Reorganize matrix and nc vars
This commit is contained in:
parent
7c53558f8f
commit
12d09a58bd
@ -75,21 +75,23 @@ gitea:
|
||||
3565646664333966650a323530356664366262653763363439613534303764366436376634373639
|
||||
62303264653836656162366362316461656363353539343632616462626231643632
|
||||
# Grafana
|
||||
grafana_mysql_password: !vault |
|
||||
grafana:
|
||||
mysql_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65376335363732633132326630323161393861323833323631613630343262383137656138356262
|
||||
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
|
||||
38393539623437376133363063633238383031326431653737346564323837343265653431633962
|
||||
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
|
||||
33303465616532313339393634386166363162393661393037323835323035386663
|
||||
grafana_url: "monitor.9iron.club"
|
||||
grafana_webroot: "/var/www/grafana"
|
||||
url: "monitor.9iron.club"
|
||||
webroot: "/var/www/grafana"
|
||||
# Matrix
|
||||
matrix_server_name: "9iron.club"
|
||||
matrix_url: "matrix.9iron.club"
|
||||
matrix_enable_registration: "true"
|
||||
matrix_admin_contact: "mailto:rehashedsalt@cock.li"
|
||||
matrix_db_password: !vault |
|
||||
matrix:
|
||||
server_name: "9iron.club"
|
||||
url: "matrix.9iron.club"
|
||||
enable_registration: "true"
|
||||
admin_contact: "mailto:rehashedsalt@cock.li"
|
||||
db_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64663061333130386634323631353435376330636334623334663365633361336563393634333061
|
||||
6531393839336532376465356132646337663339333431340a383030373166653835386239643365
|
||||
@ -97,14 +99,15 @@ matrix_db_password: !vault |
|
||||
6233636463636134640a386436316462643434343739333232613264303635323261616634326562
|
||||
63316265366238383038653034326661633163346462396663346563666134393232
|
||||
# Nextcloud
|
||||
nextcloud_mysql_password: !vault |
|
||||
nextcloud:
|
||||
db_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37633035633563646266346264333636393931323664313166633133653461646333643731636661
|
||||
3966666665396239346662613764353333393038663762340a313236396331623061376462356437
|
||||
66373234633939393034353439393465663131303661393164303335336435653734613064663964
|
||||
3332313764623133630a393731613236373837316437653265636663666261383135636662373566
|
||||
61373135303632336237333836353764646639633735323566346366623766646266
|
||||
nextcloud_url: "nc.9iron.club"
|
||||
url: "nc.9iron.club"
|
||||
# Pleroma
|
||||
pleroma_instance_desc: owo
|
||||
pleroma_instance_email: rehashedsalt@cock.li
|
||||
|
@ -1,5 +1,5 @@
|
||||
# vim:ft=ansible:
|
||||
matrix_admin_contact: "mailto:noreply@server.example"
|
||||
matrix.admin_contact: "mailto:noreply@server.example"
|
||||
matrix_disabled_message: "Matrix on this server is down for maintenance"
|
||||
matrix_enable_registration: "false"
|
||||
matrix.enable_registration: "false"
|
||||
matrix_webroot: "/var/www/riot"
|
||||
|
@ -25,7 +25,7 @@
|
||||
- name: Create DB user
|
||||
postgresql_user:
|
||||
name: matrix
|
||||
password: "{{ matrix_db_password }}"
|
||||
password: "{{ matrix.db_password }}"
|
||||
login_host: "{{ matrix_db_hostname }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
@ -64,7 +64,7 @@
|
||||
- name: Template out vhost
|
||||
template:
|
||||
src: "apache2-vhost-ssl.conf"
|
||||
dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf"
|
||||
dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Create webroot
|
||||
file:
|
||||
@ -72,14 +72,14 @@
|
||||
path: "{{ matrix_webroot }}"
|
||||
- name: Enable site
|
||||
command:
|
||||
cmd: "a2ensite {{ matrix_url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
|
||||
cmd: "a2ensite {{ matrix.url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: https
|
||||
vars:
|
||||
website_url: "{{ matrix_url }}"
|
||||
website_url: "{{ matrix.url }}"
|
||||
- name: Configure Synapse
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
@ -112,6 +112,6 @@
|
||||
- name: Template out backup module
|
||||
template:
|
||||
src: "backup.sh"
|
||||
dest: "/opt/backups/modules/{{ matrix_url }}.sh"
|
||||
dest: "/opt/backups/modules/{{ matrix.url }}.sh"
|
||||
mode: "0600"
|
||||
become: yes
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Configuration for {{ matrix_url }}
|
||||
# Configuration for {{ matrix.url }}
|
||||
# vim:ft=apache:
|
||||
|
||||
# Accept connections from non-SNI clients
|
||||
@ -8,18 +8,18 @@ SSLProxyEngine on
|
||||
|
||||
# Website configuration
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ matrix_url }}
|
||||
Redirect permanent / https://{{ matrix_url }}
|
||||
ServerName {{ matrix.url }}
|
||||
Redirect permanent / https://{{ matrix.url }}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443 *:8448>
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt
|
||||
SSLProtocol {{ ssl_protocol }}
|
||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
||||
ServerName {{ matrix_url }}
|
||||
ServerAlias {{ matrix_server_name }}
|
||||
ServerName {{ matrix.url }}
|
||||
ServerAlias {{ matrix.server_name }}
|
||||
DocumentRoot {{ matrix_webroot }}
|
||||
<Directory "{{ matrix_webroot }}">
|
||||
Require all granted
|
||||
|
@ -9,7 +9,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
export OUTDIR="$BACKUPSDIR/{{ matrix_url }}"
|
||||
