[ini]

.editorconfig

@@ -0,0 +1,27 @@
+# see https://EditorConfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = tab
+indent_style = tab
+tab_width = 4
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+curly_bracket_next_line = false
+indent_brace_style = K&R
+spaces_around_operators = true
+spaces_around_brackets = false
+quote_type = double
+
+[*.y{,a}ml{,lint}]
+indent_style = space
+indent_size = 2
+
+[*.md]
+indent_style = space
+indent_size = 2
+

.gitignore

@@ -0,0 +1 @@
+/.geany

.gitlab-ci.yml

@@ -0,0 +1,5 @@
+syntaxcheck:
+    image: docker.io/library/alpine:3.18
+    script:
+        - apk update && apk add bash python3
+        - tools/check-json-syntax

README.md

@@ -0,0 +1,3 @@
+# Ansible Collection - linke.arc
+
+Documentation for the collection.

galaxy.yml

@@ -0,0 +1,69 @@
+### REQUIRED
+# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
+# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
+# underscores or numbers and cannot contain consecutive underscores
+namespace: linke
+
+# The name of the collection. Has the same character restrictions as 'namespace'
+name: arc
+
+# The version of the collection. Must be compatible with semantic versioning
+version: 1.0.0
+
+# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
+readme: README.md
+
+# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
+# @nicks:irc/im.site#channel'
+authors:
+- Royd Falk <roydfalk@folksprak.org>
+
+
+### OPTIONAL but strongly recommended
+# A short summary description of the collection
+description: "Sammlung von Rollen für ARC"
+
+# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
+# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
+license:
+- GPL-3.0-or-later
+
+# The path to the license file for the collection. This path is relative to the root of the collection. This key is
+# mutually exclusive with 'license'
+license_file: ''
+
+# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
+# requirements as 'namespace' and 'name'
+tags: []
+
+# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
+# collection label 'namespace.name'. The value is a version range
+# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
+# range specifiers can be set and are separated by ','
+dependencies: {}
+
+# The URL of the originating SCM repository
+# repository: http://example.com/repository
+
+# The URL to any online docs
+# documentation: http://docs.example.com
+
+# The URL to the homepage of the collection/project
+# homepage: http://example.com
+
+# The URL to the collection issue tracker
+# issues: http://example.com/issue/tracker
+
+# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
+# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
+# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
+# and '.git' are always filtered. Mutually exclusive with 'manifest'
+build_ignore: []
+
+# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
+# list of MANIFEST.in style
+# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
+# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
+# with 'build_ignore'
+# manifest: null
+

meta/runtime.yml

@@ -0,0 +1,52 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+# requires_ansible: '>=2.9.10'
+
+# Content that Ansible needs to load from another location or that has
+# been deprecated/removed
+# plugin_routing:
+#   action:
+#     redirected_plugin_name:
+#       redirect: ns.col.new_location
+#     deprecated_plugin_name:
+#       deprecation:
+#         removal_version: "4.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#     removed_plugin_name:
+#       tombstone:
+#         removal_version: "2.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#   become:
+#   cache:
+#   callback:
+#   cliconf:
+#   connection:
+#   doc_fragments:
+#   filter:
+#   httpapi:
+#   inventory:
+#   lookup:
+#   module_utils:
+#   modules:
+#   netconf:
+#   shell:
+#   strategy:
+#   terminal:
+#   test:
+#   vars:
+
+# Python import statements that Ansible needs to load from another location
+# import_redirection:
+#   ansible_collections.ns.col.plugins.module_utils.old_location:
+#     redirect: ansible_collections.ns.col.plugins.module_utils.new_location
+
+# Groups of actions/modules that take a common set of options
+# action_groups:
+#   group_name:
+#     - module1
+#     - module2

plugins/README.md

@@ -0,0 +1,31 @@
+# Collections Plugins Directory
+
+This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that
+is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that
+would contain module utils and modules respectively.
+
+Here is an example directory of the majority of plugins currently supported by Ansible:
+
+```
+└── plugins
+    ├── action
+    ├── become
+    ├── cache
+    ├── callback
+    ├── cliconf
+    ├── connection
+    ├── filter
+    ├── httpapi
+    ├── inventory
+    ├── lookup
+    ├── module_utils
+    ├── modules
+    ├── netconf
+    ├── shell
+    ├── strategy
+    ├── terminal
+    ├── test
+    └── vars
+```
+
+A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.14/plugins/plugins.html).

