mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-25 11:01:03 +02:00
61 lines
3.0 KiB
YAML
61 lines
3.0 KiB
YAML
---
|
|
|
|
- name: "prepare postgres ssl hosts list"
|
|
hosts: apollo.archlinux.org
|
|
tasks:
|
|
- set_fact: postgres_ssl_hosts4="{{ [orion4] + detected_ips}}"
|
|
vars:
|
|
orion4: "{{ hostvars['orion.archlinux.org']['ipv4_address'] }}/32"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list}}"
|
|
tags: ["postgres", "firewall"]
|
|
- set_fact: postgres_ssl_hosts6="{{ [orion6] + detected_ips}}"
|
|
vars:
|
|
orion6: "{{ hostvars['orion.archlinux.org']['ipv6_address'] }}/128"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list}}"
|
|
tags: ["postgres", "firewall"]
|
|
|
|
- name: setup apollo
|
|
hosts: apollo.archlinux.org
|
|
remote_user: root
|
|
roles:
|
|
- { role: common, tags: ['common'] }
|
|
- { role: tools, tags: ['tools'] }
|
|
- { role: sshd, tags: ['sshd'] }
|
|
- { role: root_ssh, tags: ['root_ssh'] }
|
|
- { role: borg-client, tags: ["borg"] }
|
|
- { role: certbot }
|
|
- { role: nginx, tags: ["nginx"] }
|
|
- { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
|
|
- { role: spampd, tags: ["mail", "spampd"] }
|
|
- { role: unbound, tags: ["mail", "unbound"] }
|
|
- { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail", "postfix"] }
|
|
- { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
|
|
- { role: postfwd, tags: ['mail', "postfwd"] }
|
|
- role: postgres
|
|
postgres_listen_addresses: "*"
|
|
postgres_max_connections: 1000
|
|
postgres_ssl: 'on'
|
|
postgres_shared_buffers: 4096MB
|
|
tags: ['postgres']
|
|
- { role: mariadb, mariadb_innodb_buffer_pool_size: '64M', mariadb_table_open_cache: '256', mariadb_query_cache_type: '0',
|
|
mariadb_innodb_file_per_table: True, tags: ["mariadb"] }
|
|
- { role: sudo, tags: ['sudo'] }
|
|
- { role: uwsgi, tags: ['uwsgi'] }
|
|
- { role: php-fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'], tags: ["php-fpm"] }
|
|
- { role: memcached, tags: ['memcached'] }
|
|
- { role: archweb, tags: ["archweb"] }
|
|
- role: security_tracker
|
|
security_tracker_domain: "security.archlinux.org"
|
|
security_tracker_nginx_conf: '/etc/nginx/nginx.d/security-tracker.conf'
|
|
security_tracker_dir: "/srv/http/security-tracker"
|
|
tags: ["security_tracker"]
|
|
- { role: flyspray, tags: ["flyspray"] }
|
|
- { role: mailman, mailman_domain: "lists.archlinux.org", tags: ["mailman"] }
|
|
- { role: patchwork, tags: ["patchwork"] }
|
|
- { role: kanboard, tags: ["kanboard"] }
|
|
- { role: zabbix-server, tags: ["zabbix", "zabbix-server"] }
|
|
- { role: grafana, tags: ["grafana"] }
|
|
- { role: archwiki, tags: ["archwiki"] }
|
|
- { role: conf.archlinux.org }
|
|
- { role: fail2ban, tags: ["fail2ban"] }
|