forked from data.coop/ansible
Merge branch 'master' into mailman
This commit is contained in:
commit
92f8d4b0c4
|
@ -1,54 +1,73 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
62313439613039363637356330653731356138373839373435306535656137646266633764393537
|
34376131343263336262656463373830643861336631626539643663333239313831626236306530
|
||||||
3737663637343865303232643632613934313137613536640a633634356338353764366365626266
|
3335623130653432636133356363656465346366303062370a346130326536366638633536613161
|
||||||
66323064346539663435646265346665616465353363623732303563303838356364643734393231
|
62623334363537636634373231353564396362343330623562383939373538633066616565306235
|
||||||
3161633362383363390a376530393463643838303238386139313661366335386439373734333835
|
3332323863353334640a396462313862366362366535383737376333383361303065383937396530
|
||||||
63323034303732386430313265306465636630356330303431663761363461623530643933393831
|
38326331396333396263363762346331356431623532343938613834663830393337646666336435
|
||||||
62666438316266396432353663633331343137643265333966636436373730343938623732653030
|
66356439333434356165613030306138666163653934386233663362646534303737323030636234
|
||||||
62383536373139366239363535353463643961313839376436663830613738303262646639396131
|
31616132613830363136666639386462363135656432373236393034316664363637663336366435
|
||||||
66656532616231636537623162373965356537336436613130366464393461343730646664356466
|
64373238633064623735666335636231656231666434383066313336303137333663333031363638
|
||||||
38313439373332306265643039666532363863333364666233333861363832316637383432343464
|
31643733336535383338376631656439633962653262356335383638373764353530643234303935
|
||||||
64366536613364363265333938643438313837643936323536636335613064623639393437303466
|
62383930393634613530643739643335616164633038326638356135623561326165376530363461
|
||||||
31333539373130376230323964636335393166306662626131636462656632623635393036663437
|
37373032393331653261373538633065333662393366666161396638383932393331623766343035
|
||||||
37333735616665383431623266393365613433323335313161316161373637616563626637333861
|
30333335663039323931306162313538373334393335306132626336643363323839633761383063
|
||||||
37326532303638653139383639383166323361363334306361663261366661613038633464323337
|
35343632363837383132656437303138303764316439343663303964396463363638336533653930
|
||||||
31393538653830333865373064383837626261663163623664653938303230616334363861346132
|
39303236353766373131623363653835666439333164366563346164626464633633363163323864
|
||||||
63353036313164313265313134633861633937323335303830336232363939613635303764313063
|
65363961393237666433623565343832306663323862666333343665376135646132363466616364
|
||||||
33666161356366636139633138653736333662303364333838663033633163613136616639376532
|
62356331666432336661343762333961333634396466333465633164326239386266643230393566
|
||||||
31373131326264383666326566303930636166653463313630376235663638663937663765306439
|
36376461373631636630303861313538333834646461663539623738636636626537656438646431
|
||||||
31663039323663633735326266393263633937373339383537623835306431333636316664303864
|
38383436393238363038313563633634396335346138626666366437333433383039363332623639
|
||||||
63653564313339376135303237626366666164623738626439613562616338663539393635396437
|
31396165346431333838393164616339656634346561313737306562343562323030613266633263
|
||||||
30333036353035613131613034666262346233336563343531633033343163326264326563643235
|
61333263653938653034356631333664323630306461346532626533363665363133376232316132
|
||||||
62663538623532333432656435306462663362353630346133373262633630306262626362653733
|
61346431383230656134373630653264363430383561313866363235333435633966386266653964
|
||||||
65363031346339393632396664363362346236373035376632663466343034376566666563353231
|
33363534343634343232373036633330613038303437333033313061313932373739343663303931
|
||||||
36623538303262323265616237326630666662646634383962656533636165326665316366643231
|
34333833386638353436653831623835323032303134366635613735643662636336616464313330
|
||||||
39303465313135616238653664366637356361393165356430636137366236643938316430613838
|
36633335613630663233326166633565386238656236633261396235363165656333333235643137
|
||||||
65353331636564373136393930303537386335653766363632646433353962613033656434313063
|
