Reorganize matrix and nc vars

This commit is contained in:
Salt 2020-08-02 19:43:08 -05:00
parent 7c53558f8f
commit 12d09a58bd
11 changed files with 71 additions and 68 deletions

View File

@ -75,21 +75,23 @@ gitea:
3565646664333966650a323530356664366262653763363439613534303764366436376634373639
62303264653836656162366362316461656363353539343632616462626231643632
# Grafana
grafana_mysql_password: !vault |
grafana:
mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376335363732633132326630323161393861323833323631613630343262383137656138356262
3730386139393739373738626535376636666135646463350a623331333032346434343465666234
38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663
grafana_url: "monitor.9iron.club"
grafana_webroot: "/var/www/grafana"
url: "monitor.9iron.club"
webroot: "/var/www/grafana"
# Matrix
matrix_server_name: "9iron.club"
matrix_url: "matrix.9iron.club"
matrix_enable_registration: "true"
matrix_admin_contact: "mailto:rehashedsalt@cock.li"
matrix_db_password: !vault |
matrix:
server_name: "9iron.club"
url: "matrix.9iron.club"
enable_registration: "true"
admin_contact: "mailto:rehashedsalt@cock.li"
db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64663061333130386634323631353435376330636334623334663365633361336563393634333061
6531393839336532376465356132646337663339333431340a383030373166653835386239643365
@ -97,14 +99,15 @@ matrix_db_password: !vault |
6233636463636134640a386436316462643434343739333232613264303635323261616634326562
63316265366238383038653034326661633163346462396663346563666134393232
# Nextcloud
nextcloud_mysql_password: !vault |
nextcloud:
db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
37633035633563646266346264333636393931323664313166633133653461646333643731636661
3966666665396239346662613764353333393038663762340a313236396331623061376462356437
66373234633939393034353439393465663131303661393164303335336435653734613064663964
3332313764623133630a393731613236373837316437653265636663666261383135636662373566
61373135303632336237333836353764646639633735323566346366623766646266
nextcloud_url: "nc.9iron.club"
url: "nc.9iron.club"
# Pleroma
pleroma_instance_desc: owo
pleroma_instance_email: rehashedsalt@cock.li

View File

@ -1,5 +1,5 @@
# vim:ft=ansible:
matrix_admin_contact: "mailto:noreply@server.example"
matrix.admin_contact: "mailto:noreply@server.example"
matrix_disabled_message: "Matrix on this server is down for maintenance"
matrix_enable_registration: "false"
matrix.enable_registration: "false"
matrix_webroot: "/var/www/riot"

View File

@ -25,7 +25,7 @@
- name: Create DB user
postgresql_user:
name: matrix
password: "{{ matrix_db_password }}"
password: "{{ matrix.db_password }}"
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
@ -64,7 +64,7 @@
- name: Template out vhost
template:
src: "apache2-vhost-ssl.conf"
dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf"
dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
notify: restart apache
- name: Create webroot
file:
@ -72,14 +72,14 @@
path: "{{ matrix_webroot }}"
- name: Enable site
command:
cmd: "a2ensite {{ matrix_url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
cmd: "a2ensite {{ matrix.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ matrix_url }}"
website_url: "{{ matrix.url }}"
- name: Configure Synapse
template:
src: "{{ item.src }}"
@ -112,6 +112,6 @@
- name: Template out backup module
template:
src: "backup.sh"
dest: "/opt/backups/modules/{{ matrix_url }}.sh"
dest: "/opt/backups/modules/{{ matrix.url }}.sh"
mode: "0600"
become: yes

View File

@ -1,4 +1,4 @@
# Configuration for {{ matrix_url }}
# Configuration for {{ matrix.url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
@ -8,18 +8,18 @@ SSLProxyEngine on
# Website configuration
<VirtualHost *:80>
ServerName {{ matrix_url }}
Redirect permanent / https://{{ matrix_url }}
ServerName {{ matrix.url }}
Redirect permanent / https://{{ matrix.url }}
</VirtualHost>
<VirtualHost *:443 *:8448>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
SSLCertificateFile /etc/pki/cert/crt/{{ matrix.url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix.url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix.url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ matrix_url }}
ServerAlias {{ matrix_server_name }}
ServerName {{ matrix.url }}
ServerAlias {{ matrix.server_name }}
DocumentRoot {{ matrix_webroot }}
<Directory "{{ matrix_webroot }}">
Require all granted

View File

@ -9,7 +9,7 @@
set -e
export OUTDIR="$BACKUPSDIR/{{ matrix_url }}"
export OUTDIR="$BACKUPSDIR/{{ matrix.url }}"
retention=7 # 7-day retention period
# Sanity checks
@ -34,5 +34,5 @@ if (( currentbackupcount >= retention )); then
fi
fi
# WE MAKE BACKUP NOW SERGEI
tar czf "$OUTDIR/{{ matrix_url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"
tar czf "$OUTDIR/{{ matrix.url }}-$(date -Iseconds).tar.gz" "/var/lib/matrix-synapse/" "/etc/matrix-synapse/"

View File

@ -31,7 +31,7 @@ listeners:
compress: false
## Homeserver blocking ##
admin_contact: '{{ matrix_admin_contact }}'
admin_contact: '{{ matrix.admin_contact }}'
#hs_disabled: false
#hs_disabled_message: '{{ matrix_disabled_message }}'
retention:
@ -44,7 +44,7 @@ database:
name: psycopg2
args:
user: matrix
password: '{{ matrix_db_password }}'
password: '{{ matrix.db_password }}'
database: matrix
host: '{{ matrix_db_hostname }}'
cp_min: 5
@ -106,7 +106,7 @@ url_preview_url_blacklist:
max_spider_size: 10M
## Registration ##
enable_registration: {{ matrix_enable_registration }}
enable_registration: {{ matrix.enable_registration }}
enable_3pid_lookup: true
default_identity_server: https://vector.im
auto_join_rooms:

View File

@ -907,7 +907,7 @@ url_preview_accept_language:
# Enable registration for new users.
#
enable_registration: {{ matrix_enable_registration }}
enable_registration: {{ matrix.enable_registration }}
# Optional account validity configuration. This allows for accounts to be denied
# any request after a given period.

View File

@ -1,3 +1,3 @@
# This file is managed via Ansible; any changes here will be overwritten
# And rightfully so. Don't screw with this
server_name: {{ matrix_server_name }}
server_name: {{ matrix.server_name }}

View File

@ -21,7 +21,7 @@
mysql_user:
name: nextcloud
host: localhost
password: "{{ nextcloud_mysql_password }}"
password: "{{ nextcloud.db_password }}"
priv: "nextcloud.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql.root_password }}"
@ -88,22 +88,22 @@
- name: Copy over virtual host configs
template:
src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-available/{{ nextcloud_url }}.conf"
dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Enable config
command:
cmd: "a2ensite {{ nextcloud_url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
cmd: "a2ensite {{ nextcloud.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ nextcloud_url }}"
website_url: "{{ nextcloud.url }}"
website_webroot: "{{ nextcloud_webroot }}"
- name: Template out backup module
template:
src: "backup.sh"
dest: "/opt/backups/modules/{{ nextcloud_url }}.sh"
dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
mode: "0600"
become: yes

View File

@ -1,4 +1,4 @@
# Configuration for {{ nextcloud_url }}
# Configuration for {{ nextcloud.url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
@ -6,14 +6,14 @@ SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ nextcloud_url }}
Redirect permanent / https://{{ nextcloud_url }}
ServerName {{ nextcloud.url }}
Redirect permanent / https://{{ nextcloud.url }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud.url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud.url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud.url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
@ -22,7 +22,7 @@ SSLStrictSNIVHostCheck off
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nextcloud_url }}
ServerName {{ nextcloud.url }}
DocumentRoot {{ nextcloud_webroot }}
<Directory "{{ nextcloud_webroot }}">
Require all granted

View File

@ -9,7 +9,7 @@
set -e
export OUTDIR="$BACKUPSDIR/{{ nextcloud_url }}"
export OUTDIR="$BACKUPSDIR/{{ nextcloud.url }}"
retention=5 # 5-day retention period
# Sanity checks
@ -45,11 +45,11 @@ fi
if cd "{{ nextcloud_webroot }}"; then
date="$(date -Iseconds)"
log "Creating data backup"
tar czhf "$OUTDIR/{{ nextcloud_url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
tar czhf "$OUTDIR/{{ nextcloud.url }}-$date-data.tar.gz" "/var/nextcloud" --exclude "/var/nextcloud/*/files_trashbin"
log "Creating webroot backup"
tar czf "$OUTDIR/{{ nextcloud_url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
tar czf "$OUTDIR/{{ nextcloud.url }}-$date-webroot.tar.gz" "{{ nextcloud_webroot }}"
log "Creating DB backup"
mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud_url }}-$date-db.sql.gz"
mysqldump nextcloud --single-transaction | gzip > "$OUTDIR/{{ nextcloud.url }}-$date-db.sql.gz"
else
log "Could not change directory: $OUTDIR"
return 3