Reorganize matrix and nc vars

This commit is contained in:
Salt 2020-08-02 19:43:08 -05:00
parent 7c53558f8f
commit 12d09a58bd
11 changed files with 71 additions and 68 deletions

View File

@ -75,21 +75,23 @@ gitea:
3565646664333966650a323530356664366262653763363439613534303764366436376634373639 3565646664333966650a323530356664366262653763363439613534303764366436376634373639
62303264653836656162366362316461656363353539343632616462626231643632 62303264653836656162366362316461656363353539343632616462626231643632
# Grafana # Grafana
grafana_mysql_password: !vault | grafana:
mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65376335363732633132326630323161393861323833323631613630343262383137656138356262 65376335363732633132326630323161393861323833323631613630343262383137656138356262
3730386139393739373738626535376636666135646463350a623331333032346434343465666234 3730386139393739373738626535376636666135646463350a623331333032346434343465666234
38393539623437376133363063633238383031326431653737346564323837343265653431633962 38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664 6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663 33303465616532313339393634386166363162393661393037323835323035386663
grafana_url: "monitor.9iron.club" url: "monitor.9iron.club"
grafana_webroot: "/var/www/grafana" webroot: "/var/www/grafana"
# Matrix # Matrix
matrix_server_name: "9iron.club" matrix:
matrix_url: "matrix.9iron.club" server_name: "9iron.club"
matrix_enable_registration: "true" url: "matrix.9iron.club"
matrix_admin_contact: "mailto:rehashedsalt@cock.li" enable_registration: "true"
matrix_db_password: !vault | admin_contact: "mailto:rehashedsalt@cock.li"
db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
64663061333130386634323631353435376330636334623334663365633361336563393634333061 64663061333130386634323631353435376330636334623334663365633361336563393634333061
6531393839336532376465356132646337663339333431340a383030373166653835386239643365 6531393839336532376465356132646337663339333431340a383030373166653835386239643365
@ -97,14 +99,15 @@ matrix_db_password: !vault |
6233636463636134640a386436316462643434343739333232613264303635323261616634326562 6233636463636134640a386436316462643434343739333232613264303635323261616634326562
63316265366238383038653034326661633163346462396663346563666134393232 63316265366238383038653034326661633163346462396663346563666134393232
# Nextcloud # Nextcloud
nextcloud_mysql_password: !vault | nextcloud:
db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37633035633563646266346264333636393931323664313166633133653461646333643731636661 37633035633563646266346264333636393931323664313166633133653461646333643731636661
3966666665396239346662613764353333393038663762340a313236396331623061376462356437 3966666665396239346662613764353333393038663762340a313236396331623061376462356437
66373234633939393034353439393465663131303661393164303335336435653734613064663964 66373234633939393034353439393465663131303661393164303335336435653734613064663964
3332313764623133630a393731613236373837316437653265636663666261383135636662373566 3332313764623133630a393731613236373837316437653265636663666261383135636662373566
61373135303632336237333836353764646639633735323566346366623766646266 61373135303632336237333836353764646639633735323566346366623766646266
nextcloud_url: "nc.9iron.club" url: "nc.9iron.club"
# Pleroma # Pleroma
pleroma_instance_desc: owo pleroma_instance_desc: owo
pleroma_instance_email: rehashedsalt@cock.li pleroma_instance_email: rehashedsalt@cock.li

View File

@ -1,5 +1,5 @@
# vim:ft=ansible: # vim:ft=ansible:
matrix_admin_contact: "mailto:noreply@server.example" matrix.admin_contact: "mailto:noreply@server.example"
matrix_disabled_message: "Matrix on this server is down for maintenance" matrix_disabled_message: "Matrix on this server is down for maintenance"
matrix_enable_registration: "false" matrix.enable_registration: "false"
matrix_webroot: "/var/www/riot" matrix_webroot: "/var/www/riot"

