diff --git a/playbooks/vars/apache.yml b/playbooks/vars/apache.yml
new file mode 100755
index 0000000..841cf14
--- /dev/null
+++ b/playbooks/vars/apache.yml
@@ -0,0 +1,21 @@
+# vim:ft=ansible:
+apache_remove_default_vhost: yes
+apache_packages_state: latest
+apache_mods_enabled:
+ - headers.load
+ - http2.load
+ - mpm_worker.load
+ - proxy.load
+ - proxy_fcgi.load
+ - proxy_http.load
+ - rewrite.load
+ - ssl.load
+apache_mods_disabled:
+ - mpm_prefork.load
+ - php7.4.load
+apache_global_vhost_settings: |
+ DirectoryIndex index.php index.html
+ Protocols h2 http/1.1
+
+ SetHandler "proxy:fcgi://127.0.0.1:9000"
+
diff --git a/playbooks/vars/desultd-apache.yml b/playbooks/vars/desultd-apache.yml
new file mode 100755
index 0000000..b7d110d
--- /dev/null
+++ b/playbooks/vars/desultd-apache.yml
@@ -0,0 +1,71 @@
+# vim:ft=ansible:
+apache_global_vhost_settings: |
+ DirectoryIndex index.php index.html
+ Protocols h2 http/1.1
+
+ SetHandler "proxy:fcgi://127.0.0.1:9000"
+
+apache_vhosts:
+ # desu.ltd
+ - servername: desu.ltd
+ extra_parameters: |
+ Redirect permanent / https://desu.ltd/
+ - servername: git.desu.ltd
+ extra_parameters: |
+ Redirect permanent / https://git.desu.ltd/
+ - servername: nc.desu.ltd
+ extra_parameters: |
+ Redirect permanent / https://nc.desu.ltd/
+ # 9iron.club
+ - servername: 9iron.club
+ extra_parameters: |
+ Redirect permanent / https://www.9iron.club/
+ - servername: www.9iron.club
+ extra_parameters: |
+ Redirect permanent / https://www.9iron.club/
+apache_vhosts_ssl:
+ # desu.ltd
+ - servername: desu.ltd
+ documentroot: /var/www/desu.ltd
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ - servername: git.desu.ltd
+ extra_parameters: |
+ ProxyPreserveHost On
+ ProxyRequests Off
+ ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ - servername: nc.desu.ltd
+ extra_parameters: |
+ Header always set Strict-Transport-Security "max-age=31536000"
+ documentroot: /var/www/nc.desu.ltd
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ # 9iron.club
+ - servername: 9iron.club
+ extra_parameters: |
+ Redirect permanent / https://www.9iron.club/
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ - servername: www.9iron.club
+ documentroot: /var/www/www.9iron.club
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ # otwstudios.org
+ - servername: otwstudios.org
+ extra_parameters: |
+ Redirect permanent / https://www.otwstudios.org/
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ - servername: www.otwstudios.org
+ documentroot: /var/www/www.otwstudios.org
+ certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
diff --git a/playbooks/vars/desultd-certbot.yml b/playbooks/vars/desultd-certbot.yml
new file mode 100755
index 0000000..be6daa1
--- /dev/null
+++ b/playbooks/vars/desultd-certbot.yml
@@ -0,0 +1,15 @@
+# vim:ft=ansible:
+certbot_admin_email: rehashedsalt@cock.li
+certbot_create_if_missing: yes
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+ - apache2
+certbot_certs:
+ - domains:
+ - desu.ltd
+ - git.desu.ltd
+ - nc.desu.ltd
+ - web1.desu.ltd
+ - 9iron.club
+ - www.9iron.club
+ - otwstudios.org
diff --git a/playbooks/vars/desultd-nextcloud.yml b/playbooks/vars/desultd-nextcloud.yml
new file mode 100755
index 0000000..d303324
--- /dev/null
+++ b/playbooks/vars/desultd-nextcloud.yml
@@ -0,0 +1,20 @@
+# vim:ft=ansible:
+nextcloud_installation_dir: /var/www/nc.desu.ltd
+nextcloud_data_dir: /srv/desu.ltd/nc
+nextcloud_admin_user: admin
+nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}"
+nextcloud_version: 19
+nextcloud_urls:
+ - http://nc.desu.ltd:80
+ - https://nc.desu.ltd:443
+nextcloud_config:
+ system:
+ trusted_domains:
+ "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
+nextcloud_database:
+ backend: pgsql
+ name: nextcloud-desultd
+ user: nextcloud-desultd
+ pass: "{{ secret_nextcloud_db_pass }}"
+ host: 192.168.164.156
+ port: 5432
diff --git a/playbooks/vars/php-fpm.yml b/playbooks/vars/php-fpm.yml
new file mode 100755
index 0000000..8f6c140
--- /dev/null
+++ b/playbooks/vars/php-fpm.yml
@@ -0,0 +1,18 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+# Defaults for a simple php-fpm setup
+php_enable_php_fpm: yes
+php_memory_limit: 512M
+php_packages_extra:
+ - libapache2-mod-php
+ - php-zip # For Nextcloud
+ - php-intl
+ - php-imagick
+ - php-redis
+ - php-bcmath
+ - php-gmp
+ - php-pgsql # For general DB stuff
+# Nextcloud recommended opcache settings
+php_opcache_max_accelerated_files: 10000
+php_opcache_memory_consumption: 128
+php_opcache_revalidate_freq: 2
diff --git a/playbooks/web.yml b/playbooks/web.yml
index 794a49f..803bd64 100755
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@@ -8,6 +8,12 @@
cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php"
become: yes
tags: [ nextcloud, cron ]
+ vars_files:
+ - vars/apache.yml
+ - vars/php-fpm.yml
+ - vars/desultd-apache.yml
+ - vars/desultd-certbot.yml
+ - vars/desultd-nextcloud.yml
roles:
- role: backup
vars:
@@ -28,6 +34,53 @@
- gitea
- php7.4-fpm
tags: [ motd ]
+ - role: certbot
+ become: yes
+ tags: [ web, certbot ]
+ - role: php
+ become: yes
+ tags: [ web, php ]
+ - role: apache
+ become: yes
+ tags: [ web, apache ]
+ - role: git
+ vars:
+ git_repos:
+ - repo: https://git.desu.ltd/salt/desultd
+ dest: /var/www/desu.ltd
+ - repo: https://git.desu.ltd/salt/9iron
+ dest: /var/www/www.9iron.club
+ - repo: https://git.desu.ltd/salt/gitea-custom
+ dest: /usr/local/bin/custom
+ become: yes
+ tags: [ web, git ]
+ - role: nextcloud
+ become: yes
+ tags: [ web, nextcloud ]
+ - role: gitea
+ vars:
+ # Look and feel
+ gitea_app_name: "Git Desu"
+ # Core config
+ gitea_db_type: postgres
+ gitea_db_host: 192.168.164.156:5432
+ gitea_db_name: gitea-desultd
+ gitea_db_user: gitea-desultd
+ gitea_db_password: "{{ secret_gitea_db_pass }}"
+ gitea_http_domain: git.desu.ltd
+ gitea_oauth2_enabled: no
+ gitea_repository_root: /srv/desu.ltd/git
+ gitea_require_signin: no
+ gitea_root_url: https://git.desu.ltd
+ gitea_shell: "/bin/bash"
+ gitea_ssh_domain: git.desu.ltd
+ gitea_ssh_port: 22
+ gitea_start_ssh: no
+ gitea_user: git
+ become: yes
+ tags: [ web, gitea ]
+- hosts: game1.thefuck.how
+ roles:
- role: certbot
vars:
certbot_admin_email: rehashedsalt@cock.li
@@ -37,13 +90,8 @@
- apache2
certbot_certs:
- domains:
- - desu.ltd
- - git.desu.ltd
- - nc.desu.ltd
- - web1.desu.ltd
- - 9iron.club
- - www.9iron.club
- - otwstudios.org
+ - thefuck.how
+ - game1.thefuck.how
become: yes
tags: [ web, certbot ]
- role: php
@@ -52,17 +100,11 @@
php_memory_limit: 512M
php_packages_extra:
- libapache2-mod-php
- - php-zip # For Nextcloud
- php-intl
- php-imagick
- php-redis
- php-bcmath
- php-gmp
- - php-pgsql # For general DB stuff
- # Nextcloud recommended opcache settings
- php_opcache_max_accelerated_files: 10000
- php_opcache_memory_consumption: 128
- php_opcache_revalidate_freq: 2
become: yes
tags: [ web, php ]
- role: apache
@@ -88,124 +130,30 @@
SetHandler "proxy:fcgi://127.0.0.1:9000"
apache_vhosts:
- # desu.ltd
- - servername: desu.ltd
+ - servername: thefuck.how
extra_parameters: |
- Redirect permanent / https://desu.ltd/
- - servername: git.desu.ltd
+ Redirect permanent / https://thefuck.how/
+ - servername: game1.thefuck.how
extra_parameters: |
