inventory & playbooks configuration

66f54f67 · bilalelhasnaoui · a47d7126 · 66f54f67 · 66f54f67 · 66f54f67
Commit 66f54f67 authored 1 year ago by bilalelhasnaoui
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -13,3 +13,5 @@ root_user:
  default_root_keys:
    - name: thomas-ed25519
      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrw78OSJACq5MFXHrhAr2bPpnTNxwLE85mzij8gKmCs thomas@thonkpad
+    - name: g7_key-ed25519
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFH+M4GLKYVf/hThCQ+DwJXYqEb7THVkfqqnVh32DAOI pifou@zabeth11
--- a/inventory.ini
+++ b/inventory.ini
 [all]
 # Replace this with your hostname and IP address
-your-db-host.local ansible_ssh_host="1.2.3.4"
-your-synapse-host.local ansible_ssh_host="5.6.7.8"
+172.26.145.114
+172.26.145.115

 [db]
-your-db-host.local ansible_ssh_host="1.2.3.4"
+172.26.145.114

 [synapse]
-your-synapse-host.local ansible_ssh_host="5.6.7.8"
+172.26.145.115
--- a/playbooks/nginx_install.yml
+++ b/playbooks/nginx_install.yml
+- hosts: all
+  tasks:
+    - name: ensure nginx is at the latest version
+      apt: name=nginx state=latest
+    - name: start nginx
+      service:
+          name: nginx
+          state: started
--- a/playbooks/postgreSQL.yml
+++ b/playbooks/postgreSQL.yml
+---
+- name: Deploy PostgreSQL for Synapse and Mastodon
+  hosts: db
+  become: true
+  vars:
+    postgres_user: "g7_user"
+    postgres_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37373966353338626633323534386166303737636437656538343565666466343235356335623433
+          3265323931383161383731643166363239313330616537370a366636373630656130356162356436
+          33303136373838636133313064326561613438353134396435393030373335663038366130663238
+          3463323232333365360a373761363962383065626533373933316166323439643266656132326331
+          3335
+    postgres_db: "g7_db"
+    postgres_netmask: "0.0.0.0/0"
+
+  tasks:
+    - name: Install PostgreSQL and Python3 psycopg2
+      apt:
+        name:
+          - postgresql
+          - python3-psycopg2
+        state: present
+
+    - name: Ensure PostgreSQL configuration allows connections from any IP address
+      community.postgresql.postgresql_pg_hba:
+        dest: /var/lib/postgres/data/pg_hba.conf
+        databases: all
+        users: all
+        address: "{{ postgres_netmask }}"
+        method: scram-sha-256
+      notify: Restart PostgreSQL
+      become: true
+
+    - name: Update PostgreSQL configuration to listen on all interfaces
+      lineinfile:
+        path: /etc/postgresql/15/main/postgresql.conf
+        regexp: '^#?listen_addresses\s*='
+        line: "listen_addresses '*'"
+      notify: Restart PostgreSQL
+      become: true
+
+    - name: Create PostgreSQL database user
+      community.postgresql.postgresql_user:
+        name: "{{ postgres_user }}"
+        password: "{{ postgres_password }}"
+        state: present
+      become: true
+
+    - name: Create PostgreSQL database
+      community.postgresql.postgresql_db:
+        name: "{{ postgres_db }}"
+        owner: "{{ postgres_user }}"
+        encoding: "UTF-8"
+        lc_collate: "C"
+        lc_ctype: "C"
+        state: present
+      #become: true
+      become_user: postgres
+      become: true
+  handlers:
+    - name: Restart PostgreSQL
+      systemd:
+        name: postgresql
+        state: restarted
--- a/playbooks/vars/vault_pass.txt
+++ b/playbooks/vars/vault_pass.txt
+glopglop
--- a/roles/posgresql/tasks/main.yml
+++ b/roles/posgresql/tasks/main.yml
+---
+- name: Ensure required packages are installed
+  apt:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - postgresql
+    - python3-psycopg2
+
+- name: Ensure PostgreSQL is running and enabled
+  service:
+    name: postgresql
+    state: started
+    enabled: yes
+
+- name: Allow connections to PostgreSQL from all IP addresses
+  become: yes
+  lineinfile:
+    path: /etc/postgresql/15/main/pg_hba.conf
+    line: "host    all             all             0.0.0.0/0            scram-sha-256"
+    insertafter: EOF
+
+- name: Update listen_addresses in postgresql.conf
+  become: yes
+  lineinfile:
+    path: /etc/postgresql/15/main/postgresql.conf
+    regexp: "^#?listen_addresses = 'localhost'"
+    line: "listen_addresses = '*'"
+
+- name: Restart PostgreSQL service to apply changes
+  become: yes
+  service:
+    name: postgresql
+    state: restarted
+
+- name: Create PostgreSQL user and database for Synapse
+  become: yes
+  postgresql_db:
+    name: synapse
+    encoding: UTF-8
+    lc_collate: C
+    lc_ctype: C
+  vars:
+    postgresql_user: synapse
+    postgresql_password: "{{ synapse_postgresql_password }}"
+    login_user: postgres
+    login_password: "{{ postgresql_postgres_password }}"
+    login_host: localhost
--- a/test
+++ b/test