More variable refactoring

This commit is contained in:
Salt 2020-08-02 19:36:46 -05:00
parent 12fb975a2a
commit 8990cc4494
17 changed files with 84 additions and 80 deletions

View File

@ -3,50 +3,54 @@
## BACKEND ## BACKEND
# ACME # ACME
acme_directory: "https://acme-v02.api.letsencrypt.org/directory" acme:
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint #directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
acme_version: 2 directory: "https://acme-v02.api.letsencrypt.org/directory"
acme_webroot: "/var/www/acme" version: 2
# AWS Backups webroot: /var/www/acme
aws_backup_bucket: "9iron-backups-general" aws:
# AWS SES # S3 Backups
aws_ses_user: !vault | backup_bucket: "9iron-backups-general"
$ANSIBLE_VAULT;1.1;AES256 # SES
33643766376336316266373239386466373639633765333332353031373132383061346564633036 ses:
3337396261333264363562363364336235633831353133380a613164666161313265396261616634 user: !vault |
38353531306238613735623433663138643231663139363735373537393337636362636534656166 $ANSIBLE_VAULT;1.1;AES256
3063373930343039320a663063663535633932323739653461336164643035633036663362666161 33643766376336316266373239386466373639633765333332353031373132383061346564633036
38316564326537303236333266303432326164393435663665363963326363306237 3337396261333264363562363364336235633831353133380a613164666161313265396261616634
aws_ses_pass: !vault | 38353531306238613735623433663138643231663139363735373537393337636362636534656166
$ANSIBLE_VAULT;1.1;AES256 3063373930343039320a663063663535633932323739653461336164643035633036663362666161
39306665653635383832623438656364616633643032663365643033316236333939363732363034 38316564326537303236333266303432326164393435663665363963326363306237
3566663361653862646636396339343963626561613839620a663731313337613734356261326437 pass: !vault |
31653763346663656165343632336366343562333836396232636431323635333965336137316237 $ANSIBLE_VAULT;1.1;AES256
3662393364636631310a643935313539353338333233356362623835363631383035666536343634 39306665653635383832623438656364616633643032663365643033316236333939363732363034
65663937643165613337373837633737653765303764303536386530616363343361326536633935 3566663361653862646636396339343963626561613839620a663731313337613734356261326437
3565626161343562396663353538653136376138373334336435 31653763346663656165343632336366343562333836396232636431323635333965336137316237
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
65663937643165613337373837633737653765303764303536386530616363343361326536633935
3565626161343562396663353538653136376138373334336435
# MySQL # MySQL
mysql_root_password: !vault | mysql:
$ANSIBLE_VAULT;1.1;AES256 root_password: !vault |
62316565376333396465333931356163343363663063636233653536373033396230626639613964 $ANSIBLE_VAULT;1.1;AES256
3037613839373833646234626236643430393364643131610a333539373533663434373935376130 62316565376333396465333931356163343363663063636233653536373033396230626639613964
65323365313465316635646465376665616132653832316362363535366563363863636530313666 3037613839373833646234626236643430393364643131610a333539373533663434373935376130
3036393134386131310a643734363261633166636263343538313533393738323934303137343163 65323365313465316635646465376665616132653832316362363535366563363863636530313666
39636637643035616236663364663562366133613233313139623937313531343564 3036393134386131310a643734363261633166636263343538313533393738323934303137343163
39636637643035616236663364663562366133613233313139623937313531343564
# PSQL # PSQL
psql_ansible_user: ansible psql:
psql_ansible_password: !vault | ansible:
$ANSIBLE_VAULT;1.1;AES256 user: ansible
30383235373131383466383438653235666365386631356463633265623332643337633830663930 pass: !vault |
3639313565613138373165636264343030323961646539390a356134383764326631326635636139 $ANSIBLE_VAULT;1.1;AES256
63626263373063343036373266326235363839316662363031356264363365633161326264643766 30383235373131383466383438653235666365386631356463633265623332643337633830663930
3734386366633861640a643335636330323432626437646337353534653832383337396432636264 3639313565613138373165636264343030323961646539390a356134383764326631326635636139
61356331646133653363353931306630373963316430626266346630646362666237 63626263373063343036373266326235363839316662363031356264363365633161326264643766
psql_neighbor_address: "172.31.0.0/16" 3734386366633861640a643335636330323432626437646337353534653832383337396432636264
61356331646133653363353931306630373963316430626266346630646362666237
neighbor_block: "172.31.0.0/16"
## WEBAPPS ## WEBAPPS
# Dokuwiki
dokuwiki_url: "wiki.9iron.club"
# Gitea # Gitea
gitea_mysql_password: !vault | gitea_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

View File

@ -53,7 +53,7 @@ for file in "$MODULESDIR"/*; do
} }
done done
# If we have a fancy schmancy bucket, use it # If we have a fancy schmancy bucket, use it
s3bucket="{{ aws_backup_bucket }}" s3bucket="{{ aws.backup_bucket }}"
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
log "Moving files to S3 bucket $s3bucket" log "Moving files to S3 bucket $s3bucket"
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \ nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \

View File

@ -34,7 +34,7 @@ if (( currentbackupcount >= retention )); then
fi fi
fi fi
# WE MAKE BACKUP NOW SERGEI # WE MAKE BACKUP NOW SERGEI
s3bucket="{{ aws_backup_bucket }}" s3bucket="{{ aws.backup_bucket }}"
for dir in /home/*; do for dir in /home/*; do
username="$(basename -- "$dir")" username="$(basename -- "$dir")"
forcefile="$dir/.backup/force" forcefile="$dir/.backup/force"

View File

@ -9,7 +9,7 @@
mysql_db: mysql_db:
name: gitea name: gitea
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
state: present state: present
notify: gitea add default user notify: gitea add default user
- name: Create user - name: Create user
@ -19,7 +19,7 @@
password: "{{ gitea_mysql_password }}" password: "{{ gitea_mysql_password }}"
priv: "gitea.*:ALL,GRANT" priv: "gitea.*:ALL,GRANT"
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
- name: Set up Apache - name: Set up Apache
block: block:
- name: Enable modules - name: Enable modules

View File

@ -9,7 +9,7 @@
mysql_db: mysql_db:
name: grafana name: grafana
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
state: present state: present
- name: Create user - name: Create user
mysql_user: mysql_user:
@ -18,7 +18,7 @@
password: "{{ grafana_mysql_password }}" password: "{{ grafana_mysql_password }}"
priv: "grafana.*:ALL,GRANT" priv: "grafana.*:ALL,GRANT"
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
- name: Set up Apache - name: Set up Apache
block: block:
- name: Enable modules - name: Enable modules

View File

@ -27,8 +27,8 @@
name: matrix name: matrix
password: "{{ matrix_db_password }}" password: "{{ matrix_db_password }}"
login_host: "{{ matrix_db_hostname }}" login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql_ansible_user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql_ansible_password }}" login_password: "{{ psql.ansible.pass }}"
- name: Create DB - name: Create DB
postgresql_db: postgresql_db:
name: matrix name: matrix
@ -36,8 +36,8 @@
lc_collate: C lc_collate: C
lc_ctype: C lc_ctype: C
login_host: "{{ matrix_db_hostname }}" login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql_ansible_user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql_ansible_password }}" login_password: "{{ psql.ansible.pass }}"
when: matrix_db_hostname is defined when: matrix_db_hostname is defined
- name: Set up Apache - name: Set up Apache
block: block:

View File

@ -121,8 +121,8 @@ trusted_key_servers:
email: email:
smtp_host: email-smtp.us-east-1.amazonaws.com smtp_host: email-smtp.us-east-1.amazonaws.com
smtp_port: 587 smtp_port: 587
smtp_user: "{{ aws_ses_user }}" smtp_user: "{{ aws.ses.user }}"
smtp_pass: "{{ aws_ses_pass }}" smtp_pass: "{{ aws.ses.pass }}"
require_transport_security: true require_transport_security: true
notif_from: "%(app)s <noreply@9iron.club>" notif_from: "%(app)s <noreply@9iron.club>"
app_name: "9iron Matrix" app_name: "9iron Matrix"

View File

@ -1707,8 +1707,8 @@ password_config:
email: email:
smtp_host: email-smtp.us-east-1.amazonaws.com smtp_host: email-smtp.us-east-1.amazonaws.com
smtp_port: 587 smtp_port: 587
smtp_user: "{{ aws_ses_user }}" smtp_user: "{{ aws.ses.user }}"
smtp_pass: "{{ aws_ses_pass }}" smtp_pass: "{{ aws.ses.pass }}"
require_transport_security: true require_transport_security: true
# notif_from defines the "From" address to use when sending emails. # notif_from defines the "From" address to use when sending emails.

View File

@ -14,7 +14,7 @@ export MINECRAFT_DIR="/var/minecraft/{{ mcname }}"
cd "$MINECRAFT_DIR" || exit 50 cd "$MINECRAFT_DIR" || exit 50
# Make sure we have a backup # Make sure we have a backup
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
echo "No backups available" echo "No backups available"
exit 0 exit 0
fi fi
@ -30,9 +30,9 @@ if [ -d "world" ]; then
fi fi
# Get our latest good backup # Get our latest good backup
backup="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')" backup="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
echo "Restoring backup: $backup" echo "Restoring backup: $backup"
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ mcname }}/$backup" world.tgz aws s3 cp "s3://{{ aws.backup_bucket }}/{{ mcname }}/$backup" world.tgz
# Decompress it # Decompress it
tar xzf world.tgz tar xzf world.tgz
# Find the world # Find the world

View File

@ -17,9 +17,9 @@
mysql_user: mysql_user:
name: root name: root
host: localhost host: localhost
password: "{{ mysql_root_password }}" password: "{{ mysql.root_password }}"
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
check_implicit_admin: yes check_implicit_admin: yes
priv: "*.*:ALL,GRANT" priv: "*.*:ALL,GRANT"
become: yes become: yes

