Add playbook

templates/Caddyfile.j2

@@ -0,0 +1,66 @@
+# {{ ansible_managed }}
+
+(common) {
+  encode gzip
+  log {
+    output file /var/log/caddy/access.log {
+      roll_size 500mb
+      roll_keep 5
+    }
+    format filter {
+      wrap json
+      fields {
+        common_log delete
+        request>remote_addr ip_mask {
+          ipv4 24
+          ipv6 32
+        }
+      }
+    }
+  }
+}
+
+www.invidio.us {
+  import common
+  redir https://invidious.io{uri}
+}
+invidious.io {
+  import common
+  root * /var/www/invidious.io
+  file_server
+}
+git.invidious.io {
+  import common
+  redir https://github.com/iv-org/invidious
+}
+
+invidio.us {
+  import common
+  redir https://redirect.invidious.io{uri}
+  header /api* content-type "application/json"
+  respond /api* "{\"error\":\"This server no longer hosts the Invidious API.\"}" 410
+}
+redirect.invidious.io {
+  import common
+  reverse_proxy http://127.0.0.1:8080
+}
+
+instances.invidio.us {
+  import common
+  redir https://api.invidious.io{uri}
+}
+api.invidious.io {
+  import common
+  reverse_proxy http://127.0.0.1:3000
+  header /static* Cache-Control "max-age=86400"
+}
+
+uptime.invidio.us {
+  import common
+  redir https://uptime.invidious.io{uri}
+}
+
+docs.invidious.io {
+  import common
+  reverse_proxy http://127.0.0.1:3001
+}

templates/authorized_keys.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfkXt+RnduQ6CKIuoe0GbLZM76O/lyWippAisuv0Qlk perflyst
+# TODO: thefrenchghosty creates new keys

templates/docker-compose-wikijs.yml

@@ -0,0 +1,32 @@
+version: "3"
+services:
+
+  db:
+    image: docker.io/postgres:11-alpine
+    environment:
+      POSTGRES_DB: wikijs
+      POSTGRES_PASSWORD: "{{ vault_wikijs_db_password }}"
+      POSTGRES_USER: wikijs
+    logging:
+      driver: "none"
+    restart: unless-stopped
+    volumes:
+      - db-data:/var/lib/postgresql/data
+
+  wiki:
+    image: requarks/wiki:2.5
+    depends_on:
+      - db
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: db
+      DB_PORT: 5432
+      DB_USER: wikijs
+      DB_PASS: "{{ vault_wikijs_db_password }}"
+      DB_NAME: wikijs
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:3001:3000"
+
+volumes:
+  db-data:

templates/sshd_config.j2

@@ -0,0 +1,27 @@
+Protocol 2
+Port {{ ansible_port }}
+ListenAddress {{ ansible_default_ipv4.address }}
+ListenAddress {{ ansible_default_ipv6.address }}
+
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+PermitRootLogin without-password
+StrictModes yes
+MaxAuthTries 2
+AllowUsers root
+
+PubkeyAuthentication yes
+AuthenticationMethods publickey
+AuthorizedKeysFile     .ssh/authorized_keys
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+IgnoreRhosts yes
+UsePAM yes
+ChallengeResponseAuthentication no
+PrintMotd no
+X11Forwarding no
+AllowTcpForwarding no
+
+Subsystem sftp /usr/lib/openssh/sftp-server