Add Adam to our server configuration

gameservers.yml

@@ -3,6 +3,19 @@
 ---
 - hosts: game1.9iron.club
   roles:
+    - role: adam
+      vars:
+        adam_name: lain
+        adam_auth_token: !vault |
+                  $ANSIBLE_VAULT;1.1;AES256
+                  33346238356561313736653431666439363835663134303339366536663964333138666530343166
+                  6132353938663563316265346630613231616362643937380a616132386464653438343739613937
+                  32626230326430396563316363613139306535663832336531636239633364383432373739646436
+                  3338376362313539360a383763313439633331313531323232653866633065333933633061326465
+                  64343165613961346362353162316530623132633164643461616633633335666232633833313561
+                  33306532343963383331623663616161626533633261383238646164663362396261633736636362
+                  373764613833343634346333613639626535
+      tags: [ discord, adam ]
     - role: backups
       tags: [ backups ]
     - role: minecraft

roles/adam/defaults/main.yml

@@ -0,0 +1,4 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+adam_name: adam
+adam_repo: "https://git.9iron.club/salt/adam"

roles/adam/tasks/main.yml

@@ -0,0 +1,52 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+- name: Set up Adam
+  block:
+    - name: Install Node
+      apt:
+        name:
+          - nodejs
+          - npm
+    - name: Create Adam user
+      user:
+        name: discord-adam
+    - name: Assure data directory
+      file:
+        path: "/var/adam"
+        mode: 0755
+        owner: root
+        group: root
+    - name: Create specific data directory
+      file:
+        path: "/var/adam/{{ adam_name }}"
+        state: directory
+        mode: 0755
+        owner: discord-adam
+        group: discord-adam
+    - name: Set up bot root
+      block:
+        - name: Clone bot repo
+          git:
+            repo: "{{ adam_repo }}"
+            dest: "/var/adam/{{ adam_name }}"
+        - name: Initialize NPM modules
+          npm:
+            path: "/var/adam/{{ adam_name }}"
+        - name: Template out authentication token
+          template:
+            src: "auth.json"
+            dest: "/var/adam/{{ adam_name }}/auth.json"
+            mode: "0700"
+            owner: discord-adam
+            group: discord-adam
+        - name: Template out service
+          template:
+            src: "adam@.service"
+            dest: "/etc/systemd/system/adam@.service"
+        - name: Start and enable service
+          systemd:
+            daemon_reload: yes
+            name: "adam@{{ adam_name }}.service"
+            enabled: yes
+            state: started
+  become: yes

roles/adam/templates/adam@.service

@@ -0,0 +1,29 @@
+#
+# Licensed under the terms of the MIT license
+# vim:ft=dosini:
+#
+
+[Unit]
+Description=Adam Bot %i
+After=network.target
+
+[Service]
+User=discord-adam
+Group=discord-adam
+WorkingDirectory=/var/adam/%i
+PrivateUsers=true 
+ProtectSystem=full 
+ProtectHome=true 
+# Implies MountFlags=slave
+ProtectKernelTunables=true 
+# Implies NoNewPrivileges=yes
+ProtectKernelModules=true 
+# Implies MountAPIVFS=yes
+ProtectControlGroups=true 
+
+ExecStart=/usr/bin/node index.js
+
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

roles/adam/templates/auth.json

@@ -0,0 +1,3 @@
+{
+	"token": "{{ adam_auth_token }}"
+}