View File

@ -15,7 +15,7 @@
mysql_db: mysql_db:
name: nextcloud name: nextcloud
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
state: present state: present
- name: Create Nextcloud user - name: Create Nextcloud user
mysql_user: mysql_user:
@ -24,7 +24,7 @@
password: "{{ nextcloud_mysql_password }}" password: "{{ nextcloud_mysql_password }}"
priv: "nextcloud.*:ALL,GRANT" priv: "nextcloud.*:ALL,GRANT"
login_user: root login_user: root
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql.root_password }}"
- name: Set up Apache - name: Set up Apache
block: block:
- name: Create webroot - name: Create webroot

View File

@ -30,22 +30,22 @@
name: pleroma name: pleroma
password: "{{ pleroma_db_password }}" password: "{{ pleroma_db_password }}"
login_host: "{{ pleroma_db_hostname }}" login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql_ansible_password }}" login_password: "{{ psql.ansible.pass }}"
- name: Create DB - name: Create DB
postgresql_db: postgresql_db:
name: pleroma name: pleroma
owner: pleroma owner: pleroma
login_host: "{{ pleroma_db_hostname }}" login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql_ansible_password }}" login_password: "{{ psql.ansible.pass }}"
- name: Create extensions - name: Create extensions
postgresql_ext: postgresql_ext:
db: pleroma db: pleroma
name: "{{ item }}" name: "{{ item }}"
login_host: "{{ pleroma_db_hostname }}" login_host: "{{ pleroma_db_hostname }}"
login_user: "{{ psql_ansible_user }}" login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql_ansible_password }}" login_password: "{{ psql.ansible.pass }}"
loop: loop:
- citext - citext
- pg_trgm - pg_trgm

View File

@ -39,8 +39,8 @@ config :pleroma, Pleroma.Emails.Mailer,
enabled: true, enabled: true,
adapter: Swoosh.Adapters.SMTP, adapter: Swoosh.Adapters.SMTP,
relay: "email-smtp.us-east-1.amazonaws.com", relay: "email-smtp.us-east-1.amazonaws.com",
username: "{{ aws_ses_user }}", username: "{{ aws.ses.user }}",
password: "{{ aws_ses_pass }}", password: "{{ aws.ses.pass }}",
ssl: true, ssl: true,
auth: :always auth: :always

View File

@ -14,7 +14,7 @@ export PLEROMA_DIR="/opt/pleroma"
cd "$PLEROMA_DIR" || exit 50 cd "$PLEROMA_DIR" || exit 50
# Make sure we have a backup # Make sure we have a backup
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
echo "No backups available" echo "No backups available"
exit 0 exit 0
fi fi
@ -30,13 +30,13 @@ if [ -d /var/lib/pleroma/uploads ]; then
fi fi
# Get our latest good uploads backup # Get our latest good uploads backup
backup_up="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')" backup_up="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
# And our latest good DB backup # And our latest good DB backup
backup_db="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')" backup_db="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
echo "Restoring backup: $backup_up $backup_db" echo "Restoring backup: $backup_up $backup_db"
# Get our backups # Get our backups
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
# Decompress # Decompress
tar xzf uploads.tgz tar xzf uploads.tgz
gunzip db.pgdump.gz gunzip db.pgdump.gz

View File

@ -1 +1 @@
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws_ses_user }}:{{ aws_ses_pass }} [email-smtp.us-east-1.amazonaws.com]:587 {{ aws.ses.user }}:{{ aws.ses.pass }}

View File

@ -27,13 +27,13 @@
block: block:
- name: Create DB user - name: Create DB user
postgresql_user: postgresql_user:
name: "{{ psql_ansible_user }}" name: "{{ psql.ansible.user }}"
password: "{{ psql_ansible_password }}" password: "{{ psql.ansible.pass }}"
role_attr_flags: SUPERUSER role_attr_flags: SUPERUSER
- name: Create maintenance DB - name: Create maintenance DB
postgresql_db: postgresql_db:
name: "{{ psql_ansible_user }}" name: "{{ psql.ansible.user }}"
owner: "{{ psql_ansible_user }}" owner: "{{ psql.ansible.user }}"
become: yes become: yes
become_user: postgres become_user: postgres
- name: Template out backup module - name: Template out backup module

View File

@ -91,7 +91,7 @@ local all all peer
# IPv4 local connections: # IPv4 local connections:
host all all 127.0.0.1/32 md5 host all all 127.0.0.1/32 md5
# IPv4 neighbor connections: # IPv4 neighbor connections:
host all all {{ psql_neighbor_address }} md5 host all all {{ psql.neighbor_block }} md5
# IPv6 local connections: # IPv6 local connections:
host all all ::1/128 md5 host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the # Allow replication connections from localhost, by a user with the