forked from data.coop/ansible
Compare commits
20 commits
gitea-secu
...
master
Author | SHA1 | Date | |
---|---|---|---|
Jesper Hess | 04b3fb4baa | ||
Jesper Hess | c2f1f10e0d | ||
Reynir Björnsson | 9e0fcfc4a7 | ||
Reynir Björnsson | 68c82a785b | ||
Jesper Hess | 682e205c0b | ||
Jesper Hess | e64c858df8 | ||
Jesper Hess | c0bd431d3c | ||
Jesper Hess | a5a2d38b0c | ||
Jesper Hess | c34d9fcb90 | ||
Jesper Hess | 5294b5f230 | ||
Jesper Hess | 270b7aa0e1 | ||
Jesper Hess | b6c2db6434 | ||
Jesper Hess | 2af5165349 | ||
Jesper Hess | ca6c3a96a1 | ||
Jesper Hess | e6ee76ddde | ||
Jesper Hess | 19e7a397e3 | ||
Jesper Hess | 2c8482a5ab | ||
Jesper Hess | 3999db2eff | ||
Reynir Björnsson | 43f39c981d | ||
Jesper Hess | b39df6003b |
|
@ -1,73 +1,102 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
34376131343263336262656463373830643861336631626539643663333239313831626236306530
|
32336562633266653862666430393834306131343538636136643866306639313132383063393335
|
||||||
3335623130653432636133356363656465346366303062370a346130326536366638633536613161
|
3437383263343337323637616330383761346661383065390a396466663135313433643830316439
|
||||||
62623334363537636634373231353564396362343330623562383939373538633066616565306235
|
65626336303339653730643435353366633839366165393463663031333030356464373338353765
|
||||||
3332323863353334640a396462313862366362366535383737376333383361303065383937396530
|
3662646137623936650a633038376161633737376432306466663938333838333339626235663362
|
||||||
38326331396333396263363762346331356431623532343938613834663830393337646666336435
|
34303237306533343435346361346461613339323931666461313261623936653936656439663139
|
||||||
66356439333434356165613030306138666163653934386233663362646534303737323030636234
|
39666639616234653565303235313866636463656237363861636366666433393631366364623534
|
||||||
31616132613830363136666639386462363135656432373236393034316664363637663336366435
|
39313638363231646539383133383938353439356335313263656362376538623531636166383233
|
||||||
64373238633064623735666335636231656231666434383066313336303137333663333031363638
|
32653461653965303835613833383736396563306436623762613138343665343461623964666464
|
||||||
31643733336535383338376631656439633962653262356335383638373764353530643234303935
|
31363836343534616235323238663262343963376133636337333937353732623938616434333666
|
||||||
62383930393634613530643739643335616164633038326638356135623561326165376530363461
|
37386231356633653034656130383463643065373935633334653766396539326262646465376338
|
||||||
37373032393331653261373538633065333662393366666161396638383932393331623766343035
|
31346134356162613266393132313839363166623562316230313338373062393535363236363133
|
||||||
30333335663039323931306162313538373334393335306132626336643363323839633761383063
|
62653261663865323933323061353864643435323538633733363030356636653162616237323839
|
||||||
35343632363837383132656437303138303764316439343663303964396463363638336533653930
|
33636235396166326336303133613431326231356434383431623366386437303162396234626563
|
||||||
39303236353766373131623363653835666439333164366563346164626464633633363163323864
|
66333232343234613661363339653234343333323965353537353337303964653066356664303265
|
||||||
65363961393237666433623565343832306663323862666333343665376135646132363466616364
|
62333237343334333836623566643633656134353034623630323361376562353464636538623664
|
||||||
62356331666432336661343762333961333634396466333465633164326239386266643230393566
|
65313435316533633834303734636233333164616230393664646261663133323536356338323430
|
||||||
36376461373631636630303861313538333834646461663539623738636636626537656438646431
|
38623734366530313461653062376136336634386132333138666439326636373536636134333432
|
||||||
38383436393238363038313563633634396335346138626666366437333433383039363332623639
|
