ansible/playbooks/prod_web.yml

#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
# Webservers
---
- hosts: web1.desu.ltd
  module_defaults:
    docker_container:
      state: started
      restart_policy: unless-stopped
      pull: yes
  tasks:
    - name: ensure docker network
      docker_network: name=web
      tags: [ docker ]
    - name: include tasks for apps
      include_tasks: tasks/app/{{ task }}
      with_items:
        - gulagbot.yml
        - redis.yml
      loop_control:
        loop_var: task
      tags: [ always ]
    - name: include tasks for web services
      include_tasks: tasks/web/{{ task }}
      with_items:
        - 9iron.yml
        - desultd.yml
        - gitea.yml
        - nextcloud.yml
        - srv.yml
      loop_control:
        loop_var: task
      tags: [ always ]
  roles:
    - role: backup
      vars:
        backup_s3backup_list_extra:
          - /app/gitea/gitea
          - /data
          - /var/www/nc.desu.ltd
          - /var/www/srv.9iron.club
          - /srv/desu.ltd
        backup_s3backup_exclude_list_extra:
          - /var/lib/gitea/log
          - /data/gitea/data/gitea/log
      tags: [ backup ]
    - role: git
      vars:
        git_repos:
          - repo: https://git.desu.ltd/salt/gitea-custom
            dest: /data/gitea/data/gitea/custom
      tags: [ web, git ]
    - role: ingress
      vars:
        ingress_servers:
          # desu.ltd
          - name: desu.ltd
            proxies:
              - location: /
                pass: http://desultd:80
          - name: git.desu.ltd
            proxies:
              - location: /
                pass: http://gitea:3000
          - name: nc.desu.ltd
            directives:
              - "add_header Strict-Transport-Security \"max-age=31536000\""
              - "client_max_body_size 0"
            proxies:
              - location: /
                pass: http://nextcloud:80
            locations:
              - location: "^~ /.well-known"
                contents: |
                  location = /.well-known/carddav { return 301 /remote.php/dav/; }
                  location = /.well-known/caldav  { return 301 /remote.php/dav/; }
                  location ^~ /.well-known        { return 301 /index.php$uri; }
                  try_files $uri $uri/ =404;
          # 9iron
          - name: www.9iron.club
            directives:
              - "return 301 $scheme://9iron.club$request_uri"
          - name: 9iron.club
            proxies:
              - location: /
                pass: http://9iron:80
          - name: srv.9iron.club
            proxies:
              - location: /
                pass: http://srv:80
      tags: [ web, docker, ingress ]
- hosts: web2.desu.ltd
  module_defaults:
    docker_container:
      state: started
      restart_policy: unless-stopped
      pull: yes
  tasks:
    - name: ensure docker network
      docker_network: name=web
      tags: [ docker ]
    - name: include tasks for apps
      include_tasks: tasks/app/{{ task }}
      with_items:
        - redis.yml
      loop_control:
        loop_var: task
      tags: [ always ]
    - name: include tasks for web services
      include_tasks: tasks/web/{{ task }}
      with_items:
        - peertube.yml
        - pleroma.yml
        - ingress-generic.yml
      loop_control:
        loop_var: task
      tags: [ always ]
  roles:
    - role: backup
      vars:
        backup_s3backup_list_extra:
          - /data
      tags: [ backup ]
    - role: ingress
      vars:
        ingress_servers:
          - name: cowfee.moe
            proxies:
              - location: /
                pass: http://pleroma:4000
          - name: tube.cowfee.moe
            proxies:
              - location: /
                pass: http://peertube:9000
      tags: [ web, docker, ingress ]
- hosts: web3.desu.ltd
  module_defaults:
    docker_container:
      state: started
      restart_policy: unless-stopped
      pull: yes
  tasks:
    - name: ensure docker network
      docker_network: name=web
      tags: [ docker ]
