butter/churn
6
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Initial changes to integrate new portal

Browse source
This commit is contained in:
Ana Custura 2026-03-06 09:04:11 +00:00
parent c4ffbb00e2
commit 0fa18af48e
18 changed files with 311 additions and 221 deletions
Download patch file Download diff file Expand all files Collapse all files

34
ansible/butter-base.yml
View file

@ -13,28 +13,28 @@
name: "{{ butter_user }}" name: "{{ butter_user }}"
state: present state: present
- name: Get supported interface modes - name: Add butter user to sudo group
command: iw list ansible.builtin.user:
register: iw_list name: "{{ butter_user }}"
ignore_errors: yes groups: sudo
when: not (is_vmdb2 | bool) append: true
- name: Search for AP mode support - name: Allow passwordless sudo for butter user
set_fact: ansible.builtin.lineinfile:
ap_mode_supported: "{{ 'AP' in iw_list.stdout }}" path: /etc/sudoers
when: not (is_vmdb2 | bool) state: present
regexp: "^{{ butter_user }}"
- name: Show AP mode support result line: "{{ butter_user }} ALL=(ALL) NOPASSWD:ALL"
debug: validate: '/usr/sbin/visudo -cf %s'
msg: >
Wi-Fi AP mode supported: {{ ap_mode_supported }}
when: not (is_vmdb2 | bool)
- name: Make sure /etc/resolv.conf is populated - name: Make sure /etc/resolv.conf is populated
lineinfile: ansible.builtin.lineinfile:
path: /etc/resolv.conf path: /etc/resolv.conf
regexp: '^nameserver 1.1.1.1' regexp: '^nameserver 1.1.1.1'
line: 'nameserver 1.1.1.1' line: 'nameserver 1.1.1.1'
state: present state: present
insertafter: EOF insertafter: EOF
create: yes create: true
owner: root
group: root
mode: '0644'

20
ansible/cleanup.yml
View file

@ -4,11 +4,9 @@
become: true become: true
tasks: tasks:
- name: Print Dendrite process info for debugging - name: Print Dendrite process info for debugging
become: yes
ansible.builtin.shell: | ansible.builtin.shell: |
echo "=== Dendrite PIDs ===" echo "=== Dendrite PIDs ==="
pgrep -u {{ butter_user }} -f dendrite || echo "No dendrite PIDs found" pgrep -u {{ butter_user }} -f dendrite || echo "No dendrite PIDs found"
echo echo
echo "=== Full process tree of Dendrite ===" echo "=== Full process tree of Dendrite ==="
for pid in $(pgrep -u {{ butter_user }} -f dendrite); do for pid in $(pgrep -u {{ butter_user }} -f dendrite); do
@ -16,34 +14,28 @@
pstree -p $pid || echo "pstree not available for PID $pid" pstree -p $pid || echo "pstree not available for PID $pid"
echo echo
done done
echo "=== Open files under VMDB mount ==="
lsof +D /tmp/tmpyu_8dsew || echo "No open files found"
echo "=== Current working directories of processes in mount ==="
lsof +D /tmp/tmpyu_8dsew | awk '{print $2, $NF}' | sort | uniq
register: dendrite_debug register: dendrite_debug
when: is_vmdb2 | bool when: is_vmdb2 | bool
changed_when: false
- name: Show debug output - name: Show debug output
debug: ansible.builtin.debug:
msg: "{{ dendrite_debug.stdout_lines }}" msg: "{{ dendrite_debug.stdout_lines }}"
when: is_vmdb2 | bool when: is_vmdb2 | bool
- name: Kill any running Dendrite process - name: Kill any running Dendrite process
become: yes
ansible.builtin.shell: | ansible.builtin.shell: |
pgrep -u {{ butter_user }} -f dendrite | xargs -r kill -9 set -o pipefail && pgrep -u {{ butter_user }} -f dendrite | xargs -r kill -9
register: dendrite_cleanup register: dendrite_cleanup
changed_when: dendrite_cleanup.stdout != "" changed_when: dendrite_cleanup.stdout != ""
when: is_vmdb2 | bool when: is_vmdb2 | bool
- name: Show cleanup output - name: Show cleanup output
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ dendrite_cleanup.stdout_lines }}" msg: "{{ dendrite_cleanup.stdout_lines }}"
when: is_vmdb2 | bool when: is_vmdb2 | bool
- name: Give processes time to exit - name: Give processes time to exit
become: yes ansible.builtin.pause:
shell: sleep 5 seconds: 5
when: is_vmdb2 | bool when: is_vmdb2 | bool

16
ansible/delta-chat.yml
View file

@ -4,7 +4,7 @@
become: true become: true
tasks: tasks:
- name: Create madmail directory - name: Create madmail directory
file: ansible.builtin.file:
path: "/home/{{ butter_user }}/madmail" path: "/home/{{ butter_user }}/madmail"
state: directory state: directory
owner: "{{ butter_user }}" owner: "{{ butter_user }}"
@ -12,20 +12,22 @@
mode: "0755" mode: "0755"
- name: Download pre-built madmail archive - name: Download pre-built madmail archive
get_url: ansible.builtin.get_url:
url: "https://github.com/themadorg/madmail/releases/download/v0.12.7/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz" url: "https://github.com/themadorg/madmail/releases/download/v0.12.7/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz"
dest: "/tmp/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz" dest: "/tmp/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz"
mode: '0644' mode: '0644'
- name: Untar madmail - name: Untar madmail
unarchive: ansible.builtin.unarchive:
src: "/tmp/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz" src: "/tmp/madmail-linux-{{ go_arch_map[ansible_architecture] }}.tar.gz"
dest: "/home/{{ butter_user }}/madmail" dest: "/home/{{ butter_user }}/madmail"
remote_src: yes remote_src: true
#extra_opts: [--strip-components=1] # extra_opts: [--strip-components=1]
- name: Ensure butter_user owns madmail directory - name: Ensure butter_user owns madmail directory
file: ansible.builtin.file:
path: "/home/{{ butter_user }}/madmail" path: "/home/{{ butter_user }}/madmail"
state: directory state: directory
recurse: yes recurse: true
owner: "{{ butter_user }}"
group: "{{ butter_user }}"

88
ansible/deploy-butter-portal.yml Normal file
View file

@ -0,0 +1,88 @@
---
- name: Deploy butter portal
hosts: all
become: true
tasks:
- name: "Ensure /tmp/butter-portal is absent"
ansible.builtin.file:
path: "/home/{{ butter_user }}/butter-portal"
state: absent
- name: "Clone the portal repo"
ansible.builtin.git:
repo: "https://guardianproject.dev/butter/butter-portal"
dest: "/home/{{ butter_user }}/butter-portal"
version: main
- name: Install requirements
ansible.builtin.pip:
requirements: "/home/{{ butter_user }}/butter-portal/requirements.txt"
virtualenv: "/home/{{ butter_user }}/portal_env"
virtualenv_python: python3
- name: Seed database
ansible.builtin.shell: |
echo "Starting db initialisation!"
source /home/{{ butter_user }}/portal_env/bin/activate
flask db init
flask db migrate
flask db upgrade
flask seed-settings
args:
chdir: "/home/{{ butter_user }}/butter-portal"
executable: /bin/bash
creates: "/home/{{ butter_user }}/butter-portal/app.db"
register: database_init
- name: Template portal systemd service file
ansible.builtin.template:
src: templates/butterbox-portal.service.j2
dest: /lib/systemd/system/butterbox-portal.service
owner: root
group: root
mode: '0644'
- name: Template nginx config
ansible.builtin.template:
src: templates/nginx-config.j2
dest: /etc/nginx/sites-available/default
owner: root
group: root
mode: '0644'
- name: Enable portal by symlink
ansible.builtin.file:
src: /lib/systemd/system/butterbox-portal.service
dest: /etc/systemd/system/multi-user.target.wants/butterbox-portal.service
state: link
- name: Ensure butter_user owns portal directory
ansible.builtin.file:
path: "/home/{{ butter_user }}/butter-portal"
state: directory
recurse: true
owner: "{{ butter_user }}"
group: "{{ butter_user }}"
# - name: Template portal reverse proxy config for Lighttpd
# ansible.builtin.get_url:
# src: templates/50-butter-portal-reverse-proxy.conf
# dest: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf
# owner: root
# group: root
# mode: '0644'
#
# - name: Ensure old symlink is removed if it exists
# ansible.builtin.file:
# path: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf
# state: absent
# force: true
#
# - name: Enable reverse proxy config for portal in Lighttpd
# ansible.builtin.file:
# src: /etc/lighttpd/conf-available/50-butter-portal-reverse-proxy.conf
# dest: /etc/lighttpd/conf-enabled/50-butter-portal-reverse-proxy.conf
# state: link
# force: true
#
# - debug: var=database_init.stdout_lines