export OUTDIR="$BACKUPSDIR/{{ matrix.url }}"
|
||||
retention=7 # 7-day retention period
|
||||
|
||||
# Sanity checks
|
||||
@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then
|
||||
fi
|
||||
fi
|
||||
# WE MAKE BACKUP NOW SERGEI
|
||||
tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
|
||||
tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
|
||||
|
||||
|
@ -31,7 +31,7 @@ listeners:
|
||||
compress: false
|
||||
|
||||
## Homeserver blocking ##
|
||||
admin_contact: '{{ matrix_admin_contact }}'
|
||||
admin_contact: '{{ matrix.admin_contact }}'
|
||||
#hs_disabled: false
|
||||
#hs_disabled_message: '{{ matrix_disabled_message }}'
|
||||
retention:
|
||||
@ -44,7 +44,7 @@ database:
|
||||
name: psycopg2
|
||||
args:
|
||||
user: matrix
|
||||
password: '{{ matrix_db_password }}'
|
||||
password: '{{ matrix.db_password }}'
|
||||
database: matrix
|
||||
host: '{{ matrix_db_hostname }}'
|
||||
cp_min: 5
|
||||
@ -106,7 +106,7 @@ url_preview_url_blacklist:
|
||||
max_spider_size: 10M
|
||||
|
||||
## Registration ##
|
||||
enable_registration: {{ matrix_enable_registration }}
|
||||
enable_registration: {{ matrix.enable_registration }}
|
||||
enable_3pid_lookup: true
|
||||
default_identity_server: https://vector.im
|
||||
auto_join_rooms:
|
||||
|
@ -907,7 +907,7 @@ url_preview_accept_language:
|
||||
|
||||
# Enable registration for new users.
|
||||
#
|
||||
enable_registration: {{ matrix_enable_registration }}
|
||||
enable_registration: {{ matrix.enable_registration }}
|
||||
|
||||
# Optional account validity configuration. This allows for accounts to be denied
|
||||
# any request after a given period.
|
||||
|
@ -1,3 +1,3 @@
|
||||
# This file is managed via Ansible; any changes here will be overwritten
|
||||
# And rightfully so. Don't screw with this
|
||||
server_name: {{ matrix_server_name }}
|
||||
server_name: {{ matrix.server_name }}
|
||||
|
@ -21,7 +21,7 @@
|
||||
mysql_user:
|
||||
name: nextcloud
|
||||
host: localhost
|
||||
password: "{{ nextcloud_mysql_password }}"
|
||||
password: "{{ nextcloud.db_password }}"
|
||||
priv: "nextcloud.*:ALL,GRANT"
|
||||
login_user: root
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
@ -88,22 +88,22 @@
|
||||
- name: Copy over virtual host configs
|
||||
template:
|
||||
src: apache2-vhost-ssl.conf
|
||||
dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf"
|
||||
dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Enable config
|
||||
command:
|
||||
cmd: "a2ensite {{ nextcloud_url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
|
||||
cmd: "a2ensite {{ nextcloud.url }}.conf"
|
||||
creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
|
||||
notify: restart apache
|
||||
- name: Generate certificate
|
||||
include_role:
|
||||
name: https
|
||||
vars:
|
||||
website_url: "{{ nextcloud_url }}"
|
||||
website_url: "{{ nextcloud.url }}"
|
||||
website_webroot: "{{ nextcloud_webroot }}"
|
||||
- name: Template out backup module
|
||||
template:
|
||||
src: "backup.sh"
|
||||
dest: "/opt/backups/modules/{{ nextcloud_url }}.sh"
|
||||
dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
|
||||
mode: "0600"
|
||||
become: yes
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Configuration for {{ nextcloud_url }}
|
||||
# Configuration for {{ nextcloud.url }}
|
||||
# vim:ft=apache:
|
||||
|
||||
# Accept connections from non-SNI clients
|
||||
@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off
|
||||
|
||||
# Website configuration
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ nextcloud_url }}
|
||||
Redirect permanent / https://{{ nextcloud_url }}
|
||||
ServerName {{ nextcloud.url }}
|
||||
Redirect permanent / https://{{ nextcloud.url }}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
|
||||
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt
|
||||
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key
|
||||
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt
|
||||
SSLProtocol {{ ssl_protocol }}
|
||||
SSLCipherSuite {{ ssl_cipher_suite }}
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
|
||||
@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
ServerName {{ nextcloud_url }}
|
||||
ServerName {{ nextcloud.url }}
|
||||
DocumentRoot {{ nextcloud_webroot }}
|
||||
<Directory "{{ nextcloud_webroot }}">
|
||||
Require all granted
|
||||
|
@ -9,7 +9,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}"
|
||||
export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}"
|
||||
retention=5 # 5-day retention period
|
||||
|
||||
# Sanity checks
|
||||
@ -45,11 +45,11 @@ fi
|
||||
if cd "{{ nextcloud_webroot }}"; then
|
||||
date="$(date -Iseconds)"
|
||||
log "Creating data backup"
|
||||
tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
|
||||
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
|
||||
log "Creating webroot backup"
|
||||
tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
|
||||
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
|
||||
log "Creating DB backup"
|
||||
mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz"
|
||||
mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz"
|
||||
else
|
||||
log "Could not change directory: $OUTDIR"
|
||||
return 3
|
||||
|
Loading…
Reference in New Issue
Block a user