32623461663562313533333835396233383330613661646431646365343430626662326638653330
|
||||||
35653365366332316434373665316230646665613166656230313832356136346439326232343166
|
38646232386263356566373561353130616539346630613363313163363262356264653233313862
|
||||||
38323934396561386138323739396166303132396234386435633965663139643234396434333163
|
34386331363236386534353534616531643264613764343362646366393435383332653664353363
|
||||||
66346634393330306638383430616433333361623861623864356563366162313830393334616138
|
62333935363132373434613038353632643336633136656266316466373734646234636638316265
|
||||||
32346633396662636633373637363262656165316434333139346530303562356236306637643365
|
62646261396465623561633964313065626361316630353965616233356565343834656563353830
|
||||||
65613361373637383936633431396636356634656333343537353762383537353035616131633732
|
38346361336237646331366632633130613330336637326163663463386233643734356165666431
|
||||||
38303736636136393039613537613831633139363338656239613261383637653332333737323034
|
61396263656237333138356231306437653337656133663031303031616437633564613733316264
|
||||||
61303839636330396139346436336663643531613364383134613061646136646236636364636662
|
63633930353033636235653961393330326635626666626235336334653762373262633739356263
|
||||||
33666564623731343264306638303333326463323363306439333762306434306235643530663931
|
32323532333463653937386430663437303238313130643435353739393639303033343865323736
|
||||||
63623932373737373539393230326538643739653734306131366365303638313263316635633439
|
35366139643166626364373663333266376133636433653261316566366630396666336637326664
|
||||||
34343231663761393266636537353330643361306139653734383466666662623931616665663239
|
30343039633133626435363364346666613732666335313865326234366136366130616334396338
|
||||||
65633136636333316266616433396166326333303033646162656466363931313539343035623666
|
61663461623432303930623261336464643830303631396430363637383838616432356634303332
|
||||||
63346162386533373334633261383237376330643738663761636166653033303933613630653835
|
61346536313035376139313638393737393136643366366364363862383335353533313534366534
|
||||||
66313439663732356539363833616338356337666335316136623231383161656362653561653565
|
61356136366465373530393835613834366665653334376539303462336138646438653039306261
|
||||||
33616437643533386263393733636666373237663132343432636664633535653535316134313266
|
36613736323566636634666331396463623439323063356232306631616135623231336439303739
|
||||||
66363362383662313632633535613635656364323939313466303634646237653061353766373831
|
65393837653837336235396532323465656463636238643038383363616633383866333633663831
|
||||||
62303366366564653231613863633564303637346262336535386366663034663832663762666132
|
61363634356634636265663837306232303362313564323463303363323931396438646337363161
|
||||||
64333630666463653266333430386135386436643939393964303230366538336562333737616639
|
61313033343532336563393632373830326631616462616263346363636566663966396330386464
|
||||||
65646566663363313430396132653832646263393739656564653138353637373362613261366230
|
62613039323065343838653439303333396536366537313335353834613338623961646235633764
|
||||||
62616561303735316230626134353266613938326563326232623361656364623062326365343534
|
30333032323333663530613736313765343364363433366436666134623663653336386632333437
|
||||||
62346433373965336430326632333634306463343934393830393165393933323439393534386665
|
64386639636237333138323431333234316432366236613530376234636438356531636630396431
|
||||||
32373235353037626638343066386563663431356465353039353338643835653166333761386433
|
63643833366136363962346632616161363565336163313764383030303337346565613939383563
|
||||||
64333338306661346436373238646134653233666565653834303935303235653661343366653563
|
65306137633965326534356666346238363137323233336561643333386265613863396338383134
|
||||||
63356566633730303033376230356363326561663232386161333566616334623236663562613234
|
35363135303232376364306234323435356330333061613663326563343533636165356537336536
|
||||||
63646561623565366332313837353461313566653531356662613663323065613035323731323832
|
61656131343966346365396133666662393930663237643134383963303766306534633034356335
|
||||||
31386166623935373139356239353037633363313531396466363735613332653430396161303366
|
37633732393266633965616330643061616664336430643630633033326335643438373737653164
|
||||||
