Reorganize matrix and nc vars

2020-08-02 19:43:08 -05:00 · 2020-08-02 19:43:08 -05:00 · 12d09a58bd
commit 12d09a58bd
parent 7c53558f8f
11 changed files with 71 additions and 68 deletions
--- a/inventory/group_vars/9iron.club.yml
+++ b/inventory/group_vars/9iron.club.yml
@ -75,36 +75,39 @@ gitea:
              3565646664333966650a323530356664366262653763363439613534303764366436376634373639
              62303264653836656162366362316461656363353539343632616462626231643632
 # Grafana
-grafana_mysql_password: !vault |
+grafana:
-          $ANSIBLE_VAULT;1.1;AES256
+  mysql_password: !vault |
-          65376335363732633132326630323161393861323833323631613630343262383137656138356262
+            $ANSIBLE_VAULT;1.1;AES256
-          3730386139393739373738626535376636666135646463350a623331333032346434343465666234
+            65376335363732633132326630323161393861323833323631613630343262383137656138356262
-          38393539623437376133363063633238383031326431653737346564323837343265653431633962
+            3730386139393739373738626535376636666135646463350a623331333032346434343465666234
-          6665346237666165330a643635653863356633623535383063366632336437313730626233346664
+            38393539623437376133363063633238383031326431653737346564323837343265653431633962
-          33303465616532313339393634386166363162393661393037323835323035386663
+            6665346237666165330a643635653863356633623535383063366632336437313730626233346664
-grafana_url: "monitor.9iron.club"
+            33303465616532313339393634386166363162393661393037323835323035386663
-grafana_webroot: "/var/www/grafana"
+  url: "monitor.9iron.club"
  webroot: "/var/www/grafana"
 # Matrix
-matrix_server_name: "9iron.club"
+matrix:
-matrix_url: "matrix.9iron.club"
+  server_name: "9iron.club"
-matrix_enable_registration: "true"
+  url: "matrix.9iron.club"
-matrix_admin_contact: "mailto:rehashedsalt@cock.li"
+  enable_registration: "true"
-matrix_db_password: !vault |
+  admin_contact: "mailto:rehashedsalt@cock.li"
-          $ANSIBLE_VAULT;1.1;AES256
+  db_password: !vault |
-          64663061333130386634323631353435376330636334623334663365633361336563393634333061
+            $ANSIBLE_VAULT;1.1;AES256
-          6531393839336532376465356132646337663339333431340a383030373166653835386239643365
+            64663061333130386634323631353435376330636334623334663365633361336563393634333061
-          31356462653634323162343164633130366664323034373330613764663635326534303935303230
+            6531393839336532376465356132646337663339333431340a383030373166653835386239643365
-          6233636463636134640a386436316462643434343739333232613264303635323261616634326562
+            31356462653634323162343164633130366664323034373330613764663635326534303935303230
-          63316265366238383038653034326661633163346462396663346563666134393232
+            6233636463636134640a386436316462643434343739333232613264303635323261616634326562
            63316265366238383038653034326661633163346462396663346563666134393232
 # Nextcloud
-nextcloud_mysql_password: !vault |
+nextcloud:
-          $ANSIBLE_VAULT;1.1;AES256
+  db_password: !vault |
-          37633035633563646266346264333636393931323664313166633133653461646333643731636661
+            $ANSIBLE_VAULT;1.1;AES256
-          3966666665396239346662613764353333393038663762340a313236396331623061376462356437
+            37633035633563646266346264333636393931323664313166633133653461646333643731636661
-          66373234633939393034353439393465663131303661393164303335336435653734613064663964
+            3966666665396239346662613764353333393038663762340a313236396331623061376462356437
-          3332313764623133630a393731613236373837316437653265636663666261383135636662373566
+            66373234633939393034353439393465663131303661393164303335336435653734613064663964
-          61373135303632336237333836353764646639633735323566346366623766646266
+            3332313764623133630a393731613236373837316437653265636663666261383135636662373566
-nextcloud_url: "nc.9iron.club"
+            61373135303632336237333836353764646639633735323566346366623766646266
  url: "nc.9iron.club"
 # Pleroma
 pleroma_instance_desc: owo
 pleroma_instance_email: rehashedsalt@cock.li
--- a/roles/matrix/defaults/main.yml
+++ b/roles/matrix/defaults/main.yml
@ -1,5 +1,5 @@