61396432353962366333373961323263633036656362653330393236333737306664633335313438
|
||||||
31396165346431333838393164616339656634346561313737306562343562323030613266633263
|
34383335313933613930376436323236343539363035323461333366646462623961633933313432
|
||||||
61333263653938653034356631333664323630306461346532626533363665363133376232316132
|
38656530653336306130313932393162626437383736393162656364333162623831356163303365
|
||||||
61346431383230656134373630653264363430383561313866363235333435633966386266653964
|
66343433316131313332346537343863343966323765373035306661366633336261306661363966
|
||||||
33363534343634343232373036633330613038303437333033313061313932373739343663303931
|
39326131336561633463613731396663336639613634636631373435623263353961323539623162
|
||||||
34333833386638353436653831623835323032303134366635613735643662636336616464313330
|
30383831393164373632336265373662663936336131306563323833643236616338653835633832
|
||||||
36633335613630663233326166633565386238656236633261396235363165656333333235643137
|
33383530623733386564373935663437613366633536386131363465363466306632373535646661
|
||||||
32623461663562313533333835396233383330613661646431646365343430626662326638653330
|
62616531363737336536616132343034663038623665666636613232663666303164663661366232
|
||||||
38646232386263356566373561353130616539346630613363313163363262356264653233313862
|
33626536336435323031663662383836326331633262386634393333373630343431333461393234
|
||||||
34386331363236386534353534616531643264613764343362646366393435383332653664353363
|
33656664666466623262353533363833616663303637393164633633336438393131366261326230
|
||||||
62333935363132373434613038353632643336633136656266316466373734646234636638316265
|
63623266353432613832633163663363663964303461386366373236386131376336623138366134
|
||||||
62646261396465623561633964313065626361316630353965616233356565343834656563353830
|
33626234383661646637323062363265623630663061353630313466626632623062386638643433
|
||||||
38346361336237646331366632633130613330336637326163663463386233643734356165666431
|
36333262666562396433393866393362303134616664616531386637336233306334383434616238
|
||||||
61396263656237333138356231306437653337656133663031303031616437633564613733316264
|
62353237396432353335316631336265326135616430383735353638346339623539393064373365
|
||||||
63633930353033636235653961393330326635626666626235336334653762373262633739356263
|
66336463653139323962333065666363363733376161613434363830663161303735306264396339
|
||||||
32323532333463653937386430663437303238313130643435353739393639303033343865323736
|
35643535326130313033636135656634303731323030623131613866653932346665343365343537
|
||||||
35366139643166626364373663333266376133636433653261316566366630396666336637326664
|
30393534346438343833336262646161643665613639373835336438663664643763323735646566
|
||||||
30343039633133626435363364346666613732666335313865326234366136366130616334396338
|
30303339386131353863643463383333616432333262633962656434343563323165366533643730
|
||||||
61663461623432303930623261336464643830303631396430363637383838616432356634303332
|
36646431336361316234393731373563656164646437636536353530343731373531373932313633
|
||||||
61346536313035376139313638393737393136643366366364363862383335353533313534366534
|
61363462386663333465333465363864643039346238303635323362646335363037323437633462
|
||||||
61356136366465373530393835613834366665653334376539303462336138646438653039306261
|
62373839666639326465383766333462356635636163376366373764373462386430616566386564
|
||||||
36613736323566636634666331396463623439323063356232306631616135623231336439303739
|
39353662346632623661326238306136373364343231303664626630663761643433393033633335
|
||||||
65393837653837336235396532323465656463636238643038383363616633383866333633663831
|
