#!/usr/bin/env ansible-playbook # vim:ft=ansible: # Webservers --- - hosts: web1.desu.ltd vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/desultd-apache.yml - vars/desultd-certbot.yml - vars/desultd-gitea.yml - vars/desultd-nextcloud.yml tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php" tags: [ nextcloud, cron ] - name: docker deploy 9iron docker_container: name: 9iron state: started image: rehashedsalt/9iron:latest restart_policy: unless-stopped pull: yes ports: - 8001:80 volumes: - /data/9iron/files:/var/www/html/files tags: [ docker, 9iron ] - name: docker deploy gulagbot docker_container: name: gulagbot state: started image: rehashedsalt/gulagbot:latest restart_policy: unless-stopped pull: yes env: DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}" PGHOST: 192.168.164.156 PGDATABASE: gulagbot-desultd PGUSER: gulagbot-desultd PGPASSWORD: "{{ secret_gulagbot_db_pass }}" tags: [ docker, gulagbot, stalin ] roles: - role: backup vars: backup_s3backup_list_extra: - /data - /var/lib/gitea - /var/www/nc.desu.ltd - /srv/desu.ltd backup_s3backup_exclude_list_extra: - /var/lib/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - docker - gitea - php7.4-fpm tags: [ motd ] - role: docker tags: [ web, docker, skip-pull ] - role: certbot tags: [ web, certbot ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: git vars: git_repos: - repo: https://git.desu.ltd/salt/desultd dest: /var/www/desu.ltd - repo: https://git.9iron.club/KidiroInfiniti/OTW_Site dest: /var/www/www.otwstudios.org - repo: https://git.desu.ltd/salt/gitea-custom dest: /usr/local/bin/custom tags: [ web, git ] - role: nextcloud tags: [ web, nextcloud ] - role: gitea tags: [ web, gitea ] - hosts: web1.9iron.club tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nextcloud/cron.php" tags: [ nextcloud, cron ] - name: mount nextcloud efs mount: path=/var/nextcloud src=fs-03dc657b.efs.us-east-2.amazonaws.com:/ fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ nextcloud, efs ] - name: mount gitea efs mount: path=/var/gitea src=fs-b5d56ccd.efs.us-east-2.amazonaws.com:/ fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ gitea, efs ] vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/9iron-apache.yml - vars/9iron-certbot.yml - vars/9iron-gitea.yml roles: - role: backup vars: backup_s3backup_list_extra: - /var/gitea - /var/lib/gitea - /var/nextcloud - /var/www/nextcloud backup_s3backup_exclude_list_extra: - /var/lib/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - gitea - php7.4-fpm tags: [ motd ] - role: gitea tags: [ web, gitea ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: certbot tags: [ web, certbot ] - hosts: web2.desu.ltd vars_files: - vars/apache.yml - vars/desultd-pleroma.yml - vars/desultd-pleroma-apache.yml - vars/desultd-pleroma-certbot.yml roles: - role: backup vars: backup_s3backup_list_extra: - /opt/pleroma - /var/lib/matrix-synapse - /var/lib/pleroma tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - pleroma tags: [ motd ] - role: pleroma tags: [ web, pleroma ] - role: apache tags: [ web, apache ] - role: certbot tags: [ web, certbot ] - hosts: game1.desu.ltd vars_files: - vars/apache.yml - vars/php-fpm.yml roles: - role: certbot vars: certbot_admin_email: rehashedsalt@cock.li certbot_create_if_missing: yes certbot_create_method: standalone certbot_create_standalone_stop_services: - apache2 certbot_certs: - domains: - thefuck.how - game1.desu.ltd tags: [ web, certbot ] - role: php tags: [ web, php ] - role: apache vars: apache_vhosts: - servername: thefuck.how extra_parameters: | Redirect permanent / https://thefuck.how/ - servername: game1.desu.ltd extra_parameters: | Redirect permanent / https://thefuck.how/ apache_vhosts_ssl: - servername: thefuck.how documentroot: /var/www/thefuck.how certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem - servername: game1.desu.ltd extra_parameters: | Redirect permanent / https://thefuck.how/ certificate_file: /etc/letsencrypt/live/thefuck.how/fullchain.pem certificate_key_file: /etc/letsencrypt/live/thefuck.how/privkey.pem certificate_chain_file: /etc/letsencrypt/live/thefuck.how/chain.pem tags: [ web, apache ] - role: git vars: git_repos: - repo: https://git.desu.ltd/salt/thefuckhow dest: /var/www/thefuck.how tags: [ web, git ]