From 7e5470f82c0f1d60bb3f53ad6f1a7c13001de610 Mon Sep 17 00:00:00 2001 From: Marek Rusinowski Date: Thu, 9 May 2024 23:59:29 +0200 Subject: [PATCH] Add setup of teiserver configuration with env vars Once https://github.com/beyond-all-reason/teiserver/pull/278 and https://github.com/beyond-all-reason/teiserver/pull/281 get merged, teiserver will be configured with environment variables instead of the prod.secret.exs. This change makes sure that proper environment variables are configured when it happens. The old prod.secret.exs setup will be dropped once the environment variables are used for some time. --- roles/teiserver/files/teiserver.service | 1 + roles/teiserver/tasks/teiserver.yml | 12 ++++++ roles/teiserver/templates/teiserver.env.j2 | 46 ++++++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 roles/teiserver/templates/teiserver.env.j2 diff --git a/roles/teiserver/files/teiserver.service b/roles/teiserver/files/teiserver.service index 4ebe1b8..5df8036 100644 --- a/roles/teiserver/files/teiserver.service +++ b/roles/teiserver/files/teiserver.service @@ -9,6 +9,7 @@ BindsTo=postgresql@15-main.service [Service] User=teiserver +EnvironmentFile=/etc/teiserver/teiserver.env ExecStart=/opt/teiserver/live/bin/teiserver start Restart=on-failure LimitNOFILE=65536 diff --git a/roles/teiserver/tasks/teiserver.yml b/roles/teiserver/tasks/teiserver.yml index d7b9c13..4b5680c 100644 --- a/roles/teiserver/tasks/teiserver.yml +++ b/roles/teiserver/tasks/teiserver.yml @@ -95,6 +95,18 @@ group: teiserver mode: '0755' state: directory +- name: Create teiserver config directory + ansible.builtin.file: + path: /etc/teiserver + mode: '0755' + state: directory +- name: Write teiserver environment file + ansible.builtin.template: + src: teiserver.env.j2 + dest: /etc/teiserver/teiserver.env + mode: '0640' + owner: root + group: teiserver - name: Install teiserver service ansible.builtin.copy: src: teiserver.service diff --git a/roles/teiserver/templates/teiserver.env.j2 b/roles/teiserver/templates/teiserver.env.j2 new file mode 100644 index 0000000..b36be5e --- /dev/null +++ b/roles/teiserver/templates/teiserver.env.j2 @@ -0,0 +1,46 @@ +PHX_SERVER=true + +TEI_DOMAIN_NAME={{ domain_name | quote }} +TEI_NODE_NAME=teiserver-{{ inventory_hostname }} +TEI_TLS_PRIVATE_KEY_PATH=/etc/ssl/private/teiserver.key +TEI_TLS_CERT_PATH=/etc/ssl/certs/teiserver.crt +TEI_TLS_CA_CERT_PATH=/etc/ssl/certs/teiserver_full.crt +TEI_TLS_DH_FILE_PATH=/etc/ssl/dhparam.pem +TEI_SHOULD_CHECK_ORIGIN={{ acquire_tls_certificate | ternary('true', 'false') }} +TEI_HTTP_SECRET_KEY_BASE={{ teiserver_secret_key_base | quote }} +TEI_GUARDIAN_SECRET_KEY={{ teiserver_guardian_secret | quote }} +TEI_SETUP_ROOT_KEY={{ teiserver_setup_key | quote }} + +TEI_DB_HOSTNAME=127.0.0.1 +TEI_DB_USERNAME={{ database_user }} +TEI_DB_PASSWORD={{ database_password | quote }} +TEI_DB_NAME={{ database_name }} + +# Email +{% if teiserver_email_integration %} +TEI_ENABLE_EMAIL_INTEGRATION=true +TEI_CONTACT_EMAIL_ADDRESS=info@beyondallreason.info +TEI_NOREPLY_EMAIL_ADDRESS=noreply@beyondallreason.info +TEI_SMTP_SERVER={{ teiserver_smtp_server }} +TEI_SMTP_HOSTNAME={{ teiserver_smtp_hostname | default(teiserver_smtp_server) }} +TEI_SMTP_PORT={{ teiserver_smtp_port }} +TEI_SMTP_USERNAME={{ teiserver_smtp_username | quote }} +TEI_SMTP_PASSWORD={{ teiserver_smtp_password | quote }} +# We force don't verify the certificate ignoring `teiserver_smtp_tls_verify` +# because it's actually not working correctly across the bamboo_smtp and +# gen_smtp libraries in OTP26 where verification become correctly more +# strict. See https://github.com/gen-smtp/gen_smtp/issues/328 +TEI_SMTP_TLS_VERIFY=false +{% else %} +TEI_ENABLE_EMAIL_INTEGRATION=false +{% endif %} + +# Discord +{% if teiserver_discord_integration %} +TEI_ENABLE_DISCORD_BRIDGE=true +TEI_DISCORD_BOT_TOKEN={{ teiserver_discord_bot_token | quote }} +TEI_DISCORD_GUILD_ID={{ teiserver_discord_server_id }} +TEI_DISCORD_BOT_NAME={{ teiserver_discord_bot_name | quote }} +{% else %} +TEI_ENABLE_DISCORD_BRIDGE=false +{% endif %}