62336232376134656537383632643730303330353533626634633138383163356533646461656230
|
||||||
61363634356634636265663837306232303362313564323463303363323931396438646337363161
|
31373733326436323937373537363839653034356137343864656364313831336235396530373265
|
||||||
61313033343532336563393632373830326631616462616263346363636566663966396330386464
|
31663035326365373033313030363032343030346635343333656637343961303861393336316134
|
||||||
62613039323065343838653439303333396536366537313335353834613338623961646235633764
|
35383635393737643935646334373865386637373636303162363562326239326433396466396435
|
||||||
30333032323333663530613736313765343364363433366436666134623663653336386632333437
|
66336235373238326662323763333733636635313862653233353165346233313663353164383937
|
||||||
64386639636237333138323431333234316432366236613530376234636438356531636630396431
|
37373934343261373462373832363633323438663536356133343464316563316362343932396234
|
||||||
63643833366136363962346632616161363565336163313764383030303337346565613939383563
|
30343335396562336433353233306132656239663036663064653235376264653933363636326132
|
||||||
65306137633965326534356666346238363137323233336561643333386265613863396338383134
|
33353064663930626330386562396564323965393432353430326362616235353464623861313336
|
||||||
35363135303232376364306234323435356330333061613663326563343533636165356537336536
|
37363333623736306632643931356138373031363938363966616632666236346265323562306538
|
||||||
61656131343966346365396133666662393930663237643134383963303766306534633034356335
|
39303365613463393964376536383431326661323237616538353333373930616438633630633961
|
||||||
37633732393266633965616330643061616664336430643630633033326335643438373737653164
|
35303436353231373133666165306534346137396662653736343135303431613438363864616237
|
||||||
34633737303533666335306466306330343233326531343065666138633166383664333130653864
|
65643338633065663266303232643264316564373066663038306632653962626336346639393061
|
||||||
37623730333532633936316461333066313065316664383934343731616430366135346138663531
|
33326638323066323264353338636535336363376639646233336234643137646262666238363865
|
||||||
33353134333934376663336366663036383630393031303731653332373335333131633136616537
|
34623236396437623539653466653331326434643036663930333065393836383265613036393233
|
||||||
33666266373439346633373735643339653333626237623530346436306438396332613863346264
|
64333530636138356361643635613933313335636662646666656131613834376632313734373261
|
||||||
30346431393735326566393633626535383538343866653262653330366330623930646631663961
|
66626262373630386337303539323332343831373731643830323661656435626266386633366666
|
||||||
38656138313932623131613537376139666137653063313339666333313364343738306439656264
|
38626330663635623262336435373432383066393335633261383633343633616564353135613334
|
||||||
32346533646465376135376531383132396337653966393133316436616563613135353863653064
|
34616663333562643232333133626433313265316561633638633236343334323337643066386363
|
||||||
31373466616135393036333037623164346539323463333037613030386666396363353364396439
|
33316637303533393165656665373931313666616330316465643531303730333036613965383161
|
||||||
39616536646638623739623834363662643566393430623632646434336162316362653434343337
|
65346133303835643134643030373966636632663937343434633263633161366236613039313866
|
||||||
36623334303866343533623538663531303366343136636631376334653636313264376330313836
|
63343362303866313732326438393262643630633461316534313638343230653462636330363437
|
||||||
66333131343062373138663330313633623166303337306466313362343034316364666666373965
|
36613561366235646465326163343165633764333466643766316235396534363366366238626161
|
||||||
36373933343338646333373962623034353631623535306230346663373530346438386334303536
|
32656566386130623962643865643562623338353939306463663034653939383864356164316332