59
ansible/deploy-butter-site.yml
View file

@ -1,59 +0,0 @@
---
- name: Deploy butter site
hosts: all
become: true
tasks:
- name: Install unzip
apt:
name:
- unzip
state: present
update_cache: yes
when: not ( is_vmdb2 | bool )
- name: Ensure /etc/resolv.conf contains nameserver 1.1.1.1
copy:
dest: /etc/resolv.conf
content: "nameserver 1.1.1.1\n"
owner: root
group: root
mode: '0644'
when: is_vmdb2 | bool
- name: Ensure /tmp/butter-site is absent
file:
path: /tmp/butter-site
state: absent
- name: Ensure /tmp/site.zip is absent
file:
path: /tmp/site.zip
state: absent
- name: Download the butter-box UI zip file
get_url:
url: "https://likebutter.gitlab.io/butter-box-ui/site-{{ butter_language }}.zip"
dest: /tmp/site.zip
mode: '0644'
- name: Ensure /tmp/butter-site directory exists
file:
path: /tmp/butter-site
state: directory
mode: '0755'
- name: Unarchive site.zip to /tmp/butter-site
unarchive:
src: /tmp/site.zip
dest: /tmp/butter-site
remote_src: yes
- name: Copy contents to /var/www/html/
copy:
src: /tmp/butter-site/
dest: /var/www/html/
owner: www-data
group: www-data
mode: '0755'
remote_src: yes

2
ansible/install-ap-optimized-firmware.yml
View file

@ -10,4 +10,4 @@
register: firmware_update register: firmware_update
changed_when: firmware_update.rc == 0 changed_when: firmware_update.rc == 0
failed_when: firmware_update.rc != 0 failed_when: firmware_update.rc != 0
ignore_errors: yes ignore_errors: true