    - name: include tasks for apps
      include_tasks: tasks/app/{{ task }}
      with_items:
        - redis.yml
      loop_control:
        loop_var: task
      tags: [ always ]
    - name: include tasks for web services
      include_tasks: tasks/web/{{ task }}
      with_items:
        - movienight.yml
        - netbox.yml
        - nagios.yml
      loop_control:
        loop_var: task
      tags: [ always ]
  roles:
    - role: backup
      vars:
        backup_s3backup_list_extra:
          - /data
      tags: [ backup ]
    - role: ingress
      vars:
        ingress_servers:
          - name: netbox.desu.ltd
            proxies:
              - location: /
                pass: http://netbox:8080
          - name: nagios.desu.ltd
            proxies:
              - location: /
                pass: http://nagios:80
          - name: movie.desu.ltd
            proxies:
              - location: /
                pass: http://movienight:8089
      tags: [ web, docker, ingress ]
Add game1.thefuck.how, separate playbooks out 2020-12-21 01:18:32 -06:00			`#!/usr/bin/env ansible-playbook`
			`# vim:ft=ansible:`
			`# Webservers`
			`---`
			`- hosts: web1.desu.ltd`
Use module_defaults on web1 2021-06-18 12:39:21 -05:00			`module_defaults:`
			`docker_container:`
			`state: started`
			`restart_policy: unless-stopped`
			`pull: yes`
Deploy 9iron container to production 2021-03-25 12:59:40 -05:00			`tasks:`
Move web1 over to a containerized setup, containerize Nextcloud 2021-08-24 00:31:11 -05:00			`- name: ensure docker network`
			`docker_network: name=web`
			`tags: [ docker ]`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`- name: include tasks for apps`
			`include_tasks: tasks/app/{{ task }}`
			`with_items:`
			`- gulagbot.yml`
Add Redis for Nextcloud, plus some config tuning 2021-08-24 01:12:12 -05:00			`- redis.yml`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
			`- name: include tasks for web services`
			`include_tasks: tasks/web/{{ task }}`
			`with_items:`
			`- 9iron.yml`
			`- desultd.yml`
			`- gitea.yml`
Move web1 over to a containerized setup, containerize Nextcloud 2021-08-24 00:31:11 -05:00			`- nextcloud.yml`
			`- srv.yml`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
Add game1.thefuck.how, separate playbooks out 2020-12-21 01:18:32 -06:00			`roles:`
Define machine-specific backups 2020-12-24 09:19:12 -06:00			`- role: backup`
			`vars:`
			`backup_s3backup_list_extra:`
Back up our jank shell script ew 2021-06-14 17:16:48 -05:00			`- /app/gitea/gitea`
Deploy docker to web1.desu.ltd Also adds docker libs to all hosts 2021-03-25 12:46:53 -05:00			`- /data`
Fix incorrect backup dir for nextcloud 2020-12-30 15:32:44 -06:00			`- /var/www/nc.desu.ltd`
Build like everything to set up a Minecraft server 2021-05-11 22:28:19 -05:00			`- /var/www/srv.9iron.club`
Move data directories for NC and Gitea to /srv Allows for mountpoints yadda yadda 2020-12-30 18:05:57 -06:00			`- /srv/desu.ltd`
Exclude gitea logs in web1 backups 2021-01-14 18:06:13 -06:00			`backup_s3backup_exclude_list_extra:`
			`- /var/lib/gitea/log`
Move Gitea to a container Getting there 2021-06-14 17:16:26 -05:00			`- /data/gitea/data/gitea/log`
Define machine-specific backups 2020-12-24 09:19:12 -06:00			`tags: [ backup ]`
Move a bunch of webhead variables to their own vars files 2021-01-18 05:03:46 -06:00			`- role: git`
			`vars:`
			`git_repos:`
			`- repo: https://git.desu.ltd/salt/gitea-custom`
Move Gitea to a container Getting there 2021-06-14 17:16:26 -05:00			`dest: /data/gitea/data/gitea/custom`
Move a bunch of webhead variables to their own vars files 2021-01-18 05:03:46 -06:00			`tags: [ web, git ]`
Add role for ingress controller, move configuration into it and its data structures 2021-09-18 00:04:05 -05:00			`- role: ingress`
			`vars:`
			`ingress_servers:`
			`# desu.ltd`
			`- name: desu.ltd`
			`proxies:`
			`- location: /`
			`pass: http://desultd:80`
			`- name: git.desu.ltd`
			`proxies:`
			`- location: /`
			`pass: http://gitea:3000`
			`- name: nc.desu.ltd`
			`directives:`
