playbooks/vars/9iron-apache.yml

@@ -0,0 +1,30 @@
+# vim:ft=ansible:
+apache_global_vhost_settings: |
+  DirectoryIndex index.php index.html
+  Protocols h2 http/1.1
+  <FilesMatch \.php$>
+  SetHandler "proxy:fcgi://127.0.0.1:9000"
+  </FilesMatch>
+apache_vhosts:
+  - servername: nc.9iron.club
+    extra_parameters: |
+      Redirect permanent / https://nc.9iron.club/
+  - servername: git.9iron.club
+    extra_parameters: |
+      Redirect permanent / https://git.9iron.club/
+apache_vhosts_ssl:
+  - servername: git.9iron.club
+    extra_parameters: |
+      ProxyPreserveHost On
+      ProxyRequests Off
+      ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
+    certificate_file: /etc/letsencrypt/live/nc.9iron.club/fullchain.pem
+    certificate_key_file: /etc/letsencrypt/live/nc.9iron.club/privkey.pem
+    certificate_chain_file: /etc/letsencrypt/live/nc.9iron.club/chain.pem
+  - servername: nc.9iron.club
+    extra_parameters: |
+      Header always set Strict-Transport-Security "max-age=31536000"
+    documentroot: /var/www/nextcloud
+    certificate_file: /etc/letsencrypt/live/nc.9iron.club/fullchain.pem
+    certificate_key_file: /etc/letsencrypt/live/nc.9iron.club/privkey.pem
+    certificate_chain_file: /etc/letsencrypt/live/nc.9iron.club/chain.pem

playbooks/vars/9iron-certbot.yml

@@ -0,0 +1,10 @@
+# vim:ft=ansible:
+certbot_admin_email: rehashedsalt@cock.li
+certbot_create_if_missing: yes
+certbot_create_method: standalone
+certbot_create_standalone_stop_services:
+  - apache2
+certbot_certs:
+  - domains:
+    - nc.9iron.club
+    - git.9iron.club

playbooks/vars/9iron-gitea.yml

@@ -0,0 +1,19 @@
+# vim:ft=ansible:
+# Look and feel
+gitea_app_name: "9iron Gitea"
+# Core config
+gitea_db_type: postgres
+gitea_db_host: 172.31.47.215:5432
+gitea_db_name: gitea
+gitea_db_user: gitea
+gitea_db_password: "{{ secret_gitea_9iron_db_pass }}"
+gitea_http_domain: git.9iron.club
+gitea_oauth2_enabled: no
+gitea_repository_root: /var/gitea
+gitea_require_signin: no
+gitea_root_url: https://git.9iron.club
+gitea_shell: "/bin/bash"
+gitea_ssh_domain: git.9iron.club
+gitea_ssh_port: 22
+gitea_start_ssh: no
+gitea_user: git

playbooks/web.yml

@@ -74,6 +74,7 @@
         backup_s3backup_list_extra:
           - /app/gitea/gitea
           - /data
+          - /var/lib/gitea
           - /var/www/nc.desu.ltd
           - /var/www/srv.9iron.club
           - /srv/desu.ltd
@@ -99,11 +100,15 @@
     - role: git
       vars:
         git_repos:
+          - repo: https://git.9iron.club/KidiroInfiniti/OTW_Site
+            dest: /var/www/www.otwstudios.org
           - repo: https://git.desu.ltd/salt/gitea-custom
             dest: /data/gitea/data/gitea/custom
       tags: [ web, git ]
     - role: nextcloud
       tags: [ web, nextcloud ]
+#    - role: gitea
+#      tags: [ web, gitea ]
 - hosts: web2.desu.ltd
   module_defaults:
     docker_container:

roles/ansible-pull/tasks/main.yml

@@ -8,9 +8,9 @@
   pip: name=ansible<5,ansible-lint state=latest
   when: ansible_os_family != "Gentoo"
 - name: configure systemd service
-  template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service mode=0644
+  template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service
 - name: configure systemd timer
-  template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer mode=0644
+  template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer
   notify: restart ansiblepull timer
 - name: enable timer
   systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started

roles/backup/tasks/main.yml

@@ -4,9 +4,9 @@
 - name: template out backup script
   template: src={{ backup_script }}.sh dest=/opt/backup.sh mode=0700 owner=root group=root
 - name: configure systemd service
-  template: src=backup.service dest=/etc/systemd/system/backup.service mode=0644
+  template: src=backup.service dest=/etc/systemd/system/backup.service
 - name: configure systemd timer
-  template: src=backup.timer dest=/etc/systemd/system/backup.timer mode=0644
+  template: src=backup.timer dest=/etc/systemd/system/backup.timer
   notify: restart backup timer
 - name: enable timer
   systemd: name=backup.timer state=started enabled=yes daemon_reload=yes

roles/common/tasks/system.yml

@@ -8,4 +8,4 @@
   timezone: name=America/Chicago
   notify: restart cron
 - name: configure shell profile
-  template: src=profile.sh dest=/etc/profile.d/50-ansible.sh mode=0644
+  template: src=profile.sh dest=/etc/profile.d/50-ansible.sh

roles/desktop/tasks/main.yml

@@ -2,9 +2,9 @@
 # vim:ft=ansible:
 ---
 - name: assure xorg.conf.d
-  file: path=/etc/X11/xorg.conf.d state=directory mode=0755
+  file: path=/etc/X11/xorg.conf.d state=directory
 - name: configure X misc
-  template: src={{ item }} dest=/etc/X11/xorg.conf.d/{{ item }} mode=0644
+  template: src={{ item }} dest=/etc/X11/xorg.conf.d/{{ item }}
   loop:
       # Disables mouse acceleration on all mouse peripherals
     - 90-mouse-acceleration.conf

roles/udev/tasks/main.yml

@@ -2,6 +2,6 @@
 # vim:ft=ansible:
 ---
 - name: configure udev rules
-  lineinfile: path=/etc/udev/rules.d/50-ansible.rules line={{ item }} create=yes mode=0644
+  lineinfile: path=/etc/udev/rules.d/50-ansible.rules line={{ item }} create=yes
   loop: "{{ udev_rules }}"
   notify: reload udev

roles/zerotier/tasks/main.yml

@@ -13,7 +13,7 @@
       apt: name=zerotier-one
   when: ansible_pkg_mgr == "apt"
 - name: template unit file
-  template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service mode=0644
+  template: src=zerotier-one.service dest=/etc/systemd/system/zerotier-one.service
   notify: restart zerotier
 - name: join network
   command: