192 lines
5.8 KiB
YAML
Executable File
192 lines
5.8 KiB
YAML
Executable File
#!/usr/bin/env ansible-playbook
|
|
# vim:ft=ansible:
|
|
# Webservers
|
|
---
|
|
- hosts: web1.desu.ltd
|
|
vars_files:
|
|
- vars/apache.yml
|
|
- vars/php-fpm.yml
|
|
- vars/desultd-apache.yml
|
|
- vars/desultd-certbot.yml
|
|
- vars/desultd-nextcloud.yml
|
|
module_defaults:
|
|
docker_container:
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
pull: yes
|
|
tasks:
|
|
- name: include tasks for apps
|
|
include_tasks: tasks/app/{{ task }}
|
|
with_items:
|
|
- gulagbot.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
- name: include tasks for web services
|
|
include_tasks: tasks/web/{{ task }}
|
|
with_items:
|
|
- 9iron.yml
|
|
- desultd.yml
|
|
- gitea.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
- name: configure nextcloud cronjob
|
|
cron: user=www-data name=nextcloud minute=*/5 job="php -f /var/www/nc.desu.ltd/cron.php"
|
|
tags: [ nextcloud, cron ]
|
|
roles:
|
|
- role: backup
|
|
vars:
|
|
backup_s3backup_list_extra:
|
|
- /app/gitea/gitea
|
|
- /data
|
|
- /var/www/nc.desu.ltd
|
|
- /var/www/srv.9iron.club
|
|
- /srv/desu.ltd
|
|
backup_s3backup_exclude_list_extra:
|
|
- /var/lib/gitea/log
|
|
- /data/gitea/data/gitea/log
|
|
tags: [ backup ]
|
|
- role: certbot
|
|
tags: [ web, certbot ]
|
|
- role: php
|
|
tags: [ web, php ]
|
|
- role: apache
|
|
tags: [ web, apache ]
|
|
- role: git
|
|
vars:
|
|
git_repos:
|
|
- repo: https://git.desu.ltd/salt/gitea-custom
|
|
dest: /data/gitea/data/gitea/custom
|
|
tags: [ web, git ]
|
|
- role: nextcloud
|
|
tags: [ web, nextcloud ]
|
|
- hosts: web2.desu.ltd
|
|
module_defaults:
|
|
docker_container:
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
pull: yes
|
|
tasks:
|
|
- name: ensure docker network
|
|
docker_network: name=web
|
|
tags: [ docker ]
|
|
- name: ensure docker nginx config
|
|
copy:
|
|
dest: /data/nginx-certbot/user_conf.d/vhosts.conf
|
|
mode: "0750"
|
|
content: |
|
|
server {
|
|
listen 443 ssl default_server;
|
|
server_name cowfee.moe;
|
|
ssl_certificate /etc/letsencrypt/live/cowfee.moe/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/cowfee.moe/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/cowfee.moe/chain.pem;
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://pleroma:4000;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name tube.cowfee.moe;
|
|
ssl_certificate /etc/letsencrypt/live/cowfee.moe/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/cowfee.moe/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/cowfee.moe/chain.pem;
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://peertube:9000;
|
|
}
|
|
}
|
|
tags: [ docker, ingress ]
|
|
- name: include tasks for apps
|
|
include_tasks: tasks/app/{{ task }}
|
|
with_items:
|
|
- redis.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
- name: include tasks for web services
|
|
include_tasks: tasks/web/{{ task }}
|
|
with_items:
|
|
- peertube.yml
|
|
- pleroma.yml
|
|
- ingress-generic.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
roles:
|
|
- role: backup
|
|
vars:
|
|
backup_s3backup_list_extra:
|
|
- /data
|
|
tags: [ backup ]
|
|
- hosts: web3.desu.ltd
|
|
module_defaults:
|
|
docker_container:
|
|
state: started
|
|
restart_policy: unless-stopped
|
|
pull: yes
|
|
tasks:
|
|
- name: ensure docker network
|
|
docker_network: name=web
|
|
tags: [ docker ]
|
|
- name: ensure docker nginx config
|
|
copy:
|
|
dest: /data/nginx-certbot/user_conf.d/vhosts.conf
|
|
mode: "0750"
|
|
content: |
|
|
server {
|
|
listen 443 ssl default_server;
|
|
server_name netbox.desu.ltd;
|
|
ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem;
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://netbox:8080;
|
|
}
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name nagios.desu.ltd;
|
|
ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem;
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://nagios:80;
|
|
}
|
|
}
|
|
tags: [ docker, ingress ]
|
|
- name: include tasks for apps
|
|
include_tasks: tasks/app/{{ task }}
|
|
with_items:
|
|
- redis.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
- name: include tasks for web services
|
|
include_tasks: tasks/web/{{ task }}
|
|
with_items:
|
|
- netbox.yml
|
|
- nagios.yml
|
|
- ingress-generic.yml
|
|
loop_control:
|
|
loop_var: task
|
|
tags: [ always ]
|
|
roles:
|
|
- role: backup
|
|
vars:
|
|
backup_s3backup_list_extra:
|
|
- /data
|
|
tags: [ backup ]
|