diff --git a/.gitmodules b/.gitmodules index 85d151c..c209ef5 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "roles/terraria"] path = roles/terraria url = https://git.desu.ltd/salt/ansible-role-terraria +[submodule "roles/pleroma"] + path = roles/pleroma + url = https://git.desu.ltd/salt/ansible-role-pleroma diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index d5fbbd7..abbb17f 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -130,6 +130,23 @@ secret_pleroma_9iron_db_pass: !vault | 37636162313364623933396232366239633338363539626637373163333130373665373038363566 65646633636638653335356536323334646632366164633532636634376632356166306139393766 38633934623639366263 +secret_pleroma_key_base: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36333934336635613533333137636532363937613764353933636566663031316262333837323064 + 6534653062626461633462636335346132353564653038330a326330326235623530393337333063 + 37666666386637633839633737376465366439356461653363396665636137353264363762346461 + 3765616634653234630a623061393834373964653939626564363263383435666366356339663136 + 64613330656434653538363734393831353133316666326338366335383064356165333537383837 + 31633939353565303661626233623064653838636435376239376361663362636164653962383561 + 33366335623038653232613731333730363836653532363834663663343963303763323534343038 + 61666238346239636634 +secret_pleroma_signing_salt: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31306137646362333433313630363538333234643339353530333038393061663132633161356231 + 3662386234633933633762363334333031306564353132380a633339323364633137396636616363 + 64393536353362386336323662316262333763326138616364333237353262323232636335353436 + 3563396435643363620a646337346561393863366361643536356363626334343264343861663131 + 3466 # For Matrix/Synapse secret_matrix_9iron_db_pass: !vault | diff --git a/inventory/hosts.yml b/inventory/hosts.yml index d19599d..9a0e095 100644 --- a/inventory/hosts.yml +++ b/inventory/hosts.yml @@ -25,6 +25,9 @@ all: hosts: web1.9iron.club: web1.desu.ltd: + app: + hosts: + fedi1.9iron.club: game: hosts: game1.thefuck.how: diff --git a/playbooks/vars/9iron-pleroma-apache.yml b/playbooks/vars/9iron-pleroma-apache.yml new file mode 100644 index 0000000..b951ab5 --- /dev/null +++ b/playbooks/vars/9iron-pleroma-apache.yml @@ -0,0 +1,20 @@ +# vim:ft=ansible: +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + Protocols h2 http/1.1 +apache_vhosts: + - servername: cowfee.moe + extra_parameters: | + Redirect permanent / https://cowfee.moe/ +apache_vhosts_ssl: + - servername: cowfee.moe + extra_parameters: | + ProxyPreserveHost On + ProxyRequests Off + ProxyPass / http://127.0.0.1:4000/ nocanon retry=1 + ProxyPassReverse / https://127.0.0.1:4000/ + RequestHeader set X_FORWARDED_PROTO 'https' + RequestHeader set X-Forwarded-Ssl on + certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem + certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem + certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem diff --git a/playbooks/vars/9iron-pleroma-certbot.yml b/playbooks/vars/9iron-pleroma-certbot.yml new file mode 100644 index 0000000..efbebcb --- /dev/null +++ b/playbooks/vars/9iron-pleroma-certbot.yml @@ -0,0 +1,10 @@ +# vim:ft=ansible: +certbot_admin_email: rehashedsalt@cock.li +certbot_create_if_missing: yes +certbot_create_method: standalone +certbot_create_standalone_stop_services: + - apache2 +certbot_certs: + - domains: + - cowfee.moe + - matrix.9iron.club diff --git a/playbooks/vars/9iron-pleroma.yml b/playbooks/vars/9iron-pleroma.yml new file mode 100644 index 0000000..7082212 --- /dev/null +++ b/playbooks/vars/9iron-pleroma.yml @@ -0,0 +1,16 @@ +# vim:ft=ansible: +# Site config +pleroma_hostname: cowfee.moe +pleroma_open_registration: "true" +pleroma_instance_name: Cowfee +pleroma_instance_desc: owo + +# Secret config +pleroma_secret_key_base: "{{ secret_pleroma_key_base }}" +pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}" + +# DB config +pleroma_db_host: 172.31.47.215 +pleroma_db_name: pleroma +pleroma_db_user: pleroma +pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}" diff --git a/playbooks/web.yml b/playbooks/web.yml index 415e3c9..4a8f4a4 100755 --- a/playbooks/web.yml +++ b/playbooks/web.yml @@ -113,7 +113,33 @@ tags: [ web, apache ] - role: gitea tags: [ web, gitea ] +- hosts: fedi1.9iron.club + vars_files: + - vars/apache.yml + - vars/9iron-pleroma.yml + - vars/9iron-pleroma-apache.yml + - vars/9iron-pleroma-certbot.yml + roles: + - role: backup + vars: + backup_s3backup_list_extra: + - /opt/pleroma + - /var/lib/pleroma + tags: [ backup ] + - role: motd + vars: + motd_watch_services_extra: + - apache2 + - pleroma + tags: [ motd ] + - role: certbot + tags: [ web, certbot ] + - role: apache + tags: [ web, apache ] - hosts: game1.thefuck.how + vars_files: + - vars/apache.yml + - vars/php-fpm.yml roles: - role: certbot vars: @@ -128,39 +154,9 @@ - game1.thefuck.how tags: [ web, certbot ] - role: php - vars: - php_enable_php_fpm: yes - php_memory_limit: 512M - php_packages_extra: - - libapache2-mod-php - - php-intl - - php-imagick - - php-redis - - php-bcmath - - php-gmp tags: [ web, php ] - role: apache vars: - apache_remove_default_vhost: yes - apache_packages_state: latest - apache_mods_enabled: - - headers.load - - http2.load - - mpm_worker.load - - proxy.load - - proxy_fcgi.load - - proxy_http.load - - rewrite.load - - ssl.load - apache_mods_disabled: - - mpm_prefork.load - - php7.4.load - apache_global_vhost_settings: | - DirectoryIndex index.php index.html - Protocols h2 http/1.1 - - SetHandler "proxy:fcgi://127.0.0.1:9000" - apache_vhosts: - servername: thefuck.how extra_parameters: | diff --git a/roles/pleroma b/roles/pleroma new file mode 160000 index 0000000..628f561 --- /dev/null +++ b/roles/pleroma @@ -0,0 +1 @@ +Subproject commit 628f5611e47befa5903c37331beb06089253014a