More variable refactoring
This commit is contained in:
parent
12fb975a2a
commit
8990cc4494
@ -3,50 +3,54 @@
|
|||||||
|
|
||||||
## BACKEND
|
## BACKEND
|
||||||
# ACME
|
# ACME
|
||||||
acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
|
acme:
|
||||||
#acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
#directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint
|
||||||
acme_version: 2
|
directory: "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
acme_webroot: "/var/www/acme"
|
version: 2
|
||||||
# AWS Backups
|
webroot: /var/www/acme
|
||||||
aws_backup_bucket: "9iron-backups-general"
|
aws:
|
||||||
# AWS SES
|
# S3 Backups
|
||||||
aws_ses_user: !vault |
|
backup_bucket: "9iron-backups-general"
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
# SES
|
||||||
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
ses:
|
||||||
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
user: !vault |
|
||||||
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
||||||
38316564326537303236333266303432326164393435663665363963326363306237
|
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
||||||
aws_ses_pass: !vault |
|
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
||||||
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
38316564326537303236333266303432326164393435663665363963326363306237
|
||||||
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
pass: !vault |
|
||||||
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
||||||
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
||||||
3565626161343562396663353538653136376138373334336435
|
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
||||||
|
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
||||||
|
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
||||||
|
3565626161343562396663353538653136376138373334336435
|
||||||
# MySQL
|
# MySQL
|
||||||
mysql_root_password: !vault |
|
mysql:
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
root_password: !vault |
|
||||||
62316565376333396465333931356163343363663063636233653536373033396230626639613964
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
|
62316565376333396465333931356163343363663063636233653536373033396230626639613964
|
||||||
65323365313465316635646465376665616132653832316362363535366563363863636530313666
|
3037613839373833646234626236643430393364643131610a333539373533663434373935376130
|
||||||
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
|
65323365313465316635646465376665616132653832316362363535366563363863636530313666
|
||||||
39636637643035616236663364663562366133613233313139623937313531343564
|
3036393134386131310a643734363261633166636263343538313533393738323934303137343163
|
||||||
|
39636637643035616236663364663562366133613233313139623937313531343564
|
||||||
# PSQL
|
# PSQL
|
||||||
psql_ansible_user: ansible
|
psql:
|
||||||
psql_ansible_password: !vault |
|
ansible:
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
user: ansible
|
||||||
30383235373131383466383438653235666365386631356463633265623332643337633830663930
|
pass: !vault |
|
||||||
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
63626263373063343036373266326235363839316662363031356264363365633161326264643766
|
30383235373131383466383438653235666365386631356463633265623332643337633830663930
|
||||||
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
|
3639313565613138373165636264343030323961646539390a356134383764326631326635636139
|
||||||
61356331646133653363353931306630373963316430626266346630646362666237
|
63626263373063343036373266326235363839316662363031356264363365633161326264643766
|
||||||
psql_neighbor_address: "172.31.0.0/16"
|
3734386366633861640a643335636330323432626437646337353534653832383337396432636264
|
||||||
|
61356331646133653363353931306630373963316430626266346630646362666237
|
||||||
|
neighbor_block: "172.31.0.0/16"
|
||||||
|
|
||||||
## WEBAPPS
|
## WEBAPPS
|
||||||
# Dokuwiki
|
|
||||||
dokuwiki_url: "wiki.9iron.club"
|
|
||||||
# Gitea
|
# Gitea
|
||||||
gitea_mysql_password: !vault |
|
gitea_mysql_password: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
@ -53,7 +53,7 @@ for file in "$MODULESDIR"/*; do
|
|||||||
}
|
}
|
||||||
done
|
done
|
||||||
# If we have a fancy schmancy bucket, use it
|
# If we have a fancy schmancy bucket, use it
|