 # vim:ft=ansible:
-matrix_admin_contact: "mailto:noreply@server.example"
+matrix.admin_contact: "mailto:noreply@server.example"
 matrix_disabled_message: "Matrix on this server is down for maintenance"
-matrix_enable_registration: "false"
+matrix.enable_registration: "false"
 matrix_webroot: "/var/www/riot"
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -25,7 +25,7 @@
        - name: Create DB user
          postgresql_user:
            name: matrix
-            password: "{{ matrix_db_password }}"
+            password: "{{ matrix.db_password }}"
            login_host: "{{ matrix_db_hostname }}"
            login_user: "{{ psql.ansible.user }}"
            login_password: "{{ psql.ansible.pass }}"
@ -64,7 +64,7 @@
        - name: Template out vhost
          template:
            src: "apache2-vhost-ssl.conf"
-            dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf"
+            dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Create webroot
          file:
@ -72,14 +72,14 @@
            path: "{{ matrix_webroot }}"
        - name: Enable site
          command:
-            cmd: "a2ensite {{ matrix_url }}.conf"
+            cmd: "a2ensite {{ matrix.url }}.conf"
-            creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
+            creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Generate certificate
          include_role:
            name: https
          vars:
-            website_url: "{{ matrix_url }}"
+            website_url: "{{ matrix.url }}"
    - name: Configure Synapse
      template:
        src: "{{ item.src }}"
@ -112,6 +112,6 @@
    - name: Template out backup module
      template:
        src: "backup.sh"
-        dest: "/opt/backups/modules/{{ matrix_url }}.sh"
+        dest: "/opt/backups/modules/{{ matrix.url }}.sh"
        mode: "0600"
  become: yes
--- a/roles/matrix/templates/apache2-vhost-ssl.conf
+++ b/roles/matrix/templates/apache2-vhost-ssl.conf
@ -1,4 +1,4 @@
-# Configuration for {{ matrix_url }}
+# Configuration for {{ matrix.url }}
 # vim:ft=apache:
 # Accept connections from non-SNI clients
@ -8,18 +8,18 @@ SSLProxyEngine on
 # Website configuration
 <VirtualHost *:80>
-	ServerName {{ matrix_url }}
+	ServerName {{ matrix.url }}
-	Redirect permanent / https://{{ matrix_url }}
+	Redirect permanent / https://{{ matrix.url }}
 </VirtualHost>
 <VirtualHost *:443 *:8448>
 	SSLEngine on
-	SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
+	SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt
-	SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key
-	SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt
 	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
-	ServerName {{ matrix_url }}
+	ServerName {{ matrix.url }}
-	ServerAlias {{ matrix_server_name }}
+	ServerAlias {{ matrix.server_name }}
 	DocumentRoot {{ matrix_webroot }}
 	<Directory "{{ matrix_webroot }}">
 		Require all granted
--- a/roles/matrix/templates/backup.sh
+++ b/roles/matrix/templates/backup.sh
@ -9,7 +9,7 @@
 set -e
-export OUTDIR="$BACKUPSDIR/{{ matrix_url }}"
+export OUTDIR="$BACKUPSDIR/{{ matrix.url }}"
 retention=7 # 7-day retention period
 # Sanity checks
@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then
 	fi
 fi
 # WE MAKE BACKUP NOW SERGEI
-tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
+tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
--- a/roles/matrix/templates/homeserver.yaml
+++ b/roles/matrix/templates/homeserver.yaml
@ -31,7 +31,7 @@ listeners:
        compress: false
 ## Homeserver blocking ##
-admin_contact: '{{ matrix_admin_contact }}'
+admin_contact: '{{ matrix.admin_contact }}'
 #hs_disabled: false
 #hs_disabled_message: '{{ matrix_disabled_message }}'
 retention:
@ -44,7 +44,7 @@ database:
  name: psycopg2
  args:
    user: matrix
-    password: '{{ matrix_db_password }}'
+    password: '{{ matrix.db_password }}'
    database: matrix
    host: '{{ matrix_db_hostname }}'
    cp_min: 5
@ -106,7 +106,7 @@ url_preview_url_blacklist:
 max_spider_size: 10M
 ## Registration ##
-enable_registration: {{ matrix_enable_registration }}
+enable_registration: {{ matrix.enable_registration }}
 enable_3pid_lookup: true
 default_identity_server: https://vector.im
 auto_join_rooms:
--- a/roles/matrix/templates/homeserver.yaml.orig
+++ b/roles/matrix/templates/homeserver.yaml.orig
@ -907,7 +907,7 @@ url_preview_accept_language:
