Move Pleroma to a desu.ltd box

WEW
This commit is contained in:
Salt 2021-01-26 04:25:27 -06:00
parent 1a699726b1
commit b1c641c9f7
8 changed files with 74 additions and 17 deletions

View File

@ -25,6 +25,7 @@ all:
hosts: hosts:
web1.9iron.club: web1.9iron.club:
web1.desu.ltd: web1.desu.ltd:
web2.desu.ltd:
app: app:
hosts: hosts:
fedi1.9iron.club: fedi1.9iron.club:

View File

@ -20,7 +20,7 @@
value: 192.168.164.156 value: 192.168.164.156
postgresql_hba_entries: postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer } - { type: local, database: all, user: all, auth_method: md5 }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
# Used for internal access from other nodes # Used for internal access from other nodes
@ -30,11 +30,15 @@
password: "{{ secret_gitea_db_pass }}" password: "{{ secret_gitea_db_pass }}"
- name: nextcloud-desultd - name: nextcloud-desultd
password: "{{ secret_nextcloud_db_pass }}" password: "{{ secret_nextcloud_db_pass }}"
- name: pleroma-cowfee
password: "{{ secret_pleroma_9iron_db_pass }}"
postgresql_databases: postgresql_databases:
- name: gitea-desultd - name: gitea-desultd
owner: gitea-desultd owner: gitea-desultd
- name: nextcloud-desultd - name: nextcloud-desultd
owner: nextcloud-desultd owner: nextcloud-desultd
- name: pleroma-cowfee
owner: pleroma-cowfee
tags: [ db, psql ] tags: [ db, psql ]
- hosts: psql1.9iron.club - hosts: psql1.9iron.club
roles: roles:
@ -51,7 +55,7 @@
vars: vars:
postgresql_hba_entries: postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer } - { type: local, database: all, user: all, auth_method: md5 }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
- { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 } - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 }

View File

@ -6,5 +6,4 @@ certbot_create_standalone_stop_services:
- apache2 - apache2
certbot_certs: certbot_certs:
- domains: - domains:
- cowfee.moe
- matrix.9iron.club - matrix.9iron.club

View File

@ -0,0 +1,20 @@
# vim:ft=ansible:
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
Protocols h2 http/1.1
apache_vhosts:
- servername: cowfee.moe
extra_parameters: |
Redirect permanent / https://cowfee.moe/
apache_vhosts_ssl:
- servername: cowfee.moe
extra_parameters: |
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
ProxyPassReverse / https://127.0.0.1:4000/
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem

View File

@ -0,0 +1,10 @@
# vim:ft=ansible:
certbot_admin_email: rehashedsalt@cock.li
certbot_create_if_missing: yes
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- apache2
certbot_certs:
- domains:
- cowfee.moe
- web2.desu.ltd

View File

@ -10,7 +10,7 @@ pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}" pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
# DB config # DB config
pleroma_db_host: 172.31.47.215 pleroma_db_host: 192.168.164.156
pleroma_db_name: pleroma pleroma_db_name: pleroma-cowfee
pleroma_db_user: pleroma pleroma_db_user: pleroma-cowfee
pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}" pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"

View File

@ -105,20 +105,20 @@
- gitea - gitea
- php7.4-fpm - php7.4-fpm
tags: [ motd ] tags: [ motd ]
- role: certbot - role: gitea
tags: [ web, certbot ] tags: [ web, gitea ]
- role: php - role: php
tags: [ web, php ] tags: [ web, php ]
- role: apache - role: apache
tags: [ web, apache ] tags: [ web, apache ]
- role: gitea - role: certbot
tags: [ web, gitea ] tags: [ web, certbot ]
- hosts: fedi1.9iron.club - hosts: web2.desu.ltd
vars_files: vars_files:
- vars/apache.yml - vars/apache.yml
- vars/9iron-pleroma.yml - vars/desultd-pleroma.yml
- vars/9iron-pleroma-apache.yml - vars/desultd-pleroma-apache.yml
- vars/9iron-pleroma-certbot.yml - vars/desultd-pleroma-certbot.yml
roles: roles:
- role: backup - role: backup
vars: vars:
@ -133,10 +133,33 @@
- apache2 - apache2
- pleroma - pleroma
tags: [ motd ] tags: [ motd ]
- role: certbot - role: pleroma
tags: [ web, certbot ] tags: [ web, pleroma ]
- role: apache - role: apache
tags: [ web, apache ] tags: [ web, apache ]
- role: certbot
tags: [ web, certbot ]
- hosts: fedi1.9iron.club
vars_files:
- vars/apache.yml
- vars/9iron-pleroma-apache.yml
- vars/9iron-pleroma-certbot.yml
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /var/lib/matrix-synapse
tags: [ backup ]
- role: motd
vars:
motd_watch_services_extra:
- apache2
- pleroma
tags: [ motd ]
- role: apache
tags: [ web, apache ]
- role: certbot
tags: [ web, certbot ]
- hosts: game1.thefuck.how - hosts: game1.thefuck.how
vars_files: vars_files:
- vars/apache.yml - vars/apache.yml

@ -1 +1 @@
Subproject commit 628f5611e47befa5903c37331beb06089253014a Subproject commit 0ecda314bf1fdad22fbdd5cdc2e13f6bd76e36a1