37376238333831306231393433313734303839376132656532616461356662383430303532373937
|
34633737303533666335306466306330343233326531343065666138633166383664333130653864
|
||||||
39303634303762373736626439323830353665343162363531376134616466303762633535343866
|
37623730333532633936316461333066313065316664383934343731616430366135346138663531
|
||||||
3162
|
33353134333934376663336366663036383630393031303731653332373335333131633136616537
|
||||||
|
33666266373439346633373735643339653333626237623530346436306438396332613863346264
|
||||||
|
30346431393735326566393633626535383538343866653262653330366330623930646631663961
|
||||||
|
38656138313932623131613537376139666137653063313339666333313364343738306439656264
|
||||||
|
32346533646465376135376531383132396337653966393133316436616563613135353863653064
|
||||||
|
31373466616135393036333037623164346539323463333037613030386666396363353364396439
|
||||||
|
39616536646638623739623834363662643566393430623632646434336162316362653434343337
|
||||||
|
36623334303866343533623538663531303366343136636631376334653636313264376330313836
|
||||||
|
66333131343062373138663330313633623166303337306466313362343034316364666666373965
|
||||||
|
36373933343338646333373962623034353631623535306230346663373530346438386334303536
|
||||||
|
62366666646263303764303330353835633163363666303133333730343263613039346162356532
|
||||||
|
37323133613037313430366238313261633165643563666239623730653164666264633964626461
|
||||||
|
31323536623335636333393338333166346336323132373466396432613133613933356232373532
|
||||||
|
30653564323031636231343232646165653163393663663731313033323763663965356466366562
|
||||||
|
33303830656238653164646161366265636566393436323135356630393033316337363361306363
|
||||||
|
30393766636237336466353431616130653961326431323161313234333963643032393061303265
|
||||||
|
33396664336535353164643462303636616265306338333634376664323837303238623638313266
|
||||||
|
37643861343034646532626164353238373031633861623663316638333039643036353932323962
|
||||||
|
39616136653639313232326362663834333363633562646563393561396464383765616230333230
|
||||||
|
39663939326332333362
|
||||||
|
|
32
group_vars/all/secrets.yml.contents
Normal file
32
group_vars/all/secrets.yml.contents
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# These are the variables contained in secrets.yml
|
||||||
|
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||||
|
|
||||||
|
postgres_passwords:
|
||||||
|
fider: xxx
|
||||||
|
nextcloud: xxx
|
||||||
|
passit: xxx
|
||||||
|
gitea: xxx
|
||||||
|
matrix: xxx
|
||||||
|
codimd: xxx
|
||||||
|
mailu: xxx
|
||||||
|
ttrss: xxx
|
||||||
|
|
||||||
|
fider_jwt_secret: xxx
|
||||||
|
|
||||||
|
ldap_admin_password: xxx
|
||||||
|
ldap_config_password: xxx
|
||||||
|
|
||||||
|
passit_secret_key: xxx
|
||||||
|
|
||||||
|
docker_password: xxx
|
||||||
|
|
||||||
|
mailu_secret_key: xxx
|
||||||
|
|
||||||
|
drone_secrets:
|
||||||
|
oauth_client_id: xxx
|
||||||
|
oauth_client_secret: xxx
|
||||||
|
rpc_shared_secret: xxx
|
||||||
|
|
||||||
|
restic_secrets:
|
||||||
|
user_secret: xxx
|
||||||
|
encryption_secret: xxx
|
|
@ -23,9 +23,11 @@
|
||||||
- docker_registry
|
- docker_registry
|
||||||
- drone
|
- drone
|
||||||
- websites
|
- websites
|
||||||
|
- ulovliglogning-dk
|
||||||
- ouroboros
|
- ouroboros
|
||||||
- mailu
|
- mailu
|
||||||
- portainer
|
- portainer
|
||||||
|
# - tt-rss
|
||||||
|
|
||||||
smtp_host: "postfix"
|
smtp_host: "postfix"
|
||||||
smtp_port: "587"
|
smtp_port: "587"
|
||||||
|
|
|
@ -19,6 +19,7 @@ gitea:
|
||||||
|
|
||||||
passit:
|
passit:
|
||||||
domain: "passit.{{ base_domain }}"
|
domain: "passit.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
|
|
||||||
fider:
|
fider:
|
||||||
domain: "feedback.{{ base_domain }}"
|
domain: "feedback.{{ base_domain }}"
|
||||||
|
@ -28,7 +29,9 @@ matrix:
|
||||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
domain: "riot.{{ base_domain }}"
|
domains:
|
||||||
|
- "riot.{{ base_domain }}"
|
||||||
|
- "element.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/riot"
|
volume_folder: "{{ volume_root_folder }}/riot"
|
||||||
|
|
||||||
privatebin:
|
privatebin:
|
||||||
|
@ -49,10 +52,25 @@ docker_registry:
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
|
|
||||||
data_coop_website:
|
data_coop_website:
|
||||||
domain: "{{ base_domain }}"
|
domains:
|
||||||
|
- "{{ base_domain }}"
|
||||||
|
- "www.{{ base_domain }}"