88
ansible/install-chat.yml
View file

@ -4,18 +4,18 @@
become: true become: true
tasks: tasks:
- name: Install deps - name: Install deps
apt: ansible.builtin.apt:
name: name:
- git - git
- vim - vim
- lighttpd - lighttpd
- sudo - sudo
state: present state: present
update_cache: yes update_cache: true
when: not ( is_vmdb2 | bool ) when: not (is_vmdb2 | bool)
- name: Create dendrite directories - name: Create dendrite directories
file: ansible.builtin.file:
path: "/home/{{ butter_user }}/dendrite/bin" path: "/home/{{ butter_user }}/dendrite/bin"
state: directory state: directory
owner: "{{ butter_user }}" owner: "{{ butter_user }}"
@ -23,36 +23,38 @@
mode: "0755" mode: "0755"
- name: Download pre-built dendrite archive - name: Download pre-built dendrite archive
get_url: ansible.builtin.get_url:
url: "https://guardianproject.dev/api/packages/butter/generic/dendrite/latest/dendrite-{{ go_arch_map[ansible_architecture] }}.tar.gz" url: "https://guardianproject.dev/api/packages/butter/generic/dendrite/latest/dendrite-{{ go_arch_map[ansible_architecture] }}.tar.gz"
dest: /tmp dest: /tmp
mode: '0644' mode: '0644'
- name: Untar dendrite - name: Untar dendrite
unarchive: ansible.builtin.unarchive:
src: "/tmp/dendrite-{{ go_arch_map[ansible_architecture] }}.tar.gz" src: "/tmp/dendrite-{{ go_arch_map[ansible_architecture] }}.tar.gz"
dest: "/home/{{ butter_user }}/dendrite/bin" dest: "/home/{{ butter_user }}/dendrite/bin"
remote_src: yes remote_src: true
extra_opts: [--strip-components=2] extra_opts: [--strip-components=2]
- name: Ensure butter_user owns Dendrite directory - name: Ensure butter_user owns Dendrite directory
file: ansible.builtin.file:
path: "/home/{{ butter_user }}/dendrite" path: "/home/{{ butter_user }}/dendrite"
state: directory state: directory
recurse: yes recurse: true
- name: Generate Matrix signing key - name: Generate Matrix signing key
command: ./bin/generate-keys --private-key matrix_key.pem ansible.builtin.command: ./bin/generate-keys --private-key matrix_key.pem
args: args:
creates: "/home/{{ butter_user }}/dendrite/matrix_key.pem"
chdir: "/home/{{ butter_user }}/dendrite" chdir: "/home/{{ butter_user }}/dendrite"
- name: Generate self-signed TLS certificate (optional) - name: Generate self-signed TLS certificate (optional)
command: ./bin/generate-keys --tls-cert server.crt --tls-key server.key ansible.builtin.command: ./bin/generate-keys --tls-cert server.crt --tls-key server.key
args: args:
chdir: "/home/{{ butter_user }}/dendrite" chdir: "/home/{{ butter_user }}/dendrite"
creates: "/home/{{ butter_user }}/dendrite/server.key"
- name: Download Dendrite config to target - name: Download Dendrite config to target
get_url: ansible.builtin.get_url:
url: "{{ config_base_url }}/butterbox-dendrite.conf" url: "{{ config_base_url }}/butterbox-dendrite.conf"
dest: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf" dest: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf"
owner: "{{ butter_user }}" owner: "{{ butter_user }}"
@ -60,57 +62,45 @@
mode: '0644' mode: '0644'
- name: Replace REPLACEME with butter_name in config - name: Replace REPLACEME with butter_name in config
replace: ansible.builtin.replace:
path: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf" path: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf"
regexp: 'REPLACEME' regexp: 'REPLACEME'
replace: "{{ butter_name }}" replace: "{{ butter_name }}"
- name: Replace /home/pi with /home/butter_user in config - name: Replace /home/pi with /home/butter_user in config
replace: ansible.builtin.replace:
path: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf" path: "/home/{{ butter_user }}/dendrite/butterbox-dendrite.conf"
regexp: '/pi/' regexp: '/pi/'
replace: "/{{ butter_user }}/" replace: "/{{ butter_user }}/"
- name: Create log directory for Dendrite - name: Create log directory for Dendrite
file: ansible.builtin.file:
path: "/var/log/dendrite" path: "/var/log/dendrite"
state: directory state: directory
owner: "{{ butter_user }}" owner: "{{ butter_user }}"
group: "{{ butter_user }}" group: "{{ butter_user }}"
mode: '0755' mode: '0755'
recurse: yes recurse: true
- name: Download dendrite systemd service file - name: template dendrite systemd service file
get_url: ansible.builtin.template:
url: "{{ config_base_url }}/butterbox-dendrite.service" src: templates/butterbox-dendrite.service.j2
dest: /lib/systemd/system/dendrite.service dest: /lib/systemd/system/dendrite.service
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
- name: Replace /home/pi with /home/butter_user in service file
replace:
path: /lib/systemd/system/dendrite.service
regexp: '/pi/'
replace: "/{{ butter_user }}/"
- name: Replace pi with butter_user in service file
replace:
path: /lib/systemd/system/dendrite.service
regexp: 'User=pi'
replace: "User={{ butter_user }}"
- name: Enable dendrite by symlink - name: Enable dendrite by symlink
file: ansible.builtin.file:
src: /lib/systemd/system/dendrite.service src: /lib/systemd/system/dendrite.service
dest: /etc/systemd/system/multi-user.target.wants/dendrite.service dest: /etc/systemd/system/multi-user.target.wants/dendrite.service
state: link state: link
- name: Ensure butter_user owns Dendrite directory - name: Ensure butter_user owns Dendrite directory
file: ansible.builtin.file:
path: "/home/{{ butter_user }}/dendrite" path: "/home/{{ butter_user }}/dendrite"
state: directory state: directory
recurse: yes recurse: true
owner: "{{ butter_user }}" owner: "{{ butter_user }}"
group: "{{ butter_user }}" group: "{{ butter_user }}"
mode: "0755" mode: "0755"
@ -123,7 +113,7 @@
when: not (is_vmdb2 | bool) when: not (is_vmdb2 | bool)
- name: Download Matrix reverse proxy config for Lighttpd - name: Download Matrix reverse proxy config for Lighttpd
get_url: ansible.builtin.get_url:
url: "{{ config_base_url }}/50-matrix-reverse-proxy.conf" url: "{{ config_base_url }}/50-matrix-reverse-proxy.conf"
dest: /etc/lighttpd/conf-available/50-matrix-reverse-proxy.conf dest: /etc/lighttpd/conf-available/50-matrix-reverse-proxy.conf
owner: root owner: root
@ -131,22 +121,22 @@
mode: '0644' mode: '0644'
- name: Ensure old symlink is removed if it exists - name: Ensure old symlink is removed if it exists
file: ansible.builtin.file:
path: /etc/lighttpd/conf-enabled/50-matrix-reverse-proxy.conf path: /etc/lighttpd/conf-enabled/50-matrix-reverse-proxy.conf
state: absent state: absent
force: true force: true
- name: Enable reverse proxy config for Matrix in Lighttpd - name: Enable reverse proxy config for Matrix in Lighttpd
file: ansible.builtin.file:
src: /etc/lighttpd/conf-available/50-matrix-reverse-proxy.conf src: /etc/lighttpd/conf-available/50-matrix-reverse-proxy.conf
dest: /etc/lighttpd/conf-enabled/50-matrix-reverse-proxy.conf dest: /etc/lighttpd/conf-enabled/50-matrix-reverse-proxy.conf
state: link state: link
force: true force: true
- name: Start dendrite as user butter_user - name: Start dendrite as user butter_user
become: yes become: true
become_user: "{{ butter_user }}" become_user: "{{ butter_user }}"
shell: | ansible.builtin.shell: |
nohup /home/{{ butter_user }}/dendrite/bin/dendrite \ nohup /home/{{ butter_user }}/dendrite/bin/dendrite \
--config /home/{{ butter_user }}/dendrite/butterbox-dendrite.conf \ --config /home/{{ butter_user }}/dendrite/butterbox-dendrite.conf \
-really-enable-open-registration \ -really-enable-open-registration \
@ -154,28 +144,30 @@
args: args:
chdir: "/home/{{ butter_user }}" chdir: "/home/{{ butter_user }}"
when: is_vmdb2 | bool when: is_vmdb2 | bool
changed_when: false
- name: Wait for Dendrite client API to be available - name: Wait for Dendrite client API to be available
wait_for: ansible.builtin.wait_for:
host: "127.0.0.1" host: "127.0.0.1"
port: 8008 port: 8008
delay: 3 # wait a few seconds before first check delay: 3 # wait a few seconds before first check
timeout: 60 # give it up to a minute to start timeout: 60 # give it up to a minute to start
state: started state: started
when: is_vmdb2 | bool when: is_vmdb2 | bool
- name: Copy public room script - name: Copy public room script
template: ansible.builtin.template:
src: templates/create_public_room.sh.j2 src: templates/create_public_room.sh.j2
dest: "/home/{{ butter_user }}/create_public_room.sh" dest: "/home/{{ butter_user }}/create_public_room.sh"
mode: '0755' mode: '0755'
- name: Run the create_public_room.sh script - name: Run the create_public_room.sh script
command: "/home/{{ butter_user }}/create_public_room.sh" ansible.builtin.command: "/home/{{ butter_user }}/create_public_room.sh"
register: room_creation register: room_creation
ignore_errors: false ignore_errors: false
changed_when: false
- name: Show room creation output - name: Show room creation output
debug: ansible.builtin.debug:
var: room_creation.stdout var: room_creation.stdout

