From 12d09a58bd1cdc36ca2d83078c222f4d1b8b1d4c Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 2 Aug 2020 19:43:08 -0500 Subject: [PATCH] Reorganize matrix and nc vars --- inventory/group_vars/9iron.club.yml | 59 ++++++++++--------- roles/matrix/defaults/main.yml | 4 +- roles/matrix/tasks/main.yml | 12 ++-- roles/matrix/templates/apache2-vhost-ssl.conf | 16 ++--- roles/matrix/templates/backup.sh | 4 +- roles/matrix/templates/homeserver.yaml | 6 +- roles/matrix/templates/homeserver.yaml.orig | 2 +- roles/matrix/templates/server_name.yaml | 2 +- roles/nextcloud/tasks/main.yml | 12 ++-- .../templates/apache2-vhost-ssl.conf | 14 ++--- roles/nextcloud/templates/backup.sh | 8 +-- 11 files changed, 71 insertions(+), 68 deletions(-) diff --git a/inventory/group_vars/9iron.club.yml b/inventory/group_vars/9iron.club.yml index e14809d..609fd67 100644 --- a/inventory/group_vars/9iron.club.yml +++ b/inventory/group_vars/9iron.club.yml @@ -75,36 +75,39 @@ gitea: 3565646664333966650a323530356664366262653763363439613534303764366436376634373639 62303264653836656162366362316461656363353539343632616462626231643632 # Grafana -grafana_mysql_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65376335363732633132326630323161393861323833323631613630343262383137656138356262 - 3730386139393739373738626535376636666135646463350a623331333032346434343465666234 - 38393539623437376133363063633238383031326431653737346564323837343265653431633962 - 6665346237666165330a643635653863356633623535383063366632336437313730626233346664 - 33303465616532313339393634386166363162393661393037323835323035386663 -grafana_url: "monitor.9iron.club" -grafana_webroot: "/var/www/grafana" +grafana: + mysql_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65376335363732633132326630323161393861323833323631613630343262383137656138356262 + 3730386139393739373738626535376636666135646463350a623331333032346434343465666234 + 38393539623437376133363063633238383031326431653737346564323837343265653431633962 + 6665346237666165330a643635653863356633623535383063366632336437313730626233346664 + 33303465616532313339393634386166363162393661393037323835323035386663 + url: "monitor.9iron.club" + webroot: "/var/www/grafana" # Matrix -matrix_server_name: "9iron.club" -matrix_url: "matrix.9iron.club" -matrix_enable_registration: "true" -matrix_admin_contact: "mailto:rehashedsalt@cock.li" -matrix_db_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 64663061333130386634323631353435376330636334623334663365633361336563393634333061 - 6531393839336532376465356132646337663339333431340a383030373166653835386239643365 - 31356462653634323162343164633130366664323034373330613764663635326534303935303230 - 6233636463636134640a386436316462643434343739333232613264303635323261616634326562 - 63316265366238383038653034326661633163346462396663346563666134393232 +matrix: + server_name: "9iron.club" + url: "matrix.9iron.club" + enable_registration: "true" + admin_contact: "mailto:rehashedsalt@cock.li" + db_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64663061333130386634323631353435376330636334623334663365633361336563393634333061 + 6531393839336532376465356132646337663339333431340a383030373166653835386239643365 + 31356462653634323162343164633130366664323034373330613764663635326534303935303230 + 6233636463636134640a386436316462643434343739333232613264303635323261616634326562 + 63316265366238383038653034326661633163346462396663346563666134393232 # Nextcloud -nextcloud_mysql_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37633035633563646266346264333636393931323664313166633133653461646333643731636661 - 3966666665396239346662613764353333393038663762340a313236396331623061376462356437 - 66373234633939393034353439393465663131303661393164303335336435653734613064663964 - 3332313764623133630a393731613236373837316437653265636663666261383135636662373566 - 61373135303632336237333836353764646639633735323566346366623766646266 -nextcloud_url: "nc.9iron.club" +nextcloud: + db_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37633035633563646266346264333636393931323664313166633133653461646333643731636661 + 3966666665396239346662613764353333393038663762340a313236396331623061376462356437 + 66373234633939393034353439393465663131303661393164303335336435653734613064663964 + 3332313764623133630a393731613236373837316437653265636663666261383135636662373566 + 61373135303632336237333836353764646639633735323566346366623766646266 + url: "nc.9iron.club" # Pleroma pleroma_instance_desc: owo pleroma_instance_email: rehashedsalt@cock.li diff --git a/roles/matrix/defaults/main.yml b/roles/matrix/defaults/main.yml index 90862ed..7b02c13 100644 --- a/roles/matrix/defaults/main.yml +++ b/roles/matrix/defaults/main.yml @@ -1,5 +1,5 @@ # vim:ft=ansible: -matrix_admin_contact: "mailto:noreply@server.example" +matrix.admin_contact: "mailto:noreply@server.example" matrix_disabled_message: "Matrix on this server is down for maintenance" -matrix_enable_registration: "false" +matrix.enable_registration: "false" matrix_webroot: "/var/www/riot" diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index c497316..6fc18bd 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -25,7 +25,7 @@ - name: Create DB user postgresql_user: name: matrix - password: "{{ matrix_db_password }}" + password: "{{ matrix.db_password }}" login_host: "{{ matrix_db_hostname }}" login_user: "{{ psql.ansible.user }}" login_password: "{{ psql.ansible.pass }}" @@ -64,7 +64,7 @@ - name: Template out vhost template: src: "apache2-vhost-ssl.conf" - dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf" + dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf" notify: restart apache - name: Create webroot file: @@ -72,14 +72,14 @@ path: "{{ matrix_webroot }}" - name: Enable site command: - cmd: "a2ensite {{ matrix_url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf" + cmd: "a2ensite {{ matrix.url }}.conf" + creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf" notify: restart apache - name: Generate certificate include_role: name: https vars: - website_url: "{{ matrix_url }}" + website_url: "{{ matrix.url }}" - name: Configure Synapse template: src: "{{ item.src }}" @@ -112,6 +112,6 @@ - name: Template out backup module template: src: "backup.sh" - dest: "/opt/backups/modules/{{ matrix_url }}.sh" + dest: "/opt/backups/modules/{{ matrix.url }}.sh" mode: "0600" become: yes diff --git a/roles/matrix/templates/apache2-vhost-ssl.conf b/roles/matrix/templates/apache2-vhost-ssl.conf index 145d903..8975068 100644 --- a/roles/matrix/templates/apache2-vhost-ssl.conf +++ b/roles/matrix/templates/apache2-vhost-ssl.conf @@ -1,4 +1,4 @@ -# Configuration for {{ matrix_url }} +# Configuration for {{ matrix.url }} # vim:ft=apache: # Accept connections from non-SNI clients @@ -8,18 +8,18 @@ SSLProxyEngine on # Website configuration - ServerName {{ matrix_url }} - Redirect permanent / https://{{ matrix_url }} + ServerName {{ matrix.url }} + Redirect permanent / https://{{ matrix.url }} SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt + SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt + SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key + SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt SSLProtocol {{ ssl_protocol }} SSLCipherSuite {{ ssl_cipher_suite }} - ServerName {{ matrix_url }} - ServerAlias {{ matrix_server_name }} + ServerName {{ matrix.url }} + ServerAlias {{ matrix.server_name }} DocumentRoot {{ matrix_webroot }} Require all granted diff --git a/roles/matrix/templates/backup.sh b/roles/matrix/templates/backup.sh index b790e5f..5fcaf7c 100644 --- a/roles/matrix/templates/backup.sh +++ b/roles/matrix/templates/backup.sh @@ -9,7 +9,7 @@ set -e -export OUTDIR="$BACKUPSDIR/{{ matrix_url }}" +export OUTDIR="$BACKUPSDIR/{{ matrix.url }}" retention=7 # 7-day retention period # Sanity checks @@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then fi fi # WE MAKE BACKUP NOW SERGEI -tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/" +tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/" diff --git a/roles/matrix/templates/homeserver.yaml b/roles/matrix/templates/homeserver.yaml index 4c48d19..5cabba0 100644 --- a/roles/matrix/templates/homeserver.yaml +++ b/roles/matrix/templates/homeserver.yaml @@ -31,7 +31,7 @@ listeners: compress: false ## Homeserver blocking ## -admin_contact: '{{ matrix_admin_contact }}' +admin_contact: '{{ matrix.admin_contact }}' #hs_disabled: false #hs_disabled_message: '{{ matrix_disabled_message }}' retention: @@ -44,7 +44,7 @@ database: name: psycopg2 args: user: matrix - password: '{{ matrix_db_password }}' + password: '{{ matrix.db_password }}' database: matrix host: '{{ matrix_db_hostname }}' cp_min: 5 @@ -106,7 +106,7 @@ url_preview_url_blacklist: max_spider_size: 10M ## Registration ## -enable_registration: {{ matrix_enable_registration }} +enable_registration: {{ matrix.enable_registration }} enable_3pid_lookup: true default_identity_server: https://vector.im auto_join_rooms: diff --git a/roles/matrix/templates/homeserver.yaml.orig b/roles/matrix/templates/homeserver.yaml.orig index a8df787..72fcbce 100644 --- a/roles/matrix/templates/homeserver.yaml.orig +++ b/roles/matrix/templates/homeserver.yaml.orig @@ -907,7 +907,7 @@ url_preview_accept_language: # Enable registration for new users. # -enable_registration: {{ matrix_enable_registration }} +enable_registration: {{ matrix.enable_registration }} # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. diff --git a/roles/matrix/templates/server_name.yaml b/roles/matrix/templates/server_name.yaml index 3eed734..94317e3 100644 --- a/roles/matrix/templates/server_name.yaml +++ b/roles/matrix/templates/server_name.yaml @@ -1,3 +1,3 @@ # This file is managed via Ansible; any changes here will be overwritten # And rightfully so. Don't screw with this -server_name: {{ matrix_server_name }} +server_name: {{ matrix.server_name }} diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d912b81..a4109b0 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -21,7 +21,7 @@ mysql_user: name: nextcloud host: localhost - password: "{{ nextcloud_mysql_password }}" + password: "{{ nextcloud.db_password }}" priv: "nextcloud.*:ALL,GRANT" login_user: root login_password: "{{ mysql.root_password }}" @@ -88,22 +88,22 @@ - name: Copy over virtual host configs template: src: apache2-vhost-ssl.conf - dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf" + dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf" notify: restart apache - name: Enable config command: - cmd: "a2ensite {{ nextcloud_url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" + cmd: "a2ensite {{ nextcloud.url }}.conf" + creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf" notify: restart apache - name: Generate certificate include_role: name: https vars: - website_url: "{{ nextcloud_url }}" + website_url: "{{ nextcloud.url }}" website_webroot: "{{ nextcloud_webroot }}" - name: Template out backup module template: src: "backup.sh" - dest: "/opt/backups/modules/{{ nextcloud_url }}.sh" + dest: "/opt/backups/modules/{{ nextcloud.url }}.sh" mode: "0600" become: yes diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf index 498fbd3..2d3770f 100644 --- a/roles/nextcloud/templates/apache2-vhost-ssl.conf +++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf @@ -1,4 +1,4 @@ -# Configuration for {{ nextcloud_url }} +# Configuration for {{ nextcloud.url }} # vim:ft=apache: # Accept connections from non-SNI clients @@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off # Website configuration - ServerName {{ nextcloud_url }} - Redirect permanent / https://{{ nextcloud_url }} + ServerName {{ nextcloud.url }} + Redirect permanent / https://{{ nextcloud.url }} SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt + SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt + SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key + SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt SSLProtocol {{ ssl_protocol }} SSLCipherSuite {{ ssl_cipher_suite }} \ @@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off SSLOptions +StdEnvVars - ServerName {{ nextcloud_url }} + ServerName {{ nextcloud.url }} DocumentRoot {{ nextcloud_webroot }} Require all granted diff --git a/roles/nextcloud/templates/backup.sh b/roles/nextcloud/templates/backup.sh index 4e7bb2a..bca012a 100644 --- a/roles/nextcloud/templates/backup.sh +++ b/roles/nextcloud/templates/backup.sh @@ -9,7 +9,7 @@ set -e -export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}" +export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}" retention=5 # 5-day retention period # Sanity checks @@ -45,11 +45,11 @@ fi if cd "{{ nextcloud_webroot }}"; then date="$(date -Iseconds)" log "Creating data backup" - tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" + tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" log "Creating webroot backup" - tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}" + tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}" log "Creating DB backup" - mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz" + mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz" else log "Could not change directory: $OUTDIR" return 3