More variable refactoring
This commit is contained in:
parent
12fb975a2a
commit
8990cc4494
@ -3,50 +3,54 @@
|
||||
|
||||
## BACKEND
|
||||
# ACME
|
||||
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
||||
acme_version: 2
|
||||
acme_webroot: "/var/www/acme"
|
||||
# AWS Backups
|
||||
aws_backup_bucket: "9iron-backups-general"
|
||||
# AWS SES
|
||||
aws_ses_user: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
||||
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
||||
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
||||
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
||||
38316564326537303236333266303432326164393435663665363963326363306237
|
||||
aws_ses_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
||||
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
||||
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
||||
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
||||
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
||||
3565626161343562396663353538653136376138373334336435
|
||||
acme:
|
||||
#directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
||||
directory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
version: 2
|
||||
webroot: /var/www/acme
|
||||
aws:
|
||||
# S3 Backups
|
||||
backup_bucket: "9iron-backups-general"
|
||||
# SES
|
||||
ses:
|
||||
user: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
||||
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
||||
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
||||
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
||||
38316564326537303236333266303432326164393435663665363963326363306237
|
||||
pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
||||
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
||||
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
||||
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
||||
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
||||
3565626161343562396663353538653136376138373334336435
|
||||
# MySQL
|
||||
mysql_root_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62316565376333396465333931356163343363663063636233653536373033396230626639613964
|
||||
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
|
||||
65323365313465316635646465376665616132653832316362363535366563363863636530313666
|
||||
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
|
||||
39636637643035616236663364663562366133613233313139623937313531343564
|
||||
mysql:
|
||||
root_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62316565376333396465333931356163343363663063636233653536373033396230626639613964
|
||||
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
|
||||
65323365313465316635646465376665616132653832316362363535366563363863636530313666
|
||||
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
|
||||
39636637643035616236663364663562366133613233313139623937313531343564
|
||||
# PSQL
|
||||
psql_ansible_user: ansible
|
||||
psql_ansible_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30383235373131383466383438653235666365386631356463633265623332643337633830663930
|
||||
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
|
||||
63626263373063343036373266326235363839316662363031356264363365633161326264643766
|
||||
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
|
||||
61356331646133653363353931306630373963316430626266346630646362666237
|
||||
psql_neighbor_address: "172.31.0.0/16"
|
||||
psql:
|
||||
ansible:
|
||||
user: ansible
|
||||
pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30383235373131383466383438653235666365386631356463633265623332643337633830663930
|
||||
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
|
||||
63626263373063343036373266326235363839316662363031356264363365633161326264643766
|
||||
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
|
||||
61356331646133653363353931306630373963316430626266346630646362666237
|
||||
neighbor_block: "172.31.0.0/16"
|
||||
|
||||
## WEBAPPS
|
||||
# Dokuwiki
|
||||
dokuwiki_url: "wiki.9iron.club"
|
||||
# Gitea
|
||||
gitea_mysql_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
|
@ -53,7 +53,7 @@ for file in "$MODULESDIR"/*; do
