Move Pleroma to a desu.ltd box

WEW
2021-01-26 04:25:27 -06:00 · 2021-01-26 04:25:27 -06:00 · b1c641c9f7
commit b1c641c9f7
parent 1a699726b1
8 changed files with 74 additions and 17 deletions
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -25,6 +25,7 @@ all:
          hosts:
            web1.9iron.club:
            web1.desu.ltd:
+            web2.desu.ltd:
        app:
          hosts:
            fedi1.9iron.club:
--- a/playbooks/db.yml
+++ b/playbooks/db.yml
@ -20,7 +20,7 @@
            value: 192.168.164.156
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: peer }
+          - { type: local, database: all, user: all, auth_method: md5 }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
            # Used for internal access from other nodes
@ -30,11 +30,15 @@
            password: "{{ secret_gitea_db_pass }}"
          - name: nextcloud-desultd
            password: "{{ secret_nextcloud_db_pass }}"
+          - name: pleroma-cowfee
+            password: "{{ secret_pleroma_9iron_db_pass }}"
        postgresql_databases:
          - name: gitea-desultd
            owner: gitea-desultd
          - name: nextcloud-desultd
            owner: nextcloud-desultd
+          - name: pleroma-cowfee
+            owner: pleroma-cowfee
      tags: [ db, psql ]
 - hosts: psql1.9iron.club
  roles:
@ -51,7 +55,7 @@
      vars:
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: peer }
+          - { type: local, database: all, user: all, auth_method: md5 }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
          - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 }
--- a/playbooks/vars/9iron-pleroma-certbot.yml
+++ b/playbooks/vars/9iron-pleroma-certbot.yml
@ -6,5 +6,4 @@ certbot_create_standalone_stop_services:
  - apache2
 certbot_certs:
  - domains:
-    - cowfee.moe
    - matrix.9iron.club
--- a/playbooks/vars/desultd-pleroma-apache.yml
+++ b/playbooks/vars/desultd-pleroma-apache.yml
@ -0,0 +1,20 @@
+# vim:ft=ansible:
+apache_global_vhost_settings: |
+  DirectoryIndex index.php index.html
+  Protocols h2 http/1.1
+apache_vhosts:
+  - servername: cowfee.moe
+    extra_parameters: |
+      Redirect permanent / https://cowfee.moe/
+apache_vhosts_ssl:
+  - servername: cowfee.moe
+    extra_parameters: |
+      ProxyPreserveHost On
+      ProxyRequests Off
+      ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
+      ProxyPassReverse / https://127.0.0.1:4000/
+      RequestHeader set X_FORWARDED_PROTO 'https'
+      RequestHeader set X-Forwarded-Ssl on
+    certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
+    certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
+    certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem
--- a/playbooks/vars/desultd-pleroma-certbot.yml
+++ b/playbooks/vars/desultd-pleroma-certbot.yml
@ -0,0 +1,10 @@
+# vim:ft=ansible:
+certbot_admin_email: rehashedsalt@cock.li
+certbot_create_if_missing: yes
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+  - apache2
+certbot_certs:
+  - domains:
+    - cowfee.moe
+    - web2.desu.ltd
--- a/playbooks/vars/desultd-pleroma.yml
+++ b/playbooks/vars/desultd-pleroma.yml
@ -10,7 +10,7 @@ pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
 pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"

 # DB config
-pleroma_db_host: 172.31.47.215
-pleroma_db_name: pleroma
-pleroma_db_user: pleroma
+pleroma_db_host: 192.168.164.156
+pleroma_db_name: pleroma-cowfee
+pleroma_db_user: pleroma-cowfee
 pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@ -105,20 +105,20 @@
          - gitea
          - php7.4-fpm
      tags: [ motd ]
-    - role: certbot
-      tags: [ web, certbot ]
+    - role: gitea
+      tags: [ web, gitea ]
    - role: php
      tags: [ web, php ]
    - role: apache
      tags: [ web, apache ]
-    - role: gitea
-      tags: [ web, gitea ]
- hosts: fedi1.9iron.club
+    - role: certbot
+      tags: [ web, certbot ]
+- hosts: web2.desu.ltd
  vars_files:
    - vars/apache.yml
-    - vars/9iron-pleroma.yml
-    - vars/9iron-pleroma-apache.yml
-    - vars/9iron-pleroma-certbot.yml
+    - vars/desultd-pleroma.yml
+    - vars/desultd-pleroma-apache.yml
+    - vars/desultd-pleroma-certbot.yml
  roles:
    - role: backup
      vars:
@ -133,10 +133,33 @@
          - apache2
          - pleroma
      tags: [ motd ]
-    - role: certbot
-      tags: [ web, certbot ]
+    - role: pleroma
+      tags: [ web, pleroma ]
    - role: apache
      tags: [ web, apache ]
+    - role: certbot
+      tags: [ web, certbot ]
+- hosts: fedi1.9iron.club
+  vars_files:
+    - vars/apache.yml
+    - vars/9iron-pleroma-apache.yml
+    - vars/9iron-pleroma-certbot.yml
+  roles:
+    - role: backup
+      vars:
+        backup_s3backup_list_extra:
+          - /var/lib/matrix-synapse
+      tags: [ backup ]
+    - role: motd
+      vars:
+        motd_watch_services_extra:
+          - apache2
+          - pleroma
+      tags: [ motd ]
+    - role: apache
+      tags: [ web, apache ]
+    - role: certbot
+      tags: [ web, certbot ]
 - hosts: game1.thefuck.how
  vars_files:
    - vars/apache.yml
--- a/roles/pleroma
+++ b/roles/pleroma
@ -1 +1 @@
-Subproject commit 628f5611e47befa5903c37331beb06089253014a
+Subproject commit 0ecda314bf1fdad22fbdd5cdc2e13f6bd76e36a1