#!/usr/bin/env ansible-playbook # vim:ft=ansible: # Webservers --- - hosts: web1.desu.ltd tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php" tags: [ nextcloud, cron ] vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/desultd-apache.yml - vars/desultd-certbot.yml - vars/desultd-gitea.yml - vars/desultd-nextcloud.yml roles: - role: backup vars: backup_s3backup_list_extra: - /var/lib/gitea - /var/www/nc.desu.ltd - /var/www/www.9iron.club/files - /srv/desu.ltd backup_s3backup_exclude_list_extra: - /var/lib/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - gitea - php7.4-fpm tags: [ motd ] - role: certbot tags: [ web, certbot ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: git vars: git_repos: - repo: https://git.desu.ltd/salt/desultd dest: /var/www/desu.ltd - repo: https://git.desu.ltd/salt/9iron dest: /var/www/www.9iron.club - repo: https://git.desu.ltd/salt/gitea-custom dest: /usr/local/bin/custom tags: [ web, git ] - role: nextcloud tags: [ web, nextcloud ] - role: gitea tags: [ web, gitea ] - hosts: web1.9iron.club tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nextcloud/cron.php" tags: [ nextcloud, cron ] - name: register nextcloud efs efs: name: 9iron-gitea region: us-east-2 targets: - subnet_id: subnet-852935ed security_groups: [ "sg-4f4b692c" ] register: ncefs tags: [ nextcloud, efs ] - name: mount nextcloud efs mount: path=/var/nextcloud src={{ ncefs.efs.filesystem_address }} fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ nextcloud, efs ] - name: register gitea efs efs: name: 9iron-gitea region: us-east-2 targets: - subnet_id: subnet-852935ed security_groups: [ "sg-4f4b692c" ] register: gitefs tags: [ gitea, efs ] - name: mount gitea efs mount: path=/var/gitea src={{ gitefs.efs.filesystem_address }} fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ gitea, efs ] vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/9iron-apache.yml - vars/9iron-certbot.yml - vars/9iron-gitea.yml roles: - role: backup vars: backup_s3backup_list_extra: - /var/gitea - /var/lib/gitea - /var/nextcloud - /var/www/nextcloud backup_s3backup_exclude_list_extra: - /var/lib/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - gitea - php7.4-fpm tags: [ motd ] - role: certbot tags: [ web, certbot ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: gitea tags: [ web, gitea ] - hosts: game1.thefuck.how roles: - role: certbot vars: certbot_admin_email: rehashedsalt@cock.li certbot_create_if_missing: yes certbot_create_method: standalone certbot_create_standalone_stop_services: - apache2 certbot_certs: - domains: - thefuck.how - game1.thefuck.how tags: [ web, certbot ] - role: php vars: php_enable_php_fpm: yes php_memory_limit: 512M php_packages_extra: - libapache2-mod-php - php-intl - php-imagick - php-redis - php-bcmath - php-gmp tags: [ web, php ] - role: apache vars: apache_remove_default_vhost: yes apache_packages_state: latest apache_mods_enabled: - headers.load - http2.load - mpm_worker.load - proxy.load - proxy_fcgi.load - proxy_http.load - rewrite.load - ssl.load apache_mods_disabled: - mpm_prefork.load - php7.4.load apache_global_vhost_settings: | DirectoryIndex index.php index.html Protocols h2 http/1.1 SetHandler "proxy:fcgi://127.0.0.1:9000" apache_vhosts: - servername: thefuck.how extra_parameters: | Redirect permanent / https://thefuck.how/ - servername: game1.thefuck.how extra_parameters: | Redirect permanent / https://thefuck.how/ apache_vhosts_ssl: - servername: thefuck.how documentroot: /var/www/thefuck.how certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem - servername: game1.thefuck.how extra_parameters: | Redirect permanent / https://thefuck.how/ certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem tags: [ web, apache ] - role: git vars: git_repos: - repo: https://git.desu.ltd/salt/thefuckhow dest: /var/www/thefuck.how tags: [ web, git ]