39
ansible/install-keanu-weblite.yml
View file

@ -4,20 +4,21 @@
become: true become: true
tasks: tasks:
- name: Install Node.js 22 (needed for matrix-js-sdk) - name: Install Node.js 22 (needed for matrix-js-sdk)
shell: | ansible.builtin.shell: |
curl -fsSL https://deb.nodesource.com/setup_22.x | bash - set -o pipefail curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt-get install -y nodejs apt-get install -y nodejs
args: args:
executable: /bin/bash executable: /bin/bash
creates: /bin/npm
- name: Ensure previous keanu-weblite temp directory is removed - name: Ensure previous keanu-weblite temp directory is removed
file: ansible.builtin.file:
path: /tmp/keanu-weblite path: /tmp/keanu-weblite
state: absent state: absent
delegate_to: localhost delegate_to: localhost
- name: Clone keanu-weblite repository (dev branch) - name: Clone keanu-weblite repository (dev branch)
git: ansible.builtin.git:
repo: https://gitlab.com/keanuapp/keanuapp-weblite.git repo: https://gitlab.com/keanuapp/keanuapp-weblite.git
dest: /tmp/keanu-weblite dest: /tmp/keanu-weblite
version: dev version: dev
@ -25,51 +26,45 @@
delegate_to: localhost delegate_to: localhost
- name: Run npm install - name: Run npm install
shell: npm install ansible.builtin.command: npm install
args: args:
chdir: /tmp/keanu-weblite chdir: /tmp/keanu-weblite
delegate_to: localhost delegate_to: localhost
changed_when: false
- name: Download keanu-weblite config file - name: Download keanu-weblite config file
get_url: ansible.builtin.get_url:
url: "{{ config_base_url }}/keanu-weblite-config.json" url: "{{ config_base_url }}/keanu-weblite-config.json"
dest: /tmp/keanu-weblite/src/assets/config.json dest: /tmp/keanu-weblite/src/assets/config.json
mode: '0644' mode: '0644'
delegate_to: localhost delegate_to: localhost
- name: Replace REPLACEME with butter_name in config.json - name: Replace REPLACEME with butter_name in config.json
replace: ansible.builtin.replace:
path: /tmp/keanu-weblite/src/assets/config.json path: /tmp/keanu-weblite/src/assets/config.json
regexp: 'REPLACEME' regexp: 'REPLACEME'
replace: "{{ butter_name }}" replace: "{{ butter_name }}"
delegate_to: localhost delegate_to: localhost
- name: Run npm build with legacy OpenSSL option - name: Run npm build with legacy OpenSSL option
shell: | ansible.builtin.shell: |
export NODE_OPTIONS=--openssl-legacy-provider export NODE_OPTIONS=--openssl-legacy-provider
npm run build npm run build
args: args:
chdir: /tmp/keanu-weblite chdir: /tmp/keanu-weblite
delegate_to: localhost delegate_to: localhost
changed_when: false
- name: Copy build output to /var/www/html/chat - name: Copy build output to /var/www/html/chat
become: true ansible.builtin.copy:
copy: src: /tmp/keanu-weblite/dist/
src: /tmp/keanu-weblite/dist/ dest: /var/www/html/chat/
dest: /var/www/html/chat/ mode: '0755'
- name: Set permissions for /var/www/html/chat - name: Set permissions for /var/www/html/chat
become: true ansible.builtin.file:
file:
path: /var/www/html/chat path: /var/www/html/chat
owner: www-data owner: www-data
group: www-data group: www-data
mode: '0755' mode: '0755'
recurse: yes recurse: true
- name: Restart lighttpd service
ansible.builtin.systemd:
name: lighttpd
state: restarted
when: not (is_vmdb2 | bool)

27
ansible/install-rasp-ap.yml
View file

@ -11,19 +11,19 @@
tasks: tasks:
- name: Check if RaspAP is already installed - name: Check if RaspAP is already installed
ansible.builtin.stat: ansible.builtin.stat:
path: /var/www/html/admin path: /var/www/html/raspap
register: raspap_stat register: raspap_stat
- name: Download RaspAP install script - name: Download RaspAP install script
get_url: ansible.builtin.get_url:
url: https://install.raspap.com url: https://install.raspap.com
dest: /tmp/raspap_install.sh dest: /tmp/raspap_install.sh
mode: "0755" mode: "0755"
when: not raspap_stat.stat.exists when: not raspap_stat.stat.exists
- name: Run RaspAP install script - name: Run RaspAP install script
ansible.builtin.shell: | ansible.builtin.shell: |
pwd && ls -alh / && /usr/bin/bash /tmp/raspap_install.sh --yes --path /var/www/html/admin \ pwd && ls -alh / && /usr/bin/bash /tmp/raspap_install.sh --yes --path /var/www/html/raspap \
--check 0 \ --check 0 \
--wireguard {{ raspap_wireguard }} \ --wireguard {{ raspap_wireguard }} \
--openvpn {{ raspap_openvpn }} \ --openvpn {{ raspap_openvpn }} \
@ -35,37 +35,36 @@
failed_when: raspap_install.rc != 0 failed_when: raspap_install.rc != 0
- name: Remove /var/www/html.* directories if they exist - name: Remove /var/www/html.* directories if they exist
become: true
ansible.builtin.shell: | ansible.builtin.shell: |
find /var/www/html.* -maxdepth 0 -type d -exec rm -r {} \; || : find /var/www/html.* -maxdepth 0 -type d -exec rm -r {} \; || :
changed_when: false changed_when: false
- name: Ensure /etc/hostapd directory exists - name: Ensure /etc/hostapd directory exists
file: ansible.builtin.file:
path: /etc/hostapd path: /etc/hostapd
state: directory state: directory
mode: '0755' mode: '0755'
- name: Template RaspAP network config to target - name: Template RaspAP network config to target
template: ansible.builtin.template:
src: "hostapd.conf.j2" src: "hostapd.conf.j2"
dest: "/etc/hostapd/hostapd.conf" dest: "/etc/hostapd/hostapd.conf"
mode: '0644' mode: '0644'
- name: Copy hostapd set_hostapd_iface config script - name: Copy hostapd set_hostapd_iface config script
template: ansible.builtin.template:
src: "set_hostapd_iface.py" src: "set_hostapd_iface.py"
dest: "/usr/local/bin/set_hostapd_iface.py" dest: "/usr/local/bin/set_hostapd_iface.py"
mode: '0755' mode: '0744'
- name: Copy hostapd set_hostapd_iface service file - name: Copy hostapd set_hostapd_iface service file
template: ansible.builtin.template:
src: "set-hostapd-iface.service.j2" src: "set-hostapd-iface.service.j2"
dest: "/lib/systemd/system/set-hostapd-iface.service" dest: "/lib/systemd/system/set-hostapd-iface.service"
mode: '0755' mode: '0644'
- name: Download hostapd raspapd systemd service file - name: Download hostapd raspapd systemd service file
get_url: ansible.builtin.get_url:
url: "{{ config_base_url }}/raspapd.service" url: "{{ config_base_url }}/raspapd.service"
dest: "/lib/systemd/system/raspapd.service" dest: "/lib/systemd/system/raspapd.service"
owner: root owner: root
@ -73,7 +72,7 @@
mode: '0644' mode: '0644'
- name: Enable service raspapd, avahi-daemon, and set_hostapd_iface by symlink - name: Enable service raspapd, avahi-daemon, and set_hostapd_iface by symlink
file: ansible.builtin.file:
src: "/lib/systemd/system/{{ item }}" src: "/lib/systemd/system/{{ item }}"
dest: "/etc/systemd/system/multi-user.target.wants/{{ item }}" dest: "/etc/systemd/system/multi-user.target.wants/{{ item }}"
state: link state: link
@ -83,7 +82,7 @@
- "avahi-daemon.service" - "avahi-daemon.service"
- name: Copy dnsmasq config - name: Copy dnsmasq config
template: ansible.builtin.template:
src: "butterbox-dnsmasq.conf.j2" src: "butterbox-dnsmasq.conf.j2"
dest: /etc/dnsmasq.d/butterbox-dnsmasq.conf dest: /etc/dnsmasq.d/butterbox-dnsmasq.conf
owner: root owner: root