|
||||||
|
|
||||||
cryptohagen_website:
|
cryptohagen_website:
|
||||||
domain: "cryptohagen.dk"
|
domains:
|
||||||
|
- "cryptohagen.dk"
|
||||||
|
- "www.cryptohagen.dk"
|
||||||
|
|
||||||
|
ulovliglogning_website:
|
||||||
|
domains:
|
||||||
|
- "ulovliglogning.dk"
|
||||||
|
- "www.ulovliglogning.dk"
|
||||||
|
- "ulovlig-logning.dk"
|
||||||
|
|
||||||
|
cryptoaarhus_website:
|
||||||
|
domains:
|
||||||
|
- "cryptoaarhus.dk"
|
||||||
|
- "www.cryptoaarhus.dk"
|
||||||
|
|
||||||
drone:
|
drone:
|
||||||
domain: "drone.{{ base_domain }}"
|
domain: "drone.{{ base_domain }}"
|
||||||
|
@ -69,3 +87,6 @@ portainer:
|
||||||
domain: "portainer.{{ base_domain }}"
|
domain: "portainer.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
|
|
||||||
|
ttrss:
|
||||||
|
domain: rss.{{ base_domain }}
|
||||||
|
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||||
|
|
|
@ -54,6 +54,10 @@ soft_file_limit: 0
|
||||||
# Set to false to disable presence tracking on this homeserver.
|
# Set to false to disable presence tracking on this homeserver.
|
||||||
use_presence: true
|
use_presence: true
|
||||||
|
|
||||||
|
# If set to 'false', forbids any other homeserver to fetch the server's public
|
||||||
|
# rooms directory via federation.
|
||||||
|
allow_public_rooms_over_federation: true
|
||||||
|
|
||||||
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
||||||
#
|
#
|
||||||
#gc_thresholds: [700, 10, 10]
|
#gc_thresholds: [700, 10, 10]
|
||||||
|
@ -411,7 +415,7 @@ uploads_path: "/data/uploads"
|
||||||
|
|
||||||
# The largest allowed upload size in bytes
|
# The largest allowed upload size in bytes
|
||||||
#
|
#
|
||||||
max_upload_size: "10M"
|
max_upload_size: "50M"
|
||||||
|
|
||||||
# Maximum number of pixels that will be thumbnailed
|
# Maximum number of pixels that will be thumbnailed
|
||||||
#
|
#
|
||||||
|
@ -881,7 +885,7 @@ password_config:
|
||||||
|
|
||||||
# Whether to allow non server admins to create groups on this server
|
# Whether to allow non server admins to create groups on this server
|
||||||
#
|
#
|
||||||
enable_group_creation: false
|
enable_group_creation: true
|
||||||
|
|
||||||
# If enabled, non server admins can only create groups with local parts
|
# If enabled, non server admins can only create groups with local parts
|
||||||
# starting with this prefix
|
# starting with this prefix
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
listen 8008;
|
listen 8008;
|
||||||
|
client_max_body_size 50M; # default is 1M
|
||||||
|
|
1
roles/docker/files/configs/matrix/vhost-riot
Normal file
1
roles/docker/files/configs/matrix/vhost-riot
Normal file
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 50M; # default is 1M
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"default_hs_url": "https://{{ matrix.domain }}",
|
"default_hs_url": "https://{{ matrix.domain }}",
|
||||||
"default_is_url": "https://vector.im",
|
"default_is_url": "https://vector.im",
|
||||||
"brand": "riot.data.coop",
|
"brand": "element.data.coop",
|
||||||
"integrations_ui_url": "https://scalar.vector.im/",
|
"integrations_ui_url": "https://scalar.vector.im/",
|
||||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||||
"integrations_widgets_urls": [
|
"integrations_widgets_urls": [
|
||||||
|
|
|
@ -3,14 +3,6 @@
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup network for postfix
|
|
||||||
docker_network:
|
|
||||||
name: postfix
|
|
||||||
ipam_options:
|
|
||||||
subnet: '172.16.0.0/16'
|
|
||||||
gateway: 172.16.0.1
|
|
||||||
|
|
||||||
|
|
||||||
- name: setup services
|
- name: setup services
|
||||||
include_tasks: "services/{{ item }}.yml"
|
include_tasks: "services/{{ item }}.yml"
|
||||||
with_items: "{{ services }}"
|
with_items: "{{ services }}"
|
||||||
|
|
|
@ -1,21 +1,51 @@
|
||||||
---
|
---
|
||||||
- name: Drone container
|
- name: set up drone with docker runner
|
||||||
docker_container:
|
docker_compose:
|
||||||
name: drone
|
project_name: drone
|
||||||
image: drone/drone:latest
|
pull: yes
|
||||||
restart_policy: unless-stopped
|
definition:
|
||||||
networks:
|
version: "3.6"
|
||||||
- name: external_services
|
services:
|
||||||
volumes:
|
drone:
|
||||||
- "{{ drone.volume_folder }}:/data"
|
container_name: "drone"
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
image: drone/drone:1
|
||||||
env:
|
restart: unless-stopped
|
||||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
