mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-28 18:31:59 +02:00
8decc2e977
The former approach to export a maildir and iterate over it with a script broke when the mail server and the web server got on their own hosts. This will use IMAP IDLE to check for new mails and pass them instantly to the djange manage.py script without storing the mail locally.
41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
---
|
|
|
|
- name: "prepare postgres ssl hosts list"
|
|
hosts: archlinux.org
|
|
tasks:
|
|
- name: assign ipv4 addresses to fact postgres_ssl_hosts4
|
|
set_fact: postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
|
|
vars:
|
|
gemini4: "{{ hostvars['gemini.archlinux.org']['ipv4_address'] }}/32"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
|
|
tags: ["postgres", "firewall"]
|
|
- name: assign ipv6 addresses to fact postgres_ssl_hosts6
|
|
set_fact: postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
|
|
vars:
|
|
gemini6: "{{ hostvars['gemini.archlinux.org']['ipv6_address'] }}/128"
|
|
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
|
|
tags: ["postgres", "firewall"]
|
|
|
|
- name: setup archlinux.org
|
|
hosts: archlinux.org
|
|
remote_user: root
|
|
roles:
|
|
- { role: common }
|
|
- { role: tools }
|
|
- { role: sshd }
|
|
- { role: root_ssh }
|
|
- { role: borg_client, tags: ["borg"] }
|
|
- { role: certbot }
|
|
- { role: nginx }
|
|
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
|
|
- role: postgres
|
|
postgres_listen_addresses: "*"
|
|
postgres_ssl: 'on'
|
|
- { role: sudo }
|
|
- { role: uwsgi }
|
|
- { role: memcached }
|
|
- { role: fetchmail }
|
|
- { role: archweb, archweb_planet: true }
|
|
- { role: fail2ban }
|
|
- { role: prometheus_exporters }
|