Getting ready to deploy live

This commit is contained in:
Salt 2020-11-08 08:16:07 -06:00
parent 3f93c4c2d6
commit a47e09bd1d
2 changed files with 112 additions and 96 deletions

View File

@ -9,9 +9,7 @@ all:
lap-s76-lemp9-0.desu.ltd: lap-s76-lemp9-0.desu.ltd:
db: db:
hosts: hosts:
db1.test.desu.ltd: psql1.desu.ltd:
ansible_host: 192.168.122.169
web: web:
hosts: hosts:
web1.test.desu.ltd: web1.desu.ltd:
ansible_host: 192.168.122.62

202
site.yml
View File

@ -30,20 +30,19 @@
become: yes become: yes
tags: [ desktop, zerotier ] tags: [ desktop, zerotier ]
# Database servers # Database servers
- hosts: db1.test.desu.ltd - hosts: psql1.desu.ltd
roles: roles:
- role: postgresql - role: postgresql
vars: vars:
postgresql_global_config_options: postgresql_global_config_options:
- option: listen_addresses - option: listen_addresses
value: "*" value: 192.168.164.156
postgresql_hba_entries: postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
# Just allow all access on this block. # Used for internal access from other nodes
# When rolling out to our new env, I'll allow by particular IP alone
- { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
postgresql_users: postgresql_users:
- name: gitea - name: gitea
@ -58,91 +57,110 @@
become: yes become: yes
tags: [ db, psql ] tags: [ db, psql ]
# Webservers # Webservers
- hosts: web1.test.desu.ltd
roles: # NOTE: This whole stanza has been commented out pending resolution of https://github.com/ansible/ansible/issues/71528
- role: apache # Currently, no release packages this fix. I NEED that fix out to work around this bug in 20.04
vars:
apache_remove_default_vhost: yes #- hosts: web1.desu.ltd
apache_packages_state: latest # roles:
apache_mods_enabled: # - role: certbot
- ssl.load # vars:
- proxy.load # certbot_admin_email: rehashedsalt@cock.li
- proxy_http.load # certbot_create_if_missing: yes
- rewrite.load # certbot_create_method: standalone
apache_vhosts: # certbot_create_standalone_stop_services:
- servername: git.test.desu.ltd # - apache2
extra_parameters: | # certbot_certs:
ProxyPreserveHost On # - domains:
ProxyRequests Off # - desu.ltd
ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 # - git.desu.ltd
- servername: nc.test.desu.ltd # - nc.desu.ltd
documentroot: /var/www/html/nextcloud # - web1.desu.ltd
- servername: test.desu.ltd # become: yes
documentroot: /var/www/html/desu.ltd # tags: [ web, certbot ]
become: yes # - role: apache
tags: [ web, apache ] # vars:
- role: php # apache_remove_default_vhost: yes
vars: # apache_packages_state: latest
php_memory_limit: 512M # apache_mods_enabled:
php_packages_extra: # - ssl.load
- libapache2-mod-php # - proxy.load
- php-zip # For Nextcloud # - proxy_http.load
- php-intl # - rewrite.load
- php-imagick # apache_vhosts:
- php-redis # - servername: git.test.desu.ltd
- php-bcmath # extra_parameters: |
- php-gmp # ProxyPreserveHost On
- php-pgsql # For general DB stuff # ProxyRequests Off
# Nextcloud recommended opcache settings # ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
php_opcache_max_accelerated_files: 10000 # - servername: nc.test.desu.ltd
php_opcache_memory_consumption: 128 # documentroot: /var/www/html/nextcloud
php_opcache_revalidate_freq: 2 # - servername: test.desu.ltd
become: yes # documentroot: /var/www/html/desu.ltd
tags: [ web, php ] # become: yes
- role: git # tags: [ web, apache ]
vars: # - role: php
git_repos: # vars:
- repo: https://git.9iron.club/salt/desultd # php_memory_limit: 512M
dest: /var/www/html/desu.ltd # php_packages_extra:
become: yes # - libapache2-mod-php
tags: [ web, git ] # - php-zip # For Nextcloud
- role: nextcloud # - php-intl
vars: # - php-imagick
nextcloud_admin_user: admin # - php-redis
nextcloud_admin_pass: foobar # - php-bcmath
nextcloud_version: 19 # - php-gmp
nextcloud_urls: # - php-pgsql # For general DB stuff
- http://nc.test.desu.ltd:80 # # Nextcloud recommended opcache settings
nextcloud_config: # php_opcache_max_accelerated_files: 10000
system: # php_opcache_memory_consumption: 128
trusted_domains: # php_opcache_revalidate_freq: 2
"{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" # become: yes
nextcloud_database: # tags: [ web, php ]
backend: pgsql # - role: git
name: nextcloud # vars:
user: nextcloud # git_repos:
pass: "{{ secret_nextcloud_db_pass }}" # - repo: https://git.9iron.club/salt/desultd
host: 192.168.122.169 # dest: /var/www/html/desu.ltd
port: 5432 # become: yes
become: yes # tags: [ web, git ]
tags: [ web, nextcloud ] # - role: nextcloud
- role: gitea # vars:
vars: # nextcloud_admin_user: admin
# Look and feel # nextcloud_admin_pass: foobar
gitea_app_name: "Git Desu" # nextcloud_version: 19
# Core config # nextcloud_urls:
gitea_db_type: postgres # - http://nc.test.desu.ltd:80
gitea_db_host: 192.168.122.169:5432 # nextcloud_config:
gitea_db_name: gitea # system:
gitea_db_user: gitea # trusted_domains:
gitea_db_password: "{{ secret_gitea_db_pass }}" # "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
gitea_http_domain: git.test.desu.ltd # nextcloud_database:
gitea_oauth2_enabled: no # backend: pgsql
gitea_root_url: http://git.test.desu.ltd # name: nextcloud
gitea_shell: "/bin/bash" # user: nextcloud
gitea_ssh_domain: git.test.desu.ltd # pass: "{{ secret_nextcloud_db_pass }}"
gitea_ssh_port: 22 # host: 192.168.122.169
gitea_start_ssh: no # port: 5432
gitea_user: git # become: yes
become: yes # tags: [ web, nextcloud ]
tags: [ web, gitea ] # - role: gitea
# vars:
# # Look and feel
# gitea_app_name: "Git Desu"
# # Core config
# gitea_db_type: postgres
# gitea_db_host: 192.168.122.169:5432
# gitea_db_name: gitea
# gitea_db_user: gitea
# gitea_db_password: "{{ secret_gitea_db_pass }}"
# gitea_http_domain: git.test.desu.ltd
# gitea_oauth2_enabled: no
# gitea_root_url: http://git.test.desu.ltd
# gitea_shell: "/bin/bash"
# gitea_ssh_domain: git.test.desu.ltd
# gitea_ssh_port: 22
# gitea_start_ssh: no
# gitea_user: git
# become: yes
# tags: [ web, gitea ]