forked from data.coop/ansible
Compare commits
92 Commits
Author | SHA1 | Date |
---|---|---|
Jesper Hess | 04b3fb4baa | |
Jesper Hess | c2f1f10e0d | |
Reynir Björnsson | 9e0fcfc4a7 | |
Reynir Björnsson | 68c82a785b | |
Jesper Hess | 682e205c0b | |
Jesper Hess | e64c858df8 | |
Jesper Hess | c0bd431d3c | |
Jesper Hess | a5a2d38b0c | |
Jesper Hess | c34d9fcb90 | |
Jesper Hess | 5294b5f230 | |
Jesper Hess | 270b7aa0e1 | |
Jesper Hess | b6c2db6434 | |
Jesper Hess | 2af5165349 | |
Jesper Hess | ca6c3a96a1 | |
Jesper Hess | e6ee76ddde | |
Jesper Hess | 19e7a397e3 | |
Jesper Hess | 2c8482a5ab | |
Jesper Hess | 3999db2eff | |
Reynir Björnsson | 43f39c981d | |
Jesper Hess | b39df6003b | |
Jesper Hess | 0ef4f972ed | |
Jesper Hess | 9b1dc31163 | |
Reynir Björnsson | 62cc00bea7 | |
Víðir Valberg Guðmundsson | 30b9580d3c | |
Víðir Valberg Guðmundsson | 9e5c18f839 | |
Víðir Valberg Guðmundsson | 068502773e | |
valberg | fbebeef57b | |
Jesper Hess | a692e7d2cb | |
Jesper Hess | 406e19a95c | |
Víðir Valberg Guðmundsson | cec959a47e | |
valberg | c8cc5b7534 | |
Jesper Hess | 9ae295896f | |
Jesper Hess | 6d2fbdbbb6 | |
Jesper Hess | 3fe7d162aa | |
Jesper Hess | 86de1fd24e | |
Víðir Valberg Guðmundsson | a4966e74fe | |
valberg | cf6fe970eb | |
Jesper Hess | f5293c016d | |
reynir | e9f1d800a1 | |
Reynir Björnsson | fe5fa81f44 | |
Jesper Hess | bb5c77e602 | |
Jesper Hess | 21e2b743ef | |
Reynir Björnsson | 8d88016efd | |
Jesper Hess | 2ac2d8b8da | |
Reynir Björnsson | a78641674d | |
Reynir Björnsson | 03cde007bc | |
reynir | d40b3ad9ab | |
reynir | 5738a8c40f | |
Jesper Hess | 5559a2c776 | |
Carl Bordum Hansen | 653a0603d5 | |
Reynir Björnsson | 9a0fe69789 | |
Jesper Hess | 8bec174a46 | |
Jesper Hess | 3e098546ef | |
Jesper Hess | e7d69cd6df | |
Jesper Hess | 7926c861b2 | |
Reynir Björnsson | d49a57792f | |
Jesper Hess | 99cb94c94a | |
Jesper Hess | ad243a5777 | |
Vidir Valberg Gudmundsson | 4cf48f13c0 | |
Jesper Hess | 5a5bb50e09 | |
Rasmus Lundsgaard Christiansen | d49b943fd2 | |
Jesper Hess | 4f07b8edb2 | |
Jesper Hess | 09617dd35a | |
Jesper Hess | 98d4ab69cc | |
Jesper Hess | b454583e2c | |
Jesper Hess | f2a6aab2fe | |
Jesper Hess | e0f01bb78e | |
Vidir Valberg Gudmundsson | d51edc2922 | |
Vidir Valberg Gudmundsson | 47d7abe631 | |
Vidir Valberg Gudmundsson | 6e94ac766b | |
Jesper Hess | 5f1bbae3de | |
Jesper Hess | cd2424999f | |
Jesper Hess | 4e0332cc79 | |
Jesper Hess | ef3e0993da | |
valberg | 625e83e0d3 | |
Jesper Hess | 1adc11e9c4 | |
Jesper Hess | 447b82326c | |
Jesper Hess | edfd530afe | |
Jesper Hess | 67443d23d4 | |
Denis Smajlović | 9195016a40 | |
valberg | 2e5dc7158d | |
Reynir Björnsson | 6331805793 | |
Jesper Hess | 97fe0e16ef | |
Jesper Hess | 3f2c7b1547 | |
Jesper Hess | 71664653b0 | |
Jesper Hess | 57cf5103c5 | |
Jesper Hess | 5566be7da9 | |
Jesper Hess | 70632c26c2 | |
Jesper Hess | fb67e038a8 | |
Jesper Hess | 999f266af5 | |
Jesper Hess | e42937736e | |
Jesper Hess | ba28b1eb0c |
|
@ -1,2 +1,3 @@
|
|||
[defaults]
|
||||
remote_user = root
|
||||
inventory = datacoop_hosts
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --ask-vault-pass"
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Deploying all!"
