#!/usr/bin/env ansible-playbook # vim:ft=ansible: --- # Preambulatory system configuration - hosts: all roles: - role: common tags: [ common ] - role: ansible-pull tags: [ ansible, common ] # Database servers - hosts: db1.test.desu.ltd roles: - role: geerlingguy.postgresql vars: postgresql_global_config_options: - option: listen_addresses value: "*" postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Just allow all access on this block. # When rolling out to our new env, I'll allow by particular IP alone - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } postgresql_users: - name: gitea password: "{{ secret_gitea_db_pass }}" postgresql_databases: - name: gitea owner: gitea become: yes tags: [ db, psql ] # Webservers - hosts: web1.test.desu.ltd roles: - role: geerlingguy.apache vars: apache_mods_enabled: - proxy.load - proxy_http.load apache_vhosts: - servername: git.test.desu.ltd extra_parameters: | ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 become: yes tags: [ web, apache ] - role: geerlingguy.php become: yes tags: [ web, php ] - role: gitea vars: gitea_db_type: postgres gitea_db_host: 192.168.122.169:5432 gitea_db_name: gitea gitea_db_user: gitea gitea_db_password: "{{ secret_gitea_db_pass }}" gitea_http_domain: git.test.desu.ltd gitea_oauth2_enabled: no gitea_root_url: http://git.test.desu.ltd gitea_shell: "/bin/bash" gitea_ssh_domain: git.test.desu.ltd gitea_ssh_port: 22 gitea_start_ssh: no gitea_user: git become: yes tags: [ web, gitea ]