Add setup of teiserver configuration with env vars

Once beyond-all-reason/teiserver#278 and beyond-all-reason/teiserver#281 get merged, teiserver will be configured with environment variables instead of the prod.secret.exs. This change makes sure that proper environment variables are configured when it happens. The old prod.secret.exs setup will be dropped once the environment variables are used for some time.
beyond-all-reason · May 19, 2024 · 7e5470f · 7e5470f
1 parent 012f89d
commit 7e5470f
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 0 deletions.
diff --git a/roles/teiserver/files/teiserver.service b/roles/teiserver/files/teiserver.service
@@ -9,6 +9,7 @@ [email protected]
 
 [Service]
 User=teiserver
+EnvironmentFile=/etc/teiserver/teiserver.env
 ExecStart=/opt/teiserver/live/bin/teiserver start
 Restart=on-failure
 LimitNOFILE=65536

diff --git a/roles/teiserver/tasks/teiserver.yml b/roles/teiserver/tasks/teiserver.yml
@@ -95,6 +95,18 @@
     group: teiserver
     mode: '0755'
     state: directory
+- name: Create teiserver config directory
+  ansible.builtin.file:
+    path: /etc/teiserver
+    mode: '0755'
+    state: directory
+- name: Write teiserver environment file
+  ansible.builtin.template:
+    src: teiserver.env.j2
+    dest: /etc/teiserver/teiserver.env
+    mode: '0640'
+    owner: root
+    group: teiserver
 - name: Install teiserver service
   ansible.builtin.copy:
     src: teiserver.service

diff --git a/roles/teiserver/templates/teiserver.env.j2 b/roles/teiserver/templates/teiserver.env.j2
@@ -0,0 +1,46 @@
+PHX_SERVER=true
+
+TEI_DOMAIN_NAME={{ domain_name | quote }}
+TEI_NODE_NAME=teiserver-{{ inventory_hostname }}
+TEI_TLS_PRIVATE_KEY_PATH=/etc/ssl/private/teiserver.key
+TEI_TLS_CERT_PATH=/etc/ssl/certs/teiserver.crt
+TEI_TLS_CA_CERT_PATH=/etc/ssl/certs/teiserver_full.crt
+TEI_TLS_DH_FILE_PATH=/etc/ssl/dhparam.pem
+TEI_SHOULD_CHECK_ORIGIN={{ acquire_tls_certificate | ternary('true', 'false') }}
+TEI_HTTP_SECRET_KEY_BASE={{ teiserver_secret_key_base | quote }}
+TEI_GUARDIAN_SECRET_KEY={{ teiserver_guardian_secret | quote }}
+TEI_SETUP_ROOT_KEY={{ teiserver_setup_key | quote }}
+
+TEI_DB_HOSTNAME=127.0.0.1
+TEI_DB_USERNAME={{ database_user }}
+TEI_DB_PASSWORD={{ database_password | quote }}
+TEI_DB_NAME={{ database_name }}
+
+# Email
+{% if teiserver_email_integration %}
+TEI_ENABLE_EMAIL_INTEGRATION=true
+[email protected]
+[email protected]
+TEI_SMTP_SERVER={{ teiserver_smtp_server }}
+TEI_SMTP_HOSTNAME={{ teiserver_smtp_hostname | default(teiserver_smtp_server) }}
+TEI_SMTP_PORT={{ teiserver_smtp_port }}
+TEI_SMTP_USERNAME={{ teiserver_smtp_username | quote }}
+TEI_SMTP_PASSWORD={{ teiserver_smtp_password | quote }}
+# We force don't verify the certificate ignoring `teiserver_smtp_tls_verify`
+# because it's actually not working correctly across the bamboo_smtp and
+# gen_smtp libraries in OTP26 where verification become correctly more
+# strict. See https://github.com/gen-smtp/gen_smtp/issues/328
+TEI_SMTP_TLS_VERIFY=false
+{% else %}
+TEI_ENABLE_EMAIL_INTEGRATION=false
+{% endif %}
+
+# Discord
+{% if teiserver_discord_integration %}
+TEI_ENABLE_DISCORD_BRIDGE=true
+TEI_DISCORD_BOT_TOKEN={{ teiserver_discord_bot_token | quote }}
+TEI_DISCORD_GUILD_ID={{ teiserver_discord_server_id }}
+TEI_DISCORD_BOT_NAME={{ teiserver_discord_bot_name | quote }}
+{% else %}
+TEI_ENABLE_DISCORD_BRIDGE=false
+{% endif %}