networks:
|
||||||
DRONE_GITEA_ALWAYS_AUTH: "False"
|
- external_services
|
||||||
DRONE_RUNNER_CAPACITY: "2"
|
- drone
|
||||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
volumes:
|
||||||
DRONE_SERVER_PROTO: "https"
|
- "{{ drone.volume_folder }}:/data"
|
||||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
environment:
|
||||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||||
|
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: "https"
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||||
|
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
drone-runner-docker:
|
||||||
|
container_name: "drone-runner-docker"
|
||||||
|
image: "drone/drone-runner-docker:1"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- drone
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_RPC_HOST: "{{ drone.domain }}"
|
||||||
|
DRONE_RPC_PROTO: "https"
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
drone:
|
||||||
|
external_services:
|
||||||
|
external:
|
||||||
|
name: external_services
|
|
@ -1,9 +1,13 @@
|
||||||
---
|
---
|
||||||
|
- name: gitea network
|
||||||
|
docker_network:
|
||||||
|
name: gitea
|
||||||
|
|
||||||
# old DNS: 138.68.71.153
|
# old DNS: 138.68.71.153
|
||||||
- name: gitea container
|
- name: gitea container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: gitea
|
name: gitea
|
||||||
image: gitea/gitea:latest
|
image: gitea/gitea:1.12.3
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: gitea
|
- name: gitea
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
force: yes
|
force: yes
|
||||||
|
|
||||||
- name: run mail server containers
|
- name: run mail server containers
|
||||||
docker_service:
|
docker_compose:
|
||||||
project_name: mail_server
|
project_name: mail_server
|
||||||
pull: yes
|
pull: yes
|
||||||
definition:
|
definition:
|
||||||
|
@ -78,6 +78,7 @@
|
||||||
- "993:993"
|
- "993:993"
|
||||||
- "25:25"
|
- "25:25"
|
||||||
- "587:587"
|
- "587:587"
|
||||||
|
- "465:465"
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
- external_services
|
- external_services
|
||||||
|
|
|
@ -46,6 +46,11 @@
|
||||||
src: files/configs/matrix/vhost-matrix
|
src: files/configs/matrix/vhost-matrix
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||||
|
|
||||||
|
- name: upload vhost config for riot domain
|
||||||
|
template:
|
||||||
|
src: files/configs/matrix/vhost-riot
|
||||||
|
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
|
||||||
|
|
||||||
- name: upload homeserver.yaml
|
- name: upload homeserver.yaml
|
||||||
template:
|
template:
|
||||||
src: "files/configs/matrix/homeserver.yaml"
|
src: "files/configs/matrix/homeserver.yaml"
|
||||||
|
@ -57,7 +62,7 @@
|
||||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||||
|
|
||||||
- name: set up matrix and riot
|
- name: set up matrix and riot
|
||||||
docker_service:
|
docker_compose:
|
||||||
project_name: matrix
|
project_name: matrix
|
||||||
pull: yes
|
pull: yes
|
||||||
definition:
|
definition:
|
||||||
|
@ -77,17 +82,18 @@
|
||||||
|
|
||||||
matrix_app:
|
matrix_app:
|
||||||
container_name: matrix
|
container_name: matrix
|
||||||
image: matrixdotorg/synapse:v0.99.2
|
image: matrixdotorg/synapse:v1.18.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
- external_services
|
- external_services
|
||||||
ports:
|
ports:
|
||||||
- 8008
|
- 8008
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ matrix.volume_folder }}/data:/data"
|
- "{{ matrix.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||||
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
SYNAPSE_LOG_LEVEL: "INFO"
|
SYNAPSE_LOG_LEVEL: "INFO"
|
||||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
VIRTUAL_HOST: "{{ matrix.domain }}"
|
||||||
VIRTUAL_PORT: "8008"
|
VIRTUAL_PORT: "8008"
|
||||||
|
@ -96,7 +102,7 @@
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
container_name: riot_app
|
container_name: riot_app
|
||||||
image: avhost/docker-matrix-riot:v1.0.3
|
image: avhost/docker-matrix-riot:v1.7.3
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
|
@ -104,14 +110,14 @@
|
||||||
ports:
|
ports:
|
||||||
- 8080
|
- 8080
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ riot.volume_folder }}/data:/data"
|
- "{{ riot.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ riot.domain }}"
|
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
||||||
VIRTUAL_PORT: "8080"
|
VIRTUAL_PORT: "8080"
|
