'] }}
- pass: {{ gotify_secrets['password'] }}
-passstrength: 10 # the bcrypt password strength (higher = better but also slower)
-uploadedimagesdir: /var/lib/gotify/images # the directory for storing uploaded images
-pluginsdir: /var/lib/gotify/plugins # the directory where plugin resides
-registration: false # enable registrations
M terraform_hetzner/locals.tf => terraform_hetzner/locals.tf +1 -1
@@ 22,7 22,7 @@ locals {
"bot", "faceit", "gamja", "pass", "search",
- "push", "music", "screego", "status", "gotify", "ntfy",
+ "push", "music", "screego", "status", "ntfy",
])
xenrox_net_cname = {