salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More variable refactoring

Browse Source
This commit is contained in:
Salt 2020-08-02 19:36:46 -05:00
parent 12fb975a2a
commit 8990cc4494
17 changed files with 84 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
inventory/group_vars/9iron.club.yml
View File

@ -3,50 +3,54 @@
## BACKEND
# ACME
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
acme_version: 2
acme_webroot: "/var/www/acme"
# AWS Backups
aws_backup_bucket: "9iron-backups-general"
# AWS SES
aws_ses_user: !vault |
$ANSIBLE_VAULT;1.1;AES256
33643766376336316266373239386466373639633765333332353031373132383061346564633036
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
38353531306238613735623433663138643231663139363735373537393337636362636534656166
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
38316564326537303236333266303432326164393435663665363963326363306237
aws_ses_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
39306665653635383832623438656364616633643032663365643033316236333939363732363034
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
31653763346663656165343632336366343562333836396232636431323635333965336137316237
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
65663937643165613337373837633737653765303764303536386530616363343361326536633935
3565626161343562396663353538653136376138373334336435
acme:
#directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
directory: "https://acme-v02.api.letsencrypt.org/directory"
version: 2
webroot: /var/www/acme
aws:
# S3 Backups
backup_bucket: "9iron-backups-general"
# SES
ses:
user: !vault |
$ANSIBLE_VAULT;1.1;AES256
33643766376336316266373239386466373639633765333332353031373132383061346564633036
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
38353531306238613735623433663138643231663139363735373537393337636362636534656166
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
38316564326537303236333266303432326164393435663665363963326363306237
pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
39306665653635383832623438656364616633643032663365643033316236333939363732363034
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
31653763346663656165343632336366343562333836396232636431323635333965336137316237
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
65663937643165613337373837633737653765303764303536386530616363343361326536633935
3565626161343562396663353538653136376138373334336435
# MySQL
mysql_root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62316565376333396465333931356163343363663063636233653536373033396230626639613964
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
65323365313465316635646465376665616132653832316362363535366563363863636530313666
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
39636637643035616236663364663562366133613233313139623937313531343564
mysql:
root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62316565376333396465333931356163343363663063636233653536373033396230626639613964
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
65323365313465316635646465376665616132653832316362363535366563363863636530313666
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
39636637643035616236663364663562366133613233313139623937313531343564
# PSQL
psql_ansible_user: ansible
psql_ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383235373131383466383438653235666365386631356463633265623332643337633830663930
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
63626263373063343036373266326235363839316662363031356264363365633161326264643766
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
61356331646133653363353931306630373963316430626266346630646362666237
psql_neighbor_address: "172.31.0.0/16"
psql:
ansible:
user: ansible
pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
30383235373131383466383438653235666365386631356463633265623332643337633830663930
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
63626263373063343036373266326235363839316662363031356264363365633161326264643766
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
61356331646133653363353931306630373963316430626266346630646362666237
neighbor_block: "172.31.0.0/16"
## WEBAPPS
# Dokuwiki
dokuwiki_url: "wiki.9iron.club"
# Gitea
gitea_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256

2
roles/backups/templates/backup.sh
View File

@ -53,7 +53,7 @@ for file in "$MODULESDIR"/*; do
}
done
# If we have a fancy schmancy bucket, use it
s3bucket="{{ aws_backup_bucket }}"
s3bucket="{{ aws.backup_bucket }}"
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
log "Moving files to S3 bucket $s3bucket"
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \

2
roles/desktop/templates/backup.sh
View File

@ -34,7 +34,7 @@ if (( currentbackupcount >= retention )); then
fi
fi
# WE MAKE BACKUP NOW SERGEI
s3bucket="{{ aws_backup_bucket }}"
s3bucket="{{ aws.backup_bucket }}"
for dir in /home/*; do
username="$(basename -- "$dir")"
forcefile="$dir/.backup/force"

4
roles/gitea/tasks/main.yml
View File

@ -9,7 +9,7 @@
mysql_db:
name: gitea
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
state: present
notify: gitea add default user
- name: Create user
@ -19,7 +19,7 @@
password: "{{ gitea_mysql_password }}"
priv: "gitea.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
- name: Set up Apache
block:
- name: Enable modules

4
roles/grafana/tasks/main.yml
View File

@ -9,7 +9,7 @@
mysql_db:
name: grafana
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
state: present
- name: Create user
mysql_user:
@ -18,7 +18,7 @@
password: "{{ grafana_mysql_password }}"
priv: "grafana.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
- name: Set up Apache
block:
- name: Enable modules

8
roles/matrix/tasks/main.yml
View File

@ -27,8 +27,8 @@
name: matrix
password: "{{ matrix_db_password }}"
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql_ansible_user }}"
login_password: "{{ psql_ansible_password }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create DB
postgresql_db:
name: matrix
@ -36,8 +36,8 @@
lc_collate: C
lc_ctype: C
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql_ansible_user }}"
login_password: "{{ psql_ansible_password }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
when: matrix_db_hostname is defined
- name: Set up Apache
block:

4
roles/matrix/templates/homeserver.yaml
View File

@ -121,8 +121,8 @@ trusted_key_servers:
email:
smtp_host: email-smtp.us-east-1.amazonaws.com
smtp_port: 587
smtp_user: "{{ aws_ses_user }}"
smtp_pass: "{{ aws_ses_pass }}"
smtp_user: "{{ aws.ses.user }}"
smtp_pass: "{{ aws.ses.pass }}"
require_transport_security: true
notif_from: "%(app)s <noreply@9iron.club>"
app_name: "9iron Matrix"

4
roles/matrix/templates/homeserver.yaml.orig
View File

@ -1707,8 +1707,8 @@ password_config:
email:
smtp_host: email-smtp.us-east-1.amazonaws.com
smtp_port: 587
smtp_user: "{{ aws_ses_user }}"
smtp_pass: "{{ aws_ses_pass }}"
smtp_user: "{{ aws.ses.user }}"
smtp_pass: "{{ aws.ses.pass }}"
require_transport_security: true
# notif_from defines the "From" address to use when sending emails.

6
roles/minecraft/templates/recover.sh
View File

@ -14,7 +14,7 @@ export MINECRAFT_DIR="/var/minecraft/{{ mcname }}"
cd "$MINECRAFT_DIR" || exit 50
# Make sure we have a backup
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
echo "No backups available"
exit 0
fi
@ -30,9 +30,9 @@ if [ -d "world" ]; then
fi
# Get our latest good backup
backup="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
backup="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
echo "Restoring backup: $backup"
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ mcname }}/$backup" world.tgz
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ mcname }}/$backup" world.tgz
# Decompress it
tar xzf world.tgz
# Find the world

4
roles/mysql/tasks/main.yml
View File

@ -17,9 +17,9 @@
mysql_user:
name: root
host: localhost
password: "{{ mysql_root_password }}"
password: "{{ mysql.root_password }}"
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
check_implicit_admin: yes
priv: "*.*:ALL,GRANT"
become: yes

4
roles/nextcloud/tasks/main.yml
View File

@ -15,7 +15,7 @@
mysql_db:
name: nextcloud
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
state: present
- name: Create Nextcloud user
mysql_user:
@ -24,7 +24,7 @@
password: "{{ nextcloud_mysql_password }}"
priv: "nextcloud.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql_root_password }}"
login_password: "{{ mysql.root_password }}"
- name: Set up Apache
block:
- name: Create webroot

12
roles/pleroma/tasks/main.yml
View File

@ -30,22 +30,22 @@
name: pleroma
password: "{{ pleroma_db_password }}"
login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}"
login_password: "{{ psql_ansible_password }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create DB
postgresql_db:
name: pleroma
owner: pleroma
login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}"
login_password: "{{ psql_ansible_password }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create extensions
postgresql_ext:
db: pleroma
name: "{{ item }}"
login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}"
login_password: "{{ psql_ansible_password }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
loop:
- citext
- pg_trgm

4
roles/pleroma/templates/config.exs
View File

@ -39,8 +39,8 @@ config :pleroma, Pleroma.Emails.Mailer,
enabled: true,
adapter: Swoosh.Adapters.SMTP,
relay: "email-smtp.us-east-1.amazonaws.com",
username: "{{ aws_ses_user }}",
password: "{{ aws_ses_pass }}",
username: "{{ aws.ses.user }}",
password: "{{ aws.ses.pass }}",
ssl: true,
auth: :always

10
roles/pleroma/templates/recover.sh
View File

@ -14,7 +14,7 @@ export PLEROMA_DIR="/opt/pleroma"
cd "$PLEROMA_DIR" || exit 50
# Make sure we have a backup
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
echo "No backups available"
exit 0
fi
@ -30,13 +30,13 @@ if [ -d /var/lib/pleroma/uploads ]; then
fi
# Get our latest good uploads backup
backup_up="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
backup_up="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
# And our latest good DB backup
backup_db="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
backup_db="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
echo "Restoring backup: $backup_up $backup_db"
# Get our backups
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
# Decompress
tar xzf uploads.tgz
gunzip db.pgdump.gz

2
roles/postfix-ses/templates/sasl_passwd
View File

@ -1 +1 @@
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws_ses_user }}:{{ aws_ses_pass }}
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws.ses.user }}:{{ aws.ses.pass }}

8
roles/postgresql/tasks/main.yml
View File

@ -27,13 +27,13 @@
block:
- name: Create DB user
postgresql_user:
name: "{{ psql_ansible_user }}"
password: "{{ psql_ansible_password }}"
name: "{{ psql.ansible.user }}"
password: "{{ psql.ansible.pass }}"
role_attr_flags: SUPERUSER
- name: Create maintenance DB
postgresql_db:
name: "{{ psql_ansible_user }}"
owner: "{{ psql_ansible_user }}"
name: "{{ psql.ansible.user }}"
owner: "{{ psql.ansible.user }}"
become: yes
become_user: postgres
- name: Template out backup module

2
roles/postgresql/templates/pg_hba.conf
View File

@ -91,7 +91,7 @@ local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv4 neighbor connections:
host all all {{ psql_neighbor_address }} md5
host all all {{ psql.neighbor_block }} md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the