|
||||
|
|
|
@ -1,54 +1,102 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
62313439613039363637356330653731356138373839373435306535656137646266633764393537
|
||||
3737663637343865303232643632613934313137613536640a633634356338353764366365626266
|
||||
66323064346539663435646265346665616465353363623732303563303838356364643734393231
|
||||
3161633362383363390a376530393463643838303238386139313661366335386439373734333835
|
||||
63323034303732386430313265306465636630356330303431663761363461623530643933393831
|
||||
62666438316266396432353663633331343137643265333966636436373730343938623732653030
|
||||
62383536373139366239363535353463643961313839376436663830613738303262646639396131
|
||||
66656532616231636537623162373965356537336436613130366464393461343730646664356466
|
||||
38313439373332306265643039666532363863333364666233333861363832316637383432343464
|
||||
64366536613364363265333938643438313837643936323536636335613064623639393437303466
|
||||
31333539373130376230323964636335393166306662626131636462656632623635393036663437
|
||||
37333735616665383431623266393365613433323335313161316161373637616563626637333861
|
||||
37326532303638653139383639383166323361363334306361663261366661613038633464323337
|
||||
31393538653830333865373064383837626261663163623664653938303230616334363861346132
|
||||
63353036313164313265313134633861633937323335303830336232363939613635303764313063
|
||||
33666161356366636139633138653736333662303364333838663033633163613136616639376532
|
||||
31373131326264383666326566303930636166653463313630376235663638663937663765306439
|
||||
31663039323663633735326266393263633937373339383537623835306431333636316664303864
|
||||
63653564313339376135303237626366666164623738626439613562616338663539393635396437
|
||||
30333036353035613131613034666262346233336563343531633033343163326264326563643235
|
||||
62663538623532333432656435306462663362353630346133373262633630306262626362653733
|
||||
65363031346339393632396664363362346236373035376632663466343034376566666563353231
|
||||
36623538303262323265616237326630666662646634383962656533636165326665316366643231
|
||||
39303465313135616238653664366637356361393165356430636137366236643938316430613838
|
||||
65353331636564373136393930303537386335653766363632646433353962613033656434313063
|
||||
35653365366332316434373665316230646665613166656230313832356136346439326232343166
|
||||
38323934396561386138323739396166303132396234386435633965663139643234396434333163
|
||||
66346634393330306638383430616433333361623861623864356563366162313830393334616138
|
||||
32346633396662636633373637363262656165316434333139346530303562356236306637643365
|
||||
65613361373637383936633431396636356634656333343537353762383537353035616131633732
|
||||
38303736636136393039613537613831633139363338656239613261383637653332333737323034
|
||||
61303839636330396139346436336663643531613364383134613061646136646236636364636662
|
||||
33666564623731343264306638303333326463323363306439333762306434306235643530663931
|
||||
63623932373737373539393230326538643739653734306131366365303638313263316635633439
|
||||
34343231663761393266636537353330643361306139653734383466666662623931616665663239
|
||||
65633136636333316266616433396166326333303033646162656466363931313539343035623666
|
||||
63346162386533373334633261383237376330643738663761636166653033303933613630653835
|
||||
66313439663732356539363833616338356337666335316136623231383161656362653561653565
|
||||
33616437643533386263393733636666373237663132343432636664633535653535316134313266
|
||||
66363362383662313632633535613635656364323939313466303634646237653061353766373831
|
||||
62303366366564653231613863633564303637346262336535386366663034663832663762666132
|
||||
64333630666463653266333430386135386436643939393964303230366538336562333737616639
|
||||
65646566663363313430396132653832646263393739656564653138353637373362613261366230
|
||||
62616561303735316230626134353266613938326563326232623361656364623062326365343534
|
||||
62346433373965336430326632333634306463343934393830393165393933323439393534386665
|
||||
32373235353037626638343066386563663431356465353039353338643835653166333761386433