|
||||||
62366666646263303764303330353835633163363666303133333730343263613039346162356532
|
34396661303364323430323764346438393165313430623464373436323337303966613437626136
|
||||||
37323133613037313430366238313261633165643563666239623730653164666264633964626461
|
34303166396636666237383138636230306161323161343738353062383262373631643637366139
|
||||||
31323536623335636333393338333166346336323132373466396432613133613933356232373532
|
36313033623162366530366130376338623634363661623965643364666330313066646233303963
|
||||||
30653564323031636231343232646165653163393663663731313033323763663965356466366562
|
65353137616236396266336238346562343331363964356237356132303734326138646164663961
|
||||||
33303830656238653164646161366265636566393436323135356630393033316337363361306363
|
62383761663837326431343939666432663132396464646439626364373833653164313931353631
|
||||||
30393766636237336466353431616130653961326431323161313234333963643032393061303265
|
34633737333961646137663764363763356138396264353534303236633135643936313039303565
|
||||||
33396664336535353164643462303636616265306338333634376664323837303238623638313266
|
37663937613961643563346130653536653236346165633333383666623961303138363961646138
|
||||||
37643861343034646532626164353238373031633861623663316638333039643036353932323962
|
36613062346562326537656236343835383663386235353638653861613865333635333161326337
|
||||||
39616136653639313232326362663834333363633562646563393561396464383765616230333230
|
66343664373262383164313838393261663566393838633364363931653164613663643966643063
|
||||||
39663939326332333362
|
39656261643733663763383339653433616231653737623865353038646331373334666232346334
|
||||||
|
39653730613439393532326430623239666239616361313738343738376536303839623938396439
|
||||||
|
37393134343333383430303963356563633862336134373962306634613261653131636631626638
|
||||||
|
35613635643336306435643832383761353465633537666563333763646338656164333661666462
|
||||||
|
38643765313865626535326136343365643362373234326262366332653264363863646539366630
|
||||||
|
36623635396635363636373139383530633332386263656339396433653936333834656631373637
|
||||||
|
65663564353938623737303332373261623862646566386230313865643835323231373933303165
|
||||||
|
39356561656534326661346636633933613532373137393737623737383134333132363436373630
|
||||||
|
63653139356565356566663532313736613437623634313236663537376462383465613332656233
|
||||||
|
65306131356165366131633432383730356163326561326332346535373738636333333165666365
|
||||||
|
31636564303838333061323063653135623162636464656263613538306561303361633864383634
|
||||||
|
35613164386334646338613661356134303766393239366530666137376362646263333530623565
|
||||||
|
34643166313038376136643032393630303435376631336366343632383735626335333232303463
|
||||||
|
33643363313434363633393964323064653966353161636135633264333766386266646366316132
|
||||||
|
63303935356138356566306234356435343961356166646430633335386435366666333234636465
|
||||||
|
36336439663731643663353732353261313037363231306430373962613838616238313662343761
|
||||||
|
33316335316236626631636636386137376263323862306262316366663039396334326564303762
|
||||||
|
34623562363839386439366639323662393831653530663463396230663133396466326363303065
|
||||||
|
35646635323439323062333864336332333938663536373834663535643832316532313262326265
|
||||||
|
63376436356662663165616532613963303030613166663865376531613031383865363864333238
|
||||||
|
33616230336263306434643933356530303163653232323331643731353134353939363762303933
|
||||||
|
32363061346537666637663733346431643164323364363133316265306336626466353366313635
|
||||||
|
66653162643533316162363035373532656239356434623761666663626366663336376539656537
|
||||||
|
31323561356363393038323762646633323461666263633937313264346364356439343761623337
|
||||||
|