||||||
s3bucket="{{ aws_backup_bucket }}"
|
s3bucket="{{ aws.backup_bucket }}"
|
||||||
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
|
if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then
|
||||||
log "Moving files to S3 bucket $s3bucket"
|
log "Moving files to S3 bucket $s3bucket"
|
||||||
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \
|
nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \
|
||||||
|
@ -34,7 +34,7 @@ if (( currentbackupcount >= retention )); then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# WE MAKE BACKUP NOW SERGEI
|
# WE MAKE BACKUP NOW SERGEI
|
||||||
s3bucket="{{ aws_backup_bucket }}"
|
s3bucket="{{ aws.backup_bucket }}"
|
||||||
for dir in /home/*; do
|
for dir in /home/*; do
|
||||||
username="$(basename -- "$dir")"
|
username="$(basename -- "$dir")"
|
||||||
forcefile="$dir/.backup/force"
|
forcefile="$dir/.backup/force"
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
mysql_db:
|
mysql_db:
|
||||||
name: gitea
|
name: gitea
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
state: present
|
state: present
|
||||||
notify: gitea add default user
|
notify: gitea add default user
|
||||||
- name: Create user
|
- name: Create user
|
||||||
@ -19,7 +19,7 @@
|
|||||||
password: "{{ gitea_mysql_password }}"
|
password: "{{ gitea_mysql_password }}"
|
||||||
priv: "gitea.*:ALL,GRANT"
|
priv: "gitea.*:ALL,GRANT"
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
- name: Set up Apache
|
- name: Set up Apache
|
||||||
block:
|
block:
|
||||||
- name: Enable modules
|
- name: Enable modules
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
mysql_db:
|
mysql_db:
|
||||||
name: grafana
|
name: grafana
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
state: present
|
state: present
|
||||||
- name: Create user
|
- name: Create user
|
||||||
mysql_user:
|
mysql_user:
|
||||||
@ -18,7 +18,7 @@
|
|||||||
password: "{{ grafana_mysql_password }}"
|
password: "{{ grafana_mysql_password }}"
|
||||||
priv: "grafana.*:ALL,GRANT"
|
priv: "grafana.*:ALL,GRANT"
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
- name: Set up Apache
|
- name: Set up Apache
|
||||||
block:
|
block:
|
||||||
- name: Enable modules
|
- name: Enable modules
|
||||||
|
@ -27,8 +27,8 @@
|
|||||||
name: matrix
|
name: matrix
|
||||||
password: "{{ matrix_db_password }}"
|
password: "{{ matrix_db_password }}"
|
||||||
login_host: "{{ matrix_db_hostname }}"
|
login_host: "{{ matrix_db_hostname }}"
|
||||||
login_user: "{{ psql_ansible_user }}"
|
login_user: "{{ psql.ansible.user }}"
|
||||||
login_password: "{{ psql_ansible_password }}"
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
- name: Create DB
|
- name: Create DB
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: matrix
|
name: matrix
|
||||||
@ -36,8 +36,8 @@
|
|||||||
lc_collate: C
|
lc_collate: C
|
||||||
lc_ctype: C
|
lc_ctype: C
|
||||||
login_host: "{{ matrix_db_hostname }}"
|
login_host: "{{ matrix_db_hostname }}"
|
||||||
login_user: "{{ psql_ansible_user }}"
|
login_user: "{{ psql.ansible.user }}"
|
||||||
login_password: "{{ psql_ansible_password }}"
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
when: matrix_db_hostname is defined
|
when: matrix_db_hostname is defined
|
||||||
- name: Set up Apache
|
- name: Set up Apache
|
||||||
block:
|
block:
|
||||||
|
@ -121,8 +121,8 @@ trusted_key_servers:
|
|||||||
email:
|
email:
|
||||||
smtp_host: email-smtp.us-east-1.amazonaws.com
|
smtp_host: email-smtp.us-east-1.amazonaws.com
|
||||||
smtp_port: 587
|
smtp_port: 587
|
||||||
smtp_user: "{{ aws_ses_user }}"
|
smtp_user: "{{ aws.ses.user }}"
|
||||||
smtp_pass: "{{ aws_ses_pass }}"
|
smtp_pass: "{{ aws.ses.pass }}"
|
||||||
require_transport_security: true
|
require_transport_security: true
|
||||||
notif_from: "%(app)s <noreply@9iron.club>"
|
notif_from: "%(app)s <noreply@9iron.club>"
|
||||||
app_name: "9iron Matrix"
|
app_name: "9iron Matrix"
|
||||||
|
@ -1707,8 +1707,8 @@ password_config:
|
|||||||
email:
|
email:
|
||||||
smtp_host: email-smtp.us-east-1.amazonaws.com
|
smtp_host: email-smtp.us-east-1.amazonaws.com
|
||||||
smtp_port: 587
|
smtp_port: 587
|
||||||
smtp_user: "{{ aws_ses_user }}"
|
smtp_user: "{{ aws.ses.user }}"
|
||||||
smtp_pass: "{{ aws_ses_pass }}"
|
smtp_pass: "{{ aws.ses.pass }}"
|
||||||
require_transport_security: true
|
require_transport_security: true
|
||||||
|
|
||||||
# notif_from defines the "From" address to use when sending emails.
|
# notif_from defines the "From" address to use when sending emails.
|
||||||
|
@ -14,7 +14,7 @@ export MINECRAFT_DIR="/var/minecraft/{{ mcname }}"
|
|||||||
cd "$MINECRAFT_DIR" || exit 50
|
cd "$MINECRAFT_DIR" || exit 50
|
||||||
|
|
||||||
# Make sure we have a backup
|
# Make sure we have a backup
|
||||||
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
|
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" > /dev/null 2>&1; then
|
||||||
echo "No backups available"
|
echo "No backups available"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
@ -30,9 +30,9 @@ if [ -d "world" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get our latest good backup
|
# Get our latest good backup
|
||||||
backup="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
|
backup="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ mcname }}/" | tail -n 1 | awk '{print $4}')"
|
||||||
echo "Restoring backup: $backup"
|
echo "Restoring backup: $backup"
|
||||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ mcname }}/$backup" world.tgz
|
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ mcname }}/$backup" world.tgz
|
||||||
# Decompress it
|
# Decompress it
|
||||||
tar xzf world.tgz
|
tar xzf world.tgz
|
||||||
# Find the world
|
# Find the world
|
||||||
|
@ -17,9 +17,9 @@
|
|||||||
mysql_user:
|
mysql_user:
|
||||||
name: root
|
name: root
|
||||||
host: localhost
|
host: localhost
|
||||||
password: "{{ mysql_root_password }}"
|
password: "{{ mysql.root_password }}"
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: yes
|
||||||
priv: "*.*:ALL,GRANT"
|
priv: "*.*:ALL,GRANT"
|
||||||
become: yes
|
become: yes
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
mysql_db:
|
mysql_db:
|
||||||
name: nextcloud
|
name: nextcloud
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
state: present
|
state: present
|
||||||
- name: Create Nextcloud user
|
- name: Create Nextcloud user
|
||||||
mysql_user:
|
mysql_user:
|
||||||
@ -24,7 +24,7 @@
|
|||||||
password: "{{ nextcloud_mysql_password }}"
|
password: "{{ nextcloud_mysql_password }}"
|
||||||
priv: "nextcloud.*:ALL,GRANT"
|
priv: "nextcloud.*:ALL,GRANT"
|
||||||
login_user: root
|
login_user: root
|
||||||
login_password: "{{ mysql_root_password }}"
|
login_password: "{{ mysql.root_password }}"
|
||||||
- name: Set up Apache
|
- name: Set up Apache
|
||||||
block:
|
block:
|
||||||
- name: Create webroot
|
- name: Create webroot
|
||||||
|
@ -30,22 +30,22 @@
|
|||||||
name: pleroma
|
name: pleroma
|
||||||
password: "{{ pleroma_db_password }}"
|
password: "{{ pleroma_db_password }}"
|
||||||
login_host: "{{ pleroma_db_hostname }}"
|
login_host: "{{ pleroma_db_hostname }}"
|
||||||
login_user: "{{ psql_ansible_user }}"
|
login_user: "{{ psql.ansible.user }}"
|
||||||
login_password: "{{ psql_ansible_password }}"
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
- name: Create DB
|
- name: Create DB
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: pleroma
|
name: pleroma
|
||||||
owner: pleroma
|
owner: pleroma
|
||||||
login_host: "{{ pleroma_db_hostname }}"
|
login_host: "{{ pleroma_db_hostname }}"
|
||||||
login_user: "{{ psql_ansible_user }}"
|
login_user: "{{ psql.ansible.user }}"
|
||||||
login_password: "{{ psql_ansible_password }}"
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
- name: Create extensions
|
- name: Create extensions
|
||||||
postgresql_ext:
|
postgresql_ext:
|
||||||
db: pleroma
|
db: pleroma
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
login_host: "{{ pleroma_db_hostname }}"
|
login_host: "{{ pleroma_db_hostname }}"
|
||||||
login_user: "{{ psql_ansible_user }}"
|
login_user: "{{ psql.ansible.user }}"
|
||||||
login_password: "{{ psql_ansible_password }}"
|
login_password: "{{ psql.ansible.pass }}"
|
||||||
loop:
|
loop:
|
||||||
- citext
|
- citext
|
||||||
- pg_trgm
|
- pg_trgm
|
||||||
|
@ -39,8 +39,8 @@ config :pleroma, Pleroma.Emails.Mailer,
|
|||||||
enabled: true,
|
enabled: true,
|
||||||
adapter: Swoosh.Adapters.SMTP,
|
adapter: Swoosh.Adapters.SMTP,
|
||||||
relay: "email-smtp.us-east-1.amazonaws.com",
|
relay: "email-smtp.us-east-1.amazonaws.com",
|
||||||
username: "{{ aws_ses_user }}",
|
username: "{{ aws.ses.user }}",
|
||||||
password: "{{ aws_ses_pass }}",
|
password: "{{ aws.ses.pass }}",
|
||||||
ssl: true,
|
ssl: true,
|
||||||
auth: :always
|
auth: :always
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ export PLEROMA_DIR="/opt/pleroma"
|
|||||||
cd "$PLEROMA_DIR" || exit 50
|
cd "$PLEROMA_DIR" || exit 50
|
||||||
|
|
||||||
# Make sure we have a backup
|
# Make sure we have a backup
|
||||||
if ! aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
|
if ! aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" > /dev/null 2>&1; then
|
||||||
echo "No backups available"
|
echo "No backups available"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
@ -30,13 +30,13 @@ if [ -d /var/lib/pleroma/uploads ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get our latest good uploads backup
|
# Get our latest good uploads backup
|
||||||
backup_up="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
|
backup_up="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep uploads | tail -n 1 | awk '{print $4}')"
|
||||||
# And our latest good DB backup
|
# And our latest good DB backup
|
||||||
backup_db="$(aws s3 ls "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
|
backup_db="$(aws s3 ls "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/" | grep pgdump | tail -n 1 | awk '{print $4}')"
|
||||||
echo "Restoring backup: $backup_up $backup_db"
|
echo "Restoring backup: $backup_up $backup_db"
|
||||||
# Get our backups
|
# Get our backups
|
||||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
|
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_up" uploads.tgz
|
||||||
aws s3 cp "s3://{{ aws_backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
|
aws s3 cp "s3://{{ aws.backup_bucket }}/{{ pleroma_url }}/$backup_db" db.pgdump.gz
|
||||||
# Decompress
|
# Decompress
|
||||||
tar xzf uploads.tgz
|
tar xzf uploads.tgz
|
||||||
gunzip db.pgdump.gz
|
gunzip db.pgdump.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws_ses_user }}:{{ aws_ses_pass }}
|
[email-smtp.us-east-1.amazonaws.com]:587 {{ aws.ses.user }}:{{ aws.ses.pass }}
|
||||||
|
@ -27,13 +27,13 @@
|
|||||||
block:
|
block:
|
||||||
- name: Create DB user
|
- name: Create DB user
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
name: "{{ psql_ansible_user }}"
|
name: "{{ psql.ansible.user }}"
|
||||||
password: "{{ psql_ansible_password }}"
|
password: "{{ psql.ansible.pass }}"
|
||||||
role_attr_flags: SUPERUSER
|
role_attr_flags: SUPERUSER
|
||||||
- name: Create maintenance DB
|
- name: Create maintenance DB
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: "{{ psql_ansible_user }}"
|
name: "{{ psql.ansible.user }}"
|
||||||
owner: "{{ psql_ansible_user }}"
|
owner: "{{ psql.ansible.user }}"
|
||||||
become: yes
|
become: yes
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
- name: Template out backup module
|
- name: Template out backup module
|
||||||
|
@ -91,7 +91,7 @@ local all all peer
|
|||||||
# IPv4 local connections:
|
# IPv4 local connections:
|
||||||
host all all 127.0.0.1/32 md5
|
host all all 127.0.0.1/32 md5
|
||||||
# IPv4 neighbor connections:
|
# IPv4 neighbor connections:
|
||||||
host all all {{ psql_neighbor_address }} md5
|
host all all {{ psql.neighbor_block }} md5
|
||||||
# IPv6 local connections:
|
# IPv6 local connections:
|
||||||
host all all ::1/128 md5
|
host all all ::1/128 md5
|
||||||
# Allow replication connections from localhost, by a user with the
|
# Allow replication connections from localhost, by a user with the
|
||||||
|
Loading…
Reference in New Issue
Block a user