Compare commits
3 Commits
23fac2d48e
...
d22ee2e0f0
Author | SHA1 | Date | |
---|---|---|---|
d22ee2e0f0 | |||
62db0e9ce8 | |||
6ead681d5c |
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -4,3 +4,6 @@
|
|||||||
[submodule "roles/terraria"]
|
[submodule "roles/terraria"]
|
||||||
path = roles/terraria
|
path = roles/terraria
|
||||||
url = https://git.desu.ltd/salt/ansible-role-terraria
|
url = https://git.desu.ltd/salt/ansible-role-terraria
|
||||||
|
[submodule "roles/pleroma"]
|
||||||
|
path = roles/pleroma
|
||||||
|
url = https://git.desu.ltd/salt/ansible-role-pleroma
|
||||||
|
@ -6,12 +6,8 @@ Useful for management across all of 9iron, thefuck, and desu.
|
|||||||
|
|
||||||
This branch is kinda-sorta a port of master, so it still needs to reach some form of feature parity with it. Namely:
|
This branch is kinda-sorta a port of master, so it still needs to reach some form of feature parity with it. Namely:
|
||||||
|
|
||||||
* Pleroma (Well shit, now that @p's acknowledged me and @sjw's following me, I can't really put it down, can I?)
|
|
||||||
|
|
||||||
* Matrix(? Do I still want to keep this around? Is there a better alternative? Will my friends even use it?)
|
* Matrix(? Do I still want to keep this around? Is there a better alternative? Will my friends even use it?)
|
||||||
|
|
||||||
* Port over fedi1 (Requires resolution of the above two issues)
|
|
||||||
|
|
||||||
* Port over configs for Nextcloud on web1.9iron.club
|
* Port over configs for Nextcloud on web1.9iron.club
|
||||||
|
|
||||||
## Initialization
|
## Initialization
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# For homebrew roles and such, mostly Ansible-related setup
|
# For homebrew roles and such, mostly Ansible-related setup
|
||||||
ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
|
ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
|
||||||
ansible_pull_commit: rewrite
|
ansible_pull_commit: master
|
||||||
common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
|
common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
|
||||||
|
|
||||||
# For backups
|
# For backups
|
||||||
@ -130,6 +130,23 @@ secret_pleroma_9iron_db_pass: !vault |
|
|||||||
37636162313364623933396232366239633338363539626637373163333130373665373038363566
|
37636162313364623933396232366239633338363539626637373163333130373665373038363566
|
||||||
65646633636638653335356536323334646632366164633532636634376632356166306139393766
|
65646633636638653335356536323334646632366164633532636634376632356166306139393766
|
||||||
38633934623639366263
|
38633934623639366263
|
||||||
|
secret_pleroma_key_base: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
36333934336635613533333137636532363937613764353933636566663031316262333837323064
|
||||||
|
6534653062626461633462636335346132353564653038330a326330326235623530393337333063
|
||||||
|
37666666386637633839633737376465366439356461653363396665636137353264363762346461
|
||||||
|
3765616634653234630a623061393834373964653939626564363263383435666366356339663136
|
||||||
|
64613330656434653538363734393831353133316666326338366335383064356165333537383837
|
||||||
|
31633939353565303661626233623064653838636435376239376361663362636164653962383561
|
||||||
|
33366335623038653232613731333730363836653532363834663663343963303763323534343038
|
||||||
|
61666238346239636634
|
||||||
|
secret_pleroma_signing_salt: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31306137646362333433313630363538333234643339353530333038393061663132633161356231
|
||||||
|
3662386234633933633762363334333031306564353132380a633339323364633137396636616363
|
||||||
|
64393536353362386336323662316262333763326138616364333237353262323232636335353436
|
||||||
|
3563396435643363620a646337346561393863366361643536356363626334343264343861663131
|
||||||
|
3466
|
||||||
|
|
||||||
# For Matrix/Synapse
|
# For Matrix/Synapse
|
||||||
secret_matrix_9iron_db_pass: !vault |
|
secret_matrix_9iron_db_pass: !vault |
|
||||||
|
@ -25,6 +25,9 @@ all:
|
|||||||
hosts:
|
hosts:
|
||||||
web1.9iron.club:
|
web1.9iron.club:
|
||||||
web1.desu.ltd:
|
web1.desu.ltd:
|
||||||
|
app:
|
||||||
|
hosts:
|
||||||
|
fedi1.9iron.club:
|
||||||
game:
|
game:
|
||||||
hosts:
|
hosts:
|
||||||
game1.thefuck.how:
|
game1.thefuck.how:
|
||||||
|
20
playbooks/vars/9iron-pleroma-apache.yml
Normal file
20
playbooks/vars/9iron-pleroma-apache.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
apache_global_vhost_settings: |
|
||||||
|
DirectoryIndex index.php index.html
|
||||||
|