34643731393763323339653636656565663665646431313531616337616363373764626334656264
|
||||||
|
66633366346137613032313865666363613530643663373834313731353437373239653332656134
|
||||||
|
62376164313138303233623964663234643661336232366165616163313866336230353565393365
|
||||||
|
36613361346437336431376164663930393530626339626361323764623635396137396634316364
|
||||||
|
31393030323539376233383965366433623562646161643866346138316536613437383035656139
|
||||||
|
6533
|
||||||
|
|
|
@ -10,6 +10,7 @@ postgres_passwords:
|
||||||
codimd: xxx
|
codimd: xxx
|
||||||
mailu: xxx
|
mailu: xxx
|
||||||
ttrss: xxx
|
ttrss: xxx
|
||||||
|
keycloak: xxx
|
||||||
|
|
||||||
fider_jwt_secret: xxx
|
fider_jwt_secret: xxx
|
||||||
|
|
||||||
|
@ -30,3 +31,12 @@ drone_secrets:
|
||||||
restic_secrets:
|
restic_secrets:
|
||||||
user_secret: xxx
|
user_secret: xxx
|
||||||
encryption_secret: xxx
|
encryption_secret: xxx
|
||||||
|
|
||||||
|
matrix_secrets:
|
||||||
|
registration_shared_secret: xxx
|
||||||
|
macaroon_secret_key: xxx
|
||||||
|
form_secret: xxx
|
||||||
|
|
||||||
|
keycloak_secrets:
|
||||||
|
admin_user: xxx //used for setting up the initial admin user on first run
|
||||||
|
admin_password: xxx
|
||||||
|
|
|
@ -12,6 +12,7 @@ thelounge:
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
domain: "cloud.{{ base_domain }}"
|
domain: "cloud.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
|
|
||||||
gitea:
|
gitea:
|
||||||
domain: "git.{{ base_domain }}"
|
domain: "git.{{ base_domain }}"
|
||||||
|
@ -39,9 +40,13 @@ privatebin:
|
||||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||||
|
|
||||||
codimd:
|
codimd:
|
||||||
domain: "pad.{{ base_domain }}"
|
domain: "oldpad.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||||
|
|
||||||
|
hedgedoc:
|
||||||
|
domain: "pad.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
|
|
||||||
netdata:
|
netdata:
|
||||||
domain: "netdata.{{ base_domain }}"
|
domain: "netdata.{{ base_domain }}"
|
||||||
|
|
||||||
|
@ -90,3 +95,7 @@ portainer:
|
||||||
ttrss:
|
ttrss:
|
||||||
domain: rss.{{ base_domain }}
|
domain: rss.{{ base_domain }}
|
||||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||||
|
|
||||||
|
keycloak:
|
||||||
|
domain: sso.{{ base_domain }}
|
||||||
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
|
|
|
@ -577,7 +577,7 @@ turn_allow_guests: True
|
||||||
## Registration ##
|
## Registration ##
|
||||||
|
|
||||||
# Enable registration for new users.
|
# Enable registration for new users.
|
||||||
enable_registration: True
|
enable_registration: False
|
||||||
|
|
||||||
# The user must provide all of the below types of 3PID when registering.
|
# The user must provide all of the below types of 3PID when registering.
|
||||||
#
|
#
|
||||||
|
@ -604,7 +604,7 @@ enable_registration: True
|
||||||
# If set, allows registration by anyone who also has the shared
|
# If set, allows registration by anyone who also has the shared
|
||||||
# secret, even if registration is otherwise disabled.
|
# secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG"
|
registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
|
||||||
|
|
||||||
# Set the number of bcrypt rounds used to generate password hash.
|
# Set the number of bcrypt rounds used to generate password hash.
|
||||||
# Larger numbers increase the work factor needed to generate the hash.
|
# Larger numbers increase the work factor needed to generate the hash.
|
||||||
|
@ -699,7 +699,7 @@ track_appservice_user_ips: False
|
||||||
# the registration_shared_secret is used, if one is given; otherwise,
|
# the registration_shared_secret is used, if one is given; otherwise,
|
||||||
# a secret key is derived from the signing key.
|
# a secret key is derived from the signing key.
|
||||||
#
|
#
|
||||||
macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X"
