Apply fixes after testing

group_vars/shared/vault.yml

@@ -1,12 +1,12 @@
 $ANSIBLE_VAULT;1.1;AES256
-62653230353438653231623538326333343234663838366336626462383666323665396663666630
+32316365373632626334633238386337656537366164343739323236316630383366343532663839
-3861613861386231323435663864386238613738623232620a323466353761306263373934373137
+6231303563643932656238636633303233613930623864350a393861343666613136623634613530
-61363561353765633763316438393833343333643338623136343561626633353262306261333730
+35313232333735393361396565386263633966643532663334366464613637303263303336303831
-3564306233363730330a376165343466303362376464613534323235316138656362656332313134
+6463386263343565320a323232613765646162343936363531323732623363316364626364343738
-34363132303331613162306665313538323362626339623631393530613135646563326163346237
+64386562333539303734663366643865663561663138313039373163333836343566623961383832
-30343432373530386237633263356561363530663339376261303030353735666138313462323333
+64303437303837653939333338323737626430656265333333366163396265316536353833316330
-33393538623632366330303630613132336130366635616665306563643665346264643163633563
+36346465663830656661363735303636656136616332336565616335393061393834306533613933
-33643962393434346534633930626137373564396465323761643261393433303363396163623563
+37613863643331333064333262333937653332643462313630346165373066323634356239323538
-39333930633863356236653063303762363538653739623330656537343364656538613762623162
+39366666323831303366356566346665613532623862653464616630393262626561306165613732
-31373638643434636331613634356237656338386639363061626231616235343833633433383566
+65623665376435346432366239666138616631653733363934613239633739643733306562343261
-363733393837396133373032343464333866
+326135306430666637663638353831366637

inventory.ini

@@ -1,21 +1,21 @@
 [app_prod]
 sapt-labp-app01
 
-[mda_prod]
-sapt-labp-mda01
-
 [db_prod]
 sapt-labp-db01
 
+# [mda_prod]
+# sapt-labp-mda01
+
 [app_stage]
 sapt-labs-app01
 
-[mda_stage]
-sapt-labs-mda01
-
 [db_stage]
 sapt-labs-db01
 
+# [mda_stage]
+# sapt-labs-mda01
+
 [proxy_shrd]
 sapt-labr-prx01
 
@@ -31,10 +31,12 @@ sapt-labx-ctl01
 [production:children]
 app_prod
 db_prod
+# mda_prod
 
 [staging:children]
 app_stage
 db_stage
+# mda_stage
 
 [shared:children]
 proxy_shrd
@@ -44,9 +46,9 @@ monitor_shrd
 app_prod
 app_stage
 
-[mediaservers:children]
+#[mediaservers:children]
-mda_prod
+#mda_prod
-mda_stage
+#mda_stage
 
 [dbservers:children]
 db_prod

play.sh

@@ -16,8 +16,8 @@ esac
 export HOSTS
 export ROLES
 
-PLAYBOOK="play-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml"
+PLAYBOOK="playbook-$(tr -dc A-Za-z < /dev/urandom | head -c 10).yml"
-envsubst < playbook_template.yml > "$PLAYBOOK"
+envsubst < site.yml > "$PLAYBOOK"
 ansible-playbook "$PLAYBOOK"
 STATUS=$?
 

playbook_template.yml

@@ -1,8 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- name: Run play
-  hosts: ${HOSTS}
-  remote_user: ansible
-  become: true
-  roles: ${ROLES}

roles/proxy/defaults/main.yml

@@ -12,9 +12,9 @@ proxy_trusted_subnets:
 proxy_vars:
   production:
     app01: "{{ hostvars['sapt-labp-app01'] }}"
-    mda01: "{{ hostvars['sapt-labp-mda01'] }}"
+    # mda01: "{{ hostvars['sapt-labp-mda01'] }}"
   staging:
     app01: "{{ hostvars['sapt-labs-app01'] }}"
-    mda01: "{{ hostvars['sapt-labs-mda01'] }}"
+    # mda01: "{{ hostvars['sapt-labs-mda01'] }}"
   shared:
     mon01: "{{ hostvars['sapt-labr-mon01'] }}"

roles/proxy/handlers/main.yml

@@ -5,4 +5,3 @@
   ansible.builtin.command:
     cmd: docker compose build
     chdir: "{{ proxy_data_root }}"
-  warn: false

roles/proxy/templates/caddy/Caddyfile.j2

@@ -8,7 +8,7 @@
 {% for env in ['production', 'staging'] %}
 # Environment: {{ env }}
 
-{{ proxy_vars[env].app01.apps_vars.ipfs.domain }} {
+ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}
     }
@@ -29,9 +29,9 @@
     respond 403
 }
 
-{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
+ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
-*.ipfs.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }},
+*.ipfs.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
-*.ipns.{{ proxy_vars[env].app01.apps_vars.ipfs.gateway_domain }} {
+*.ipns.ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}
     }
@@ -44,7 +44,7 @@
     reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
 }
 
-{{ proxy_vars[env].app01.apps_vars.monerod.domain }} {
+xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}
     }
@@ -65,7 +65,7 @@
     respond 403
 }
 
-{{ proxy_vars[env].app01.apps_vars.nextcloud.domain }} {
+cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
     tls {{ tls_email }}
 
     header {

site.yml

@@ -1,56 +1,8 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-# - name: Control servers
+- name: Run play
-#   hosts: control_infra
+  hosts: ${HOSTS}
-#   remote_user: root
-#   roles:
-#     - ctl-common
-
-- name: Base configuration
-  hosts: virtualservers
   remote_user: ansible
   become: true
-  roles:
+  roles: ${ROLES}
-    - virt-common
-
-- name: Docker hosts
-  hosts: appservers:proxyservers:monitorservers
-  become: true
-  roles:
-    - docker
-
-- name: Application servers
-  hosts: appservers
-  remote_user: ansible
-  become: true
-  roles:
-    - apps
-
-# - name: Media servers
-#   hosts: mediaservers
-#   remote_user: ansible
-#   become: true
-#   roles:
-#     - jellyfin
-
-- name: Database servers
-  hosts: dbservers
-  remote_user: ansible
-  become: true
-  roles:
-    - postgresql
-
-# - name: Monitoring servers
-#   hosts: monitorservers
-#   remote_user: ansible
-#   become: true
-#   roles:
-#     - monitoring
-
-- name: Proxy servers
-  hosts: proxyservers
-  remote_user: ansible
-  become: true
-  roles:
-    - proxy