feat: remove nupes.social Mastodon (docker) instance
This commit is contained in:
VC
@@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Deploy docker
|
||||
hosts: dockerservers
|
||||
diff: true
|
||||
roles:
|
||||
- docker
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
|
||||
restic_aws_access_key_id: "SCWY2MFJSS6PFR6YB4SY"
|
||||
restic_aws_secret_access_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35613563303963353736346430666231303238666231376233306438313363366565303066376635
|
||||
6534353730303133336138373331313065623236656465380a313237393833316566626632646363
|
||||
65396438663739366136376433653530623932323538643338306630303363313333623930316635
|
||||
3438336539323036300a613735623730353864663038386635643731616361623366626634336130
|
||||
34636632653032313935613566363066656636316135636263393862623031363332636338633038
|
||||
6266303531303035663965356132376235343463643635363137
|
||||
restic_s3_url: "https://s3.pl-waw.scw.cloud/backup-nupes"
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
smtprelay_origin: "nupes.social"
|
||||
smtprelay_host: "smtp.tem.scw.cloud"
|
||||
smtprelay_port: 2465
|
||||
|
||||
smtprelay_login: "c558c549-147a-49c1-b19c-3a176b2d97f0"
|
||||
smtprelay_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34613163633334393736626235623434356236363430633038373362396537383862613364323236
|
||||
6331633866663337343064613262623536393739333761310a393866393535333663636435323566
|
||||
30666230633331643661393661393764376364666636623437356437353965656164356130343966
|
||||
6231633633336131350a326138366439353536336364303136343630323264336664333530306334
|
||||
38376366313834386664336461663633353530343662636135303236653430343033363738636565
|
||||
3135373930336366363238313962646331663538623464646630
|
||||
@@ -1,3 +0,0 @@
|
||||
---
|
||||
|
||||
scootaloo_min_refresh_interval: 15
|
||||
@@ -12,10 +12,6 @@ hypervisors:
|
||||
hosts:
|
||||
serenor.dmz.mateu.be:
|
||||
|
||||
scw_cloud:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
resticservers:
|
||||
hosts:
|
||||
muse-HP-EliteBook-820-G2.home.arpa:
|
||||
@@ -58,8 +54,6 @@ resticservers:
|
||||
- /srv
|
||||
- /etc
|
||||
- /var/lib/oolatoocs
|
||||
restic_backup_excluded_path:
|
||||
- /srv/docker/m.nintendojo.fr/public
|
||||
garage1.dmz.mateu.be:
|
||||
restic_backup_path:
|
||||
- /etc
|
||||
@@ -72,14 +66,6 @@ resticservers:
|
||||
- /mnt/tank/iocage
|
||||
restic_backup_hour: 6
|
||||
restic_backup_minute: 45
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
restic_backup_path:
|
||||
- /srv
|
||||
- /home
|
||||
- /etc
|
||||
- /usr/local
|
||||
restic_backup_excluded_path:
|
||||
- /srv/docker/nupes.social/public
|
||||
|
||||
garageservers:
|
||||
children:
|
||||
@@ -90,7 +76,6 @@ garageservers:
|
||||
elasticsearchservers:
|
||||
hosts:
|
||||
es1.dmz.mateu.be:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
nut:
|
||||
children:
|
||||
@@ -168,10 +153,6 @@ webservers:
|
||||
pt1.dmz.mateu.be:
|
||||
web_hostname:
|
||||
- p.nintendojo.fr
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
web_hostname:
|
||||
- nupes.social
|
||||
- medias.nupes.social
|
||||
|
||||
peertubeservers:
|
||||
hosts:
|
||||
@@ -185,10 +166,6 @@ phpservers:
|
||||
web[2:3].dmz.mateu.be:
|
||||
php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
|
||||
|
||||
dockerservers:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
mariadbservers:
|
||||
hosts:
|
||||
web[2:3].dmz.mateu.be:
|
||||
@@ -198,7 +175,6 @@ pgsqlservers:
|
||||
pt1.dmz.mateu.be:
|
||||
masto1.dmz.mateu.be:
|
||||
web1.dmz.mateu.be:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
mastodonservers:
|
||||
hosts:
|
||||
@@ -206,7 +182,6 @@ mastodonservers:
|
||||
|
||||
rorservers:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
masto1.dmz.mateu.be:
|
||||
|
||||
mailservers:
|
||||
@@ -241,29 +216,19 @@ muninservers:
|
||||
hosts:
|
||||
munin.dmz.mateu.be:
|
||||
|
||||
disabled_loadbalanced_webservers:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
disabled_munin:
|
||||
hosts:
|
||||
baybay-ponay.mateu.be:
|
||||
muse-HP-EliteBook-820-G2.home.arpa:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
frederica.dmz.mateu.be:
|
||||
|
||||
disabled_syslog:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
baybay-ponay.mateu.be:
|
||||
machinbox.mateu.be:
|
||||
muse-HP-EliteBook-820-G2.home.arpa:
|
||||
frederica.dmz.mateu.be:
|
||||
|
||||
fedinupesservers:
|
||||
hosts:
|
||||
20b4f083-4ef3-4a82-b15c-edbc31aa1731.pub.instances.scw.cloud:
|
||||
|
||||
ftpservers:
|
||||
hosts:
|
||||
ftp.dmz.mateu.be:
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Get docker repo key
|
||||
ansible.builtin.apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
state: present
|
||||
|
||||
- name: Install docker repo
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
|
||||
state: present
|
||||
|
||||
- name: Install docker, docker-compose and extra packages
|
||||
ansible.builtin.package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-compose
|
||||
- fuse-overlayfs
|
||||
|
||||
- name: Create docker directory
|
||||
ansible.builtin.file:
|
||||
path: /srv/docker
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
mode: 0755
|
||||
@@ -1,55 +0,0 @@
|
||||
proxy_cache_path /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g inactive=48h use_temp_path=off;
|
||||
|
||||
server {
|
||||
{% include './templates/header.conf.j2' %}
|
||||
root /srv/docker/nupes.social/public/system;
|
||||
|
||||
set $s3_backend 'https://nupes-medias.s3.nl-ams.scw.cloud';
|
||||
|
||||
keepalive_timeout 30;
|
||||
|
||||
location = / {
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri @s3;
|
||||
}
|
||||
|
||||
location @s3 {
|
||||
limit_except GET {
|
||||
deny all;
|
||||
}
|
||||
|
||||
resolver 9.9.9.9;
|
||||
proxy_set_header Host 'nupes-medias.s3.nl-ams.scw.cloud';
|
||||
proxy_set_header Connection '';
|
||||
proxy_set_header Authorization '';
|
||||
proxy_hide_header Set-Cookie;
|
||||
proxy_hide_header 'Access-Control-Allow-Origin';
|
||||
proxy_hide_header 'Access-Control-Allow-Methods';
|
||||
proxy_hide_header 'Access-Control-Allow-Headers';
|
||||
proxy_hide_header x-amz-id-2;
|
||||
proxy_hide_header x-amz-request-id;
|
||||
proxy_hide_header x-amz-meta-server-side-encryption;
|
||||
proxy_hide_header x-amz-server-side-encryption;
|
||||
proxy_hide_header x-amz-bucket-region;
|
||||
proxy_hide_header x-amzn-requestid;
|
||||
proxy_ignore_headers Set-Cookie;
|
||||
proxy_pass $s3_backend$uri;
|
||||
proxy_intercept_errors off;
|
||||
|
||||
proxy_cache s3_cache;
|
||||
proxy_cache_valid 200 304 48h;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_cache_revalidate on;
|
||||
|
||||
expires 1y;
|
||||
add_header Cache-Control public;
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
|
||||
}
|
||||
}
|
||||
@@ -1,61 +0,0 @@
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
{% include './templates/header.conf.j2' %}
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 0;
|
||||
large_client_header_buffers 4 32k;
|
||||
|
||||
# Referrer-Policy, même si Chrome ne comprendra pas
|
||||
add_header Referrer-Policy "same-origin";
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_pass http://localhost:3000;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location /api/v1/streaming {
|
||||
proxy_pass http://localhost:4000;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -98,14 +98,6 @@
|
||||
state: present
|
||||
key: "{{ lookup('file', 'ssh/work.id_rsa.pub') }}"
|
||||
|
||||
- name: Put ssh key stef
|
||||
ansible.posix.authorized_key:
|
||||
user: root
|
||||
state: present
|
||||
key: "{{ lookup('file', 'ssh/stefofficiel.id_rsa.pub') }}"
|
||||
path: "~/.ssh/instance_keys"
|
||||
when: inventory_hostname in groups['fedinupesservers']
|
||||
|
||||
- name: Put cron-apt configuration file
|
||||
ansible.builtin.copy:
|
||||
src: files/5-install
|
||||
|
||||
@@ -12,11 +12,6 @@
|
||||
- name: Oolatoocs for NintendojoFR
|
||||
ansible.builtin.include_tasks: oolatoocs.yml
|
||||
when: inventory_hostname in groups['mastodonservers']
|
||||
|
||||
# Scootaloo
|
||||
- name: Tootctl (docker) for mastodon
|
||||
ansible.builtin.include_tasks: tootctl_docker.yml
|
||||
when: inventory_hostname in groups['dockerservers']
|
||||
- name: Tootctl (no docker) for mastodon
|
||||
ansible.builtin.include_tasks: tootctl_nodocker.yml
|
||||
- name: Tootctl for mastodon
|
||||
ansible.builtin.include_tasks: tootctl.yml
|
||||
when: inventory_hostname in groups['mastodonservers']
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Cron for media tootctl
|
||||
ansible.builtin.cron:
|
||||
name: Mastodon tootctl
|
||||
minute: "0"
|
||||
hour: "2"
|
||||
job: "docker-compose -f /srv/docker/{{ web_hostname[0] }}/docker-compose.yml run --rm web bin/tootctl media remove"
|
||||
|
||||
- name: Cron for preview_cards tootctl
|
||||
ansible.builtin.cron:
|
||||
name: Mastodon tootctl preview
|
||||
minute: "30"
|
||||
hour: "2"
|
||||
job: "docker-compose -f /srv/docker/{{ web_hostname[0] }}/docker-compose.yml run --rm web bin/tootctl preview_cards remove"
|
||||
Reference in New Issue
Block a user