View File

@ -25,7 +25,7 @@
- name: Create DB user - name: Create DB user
postgresql_user: postgresql_user:
name: matrix name: matrix
password: "{{ matrix_db_password }}" password: "{{ matrix.db_password }}"
login_host: "{{ matrix_db_hostname }}" login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql.ansible.user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}" login_password: "{{ psql.ansible.pass }}"
@ -64,7 +64,7 @@
- name: Template out vhost - name: Template out vhost
template: template:
src: "apache2-vhost-ssl.conf" src: "apache2-vhost-ssl.conf"
dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf" dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
notify: restart apache notify: restart apache
- name: Create webroot - name: Create webroot
file: file:
@ -72,14 +72,14 @@
path: "{{ matrix_webroot }}" path: "{{ matrix_webroot }}"
- name: Enable site - name: Enable site
command: command:
cmd: "a2ensite {{ matrix_url }}.conf" cmd: "a2ensite {{ matrix.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf" creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
notify: restart apache notify: restart apache
- name: Generate certificate - name: Generate certificate
include_role: include_role:
name: https name: https
vars: vars:
website_url: "{{ matrix_url }}" website_url: "{{ matrix.url }}"
- name: Configure Synapse - name: Configure Synapse
template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
@ -112,6 +112,6 @@
- name: Template out backup module - name: Template out backup module
template: template:
src: "backup.sh" src: "backup.sh"
dest: "/opt/backups/modules/{{ matrix_url }}.sh" dest: "/opt/backups/modules/{{ matrix.url }}.sh"
mode: "0600" mode: "0600"
become: yes become: yes

View File

@ -1,4 +1,4 @@
# Configuration for {{ matrix_url }} # Configuration for {{ matrix.url }}
# vim:ft=apache: # vim:ft=apache:
# Accept connections from non-SNI clients # Accept connections from non-SNI clients
@ -8,18 +8,18 @@ SSLProxyEngine on
# Website configuration # Website configuration
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ matrix_url }} ServerName {{ matrix.url }}
Redirect permanent / https://{{ matrix_url }} Redirect permanent / https://{{ matrix.url }}
</VirtualHost> </VirtualHost>
<VirtualHost *:443 *:8448> <VirtualHost *:443 *:8448>
SSLEngine on SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }} SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ matrix_url }} ServerName {{ matrix.url }}
ServerAlias {{ matrix_server_name }} ServerAlias {{ matrix.server_name }}
DocumentRoot {{ matrix_webroot }} DocumentRoot {{ matrix_webroot }}
<Directory "{{ matrix_webroot }}"> <Directory "{{ matrix_webroot }}">
Require all granted Require all granted

View File

@ -9,7 +9,7 @@
set -e set -e
export OUTDIR="$BACKUPSDIR/{{ matrix_url }}" export OUTDIR="$BACKUPSDIR/{{ matrix.url }}"
retention=7 # 7-day retention period retention=7 # 7-day retention period
# Sanity checks # Sanity checks
@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then
fi fi
fi fi
# WE MAKE BACKUP NOW SERGEI # WE MAKE BACKUP NOW SERGEI
tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/" tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"

View File

@ -31,7 +31,7 @@ listeners:
compress: false compress: false
## Homeserver blocking ## ## Homeserver blocking ##
admin_contact: '{{ matrix_admin_contact }}' admin_contact: '{{ matrix.admin_contact }}'
#hs_disabled: false #hs_disabled: false
#hs_disabled_message: '{{ matrix_disabled_message }}' #hs_disabled_message: '{{ matrix_disabled_message }}'
retention: retention:
@ -44,7 +44,7 @@ database:
name: psycopg2 name: psycopg2
args: args:
user: matrix user: matrix
password: '{{ matrix_db_password }}' password: '{{ matrix.db_password }}'
database: matrix database: matrix
host: '{{ matrix_db_hostname }}' host: '{{ matrix_db_hostname }}'
cp_min: 5 cp_min: 5
@ -106,7 +106,7 @@ url_preview_url_blacklist:
max_spider_size: 10M max_spider_size: 10M
## Registration ## ## Registration ##
enable_registration: {{ matrix_enable_registration }} enable_registration: {{ matrix.enable_registration }}
enable_3pid_lookup: true enable_3pid_lookup: true
default_identity_server: https://vector.im default_identity_server: https://vector.im
auto_join_rooms: auto_join_rooms:

View File

@ -907,7 +907,7 @@ url_preview_accept_language:
# Enable registration for new users. # Enable registration for new users.
# #
enable_registration: {{ matrix_enable_registration }} enable_registration: {{ matrix.enable_registration }}
# Optional account validity configuration. This allows for accounts to be denied # Optional account validity configuration. This allows for accounts to be denied
# any request after a given period. # any request after a given period.