Protocols h2 http/1.1
|
||||||
|
apache_vhosts:
|
||||||
|
- servername: cowfee.moe
|
||||||
|
extra_parameters: |
|
||||||
|
Redirect permanent / https://cowfee.moe/
|
||||||
|
apache_vhosts_ssl:
|
||||||
|
- servername: cowfee.moe
|
||||||
|
extra_parameters: |
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests Off
|
||||||
|
ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
|
||||||
|
ProxyPassReverse / https://127.0.0.1:4000/
|
||||||
|
RequestHeader set X_FORWARDED_PROTO 'https'
|
||||||
|
RequestHeader set X-Forwarded-Ssl on
|
||||||
|
certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
|
||||||
|
certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
|
||||||
|
certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem
|
10
playbooks/vars/9iron-pleroma-certbot.yml
Normal file
10
playbooks/vars/9iron-pleroma-certbot.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
certbot_admin_email: rehashedsalt@cock.li
|
||||||
|
certbot_create_if_missing: yes
|
||||||
|
certbot_create_method: standalone
|
||||||
|
certbot_create_standalone_stop_services:
|
||||||
|
- apache2
|
||||||
|
certbot_certs:
|
||||||
|
- domains:
|
||||||
|
- cowfee.moe
|
||||||
|
- matrix.9iron.club
|
16
playbooks/vars/9iron-pleroma.yml
Normal file
16
playbooks/vars/9iron-pleroma.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
# Site config
|
||||||
|
pleroma_hostname: cowfee.moe
|
||||||
|
pleroma_open_registration: "true"
|
||||||
|
pleroma_instance_name: Cowfee
|
||||||
|
pleroma_instance_desc: owo
|
||||||
|
|
||||||
|
# Secret config
|
||||||
|
pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
|
||||||
|
pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
|
||||||
|
|
||||||
|
# DB config
|
||||||
|
pleroma_db_host: 172.31.47.215
|
||||||
|
pleroma_db_name: pleroma
|
||||||
|
pleroma_db_user: pleroma
|
||||||
|
pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"
|
@ -113,7 +113,33 @@
|
|||||||
tags: [ web, apache ]
|
tags: [ web, apache ]
|
||||||
- role: gitea
|
- role: gitea
|
||||||
tags: [ web, gitea ]
|
tags: [ web, gitea ]
|
||||||
|
- hosts: fedi1.9iron.club
|
||||||
|
vars_files:
|
||||||
|
- vars/apache.yml
|
||||||
|
- vars/9iron-pleroma.yml
|
||||||
|
- vars/9iron-pleroma-apache.yml
|
||||||
|
- vars/9iron-pleroma-certbot.yml
|
||||||
|
roles:
|
||||||
|
- role: backup
|
||||||
|
vars:
|
||||||
|
backup_s3backup_list_extra:
|
||||||
|
- /opt/pleroma
|
||||||
|
- /var/lib/pleroma
|
||||||
|
tags: [ backup ]
|
||||||
|
- role: motd
|
||||||
|
vars:
|
||||||
|
motd_watch_services_extra:
|
||||||
|
- apache2
|
||||||
|
- pleroma
|
||||||
|
tags: [ motd ]
|
||||||
|
- role: certbot
|
||||||
|
tags: [ web, certbot ]
|
||||||
|
- role: apache
|
||||||
|
tags: [ web, apache ]
|
||||||
- hosts: game1.thefuck.how
|
- hosts: game1.thefuck.how
|
||||||
|
vars_files:
|
||||||
|
- vars/apache.yml
|
||||||
|
- vars/php-fpm.yml
|
||||||
roles:
|
roles:
|
||||||
- role: certbot
|
- role: certbot
|
||||||
vars:
|
vars:
|
||||||
@ -128,39 +154,9 @@
|
|||||||
- game1.thefuck.how
|
- game1.thefuck.how
|
||||||
tags: [ web, certbot ]
|
tags: [ web, certbot ]
|
||||||
- role: php
|
- role: php
|
||||||
vars:
|
|
||||||
php_enable_php_fpm: yes
|
|
||||||
php_memory_limit: 512M
|
|
||||||
php_packages_extra:
|
|
||||||
- libapache2-mod-php
|
|
||||||
- php-intl
|
|
||||||
- php-imagick
|
|
||||||
- php-redis
|
|
||||||
- php-bcmath
|
|
||||||
- php-gmp
|
|
||||||
tags: [ web, php ]
|
tags: [ web, php ]
|
||||||
- role: apache
|
- role: apache
|
||||||
vars:
|
vars:
|
||||||
apache_remove_default_vhost: yes
|
|
||||||
apache_packages_state: latest
|
|
||||||
apache_mods_enabled:
|
|
||||||
- headers.load
|
|
||||||
- http2.load
|
|
||||||
- mpm_worker.load
|
|
||||||
- proxy.load
|
|
||||||
- proxy_fcgi.load
|
|
||||||
- proxy_http.load
|
|
||||||
- rewrite.load
|
|
||||||
- ssl.load
|
|
||||||
apache_mods_disabled:
|
|
||||||
- mpm_prefork.load
|
|
||||||
- php7.4.load
|
|
||||||
apache_global_vhost_settings: |
|
|
||||||
DirectoryIndex index.php index.html
|
|
||||||
Protocols h2 http/1.1
|
|
||||||
<FilesMatch \.php$>
|
|
||||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
|
||||||
</FilesMatch>
|
|
||||||
apache_vhosts:
|
apache_vhosts:
|
||||||
- servername: thefuck.how
|
- servername: thefuck.how
|
||||||
extra_parameters: |
|
extra_parameters: |
|
||||||
|
1
roles/pleroma
Submodule
1
roles/pleroma
Submodule
@ -0,0 +1 @@
|
|||||||
|
Subproject commit 628f5611e47befa5903c37331beb06089253014a
|
Loading…
Reference in New Issue
Block a user