#!/usr/bin/env ansible-playbook # vim:ft=ansible: --- # Preambulatory system configuration - hosts: all roles: - role: common become: yes tags: [ common ] - role: ansible-pull become: yes tags: [ ansible, common ] # Home desktops - hosts: desktop post_tasks: - name: confirm liblzo2 dllmap lineinfile: path: /etc/mono/config insertafter: "" line: '' become: yes tags: [ desktop, mono ] - name: give python3 cap_sys_ptrace capabilities: path: /usr/bin/python3.8 # Required for Randovania to access Dolphin memory capability: cap_sys_ptrace=eip become: yes tags: [ desktop, python, cap ] roles: - role: desktop become: yes tags: [ desktop ] - role: grub become: yes tags: [ desktop, grub ] - role: udev vars: udev_rules: # Switch RCM stuff - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" become: yes tags: [ desktop, udev ] - role: pulseaudio become: yes tags: [ desktop, pulse, pulseaudio ] - role: zerotier become: yes tags: [ desktop, zerotier ] # Database servers - hosts: psql1.desu.ltd roles: - role: postgresql vars: postgresql_global_config_options: - option: listen_addresses value: 192.168.164.156 postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Used for internal access from other nodes - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } postgresql_users: - name: gitea password: "{{ secret_gitea_db_pass }}" - name: nextcloud password: "{{ secret_nextcloud_db_pass }}" postgresql_databases: - name: gitea owner: gitea - name: nextcloud owner: nextcloud become: yes tags: [ db, psql ] # Webservers - hosts: web1.desu.ltd roles: - role: apache vars: apache_remove_default_vhost: yes apache_packages_state: latest apache_mods_enabled: - ssl.load - proxy.load - proxy_http.load - rewrite.load apache_vhosts: - servername: git.test.desu.ltd extra_parameters: | ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 - servername: nc.test.desu.ltd documentroot: /var/www/html/nextcloud - servername: test.desu.ltd documentroot: /var/www/html/desu.ltd become: yes tags: [ web, apache ] - role: certbot vars: certbot_admin_email: rehashedsalt@cock.li certbot_create_if_missing: yes certbot_create_method: standalone certbot_create_standalone_stop_services: - apache2 certbot_certs: - domains: - desu.ltd - git.desu.ltd - nc.desu.ltd - web1.desu.ltd become: yes tags: [ web, certbot ] - role: php vars: php_memory_limit: 512M php_packages_extra: - libapache2-mod-php - php-zip # For Nextcloud - php-intl - php-imagick - php-redis - php-bcmath - php-gmp - php-pgsql # For general DB stuff # Nextcloud recommended opcache settings php_opcache_max_accelerated_files: 10000 php_opcache_memory_consumption: 128 php_opcache_revalidate_freq: 2 become: yes tags: [ web, php ] - role: git vars: git_repos: - repo: https://git.9iron.club/salt/desultd dest: /var/www/html/desu.ltd become: yes tags: [ web, git ] - role: nextcloud vars: nextcloud_admin_user: admin nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}" nextcloud_version: 19 nextcloud_urls: - http://nc.test.desu.ltd:80 nextcloud_config: system: trusted_domains: "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" nextcloud_database: backend: pgsql name: nextcloud user: nextcloud pass: "{{ secret_nextcloud_db_pass }}" host: 192.168.122.169 port: 5432 become: yes tags: [ web, nextcloud ] - role: gitea vars: # Look and feel gitea_app_name: "Git Desu" # Core config gitea_db_type: postgres gitea_db_host: 192.168.122.169:5432 gitea_db_name: gitea gitea_db_user: gitea gitea_db_password: "{{ secret_gitea_db_pass }}" gitea_http_domain: git.test.desu.ltd gitea_oauth2_enabled: no gitea_root_url: http://git.test.desu.ltd gitea_shell: "/bin/bash" gitea_ssh_domain: git.test.desu.ltd gitea_ssh_port: 22 gitea_start_ssh: no gitea_user: git become: yes tags: [ web, gitea ]