||||||
LETSENCRYPT_HOST: "{{ riot.domain }}"
|
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
external_services:
|
external_services:
|
||||||
external:
|
external:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
|
@ -21,5 +21,7 @@
|
||||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
PGID: "999"
|
PGID: "999"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -14,5 +14,5 @@
|
||||||
LABELS_ONLY: "true"
|
LABELS_ONLY: "true"
|
||||||
CLEANUP: "true"
|
CLEANUP: "true"
|
||||||
LATEST: "true"
|
LATEST: "true"
|
||||||
CRON: "*/1 * * * *"
|
CRON: "*/10 * * * *"
|
||||||
|
|
|
@ -1,45 +1,47 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: passit network
|
- name: setup passit containers
|
||||||
docker_network:
|
docker_compose:
|
||||||
name: passit
|
project_name: "passit"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
|
||||||
- name: passit database volume
|
passit_db:
|
||||||
docker_volume:
|
image: "postgres:10"
|
||||||
name: passit_db
|
restart: "always"
|
||||||
|
networks:
|
||||||
|
- "passit"
|
||||||
|
volumes:
|
||||||
|
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "passit"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
- name: passit database container
|
passit_app:
|
||||||
docker_container:
|
image: "passit/passit:stable"
|
||||||
name: passit_db
|
command: "bin/start.sh"
|
||||||
image: postgres:10
|
restart: "always"
|
||||||
state: started
|
networks:
|
||||||
restart_policy: always
|
- "passit"
|
||||||
networks:
|
- "postfix"
|
||||||
- name: passit
|
- "external_services"
|
||||||
volumes:
|
environment:
|
||||||
- passit_db:/var/lib/postgresql/data
|
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
||||||
env:
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
POSTGRES_USER: passit
|
IS_DEBUG: 'False'
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
|
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||||
|
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||||
|
|
||||||
- name: passit app container
|
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||||
docker_container:
|
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||||
name: passit
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
image: passit/passit:stable
|
|
||||||
command: bin/start.sh
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: passit
|
|
||||||
- name: postfix
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
|
||||||
SECRET_KEY: "{{ passit_secret_key }}"
|
|
||||||
IS_DEBUG: 'False'
|
|
||||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
|
||||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
networks:
|
||||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
passit:
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -8,7 +8,7 @@
|
||||||
- name: run portainer
|
- name: run portainer
|
||||||
docker_container:
|
docker_container:
|
||||||
name: portainer
|
name: portainer
|
||||||
image: portainer/portainer
|
image: portainer/portainer-ce:2.0.1
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
|
@ -19,5 +19,6 @@
|
||||||
- 9001:9000
|
- 9001:9000
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||||
|
VIRTUAL_PORT: "9000"
|
||||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: setup network for postfix
|
||||||
|
docker_network:
|
||||||
|
name: postfix
|
||||||
|
ipam_config:
|
||||||
|
- subnet: '172.16.0.0/16'
|
||||||
|
gateway: 172.16.0.1
|
||||||
|
|
||||||
- name: setup postfix docker container for outgoing mail
|
- name: setup postfix docker container for outgoing mail
|
||||||
docker_container:
|
docker_container:
|
||||||
name: postfix
|
name: postfix
|
||||||
|
|
38
roles/docker/tasks/services/restic-backup.yml
Normal file
38
roles/docker/tasks/services/restic-backup.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: setup restic backup
|
||||||
|
docker_compose:
|
||||||
|
project_name: restic_backup
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: '3.6'
|
||||||
|
services:
|
||||||
|
restic-backup:
|
||||||
|
image: mazzolino/restic
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: "true"
|
||||||
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||||
|
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||||
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
--tag datacoop-volumes
|
||||||
|
--exclude='*.tmp'
|
||||||
|
--verbose
|
||||||
|
RESTIC_FORGET_ARGS: >-
|
||||||
|
--keep-last 10
|
||||||
|