|
macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
|
||||||
|
|
||||||
# Used to enable access token expiration.
|
# Used to enable access token expiration.
|
||||||
#
|
#
|
||||||
|
@ -709,7 +709,7 @@ expire_access_token: False
|
||||||
# falsification of values. Must be specified for the User Consent
|
# falsification of values. Must be specified for the User Consent
|
||||||
# forms to work.
|
# forms to work.
|
||||||
#
|
#
|
||||||
form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-"
|
form_secret: "{{ matrix_secrets.form_secret }}"
|
||||||
|
|
||||||
## Signing Keys ##
|
## Signing Keys ##
|
||||||
|
|
1
roles/docker/files/sso/sso.data.coop.pem
Normal file
1
roles/docker/files/sso/sso.data.coop.pem
Normal file
|
@ -0,0 +1 @@
|
||||||
|
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=
|
|
@ -7,7 +7,7 @@
|
||||||
- name: gitea container
|
- name: gitea container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: gitea
|
name: gitea
|
||||||
image: gitea/gitea:1.14.2
|
image: gitea/gitea:1.15.7
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: gitea
|
- name: gitea
|
||||||
|
@ -21,8 +21,3 @@
|
||||||
VIRTUAL_PORT: "3000"
|
VIRTUAL_PORT: "3000"
|
||||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
|
||||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
|
||||||
GITEA__security__PASSWORD_COMPLEXITY: "off"
|
|
||||||
GITEA__security__MIN_PASSWORD_LENGTH: "8"
|
|
||||||
GITEA__security__PASSWORD_CHECK_PWN: "true"
|
|
66
roles/docker/tasks/services/hedgedoc.yml
Normal file
66
roles/docker/tasks/services/hedgedoc.yml
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
---
|
||||||
|
- name: create hedgedoc volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "db"
|
||||||
|
- "hedgedoc/uploads"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: copy sso public certificate
|
||||||
|
copy:
|
||||||
|
src: "files/sso/sso.data.coop.pem"
|
||||||
|
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: setup hedgedoc
|
||||||
|
docker_compose:
|
||||||
|
project_name: "hedgedoc"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
services:
|
||||||
|
database:
|
||||||
|
image: "postgres:10-alpine"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "codimd"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||||
|
POSTGRES_DB: "codimd"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "hedgedoc"
|
||||||
|
volumes:
|
||||||
|
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/hedgedoc/hedgedoc:1.9.0
|
||||||
|
environment:
|
||||||
|
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||||
|
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||||
|
CMD_EMAIL: "False"
|
||||||
|
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
||||||
|
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
||||||
|
CMD_SAML_ISSUER: "hedgedoc"
|
||||||
|
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||||
|
CMD_USECDN: "false"
|
||||||
|
CMD_PROTOCOL_USESSL: "true"
|
||||||
|
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
|
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "hedgedoc"
|
||||||
|
- "external_services"
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
|
||||||
|
networks:
|
||||||
|
hedgedoc:
|
||||||
|
external_services:
|
||||||
|
external: true
|
45
roles/docker/tasks/services/keycloak.yml
Normal file
45
roles/docker/tasks/services/keycloak.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
- name: setup keycloak containers for sso.data.coop
|
||||||
|
docker_compose:
|
||||||
|
project_name: "keycloak"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: "postgres:10"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "keycloak"
|
||||||
|
volumes:
|
||||||
|
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "keycloak"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
POSTGRES_DB: "keycloak"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: "quay.io/keycloak/keycloak:15.0.2"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "keycloak"
|
||||||
|
- "postfix"
|
||||||
|
- "external_services"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
DB_USER: "keycloak"
|
||||||
|
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
DB_ADDR: "keycloak_postgres_1"
|
||||||
|
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
|
||||||
|
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
|
||||||
|
PROXY_ADDRESS_FORWARDING: "true"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