|
||||
64333338306661346436373238646134653233666565653834303935303235653661343366653563
|
||||
63356566633730303033376230356363326561663232386161333566616334623236663562613234
|
||||
63646561623565366332313837353461313566653531356662613663323065613035323731323832
|
||||
31386166623935373139356239353037633363313531396466363735613332653430396161303366
|
||||
37376238333831306231393433313734303839376132656532616461356662383430303532373937
|
||||
39303634303762373736626439323830353665343162363531376134616466303762633535343866
|
||||
3162
|
||||
32336562633266653862666430393834306131343538636136643866306639313132383063393335
|
||||
3437383263343337323637616330383761346661383065390a396466663135313433643830316439
|
||||
65626336303339653730643435353366633839366165393463663031333030356464373338353765
|
||||
3662646137623936650a633038376161633737376432306466663938333838333339626235663362
|
||||
34303237306533343435346361346461613339323931666461313261623936653936656439663139
|
||||
39666639616234653565303235313866636463656237363861636366666433393631366364623534
|
||||
39313638363231646539383133383938353439356335313263656362376538623531636166383233
|
||||
32653461653965303835613833383736396563306436623762613138343665343461623964666464
|
||||
31363836343534616235323238663262343963376133636337333937353732623938616434333666
|
||||
37386231356633653034656130383463643065373935633334653766396539326262646465376338
|
||||
31346134356162613266393132313839363166623562316230313338373062393535363236363133
|
||||
62653261663865323933323061353864643435323538633733363030356636653162616237323839
|
||||
33636235396166326336303133613431326231356434383431623366386437303162396234626563
|
||||
66333232343234613661363339653234343333323965353537353337303964653066356664303265
|
||||
62333237343334333836623566643633656134353034623630323361376562353464636538623664
|
||||
65313435316533633834303734636233333164616230393664646261663133323536356338323430
|
||||
38623734366530313461653062376136336634386132333138666439326636373536636134333432
|
||||
61396432353962366333373961323263633036656362653330393236333737306664633335313438
|
||||
34383335313933613930376436323236343539363035323461333366646462623961633933313432
|
||||
38656530653336306130313932393162626437383736393162656364333162623831356163303365
|
||||
66343433316131313332346537343863343966323765373035306661366633336261306661363966
|
||||
39326131336561633463613731396663336639613634636631373435623263353961323539623162
|
||||
30383831393164373632336265373662663936336131306563323833643236616338653835633832
|
||||
33383530623733386564373935663437613366633536386131363465363466306632373535646661
|
||||
62616531363737336536616132343034663038623665666636613232663666303164663661366232
|
||||
33626536336435323031663662383836326331633262386634393333373630343431333461393234
|
||||
33656664666466623262353533363833616663303637393164633633336438393131366261326230
|
||||
63623266353432613832633163663363663964303461386366373236386131376336623138366134
|
||||
33626234383661646637323062363265623630663061353630313466626632623062386638643433
|
||||
36333262666562396433393866393362303134616664616531386637336233306334383434616238
|
||||
62353237396432353335316631336265326135616430383735353638346339623539393064373365
|
||||
66336463653139323962333065666363363733376161613434363830663161303735306264396339
|
||||
35643535326130313033636135656634303731323030623131613866653932346665343365343537
|
||||
30393534346438343833336262646161643665613639373835336438663664643763323735646566
|
||||
30303339386131353863643463383333616432333262633962656434343563323165366533643730
|
||||
36646431336361316234393731373563656164646437636536353530343731373531373932313633
|
||||
61363462386663333465333465363864643039346238303635323362646335363037323437633462
|
||||
62373839666639326465383766333462356635636163376366373764373462386430616566386564
|
||||
39353662346632623661326238306136373364343231303664626630663761643433393033633335
|
||||
62336232376134656537383632643730303330353533626634633138383163356533646461656230
|
||||
