2020-12-21 01:18:32 -06:00
|
|
|
#!/usr/bin/env ansible-playbook
|
|
|
|
# vim:ft=ansible:
|
|
|
|
# Webservers
|
|
|
|
---
|
2022-07-21 21:05:27 -05:00
|
|
|
- hosts: vm-general-1.ashburn.mgmt.desu.ltd
|
2022-02-15 15:19:34 -06:00
|
|
|
gather_facts: no
|
2021-06-18 12:39:21 -05:00
|
|
|
module_defaults:
|
|
|
|
docker_container:
|
|
|
|
restart_policy: unless-stopped
|
|
|
|
pull: yes
|
2022-07-21 21:05:27 -05:00
|
|
|
pre_tasks:
|
2021-08-24 00:31:11 -05:00
|
|
|
- name: ensure docker network
|
|
|
|
docker_network: name=web
|
|
|
|
tags: [ docker ]
|
2022-07-21 21:05:27 -05:00
|
|
|
tasks:
|
2021-09-18 07:23:03 -05:00
|
|
|
- name: include tasks for applications
|
|
|
|
include_tasks: tasks/{{ item }}
|
2021-08-07 16:49:24 -05:00
|
|
|
with_items:
|
2024-07-09 14:27:54 -05:00
|
|
|
# Applications
|
2022-07-21 23:22:14 -05:00
|
|
|
- app/gitlab-runner.yml
|
2021-09-18 07:23:03 -05:00
|
|
|
- app/redis.yml
|
2024-07-09 14:27:54 -05:00
|
|
|
# Frontend web services
|
2021-09-18 07:23:03 -05:00
|
|
|
- web/9iron.yml
|
|
|
|
- web/desultd.yml
|
2022-07-21 21:05:27 -05:00
|
|
|
- web/element-web.yml
|
2021-09-18 07:23:03 -05:00
|
|
|
- web/gitea.yml
|
2024-07-09 14:27:54 -05:00
|
|
|
- web/grafana.yml
|
2022-07-21 21:05:27 -05:00
|
|
|
- web/netbox.yml
|
2021-09-18 07:23:03 -05:00
|
|
|
- web/nextcloud.yml
|
2024-07-09 14:27:54 -05:00
|
|
|
- web/synapse.yml
|
|
|
|
# Backend web services
|
2022-11-13 20:55:40 -06:00
|
|
|
- web/prowlarr.yml
|
|
|
|
- web/radarr.yml
|
|
|
|
- web/sonarr.yml
|
2021-09-18 07:23:03 -05:00
|
|
|
- web/srv.yml
|
2022-11-13 20:55:40 -06:00
|
|
|
- web/transmission.yml
|
2024-07-09 14:27:54 -05:00
|
|
|
# Games
|
2022-11-13 13:07:36 -06:00
|
|
|
- game/factorio.yml
|
2024-06-06 23:36:49 -05:00
|
|
|
- game/minecraft-createfarming.yml
|
2023-07-08 12:01:52 -05:00
|
|
|
- game/zomboid.yml
|
2021-08-07 16:49:24 -05:00
|
|
|
tags: [ always ]
|
2020-12-21 01:18:32 -06:00
|
|
|
roles:
|
2020-12-24 09:19:12 -06:00
|
|
|
- role: backup
|
|
|
|
vars:
|
|
|
|
backup_s3backup_list_extra:
|
2021-06-14 17:16:48 -05:00
|
|
|
- /app/gitea/gitea
|
2021-03-25 12:46:53 -05:00
|
|
|
- /data
|
2021-01-14 18:06:13 -06:00
|
|
|
backup_s3backup_exclude_list_extra:
|
2024-05-10 17:45:05 -05:00
|
|
|
- /data/minecraft/direwolf20/backups
|
2022-11-13 20:55:40 -06:00
|
|
|
- /data/shared/media
|
2023-11-03 09:34:01 -05:00
|
|
|
- /data/shared/downloads
|
2024-06-18 10:25:56 -05:00
|
|
|
- /data/zomboid/ZomboidDedicatedServer/steamapps/workshop
|
2020-12-24 09:19:12 -06:00
|
|
|
tags: [ backup ]
|