38
ansible/install-usb-viewer.yml
View file

@ -4,51 +4,31 @@
become: true become: true
tasks: tasks:
- name: Copy systemd services - name: Copy systemd services
copy: ansible.builtin.copy:
src: "{{ vmdb2_config_base_dir }}/{{ item }}" src: "{{ vmdb2_config_base_dir }}/{{ item }}"
dest: "/etc/systemd/system/{{ item }}" dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop: loop:
- udisks2-mount@.service - udisks2-mount@.service
- serve-usb@.service - serve-usb@.service
- name: Enable services by symlink - name: Enable services by symlink
file: ansible.builtin.file:
src: "/etc/systemd/system/{{ item }}" src: "/etc/systemd/system/{{ item }}"
dest: "/etc/systemd/system/multi-user.target.wants/{{ item }}" dest: "/etc/systemd/system/multi-user.target.wants/{{ item }}"
state: link state: link
loop: loop:
- udisks2-mount@.service - udisks2-mount@.service
- serve-usb@.service - serve-usb@.service
- name: Copy web UI assets (remote to remote)
copy:
src: "/var/www/html/assets/{{ item.src }}"
dest: "/var/www/html/{{ item.dest }}"
remote_src: true
loop:
- { src: "css/butter-dir-listing.css", dest: "butter-dir-listing.css" }
- { src: "js/butter-dir-listing.js", dest: "butter-dir-listing.js" }
- name: Install Lighttpd USB config
copy:
src: "{{ vmdb2_config_base_dir }}/50-usb-butter.conf"
dest: "/etc/lighttpd/conf-available/50-usb-butter.conf"
- name: Install udev rule - name: Install udev rule
copy: ansible.builtin.copy:
src: "templates/99-usb-butter.rules" src: "templates/99-usb-butter.rules"
dest: "/etc/udev/rules.d/99-usb-butter.rules" dest: "/etc/udev/rules.d/99-usb-butter.rules"
mode: '0644'
- name: Install udev trigger script - name: Install udev trigger script
copy: ansible.builtin.template:
src: "{{ vmdb2_script_base_dir }}/on-usb-drive-mounted.sh" src: templates/on-usb-drive-mounted.sh.j2
dest: /usr/bin/on-usb-drive-mounted.sh dest: /usr/bin/on-usb-drive-mounted.sh
mode: '0755' mode: '0744'
- name: Reload udev rules
command: udevadm control --reload-rules
when: not (is_vmdb2 | bool)
- name: Reload systemd daemon
command: systemctl daemon-reload
when: not (is_vmdb2 | bool)

12
ansible/main.yml
View file

@ -4,15 +4,15 @@
- "base" - "base"
- "ap" - "ap"
- "matrix" - "matrix"
- import_playbook: delta-chat.yml #- import_playbook: install-rasp-ap.yml
tags: "delta-chat" # tags: "ap"
- import_playbook: install-rasp-ap.yml # when: ap_mode_supported | bool
tags: "ap" - import_playbook: deploy-butter-portal.yml
when: ap_mode_supported | bool
- import_playbook: deploy-butter-site.yml
tags: tags:
- "website" - "website"
- "usb" - "usb"
- import_playbook: delta-chat.yml
tags: "delta-chat"
- import_playbook: install-chat.yml - import_playbook: install-chat.yml
tags: "matrix" tags: "matrix"
- import_playbook: cleanup.yml - import_playbook: cleanup.yml