31373733326436323937373537363839653034356137343864656364313831336235396530373265
|
||||
31663035326365373033313030363032343030346635343333656637343961303861393336316134
|
||||
35383635393737643935646334373865386637373636303162363562326239326433396466396435
|
||||
66336235373238326662323763333733636635313862653233353165346233313663353164383937
|
||||
37373934343261373462373832363633323438663536356133343464316563316362343932396234
|
||||
30343335396562336433353233306132656239663036663064653235376264653933363636326132
|
||||
33353064663930626330386562396564323965393432353430326362616235353464623861313336
|
||||
37363333623736306632643931356138373031363938363966616632666236346265323562306538
|
||||
39303365613463393964376536383431326661323237616538353333373930616438633630633961
|
||||
35303436353231373133666165306534346137396662653736343135303431613438363864616237
|
||||
65643338633065663266303232643264316564373066663038306632653962626336346639393061
|
||||
33326638323066323264353338636535336363376639646233336234643137646262666238363865
|
||||
34623236396437623539653466653331326434643036663930333065393836383265613036393233
|
||||
64333530636138356361643635613933313335636662646666656131613834376632313734373261
|
||||
66626262373630386337303539323332343831373731643830323661656435626266386633366666
|
||||
38626330663635623262336435373432383066393335633261383633343633616564353135613334
|
||||
34616663333562643232333133626433313265316561633638633236343334323337643066386363
|
||||
33316637303533393165656665373931313666616330316465643531303730333036613965383161
|
||||
65346133303835643134643030373966636632663937343434633263633161366236613039313866
|
||||
63343362303866313732326438393262643630633461316534313638343230653462636330363437
|
||||
36613561366235646465326163343165633764333466643766316235396534363366366238626161
|
||||
32656566386130623962643865643562623338353939306463663034653939383864356164316332
|
||||
34396661303364323430323764346438393165313430623464373436323337303966613437626136
|
||||
34303166396636666237383138636230306161323161343738353062383262373631643637366139
|
||||
36313033623162366530366130376338623634363661623965643364666330313066646233303963
|
||||
65353137616236396266336238346562343331363964356237356132303734326138646164663961
|
||||
62383761663837326431343939666432663132396464646439626364373833653164313931353631
|
||||
34633737333961646137663764363763356138396264353534303236633135643936313039303565
|
||||
37663937613961643563346130653536653236346165633333383666623961303138363961646138
|
||||
36613062346562326537656236343835383663386235353638653861613865333635333161326337
|
||||
66343664373262383164313838393261663566393838633364363931653164613663643966643063
|
||||
39656261643733663763383339653433616231653737623865353038646331373334666232346334
|
||||
39653730613439393532326430623239666239616361313738343738376536303839623938396439
|
||||
37393134343333383430303963356563633862336134373962306634613261653131636631626638
|
||||
35613635643336306435643832383761353465633537666563333763646338656164333661666462
|
||||
38643765313865626535326136343365643362373234326262366332653264363863646539366630
|
||||
36623635396635363636373139383530633332386263656339396433653936333834656631373637
|
||||
65663564353938623737303332373261623862646566386230313865643835323231373933303165
|
||||
39356561656534326661346636633933613532373137393737623737383134333132363436373630
|
||||
63653139356565356566663532313736613437623634313236663537376462383465613332656233
|
||||
65306131356165366131633432383730356163326561326332346535373738636333333165666365
|
||||
31636564303838333061323063653135623162636464656263613538306561303361633864383634
|
||||
35613164386334646338613661356134303766393239366530666137376362646263333530623565
|
||||
34643166313038376136643032393630303435376631336366343632383735626335333232303463
|
||||
33643363313434363633393964323064653966353161636135633264333766386266646366316132
|
||||
63303935356138356566306234356435343961356166646430633335386435366666333234636465
|
||||
36336439663731643663353732353261313037363231306430373962613838616238313662343761
