Getting ready to deploy live

2020-11-08 08:16:07 -06:00 · 2020-11-08 08:16:07 -06:00 · a47e09bd1d
commit a47e09bd1d
parent 3f93c4c2d6
2 changed files with 112 additions and 96 deletions
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -9,9 +9,7 @@ all:
        lap-s76-lemp9-0.desu.ltd:
    db:
      hosts:
-        db1.test.desu.ltd:
+        psql1.desu.ltd:
          ansible_host: 192.168.122.169
    web:
      hosts:
-        web1.test.desu.ltd:
+        web1.desu.ltd:
          ansible_host: 192.168.122.62
--- a/site.yml
+++ b/site.yml
@ -30,20 +30,19 @@
      become: yes
      tags: [ desktop, zerotier ]
  # Database servers
- hosts: db1.test.desu.ltd
+- hosts: psql1.desu.ltd
  roles:
    - role: postgresql
      vars:
        postgresql_global_config_options:
          - option: listen_addresses
-            value: "*"
+            value: 192.168.164.156
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
          - { type: local, database: all, user: all, auth_method: peer }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
-          # Just allow all access on this block.
+            # Used for internal access from other nodes
          # When rolling out to our new env, I'll allow by particular IP alone
          - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
        postgresql_users:
          - name: gitea
@ -58,91 +57,110 @@
      become: yes
      tags: [ db, psql ]
  # Webservers
- hosts: web1.test.desu.ltd
+
-  roles:
+# NOTE: This whole stanza has been commented out pending resolution of https://github.com/ansible/ansible/issues/71528
-    - role: apache
+# Currently, no release packages this fix. I NEED that fix out to work around this bug in 20.04
-      vars:
+
-        apache_remove_default_vhost: yes
+#- hosts: web1.desu.ltd
-        apache_packages_state: latest
+#  roles:
-        apache_mods_enabled:
+#    - role: certbot
-          - ssl.load
+#      vars:
-          - proxy.load
+#        certbot_admin_email: rehashedsalt@cock.li
-          - proxy_http.load
+#        certbot_create_if_missing: yes
-          - rewrite.load
+#        certbot_create_method: standalone
-        apache_vhosts:
+#        certbot_create_standalone_stop_services:
-          - servername: git.test.desu.ltd
+#          - apache2
-            extra_parameters: |
+#        certbot_certs:
-              ProxyPreserveHost On
+#          - domains:
-              ProxyRequests Off
+#              - desu.ltd
-              ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
+#              - git.desu.ltd
-          - servername: nc.test.desu.ltd
+#              - nc.desu.ltd
-            documentroot: /var/www/html/nextcloud
+#              - web1.desu.ltd
-          - servername: test.desu.ltd
+#      become: yes
-            documentroot: /var/www/html/desu.ltd
+#      tags: [ web, certbot ]
-      become: yes
+#    - role: apache
-      tags: [ web, apache ]
+#      vars:
-    - role: php
+#        apache_remove_default_vhost: yes
-      vars:
+#        apache_packages_state: latest
-        php_memory_limit: 512M
+#        apache_mods_enabled:
-        php_packages_extra:
+#          - ssl.load
-          - libapache2-mod-php
+#          - proxy.load
-          - php-zip # For Nextcloud
+#          - proxy_http.load
-          - php-intl
+#          - rewrite.load
-          - php-imagick
+#        apache_vhosts:
-          - php-redis
+#          - servername: git.test.desu.ltd
-          - php-bcmath
+#            extra_parameters: |
-          - php-gmp
+#              ProxyPreserveHost On
-          - php-pgsql # For general DB stuff
+#              ProxyRequests Off
-        # Nextcloud recommended opcache settings
+#              ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
-        php_opcache_max_accelerated_files: 10000
+#          - servername: nc.test.desu.ltd
-        php_opcache_memory_consumption: 128
+#            documentroot: /var/www/html/nextcloud
-        php_opcache_revalidate_freq: 2
+#          - servername: test.desu.ltd
-      become: yes
+#            documentroot: /var/www/html/desu.ltd
-      tags: [ web, php ]
+#      become: yes
-    - role: git
+#      tags: [ web, apache ]
-      vars:
+#    - role: php
-        git_repos:
+#      vars:
-          - repo: https://git.9iron.club/salt/desultd
+#        php_memory_limit: 512M
-            dest: /var/www/html/desu.ltd
+#        php_packages_extra:
-      become: yes
+#          - libapache2-mod-php
-      tags: [ web, git ]
+#          - php-zip # For Nextcloud
-    - role: nextcloud
+#          - php-intl
-      vars:
+#          - php-imagick
-        nextcloud_admin_user: admin
+#          - php-redis
-        nextcloud_admin_pass: foobar
+#          - php-bcmath
-        nextcloud_version: 19
+#          - php-gmp
-        nextcloud_urls:
+#          - php-pgsql # For general DB stuff
-          - http://nc.test.desu.ltd:80
+#        # Nextcloud recommended opcache settings
-        nextcloud_config:
+#        php_opcache_max_accelerated_files: 10000
-          system:
+#        php_opcache_memory_consumption: 128
-            trusted_domains:
+#        php_opcache_revalidate_freq: 2
-              "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
+#      become: yes
-        nextcloud_database:
+#      tags: [ web, php ]
-          backend: pgsql
+#    - role: git
-          name: nextcloud
+#      vars:
-          user: nextcloud
+#        git_repos:
-          pass: "{{ secret_nextcloud_db_pass }}"
+#          - repo: https://git.9iron.club/salt/desultd
-          host: 192.168.122.169
+#            dest: /var/www/html/desu.ltd
-          port: 5432
+#      become: yes
-      become: yes
+#      tags: [ web, git ]
-      tags: [ web, nextcloud ]
+#    - role: nextcloud
-    - role: gitea
+#      vars:
-      vars:
+#        nextcloud_admin_user: admin
-        # Look and feel
+#        nextcloud_admin_pass: foobar
-        gitea_app_name: "Git Desu"
+#        nextcloud_version: 19
-        # Core config
+#        nextcloud_urls:
-        gitea_db_type: postgres
+#          - http://nc.test.desu.ltd:80
-        gitea_db_host: 192.168.122.169:5432
+#        nextcloud_config:
-        gitea_db_name: gitea
+#          system:
-        gitea_db_user: gitea
+#            trusted_domains:
-        gitea_db_password: "{{ secret_gitea_db_pass }}"
+#              "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
-        gitea_http_domain: git.test.desu.ltd
+#        nextcloud_database:
-        gitea_oauth2_enabled: no
+#          backend: pgsql
-        gitea_root_url: http://git.test.desu.ltd
+#          name: nextcloud
-        gitea_shell: "/bin/bash"
+#          user: nextcloud
-        gitea_ssh_domain: git.test.desu.ltd
+#          pass: "{{ secret_nextcloud_db_pass }}"
-        gitea_ssh_port: 22
+#          host: 192.168.122.169
-        gitea_start_ssh: no
+#          port: 5432
-        gitea_user: git
+#      become: yes
-      become: yes
+#      tags: [ web, nextcloud ]
-      tags: [ web, gitea ]
+#    - role: gitea
 #      vars:
 #        # Look and feel
 #        gitea_app_name: "Git Desu"
 #        # Core config
 #        gitea_db_type: postgres
 #        gitea_db_host: 192.168.122.169:5432
 #        gitea_db_name: gitea
 #        gitea_db_user: gitea
 #        gitea_db_password: "{{ secret_gitea_db_pass }}"
 #        gitea_http_domain: git.test.desu.ltd
 #        gitea_oauth2_enabled: no
 #        gitea_root_url: http://git.test.desu.ltd
 #        gitea_shell: "/bin/bash"
 #        gitea_ssh_domain: git.test.desu.ltd
 #        gitea_ssh_port: 22
 #        gitea_start_ssh: no
 #        gitea_user: git
 #      become: yes
 #      tags: [ web, gitea ]