change: add a site playbook to the project.

This merge request changes the project from a single role project to a
single playbook project with multiple plays and roles. The single
playbook has multiple plays with each having its own role to
install and configure the different components to run Pleroma.
(postgres database, pleroma backend and nginx).

Certain playbooks can be executed by specifying the
relevant tags.

This change is the first of many changes to start supporting
installations on both single and multiple hosts.

This change includes also includes:

- inventory file.
- host_vars directory for users to add their variables.
- an init playbook to merge the default and the user defined config for Pleroma.
- users can now specify whether to validate certs when performing acme
challenges (default: true).
- more task templating.

.gitignore

@@ -0,0 +1,2 @@
+host_vars/*
+!host_vars/.gitkeep

README.md

@@ -1,3 +1,3 @@
-# plemora-ansible-role
+# plemora-ansible-playbook
 
-This role installs and configures Pleroma, PostgreSQL and Nginx on a single instance with Alpine Linux.
+**Description:** This playbook installs and configures Pleroma, PostgreSQL and Nginx on a single Alpine Linux host.

hosts.yml

@@ -0,0 +1,12 @@
+---
+all:
+  children:
+    pleroma_database:
+      hosts:
+        pleroma:
+    pleroma_backend:
+      hosts:
+        pleroma:
+    pleroma_webserver:
+      hosts:
+        pleroma:

roles/init/defaults/main.yml

@@ -48,3 +48,4 @@ pleroma_defaults:
       acmeDirectory: "https://acme-v02.api.letsencrypt.org/directory"
       remainingDays: 10
       termsAgreed: no
+      validateCerts: true

roles/init/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Combining Pleroma config details
+  set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}"

roles/pleroma-backend/tasks/main.yml

@@ -37,13 +37,13 @@
 
 - name: Ensuring that the release build of pleroma is downloaded.
   get_url:
-    url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
-    dest: /tmp/pleroma.zip
+    url: "{{ pleroma_download_url }}"
+    dest: "{{ pleroma_download_dest }}"
 
 - name: Unzipping the release build of pleroma.
   unarchive:
     remote_src: yes
-    src: /tmp/pleroma.zip
+    src: "{{ pleroma_download_dest }}"
     dest: /tmp
     owner: "{{ pleroma_user.name }}"
     group: "{{ pleroma_user.group }}"
@@ -95,5 +95,5 @@
     path: "{{ item }}"
     state: absent
   loop:
-  - /tmp/pleroma.zip
+  - "{{ pleroma_download_dest }}"
   - /tmp/release

roles/pleroma-backend/vars/main.yml

@@ -0,0 +1,16 @@
+---
+pleroma_user:
+  group: pleroma
+  home: /opt/pleroma
+  id: 1200
+  name: pleroma
+  shell: /bin/false
+
+pleroma_config_dir: /etc/pleroma
+
+pleroma_base_data_dir: /var/lib/pleroma
+pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
+pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
+
+pleroma_download_url: https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64-musl
+pleroma_download_dest: /tmp/pleroma.zip

roles/pleroma-nginx/tasks/main.yml

@@ -140,6 +140,7 @@
     remaining_days: "{{ pleroma.ssl.letsEncrypt.remainingDays }}"
     select_crypto_backend: cryptography
     terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
+    validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
   register: acme_challenge
   when: pleroma.ssl.letsEncrypt.enable
 
@@ -162,6 +163,8 @@
     select_crypto_backend: cryptography
     terms_agreed: "{{ pleroma.ssl.letsEncrypt.termsAgreed }}"
     data: "{{ acme_challenge }}"
+    validate_certs: "{{ pleroma.ssl.letsEncrypt.validateCerts }}"
+  register: acme_challenge
   when: pleroma.ssl.letsEncrypt.enable
 
 - name: Nginx -- Updating file permissions of the SSL certificate.

roles/pleroma-nginx/vars/main.yml

@@ -1,21 +1,9 @@
 ---
-pleroma_user:
-  group: pleroma
-  home: /opt/pleroma
-  id: 1200
-  name: pleroma
-  shell: /bin/false
-
 pleroma_deps_nginx: nginx, py-cryptography
 
