Split out nginx sites.
--- a/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ b/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -8,7 +8,33 @@
become: yes
raw: "apt-get install python -y"
-- hosts: all
+ - name: set hostname in OS
+ become: yes
+ hostname: name="{{inventory_hostname}}"
+
+ - name: change timezone to UTC
+ become: yes
+ timezone: name="UTC"
+
+- hosts: pleroma-01
roles:
- - nginx
- - pleroma
+ - role: pleroma
+ pleroma_host: "haskell.social"
+ pleroma_user: "pleroma_haskell_social"
+ pleroma_port: 4000
+
+ - role: pleroma
+ pleroma_host: "nth.io"
+ pleroma_user: "pleroma_nth_io"
+ pleroma_port: 4001
+
+
+# - hosts: haskell.social
+# roles:
+# - nginx
+# - pleroma
+
+# - hosts: nth.io
+# roles:
+# - nginx
+# - pleroma
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/base/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,3 @@
+---
+
+nginx_enable_ssl: No
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/base/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+ become: yes
+ systemd: name="nginx" state="restarted" daemon_reload="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/base/tasks/certbot.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,12 @@
+---
+
+# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
+
+- name: add certbot (letsencrypt) repo
+ become: yes
+ apt_repository: repo="ppa:certbot/certbot"
+
+- name: install nginx packages
+ become: yes
+ apt: name="python-certbot-nginx"
+ notify: restart nginx
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/base/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,17 @@
+---
+
+- name: install nginx packages
+ become: yes
+ apt: name="nginx"
+
+- name: disable default site
+ become: yes
+ file: path="/etc/nginx/sites-enabled/default" state="absent"
+ notify: restart nginx
+
+- import_tasks: certbot.yaml
+ when: nginx_enable_ssl
+
+- name: enable nginx service
+ become: yes
+ systemd: name="nginx" enabled="yes" state="started"
--- a/roles/nginx/defaults/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
----
-
-nginx_enable_ssl: No
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_server_name: "{{ansible_host}}"
--- a/roles/nginx/handlers/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: restart nginx
- become: yes
- systemd: name="nginx" state="restarted" daemon_reload="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/site/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,7 @@
+---
+
+nginx_port: 80
+nginx_ssl_port: 443
+nginx_server_name: "{{ansible_host}}"
+nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
+nginx_admin_email: "admin@{{nginx_server_name}}"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/site/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+ become: yes
+ systemd: name="nginx" state="restarted" daemon_reload="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/site/meta/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - nginx/base
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/nginx/site/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,20 @@
+---
+
+- name: install site
+ become: yes
+ template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
+ notify: restart nginx
+
+- name: install certbot in nginx
+ become: yes
+ command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
+ notify: restart nginx
+ when: nginx_enable_ssl
+
+- name: enable site
+ become: yes
+ file:
+ src: "/etc/nginx/sites-available/{{nginx_conf_dst}}"
+ dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+ state: "link"
+ notify: restart nginx
--- a/roles/nginx/tasks/certbot.yaml Mon Dec 31 15:50:19 2018 -0600
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
----
-
-# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
-
-- name: add certbot (letsencrypt) repo
- become: yes
- apt_repository: repo="ppa:certbot/certbot"
-
-- name: install nginx packages
- become: yes
- apt: name="python-certbot-nginx"
- notify: restart nginx
-
-- name: install certbot in nginx
- become: yes
- command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
- notify: restart nginx
--- a/roles/nginx/tasks/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
----
-
-- name: set hostname in OS
- become: yes
- hostname: name="{{inventory_hostname}}"
-
-- name: change timezone to UTC
- become: yes
- timezone: name="UTC"
-
-- name: install nginx packages
- become: yes
- apt: name="nginx"
-
-- name: disable default site
- become: yes
- file: path="/etc/nginx/sites-enabled/default" state="absent"
- notify: restart nginx
-
-- name: install site
- become: yes
- template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
- notify: restart nginx
-
-- import_tasks: certbot.yaml
- when: nginx_enable_ssl
-
-- name: enable site
- become: yes
- file:
- src: "/etc/nginx/sites-available/{{nginx_conf_dst}}"
- dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
- state: "link"
- notify: restart nginx
-
-- name: enable nginx service
- become: yes
- systemd: name="nginx" enabled="yes" state="started"
--- a/roles/pleroma/defaults/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ b/roles/pleroma/defaults/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -4,8 +4,9 @@
pleroma_instance_name: "{{pleroma_host}}"
pleroma_desc: "A Pleroma fediverse instance."
pleroma_host: "localhost"
-pleroma_scheme: "https"
-pleroma_port: 443
+pleroma_scheme: "http"
+pleroma_port: 4000
+pleroma_url: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
pleroma_admin_email: "admin@{{pleroma_host}}"
pleroma_char_limit: 5000
pleroma_signup_open: "true"
--- a/roles/pleroma/handlers/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ b/roles/pleroma/handlers/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -2,4 +2,4 @@
- name: restart pleroma
become: yes
- systemd: name="pleroma" state="restarted" daemon_reload="yes"
+ systemd: name="{{pleroma_user}}" state="restarted" daemon_reload="yes"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/roles/pleroma/meta/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - nginx/site
--- a/roles/pleroma/tasks/main.yaml Mon Dec 31 15:50:19 2018 -0600
+++ b/roles/pleroma/tasks/main.yaml Tue Jan 01 21:57:11 2019 -0600
@@ -75,12 +75,12 @@
- name: install pleroma systemd service
template:
src: "pleroma.service.j2"
- dest: "/lib/systemd/system/pleroma.service"
+ dest: "/lib/systemd/system/{{pleroma_user}}.service"
owner: "{{pleroma_user}}"
group: "{{pleroma_user}}"
mode: "0770"
become: yes
- name: enable pleroma systemd service
- systemd: name="pleroma" enabled="yes" state="started"
+ systemd: name="{{pleroma_user}}" enabled="yes" state="started"
become: yes
--- a/roles/pleroma/templates/pleroma.nginx.conf.j2 Mon Dec 31 15:50:19 2018 -0600
+++ b/roles/pleroma/templates/pleroma.nginx.conf.j2 Tue Jan 01 21:57:11 2019 -0600
@@ -81,7 +81,7 @@
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
- proxy_pass {{nginx_proxy}};
+ proxy_pass {{pleroma_url}};
client_max_body_size 16m;
}
@@ -90,6 +90,6 @@
proxy_cache pleroma_media_cache;
proxy_cache_lock on;
proxy_ignore_client_abort on;
- proxy_pass {{nginx_proxy}};
+ proxy_pass {{pleroma_url}};
}
}
--- a/roles/pleroma/templates/pleroma.service.j2 Mon Dec 31 15:50:19 2018 -0600
+++ b/roles/pleroma/templates/pleroma.service.j2 Tue Jan 01 21:57:11 2019 -0600
@@ -1,3 +1,5 @@
+# {{ansible_managed}}
+
[Unit]
Description=Pleroma social network
After=network.target postgresql.service