#!/usr/bin/env ansible-playbook # vim:ft=ansible: --- # Preambulatory system configuration - hosts: all roles: - role: common become: yes tags: [ common ] - role: ansible-pull become: yes tags: [ ansible, common ] # Home desktops - hosts: desktop roles: - role: desktop become: yes tags: [ desktop ] - role: grub become: yes tags: [ desktop, grub ] - role: udev vars: udev_rules: # Switch RCM stuff - SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" become: yes tags: [ desktop, udev ] - role: zerotier become: yes tags: [ desktop, zerotier ] # Database servers - hosts: psql1.desu.ltd roles: - role: postgresql vars: postgresql_global_config_options: - option: listen_addresses value: 192.168.164.156 postgresql_hba_entries: - { type: local, database: all, user: postgres, auth_method: peer } - { type: local, database: all, user: all, auth_method: peer } - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } # Used for internal access from other nodes - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 } postgresql_users: - name: gitea password: "{{ secret_gitea_db_pass }}" - name: nextcloud password: "{{ secret_nextcloud_db_pass }}" postgresql_databases: - name: gitea owner: gitea - name: nextcloud owner: nextcloud become: yes tags: [ db, psql ] # Webservers # NOTE: This whole stanza has been commented out pending resolution of https://github.com/ansible/ansible/issues/71528 # Currently, no release packages this fix. I NEED that fix out to work around this bug in 20.04 #- hosts: web1.desu.ltd # roles: # - role: certbot # vars: # certbot_admin_email: rehashedsalt@cock.li # certbot_create_if_missing: yes # certbot_create_method: standalone # certbot_create_standalone_stop_services: # - apache2 # certbot_certs: # - domains: # - desu.ltd # - git.desu.ltd # - nc.desu.ltd # - web1.desu.ltd # become: yes # tags: [ web, certbot ] # - role: apache # vars: # apache_remove_default_vhost: yes # apache_packages_state: latest # apache_mods_enabled: # - ssl.load # - proxy.load # - proxy_http.load # - rewrite.load # apache_vhosts: # - servername: git.test.desu.ltd # extra_parameters: | # ProxyPreserveHost On # ProxyRequests Off # ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 # - servername: nc.test.desu.ltd # documentroot: /var/www/html/nextcloud # - servername: test.desu.ltd # documentroot: /var/www/html/desu.ltd # become: yes # tags: [ web, apache ] # - role: php # vars: # php_memory_limit: 512M # php_packages_extra: # - libapache2-mod-php # - php-zip # For Nextcloud # - php-intl # - php-imagick # - php-redis # - php-bcmath # - php-gmp # - php-pgsql # For general DB stuff # # Nextcloud recommended opcache settings # php_opcache_max_accelerated_files: 10000 # php_opcache_memory_consumption: 128 # php_opcache_revalidate_freq: 2 # become: yes # tags: [ web, php ] # - role: git # vars: # git_repos: # - repo: https://git.9iron.club/salt/desultd # dest: /var/www/html/desu.ltd # become: yes # tags: [ web, git ] # - role: nextcloud # vars: # nextcloud_admin_user: admin # nextcloud_admin_pass: foobar # nextcloud_version: 19 # nextcloud_urls: # - http://nc.test.desu.ltd:80 # nextcloud_config: # system: # trusted_domains: # "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" # nextcloud_database: # backend: pgsql # name: nextcloud # user: nextcloud # pass: "{{ secret_nextcloud_db_pass }}" # host: 192.168.122.169 # port: 5432 # become: yes # tags: [ web, nextcloud ] # - role: gitea # vars: # # Look and feel # gitea_app_name: "Git Desu" # # Core config # gitea_db_type: postgres # gitea_db_host: 192.168.122.169:5432 # gitea_db_name: gitea # gitea_db_user: gitea # gitea_db_password: "{{ secret_gitea_db_pass }}" # gitea_http_domain: git.test.desu.ltd # gitea_oauth2_enabled: no # gitea_root_url: http://git.test.desu.ltd # gitea_shell: "/bin/bash" # gitea_ssh_domain: git.test.desu.ltd # gitea_ssh_port: 22 # gitea_start_ssh: no # gitea_user: git # become: yes # tags: [ web, gitea ]