ansible/playbooks/prod_web.yml

147 lines
4.3 KiB
YAML
Executable File

#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
# Webservers
---
- hosts: web1.dallas.mgmt.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
- name: include tasks for applications
include_tasks: tasks/{{ item }}
with_items:
- app/gulagbot.yml
- app/redis.yml
- web/9iron.yml
- web/desultd.yml
- web/gitea.yml
- web/nextcloud.yml
- web/srv.yml
tags: [ always ]
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /app/gitea/gitea
- /data
- /srv/desu.ltd
backup_s3backup_exclude_list_extra:
- /var/lib/gitea/log
- /data/gitea/data/gitea/log
tags: [ backup ]
- role: git
vars:
git_repos:
- repo: https://git.desu.ltd/salt/gitea-custom
dest: /data/gitea/data/gitea/custom
tags: [ web, git ]
- role: ingress
vars:
ingress_servers:
# desu.ltd
- name: desu.ltd
proxy_pass: http://desultd:80
locations:
- location: /.well-known/matrix/server
contents: |
default_type application/json;
return 200 '{"m.server":"matrix.desu.ltd:443"}';
- location: /.well-known/matrix/client
contents: |
default_type application/json;
return 200 '{"m.homeserver":{"base_url":"https://matrix.desu.ltd"}}';
- name: git.desu.ltd
proxy_pass: http://gitea:3000
- name: nc.desu.ltd
directives:
- "add_header Strict-Transport-Security \"max-age=31536000\""
- "client_max_body_size 0"
proxy_pass: http://nextcloud:80
locations:
- location: "^~ /.well-known"
contents: |
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location ^~ /.well-known { return 301 /index.php$uri; }
try_files $uri $uri/ =404;
# 9iron
- name: www.9iron.club
directives:
- "return 301 $scheme://9iron.club$request_uri"
- name: 9iron.club
proxy_pass: http://9iron:80
- name: srv.9iron.club
proxy_pass: http://srv:80
tags: [ web, docker, ingress ]
- hosts: web2.dallas.mgmt.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
- name: include tasks for applications
include_tasks: tasks/{{ item }}
with_items:
- app/redis.yml
- web/peertube.yml
- web/pleroma.yml
tags: [ always ]
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /data
tags: [ backup ]
- role: ingress
vars:
ingress_servers:
- name: cowfee.moe
proxy_pass: http://pleroma:4000
- name: tube.cowfee.moe
proxy_pass: http://peertube:9000
tags: [ web, docker, ingress ]
- hosts: web3.dallas.mgmt.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
tasks:
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
- name: include tasks for applications
include_tasks: tasks/{{ item }}
with_items:
- app/redis.yml
- web/movienight.yml
- web/netbox.yml
# TODO: Replace this with Naemon(?)
- web/nagios.yml
tags: [ always ]
roles:
- role: backup
vars:
backup_s3backup_list_extra:
- /data
tags: [ backup ]
- role: ingress
vars:
ingress_servers:
- name: netbox.desu.ltd
proxy_pass: http://netbox:8080
- name: nagios.desu.ltd
proxy_pass: http://nagios:80
- name: movie.desu.ltd
proxy_pass: http://movienight:8089
tags: [ web, docker, ingress ]