salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: salt:a7aa38a8e91d25c2aa31c056099c8ebc5d592971
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite
..
compare: salt:7337fb49ed74b41f5de979fa06c3d663b6c9ebdf
Branches Tags
salt:master
salt:kopia
salt:cleanup
salt:rewrite

7 Commits
a7aa38a8e9 ... 7337fb49ed

Author SHA1 Message Date
Salt
7337fb49ed Narrow down the pass locations for Matrix to just server endpoints 2021-10-02 22:11:10 -05:00
Salt
e05d4a379b Add basic Synapse server configuration 2021-10-02 22:03:22 -05:00
Salt
aceba8407b Add DB configuration for Synapse 2021-10-02 22:03:05 -05:00
Salt
d06fc65af9 Correct errors in nginx configuration 2021-10-02 21:53:44 -05:00
Salt
51737a53dc Revert "Add handles to ingress role" 
This reverts commit 0586eb5ce9.
 2021-10-02 21:48:37 -05:00
Salt
e6b2c8b0a6 Configure web1.desu.ltd for Matrix delegation 
Big things a comin
 2021-10-02 21:46:32 -05:00
Salt
0586eb5ce9 Add handles to ingress role 2021-10-02 21:42:27 -05:00
6 changed files with 81 additions and 0 deletions
Show Stats Expand all files Collapse all files

9
inventory/group_vars/all.yml
View File

@ -269,6 +269,15 @@ secret_snmp_rouser_privacy_passphrase: !vault |
3764363538636232630a383730323433343239663461373030383132626532306130363965316661 3764363538636232630a383730323433343239663461373030383132626532306130363965316661
64353932376139613765303764313463353366663535653135393637633835353566 64353932376139613765303764313463353366663535653135393637633835353566
# For Synapse
secret_synapse_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
38343663383430353236366263666664376162666635633764646539383239613864363838663262
3165313832643330346336613465323439316461643432660a623337373562626431613561323566
64323162623530303965316634666532333034313864663133663933623438313230386261623064
3663623537333161630a616263656362633461366462613366323262363734353233373330393932
36653333643632313139396631633962386533323330346639363736353863313763
# For home media stuff # For home media stuff
secret_transmission_user_pass: !vault | secret_transmission_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

41
playbooks/prod_com.yml Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
# Webservers
---
- hosts: com1.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
pre_tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
tasks:
- name: include tasks for applications
include_tasks: tasks/{{ item }}
with_items:
- web/synapse.yml
tags: [ always ]
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /data
tags: [ backup ]
- role: ingress
vars:
ingress_servers:
- name: matrix.desu.ltd
proxies:
- location: ~* ^(\/_matrix|\/_synapse\/client)
pass: http://synapse:8008
locations:
- location: /
contents: |
default_type text/html;
return 200 'Watch this space...';
directives:
- "client_max_body_size 0"
tags: [ web, docker, ingress ]

6
playbooks/prod_db.yml
View File

@ -39,6 +39,8 @@
password: "{{ secret_peertube_db_pass }}" password: "{{ secret_peertube_db_pass }}"
- name: pleroma-cowfee - name: pleroma-cowfee
password: "{{ secret_pleroma_9iron_db_pass }}" password: "{{ secret_pleroma_9iron_db_pass }}"
- name: synapse-desultd
password: "{{ secret_synapse_db_pass }}"
postgresql_databases: postgresql_databases:
- name: gitea-desultd - name: gitea-desultd
owner: gitea-desultd owner: gitea-desultd
@ -54,4 +56,8 @@
owner: pleroma-cowfee owner: pleroma-cowfee
- name: peertube - name: peertube
owner: peertube-cowfee owner: peertube-cowfee
- name: synapse-desultd
lc_collate: C
lc_ctype: C
owner: synapse-desultd
tags: [ db, psql ] tags: [ db, psql ]

9
playbooks/prod_web.yml
View File

@ -46,6 +46,15 @@
# desu.ltd # desu.ltd
- name: desu.ltd - name: desu.ltd
proxy_pass: http://desultd:80 proxy_pass: http://desultd:80
locations:
- location: /.well-known/matrix/server
contents: |
default_type application/json;
return 200 '{"m.server":"matrix.desu.ltd:443"}';
- location: /.well-known/matrix/client
contents: |
default_type application/json;
return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}';
- name: git.desu.ltd - name: git.desu.ltd
proxy_pass: http://gitea:3000 proxy_pass: http://gitea:3000
- name: nc.desu.ltd - name: nc.desu.ltd

15
playbooks/tasks/web/synapse.yml Normal file
View File

@ -0,0 +1,15 @@
# vim:ft=ansible:
- name: docker deploy synapse
docker_container:
name: synapse
image: matrixdotorg/synapse:latest
env:
TZ: "America/Chicago"
SYNAPSE_SERVER_NAME: matrix.desu.ltd
SYNAPSE_REPORT_STATS: "no"
networks:
- name: web
aliases: [ "synapse" ]
volumes:
- /data/synapse:/data
tags: [ docker, synapse ]

1
site.yml
View File

@ -19,6 +19,7 @@
# Production configuration # Production configuration
- import_playbook: playbooks/prod_db.yml - import_playbook: playbooks/prod_db.yml
- import_playbook: playbooks/prod_web.yml - import_playbook: playbooks/prod_web.yml
- import_playbook: playbooks/prod_com.yml
- import_playbook: playbooks/prod_game.yml - import_playbook: playbooks/prod_game.yml
# Supplementary tags # Supplementary tags
- import_playbook: playbooks/tags_ansible.yml - import_playbook: playbooks/tags_ansible.yml