|
||||
}
|
||||
done
|
||||
# If we have a fancy schmancy bucket, use it
|
||||
s3bucket="{{ aws_backup_bucket }}"
|
||||
s3bucket="{{ aws.backup_bucket }}"
|
||||
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
|
||||
log "Moving files to S3 bucket $s3bucket"
|
||||
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \
|
||||
|
@ -34,7 +34,7 @@ if (( currentbackupcount >= retention )); then
|
||||
fi
|
||||
fi
|
||||
# WE MAKE BACKUP NOW SERGEI
|
||||
s3bucket="{{ aws_backup_bucket }}"
|
||||
s3bucket="{{ aws.backup_bucket }}"
|
||||
for dir in /home/*; do
|
||||
username="$(basename -- "$dir")"
|
||||
forcefile="$dir/.backup/force"
|
||||
|
@ -9,7 +9,7 @@
|
||||
mysql_db:
|
||||
name: gitea
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
state: present
|
||||
notify: gitea add default user
|
||||
- name: Create user
|
||||
@ -19,7 +19,7 @@
|
||||
password: "{{ gitea_mysql_password }}"
|
||||
priv: "gitea.*:ALL,GRANT"
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Enable modules
|
||||
|
@ -9,7 +9,7 @@
|
||||
mysql_db:
|
||||
name: grafana
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
state: present
|
||||
- name: Create user
|
||||
mysql_user:
|
||||
@ -18,7 +18,7 @@
|
||||
password: "{{ grafana_mysql_password }}"
|
||||
priv: "grafana.*:ALL,GRANT"
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Enable modules
|
||||
|
@ -27,8 +27,8 @@
|
||||
name: matrix
|
||||
password: "{{ matrix_db_password }}"
|
||||
login_host: "{{ matrix_db_hostname }}"
|
||||
login_user: "{{ psql_ansible_user }}"
|
||||
login_password: "{{ psql_ansible_password }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
- name: Create DB
|
||||
postgresql_db:
|
||||
name: matrix
|
||||
@ -36,8 +36,8 @@
|
||||
lc_collate: C
|
||||
lc_ctype: C
|
||||
login_host: "{{ matrix_db_hostname }}"
|
||||
login_user: "{{ psql_ansible_user }}"
|
||||
login_password: "{{ psql_ansible_password }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
when: matrix_db_hostname is defined
|
||||
- name: Set up Apache
|
||||
block:
|
||||
|
@ -121,8 +121,8 @@ trusted_key_servers:
|
||||
email:
|
||||
smtp_host: email-smtp.us-east-1.amazonaws.com
|
||||
smtp_port: 587
|
||||
smtp_user: "{{ aws_ses_user }}"
|
||||
smtp_pass: "{{ aws_ses_pass }}"
|
||||
smtp_user: "{{ aws.ses.user }}"
|
||||
smtp_pass: "{{ aws.ses.pass }}"
|
||||
require_transport_security: true
|
||||
notif_from: "%(app)s <noreply@9iron.club>"
|
||||
app_name: "9iron Matrix"
|
||||
|
@ -1707,8 +1707,8 @@ password_config:
|
||||
email:
|
||||
smtp_host: email-smtp.us-east-1.amazonaws.com
|
||||
smtp_port: 587
|
||||
smtp_user: "{{ aws_ses_user }}"
|
||||
smtp_pass: "{{ aws_ses_pass }}"
|
||||
smtp_user: "{{ aws.ses.user }}"
|
||||
smtp_pass: "{{ aws.ses.pass }}"
|
||||
require_transport_security: true
|
||||
|
||||
# notif_from defines the "From" address to use when sending emails.
|
||||
|
@ -14,7 +14,7 @@ export MINECRAFT_DIR="/var/minecraft/{{ mcname }}"
|
||||
cd "$MINECRAFT_DIR" || exit 50
|
||||
|
||||
# Make sure we have a backup
|
||||
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
|
||||
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
|
||||
echo "No backups available"
|
||||
exit 0
|
||||
fi
|
||||
@ -30,9 +30,9 @@ if [ -d "world" ]; then
|
||||
fi
|
||||
|
||||
# Get our latest good backup
|
||||
backup="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
|
||||
backup="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
|
||||
echo "Restoring backup: $backup"
|
||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ mcname }}/$backup" world.tgz
|
||||
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ mcname }}/$backup" world.tgz
|
||||
# Decompress it
|
||||
tar xzf world.tgz
|
||||
# Find the world
|
||||
|
@ -17,9 +17,9 @@
|
||||
mysql_user:
|
||||
name: root
|
||||
host: localhost
|
||||
password: "{{ mysql_root_password }}"
|
||||
password: "{{ mysql.root_password }}"
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
check_implicit_admin: yes
|
||||
priv: "*.*:ALL,GRANT"
|
||||
become: yes
|
||||
|
@ -15,7 +15,7 @@
|
||||
mysql_db:
|
||||
name: nextcloud
