optimisation

group_vars/server

@@ -94,6 +94,7 @@ Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
 Gandi_Domain: "{{ domain.name }}"
 Gandi_Record: www
 
+certbot_force: false
 certbot_auto_renew_user: root
 certbot_create_if_missing: true
 certbot_cert_name: "{{domain.name}}"
@@ -248,6 +249,7 @@ mysql_users:
 ttrss_db_password: "{{ vault_mysql_ttrss }}"
 ttrss_log_destination: ""
 ttrss_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/ttrss.sql
+ttrss_url_path: "https://www.{{domain.name}}/tt-rss"
 
 bind_listen_ipv4: ['any']
 bind_allow_query: ['any']
@@ -270,11 +272,16 @@ gitea_db_host: localhost:3306
 gitea_db_name: gitea
 gitea_db_user: gitea
 gitea_db_password: "{{ vault_mysql_gitea }}"
-gitea_ssh_domain: "{{ansible_hostname}}"
+gitea_ssh_domain: git."{{ domain.name }}"
 gitea_start_ssh: false
 gitea_ssh_port: 22
 gitea_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/gitea.sql
+gitea_http_domain: git.{{domain.name}}
+gitea_root_url: https://git.{{domain.name}}
 
 supysonic_db_password: "{{ vault_mysql_supysonic }}"
+supysonic_SQl_target_file: /mnt/diskstation/git/backup/mysql/last/supysonic.sql
 supysonic_force_site_update: true
-docker_users: "{{user.name}}" 
+docker_users: "{{user.name}}" 
+
+

host_vars/nas

@@ -1,56 +1,57 @@
 ##ansible_python_interpreter: /usr/bin/python2
 ##music_directory: '/mnt/diskstation/music'
-ttrss_url_path: http://nas/tt-rss/
-
 system_upgrade: true
-
+#ttrss_url_path: http://nas/tt-rss/
-gitea_http_domain: nas
+#
-gitea_root_url: http://nas:3000
+#system_upgrade: true
-
+#
-chainetv_repo_branch: master
+#gitea_http_domain: nas
-
+#gitea_root_url: http://nas:3000
-certbot_create_if_missing: false
+#
-
+#chainetv_repo_branch: master
-nginx_vhosts:
+#
-    - listen: "80"
+#certbot_create_if_missing: false
-      server_name: "_"
+#
-      filename: "default.conf"
+#nginx_vhosts:
-      state: "present"
+#    - listen: "80"
-      template: "{{ nginx_vhost_template }}"
+#      server_name: "_"
-      extra_parameters: |
+#      filename: "default.conf"
-        error_page   500 502 503 504  /50x.html;
+#      state: "present"
-        location = /50x.html {
+#      template: "{{ nginx_vhost_template }}"
-            root   /usr/share/nginx/html;
+#      extra_parameters: |
-        }
+#        error_page   500 502 503 504  /50x.html;
-        location / {
+#        location = /50x.html {
-           rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect;
+#            root   /usr/share/nginx/html;
-           rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect;
+#        }
-           index index.php index.html index.htm ;
+#        location / {
-           default_type text/html;
+#           rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect;
-
+#           rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect;
-
+#           index index.php index.html index.htm ;
-        }
+#           default_type text/html;
-        location =/ {
+#
-             rewrite ^ /starter;
+#
-        }
+#        }
-        location /radicale/ 
+#        location =/ {
-        { 
+#             rewrite ^ /starter;
-            # The trailing / is important!
+#        }
-            proxy_pass        http://localhost:5232/; # The / is important!
+#        location /radicale/ 
-            proxy_set_header  X-Script-Name /radicale;
+#        { 
-            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+#            # The trailing / is important!
-            proxy_pass_header Authorization;
+#            proxy_pass        http://localhost:5232/; # The / is important!
-        }
+#            proxy_set_header  X-Script-Name /radicale;
-
+#            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-
+#            proxy_pass_header Authorization;
-        location ~ \.php$ {
+#        }
-           # try_files $uri =404;
+#
-            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+#
-            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+#        location ~ \.php$ {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+#           # try_files $uri =404;
-            fastcgi_read_timeout 800;
+#            fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_index index.php;
+#            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
-            include fastcgi_params;
+#            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        }
+#            fastcgi_read_timeout 800;
-        include /etc/nginx/conf.d/*.default;
+#            fastcgi_index index.php;
-   
+#            include fastcgi_params;
+#        }
+#        include /etc/nginx/conf.d/*.default;
+#   

server.yml

@@ -15,8 +15,8 @@
   - gandi-dyn-dns
   - fail2ban
   - {role: dns , become: yes }
-  - {role: nginx, become: yes }  
   - {role: ansible-role-certbot, become: yes} ##need to have a external connection on 80
+  - {role: nginx, become: yes }  
   - {role: mariadb, become: yes }
   - {role: radicale , become: yes }
   - cloud-commander