commit 8047cf0946121ee0acb8c679540ff60e1dd81949
parent e53422183b568f76081d8ab575c2c2946e0530cb
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sat, 14 Nov 2020 21:58:10 +0100
parent e53422183b568f76081d8ab575c2c2946e0530cb
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sat, 14 Nov 2020 21:58:10 +0100
add pleroma
3 files changed, 130 insertions(+), 70 deletions(-)
diff --git a/playbooks.yml b/playbooks.yml @@ -8,73 +8,6 @@ -- hosts: taurus - name: Install taurus - roles: -# - common -# - bind -# - acme-redirect -# - nginx -# - syncthing -# - websites - vars: - network: - interface: eth0 - hostname: taurus - domain: ctu.cx - nameservers: - - 1.1.1.1 - - 8.8.8.8 - ipv4: - address: 37.221.196.131 - gateway: 37.221.196.1 - netmask: 255.255.255.0 - ipv6: - address: 2a03:4000:9:f8::1 - gateway: fe80::1 - netmask: 64 - bind: - type: slave - masters: - - 46.38.253.139 - domains: - - ctu.cx - - ctucx.de - - ctucx.network - - thein.ovh - - antifa.jetzt - - antifa.life - - antifa.email - - oeffisear.ch - nginx: - ssl_cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey" - acme_redirect_certs: - taurus.ctu.cx: - dns_names: - - taurus.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/taurus.ctu.cx - - sudo rc-service nginx restart - syncthing.ctu.cx: - dns_names: - - syncthing.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.ctu.cx - - sudo rc-service nginx restart - photos.ctu.cx: - dns_names: - - photos.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/photo.ctu.cx - - sudo rc-service nginx restart - syncthing: - domain: "syncthing.ctu.cx" - ssl_cert: "/var/lib/acme-redirect/live/syncthing.ctu.cx/fullchain" - ssl_privkey: "/var/lib/acme-redirect/live/syncthing.ctu.cx/privkey" - - - - hosts: wanderduene name: Install wanderduene roles: @@ -89,9 +22,9 @@ # - prometheus # - radicale # - websites -# - pleroma + - pleroma # - synapse - - grafana +# - grafana vars: network: interface: eth0 @@ -172,6 +105,12 @@ renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/grafana.ctu.cx - sudo rc-service nginx restart + pleroma.ctu.cx: + dns_names: + - pleroma.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/pleroma.ctu.cx + - sudo rc-service nginx restart oeffisear.ch: dns_names: - oeffisear.ch @@ -209,4 +148,74 @@ domain: "grafana.ctu.cx" ssl_cert: "/var/lib/acme-redirect/live/grafana.ctu.cx/fullchain" ssl_privkey: "/var/lib/acme-redirect/live/grafana.ctu.cx/privkey" + pleroma: + domain: "pleroma.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/pleroma.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/pleroma.ctu.cx/privkey" gitolite_initialKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw/G6x8H3ojvHx3NsTswBMMmOhp48F3rea0GUniKSvRLMRIti5b7Q4P4FXnkQEtuNSR3u7gE5r4EacaLaIx7Az9SgHRoE+hdzSo4mPAwKTx/E3HZgIjdZhTDL8PAn4SZZT6RBqr/uGb+x9fdIjY0FbdNBLjq0MNnG3T+qd1joUL8JXoS7F//ac52RhHlsA5qJXFDOhpqR/7hRMwOFNH0GKaLN1xQKcOjhpIcdswpOf8kRDVpT7xOYwfXCFF4MaY2M8047WKarvEnGdADIIw6bvWsdJINehtOQmYEFRaMuaWp1d9bglZXZKPQKNubv5lqneMP4AI7ImDYjgW6eNLIT1 cardno:000603502829" + + +- hosts: taurus + name: Install taurus + roles: +# - common +# - bind +# - acme-redirect +# - nginx +# - syncthing +# - websites + vars: + network: + interface: eth0 + hostname: taurus + domain: ctu.cx + nameservers: + - 1.1.1.1 + - 8.8.8.8 + ipv4: + address: 37.221.196.131 + gateway: 37.221.196.1 + netmask: 255.255.255.0 + ipv6: + address: 2a03:4000:9:f8::1 + gateway: fe80::1 + netmask: 64 + bind: + type: slave + masters: + - 46.38.253.139 + domains: + - ctu.cx + - ctucx.de + - ctucx.network + - thein.ovh + - antifa.jetzt + - antifa.life + - antifa.email + - oeffisear.ch + nginx: + ssl_cert: "/var/lib/acme-redirect/live/taurus.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/taurus.ctu.cx/privkey" + acme_redirect_certs: + taurus.ctu.cx: + dns_names: + - taurus.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/taurus.ctu.cx + - sudo rc-service nginx restart + syncthing.ctu.cx: + dns_names: + - syncthing.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.ctu.cx + - sudo rc-service nginx restart + photos.ctu.cx: + dns_names: + - photos.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/photo.ctu.cx + - sudo rc-service nginx restart + syncthing: + domain: "syncthing.ctu.cx" + ssl_cert: "/var/lib/acme-redirect/live/syncthing.ctu.cx/fullchain" + ssl_privkey: "/var/lib/acme-redirect/live/syncthing.ctu.cx/privkey"
diff --git a/roles/pleroma/tasks/main.yml b/roles/pleroma/tasks/main.yml @@ -18,6 +18,12 @@ state: present update_cache: yes +- service: + name: pleroma + enabled: no + state: stopped + + - name: create pleroma group group: name: pleroma @@ -63,9 +69,35 @@ remote_src: yes src: /opt/pleroma/installation/init.d/pleroma dest: /etc/init.d/pleroma - mode: 755 + mode: 0755 + +- name: copy config file into place + copy: + src: config-files/pleroma/config.exs + dest: /etc/pleroma/config.exs + mode: 0755 + owner: pleroma + group: pleroma + +- name: copy nginx-vhost for pleroma to destination host + template: + src: pleroma-vhost.conf.j2 + dest: /etc/nginx/conf.d/pleroma.conf + mode: 0644 + owner: nginx + group: nginx - service: name: postgresql enabled: yes + state: started + +- service: + name: pleroma + enabled: yes + state: stopped + +- service: + name: nginx + enabled: yes state: restarted
diff --git a/roles/pleroma/templates/pleroma-vhost.conf.j2 b/roles/pleroma/templates/pleroma-vhost.conf.j2 @@ -0,0 +1,19 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate "{{pleroma.ssl_cert}}"; + ssl_certificate_key "{{pleroma.ssl_privkey}}"; + include /etc/nginx/ssl.conf; + + server_name {{pleroma.domain}}; + + + location / { + proxy_pass http://localhost:4000/; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +}