mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mariadb-nocow
infrastructure/playbooks/apollo.yml
Jelle van der Waa 02b04fab82
Migrate dbscripts, sogrep, archweb related services for mirrors to 
gemini
2020-06-25 23:38:24 +02:00

59 lines
2.6 KiB
YAML
Raw Permalink Blame History

---
- name: "prepare postgres ssl hosts list"
hosts: apollo.archlinux.org
tasks:
- name: assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact: postgres_ssl_hosts4="{{ [orion4] + detected_ips }}"
vars:
orion4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
tags: ["postgres", "firewall"]
- name: assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact: postgres_ssl_hosts6="{{ [orion6] + detected_ips }}"
vars:
orion6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
tags: ["postgres", "firewall"]
- name: setup apollo
hosts: apollo.archlinux.org
remote_user: root
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: borg-client, tags: ["borg"] }
- { role: certbot }
- { role: nginx }
- { role: spampd, tags: ["mail"] }
- { role: unbound, tags: ["mail"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail"] }
- { role: opendkim, dkim_selector: apollo, tags: ['mail'] }
- { role: postfwd, tags: ['mail'] }
- role: postgres
postgres_listen_addresses: "*"
postgres_max_connections: 1000
postgres_ssl: 'on'
postgres_shared_buffers: 4096MB
- { role: mariadb, mariadb_innodb_buffer_pool_size: '64M', mariadb_table_open_cache: '256', mariadb_query_cache_type: '0',
mariadb_innodb_file_per_table: True }
- { role: sudo }
- { role: uwsgi }
- { role: php-fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'] }
- { role: memcached }
- { role: archweb, archweb_planet: true }
- role: security_tracker
security_tracker_domain: "security.archlinux.org"
security_tracker_nginx_conf: '/etc/nginx/nginx.d/security-tracker.conf'
security_tracker_dir: "/srv/http/security-tracker"
- { role: mailman, mailman_domain: "lists.archlinux.org" }
- { role: patchwork }
- { role: kanboard }
- { role: zabbix-server, tags: ["zabbix"] }
- { role: grafana }
- { role: archwiki }
- { role: conf.archlinux.org }
- { role: fail2ban }
View Git Blame Copy Permalink