roles/arc_core/defaults/main.json

@@ -0,0 +1,8 @@
+{
+	"var_arc_core_user": "authelia",
+	"var_arc_core_directory": "/opt/arc",
+	"var_arc_core_server_host": "::",
+	"var_arc_core_server_port": 7463,
+	"var_arc_core_authentication_hash_salt": "REPLACE_ME",
+	"var_arc_core_authelia_usersfile_path": "/var/authelia/users.yaml"
+}

roles/arc_core/info.md

@@ -0,0 +1,4 @@
+## Beschreibung
+
+- zum Aufsetzen von [ARC](https://gitlab.die-linke.cloud/misc/arc)
+

roles/arc_core/tasks/main.json

@@ -0,0 +1,78 @@
+[
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"git",
+				"make",
+				"rsync",
+				"nodejs"
+			]
+		}
+	},
+	{
+		"name": "user and directory",
+		"become": true,
+		"ansible.builtin.user": {
+			"name": "{{var_arc_core_user}}",
+			"create_home": true,
+			"home": "{{var_arc_core_directory}}"
+		}
+	},
+	{
+		"name": "program | fetch",
+		"become": true,
+		"become_user": "{{var_arc_core_user}}",
+		"ansible.builtin.git": {
+			"repo": "https://gitlab.die-linke.cloud/arc/core",
+			"version": "{{var_arc_core_git_reference}}",
+			"dest": "/tmp/arc-core-repo"
+		}
+	},
+	{
+		"name": "program | build",
+		"become": true,
+		"become_user": "{{var_arc_core_user}}",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/arc-core-repo",
+			"cmd": "tools/build"
+		}
+	},
+	{
+		"name": "program | deploy",
+		"become": true,
+		"become_user": "{{var_arc_core_user}}",
+		"ansible.builtin.command": {
+			"chdir": "/tmp/arc-core-repo",
+			"cmd": "tools/deploy localhost --target-directory={{var_arc_core_directory}}"
+		}
+	},
+	{
+		"name": "configuration",
+		"become": true,
+		"become_user": "{{var_arc_core_user}}",
+		"ansible.builtin.template": {
+			"src": "conf.json.j2",
+			"dest": "{{var_arc_core_directory}}/conf.json"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd_unit.j2",
+			"dest": "/etc/systemd/system/arc.service"
+		}
+	},
+	{
+		"name": "run",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"name": "arc",
+			"enabled": true,
+			"state": "restarted"
+		}
+	}
+]

roles/arc_core/templates/conf.json.j2

@@ -0,0 +1,15 @@
+{
+	"version": 1,
+	"server": {
+		"host": "{{var_arc_core_server_host}}",
+		"port": {{var_arc_core_server_port | string}}
+	},
+	"authentication": {
+		"timestamp_tolerance": 2.0,
+		"hash_salt": "{{var_arc_core_authentication_hash_salt}}"
+	},
+	"authelia": {
+		"usersfile_path": "{{var_arc_core_authelia_usersfile_path}}"
+	}
+}
+

roles/arc_core/templates/systemd_unit.j2

@@ -0,0 +1,14 @@
+[Unit]
+Description=ARC
+After=network.target
+
+[Service]
+WorkingDirectory={{var_arc_core_directory}}
+ExecStart={{var_arc_core_directory}}/arc
+Type=simple
+Restart=always
+User={{var_arc_core_user}}
+
+[Install]
+WantedBy=default.target
+RequiredBy=network.target

roles/arc_core/vardef.json

@@ -0,0 +1,26 @@
+{
+	"user": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"directory": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"server_host": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"server_port": {
+		"mandatory": false,
+		"type": "integer"
+	},
+	"authentication_hash_salt": {
+		"mandatory": true,
+		"type": "string"
+	},
+	"authelia_usersfile_path": {
+		"mandatory": false,
+		"type": "string"
+	}
+}

tools/check-json-syntax

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+## consts
+
+dir_base="."
+
+
+## exec
+
+flaws=0
+for path in $(find ${dir_base} -name "*.json")
+do
+	echo "-- ${path}"
+	python3 -m json.tool ${path} > /dev/null || ((flaws+=1))
+done
+test ${flaws} -eq 0

tools/rename-roll

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+## consts
+
+dir_base="linke/standard"
+
+
+## args
+
+name_from=$1 && shift
+name_to=$1 && shift
+
+
+## vars
+
+var_from=$(echo ${name_from} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g")
+var_to=$(echo ${name_to} | sed --expression="s|-|_|g" | sed --expression="s|:|_|g")
+
+
+## exec
+
+git mv ${dir_roles}/roles/${name_from} ${dir_roles}/roles/${name_to}
+find ${dir_base} -type f -exec sed --in-place --expression="s|var_${var_from}_|var_${var_to}_|g" {} \;
+find ${dir_base} -type f -exec sed --in-place --expression="s|roles/${name_from}|roles/${name_to}|g" {} \;