- Redirect permanent / https://git.desu.ltd/
- - servername: nc.desu.ltd
- extra_parameters: |
- Redirect permanent / https://nc.desu.ltd/
- # 9iron.club
- - servername: 9iron.club
- extra_parameters: |
- Redirect permanent / https://www.9iron.club/
- - servername: www.9iron.club
- extra_parameters: |
- Redirect permanent / https://www.9iron.club/
+ Redirect permanent / https://thefuck.how/
apache_vhosts_ssl:
- # desu.ltd
- - servername: desu.ltd
- documentroot: /var/www/desu.ltd
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- - servername: git.desu.ltd
+ - servername: thefuck.how
+ documentroot: /var/www/thefuck.how
+ certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem
+ - servername: game1.thefuck.how
extra_parameters: |
- ProxyPreserveHost On
- ProxyRequests Off
- ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- - servername: nc.desu.ltd
- extra_parameters: |
- Header always set Strict-Transport-Security "max-age=31536000"
- documentroot: /var/www/nc.desu.ltd
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- # 9iron.club
- - servername: 9iron.club
- extra_parameters: |
- Redirect permanent / https://www.9iron.club/
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- - servername: www.9iron.club
- documentroot: /var/www/www.9iron.club
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- # otwstudios.org
- - servername: otwstudios.org
- extra_parameters: |
- Redirect permanent / https://www.otwstudios.org/
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
- - servername: www.otwstudios.org
- documentroot: /var/www/www.otwstudios.org
- certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem
- certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem
- certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem
+ Redirect permanent / https://thefuck.how/
+ certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem
+ certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem
+ certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem
become: yes
tags: [ web, apache ]
- role: git
vars:
git_repos:
- - repo: https://git.desu.ltd/salt/desultd
- dest: /var/www/desu.ltd
- - repo: https://git.desu.ltd/salt/9iron
- dest: /var/www/www.9iron.club
- - repo: https://git.desu.ltd/salt/gitea-custom
- dest: /usr/local/bin/custom
+ - repo: https://git.desu.ltd/salt/thefuckhow
+ dest: /var/www/thefuck.how
become: yes
tags: [ web, git ]
- - role: nextcloud
- vars:
- nextcloud_installation_dir: /var/www/nc.desu.ltd
- nextcloud_data_dir: /srv/desu.ltd/nc
- nextcloud_admin_user: admin
- nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}"
- nextcloud_version: 19
- nextcloud_urls:
- - http://nc.desu.ltd:80
- - https://nc.desu.ltd:443
- nextcloud_config:
- system:
- trusted_domains:
- "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
- nextcloud_database:
- backend: pgsql
- name: nextcloud-desultd
- user: nextcloud-desultd
- pass: "{{ secret_nextcloud_db_pass }}"
- host: 192.168.164.156
- port: 5432
- become: yes
- tags: [ web, nextcloud ]
- - role: gitea
- vars:
- # Look and feel
- gitea_app_name: "Git Desu"
- # Core config
- gitea_db_type: postgres
- gitea_db_host: 192.168.164.156:5432
- gitea_db_name: gitea-desultd
- gitea_db_user: gitea-desultd
- gitea_db_password: "{{ secret_gitea_db_pass }}"
- gitea_http_domain: git.desu.ltd
- gitea_oauth2_enabled: no
- gitea_repository_root: /srv/desu.ltd/git
- gitea_require_signin: no
- gitea_root_url: https://git.desu.ltd
- gitea_shell: "/bin/bash"
- gitea_ssh_domain: git.desu.ltd
- gitea_ssh_port: 22
- gitea_start_ssh: no
- gitea_user: git
- become: yes
- tags: [ web, gitea ]