fix details

playbook has now run on real hardware
2023-09-10 19:25:29 -04:00 · 2023-09-10 19:25:29 -04:00 · b7013cc53a
commit b7013cc53a
parent 2d7b6c649b
9 changed files with 79 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -4,7 +4,8 @@
    - sshpass
    - python-passlib
 - Copy `inventory.example.yml` to `inventory.yml`, modifying fields as adequate.
- Look at `group_vars/all/vars.yml`, and set needed settings in `host_vars/<hostname>/vars.yml`, or `group_vars/all/overlay.yml`.
+- Look at `group_vars/all/50-vars.yml`, and set needed settings in `host_vars/<hostname>/vars.yml`, or `group_vars/all/90-overlay.yml`.
+    (Files in group vars with a larger number have more precedence.)
 - Look at the following roles, and for each of them override their `defaults/vars.yml` in host or group vars:
    - `networking/connection`
    - `networking/nameserver`
@ -16,10 +17,10 @@
    - `website`
 - Create vault for secrets:
    ```
-    ansible-vault create group_vars/all/vault.yml
-    ansible-vault edit group_vars/all/vault.yml
+    ansible-vault create group_vars/all/80-vault.yml
+    ansible-vault edit group_vars/all/80-vault.yml
    ```
-    Copy-paste `group_vars/all/secret_template.yml` into this vault,
+    Copy-paste `group_vars/all/00-secret_template.yml` into this vault,
    and modify as needed.

 - Add secret files:
--- a/group_vars/all/00-secret_template.yml
+++ b/group_vars/all/00-secret_template.yml
--- a/group_vars/all/50-vars.yml
+++ b/group_vars/all/50-vars.yml
@ -28,6 +28,9 @@ enable_ddclient: false
 domain: null
 # domain: dogeystamp.com

+# local dns forwards here
+dns_forward: 1.1.1.1
+
 # clone dotfiles and stuff
 enable_dotfiles: yes

--- a/group_vars/all/80-vault.yml
+++ b/group_vars/all/80-vault.yml
@ -0,0 +1,41 @@
+$ANSIBLE_VAULT;1.1;AES256
+35616338616665663563373936313531623038333036653332346565656239346635313864623330
+6435343135643862336330613165626530353065646433360a343266303439353135663364633638
+64396462353039316230643733653764366338653036663830373263316366626165313966363935
+3066653364373339320a393164386636373036613362396131373338326131306266326465326639
+36373532373038343732373534376363366437613962616232323430633262356631353263373061
+31346366313132313265323635313434346333633664346136393531356431393862613838363465
+30623165663066363061623463376632666637326135633035353961363961383537623936653534
+32646363346338623037643864313239303663376530383261383833623839356262643435316565
+37333263396361383334636134313164633739346138373530353566363963343263333333386335
+65633264616432303466373937303961383361386663393133313432653331363938646236343233
+64613838633032636466396239386465393664373261313237616563633161386336366635376366
+30376434323763343338396631373333636135383962306464303763393139623465613863363738
+34303066363039653238303161303237333139356665383365646431643163656430313939333730
+63666261643761376138336163346265343236353862373231306139393135313932616339616565
+65356638636563653461343862646130316638373462303462346664303262303064663835336634
+39623736623239623232383134373565323933366137633035666234633730633131326535313463
+39303432666330643438633336616432373461656463343335363935396637316632383465333634
+63363839333562666131376365353961303565353537346566363135333035653065636634313238
+63316635363039326130396266363264333536313033333965393164373465623036393236653464
+36336134613038626431326530666662646539653130636564636464636363636538653138663165
+31646163633633353264393861643563353764633232313631666231336662303866393961376630
+36623332323132616466663530336665656337333934653634323330626635636233656132656334
+61363730633733623832653066636432663063643164623761393830316533626530376233343630
+63343163653563373362623835653432376566636464303432666537643461343565306139613037
+37666165306561636536663166653264613738343763393763666263353837373861323133613236
+66623531363461633233623536316331653631303232633066663434343733373236303931313136
+36333233613332633239653261393038393634663933346232323165323236643564333461306663
+39396630616531306336363533333730653461653362643134306434303632343638306166633337
+33666236386335386236643461353962643039316162303766636166396336633831643863636538
+39623365643462336535343030383634346430386533613163306164353963643263363832626634
+31393936323534333561393263653735386139663566386461663864366263613264386539353231
+61386631343664376439356239373264366339353237333862393138326136653062363932663261
+36396633316438363866643636303137373639643830356639336264353237373736373438646465
+64666263393165363439613837363738303366653334343166336333613733623533393235336336
+34323131656634646139303130333137613439383863626630316266353166633436373861353339
+36613634663661333931316235623263643261656539626435623831613235346336663833323434
+63343166326139646266373530633161643434353435346235613131663938383732313762393737
+66656362306630653630316432656365633364366232313131656231373565623366363538653138
+32393464656133616637643537653463373865363937333965643832666437326661363232336331
+35623263396262373637
--- a/group_vars/all/90-overlay.yml
+++ b/group_vars/all/90-overlay.yml
@ -0,0 +1,3 @@
+domain: dogeystamp.com
+dyndns_domain: d.nerdpol.ovh
+email: dogeystamp@disroot.org
--- a/roles/caddy/templates/Caddyfile.j2
+++ b/roles/caddy/templates/Caddyfile.j2
@ -4,27 +4,33 @@
 	{% endif %}
 }

+{% if dyndns_domain != domain %}
+{{ dyndns_domain }} {
+	redir https://www.{{ domain }} 302
+}
+{% endif %}
+
 {% if "website" in group_names %}
-http://www.{{ domain }} {
+www.{{ domain }} {
 	root * {{ website_path }}
 	file_server
 }
 {% endif %}

 {% if groups["gitea"] | length > 0 %}
-http://{{ gitea_domain }} {
+{{ gitea_domain }} {
 	reverse_proxy {{ groups["gitea"][0] }}:3000
 }
 {% endif %}

 {% if groups["navidrome"] | length > 0 %}
-http://{{ navidrome_domain }} {
+{{ navidrome_domain }} {
 	reverse_proxy {{ groups["navidrome"][0] }}:4533
 }
 {% endif %}

 {% if groups["synapse"] | length > 0 %}
-http://{{ matrix_domain }} {
+{{ matrix_domain }} {
 	reverse_proxy /_matrix/* {{ groups["synapse"][0] }}:8008
 	reverse_proxy /_synapse/client/* {{ groups["synapse"][0] }}:8008
 }
--- a/roles/containers/templates/docker-compose.yml.j2
+++ b/roles/containers/templates/docker-compose.yml.j2
@ -15,6 +15,7 @@ services:
    container_name: gitea
    image: gitea/gitea:latest
    environment:
+      - USER=gitea
      - USER_UID={{ user_gitea.uid }}
      - USER_GID={{ user_gitea.group }}
      - GITEA__service__DISABLE_REGISTRATION=true
--- a/roles/networking/nameserver/tasks/main.yml
+++ b/roles/networking/nameserver/tasks/main.yml
@ -12,7 +12,7 @@
 - name: Add nameserver zone
  template:
    src: local_zone.j2
-    dest: "/var/named/{{ domain }}"
+    dest: "/var/named/{{ dyndns_domain }}"
  notify: Restart nameserver

 - name: Enable nameserver
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@ -16,6 +16,21 @@
    - "{{ dataroot }}/synapse/data"
    - "{{ dataroot }}/synapse/media_store"

+- name: Ensure that form secret exists
+  fail:
+    msg: Missing form_secret; have you configured vault.yml?
+  when: form_secret == ""
+
+- name: Ensure that macaroon secret exists
+  fail:
+    msg: Missing macaroon_secret; have you configured vault.yml?
+  when: form_secret == ""
+
+- name: Ensure that registration secret exists
+  fail:
+    msg: Missing registration_secret; have you configured vault.yml?
+  when: registration_shared_secret == ""
+
 - name: Deploy Synapse config
  template:
    src: homeserver.yaml.j2