8 changed files with 20 additions and 53 deletions
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -25,7 +25,9 @@ all:
          hosts:
            web1.9iron.club:
            web1.desu.ltd:
-            web2.desu.ltd:
+        app:
+          hosts:
+            fedi1.9iron.club:
        game:
          hosts:
            game1.thefuck.how:
--- a/playbooks/db.yml
+++ b/playbooks/db.yml
@ -20,7 +20,7 @@
            value: 192.168.164.156
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: md5 }
+          - { type: local, database: all, user: all, auth_method: peer }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
            # Used for internal access from other nodes
@ -30,15 +30,11 @@
            password: "{{ secret_gitea_db_pass }}"
          - name: nextcloud-desultd
            password: "{{ secret_nextcloud_db_pass }}"
-          - name: pleroma-cowfee
-            password: "{{ secret_pleroma_9iron_db_pass }}"
        postgresql_databases:
          - name: gitea-desultd
            owner: gitea-desultd
          - name: nextcloud-desultd
            owner: nextcloud-desultd
-          - name: pleroma-cowfee
-            owner: pleroma-cowfee
      tags: [ db, psql ]
 - hosts: psql1.9iron.club
  roles:
@ -55,7 +51,7 @@
      vars:
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
-          - { type: local, database: all, user: all, auth_method: md5 }
+          - { type: local, database: all, user: all, auth_method: peer }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
          - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 }
--- a/playbooks/vars/9iron-pleroma-certbot.yml
+++ b/playbooks/vars/9iron-pleroma-certbot.yml
@ -6,4 +6,5 @@ certbot_create_standalone_stop_services:
  - apache2
 certbot_certs:
  - domains:
+    - cowfee.moe
    - matrix.9iron.club
--- a/playbooks/vars/desultd-pleroma.yml
+++ b/playbooks/vars/desultd-pleroma.yml
@ -10,7 +10,7 @@ pleroma_secret_key_base: "{{ secret_pleroma_key_base }}"
 pleroma_secret_signing_salt: "{{ secret_pleroma_signing_salt }}"

 # DB config
-pleroma_db_host: 192.168.164.156
-pleroma_db_name: pleroma-cowfee
-pleroma_db_user: pleroma-cowfee
+pleroma_db_host: 172.31.47.215
+pleroma_db_name: pleroma
+pleroma_db_user: pleroma
 pleroma_db_pass: "{{ secret_pleroma_9iron_db_pass }}"
--- a/playbooks/vars/desultd-pleroma-apache.yml
+++ b/playbooks/vars/desultd-pleroma-apache.yml
@ -1,20 +0,0 @@
-# vim:ft=ansible:
-apache_global_vhost_settings: |
-  DirectoryIndex index.php index.html
-  Protocols h2 http/1.1
-apache_vhosts:
-  - servername: cowfee.moe
-    extra_parameters: |
-      Redirect permanent / https://cowfee.moe/
-apache_vhosts_ssl:
-  - servername: cowfee.moe
-    extra_parameters: |
-      ProxyPreserveHost On
-      ProxyRequests Off
-      ProxyPass / http://127.0.0.1:4000/ nocanon retry=1
-      ProxyPassReverse / https://127.0.0.1:4000/
-      RequestHeader set X_FORWARDED_PROTO 'https'
-      RequestHeader set X-Forwarded-Ssl on
-    certificate_file: /etc/letsencrypt/live/cowfee.moe/fullchain.pem
-    certificate_key_file: /etc/letsencrypt/live/cowfee.moe/privkey.pem
-    certificate_chain_file: /etc/letsencrypt/live/cowfee.moe/chain.pem
--- a/playbooks/vars/desultd-pleroma-certbot.yml
+++ b/playbooks/vars/desultd-pleroma-certbot.yml
@ -1,10 +0,0 @@
-# vim:ft=ansible:
-certbot_admin_email: rehashedsalt@cock.li
-certbot_create_if_missing: yes
-certbot_create_method: standalone
-certbot_create_standalone_stop_services:
-  - apache2
-certbot_certs:
-  - domains:
-    - cowfee.moe
-    - web2.desu.ltd
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@ -105,20 +105,20 @@
          - gitea
          - php7.4-fpm
      tags: [ motd ]
-    - role: gitea
-      tags: [ web, gitea ]
+    - role: certbot
+      tags: [ web, certbot ]
    - role: php
      tags: [ web, php ]
    - role: apache
      tags: [ web, apache ]
-    - role: certbot
-      tags: [ web, certbot ]
- hosts: web2.desu.ltd
+    - role: gitea
+      tags: [ web, gitea ]
+- hosts: fedi1.9iron.club
  vars_files:
    - vars/apache.yml
-    - vars/desultd-pleroma.yml
-    - vars/desultd-pleroma-apache.yml
-    - vars/desultd-pleroma-certbot.yml
+    - vars/9iron-pleroma.yml
+    - vars/9iron-pleroma-apache.yml
+    - vars/9iron-pleroma-certbot.yml
  roles:
    - role: backup
      vars:
@ -133,12 +133,10 @@
          - apache2
          - pleroma
      tags: [ motd ]
-    - role: pleroma
-      tags: [ web, pleroma ]
-    - role: apache
-      tags: [ web, apache ]
    - role: certbot
      tags: [ web, certbot ]
+    - role: apache
+      tags: [ web, apache ]
 - hosts: game1.thefuck.how
  vars_files:
    - vars/apache.yml
--- a/roles/pleroma
+++ b/roles/pleroma
@ -1 +1 @@
-Subproject commit 0ecda314bf1fdad22fbdd5cdc2e13f6bd76e36a1
+Subproject commit 628f5611e47befa5903c37331beb06089253014a