diff --git a/README.md b/README.md index 61e4e2f..bb4b469 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ - sshpass - python-passlib - Copy `inventory.example.yml` to `inventory.yml`, modifying fields as adequate. -- Look at `group_vars/all/vars.yml`, and set needed settings in `host_vars//vars.yml`, or `group_vars/all/overlay.yml`. +- Look at `group_vars/all/50-vars.yml`, and set needed settings in `host_vars//vars.yml`, or `group_vars/all/90-overlay.yml`. + (Files in group vars with a larger number have more precedence.) - Look at the following roles, and for each of them override their `defaults/vars.yml` in host or group vars: - `networking/connection` - `networking/nameserver` @@ -16,10 +17,10 @@ - `website` - Create vault for secrets: ``` - ansible-vault create group_vars/all/vault.yml - ansible-vault edit group_vars/all/vault.yml + ansible-vault create group_vars/all/80-vault.yml + ansible-vault edit group_vars/all/80-vault.yml ``` - Copy-paste `group_vars/all/secret_template.yml` into this vault, + Copy-paste `group_vars/all/00-secret_template.yml` into this vault, and modify as needed. - Add secret files: diff --git a/group_vars/all/secret_template.yml b/group_vars/all/00-secret_template.yml similarity index 100% rename from group_vars/all/secret_template.yml rename to group_vars/all/00-secret_template.yml diff --git a/group_vars/all/vars.yml b/group_vars/all/50-vars.yml similarity index 95% rename from group_vars/all/vars.yml rename to group_vars/all/50-vars.yml index 6b52596..d8f3818 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/50-vars.yml @@ -28,6 +28,9 @@ enable_ddclient: false domain: null # domain: dogeystamp.com +# local dns forwards here +dns_forward: 1.1.1.1 + # clone dotfiles and stuff enable_dotfiles: yes diff --git a/group_vars/all/80-vault.yml b/group_vars/all/80-vault.yml new file mode 100644 index 0000000..e0fb7d1 --- /dev/null +++ b/group_vars/all/80-vault.yml @@ -0,0 +1,41 @@ +$ANSIBLE_VAULT;1.1;AES256 +35616338616665663563373936313531623038333036653332346565656239346635313864623330 +6435343135643862336330613165626530353065646433360a343266303439353135663364633638 +64396462353039316230643733653764366338653036663830373263316366626165313966363935 +3066653364373339320a393164386636373036613362396131373338326131306266326465326639 +36373532373038343732373534376363366437613962616232323430633262356631353263373061 +31346366313132313265323635313434346333633664346136393531356431393862613838363465 +30623165663066363061623463376632666637326135633035353961363961383537623936653534 +32646363346338623037643864313239303663376530383261383833623839356262643435316565 +37333263396361383334636134313164633739346138373530353566363963343263333333386335 +65633264616432303466373937303961383361386663393133313432653331363938646236343233 +64613838633032636466396239386465393664373261313237616563633161386336366635376366 +30376434323763343338396631373333636135383962306464303763393139623465613863363738 +34303066363039653238303161303237333139356665383365646431643163656430313939333730 +63666261643761376138336163346265343236353862373231306139393135313932616339616565 +65356638636563653461343862646130316638373462303462346664303262303064663835336634 +39623736623239623232383134373565323933366137633035666234633730633131326535313463 +39303432666330643438633336616432373461656463343335363935396637316632383465333634 +63363839333562666131376365353961303565353537346566363135333035653065636634313238 +63316635363039326130396266363264333536313033333965393164373465623036393236653464 +36336134613038626431326530666662646539653130636564636464636363636538653138663165 +31646163633633353264393861643563353764633232313631666231336662303866393961376630 +36623332323132616466663530336665656337333934653634323330626635636233656132656334 +61363730633733623832653066636432663063643164623761393830316533626530376233343630 +63343163653563373362623835653432376566636464303432666537643461343565306139613037 +37666165306561636536663166653264613738343763393763666263353837373861323133613236 +66623531363461633233623536316331653631303232633066663434343733373236303931313136 +36333233613332633239653261393038393634663933346232323165323236643564333461306663 +39396630616531306336363533333730653461653362643134306434303632343638306166633337 +33666236386335386236643461353962643039316162303766636166396336633831643863636538 +39623365643462336535343030383634346430386533613163306164353963643263363832626634 +31393936323534333561393263653735386139663566386461663864366263613264386539353231 +61386631343664376439356239373264366339353237333862393138326136653062363932663261 +36396633316438363866643636303137373639643830356639336264353237373736373438646465 +64666263393165363439613837363738303366653334343166336333613733623533393235336336 +34323131656634646139303130333137613439383863626630316266353166633436373861353339 +36613634663661333931316235623263643261656539626435623831613235346336663833323434 +63343166326139646266373530633161643434353435346235613131663938383732313762393737 +66656362306630653630316432656365633364366232313131656231373565623366363538653138 +32393464656133616637643537653463373865363937333965643832666437326661363232336331 +35623263396262373637 diff --git a/group_vars/all/90-overlay.yml b/group_vars/all/90-overlay.yml new file mode 100644 index 0000000..ee8e04a --- /dev/null +++ b/group_vars/all/90-overlay.yml @@ -0,0 +1,3 @@ +domain: dogeystamp.com +dyndns_domain: d.nerdpol.ovh +email: dogeystamp@disroot.org diff --git a/roles/caddy/templates/Caddyfile.j2 b/roles/caddy/templates/Caddyfile.j2 index d33f2bc..aa8888e 100644 --- a/roles/caddy/templates/Caddyfile.j2 +++ b/roles/caddy/templates/Caddyfile.j2 @@ -4,27 +4,33 @@ {% endif %} } +{% if dyndns_domain != domain %} +{{ dyndns_domain }} { + redir https://www.{{ domain }} 302 +} +{% endif %} + {% if "website" in group_names %} -http://www.{{ domain }} { +www.{{ domain }} { root * {{ website_path }} file_server } {% endif %} {% if groups["gitea"] | length > 0 %} -http://{{ gitea_domain }} { +{{ gitea_domain }} { reverse_proxy {{ groups["gitea"][0] }}:3000 } {% endif %} {% if groups["navidrome"] | length > 0 %} -http://{{ navidrome_domain }} { +{{ navidrome_domain }} { reverse_proxy {{ groups["navidrome"][0] }}:4533 } {% endif %} {% if groups["synapse"] | length > 0 %} -http://{{ matrix_domain }} { +{{ matrix_domain }} { reverse_proxy /_matrix/* {{ groups["synapse"][0] }}:8008 reverse_proxy /_synapse/client/* {{ groups["synapse"][0] }}:8008 } diff --git a/roles/containers/templates/docker-compose.yml.j2 b/roles/containers/templates/docker-compose.yml.j2 index 561084b..caa3d57 100644 --- a/roles/containers/templates/docker-compose.yml.j2 +++ b/roles/containers/templates/docker-compose.yml.j2 @@ -15,6 +15,7 @@ services: container_name: gitea image: gitea/gitea:latest environment: + - USER=gitea - USER_UID={{ user_gitea.uid }} - USER_GID={{ user_gitea.group }} - GITEA__service__DISABLE_REGISTRATION=true diff --git a/roles/networking/nameserver/tasks/main.yml b/roles/networking/nameserver/tasks/main.yml index dcad5ee..b81da3b 100644 --- a/roles/networking/nameserver/tasks/main.yml +++ b/roles/networking/nameserver/tasks/main.yml @@ -12,7 +12,7 @@ - name: Add nameserver zone template: src: local_zone.j2 - dest: "/var/named/{{ domain }}" + dest: "/var/named/{{ dyndns_domain }}" notify: Restart nameserver - name: Enable nameserver diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml index dfa025c..48e65ce 100644 --- a/roles/synapse/tasks/main.yml +++ b/roles/synapse/tasks/main.yml @@ -16,6 +16,21 @@ - "{{ dataroot }}/synapse/data" - "{{ dataroot }}/synapse/media_store" +- name: Ensure that form secret exists + fail: + msg: Missing form_secret; have you configured vault.yml? + when: form_secret == "" + +- name: Ensure that macaroon secret exists + fail: + msg: Missing macaroon_secret; have you configured vault.yml? + when: form_secret == "" + +- name: Ensure that registration secret exists + fail: + msg: Missing registration_secret; have you configured vault.yml? + when: registration_shared_secret == "" + - name: Deploy Synapse config template: src: homeserver.yaml.j2