|
||||
33316335316236626631636636386137376263323862306262316366663039396334326564303762
|
||||
34623562363839386439366639323662393831653530663463396230663133396466326363303065
|
||||
35646635323439323062333864336332333938663536373834663535643832316532313262326265
|
||||
63376436356662663165616532613963303030613166663865376531613031383865363864333238
|
||||
33616230336263306434643933356530303163653232323331643731353134353939363762303933
|
||||
32363061346537666637663733346431643164323364363133316265306336626466353366313635
|
||||
66653162643533316162363035373532656239356434623761666663626366663336376539656537
|
||||
31323561356363393038323762646633323461666263633937313264346364356439343761623337
|
||||
34643731393763323339653636656565663665646431313531616337616363373764626334656264
|
||||
66633366346137613032313865666363613530643663373834313731353437373239653332656134
|
||||
62376164313138303233623964663234643661336232366165616163313866336230353565393365
|
||||
36613361346437336431376164663930393530626339626361323764623635396137396634316364
|
||||
31393030323539376233383965366433623562646161643866346138316536613437383035656139
|
||||
6533
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# These are the variables contained in secrets.yml
|
||||
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||
|
||||
postgres_passwords:
|
||||
fider: xxx
|
||||
nextcloud: xxx
|
||||
passit: xxx
|
||||
gitea: xxx
|
||||
matrix: xxx
|
||||
codimd: xxx
|
||||
mailu: xxx
|
||||
ttrss: xxx
|
||||
keycloak: xxx
|
||||
|
||||
fider_jwt_secret: xxx
|
||||
|
||||
ldap_admin_password: xxx
|
||||
ldap_config_password: xxx
|
||||
|
||||
passit_secret_key: xxx
|
||||
|
||||
docker_password: xxx
|
||||
|
||||
mailu_secret_key: xxx
|
||||
|
||||
drone_secrets:
|
||||
oauth_client_id: xxx
|
||||
oauth_client_secret: xxx
|
||||
rpc_shared_secret: xxx
|
||||
|
||||
restic_secrets:
|
||||
user_secret: xxx
|
||||
encryption_secret: xxx
|
||||
|
||||
matrix_secrets:
|
||||
registration_shared_secret: xxx
|
||||
macaroon_secret_key: xxx
|
||||
form_secret: xxx
|
||||
|
||||
keycloak_secrets:
|
||||
admin_user: xxx //used for setting up the initial admin user on first run
|
||||
admin_password: xxx
|
|
@ -23,9 +23,11 @@
|
|||
- docker_registry
|
||||
- drone
|
||||
- websites
|
||||
- ulovliglogning-dk
|
||||
- ouroboros
|
||||
- mailu
|
||||
- portainer
|
||||
# - tt-rss
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
|
|
@ -12,6 +12,7 @@ thelounge:
|
|||
|
||||
nextcloud:
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
|
||||
gitea:
|
||||
domain: "git.{{ base_domain }}"
|
||||
|
@ -19,6 +20,7 @@ gitea:
|
|||
|
||||
passit:
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
|
||||
fider:
|
||||
domain: "feedback.{{ base_domain }}"
|
||||
|
@ -28,7 +30,9 @@ matrix:
|
|||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
|
||||
riot:
|
||||
domain: "riot.{{ base_domain }}"
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
|
||||
privatebin:
|
||||
|
@ -36,9 +40,13 @@ privatebin:
|
|||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
|
||||
codimd:
|
||||
domain: "pad.{{ base_domain }}"
|
||||
domain: "oldpad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
|
||||
netdata:
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
|
||||
|
@ -49,10 +57,25 @@ docker_registry:
|
|||
password: "{{ docker_password }}"
|
||||
|
||||
data_coop_website:
|
||||
domain: "{{ base_domain }}"
|
||||
domains:
|
||||
- "{{ base_domain }}"
|
||||
- "www.{{ base_domain }}"
|
||||
|
||||
cryptohagen_website:
|
||||
domain: "cryptohagen.dk"
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
|
||||
ulovliglogning_website:
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
|
||||
cryptoaarhus_website:
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
|
||||
drone:
|
||||
domain: "drone.{{ base_domain }}"
|
||||
|
@ -69,3 +92,10 @@ portainer:
|
|||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
|
||||
ttrss:
|
||||
domain: rss.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||
|
||||
keycloak:
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
|
|
|
@ -54,6 +54,10 @@ soft_file_limit: 0
|
|||
# Set to false to disable presence tracking on this homeserver.
|
||||
use_presence: true
|
||||
|
||||
# If set to 'false', forbids any other homeserver to fetch the server's public
|
||||
# rooms directory via federation.
|
||||
allow_public_rooms_over_federation: true
|
||||
|
||||
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
|
||||
#
|
||||
#gc_thresholds: [700, 10, 10]
|
||||
|
@ -411,7 +415,7 @@ uploads_path: "/data/uploads"
|
|||
|
||||
# The largest allowed upload size in bytes
|
||||
#
|
||||
max_upload_size: "10M"
|
||||
max_upload_size: "50M"
|
||||
|
||||
# Maximum number of pixels that will be thumbnailed
|
||||
#
|
||||
|
@ -573,7 +577,7 @@ turn_allow_guests: True
|
|||
## Registration ##
|
||||
|
||||
# Enable registration for new users.
|
||||
enable_registration: True
|
||||
enable_registration: False
|
||||
|
||||
# The user must provide all of the below types of 3PID when registering.
|
||||
#
|
||||
|
@ -600,7 +604,7 @@ enable_registration: True
|
|||
# If set, allows registration by anyone who also has the shared
|
||||
# secret, even if registration is otherwise disabled.
|
||||
#
|
||||
registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG"
|
||||
registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
|
||||
|
||||
# Set the number of bcrypt rounds used to generate password hash.
|
||||
# Larger numbers increase the work factor needed to generate the hash.
|
||||
|
@ -695,7 +699,7 @@ track_appservice_user_ips: False
|
|||
# the registration_shared_secret is used, if one is given; otherwise,
|
||||
# a secret key is derived from the signing key.
|
||||
#
|
||||
macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X"
