#!/usr/bin/env ansible-playbook # vim:ft=ansible: # Webservers --- - hosts: web1.desu.ltd roles: - role: backup vars: backup_s3backup_list_extra: - /var/lib/gitea - /var/www/html/nextcloud become: yes tags: [ backup ] - role: apache vars: apache_remove_default_vhost: yes apache_packages_state: latest apache_mods_enabled: - ssl.load - proxy.load - proxy_http.load - rewrite.load apache_vhosts: - servername: nc.desu.ltd extra_parameters: | Redirect permanent / https://nc.desu.ltd - servername: desu.ltd extra_parameters: | Redirect permanent / https://desu.ltd - servername: git.desu.ltd extra_parameters: | Redirect permanent / https://git.desu.ltd apache_vhosts_ssl: - servername: nc.desu.ltd documentroot: /var/www/nc.desu.ltd certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem - servername: desu.ltd documentroot: /var/www/desu.ltd certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem - servername: git.desu.ltd extra_parameters: | ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 certificate_file: /etc/letsencrypt/live/desu.ltd/fullchain.pem certificate_key_file: /etc/letsencrypt/live/desu.ltd/privkey.pem certificate_chain_file: /etc/letsencrypt/live/desu.ltd/chain.pem become: yes tags: [ web, apache ] - role: certbot vars: certbot_admin_email: rehashedsalt@cock.li certbot_create_if_missing: yes certbot_create_method: standalone certbot_create_standalone_stop_services: - apache2 certbot_certs: - domains: - desu.ltd - git.desu.ltd - nc.desu.ltd - web1.desu.ltd become: yes tags: [ web, certbot ] - role: php vars: php_memory_limit: 512M php_packages_extra: - libapache2-mod-php - php-zip # For Nextcloud - php-intl - php-imagick - php-redis - php-bcmath - php-gmp - php-pgsql # For general DB stuff # Nextcloud recommended opcache settings php_opcache_max_accelerated_files: 10000 php_opcache_memory_consumption: 128 php_opcache_revalidate_freq: 2 become: yes tags: [ web, php ] - role: git vars: git_repos: - repo: https://git.9iron.club/salt/desultd dest: /var/www/desu.ltd become: yes tags: [ web, git ] - role: nextcloud vars: nextcloud_installation_dir: /var/www/nc.desu.ltd nextcloud_admin_user: admin nextcloud_admin_pass: "{{ secret_nextcloud_admin_pass }}" nextcloud_version: 19 nextcloud_urls: - http://nc.desu.ltd:80 - https://nc.desu.ltd:443 nextcloud_config: system: trusted_domains: "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" nextcloud_database: backend: pgsql name: nextcloud-desultd user: nextcloud-desultd pass: "{{ secret_nextcloud_db_pass }}" host: 192.168.164.156 port: 5432 become: yes tags: [ web, nextcloud ] - role: gitea vars: # Look and feel gitea_app_name: "Git Desu" # Core config gitea_db_type: postgres gitea_db_host: 192.168.164.156:5432 gitea_db_name: gitea-desultd gitea_db_user: gitea-desultd gitea_db_password: "{{ secret_gitea_db_pass }}" gitea_http_domain: git.desu.ltd gitea_oauth2_enabled: no gitea_root_url: https://git.desu.ltd gitea_shell: "/bin/bash" gitea_ssh_domain: git.desu.ltd gitea_ssh_port: 22 gitea_start_ssh: no gitea_user: git become: yes tags: [ web, gitea ]