Move fedi1 over, add Pleroma role

This commit is contained in:
Salt 2021-01-25 22:19:31 -06:00
parent 23fac2d48e
commit 6ead681d5c
8 changed files with 96 additions and 30 deletions

3
.gitmodules vendored
View File

@ -4,3 +4,6 @@
[submodule "roles/terraria"] [submodule "roles/terraria"]
path = roles/terraria path = roles/terraria
url = https://git.desu.ltd/salt/ansible-role-terraria url = https://git.desu.ltd/salt/ansible-role-terraria
[submodule "roles/pleroma"]
path = roles/pleroma
url = https://git.desu.ltd/salt/ansible-role-pleroma

View File

@ -130,6 +130,23 @@ secret_pleroma_9iron_db_pass: !vault |
37636162313364623933396232366239633338363539626637373163333130373665373038363566 37636162313364623933396232366239633338363539626637373163333130373665373038363566
65646633636638653335356536323334646632366164633532636634376632356166306139393766 65646633636638653335356536323334646632366164633532636634376632356166306139393766
38633934623639366263 38633934623639366263
secret_pleroma_key_base: !vault |
$ANSIBLE_VAULT;1.1;AES256
36333934336635613533333137636532363937613764353933636566663031316262333837323064
6534653062626461633462636335346132353564653038330a326330326235623530393337333063
37666666386637633839633737376465366439356461653363396665636137353264363762346461
3765616634653234630a623061393834373964653939626564363263383435666366356339663136
64613330656434653538363734393831353133316666326338366335383064356165333537383837
31633939353565303661626233623064653838636435376239376361663362636164653962383561
33366335623038653232613731333730363836653532363834663663343963303763323534343038
61666238346239636634
secret_pleroma_signing_salt: !vault |
$ANSIBLE_VAULT;1.1;AES256
31306137646362333433313630363538333234643339353530333038393061663132633161356231
3662386234633933633762363334333031306564353132380a633339323364633137396636616363
64393536353362386336323662316262333763326138616364333237353262323232636335353436
3563396435643363620a646337346561393863366361643536356363626334343264343861663131
3466
# For Matrix/Synapse # For Matrix/Synapse
secret_matrix_9iron_db_pass: !vault | secret_matrix_9iron_db_pass: !vault |

View File

@ -25,6 +25,9 @@ all:
hosts: hosts:
web1.9iron.club: web1.9iron.club:
web1.desu.ltd: web1.desu.ltd:
app:
hosts:
fedi1.9iron.club:
game: game:
hosts: hosts:
game1.thefuck.how: game1.thefuck.how:

View File

@ -0,0 +1,20 @@
# vim:ft=ansible:
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
Protocols h2 http/1.1
apache_vhosts:
- servername: cowfee.moe
extra_parameters: |
Redirect permanent / https://cowfee.moe/
apache_vhosts_ssl:
- servername: cowfee.moe
extra_parameters: |
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:4000/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem

View File

@ -0,0 +1,10 @@
# vim:ft=ansible:
certbot_admin_email: rehashedsalt@cock.li
certbot_create_if_missing: yes
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- apache2
certbot_certs:
- domains:
- cowfee.moe
- matrix.9iron.club

View File

@ -0,0 +1,16 @@
# vim:ft=ansible:
# Site config
pleroma_hostname: cowfee.moe
pleroma_open_registration: "true"
pleroma_instance_name: Cowfee
pleroma_instance_desc: owo
# Secret config
pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
# DB config
pleroma_db_host: 172.31.47.215
pleroma_db_name: pleroma
pleroma_db_user: pleroma
pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"

View File

@ -113,7 +113,33 @@
tags: [ web, apache ] tags: [ web, apache ]
- role: gitea - role: gitea
tags: [ web, gitea ] tags: [ web, gitea ]
- hosts: fedi1.9iron.club
vars_files:
- vars/apache.yml
- vars/9iron-pleroma.yml
- vars/9iron-pleroma-apache.yml
- vars/9iron-pleroma-certbot.yml
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /opt/pleroma
- /var/lib/pleroma
tags: [ backup ]
- role: motd
vars:
motd_watch_services_extra:
- apache2
- pleroma
tags: [ motd ]
- role: certbot
tags: [ web, certbot ]
- role: apache
tags: [ web, apache ]
- hosts: game1.thefuck.how - hosts: game1.thefuck.how
vars_files:
- vars/apache.yml
- vars/php-fpm.yml
roles: roles:
- role: certbot - role: certbot
vars: vars:
@ -128,39 +154,9 @@
- game1.thefuck.how - game1.thefuck.how
tags: [ web, certbot ] tags: [ web, certbot ]
- role: php - role: php
vars:
php_enable_php_fpm: yes
php_memory_limit: 512M
php_packages_extra:
- libapache2-mod-php
- php-intl
- php-imagick
- php-redis
- php-bcmath
- php-gmp
tags: [ web, php ] tags: [ web, php ]
- role: apache - role: apache
vars: vars:
apache_remove_default_vhost: yes
apache_packages_state: latest
apache_mods_enabled:
- headers.load
- http2.load
- mpm_worker.load
- proxy.load
- proxy_fcgi.load
- proxy_http.load
- rewrite.load
- ssl.load
apache_mods_disabled:
- mpm_prefork.load
- php7.4.load
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
Protocols h2 http/1.1
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
apache_vhosts: apache_vhosts:
- servername: thefuck.how - servername: thefuck.how
extra_parameters: | extra_parameters: |

1
roles/pleroma Submodule

@ -0,0 +1 @@
Subproject commit 628f5611e47befa5903c37331beb06089253014a