keycloak:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -53,7 +53,7 @@
|
||||||
|
|
||||||
- name: upload homeserver.yaml
|
- name: upload homeserver.yaml
|
||||||
template:
|
template:
|
||||||
src: "files/configs/matrix/homeserver.yaml"
|
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
||||||
|
|
||||||
- name: upload matrix logging config
|
- name: upload matrix logging config
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
|
|
||||||
matrix_app:
|
matrix_app:
|
||||||
container_name: matrix
|
container_name: matrix
|
||||||
image: matrixdotorg/synapse:v1.34.0
|
image: matrixdotorg/synapse:v1.47.1
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
|
@ -102,7 +102,7 @@
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
container_name: riot_app
|
container_name: riot_app
|
||||||
image: avhost/docker-matrix-riot:v1.7.29
|
image: avhost/docker-matrix-riot:v1.9.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
|
|
|
@ -1,48 +1,42 @@
|
||||||
---
|
---
|
||||||
|
- name: setup nextcloud containers
|
||||||
|
docker_compose:
|
||||||
|
project_name: "nextcloud"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: "postgres:10"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
volumes:
|
||||||
|
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: "nextcloud"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
POSTGRES_USER: "nextcloud"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: "nextcloud:22-apache"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
- "external_services"
|
||||||
|
volumes:
|
||||||
|
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: "nextcloud_postgres_1"
|
||||||
|
POSTGRES_DB: "nextcloud"
|
||||||
|
POSTGRES_USER: "nextcloud"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
|
||||||
- name: nextcloud network
|
networks:
|
||||||
docker_network:
|
nextcloud:
|
||||||
name: nextcloud
|
postfix:
|
||||||
|
external: true
|
||||||
- name: nextcloud database volume
|
external_services:
|
||||||
docker_volume:
|
external: true
|
||||||
name: nextcloud_db
|
|
||||||
|
|
||||||
- name: nextcloud database container
|
|
||||||
docker_container:
|
|
||||||
name: nextcloud_db
|
|
||||||
image: postgres:10
|
|
||||||
state: started
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: nextcloud
|
|
||||||
volumes:
|
|
||||||
- nextcloud_db:/var/lib/postgresql/data
|
|
||||||
env:
|
|
||||||
POSTGRES_DB: somethingelse
|
|
||||||
POSTGRES_USER: nextcloud
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
|
|
||||||
- name: nextcloud app volume
|
|
||||||
docker_volume:
|
|
||||||
name: nextcloud_app
|
|
||||||
|
|
||||||
- name: nextcloud app container
|
|
||||||
docker_container:
|
|
||||||
name: nextcloud_app
|
|
||||||
image: nextcloud:apache
|
|
||||||
state: started
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: nextcloud
|
|
||||||
- name: external_services
|
|
||||||
volumes:
|
|
||||||
- nextcloud_app:/var/www/html
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
POSTGRES_HOST: nextcloud_db
|
|
||||||
POSTGRES_DB: nextcloud
|
|
||||||
POSTGRES_USER: nextcloud
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
|
@ -17,7 +17,7 @@
|
||||||
- name: openLDAP container
|
- name: openLDAP container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: openldap
|
name: openldap
|
||||||
image: osixia/openldap:1.2.2
|
image: osixia/openldap:1.5.0
|
||||||
tty: true
|
tty: true
|
||||||
interactive: true
|
interactive: true
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- name: phpLDAPadmin container
|
- name: phpLDAPadmin container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: phpldapadmin
|
name: phpldapadmin
|
||||||
image: osixia/phpldapadmin:latest
|
image: osixia/phpldapadmin:0.9.0
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
- name: ldap
|
- name: ldap
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
- name: run portainer
|
- name: run portainer
|
||||||
docker_container:
|
docker_container:
|
||||||
name: portainer
|
name: portainer
|
||||||
image: portainer/portainer-ce:2.0.1
|
image: portainer/portainer-ce:2.9.1
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
|
|
|
@ -15,5 +15,5 @@
|
||||||
networks:
|
networks:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
env:
|
env:
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"
|
ALLOWED_SENDER_DOMAINS: "services.{{ base_domain }}"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue