Getting ready to deploy live
This commit is contained in:
parent
3f93c4c2d6
commit
a47e09bd1d
@ -9,9 +9,7 @@ all:
|
|||||||
lap-s76-lemp9-0.desu.ltd:
|
lap-s76-lemp9-0.desu.ltd:
|
||||||
db:
|
db:
|
||||||
hosts:
|
hosts:
|
||||||
db1.test.desu.ltd:
|
psql1.desu.ltd:
|
||||||
ansible_host: 192.168.122.169
|
|
||||||
web:
|
web:
|
||||||
hosts:
|
hosts:
|
||||||
web1.test.desu.ltd:
|
web1.desu.ltd:
|
||||||
ansible_host: 192.168.122.62
|
|
||||||
|
202
site.yml
202
site.yml
@ -30,20 +30,19 @@
|
|||||||
become: yes
|
become: yes
|
||||||
tags: [ desktop, zerotier ]
|
tags: [ desktop, zerotier ]
|
||||||
# Database servers
|
# Database servers
|
||||||
- hosts: db1.test.desu.ltd
|
- hosts: psql1.desu.ltd
|
||||||
roles:
|
roles:
|
||||||
- role: postgresql
|
- role: postgresql
|
||||||
vars:
|
vars:
|
||||||
postgresql_global_config_options:
|
postgresql_global_config_options:
|
||||||
- option: listen_addresses
|
- option: listen_addresses
|
||||||
value: "*"
|
value: 192.168.164.156
|
||||||
postgresql_hba_entries:
|
postgresql_hba_entries:
|
||||||
- { type: local, database: all, user: postgres, auth_method: peer }
|
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||||
- { type: local, database: all, user: all, auth_method: peer }
|
- { type: local, database: all, user: all, auth_method: peer }
|
||||||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||||
# Just allow all access on this block.
|
# Used for internal access from other nodes
|
||||||
# When rolling out to our new env, I'll allow by particular IP alone
|
|
||||||
- { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
|
- { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
|
||||||
postgresql_users:
|
postgresql_users:
|
||||||
- name: gitea
|
- name: gitea
|
||||||
@ -58,91 +57,110 @@
|
|||||||
become: yes
|
become: yes
|
||||||
tags: [ db, psql ]
|
tags: [ db, psql ]
|
||||||
# Webservers
|
# Webservers
|
||||||
- hosts: web1.test.desu.ltd
|
|
||||||
roles:
|
# NOTE: This whole stanza has been commented out pending resolution of https://github.com/ansible/ansible/issues/71528
|
||||||
- role: apache
|
# Currently, no release packages this fix. I NEED that fix out to work around this bug in 20.04
|
||||||
vars:
|
|
||||||
apache_remove_default_vhost: yes
|
#- hosts: web1.desu.ltd
|
||||||
apache_packages_state: latest
|
# roles:
|
||||||
apache_mods_enabled:
|
# - role: certbot
|
||||||
- ssl.load
|
# vars:
|
||||||
- proxy.load
|
# certbot_admin_email: rehashedsalt@cock.li
|
||||||
- proxy_http.load
|
# certbot_create_if_missing: yes
|
||||||
- rewrite.load
|
# certbot_create_method: standalone
|
||||||
apache_vhosts:
|
# certbot_create_standalone_stop_services:
|
||||||
- servername: git.test.desu.ltd
|
# - apache2
|
||||||
extra_parameters: |
|
# certbot_certs:
|
||||||
ProxyPreserveHost On
|
# - domains:
|
||||||
ProxyRequests Off
|
# - desu.ltd
|
||||||
ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
|
# - git.desu.ltd
|
||||||
- servername: nc.test.desu.ltd
|
# - nc.desu.ltd
|
||||||
documentroot: /var/www/html/nextcloud
|
# - web1.desu.ltd
|
||||||
- servername: test.desu.ltd
|
# become: yes
|
||||||
documentroot: /var/www/html/desu.ltd
|
# tags: [ web, certbot ]
|
||||||
become: yes
|
# - role: apache
|
||||||
tags: [ web, apache ]
|
# vars:
|
||||||
- role: php
|
# apache_remove_default_vhost: yes
|
||||||
vars:
|
# apache_packages_state: latest
|
||||||
php_memory_limit: 512M
|
# apache_mods_enabled:
|
||||||
php_packages_extra:
|
# - ssl.load
|
||||||
- libapache2-mod-php
|
# - proxy.load
|
||||||
- php-zip # For Nextcloud
|
# - proxy_http.load
|
||||||
- php-intl
|
# - rewrite.load
|
||||||
- php-imagick
|
# apache_vhosts:
|
||||||
- php-redis
|
# - servername: git.test.desu.ltd
|
||||||
- php-bcmath
|
# extra_parameters: |
|
||||||
- php-gmp
|
# ProxyPreserveHost On
|
||||||
- php-pgsql # For general DB stuff