2021-01-18 05:03:46 -06:00
|
|
|
- role: git
|
|
|
|
vars:
|
|
|
|
git_repos:
|
|
|
|
- repo: https://git.desu.ltd/salt/gitea-custom
|
2021-06-14 17:16:26 -05:00
|
|
|
dest: /data/gitea/data/gitea/custom
|
2021-01-18 05:03:46 -06:00
|
|
|
tags: [ web, git ]
|
2024-07-09 15:43:41 -05:00
|
|
|
- role: prometheus
|
2024-07-09 18:53:28 -05:00
|
|
|
tags: [ prometheus, monitoring, no-test ]
|
2021-12-08 21:34:32 -06:00
|
|
|
- role: nagios
|
|
|
|
vars:
|
2024-07-09 13:28:48 -05:00
|
|
|
# Definitions for contacts and checks are defined in inventory vars
|
|
|
|
# See group_vars/all.yml if you need to change those
|
2021-12-24 16:47:21 -06:00
|
|
|
nagios_matrix_server: "https://matrix.desu.ltd"
|
2022-01-27 14:31:58 -06:00
|
|
|
nagios_matrix_room: "!NWNCKlNmOTcarMcMIh:desu.ltd"
|
2021-12-24 16:47:21 -06:00
|
|
|
nagios_matrix_token: "{{ secret_nagios_matrix_token }}"
|
2021-12-08 21:34:32 -06:00
|
|
|
nagios_data_dir: /data/nagios
|
|
|
|
nagios_admin_pass: "{{ secret_nagios_admin_pass }}"
|
2022-03-04 21:29:24 -06:00
|
|
|
tags: [ nagios, no-auto ]
|
2021-09-18 00:04:05 -05:00
|
|
|
- role: ingress
|
|
|
|
vars:
|
2024-07-09 14:27:54 -05:00
|
|
|
ingress_head: |
|
|
|
|
# Used by Grafana, required for its API or some shit
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
|
|
default upgrade;
|
|
|
|
'' close;
|
|
|
|
}
|
2021-09-18 00:04:05 -05:00
|
|
|
ingress_servers:
|
2022-07-21 21:05:27 -05:00
|
|
|
# desu.ltd
|
|
|
|
- name: desu.ltd
|
|
|
|
proxy_pass: http://desultd:80
|
|
|
|
locations:
|
|
|
|
- location: /.well-known/matrix/server
|
|
|
|
contents: |
|
|
|
|
default_type application/json;
|
|
|
|
return 200 '{"m.server":"matrix.desu.ltd:443"}';
|
|
|
|
- location: /.well-known/matrix/client
|
|
|
|
contents: |
|
|
|
|
default_type application/json;
|
|
|
|
return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}';
|
|
|
|
- name: git.desu.ltd
|
|
|
|
proxy_pass: http://gitea:3000
|
2024-07-09 14:27:54 -05:00
|
|
|
- name: grafana.desu.ltd
|
|
|
|
proxy_pass: http://grafana:3000
|
|
|
|
locations:
|
|
|
|
- location: "/api/live/"
|
|
|
|
contents: |
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_pass http://grafana:3000;
|
2022-07-21 21:05:27 -05:00
|
|
|
- name: matrix.desu.ltd
|
|
|
|
proxies:
|
|
|
|
- location: "~* ^(\/_matrix|\/_synapse|\/client|\/health)"
|
|
|
|
pass: http://synapse:8008
|
|
|
|
- location: /
|
|
|
|
pass: http://element:80
|
|
|
|
directives:
|
|
|
|
- "client_max_body_size 0"
|
2021-09-18 00:04:05 -05:00
|
|
|
- name: nagios.desu.ltd
|
2021-09-18 07:19:26 -05:00
|
|
|
