#!/usr/bin/env ansible-playbook # vim:ft=ansible: # Webservers --- - hosts: web1.desu.ltd vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/desultd-apache.yml - vars/desultd-certbot.yml - vars/desultd-nextcloud.yml module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php" tags: [ nextcloud, cron ] - name: docker deploy 9iron docker_container: name: 9iron image: rehashedsalt/9iron:latest ports: - 8001:80 volumes: - /data/9iron/files:/var/www/html/files tags: [ docker, 9iron ] - name: docker deploy desultd docker_container: name: desultd image: rehashedsalt/desultd:latest ports: - 8002:80 volumes: - /data/9iron/files:/var/www/html/files tags: [ docker, 9iron ] - name: docker deploy gitea docker_container: name: gitea image: gitea/gitea:1 env: USER_UID: "1002" USER_GID: "1002" GITEA__database_DB_TYPE: postgres GITEA__database_HOST: 192.168.164.156:5432 GITEA__database_NAME: gitea-desultd GITEA__database_USER: gitea-desultd GITEA__database_PASSWD: "{{ secret_gitea_db_pass }}" ports: - 3000:3000 - 127.0.0.1:2222:22 volumes: - /data/gitea/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /var/lib/gitea/.ssh:/data/git/.ssh tags: [ docker, gitea ] - name: docker deploy gulagbot docker_container: name: gulagbot image: rehashedsalt/gulagbot:latest env: DISCORD_TOKEN: "{{ secret_gulagbot_discord_token }}" PGHOST: 192.168.164.156 PGDATABASE: gulagbot-desultd PGUSER: gulagbot-desultd PGPASSWORD: "{{ secret_gulagbot_db_pass }}" tags: [ docker, gulagbot, stalin ] roles: - role: backup vars: backup_s3backup_list_extra: - /app/gitea/gitea - /data - /var/lib/gitea - /var/www/nc.desu.ltd - /var/www/srv.9iron.club - /srv/desu.ltd backup_s3backup_exclude_list_extra: - /var/lib/gitea/log - /data/gitea/data/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - docker - php7.4-fpm tags: [ motd ] - role: docker tags: [ web, docker, skip-pull ] - role: certbot tags: [ web, certbot ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: git vars: git_repos: - repo: https://git.9iron.club/KidiroInfiniti/OTW_Site dest: /var/www/www.otwstudios.org - repo: https://git.desu.ltd/salt/gitea-custom dest: /data/gitea/data/gitea/custom tags: [ web, git ] - role: nextcloud tags: [ web, nextcloud ] # - role: gitea # tags: [ web, gitea ] - hosts: web1.9iron.club tasks: - name: configure nextcloud cronjob cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nextcloud/cron.php" tags: [ nextcloud, cron ] - name: mount nextcloud efs mount: path=/var/nextcloud src=fs-03dc657b.efs.us-east-2.amazonaws.com:/ fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ nextcloud, efs ] - name: mount gitea efs mount: path=/var/gitea src=fs-b5d56ccd.efs.us-east-2.amazonaws.com:/ fstype=nfs4 opts="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" state=mounted tags: [ gitea, efs ] vars_files: - vars/apache.yml - vars/php-fpm.yml - vars/9iron-apache.yml - vars/9iron-certbot.yml - vars/9iron-gitea.yml roles: - role: backup vars: backup_s3backup_list_extra: - /var/gitea - /var/lib/gitea - /var/nextcloud - /var/www/nextcloud backup_s3backup_exclude_list_extra: - /var/lib/gitea/log tags: [ backup ] - role: motd vars: motd_watch_services_extra: - apache2 - gitea - php7.4-fpm tags: [ motd ] - role: gitea tags: [ web, gitea ] - role: php tags: [ web, php ] - role: apache tags: [ web, apache ] - role: certbot tags: [ web, certbot ] - hosts: web2.desu.ltd module_defaults: docker_container: state: started restart_policy: unless-stopped pull: yes tasks: - name: ensure docker network docker_network: name=web tags: [ docker ] - name: ensure docker nginx config copy: dest: /data/nginx-certbot/user_conf.d/vhosts.conf mode: "0750" content: | server { listen 443 ssl default_server; server_name cowfee.moe; ssl_certificate /etc/letsencrypt/live/cowfee.moe/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cowfee.moe/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/cowfee.moe/chain.pem; ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://pleroma:4000; } } server { listen 443 ssl; server_name tube.cowfee.moe; ssl_certificate /etc/letsencrypt/live/cowfee.moe/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cowfee.moe/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/cowfee.moe/chain.pem; ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://peertube:9000; } } tags: [ docker, ingress ] - name: docker deploy pleroma docker_container: name: pleroma image: jordemort/pleroma env: TZ: "America/Chicago" POSTGRES_HOST: 192.168.164.156 POSTGRES_DB: pleroma_cowfee POSTGRES_USER: pleroma-cowfee POSTGRES_PASSWORD: "{{ secret_pleroma_9iron_db_pass }}" networks: - name: web aliases: [ "pleroma" ] volumes: - /data/pleroma/etc:/etc/pleroma - /data/pleroma/static:/var/lib/pleroma/static - /data/pleroma/uploads:/var/lib/pleroma/uploads tags: [ docker, pleroma ] - name: docker deploy redis docker_container: name: redis image: redis:6-alpine networks: - name: web aliases: [ "redis" ] tags: [ docker, redis ] - name: docker deploy peertube docker_container: name: peertube image: chocobozzz/peertube:production-buster env: POSTGRES_DB: peertube_cowfee PEERTUBE_DB: peertube_cowfee PEERTUBE_DB_USERNAME: peertube-cowfee PEERTUBE_DB_PASSWORD: "{{ secret_peertube_db_pass }}" PEERTUBE_DB_HOSTNAME: 192.168.164.156 PEERTUBE_ADMIN_EMAIL: rehashedsalt@cock.li PEERTUBE_WEBSERVER_HOSTNAME: tube.cowfee.moe PEERTUBE_TRUST_PROXY: '["127.0.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]' networks: - name: web aliases: [ "peertube" ] ports: - "1935:1935" volumes: - /data/peertube/data:/data - /data/peertube/config:/config tags: [ docker, peertube ] - name: docker deploy nginx proxy docker_container: name: ingress image: jonasal/nginx-certbot:2.2.0 env: TZ: "America/Chicago" CERTBOT_EMAIL: rehashedsalt@cock.li networks: - name: web aliases: [ "ingress" ] ports: - "443:443" - "80:80" volumes: - /data/nginx-certbot/letsencrypt:/etc/letsencrypt - /data/nginx-certbot/user_conf.d:/etc/nginx/user_conf.d:ro tags: [ docker, ingress ] roles: - role: backup vars: backup_s3backup_list_extra: - /data tags: [ backup ] - role: motd vars: motd_watch_services_extra: - docker tags: [ motd ] - role: docker tags: [ web, docker, skip-pull ]