# HG changeset patch # User Luke Hoersten # Date 1546401431 21600 # Node ID bd34ae0826972cce9fce48227610cbf3dc75b3f4 # Parent 652a236229c20889c1b28dd4da899609eac172db Split out nginx sites. diff -r 652a236229c2 -r bd34ae082697 main.yaml --- a/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ b/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -8,7 +8,33 @@ become: yes raw: "apt-get install python -y" -- hosts: all + - name: set hostname in OS + become: yes + hostname: name="{{inventory_hostname}}" + + - name: change timezone to UTC + become: yes + timezone: name="UTC" + +- hosts: pleroma-01 roles: - - nginx - - pleroma + - role: pleroma + pleroma_host: "haskell.social" + pleroma_user: "pleroma_haskell_social" + pleroma_port: 4000 + + - role: pleroma + pleroma_host: "nth.io" + pleroma_user: "pleroma_nth_io" + pleroma_port: 4001 + + +# - hosts: haskell.social +# roles: +# - nginx +# - pleroma + +# - hosts: nth.io +# roles: +# - nginx +# - pleroma diff -r 652a236229c2 -r bd34ae082697 roles/nginx/base/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/base/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,3 @@ +--- + +nginx_enable_ssl: No diff -r 652a236229c2 -r bd34ae082697 roles/nginx/base/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/base/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,5 @@ +--- + +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/base/tasks/certbot.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/base/tasks/certbot.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,12 @@ +--- + +# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx + +- name: add certbot (letsencrypt) repo + become: yes + apt_repository: repo="ppa:certbot/certbot" + +- name: install nginx packages + become: yes + apt: name="python-certbot-nginx" + notify: restart nginx diff -r 652a236229c2 -r bd34ae082697 roles/nginx/base/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/base/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,17 @@ +--- + +- name: install nginx packages + become: yes + apt: name="nginx" + +- name: disable default site + become: yes + file: path="/etc/nginx/sites-enabled/default" state="absent" + notify: restart nginx + +- import_tasks: certbot.yaml + when: nginx_enable_ssl + +- name: enable nginx service + become: yes + systemd: name="nginx" enabled="yes" state="started" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/defaults/main.yaml --- a/roles/nginx/defaults/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ ---- - -nginx_enable_ssl: No -nginx_port: 80 -nginx_ssl_port: 443 -nginx_server_name: "{{ansible_host}}" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/handlers/main.yaml --- a/roles/nginx/handlers/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ ---- - -- name: restart nginx - become: yes - systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/site/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/site/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,7 @@ +--- + +nginx_port: 80 +nginx_ssl_port: 443 +nginx_server_name: "{{ansible_host}}" +nginx_conf_dst: "{{nginx_server_name}}.nginx.conf" +nginx_admin_email: "admin@{{nginx_server_name}}" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/site/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/site/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,5 @@ +--- + +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff -r 652a236229c2 -r bd34ae082697 roles/nginx/site/meta/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/site/meta/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,4 @@ +--- + +dependencies: + - nginx/base diff -r 652a236229c2 -r bd34ae082697 roles/nginx/site/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/nginx/site/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,20 @@ +--- + +- name: install site + become: yes + template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" + notify: restart nginx + +- name: install certbot in nginx + become: yes + command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" + notify: restart nginx + when: nginx_enable_ssl + +- name: enable site + become: yes + file: + src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" + dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" + state: "link" + notify: restart nginx diff -r 652a236229c2 -r bd34ae082697 roles/nginx/tasks/certbot.yaml --- a/roles/nginx/tasks/certbot.yaml Mon Dec 31 15:50:19 2018 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,17 +0,0 @@ ---- - -# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx - -- name: add certbot (letsencrypt) repo - become: yes - apt_repository: repo="ppa:certbot/certbot" - -- name: install nginx packages - become: yes - apt: name="python-certbot-nginx" - notify: restart nginx - -- name: install certbot in nginx - become: yes - command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" - notify: restart nginx diff -r 652a236229c2 -r bd34ae082697 roles/nginx/tasks/main.yaml --- a/roles/nginx/tasks/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,38 +0,0 @@ ---- - -- name: set hostname in OS - become: yes - hostname: name="{{inventory_hostname}}" - -- name: change timezone to UTC - become: yes - timezone: name="UTC" - -- name: install nginx packages - become: yes - apt: name="nginx" - -- name: disable default site - become: yes - file: path="/etc/nginx/sites-enabled/default" state="absent" - notify: restart nginx - -- name: install site - become: yes - template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" - notify: restart nginx - -- import_tasks: certbot.yaml - when: nginx_enable_ssl - -- name: enable site - become: yes - file: - src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" - dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" - state: "link" - notify: restart nginx - -- name: enable nginx service - become: yes - systemd: name="nginx" enabled="yes" state="started" diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/defaults/main.yaml --- a/roles/pleroma/defaults/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ b/roles/pleroma/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -4,8 +4,9 @@ pleroma_instance_name: "{{pleroma_host}}" pleroma_desc: "A Pleroma fediverse instance." pleroma_host: "localhost" -pleroma_scheme: "https" -pleroma_port: 443 +pleroma_scheme: "http" +pleroma_port: 4000 +pleroma_url: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}" pleroma_admin_email: "admin@{{pleroma_host}}" pleroma_char_limit: 5000 pleroma_signup_open: "true" diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/handlers/main.yaml --- a/roles/pleroma/handlers/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ b/roles/pleroma/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -2,4 +2,4 @@ - name: restart pleroma become: yes - systemd: name="pleroma" state="restarted" daemon_reload="yes" + systemd: name="{{pleroma_user}}" state="restarted" daemon_reload="yes" diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/meta/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/roles/pleroma/meta/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -0,0 +1,4 @@ +--- + +dependencies: + - nginx/site diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/tasks/main.yaml --- a/roles/pleroma/tasks/main.yaml Mon Dec 31 15:50:19 2018 -0600 +++ b/roles/pleroma/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600 @@ -75,12 +75,12 @@ - name: install pleroma systemd service template: src: "pleroma.service.j2" - dest: "/lib/systemd/system/pleroma.service" + dest: "/lib/systemd/system/{{pleroma_user}}.service" owner: "{{pleroma_user}}" group: "{{pleroma_user}}" mode: "0770" become: yes - name: enable pleroma systemd service - systemd: name="pleroma" enabled="yes" state="started" + systemd: name="{{pleroma_user}}" enabled="yes" state="started" become: yes diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/templates/pleroma.nginx.conf.j2 --- a/roles/pleroma/templates/pleroma.nginx.conf.j2 Mon Dec 31 15:50:19 2018 -0600 +++ b/roles/pleroma/templates/pleroma.nginx.conf.j2 Tue Jan 01 21:57:11 2019 -0600 @@ -81,7 +81,7 @@ proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; - proxy_pass {{nginx_proxy}}; + proxy_pass {{pleroma_url}}; client_max_body_size 16m; } @@ -90,6 +90,6 @@ proxy_cache pleroma_media_cache; proxy_cache_lock on; proxy_ignore_client_abort on; - proxy_pass {{nginx_proxy}}; + proxy_pass {{pleroma_url}}; } } diff -r 652a236229c2 -r bd34ae082697 roles/pleroma/templates/pleroma.service.j2 --- a/roles/pleroma/templates/pleroma.service.j2 Mon Dec 31 15:50:19 2018 -0600 +++ b/roles/pleroma/templates/pleroma.service.j2 Tue Jan 01 21:57:11 2019 -0600 @@ -1,3 +1,5 @@ +# {{ansible_managed}} + [Unit] Description=Pleroma social network After=network.target postgresql.service