inventory/hosts.yml

@@ -25,7 +25,9 @@ all:
           hosts:
             web1.9iron.club:
             web1.desu.ltd:
-            web2.desu.ltd:
+        app:
+          hosts:
+            fedi1.9iron.club:
         game:
           hosts:
             game1.thefuck.how:

playbooks/db.yml

@@ -20,7 +20,7 @@
             value: 192.168.164.156
         postgresql_hba_entries:
           - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: md5 }
+          - { type: local, database: all, user: all, auth_method: peer }
           - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
           - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
             # Used for internal access from other nodes
@@ -30,15 +30,11 @@
             password: "{{ secret_gitea_db_pass }}"
           - name: nextcloud-desultd
             password: "{{ secret_nextcloud_db_pass }}"
-          - name: pleroma-cowfee
-            password: "{{ secret_pleroma_9iron_db_pass }}"
         postgresql_databases:
           - name: gitea-desultd
             owner: gitea-desultd
           - name: nextcloud-desultd
             owner: nextcloud-desultd
-          - name: pleroma-cowfee
-            owner: pleroma-cowfee
       tags: [ db, psql ]
 - hosts: psql1.9iron.club
   roles:
@@ -55,7 +51,7 @@
       vars:
         postgresql_hba_entries:
           - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: md5 }
+          - { type: local, database: all, user: all, auth_method: peer }
           - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
           - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
           - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 }

playbooks/vars/9iron-pleroma-certbot.yml

@@ -6,4 +6,5 @@ certbot_create_standalone_stop_services:
   - apache2
 certbot_certs:
   - domains:
+    - cowfee.moe
     - matrix.9iron.club

playbooks/vars/9iron-pleroma.yml

@@ -10,7 +10,7 @@ pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
 pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"
 
 # DB config
-pleroma_db_host: 192.168.164.156
+pleroma_db_host: 172.31.47.215
-pleroma_db_name: pleroma-cowfee
+pleroma_db_name: pleroma
-pleroma_db_user: pleroma-cowfee
+pleroma_db_user: pleroma
 pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"

playbooks/vars/desultd-pleroma-apache.yml

@@ -1,20 +0,0 @@
-# vim:ft=ansible:
-apache_global_vhost_settings: |
-  DirectoryIndex index.php index.html
-  Protocols h2 http/1.1
-apache_vhosts:
-  - servername: cowfee.moe
-    extra_parameters: |
-      Redirect permanent / https://cowfee.moe/
-apache_vhosts_ssl:
-  - servername: cowfee.moe
-    extra_parameters: |
-      ProxyPreserveHost On
-      ProxyRequests Off
-      ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
-      ProxyPassReverse / https://127.0.0.1:4000/
-      RequestHeader set X_FORWARDED_PROTO 'https'
-      RequestHeader set X-Forwarded-Ssl on
-    certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
-    certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
-    certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem

playbooks/vars/desultd-pleroma-certbot.yml

@@ -1,10 +0,0 @@
-# vim:ft=ansible:
-certbot_admin_email: rehashedsalt@cock.li
-certbot_create_if_missing: yes
-certbot_create_method: standalone
-certbot_create_standalone_stop_services:
-  - apache2
-certbot_certs:
-  - domains:
-    - cowfee.moe
-    - web2.desu.ltd

playbooks/web.yml

@@ -105,20 +105,20 @@
           - gitea
           - php7.4-fpm
       tags: [ motd ]
-    - role: gitea
+    - role: certbot
-      tags: [ web, gitea ]
+      tags: [ web, certbot ]
     - role: php
       tags: [ web, php ]
     - role: apache
       tags: [ web, apache ]
-    - role: certbot
+    - role: gitea
-      tags: [ web, certbot ]
+      tags: [ web, gitea ]
-- hosts: web2.desu.ltd
+- hosts: fedi1.9iron.club
   vars_files:
     - vars/apache.yml
-    - vars/desultd-pleroma.yml
+    - vars/9iron-pleroma.yml
-    - vars/desultd-pleroma-apache.yml
+    - vars/9iron-pleroma-apache.yml
-    - vars/desultd-pleroma-certbot.yml
+    - vars/9iron-pleroma-certbot.yml
   roles:
     - role: backup
       vars:
@@ -133,12 +133,10 @@
           - apache2
           - pleroma
       tags: [ motd ]
-    - role: pleroma
-      tags: [ web, pleroma ]
-    - role: apache
-      tags: [ web, apache ]
     - role: certbot
       tags: [ web, certbot ]
+    - role: apache
+      tags: [ web, apache ]
 - hosts: game1.thefuck.how
   vars_files:
     - vars/apache.yml

roles/pleroma

@@ -1 +1 @@
-Subproject commit 0ecda314bf1fdad22fbdd5cdc2e13f6bd76e36a1
+Subproject commit 628f5611e47befa5903c37331beb06089253014a