From 42ccb2bcc67451a0ee064d413ca32b352595385e Mon Sep 17 00:00:00 2001 From: Salt Date: Mon, 21 Dec 2020 01:18:32 -0600 Subject: [PATCH] Add game1.thefuck.how, separate playbooks out --- inventory/hosts.yml | 3 + playbooks/db.yml | 30 +++++++ playbooks/desktop.yml | 40 +++++++++ playbooks/web.yml | 127 ++++++++++++++++++++++++++++ site.yml | 192 +----------------------------------------- 5 files changed, 204 insertions(+), 188 deletions(-) create mode 100755 playbooks/db.yml create mode 100755 playbooks/desktop.yml create mode 100755 playbooks/web.yml diff --git a/inventory/hosts.yml b/inventory/hosts.yml index 041c15e..a3c0992 100644 --- a/inventory/hosts.yml +++ b/inventory/hosts.yml @@ -15,3 +15,6 @@ all: web: hosts: web1.desu.ltd: + game: + hosts: + game1.thefuck.how: diff --git a/playbooks/db.yml b/playbooks/db.yml new file mode 100755 index 0000000..31d9e79 --- /dev/null +++ b/playbooks/db.yml @@ -0,0 +1,30 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +# Database servers +--- +- hosts: psql1.desu.ltd + roles: + - role: postgresql + vars: + postgresql_global_config_options: + - option: listen_addresses + value: 192.168.164.156 + postgresql_hba_entries: + - { type: local, database: all, user: postgres, auth_method: peer } + - { type: local, database: all, user: all, auth_method: peer } + - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } + - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } + # Used for internal access from other nodes + - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } + postgresql_users: + - name: gitea + password: "{{ secret_gitea_db_pass }}" + - name: nextcloud + password: "{{ secret_nextcloud_db_pass }}" + postgresql_databases: + - name: gitea + owner: gitea + - name: nextcloud + owner: nextcloud + become: yes + tags: [ db, psql ] diff --git a/playbooks/desktop.yml b/playbooks/desktop.yml new file mode 100755 index 0000000..5d4bedb --- /dev/null +++ b/playbooks/desktop.yml @@ -0,0 +1,40 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- + # Home desktops +- hosts: desktop + post_tasks: + - name: confirm liblzo2 dllmap + lineinfile: + path: /etc/mono/config + insertafter: "" + line: '' + become: yes + tags: [ desktop, mono ] + - name: give python3 cap_sys_ptrace + capabilities: + path: /usr/bin/python3.8 + # Required for Randovania to access Dolphin memory + capability: cap_sys_ptrace=eip + become: yes + tags: [ desktop, python, cap ] + roles: + - role: desktop + become: yes + tags: [ desktop ] + - role: grub + become: yes + tags: [ desktop, grub ] + - role: udev + vars: + udev_rules: + # Switch RCM stuff + - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" + become: yes + tags: [ desktop, udev ] + - role: pulseaudio + become: yes + tags: [ desktop, pulse, pulseaudio ] + - role: zerotier + become: yes + tags: [ desktop, zerotier ] diff --git a/playbooks/web.yml b/playbooks/web.yml new file mode 100755 index 0000000..ac0971d --- /dev/null +++ b/playbooks/web.yml @@ -0,0 +1,127 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +# Webservers +--- +- hosts: web1.desu.ltd + roles: + - role: apache + vars: + apache_remove_default_vhost: yes + apache_packages_state: latest + apache_mods_enabled: + - ssl.load + - proxy.load + - proxy_http.load + - rewrite.load + apache_vhosts: + - servername: nc.desu.ltd + extra_parameters: | + Redirect permanent / https://nc.desu.ltd + - servername: desu.ltd + extra_parameters: | + Redirect permanent / https://desu.ltd + - servername: git.desu.ltd + extra_parameters: | + Redirect permanent / https://git.desu.ltd + apache_vhosts_ssl: + - servername: nc.desu.ltd + documentroot: /var/www/html/nextcloud + certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem + certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem + certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem + - servername: desu.ltd + documentroot: /var/www/html/desu.ltd + certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem + certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem + certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem + - servername: git.desu.ltd + extra_parameters: | + ProxyPreserveHost On + ProxyRequests Off + ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 + certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem + certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem + certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem + become: yes + tags: [ web, apache ] + - role: certbot + vars: + certbot_admin_email: rehashedsalt@cock.li + certbot_create_if_missing: yes + certbot_create_method: standalone + certbot_create_standalone_stop_services: + - apache2 + certbot_certs: + - domains: + - desu.ltd + - git.desu.ltd + - nc.desu.ltd + - web1.desu.ltd + become: yes + tags: [ web, certbot ] + - role: php + vars: + php_memory_limit: 512M + php_packages_extra: + - libapache2-mod-php + - php-zip # For Nextcloud + - php-intl + - php-imagick + - php-redis + - php-bcmath + - php-gmp + - php-pgsql # For general DB stuff + # Nextcloud recommended opcache settings + php_opcache_max_accelerated_files: 10000 + php_opcache_memory_consumption: 128 + php_opcache_revalidate_freq: 2 + become: yes + tags: [ web, php ] + - role: git + vars: + git_repos: + - repo: https://git.9iron.club/salt/desultd + dest: /var/www/html/desu.ltd + become: yes + tags: [ web, git ] + - role: nextcloud + vars: + nextcloud_admin_user: admin + nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}" + nextcloud_version: 19 + nextcloud_urls: + - http://nc.desu.ltd:80 + - https://nc.desu.ltd:443 + nextcloud_config: + system: + trusted_domains: + "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" + nextcloud_database: + backend: pgsql + name: nextcloud + user: nextcloud + pass: "{{ secret_nextcloud_db_pass }}" + host: 192.168.164.156 + port: 5432 + become: yes + tags: [ web, nextcloud ] + - role: gitea + vars: + # Look and feel + gitea_app_name: "Git Desu" + # Core config + gitea_db_type: postgres + gitea_db_host: 192.168.164.156:5432 + gitea_db_name: gitea + gitea_db_user: gitea + gitea_db_password: "{{ secret_gitea_db_pass }}" + gitea_http_domain: git.desu.ltd + gitea_oauth2_enabled: no + gitea_root_url: https://git.desu.ltd + gitea_shell: "/bin/bash" + gitea_ssh_domain: git.desu.ltd + gitea_ssh_port: 22 + gitea_start_ssh: no + gitea_user: git + become: yes + tags: [ web, gitea ] diff --git a/site.yml b/site.yml index 19d5063..585ca2d 100755 --- a/site.yml +++ b/site.yml @@ -10,191 +10,7 @@ - role: ansible-pull become: yes tags: [ ansible, common ] - # Home desktops -- hosts: desktop - post_tasks: - - name: confirm liblzo2 dllmap - lineinfile: - path: /etc/mono/config - insertafter: "" - line: '' - become: yes - tags: [ desktop, mono ] - - name: give python3 cap_sys_ptrace - capabilities: - path: /usr/bin/python3.8 - # Required for Randovania to access Dolphin memory - capability: cap_sys_ptrace=eip - become: yes - tags: [ desktop, python, cap ] - roles: - - role: desktop - become: yes - tags: [ desktop ] - - role: grub - become: yes - tags: [ desktop, grub ] - - role: udev - vars: - udev_rules: - # Switch RCM stuff - - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" - become: yes - tags: [ desktop, udev ] - - role: pulseaudio - become: yes - tags: [ desktop, pulse, pulseaudio ] - - role: zerotier - become: yes - tags: [ desktop, zerotier ] - # Database servers -- hosts: psql1.desu.ltd - roles: - - role: postgresql - vars: - postgresql_global_config_options: - - option: listen_addresses - value: 192.168.164.156 - postgresql_hba_entries: - - { type: local, database: all, user: postgres, auth_method: peer } - - { type: local, database: all, user: all, auth_method: peer } - - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - # Used