|
||||
macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
|
||||
|
||||
# Used to enable access token expiration.
|
||||
#
|
||||
|
@ -705,7 +709,7 @@ expire_access_token: False
|
|||
# falsification of values. Must be specified for the User Consent
|
||||
# forms to work.
|
||||
#
|
||||
form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-"
|
||||
form_secret: "{{ matrix_secrets.form_secret }}"
|
||||
|
||||
## Signing Keys ##
|
||||
|
||||
|
@ -881,7 +885,7 @@ password_config:
|
|||
|
||||
# Whether to allow non server admins to create groups on this server
|
||||
#
|
||||
enable_group_creation: false
|
||||
enable_group_creation: true
|
||||
|
||||
# If enabled, non server admins can only create groups with local parts
|
||||
# starting with this prefix
|
|
@ -1 +1,2 @@
|
|||
listen 8008;
|
||||
listen 8008;
|
||||
client_max_body_size 50M; # default is 1M
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
client_max_body_size 50M; # default is 1M
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"default_hs_url": "https://{{ matrix.domain }}",
|
||||
"default_is_url": "https://vector.im",
|
||||
"brand": "riot.data.coop",
|
||||
"brand": "element.data.coop",
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=
|
|
@ -3,14 +3,6 @@
|
|||
docker_network:
|
||||
name: external_services
|
||||
|
||||
- name: setup network for postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_options:
|
||||
subnet: '172.16.0.0/16'
|
||||
gateway: 172.16.0.1
|
||||
|
||||
|
||||
- name: setup services
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
|
|
|
@ -1,21 +1,51 @@
|
|||
---
|
||||
- name: Drone container
|
||||
docker_container:
|
||||
name: drone
|
||||
image: drone/drone:latest
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ drone.volume_folder }}:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
env:
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||
DRONE_GITEA_ALWAYS_AUTH: "False"
|
||||
DRONE_RUNNER_CAPACITY: "2"
|
||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||
DRONE_SERVER_PROTO: "https"
|
||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
- name: set up drone with docker runner
|
||||
docker_compose:
|
||||
project_name: drone
|
||||
pull: yes
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
drone:
|
||||
container_name: "drone"
|
||||
image: drone/drone:1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
- drone
|
||||
volumes:
|
||||
- "{{ drone.volume_folder }}:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||
DRONE_SERVER_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
drone-runner-docker:
|
||||
container_name: "drone-runner-docker"
|
||||
image: "drone/drone-runner-docker:1"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- drone
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
||||
DRONE_RPC_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
||||
|
||||
networks:
|
||||
drone:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
|
@ -1,9 +1,13 @@
|
|||
---
|
||||
- name: gitea network
|
||||
docker_network:
|
||||
name: gitea
|
||||
|
||||
# old DNS: 138.68.71.153
|
||||
- name: gitea container
|
||||
docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:latest
|
||||
image: gitea/gitea:1.15.7
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: gitea
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
---
|
||||
- name: create hedgedoc volume folders
|
||||
file:
|
||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "db"
|
||||
- "hedgedoc/uploads"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: copy sso public certificate
|
||||
copy:
|
||||
src: "files/sso/sso.data.coop.pem"
|
||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
mode: "0644"
|
||||
|
||||
- name: setup hedgedoc
|
||||
docker_compose:
|
||||
project_name: "hedgedoc"
|
||||
pull: "yes"
|
||||
definition:
|
||||
services:
|
||||
database:
|
||||
image: "postgres:10-alpine"
|
||||
environment:
|
||||
POSTGRES_USER: "codimd"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||
POSTGRES_DB: "codimd"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.0
|
||||
environment:
|
||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_EMAIL: "False"
|
||||
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
||||
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
||||
CMD_SAML_ISSUER: "hedgedoc"
|
||||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
CMD_USECDN: "false"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
- "external_services"
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
networks:
|
||||
hedgedoc:
|
||||
external_services:
|
||||
external: true
|
|
@ -0,0 +1,45 @@
|
|||
- name: setup keycloak containers for sso.data.coop
|
||||
docker_compose:
|
||||
project_name: "keycloak"
|
||||
pull: "yes"
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
|
||||
postgres:
|
||||
image: "postgres:10"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
volumes:
|
||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "keycloak"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
POSTGRES_DB: "keycloak"
|
||||
|
||||
app:
|
||||
image: "quay.io/keycloak/keycloak:15.0.2"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
DB_USER: "keycloak"
|
||||
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
DB_ADDR: "keycloak_postgres_1"
|
||||
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
|
||||
