#!/usr/bin/env ansible-playbook # vim:ft=ansible: --- # Preambulatory system configuration - hosts: all roles: - role: common become: yes tags: [ common ] - role: ansible-pull become: yes tags: [ ansible, common ] # Home desktops - hosts: desktop roles: - role: grub become: yes tags: [ desktop, grub ] - role: udev vars: udev_rules: # Switch RCM stuff - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" become: yes tags: [ desktop, udev ] # Database servers - hosts: db1.test.desu.ltd roles: - role: postgresql vars: postgresql_global_config_options: - option: listen_addresses value: "*" postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Just allow all access on this block. # When rolling out to our new env, I'll allow by particular IP alone - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } postgresql_users: - name: gitea password: "{{ secret_gitea_db_pass }}" - name: nextcloud password: "{{ secret_nextcloud_db_pass }}" postgresql_databases: - name: gitea owner: gitea - name: nextcloud owner: nextcloud become: yes tags: [ db, psql ] # Webservers - hosts: web1.test.desu.ltd roles: - role: apache vars: apache_remove_default_vhost: yes apache_packages_state: latest apache_mods_enabled: - ssl.load - proxy.load - proxy_http.load - rewrite.load apache_vhosts: - servername: git.test.desu.ltd extra_parameters: | ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 - servername: nc.test.desu.ltd documentroot: /var/www/html/nextcloud - servername: test.desu.ltd documentroot: /var/www/html/desu.ltd become: yes tags: [ web, apache ] - role: php vars: php_memory_limit: 512M php_packages_extra: - libapache2-mod-php - php-zip # For Nextcloud - php-pgsql # For general DB stuff become: yes tags: [ web, php ] - role: git vars: git_repos: - repo: https://git.9iron.club/salt/desultd dest: /var/www/html/desu.ltd become: yes tags: [ web, git ] - role: nextcloud vars: nextcloud_admin_user: admin nextcloud_admin_pass: foobar nextcloud_version: 19 nextcloud_urls: - http://nc.test.desu.ltd:80 nextcloud_config: system: trusted_domains: "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" nextcloud_database: backend: pgsql name: nextcloud user: nextcloud pass: "{{ secret_nextcloud_db_pass }}" host: 192.168.122.169 port: 5432 become: yes tags: [ web, nextcloud ] - role: gitea vars: # Look and feel gitea_app_name: "Git Desu" # Core config gitea_db_type: postgres gitea_db_host: 192.168.122.169:5432 gitea_db_name: gitea gitea_db_user: gitea gitea_db_password: "{{ secret_gitea_db_pass }}" gitea_http_domain: git.test.desu.ltd gitea_oauth2_enabled: no gitea_root_url: http://git.test.desu.ltd gitea_shell: "/bin/bash" gitea_ssh_domain: git.test.desu.ltd gitea_ssh_port: 22 gitea_start_ssh: no gitea_user: git become: yes tags: [ web, gitea ]