diff --git a/inventory/group_vars/9iron.club.yml b/inventory/group_vars/9iron.club.yml
index e14809d..609fd67 100644
--- a/inventory/group_vars/9iron.club.yml
+++ b/inventory/group_vars/9iron.club.yml
@@ -75,36 +75,39 @@ gitea:
3565646664333966650a323530356664366262653763363439613534303764366436376634373639
62303264653836656162366362316461656363353539343632616462626231643632
# Grafana
-grafana_mysql_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 65376335363732633132326630323161393861323833323631613630343262383137656138356262
- 3730386139393739373738626535376636666135646463350a623331333032346434343465666234
- 38393539623437376133363063633238383031326431653737346564323837343265653431633962
- 6665346237666165330a643635653863356633623535383063366632336437313730626233346664
- 33303465616532313339393634386166363162393661393037323835323035386663
-grafana_url: "monitor.9iron.club"
-grafana_webroot: "/var/www/grafana"
+grafana:
+ mysql_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 65376335363732633132326630323161393861323833323631613630343262383137656138356262
+ 3730386139393739373738626535376636666135646463350a623331333032346434343465666234
+ 38393539623437376133363063633238383031326431653737346564323837343265653431633962
+ 6665346237666165330a643635653863356633623535383063366632336437313730626233346664
+ 33303465616532313339393634386166363162393661393037323835323035386663
+ url: "monitor.9iron.club"
+ webroot: "/var/www/grafana"
# Matrix
-matrix_server_name: "9iron.club"
-matrix_url: "matrix.9iron.club"
-matrix_enable_registration: "true"
-matrix_admin_contact: "mailto:rehashedsalt@cock.li"
-matrix_db_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 64663061333130386634323631353435376330636334623334663365633361336563393634333061
- 6531393839336532376465356132646337663339333431340a383030373166653835386239643365
- 31356462653634323162343164633130366664323034373330613764663635326534303935303230
- 6233636463636134640a386436316462643434343739333232613264303635323261616634326562
- 63316265366238383038653034326661633163346462396663346563666134393232
+matrix:
+ server_name: "9iron.club"
+ url: "matrix.9iron.club"
+ enable_registration: "true"
+ admin_contact: "mailto:rehashedsalt@cock.li"
+ db_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 64663061333130386634323631353435376330636334623334663365633361336563393634333061
+ 6531393839336532376465356132646337663339333431340a383030373166653835386239643365
+ 31356462653634323162343164633130366664323034373330613764663635326534303935303230
+ 6233636463636134640a386436316462643434343739333232613264303635323261616634326562
+ 63316265366238383038653034326661633163346462396663346563666134393232
# Nextcloud
-nextcloud_mysql_password: !vault |
- $ANSIBLE_VAULT;1.1;AES256
- 37633035633563646266346264333636393931323664313166633133653461646333643731636661
- 3966666665396239346662613764353333393038663762340a313236396331623061376462356437
- 66373234633939393034353439393465663131303661393164303335336435653734613064663964
- 3332313764623133630a393731613236373837316437653265636663666261383135636662373566
- 61373135303632336237333836353764646639633735323566346366623766646266
-nextcloud_url: "nc.9iron.club"
+nextcloud:
+ db_password: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 37633035633563646266346264333636393931323664313166633133653461646333643731636661
+ 3966666665396239346662613764353333393038663762340a313236396331623061376462356437
+ 66373234633939393034353439393465663131303661393164303335336435653734613064663964
+ 3332313764623133630a393731613236373837316437653265636663666261383135636662373566
+ 61373135303632336237333836353764646639633735323566346366623766646266
+ url: "nc.9iron.club"
# Pleroma
pleroma_instance_desc: owo
pleroma_instance_email: rehashedsalt@cock.li
diff --git a/roles/matrix/defaults/main.yml b/roles/matrix/defaults/main.yml
index 90862ed..7b02c13 100644
--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@@ -1,5 +1,5 @@
# vim:ft=ansible:
-matrix_admin_contact: "mailto:noreply@server.example"
+matrix.admin_contact: "mailto:noreply@server.example"
matrix_disabled_message: "Matrix on this server is down for maintenance"
-matrix_enable_registration: "false"
