feat: added AoCaaS to sad-server

svsticky · Dec 9, 2024 · 1abc1d4 · 1abc1d4
1 parent 3cd4f8e
commit 1abc1d4
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 0 deletions.
diff --git a/ansible/main.yml b/ansible/main.yml
@@ -70,6 +70,8 @@
       tags: "mongoose"
     - role: "chroma"
       tags: "chroma"
+    - role: "aocaas"
+      tags: "aocaas"
     # We only want to deploy the crazy88 role when specifically requested
     - role: "crazy88bot"
       tags: ["never", "crazy88bot"]

diff --git a/ansible/roles/aocaas/handlers/main.yml b/ansible/roles/aocaas/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart AoCaaS
+  ansible.builtin.service:
+    name: aocaas
+    state: restarted
diff --git a/ansible/roles/aocaas/tasks/main.yml b/ansible/roles/aocaas/tasks/main.yml
@@ -0,0 +1,42 @@
+- name: Create user for AoCaaS
+  ansible.builtin.user:
+    name: aosaas
+    home: /var/www/aocaas
+    shell: /usr/sbin/nologin
+    system: true
+    state: present
+
+- name: Download and extract the AoCaaS binary
+  ansible.builtin.get_url:
+    # Fix this later
+    url: https://github.com/svsticky/AoCaaS/actions/runs/12240600267/artifacts/2295080056
+    dest: /var/www/aocaas/bin/artifact.zip
+    owner: aocaas
+    group: aocaas
+    mode: '775'
+  notify: restart aocaas
+
+- name: Extract the AoCaaS binary
+  ansible.builtin.unarchive:
+    src: /var/www/aocaas/bin/artifact.zip
+    dest: /var/www/aocaas/
+  notify: restart aocaas
+
+- name: Copy nginx configuration
+  ansible.builtin.template:
+    src: aocaas.conf.j2
+    dest: /etc/nginx/sites-enabled/aocaas.{{ canonical_hostname }}.conf
+  notify: reload nginx
+
+- name: Template systemd service file
+  ansible.builtin.template:
+    src: aocaas.service.j2
+    dest: /etc/systemd/system/aocaas.service
+  notify: restart aocaas
+
+- name: Run `aocaas` service
+  ansible.builtin.systemd:
+    unit: aocaas.service
+    state: started
+    enabled: true
+    daemon-reload: true
diff --git a/ansible/roles/aocaas/templates/aocaas.conf.j2 b/ansible/roles/aocaas/templates/aocaas.conf.j2
@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+
+  server_name aoc.{{ canonical_hostname }};
+
+  ssl_certificate /etc/letsencrypt/live/aocaas.{{ canonical_hostname }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/aocaas.{{ canonical_hostname }}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/aocaas.{{ canonical_hostname }}/chain.pem;
+
+  include includes/security-headers.conf;
+
+  location /{
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_intercept_errors on;
+    proxy_pass http://localhost:3456; // !
+  }
+}
diff --git a/ansible/roles/aocaas/templates/aocaas.service.j2 b/ansible/roles/aocaas/templates/aocaas.service.j2
@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Run AoCaaS
+OnFailure=failure-notificator@%n.service
+
+[Service]
+Type=simple
+User=aocaas
+Group=aocaas
+Restart=always
+WorkingDirectory=/var/www/aocaas
+ExecStart=/var/www/aocaas/bin/aocaas
+
+[Install]
+WantedBy=multi-user.target