--keep-daily 7
|
||||||
|
--keep-weekly 5
|
||||||
|
--keep-monthly 12
|
||||||
|
TZ: Europe/Copenhagen
|
||||||
|
volumes:
|
||||||
|
- /docker-volumes:/mnt/volumes:ro
|
||||||
|
|
||||||
|
restic-prune:
|
||||||
|
image: "mazzolino/restic"
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: "true"
|
||||||
|
PRUNE_CRON: "0 0 4 * * *"
|
||||||
|
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||||
|
TZ: Europe/copenhagen
|
53
roles/docker/tasks/services/tt-rss.yml
Normal file
53
roles/docker/tasks/services/tt-rss.yml
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
- name: create tt-rss folders
|
||||||
|
file:
|
||||||
|
name: "{{ ttrss.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "config"
|
||||||
|
- "db"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: "set up tt-rss"
|
||||||
|
docker_compose:
|
||||||
|
project_name: "tt-rss"
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
ttrss_db:
|
||||||
|
container_name: "ttrss_db"
|
||||||
|
image: "postgres:11"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "ttrss"
|
||||||
|
volumes:
|
||||||
|
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "ttrss"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
|
||||||
|
|
||||||
|
ttrss_app:
|
||||||
|
container_name: ttrss_app
|
||||||
|
image: "linuxserver/tt-rss"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- ttrss
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ ttrss.volume_folder }}/config:/config"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ ttrss.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
TZ: "Europe/Copenhagen"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external:
|
||||||
|
name: external_services
|
||||||
|
ttrss:
|
||||||
|
name: "ttrss"
|
13
roles/docker/tasks/services/ulovliglogning-dk.yml
Normal file
13
roles/docker/tasks/services/ulovliglogning-dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
- name: setup ulovliglogning.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: ulovliglogning_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: ulovliglogning/ulovliglogning.dk:latest
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
|
@ -8,11 +8,25 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ data_coop_website.domain }}"
|
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
|
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.ouroboros.enable: "true"
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
|
- name: setup new data.coop website using hugo
|
||||||
|
docker_container:
|
||||||
|
name: new.data.coop_website
|
||||||
|
image: docker.data.coop/data-coop-website:hugo
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
- name: setup cryptohagen.dk website docker container
|
- name: setup cryptohagen.dk website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
|
@ -22,8 +36,22 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
|
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
|
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.ouroboros.enable: "true"
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
|
- name: setup cryptoaarhus.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: cryptoaarhus_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: docker.data.coop/cryptoaarhus-website
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
|
@ -41,7 +41,7 @@ POSTMASTER=admin
|
||||||
TLS_FLAVOR=mail
|
TLS_FLAVOR=mail
|
||||||
|
|
||||||
# Authentication rate limit (per source IP address)
|
# Authentication rate limit (per source IP address)
|
||||||
AUTH_RATELIMIT=10/minute;1000/hour
|
AUTH_RATELIMIT=120/minute;1200/hour
|
||||||
|
|
||||||
# Opt-out of statistics, replace with "True" to opt out
|
# Opt-out of statistics, replace with "True" to opt out
|
||||||
DISABLE_STATISTICS=False
|
DISABLE_STATISTICS=False
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Install necessary packages
|
- name: Install necessary packages via apt
|
||||||
apt:
|
apt:
|
||||||
name: "{{ packages }}"
|
name: "{{ packages }}"
|
||||||
vars:
|
vars:
|
||||||
|
@ -8,4 +8,11 @@
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- apparmor
|
- apparmor
|
||||||
- haveged
|
- haveged
|
||||||
|
|
||||||
|
- name: Install necessary packages via pip
|
||||||
|
pip:
|
||||||
|
name: "{{ packages }}"
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
- docker
|
||||||
|
- docker-compose
|
Loading…
Reference in a new issue