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
state: present
|
||||
- name: Create Nextcloud user
|
||||
mysql_user:
|
||||
@ -24,7 +24,7 @@
|
||||
password: "{{ nextcloud_mysql_password }}"
|
||||
priv: "nextcloud.*:ALL,GRANT"
|
||||
login_user: root
|
||||
login_password: "{{ mysql_root_password }}"
|
||||
login_password: "{{ mysql.root_password }}"
|
||||
- name: Set up Apache
|
||||
block:
|
||||
- name: Create webroot
|
||||
|
@ -30,22 +30,22 @@
|
||||
name: pleroma
|
||||
password: "{{ pleroma_db_password }}"
|
||||
login_host: "{{ pleroma_db_hostname }}"
|
||||
login_user: "{{ psql_ansible_user }}"
|
||||
login_password: "{{ psql_ansible_password }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
- name: Create DB
|
||||
postgresql_db:
|
||||
name: pleroma
|
||||
owner: pleroma
|
||||
login_host: "{{ pleroma_db_hostname }}"
|
||||
login_user: "{{ psql_ansible_user }}"
|
||||
login_password: "{{ psql_ansible_password }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
- name: Create extensions
|
||||
postgresql_ext:
|
||||
db: pleroma
|
||||
name: "{{ item }}"
|
||||
login_host: "{{ pleroma_db_hostname }}"
|
||||
login_user: "{{ psql_ansible_user }}"
|
||||
login_password: "{{ psql_ansible_password }}"
|
||||
login_user: "{{ psql.ansible.user }}"
|
||||
login_password: "{{ psql.ansible.pass }}"
|
||||
loop:
|
||||
- citext
|
||||
- pg_trgm
|
||||
|
@ -39,8 +39,8 @@ config :pleroma, Pleroma.Emails.Mailer,
|
||||
enabled: true,
|
||||
adapter: Swoosh.Adapters.SMTP,
|
||||
relay: "email-smtp.us-east-1.amazonaws.com",
|
||||
username: "{{ aws_ses_user }}",
|
||||
password: "{{ aws_ses_pass }}",
|
||||
username: "{{ aws.ses.user }}",
|
||||
password: "{{ aws.ses.pass }}",
|
||||
ssl: true,
|
||||
auth: :always
|
||||
|
||||
|
@ -14,7 +14,7 @@ export PLEROMA_DIR="/opt/pleroma"
|
||||
cd "$PLEROMA_DIR" || exit 50
|
||||
|
||||
# Make sure we have a backup
|
||||
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
|
||||
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
|
||||
echo "No backups available"
|
||||
exit 0
|
||||
fi
|
||||
@ -30,13 +30,13 @@ if [ -d /var/lib/pleroma/uploads ]; then
|
||||
fi
|
||||
|
||||
# Get our latest good uploads backup
|
||||
backup_up="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
|
||||
backup_up="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
|
||||
# And our latest good DB backup
|
||||
backup_db="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
|
||||
backup_db="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
|
||||
echo "Restoring backup: $backup_up $backup_db"
|
||||
# Get our backups
|
||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
|
||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
|
||||
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
|
||||
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
|
||||
# Decompress
|
||||
tar xzf uploads.tgz
|
||||
gunzip db.pgdump.gz
|
||||
|
@ -1 +1 @@
|
||||
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws_ses_user }}:{{ aws_ses_pass }}
|
||||
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws.ses.user }}:{{ aws.ses.pass }}
|
||||
|
@ -27,13 +27,13 @@
|
||||
block:
|
||||
- name: Create DB user
|
||||
postgresql_user:
|
||||
name: "{{ psql_ansible_user }}"
|
||||
password: "{{ psql_ansible_password }}"
|
||||
name: "{{ psql.ansible.user }}"
|
||||
password: "{{ psql.ansible.pass }}"
|
||||
role_attr_flags: SUPERUSER
|
||||
- name: Create maintenance DB
|
||||
postgresql_db:
|
||||
name: "{{ psql_ansible_user }}"
|
||||
owner: "{{ psql_ansible_user }}"
|
||||
name: "{{ psql.ansible.user }}"
|
||||
owner: "{{ psql.ansible.user }}"
|
||||
become: yes
|
||||
become_user: postgres
|
||||
- name: Template out backup module
|
||||
|
@ -91,7 +91,7 @@ local all all peer
|
||||
# IPv4 local connections:
|
||||
host all all 127.0.0.1/32 md5
|
||||
# IPv4 neighbor connections:
|
||||
host all all {{ psql_neighbor_address }} md5
|
||||
host all all {{ psql.neighbor_block }} md5
|
||||
# IPv6 local connections:
|
||||
host all all ::1/128 md5
|
||||
# Allow replication connections from localhost, by a user with the
|
||||
|
Loading…
Reference in New Issue
Block a user