Alright boys, time to use master from here on out

Update README
Move fedi1 over, add Pleroma role
2021-01-25 22:20:30 -06:00 · 2021-01-25 22:19:49 -06:00 · 2021-01-25 22:19:31 -06:00
9 changed files with 97 additions and 35 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -4,3 +4,6 @@
 [submodule "roles/terraria"]
 	path = roles/terraria
 	url = https://git.desu.ltd/salt/ansible-role-terraria
+[submodule "roles/pleroma"]
+	path = roles/pleroma
+	url = https://git.desu.ltd/salt/ansible-role-pleroma
--- a/README.md
+++ b/README.md
@ -6,12 +6,8 @@ Useful for management across all of 9iron, thefuck, and desu.

 This branch is kinda-sorta a port of master, so it still needs to reach some form of feature parity with it. Namely:

-* Pleroma (Well shit, now that @p's acknowledged me and @sjw's following me, I can't really put it down, can I?)
-
 * Matrix(? Do I still want to keep this around? Is there a better alternative? Will my friends even use it?)

-* Port over fedi1 (Requires resolution of the above two issues)
-
 * Port over configs for Nextcloud on web1.9iron.club

 ## Initialization
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -2,7 +2,7 @@

 # For homebrew roles and such, mostly Ansible-related setup
 ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
-ansible_pull_commit: rewrite
+ansible_pull_commit: master
 common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"

 # For backups
@ -130,6 +130,23 @@ secret_pleroma_9iron_db_pass: !vault |
          37636162313364623933396232366239633338363539626637373163333130373665373038363566
          65646633636638653335356536323334646632366164633532636634376632356166306139393766
          38633934623639366263
+secret_pleroma_key_base: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36333934336635613533333137636532363937613764353933636566663031316262333837323064
+          6534653062626461633462636335346132353564653038330a326330326235623530393337333063
+          37666666386637633839633737376465366439356461653363396665636137353264363762346461
+          3765616634653234630a623061393834373964653939626564363263383435666366356339663136
+          64613330656434653538363734393831353133316666326338366335383064356165333537383837
+          31633939353565303661626233623064653838636435376239376361663362636164653962383561
+          33366335623038653232613731333730363836653532363834663663343963303763323534343038
+          61666238346239636634
+secret_pleroma_signing_salt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31306137646362333433313630363538333234643339353530333038393061663132633161356231
+          3662386234633933633762363334333031306564353132380a633339323364633137396636616363
+          64393536353362386336323662316262333763326138616364333237353262323232636335353436
+          3563396435643363620a646337346561393863366361643536356363626334343264343861663131
+          3466

 # For Matrix/Synapse
 secret_matrix_9iron_db_pass: !vault |
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -25,6 +25,9 @@ all:
          hosts:
            web1.9iron.club:
            web1.desu.ltd:
+        app:
+          hosts:
+            fedi1.9iron.club:
        game:
          hosts:
            game1.thefuck.how:
--- a/playbooks/vars/9iron-pleroma-apache.yml
+++ b/playbooks/vars/9iron-pleroma-apache.yml
@ -0,0 +1,20 @@
+# vim:ft=ansible:
+apache_global_vhost_settings: |
+  DirectoryIndex index.php index.html
+  Protocols h2 http/1.1
+apache_vhosts:
+  - servername: cowfee.moe
+    extra_parameters: |
+      Redirect permanent / https://cowfee.moe/
+apache_vhosts_ssl:
+  - servername: cowfee.moe
+    extra_parameters: |
+      ProxyPreserveHost On
+      ProxyRequests Off
+      ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
+      ProxyPassReverse / https://127.0.0.1:4000/
+      RequestHeader set X_FORWARDED_PROTO 'https'
+      RequestHeader set X-Forwarded-Ssl on
+    certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
+    certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
+    certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem
--- a/playbooks/vars/9iron-pleroma-certbot.yml
+++ b/playbooks/vars/9iron-pleroma-certbot.yml
@ -0,0 +1,10 @@
+# vim:ft=ansible:
+certbot_admin_email: rehashedsalt@cock.li
+certbot_create_if_missing: yes
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+  - apache2
+certbot_certs:
+  - domains:
+    - cowfee.moe
+    - matrix.9iron.club
--- a/playbooks/vars/9iron-pleroma.yml
+++ b/playbooks/vars/9iron-pleroma.yml
@ -0,0 +1,16 @@
+# vim:ft=ansible:
+# Site config
+pleroma_hostname: cowfee.moe
+pleroma_open_registration: "true"
+pleroma_instance_name: Cowfee
+pleroma_instance_desc: owo
+
+# Secret config
+pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
+pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
+
+# DB config
+pleroma_db_host: 172.31.47.215
+pleroma_db_name: pleroma
+pleroma_db_user: pleroma
+pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@ -113,7 +113,33 @@
      tags: [ web, apache ]
    - role: gitea
      tags: [ web, gitea ]
+- hosts: fedi1.9iron.club
+  vars_files:
+    - vars/apache.yml
+    - vars/9iron-pleroma.yml
+    - vars/9iron-pleroma-apache.yml
+    - vars/9iron-pleroma-certbot.yml
+  roles:
+    - role: backup
+      vars:
+        backup_s3backup_list_extra:
+          - /opt/pleroma
+          - /var/lib/pleroma
+      tags: [ backup ]
+    - role: motd
+      vars:
+        motd_watch_services_extra:
+          - apache2
+          - pleroma
+      tags: [ motd ]
+    - role: certbot
+      tags: [ web, certbot ]
+    - role: apache
+      tags: [ web, apache ]
 - hosts: game1.thefuck.how
+  vars_files:
+    - vars/apache.yml
+    - vars/php-fpm.yml
  roles:
    - role: certbot
      vars:
@ -128,39 +154,9 @@
              - game1.thefuck.how
      tags: [ web, certbot ]
    - role: php
-      vars:
-        php_enable_php_fpm: yes
-        php_memory_limit: 512M
-        php_packages_extra:
-          - libapache2-mod-php
-          - php-intl
-          - php-imagick
-          - php-redis
-          - php-bcmath
-          - php-gmp
      tags: [ web, php ]
    - role: apache
      vars:
-        apache_remove_default_vhost: yes
-        apache_packages_state: latest
-        apache_mods_enabled:
-          - headers.load
-          - http2.load
-          - mpm_worker.load
-          - proxy.load
-          - proxy_fcgi.load
-          - proxy_http.load
-          - rewrite.load
-          - ssl.load
-        apache_mods_disabled:
-          - mpm_prefork.load
-          - php7.4.load
-        apache_global_vhost_settings: |
-          DirectoryIndex index.php index.html
-          Protocols h2 http/1.1
-          <FilesMatch \.php$>
-            SetHandler "proxy:fcgi://127.0.0.1:9000"
-          </FilesMatch>
        apache_vhosts:
          - servername: thefuck.how
            extra_parameters: |
--- a/roles/pleroma
+++ b/roles/pleroma
@ -0,0 +1 @@
+Subproject commit 628f5611e47befa5903c37331beb06089253014a
Author	SHA1	Message	Date
Salt	d22ee2e0f0	Alright boys, time to use master from here on out	2021-01-25 22:20:30 -06:00
Salt	62db0e9ce8	Update README	2021-01-25 22:19:49 -06:00
Salt	6ead681d5c	Move fedi1 over, add Pleroma role	2021-01-25 22:19:31 -06:00
				`@ -0,0 +1 @@`
				`Subproject commit 628f5611e47befa5903c37331beb06089253014a`