for internal access from other nodes - - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } - postgresql_users: - - name: gitea - password: "{{ secret_gitea_db_pass }}" - - name: nextcloud - password: "{{ secret_nextcloud_db_pass }}" - postgresql_databases: - - name: gitea - owner: gitea - - name: nextcloud - owner: nextcloud - become: yes - tags: [ db, psql ] - # Webservers -- hosts: web1.desu.ltd - roles: - - role: apache - vars: - apache_remove_default_vhost: yes - apache_packages_state: latest - apache_mods_enabled: - - ssl.load - - proxy.load - - proxy_http.load - - rewrite.load - apache_vhosts: - - servername: nc.desu.ltd - extra_parameters: | - Redirect permanent / https://nc.desu.ltd - - servername: desu.ltd - extra_parameters: | - Redirect permanent / https://desu.ltd - - servername: git.desu.ltd - extra_parameters: | - Redirect permanent / https://git.desu.ltd - apache_vhosts_ssl: - - servername: nc.desu.ltd - documentroot: /var/www/html/nextcloud - certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem - certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem - certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem - - servername: desu.ltd - documentroot: /var/www/html/desu.ltd - certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem - certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem - certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem - - servername: git.desu.ltd - extra_parameters: | - ProxyPreserveHost On - ProxyRequests Off - ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 - certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem - certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem - certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem - become: yes - tags: [ web, apache ] - - role: certbot - vars: - certbot_admin_email: rehashedsalt@cock.li - certbot_create_if_missing: yes - certbot_create_method: standalone - certbot_create_standalone_stop_services: - - apache2 - certbot_certs: - - domains: - - desu.ltd - - git.desu.ltd - - nc.desu.ltd - - web1.desu.ltd - become: yes - tags: [ web, certbot ] - - role: php - vars: - php_memory_limit: 512M - php_packages_extra: - - libapache2-mod-php - - php-zip # For Nextcloud - - php-intl - - php-imagick - - php-redis - - php-bcmath - - php-gmp - - php-pgsql # For general DB stuff - # Nextcloud recommended opcache settings - php_opcache_max_accelerated_files: 10000 - php_opcache_memory_consumption: 128 - php_opcache_revalidate_freq: 2 - become: yes - tags: [ web, php ] - - role: git - vars: - git_repos: - - repo: https://git.9iron.club/salt/desultd - dest: /var/www/html/desu.ltd - become: yes - tags: [ web, git ] - - role: nextcloud - vars: - nextcloud_admin_user: admin - nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}" - nextcloud_version: 19 - nextcloud_urls: - - http://nc.desu.ltd:80 - - https://nc.desu.ltd:443 - nextcloud_config: - system: - trusted_domains: - "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" - nextcloud_database: - backend: pgsql - name: nextcloud - user: nextcloud - pass: "{{ secret_nextcloud_db_pass }}" - host: 192.168.164.156 - port: 5432 - become: yes - tags: [ web, nextcloud ] - - role: gitea - vars: - # Look and feel - gitea_app_name: "Git Desu" - # Core config - gitea_db_type: postgres - gitea_db_host: 192.168.164.156:5432 - gitea_db_name: gitea - gitea_db_user: gitea - gitea_db_password: "{{ secret_gitea_db_pass }}" - gitea_http_domain: git.desu.ltd - gitea_oauth2_enabled: no - gitea_root_url: https://git.desu.ltd - gitea_shell: "/bin/bash" - gitea_ssh_domain: git.desu.ltd - gitea_ssh_port: 22 - gitea_start_ssh: no - gitea_user: git - become: yes - tags: [ web, gitea ] + # Import specific playbooks +- import_playbook: playbooks/desktop.yml +- import_playbook: playbooks/db.yml +- import_playbook: playbooks/web.yml