+matrix.enable_registration: "false"
matrix_webroot: "/var/www/riot"
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index c497316..6fc18bd 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -25,7 +25,7 @@
- name: Create DB user
postgresql_user:
name: matrix
- password: "{{ matrix_db_password }}"
+ password: "{{ matrix.db_password }}"
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
@@ -64,7 +64,7 @@
- name: Template out vhost
template:
src: "apache2-vhost-ssl.conf"
- dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf"
+ dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
notify: restart apache
- name: Create webroot
file:
@@ -72,14 +72,14 @@
path: "{{ matrix_webroot }}"
- name: Enable site
command:
- cmd: "a2ensite {{ matrix_url }}.conf"
- creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
+ cmd: "a2ensite {{ matrix.url }}.conf"
+ creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
- website_url: "{{ matrix_url }}"
+ website_url: "{{ matrix.url }}"
- name: Configure Synapse
template:
src: "{{ item.src }}"
@@ -112,6 +112,6 @@
- name: Template out backup module
template:
src: "backup.sh"
- dest: "/opt/backups/modules/{{ matrix_url }}.sh"
+ dest: "/opt/backups/modules/{{ matrix.url }}.sh"
mode: "0600"
become: yes
diff --git a/roles/matrix/templates/apache2-vhost-ssl.conf b/roles/matrix/templates/apache2-vhost-ssl.conf
index 145d903..8975068 100644
--- a/roles/matrix/templates/apache2-vhost-ssl.conf
+++ b/roles/matrix/templates/apache2-vhost-ssl.conf
@@ -1,4 +1,4 @@
-# Configuration for {{ matrix_url }}
+# Configuration for {{ matrix.url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
@@ -8,18 +8,18 @@ SSLProxyEngine on
# Website configuration
- ServerName {{ matrix_url }}
- Redirect permanent / https://{{ matrix_url }}
+ ServerName {{ matrix.url }}
+ Redirect permanent / https://{{ matrix.url }}
SSLEngine on
- SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
- SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
- SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
+ SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt
+ SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key
+ SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
- ServerName {{ matrix_url }}
- ServerAlias {{ matrix_server_name }}
+ ServerName {{ matrix.url }}
+ ServerAlias {{ matrix.server_name }}
DocumentRoot {{ matrix_webroot }}
Require all granted
diff --git a/roles/matrix/templates/backup.sh b/roles/matrix/templates/backup.sh
index b790e5f..5fcaf7c 100644
--- a/roles/matrix/templates/backup.sh
+++ b/roles/matrix/templates/backup.sh
@@ -9,7 +9,7 @@
set -e
-export OUTDIR="$BACKUPSDIR/{{ matrix_url }}"
+export OUTDIR="$BACKUPSDIR/{{ matrix.url }}"
retention=7 # 7-day retention period
# Sanity checks
@@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then
fi
fi
# WE MAKE BACKUP NOW SERGEI
-tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
+tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
diff --git a/roles/matrix/templates/homeserver.yaml b/roles/matrix/templates/homeserver.yaml
index 4c48d19..5cabba0 100644
--- a/roles/matrix/templates/homeserver.yaml
+++ b/roles/matrix/templates/homeserver.yaml
@@ -31,7 +31,7 @@ listeners:
compress: false
## Homeserver blocking ##
-admin_contact: '{{ matrix_admin_contact }}'
+admin_contact: '{{ matrix.admin_contact }}'
#hs_disabled: false
#hs_disabled_message: '{{ matrix_disabled_message }}'
retention:
@@ -44,7 +44,7 @@ database:
name: psycopg2
args:
user: matrix
- password: '{{ matrix_db_password }}'
+ password: '{{ matrix.db_password }}'
database: matrix
host: '{{ matrix_db_hostname }}'
cp_min: 5
@@ -106,7 +106,7 @@ url_preview_url_blacklist:
max_spider_size: 10M
## Registration ##
-enable_registration: {{ matrix_enable_registration }}
+enable_registration: {{ matrix.enable_registration }}
enable_3pid_lookup: true
default_identity_server: https://vector.im
auto_join_rooms:
diff --git a/roles/matrix/templates/homeserver.yaml.orig b/roles/matrix/templates/homeserver.yaml.orig
index a8df787..72fcbce 100644
--- a/roles/matrix/templates/homeserver.yaml.orig
+++ b/roles/matrix/templates/homeserver.yaml.orig
@@ -907,7 +907,7 @@ url_preview_accept_language:
