Move fedi1 over, add Pleroma role

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "roles/terraria"]
 	path = roles/terraria
 	url = https://git.desu.ltd/salt/ansible-role-terraria
+[submodule "roles/pleroma"]
+	path = roles/pleroma
+	url = https://git.desu.ltd/salt/ansible-role-pleroma

inventory/group_vars/all.yml

@@ -130,6 +130,23 @@ secret_pleroma_9iron_db_pass: !vault |
           37636162313364623933396232366239633338363539626637373163333130373665373038363566
           65646633636638653335356536323334646632366164633532636634376632356166306139393766
           38633934623639366263
+secret_pleroma_key_base: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36333934336635613533333137636532363937613764353933636566663031316262333837323064
+          6534653062626461633462636335346132353564653038330a326330326235623530393337333063
+          37666666386637633839633737376465366439356461653363396665636137353264363762346461
+          3765616634653234630a623061393834373964653939626564363263383435666366356339663136
+          64613330656434653538363734393831353133316666326338366335383064356165333537383837
+          31633939353565303661626233623064653838636435376239376361663362636164653962383561
+          33366335623038653232613731333730363836653532363834663663343963303763323534343038
+          61666238346239636634
+secret_pleroma_signing_salt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31306137646362333433313630363538333234643339353530333038393061663132633161356231
+          3662386234633933633762363334333031306564353132380a633339323364633137396636616363
+          64393536353362386336323662316262333763326138616364333237353262323232636335353436
+          3563396435643363620a646337346561393863366361643536356363626334343264343861663131
+          3466
 
 # For Matrix/Synapse
 secret_matrix_9iron_db_pass: !vault |

inventory/hosts.yml

@@ -25,6 +25,9 @@ all:
           hosts:
             web1.9iron.club:
             web1.desu.ltd:
+        app:
+          hosts:
+            fedi1.9iron.club:
         game:
           hosts:
             game1.thefuck.how:

playbooks/vars/9iron-pleroma-apache.yml

@@ -0,0 +1,20 @@
+# vim:ft=ansible:
+apache_global_vhost_settings: |
+  DirectoryIndex index.php index.html
+  Protocols h2 http/1.1
+apache_vhosts:
+  - servername: cowfee.moe
+    extra_parameters: |
+      Redirect permanent / https://cowfee.moe/
+apache_vhosts_ssl:
+  - servername: cowfee.moe
+    extra_parameters: |
+      ProxyPreserveHost On
+      ProxyRequests Off
+      ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
+      ProxyPassReverse / https://127.0.0.1:4000/
+      RequestHeader set X_FORWARDED_PROTO 'https'
+      RequestHeader set X-Forwarded-Ssl on
+    certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
+    certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
+    certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem

playbooks/vars/9iron-pleroma-certbot.yml

@@ -0,0 +1,10 @@
+# vim:ft=ansible:
+certbot_admin_email: rehashedsalt@cock.li
+certbot_create_if_missing: yes
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+  - apache2
+certbot_certs:
+  - domains:
+    - cowfee.moe
+    - matrix.9iron.club

playbooks/vars/9iron-pleroma.yml

@@ -0,0 +1,16 @@
+# vim:ft=ansible:
+# Site config
+pleroma_hostname: cowfee.moe
+pleroma_open_registration: "true"
+pleroma_instance_name: Cowfee
+pleroma_instance_desc: owo
+
+# Secret config
+pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
+pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
+
+# DB config
+pleroma_db_host: 172.31.47.215
+pleroma_db_name: pleroma
+pleroma_db_user: pleroma
+pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"

playbooks/web.yml

@@ -113,7 +113,33 @@
       tags: [ web, apache ]
     - role: gitea
       tags: [ web, gitea ]
+- hosts: fedi1.9iron.club
+  vars_files:
+    - vars/apache.yml
+    - vars/9iron-pleroma.yml
+    - vars/9iron-pleroma-apache.yml
+    - vars/9iron-pleroma-certbot.yml
+  roles:
+    - role: backup
+      vars:
+        backup_s3backup_list_extra:
+          - /opt/pleroma
+          - /var/lib/pleroma
+      tags: [ backup ]
+    - role: motd
+      vars:
+        motd_watch_services_extra:
+          - apache2
+          - pleroma
+      tags: [ motd ]
+    - role: certbot
+      tags: [ web, certbot ]
+    - role: apache
+      tags: [ web, apache ]
 - hosts: game1.thefuck.how
+  vars_files:
+    - vars/apache.yml
+    - vars/php-fpm.yml
   roles:
     - role: certbot
       vars:
@@ -128,39 +154,9 @@
               - game1.thefuck.how
       tags: [ web, certbot ]
     - role: php
-      vars:
-        php_enable_php_fpm: yes
-        php_memory_limit: 512M
-        php_packages_extra:
-          - libapache2-mod-php
-          - php-intl
-          - php-imagick
-          - php-redis
-          - php-bcmath
-          - php-gmp
       tags: [ web, php ]
     - role: apache
       vars:
-        apache_remove_default_vhost: yes
-        apache_packages_state: latest
-        apache_mods_enabled:
-          - headers.load
-          - http2.load
-          - mpm_worker.load
-          - proxy.load
-          - proxy_fcgi.load
-          - proxy_http.load
-          - rewrite.load
-          - ssl.load
-        apache_mods_disabled:
-          - mpm_prefork.load
-          - php7.4.load
-        apache_global_vhost_settings: |
-          DirectoryIndex index.php index.html
-          Protocols h2 http/1.1
-          <FilesMatch \.php$>
-            SetHandler "proxy:fcgi://127.0.0.1:9000"
-          </FilesMatch>
         apache_vhosts:
           - servername: thefuck.how
             extra_parameters: |

roles/pleroma

@@ -0,0 +1 @@
+Subproject commit 628f5611e47befa5903c37331beb06089253014a