Split out nginx sites.

author: Luke Hoersten <[email protected]> 2019-01-01 21:57:11 -0600
committer: Luke Hoersten <[email protected]> 2019-01-01 21:57:11 -0600
commit: bef0a0a3a662a83273d459d3c39eac3e1ee7b404 (patch)
tree: e054080243b6b9a374b37932c6244d46bd43a650 /roles
parent: 035f6e2253e1a3f3283ca3e0f7044da8880880e4 (diff)
16 files changed, 70 insertions, 56 deletions
diff --git a/roles/nginx/base/defaults/main.yaml b/roles/nginx/base/defaults/main.yaml
new file mode 100644
index 0000000..44b37f8
--- /dev/null
+++ b/roles/nginx/base/defaults/main.yaml
@@ -0,0 +1,3 @@
+---
+
+nginx_enable_ssl: No
diff --git a/roles/nginx/handlers/main.yaml b/roles/nginx/base/handlers/main.yaml
index 1feca07..1feca07 100644
--- a/roles/nginx/handlers/main.yaml
+++ b/roles/nginx/base/handlers/main.yaml
diff --git a/roles/nginx/tasks/certbot.yaml b/roles/nginx/base/tasks/certbot.yaml
index b7fbe8d..194f5c9 100644
--- a/roles/nginx/tasks/certbot.yaml
+++ b/roles/nginx/base/tasks/certbot.yaml
@@ -10,8 +10,3 @@
   become: yes
   apt: name="python-certbot-nginx"
   notify: restart nginx
-
-- name: install certbot in nginx
-  become: yes
-  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
-  notify: restart nginx
diff --git a/roles/nginx/base/tasks/main.yaml b/roles/nginx/base/tasks/main.yaml
new file mode 100644
index 0000000..ee66773
--- /dev/null
+++ b/roles/nginx/base/tasks/main.yaml
@@ -0,0 +1,17 @@
+---
+
+- name: install nginx packages
+  become: yes
+  apt: name="nginx"
+
+- name: disable default site
+  become: yes
+  file: path="/etc/nginx/sites-enabled/default" state="absent"
+  notify: restart nginx
+
+- import_tasks: certbot.yaml
+  when: nginx_enable_ssl
+
+- name: enable nginx service
+  become: yes
+  systemd: name="nginx" enabled="yes" state="started"
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
deleted file mode 100644
index 895ce1d..0000000
--- a/roles/nginx/defaults/main.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-nginx_enable_ssl: No
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_server_name: "{{ansible_host}}"
diff --git a/roles/nginx/site/defaults/main.yaml b/roles/nginx/site/defaults/main.yaml
new file mode 100644
index 0000000..0092918
--- /dev/null
+++ b/roles/nginx/site/defaults/main.yaml
@@ -0,0 +1,7 @@
+---
+
+nginx_port: 80
+nginx_ssl_port: 443
+nginx_server_name: "{{ansible_host}}"
+nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
+nginx_admin_email: "admin@{{nginx_server_name}}"
diff --git a/roles/nginx/site/handlers/main.yaml b/roles/nginx/site/handlers/main.yaml
new file mode 100644
index 0000000..1feca07
--- /dev/null
+++ b/roles/nginx/site/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+  become: yes
+  systemd: name="nginx" state="restarted" daemon_reload="yes"
diff --git a/roles/nginx/site/meta/main.yaml b/roles/nginx/site/meta/main.yaml
new file mode 100644
index 0000000..af2cf0f
--- /dev/null
+++ b/roles/nginx/site/meta/main.yaml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - nginx/base
diff --git a/roles/nginx/site/tasks/main.yaml b/roles/nginx/site/tasks/main.yaml
new file mode 100644
index 0000000..9b51013
--- /dev/null
+++ b/roles/nginx/site/tasks/main.yaml
@@ -0,0 +1,20 @@
+---
+
+- name: install site
+  become: yes
+  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
+  notify: restart nginx
+
+- name: install certbot in nginx
+  become: yes
+  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
+  notify: restart nginx
+  when: nginx_enable_ssl
+
+- name: enable site
+  become: yes
+  file:
+    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
+    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+    state: "link"
+  notify: restart nginx
diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml
deleted file mode 100644
index 77448ff..0000000
--- a/roles/nginx/tasks/main.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-
-- name: set hostname in OS
-  become: yes
-  hostname: name="{{inventory_hostname}}"
-
-- name: change timezone to UTC
-  become: yes
-  timezone: name="UTC"
-
-- name: install nginx packages
-  become: yes
-  apt: name="nginx"
-
-- name: disable default site
-  become: yes
-  file: path="/etc/nginx/sites-enabled/default" state="absent"
-  notify: restart nginx
-
-- name: install site
-  become: yes
-  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
-  notify: restart nginx
-
-- import_tasks: certbot.yaml
-  when: nginx_enable_ssl
-
-- name: enable site
-  become: yes
-  file:
-    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
-    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
-    state: "link"
-  notify: restart nginx
-
-- name: enable nginx service
-  become: yes
-  systemd: name="nginx" enabled="yes" state="started"
diff --git a/roles/pleroma/defaults/main.yaml b/roles/pleroma/defaults/main.yaml
index 94c39a1..c9cbf1d 100644
--- a/roles/pleroma/defaults/main.yaml
+++ b/roles/pleroma/defaults/main.yaml
@@ -4,8 +4,9 @@ pleroma_user: "pleroma"
 pleroma_instance_name: "{{pleroma_host}}"
 pleroma_desc: "A Pleroma fediverse instance."
 pleroma_host: "localhost"
-pleroma_scheme: "https"
-pleroma_port: 443
+pleroma_scheme: "http"
+pleroma_port: 4000
+pleroma_url: "{{pleroma_scheme}}://{{pleroma_host}}:{{pleroma_port}}"
 pleroma_admin_email: "admin@{{pleroma_host}}"
 pleroma_char_limit: 5000
 pleroma_signup_open: "true"
diff --git a/roles/pleroma/handlers/main.yaml b/roles/pleroma/handlers/main.yaml
index 452811a..b935f8d 100644
--- a/roles/pleroma/handlers/main.yaml
+++ b/roles/pleroma/handlers/main.yaml
@@ -2,4 +2,4 @@
 
 - name: restart pleroma
   become: yes
-  systemd: name="pleroma" state="restarted" daemon_reload="yes"
+  systemd: name="{{pleroma_user}}" state="restarted" daemon_reload="yes"
diff --git a/roles/pleroma/meta/main.yaml b/roles/pleroma/meta/main.yaml
new file mode 100644
index 0000000..efae8cd
--- /dev/null
+++ b/roles/pleroma/meta/main.yaml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - nginx/site
diff --git a/roles/pleroma/tasks/main.yaml b/roles/pleroma/tasks/main.yaml
index 9d1a746..0d4ed29 100644
--- a/roles/pleroma/tasks/main.yaml
+++ b/roles/pleroma/tasks/main.yaml
@@ -75,12 +75,12 @@
 - name: install pleroma systemd service
   template:
     src: "pleroma.service.j2"
-    dest: "/lib/systemd/system/pleroma.service"
+    dest: "/lib/systemd/system/{{pleroma_user}}.service"
     owner: "{{pleroma_user}}"
     group: "{{pleroma_user}}"
     mode: "0770"
   become: yes
 
 - name: enable pleroma systemd service
-  systemd: name="pleroma" enabled="yes" state="started"
+  systemd: name="{{pleroma_user}}" enabled="yes" state="started"
   become: yes
diff --git a/roles/pleroma/templates/pleroma.nginx.conf.j2 b/roles/pleroma/templates/pleroma.nginx.conf.j2
index df35be6..34cec8a 100644
--- a/roles/pleroma/templates/pleroma.nginx.conf.j2
+++ b/roles/pleroma/templates/pleroma.nginx.conf.j2
@@ -81,7 +81,7 @@ server {
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;
 
-        proxy_pass {{nginx_proxy}};
+        proxy_pass {{pleroma_url}};
 
         client_max_body_size 16m;
     }
@@ -90,6 +90,6 @@ server {
         proxy_cache pleroma_media_cache;
         proxy_cache_lock on;
         proxy_ignore_client_abort on;
-        proxy_pass {{nginx_proxy}};
+        proxy_pass {{pleroma_url}};
     }
 }
diff --git a/roles/pleroma/templates/pleroma.service.j2 b/roles/pleroma/templates/pleroma.service.j2
index e1cfd57..15a0879 100644
--- a/roles/pleroma/templates/pleroma.service.j2
+++ b/roles/pleroma/templates/pleroma.service.j2
@@ -1,3 +1,5 @@
+# {{ansible_managed}}
+
 [Unit]
 Description=Pleroma social network
 After=network.target postgresql.service
author	Luke Hoersten <[email protected]>	2019-01-01 21:57:11 -0600
committer	Luke Hoersten <[email protected]>	2019-01-01 21:57:11 -0600
commit	bef0a0a3a662a83273d459d3c39eac3e1ee7b404 (patch)
tree	e054080243b6b9a374b37932c6244d46bd43a650 /roles
parent	035f6e2253e1a3f3283ca3e0f7044da8880880e4 (diff)