|
# ProxyRequests Off
|
||||||
# Nextcloud recommended opcache settings
|
# ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
|
||||||
php_opcache_max_accelerated_files: 10000
|
# - servername: nc.test.desu.ltd
|
||||||
php_opcache_memory_consumption: 128
|
# documentroot: /var/www/html/nextcloud
|
||||||
php_opcache_revalidate_freq: 2
|
# - servername: test.desu.ltd
|
||||||
become: yes
|
# documentroot: /var/www/html/desu.ltd
|
||||||
tags: [ web, php ]
|
# become: yes
|
||||||
- role: git
|
# tags: [ web, apache ]
|
||||||
vars:
|
# - role: php
|
||||||
git_repos:
|
# vars:
|
||||||
- repo: https://git.9iron.club/salt/desultd
|
# php_memory_limit: 512M
|
||||||
dest: /var/www/html/desu.ltd
|
# php_packages_extra:
|
||||||
become: yes
|
# - libapache2-mod-php
|
||||||
tags: [ web, git ]
|
# - php-zip # For Nextcloud
|
||||||
- role: nextcloud
|
# - php-intl
|
||||||
vars:
|
# - php-imagick
|
||||||
nextcloud_admin_user: admin
|
# - php-redis
|
||||||
nextcloud_admin_pass: foobar
|
# - php-bcmath
|
||||||
nextcloud_version: 19
|
# - php-gmp
|
||||||
nextcloud_urls:
|
# - php-pgsql # For general DB stuff
|
||||||
- http://nc.test.desu.ltd:80
|
# # Nextcloud recommended opcache settings
|
||||||
nextcloud_config:
|
# php_opcache_max_accelerated_files: 10000
|
||||||
system:
|
# php_opcache_memory_consumption: 128
|
||||||
trusted_domains:
|
# php_opcache_revalidate_freq: 2
|
||||||
"{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
|
# become: yes
|
||||||
nextcloud_database:
|
# tags: [ web, php ]
|
||||||
backend: pgsql
|
# - role: git
|
||||||
name: nextcloud
|
# vars:
|
||||||
user: nextcloud
|
# git_repos:
|
||||||
pass: "{{ secret_nextcloud_db_pass }}"
|
# - repo: https://git.9iron.club/salt/desultd
|
||||||
host: 192.168.122.169
|
# dest: /var/www/html/desu.ltd
|
||||||
port: 5432
|
# become: yes
|
||||||
become: yes
|
# tags: [ web, git ]
|
||||||
tags: [ web, nextcloud ]
|
# - role: nextcloud
|
||||||
- role: gitea
|
# vars:
|
||||||
vars:
|
# nextcloud_admin_user: admin
|
||||||
# Look and feel
|
# nextcloud_admin_pass: foobar
|
||||||
gitea_app_name: "Git Desu"
|
# nextcloud_version: 19
|
||||||
# Core config
|
# nextcloud_urls:
|
||||||
gitea_db_type: postgres
|
# - http://nc.test.desu.ltd:80
|
||||||
gitea_db_host: 192.168.122.169:5432
|
# nextcloud_config:
|
||||||
gitea_db_name: gitea
|
# system:
|
||||||
gitea_db_user: gitea
|
# trusted_domains:
|
||||||
gitea_db_password: "{{ secret_gitea_db_pass }}"
|
# "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
|
||||||
gitea_http_domain: git.test.desu.ltd
|
# nextcloud_database:
|
||||||
gitea_oauth2_enabled: no
|
# backend: pgsql
|
||||||
gitea_root_url: http://git.test.desu.ltd
|
# name: nextcloud
|
||||||
gitea_shell: "/bin/bash"
|
# user: nextcloud
|
||||||
gitea_ssh_domain: git.test.desu.ltd
|
# pass: "{{ secret_nextcloud_db_pass }}"
|
||||||
gitea_ssh_port: 22
|
# host: 192.168.122.169
|
||||||
gitea_start_ssh: no
|
# port: 5432
|
||||||
gitea_user: git
|
# become: yes
|
||||||
become: yes
|
# tags: [ web, nextcloud ]
|
||||||
tags: [ web, gitea ]
|
# - role: gitea
|
||||||
|
# vars:
|
||||||
|
# # Look and feel
|
||||||
|
# gitea_app_name: "Git Desu"
|
||||||
|
# # Core config
|
||||||
|
# gitea_db_type: postgres
|
||||||
|
# gitea_db_host: 192.168.122.169:5432
|
||||||
|
# gitea_db_name: gitea
|
||||||
|
# gitea_db_user: gitea
|
||||||
|
# gitea_db_password: "{{ secret_gitea_db_pass }}"
|
||||||
|
# gitea_http_domain: git.test.desu.ltd
|
||||||
|
# gitea_oauth2_enabled: no
|
||||||
|
# gitea_root_url: http://git.test.desu.ltd
|
||||||
|
# gitea_shell: "/bin/bash"
|
||||||
|
# gitea_ssh_domain: git.test.desu.ltd
|
||||||
|
# gitea_ssh_port: 22
|
||||||
|
# gitea_start_ssh: no
|
||||||
|
# gitea_user: git
|
||||||
|
# become: yes
|
||||||
|
# tags: [ web, gitea ]
|
||||||
|
Loading…
Reference in New Issue
Block a user