# Enable registration for new users.
#
-enable_registration: {{ matrix_enable_registration }}
+enable_registration: {{ matrix.enable_registration }}
# Optional account validity configuration. This allows for accounts to be denied
# any request after a given period.
diff --git a/roles/matrix/templates/server_name.yaml b/roles/matrix/templates/server_name.yaml
index 3eed734..94317e3 100644
--- a/roles/matrix/templates/server_name.yaml
+++ b/roles/matrix/templates/server_name.yaml
@@ -1,3 +1,3 @@
# This file is managed via Ansible; any changes here will be overwritten
# And rightfully so. Don't screw with this
-server_name: {{ matrix_server_name }}
+server_name: {{ matrix.server_name }}
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index d912b81..a4109b0 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -21,7 +21,7 @@
mysql_user:
name: nextcloud
host: localhost
- password: "{{ nextcloud_mysql_password }}"
+ password: "{{ nextcloud.db_password }}"
priv: "nextcloud.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql.root_password }}"
@@ -88,22 +88,22 @@
- name: Copy over virtual host configs
template:
src: apache2-vhost-ssl.conf
- dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf"
+ dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Enable config
command:
- cmd: "a2ensite {{ nextcloud_url }}.conf"
- creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
+ cmd: "a2ensite {{ nextcloud.url }}.conf"
+ creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
- website_url: "{{ nextcloud_url }}"
+ website_url: "{{ nextcloud.url }}"
website_webroot: "{{ nextcloud_webroot }}"
- name: Template out backup module
template:
src: "backup.sh"
- dest: "/opt/backups/modules/{{ nextcloud_url }}.sh"
+ dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
mode: "0600"
become: yes
diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf
index 498fbd3..2d3770f 100644
--- a/roles/nextcloud/templates/apache2-vhost-ssl.conf
+++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf
@@ -1,4 +1,4 @@
-# Configuration for {{ nextcloud_url }}
+# Configuration for {{ nextcloud.url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
@@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off
# Website configuration
- ServerName {{ nextcloud_url }}
- Redirect permanent / https://{{ nextcloud_url }}
+ ServerName {{ nextcloud.url }}
+ Redirect permanent / https://{{ nextcloud.url }}
SSLEngine on
- SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
- SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
- SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
+ SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt
+ SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key
+ SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
\
@@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off
SSLOptions +StdEnvVars
- ServerName {{ nextcloud_url }}
+ ServerName {{ nextcloud.url }}
DocumentRoot {{ nextcloud_webroot }}
Require all granted
diff --git a/roles/nextcloud/templates/backup.sh b/roles/nextcloud/templates/backup.sh
index 4e7bb2a..bca012a 100644
--- a/roles/nextcloud/templates/backup.sh
+++ b/roles/nextcloud/templates/backup.sh
@@ -9,7 +9,7 @@
set -e
-export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}"
+export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}"
retention=5 # 5-day retention period
# Sanity checks
@@ -45,11 +45,11 @@ fi
if cd "{{ nextcloud_webroot }}"; then
date="$(date -Iseconds)"
log "Creating data backup"
- tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
+ tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
log "Creating webroot backup"
- tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
+ tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
log "Creating DB backup"
- mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz"
+ mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz"
else
log "Could not change directory: $OUTDIR"
return 3