proxy_pass: http://nagios:80
|
2022-07-21 21:05:27 -05:00
|
|
|
- name: nc.desu.ltd
|
|
|
|
directives:
|
|
|
|
- "add_header Strict-Transport-Security \"max-age=31536000\""
|
|
|
|
- "client_max_body_size 0"
|
|
|
|
proxy_pass: http://nextcloud:80
|
|
|
|
locations:
|
|
|
|
- location: "^~ /.well-known"
|
|
|
|
contents: |
|
|
|
|
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
|
|
|
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
|
|
|
location ^~ /.well-known { return 301 /index.php$uri; }
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
- name: netbox.desu.ltd
|
|
|
|
proxy_pass: http://netbox:8080
|
2024-07-09 14:53:38 -05:00
|
|
|
- name: prometheus.desu.ltd
|
|
|
|
directives:
|
|
|
|
- "allow {{ common_home_address }}/{{ common_home_address_mask }}"
|
|
|
|
- "allow 10.0.0.0/8"
|
|
|
|
- "allow 172.16.0.0/12"
|
|
|
|
- "allow 192.168.0.0/16"
|
2024-07-09 15:43:41 -05:00
|
|
|
# TODO: Replace this with a dynamically-generated list of public IPs from inv
|
|
|
|
- "allow 45.79.58.44/32" # bastion1.dallas.mgmt.desu.ltd
|
2024-07-09 14:53:38 -05:00
|
|
|
- "deny all"
|
|
|
|
proxy_pass: http://prometheus:9090
|
2022-11-13 20:55:40 -06:00
|
|
|
# desu.ltd media bullshit
|
|
|
|
- name: prowlarr.media.desu.ltd
|
|
|
|
directives:
|
2023-11-28 16:04:16 -06:00
|
|
|
- "allow {{ common_home_address }}/{{ common_home_address_mask }}"
|
2022-11-13 20:55:40 -06:00
|
|
|
- "deny all"
|
|
|
|
proxy_pass: http://prowlarr:9696
|
|
|
|
- name: sonarr.media.desu.ltd
|
|
|
|
directives:
|
2023-11-28 16:04:16 -06:00
|
|
|
- "allow {{ common_home_address }}/{{ common_home_address_mask }}"
|
2022-11-13 20:55:40 -06:00
|
|
|
- "deny all"
|
|
|
|
proxy_pass: http://sonarr:8989
|
|
|
|
- name: radarr.media.desu.ltd
|
|
|
|
directives:
|
2023-11-28 16:04:16 -06:00
|
|
|
- "allow {{ common_home_address }}/{{ common_home_address_mask }}"
|
2022-11-13 20:55:40 -06:00
|
|
|
- "deny all"
|
|
|
|
proxy_pass: http://radarr:7878
|
|
|
|
- name: transmission.media.desu.ltd
|
|
|
|
directives:
|
2023-11-28 16:04:16 -06:00
|
|
|
- "allow {{ common_home_address }}/{{ common_home_address_mask }}"
|
2022-11-13 20:55:40 -06:00
|
|
|
- "deny all"
|
|
|
|
proxy_pass: http://transmission:9091
|
2022-07-21 21:05:27 -05:00
|
|
|
# 9iron
|
|
|
|
- name: www.9iron.club
|
|
|
|
directives:
|
|
|
|
- "return 301 $scheme://9iron.club$request_uri"
|
|
|
|
- name: 9iron.club
|
|
|
|
proxy_pass: http://9iron:80
|
|
|
|
- name: srv.9iron.club
|
|
|
|
proxy_pass: http://srv:80
|
2021-09-18 00:04:05 -05:00
|
|
|
tags: [ web, docker, ingress ]
|