2
ansible/remove-wifi-creds.yml
View file

@ -4,7 +4,7 @@
become: true become: true
tasks: tasks:
- name: Copy wpa_supplicant config - name: Copy wpa_supplicant config
copy: ansible.builtin.copy:
src: "{{ vmdb2_config_base_dir }}/wpa_supplicant.conf" src: "{{ vmdb2_config_base_dir }}/wpa_supplicant.conf"
dest: /etc/wpa_supplicant/wpa_supplicant.conf dest: /etc/wpa_supplicant/wpa_supplicant.conf
force: true force: true

2
ansible/templates/99-usb-butter.rules
View file

@ -1,7 +1,7 @@
# Using udev to mount newly attached usb drives doesn't work. # Using udev to mount newly attached usb drives doesn't work.
# https://unix.stackexchange.com/a/507150/223286 # https://unix.stackexchange.com/a/507150/223286
# So, we depend on udisks to mount the disk. *Then* we want to # So, we depend on udisks to mount the disk. *Then* we want to
# to setup the symlink and lighttpd config with our script. # to setup the symlink.
# We can run the script immediately because it waits for the disk # We can run the script immediately because it waits for the disk
# to be mounted. # to be mounted.

14
ansible/templates/butterbox-dendrite.service.j2 Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Dendrite Service
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User={{ butter_user }}
ExecStart=/home/{{ butter_user }}/dendrite/bin/dendrite --config /home/{{ butter_user }}/dendrite/butterbox-dendrite.conf -really-enable-open-registration
[Install]
WantedBy=multi-user.target

14
ansible/templates/butterbox-portal.service.j2 Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Portal Service
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User={{ butter_user }}
ExecStart=/bin/bash -c 'source /home/{{ butter_user }}/portal_env/bin/activate && cd /home/{{ butter_user }}/butter-portal && flask --app butter-portal.py run'
[Install]
WantedBy=multi-user.target

22
ansible/templates/nginx-config.j2 Normal file
View file

@ -0,0 +1,22 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name {{ butter_name }}.local;
location ^~ /chat {
alias /var/www/html/chat;
}
location ^~ /raspap {
alias /var/www/html/raspap;
}
location ^~ /_matrix {
proxy_pass http://localhost:8008;
}
location / {
proxy_pass http://localhost:5000;
}
}

48
ansible/templates/on-usb-drive-mounted.sh.j2 Normal file
View file

@ -0,0 +1,48 @@
#!/bin/bash
# Run by udev when a USB drive is inserted
# usage: /usr/bin/on-usb-drive-mounted.sh /media/%k
# If the drive inserted contains a directory named "butter",
# symlink it to /media/usb-butter
device="$1"
# The device might not be mounted yet, so wait for it.
usb_mount_path=""
for ((i=0; i<10; i++)); do
usb_mount_path=$(findmnt -n -o TARGET --source "$device")
if [ -n "$usb_mount_path" ]; then
break
fi
sleep 1
done
# findmnt will briefly return 1, so don't set e until we're done with it.
set -e
if [ -z "$usb_mount_path" ]; then
echo "Device $device is not mounted"
exit 1
else
echo "Device $device mounted to: $usb_mount_path"
fi
butter_dir="$usb_mount_path"
served_dir="/media/usb-butter"
# make directory butter_dir world readable
sudo chmod -R a+rx "$butter_dir"
sudo chmod -R a+rx "/media/root/"
if [ -d "$butter_dir" ]; then
# Delete served_dir if it exists
if [ -L "$served_dir" ]; then
sudo rm "$served_dir"
fi
echo "Linking $butter_dir to $served_dir"
ln -sf "$butter_dir" "$served_dir"
sudo chown -R {{ butter_user }}:{{ butter_user }} $served_dir
else
echo "No butter directory $butter_dir found on $device"
exit 1
fi

7
vmdb2-recipes/amd64_trixie.yaml
View file

@ -95,7 +95,9 @@ steps:
- wget - wget
- dhcpcd - dhcpcd
- python3 - python3
- lighttpd - python3-packaging
- python3-virtualenv
- nginx
- unzip - unzip
- sudo - sudo
- systemd-timesyncd - systemd-timesyncd
@ -110,6 +112,7 @@ steps:
- init-system-helpers - init-system-helpers
- syslinux - syslinux
- linux-image-amd64 - linux-image-amd64
- git
tag: tag-root tag: tag-root
unless: rootfs_unpacked unless: rootfs_unpacked
@ -174,6 +177,6 @@ steps:
extra_vars: extra_vars:
butter_language: en butter_language: en
butter_name: butterbox butter_name: butterbox
tags: base,usb,matrix,keanu,website tags: delta-chat,ap,base,usb,matrix,keanu,website
butter_user: "amd" butter_user: "amd"
ap_mode_supported: "false" ap_mode_supported: "false"