diff --git a/inventory/hosts.yml b/inventory/hosts.yml index 9a0e095..a2e6665 100644 --- a/inventory/hosts.yml +++ b/inventory/hosts.yml @@ -25,6 +25,7 @@ all: hosts: web1.9iron.club: web1.desu.ltd: + web2.desu.ltd: app: hosts: fedi1.9iron.club: diff --git a/playbooks/db.yml b/playbooks/db.yml index 46fd2c5..d560670 100755 --- a/playbooks/db.yml +++ b/playbooks/db.yml @@ -20,7 +20,7 @@ value: 192.168.164.156 postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - - { type: local, database: all, user: all, auth_method: peer } + - { type: local, database: all, user: all, auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Used for internal access from other nodes @@ -30,11 +30,15 @@ password: "{{ secret_gitea_db_pass }}" - name: nextcloud-desultd password: "{{ secret_nextcloud_db_pass }}" + - name: pleroma-cowfee + password: "{{ secret_pleroma_9iron_db_pass }}" postgresql_databases: - name: gitea-desultd owner: gitea-desultd - name: nextcloud-desultd owner: nextcloud-desultd + - name: pleroma-cowfee + owner: pleroma-cowfee tags: [ db, psql ] - hosts: psql1.9iron.club roles: @@ -51,7 +55,7 @@ vars: postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - - { type: local, database: all, user: all, auth_method: peer } + - { type: local, database: all, user: all, auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 } diff --git a/playbooks/vars/9iron-pleroma-certbot.yml b/playbooks/vars/9iron-pleroma-certbot.yml index efbebcb..67b3c30 100644 --- a/playbooks/vars/9iron-pleroma-certbot.yml +++ b/playbooks/vars/9iron-pleroma-certbot.yml @@ -6,5 +6,4 @@ certbot_create_standalone_stop_services: - apache2 certbot_certs: - domains: - - cowfee.moe - matrix.9iron.club diff --git a/playbooks/vars/desultd-pleroma-apache.yml b/playbooks/vars/desultd-pleroma-apache.yml new file mode 100644 index 0000000..b951ab5 --- /dev/null +++ b/playbooks/vars/desultd-pleroma-apache.yml @@ -0,0 +1,20 @@ +# vim:ft=ansible: +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + Protocols h2 http/1.1 +apache_vhosts: + - servername: cowfee.moe + extra_parameters: | + Redirect permanent / https://cowfee.moe/ +apache_vhosts_ssl: + - servername: cowfee.moe + extra_parameters: | + ProxyPreserveHost On + ProxyRequests Off + ProxyPass / http://127.0.0.1:4000/ nocanon retry=1 + ProxyPassReverse / https://127.0.0.1:4000/ + RequestHeader set X_FORWARDED_PROTO 'https' + RequestHeader set X-Forwarded-Ssl on + certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem + certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem + certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem diff --git a/playbooks/vars/desultd-pleroma-certbot.yml b/playbooks/vars/desultd-pleroma-certbot.yml new file mode 100644 index 0000000..d36e637 --- /dev/null +++ b/playbooks/vars/desultd-pleroma-certbot.yml @@ -0,0 +1,10 @@ +# vim:ft=ansible: +certbot_admin_email: rehashedsalt@cock.li +certbot_create_if_missing: yes +certbot_create_method: standalone +certbot_create_standalone_stop_services: + - apache2 +certbot_certs: + - domains: + - cowfee.moe + - web2.desu.ltd diff --git a/playbooks/vars/9iron-pleroma.yml b/playbooks/vars/desultd-pleroma.yml similarity index 78% rename from playbooks/vars/9iron-pleroma.yml rename to playbooks/vars/desultd-pleroma.yml index 7082212..4aba932 100644 --- a/playbooks/vars/9iron-pleroma.yml +++ b/playbooks/vars/desultd-pleroma.yml @@ -10,7 +10,7 @@ pleroma_secret_key_base: "{{ secret_pleroma_key_base }}" pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}" # DB config -pleroma_db_host: 172.31.47.215 -pleroma_db_name: pleroma -pleroma_db_user: pleroma +pleroma_db_host: 192.168.164.156 +pleroma_db_name: pleroma-cowfee +pleroma_db_user: pleroma-cowfee pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}" diff --git a/playbooks/web.yml b/playbooks/web.yml index 8869aca..ac18e33 100755 --- a/playbooks/web.yml +++ b/playbooks/web.yml @@ -105,20 +105,20 @@ - gitea - php7.4-fpm tags: [ motd ] - - role: certbot - tags: [ web, certbot ] + - role: gitea + tags: [ web, gitea ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - - role: gitea - tags: [ web, gitea ] -- hosts: fedi1.9iron.club + - role: certbot + tags: [ web, certbot ] +- hosts: web2.desu.ltd vars_files: - vars/apache.yml - - vars/9iron-pleroma.yml - - vars/9iron-pleroma-apache.yml - - vars/9iron-pleroma-certbot.yml + - vars/desultd-pleroma.yml + - vars/desultd-pleroma-apache.yml + - vars/desultd-pleroma-certbot.yml roles: - role: backup vars: @@ -133,10 +133,33 @@ - apache2 - pleroma tags: [ motd ] - - role: certbot - tags: [ web, certbot ] + - role: pleroma + tags: [ web, pleroma ] - role: apache tags: [ web, apache ] + - role: certbot + tags: [ web, certbot ] +- hosts: fedi1.9iron.club + vars_files: + - vars/apache.yml + - vars/9iron-pleroma-apache.yml + - vars/9iron-pleroma-certbot.yml + roles: + - role: backup + vars: + backup_s3backup_list_extra: + - /var/lib/matrix-synapse + tags: [ backup ] + - role: motd + vars: + motd_watch_services_extra: + - apache2 + - pleroma + tags: [ motd ] + - role: apache + tags: [ web, apache ] + - role: certbot + tags: [ web, certbot ] - hosts: game1.thefuck.how vars_files: - vars/apache.yml diff --git a/roles/pleroma b/roles/pleroma index 628f561..0ecda31 160000 --- a/roles/pleroma +++ b/roles/pleroma @@ -1 +1 @@ -Subproject commit 628f5611e47befa5903c37331beb06089253014a +Subproject commit 0ecda314bf1fdad22fbdd5cdc2e13f6bd76e36a1