View File

@ -1,3 +1,3 @@
# This file is managed via Ansible; any changes here will be overwritten # This file is managed via Ansible; any changes here will be overwritten
# And rightfully so. Don't screw with this # And rightfully so. Don't screw with this
server_name: {{ matrix_server_name }} server_name: {{ matrix.server_name }}

View File

@ -21,7 +21,7 @@
mysql_user: mysql_user:
name: nextcloud name: nextcloud
host: localhost host: localhost
password: "{{ nextcloud_mysql_password }}" password: "{{ nextcloud.db_password }}"
priv: "nextcloud.*:ALL,GRANT" priv: "nextcloud.*:ALL,GRANT"
login_user: root login_user: root
login_password: "{{ mysql.root_password }}" login_password: "{{ mysql.root_password }}"
@ -88,22 +88,22 @@
- name: Copy over virtual host configs - name: Copy over virtual host configs
template: template:
src: apache2-vhost-ssl.conf src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf" dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
notify: restart apache notify: restart apache
- name: Enable config - name: Enable config
command: command:
cmd: "a2ensite {{ nextcloud_url }}.conf" cmd: "a2ensite {{ nextcloud.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
notify: restart apache notify: restart apache
- name: Generate certificate - name: Generate certificate
include_role: include_role:
name: https name: https
vars: vars:
website_url: "{{ nextcloud_url }}" website_url: "{{ nextcloud.url }}"
website_webroot: "{{ nextcloud_webroot }}" website_webroot: "{{ nextcloud_webroot }}"
- name: Template out backup module - name: Template out backup module
template: template:
src: "backup.sh" src: "backup.sh"
dest: "/opt/backups/modules/{{ nextcloud_url }}.sh" dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
mode: "0600" mode: "0600"
become: yes become: yes

View File

@ -1,4 +1,4 @@
# Configuration for {{ nextcloud_url }} # Configuration for {{ nextcloud.url }}
# vim:ft=apache: # vim:ft=apache:
# Accept connections from non-SNI clients # Accept connections from non-SNI clients
@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off
# Website configuration # Website configuration
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ nextcloud_url }} ServerName {{ nextcloud.url }}
Redirect permanent / https://{{ nextcloud_url }} Redirect permanent / https://{{ nextcloud.url }}
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <VirtualHost *:443>
SSLEngine on SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }} SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\ <FilesMatch "\.(cgi|shtml|phtml|php)$">\
@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off
<Directory /usr/lib/cgi-bin> <Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars SSLOptions +StdEnvVars
</Directory> </Directory>
ServerName {{ nextcloud_url }} ServerName {{ nextcloud.url }}
DocumentRoot {{ nextcloud_webroot }} DocumentRoot {{ nextcloud_webroot }}
<Directory "{{ nextcloud_webroot }}"> <Directory "{{ nextcloud_webroot }}">
Require all granted Require all granted

View File

@ -9,7 +9,7 @@
set -e set -e
export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}" export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}"
retention=5 # 5-day retention period retention=5 # 5-day retention period
# Sanity checks # Sanity checks
@ -45,11 +45,11 @@ fi
if cd "{{ nextcloud_webroot }}"; then if cd "{{ nextcloud_webroot }}"; then
date="$(date -Iseconds)" date="$(date -Iseconds)"
log "Creating data backup" log "Creating data backup"
tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin" tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
log "Creating webroot backup" log "Creating webroot backup"
tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}" tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
log "Creating DB backup" log "Creating DB backup"
mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz" mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz"
else else
log "Could not change directory: $OUTDIR" log "Could not change directory: $OUTDIR"
return 3 return 3