 # Enable registration for new users.
 #
-enable_registration: {{ matrix_enable_registration }}
+enable_registration: {{ matrix.enable_registration }}
 # Optional account validity configuration. This allows for accounts to be denied
 # any request after a given period.
--- a/roles/matrix/templates/server_name.yaml
+++ b/roles/matrix/templates/server_name.yaml
@ -1,3 +1,3 @@
 # This file is managed via Ansible; any changes here will be overwritten
 # And rightfully so. Don't screw with this
-server_name: {{ matrix_server_name }}
+server_name: {{ matrix.server_name }}
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -21,7 +21,7 @@
        mysql_user:
          name: nextcloud
          host: localhost
-          password: "{{ nextcloud_mysql_password }}"
+          password: "{{ nextcloud.db_password }}"
          priv: "nextcloud.*:ALL,GRANT"
          login_user: root
          login_password: "{{ mysql.root_password }}"
@ -88,22 +88,22 @@
  - name: Copy over virtual host configs
    template:
      src: apache2-vhost-ssl.conf
-      dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf"
+      dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
    notify: restart apache
  - name: Enable config
    command:
-      cmd: "a2ensite {{ nextcloud_url }}.conf"
+      cmd: "a2ensite {{ nextcloud.url }}.conf"
-      creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
+      creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
    notify: restart apache
  - name: Generate certificate
    include_role:
      name: https
    vars:
-      website_url: "{{ nextcloud_url }}"
+      website_url: "{{ nextcloud.url }}"
      website_webroot: "{{ nextcloud_webroot }}"
  - name: Template out backup module
    template:
      src: "backup.sh"
-      dest: "/opt/backups/modules/{{ nextcloud_url }}.sh"
+      dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
      mode: "0600"
  become: yes
--- a/roles/nextcloud/templates/apache2-vhost-ssl.conf
+++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf
@ -1,4 +1,4 @@
-# Configuration for {{ nextcloud_url }}
+# Configuration for {{ nextcloud.url }}
 # vim:ft=apache:
 # Accept connections from non-SNI clients
@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off
 # Website configuration
 <VirtualHost *:80>
-	ServerName {{ nextcloud_url }}
+	ServerName {{ nextcloud.url }}
-	Redirect permanent / https://{{ nextcloud_url }}
+	Redirect permanent / https://{{ nextcloud.url }}
 </VirtualHost>
 <VirtualHost *:443>
 	SSLEngine on
-	SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
+	SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt
-	SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key
-	SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt
 	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off
 	<Directory /usr/lib/cgi-bin>
 		SSLOptions +StdEnvVars
 	</Directory>
-	ServerName {{ nextcloud_url }}
+	ServerName {{ nextcloud.url }}
 	DocumentRoot {{ nextcloud_webroot }}
 	<Directory "{{ nextcloud_webroot }}">
 		Require all granted
--- a/roles/nextcloud/templates/backup.sh
+++ b/roles/nextcloud/templates/backup.sh
@ -9,7 +9,7 @@
 set -e
-export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}"
+export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}"
 retention=5 # 5-day retention period
 # Sanity checks
@ -45,11 +45,11 @@ fi
 if cd "{{ nextcloud_webroot }}"; then
 	date="$(date -Iseconds)"
 	log "Creating data backup"
-	tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
+	tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
 	log "Creating webroot backup"
-	tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
+	tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
 	log "Creating DB backup"
-	mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz"
+	mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz"
 else
 	log "Could not change directory: $OUTDIR"
 	return 3