			`- "add_header Strict-Transport-Security \"max-age=31536000\""`
			`- "client_max_body_size 0"`
			`proxies:`
			`- location: /`
			`pass: http://nextcloud:80`
			`locations:`
			`- location: "^~ /.well-known"`
			`contents: \|`
			`location = /.well-known/carddav { return 301 /remote.php/dav/; }`
			`location = /.well-known/caldav { return 301 /remote.php/dav/; }`
			`location ^~ /.well-known { return 301 /index.php$uri; }`
			`try_files $uri $uri/ =404;`
			`# 9iron`
			`- name: www.9iron.club`
			`directives:`
			`- "return 301 $scheme://9iron.club$request_uri"`
			`- name: 9iron.club`
			`proxies:`
			`- location: /`
			`pass: http://9iron:80`
			`- name: srv.9iron.club`
			`proxies:`
			`- location: /`
			`pass: http://srv:80`
			`tags: [ web, docker, ingress ]`
Move Pleroma to a desu.ltd box WEW 2021-01-26 04:25:27 -06:00			`- hosts: web2.desu.ltd`
Employ defaults on web2 2021-06-07 00:45:52 -05:00			`module_defaults:`
			`docker_container:`
			`state: started`
			`restart_policy: unless-stopped`
			`pull: yes`
Migrate Pleroma into a Docker container This greatly simplifies configuration on web2, oddly enough 2021-06-03 20:34:48 -05:00			`tasks:`
			`- name: ensure docker network`
			`docker_network: name=web`
			`tags: [ docker ]`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`- name: include tasks for apps`
			`include_tasks: tasks/app/{{ task }}`
			`with_items:`
			`- redis.yml`
			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
			`- name: include tasks for web services`
			`include_tasks: tasks/web/{{ task }}`
			`with_items:`
			`- peertube.yml`
			`- pleroma.yml`
			`- ingress-generic.yml`
			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
Move fedi1 over, add Pleroma role 2021-01-25 22:19:31 -06:00			`roles:`
			`- role: backup`
			`vars:`
			`backup_s3backup_list_extra:`
Migrate Pleroma into a Docker container This greatly simplifies configuration on web2, oddly enough 2021-06-03 20:34:48 -05:00			`- /data`
Move fedi1 over, add Pleroma role 2021-01-25 22:19:31 -06:00			`tags: [ backup ]`
Add role for ingress controller, move configuration into it and its data structures 2021-09-18 00:04:05 -05:00			`- role: ingress`
			`vars:`
			`ingress_servers:`
			`- name: cowfee.moe`
			`proxies:`
			`- location: /`
			`pass: http://pleroma:4000`
			`- name: tube.cowfee.moe`
			`proxies:`
			`- location: /`
			`pass: http://peertube:9000`
			`tags: [ web, docker, ingress ]`
Provision (read: move) Netbox to desu.ltd 2021-08-01 21:35:41 -05:00			`- hosts: web3.desu.ltd`
			`module_defaults:`
			`docker_container:`
			`state: started`
			`restart_policy: unless-stopped`
			`pull: yes`
			`tasks:`
			`- name: ensure docker network`
			`docker_network: name=web`
			`tags: [ docker ]`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`- name: include tasks for apps`
			`include_tasks: tasks/app/{{ task }}`
			`with_items:`
			`- redis.yml`
			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
			`- name: include tasks for web services`
			`include_tasks: tasks/web/{{ task }}`
			`with_items:`
Add some stuff for MOVIE NIGHT WIT DA BOIS 2021-08-24 16:58:45 -05:00			`- movienight.yml`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`- netbox.yml`
Add Nagios and some dysfunctional templating code 2021-08-08 00:28:18 -05:00			`- nagios.yml`
Divide webservices into task files 2021-08-07 16:49:24 -05:00			`loop_control:`
			`loop_var: task`
			`tags: [ always ]`
Provision (read: move) Netbox to desu.ltd 2021-08-01 21:35:41 -05:00			`roles:`
			`- role: backup`
			`vars:`
			`backup_s3backup_list_extra:`
			`- /data`
			`tags: [ backup ]`
Add role for ingress controller, move configuration into it and its data structures 2021-09-18 00:04:05 -05:00			`- role: ingress`
			`vars:`
			`ingress_servers:`
			`- name: netbox.desu.ltd`
			`proxies:`
			`- location: /`
			`pass: http://netbox:8080`
			`- name: nagios.desu.ltd`
			`proxies:`
			`- location: /`
			`pass: http://nagios:80`
			`- name: movie.desu.ltd`
			`proxies:`
			`- location: /`
			`pass: http://movienight:8089`
			`tags: [ web, docker, ingress ]`