-pleroma_config_dir: /etc/pleroma
 pleroma_nginx_conf_dir: /etc/nginx/conf.d
 pleroma_nginx_conf_file: "{{ pleroma_nginx_conf_dir }}/pleroma.conf"
 
-pleroma_base_data_dir: /var/lib/pleroma
-pleroma_static_dir: "{{ pleroma_base_data_dir }}/static"
-pleroma_uploads_dir: "{{ pleroma_base_data_dir }}/uploads"
-
 pleroma_ssl_folder: /etc/ssl/pleroma
 pleroma_ssl_privateKeyPath: "{{ pleroma_ssl_folder }}/pleroma.key"
 pleroma_ssl_privateAcmeAccountKeyPath: "{{ pleroma_ssl_folder}}/acme_account.key"
@@ -24,9 +12,3 @@ pleroma_ssl_selfSignedCertPath: "{{ pleroma_ssl_folder }}/pleroma-self-signed.cr
 pleroma_ssl_fullChainCert: "{{ pleroma_ssl_folder }}/{{ pleroma.config.host }}-fullchain.pem"
 
 pleroma_letsEncrypt_baseDir: /var/lib/letsencrypt
-
-pleroma_postgres_log_dir: /var/log/postgresql
-pleroma_postgres_base_conf: /etc/postgresql
-pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d"
-pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d
-pleroma_postgres_unix_socket_dir: /var/run/postgresql

roles/pleroma-postgres/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Postgres -- Ensure that PostgreSQL is installed.
   apk:
-    name: postgresql, postgresql-contrib, py-psycopg2
+    name: "{{ pleroma_postgres_packages }}"
     state: present
 
 - name: Postgres -- Ensure that the database is initialised.

roles/pleroma-postgres/vars/main.yml

@@ -0,0 +1,7 @@
+---
+pleroma_postgres_packages: postgresql, postgresql-contrib, py-psycopg2
+pleroma_postgres_log_dir: /var/log/postgresql
+pleroma_postgres_base_conf: /etc/postgresql
+pleroma_postgres_confd: "{{ pleroma_postgres_base_conf }}/conf.d"
+pleroma_postgres_confd_symlink: /var/lib/postgresql/11/data/pg_conf.d
+pleroma_postgres_unix_socket_dir: /var/run/postgresql

site.yml

@@ -0,0 +1,34 @@
+---
+- name: Initialising the site playbook.
+  hosts: all
+  roles:
+  - init
+  tags:
+  - always
+
+- name: Installing and configuring PostgreSQL for Pleroma.
+  hosts: pleroma_database
+  become: yes
+  become_method: sudo
+  roles:
+  - pleroma-postgres
+  tags:
+  - pleroma-postgres
+
+- name: Installing and configuring the Pleroma backend.
+  hosts: pleroma_backend
+  become: yes
+  become_method: sudo
+  roles:
+  - pleroma-backend
+  tags:
+  - pleroma-be
+
+- name: Installing and configuring Nginx for Pleroma.
+  hosts: pleroma_webserver
+  become: yes
+  become_method: sudo
+  roles:
+  - pleroma-nginx
+  tags:
+  - pleroma-nginx

tasks/main.yml

@@ -1,32 +0,0 @@
----
-- name: Combining Pleroma config details
-  set_fact: pleroma="{{ pleroma_defaults | combine(pleroma, recursive=true) }}"
-  tags:
-  - always
-
-- name: Installing and configuring PostgreSQL.
-  include_tasks:
-    file: postgres.yml
-    apply:
-      tags:
-      - postgres
-  tags:
-  - postgres
-
-- name: Installing and configuring Pleroma.
-  include_tasks:
-    file: pleroma.yml
-    apply:
-      tags:
-      - pleroma
-  tags:
-  - pleroma
-
-- name: Installing and configuring Nginx.
-  include_tasks:
-    file: nginx.yml
-    apply:
-      tags:
-      - nginx
-  tags:
-  - nginx