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
|
||||
PROXY_ADDRESS_FORWARDING: "true"
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -38,7 +38,7 @@
|
|||
force: yes
|
||||
|
||||
- name: run mail server containers
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_name: mail_server
|
||||
pull: yes
|
||||
definition:
|
||||
|
@ -78,6 +78,7 @@
|
|||
- "993:993"
|
||||
- "25:25"
|
||||
- "587:587"
|
||||
- "465:465"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
|
|
@ -46,9 +46,14 @@
|
|||
src: files/configs/matrix/vhost-matrix
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||
|
||||
- name: upload vhost config for riot domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
template:
|
||||
src: "files/configs/matrix/homeserver.yaml"
|
||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
||||
|
||||
- name: upload matrix logging config
|
||||
|
@ -57,7 +62,7 @@
|
|||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
|
||||
- name: set up matrix and riot
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_name: matrix
|
||||
pull: yes
|
||||
definition:
|
||||
|
@ -77,17 +82,18 @@
|
|||
|
||||
matrix_app:
|
||||
container_name: matrix
|
||||
image: matrixdotorg/synapse:v0.99.2
|
||||
image: matrixdotorg/synapse:v1.47.1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
- external_services
|
||||
ports:
|
||||
- 8008
|
||||
volumes:
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/data:/data"
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||
SYNAPSE_CACHE_FACTOR: "2"
|
||||
SYNAPSE_LOG_LEVEL: "INFO"
|
||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
||||
VIRTUAL_PORT: "8008"
|
||||
|
@ -96,7 +102,7 @@
|
|||
|
||||
riot:
|
||||
container_name: riot_app
|
||||
image: avhost/docker-matrix-riot:v1.0.3
|
||||
image: avhost/docker-matrix-riot:v1.9.0
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
|
@ -104,14 +110,14 @@
|
|||
ports:
|
||||
- 8080
|
||||
volumes:
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ riot.domain }}"
|
||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ riot.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
networks:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
|
|
|
@ -21,5 +21,7 @@
|
|||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
|
||||
|
|
|
@ -1,48 +1,42 @@
|
|||
---
|
||||
- name: setup nextcloud containers
|
||||
docker_compose:
|
||||
project_name: "nextcloud"
|
||||
pull: "yes"
|
||||
definition:
|
||||
services:
|
||||
postgres:
|
||||
image: "postgres:10"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
POSTGRES_USER: "nextcloud"
|
||||
|
||||
app:
|
||||
image: "nextcloud:22-apache"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
- "external_services"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: "nextcloud_postgres_1"
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_USER: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
||||
- name: nextcloud network
|
||||
docker_network:
|
||||
name: nextcloud
|
||||
|
||||
- name: nextcloud database volume
|
||||
docker_volume:
|
||||
name: nextcloud_db
|
||||
|
||||
- name: nextcloud database container
|
||||
docker_container:
|
||||
name: nextcloud_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: nextcloud
|
||||
volumes:
|
||||
- nextcloud_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_DB: somethingelse
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
||||
- name: nextcloud app volume
|
||||
docker_volume:
|
||||
name: nextcloud_app
|
||||
|
||||
- name: nextcloud app container
|
||||
docker_container:
|
||||
name: nextcloud_app
|
||||
image: nextcloud:apache
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: nextcloud
|
||||
- name: external_services
|
||||
volumes:
|
||||
- nextcloud_app:/var/www/html
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: nextcloud_db
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
networks:
|
||||
nextcloud:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -17,7 +17,7 @@
|
|||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:1.2.2
|
||||
image: osixia/openldap:1.5.0
|
||||
tty: true
|
||||
interactive: true
|
||||
volumes:
|
||||
|
@ -57,7 +57,7 @@
|
|||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:latest
|
||||
image: osixia/phpldapadmin:0.9.0
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
|
|
|
@ -14,5 +14,5 @@
|
|||
LABELS_ONLY: "true"
|
||||
CLEANUP: "true"
|
||||
LATEST: "true"
|
||||
CRON: "*/1 * * * *"
|
||||
CRON: "*/10 * * * *"
|
||||
|
|
@ -1,45 +1,47 @@
|
|||
---
|
||||
|
||||
- name: passit network
|
||||
docker_network:
|
||||
name: passit
|
||||
- name: setup passit containers
|
||||
docker_compose:
|
||||
project_name: "passit"
|
||||
pull: "yes"
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
|
||||
- name: passit database volume
|
||||
docker_volume:
|
||||
name: passit_db
|
||||
passit_db:
|
||||
image: "postgres:10"
|
||||
restart: "always"
|
||||
networks:
|
||||
- "passit"
|
||||
volumes:
|
||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "passit"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
|
||||
- name: passit database container
|
||||
docker_container:
|
||||
name: passit_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: passit
|
||||
volumes:
|
||||
- passit_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_USER: passit
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
passit_app:
|
||||
image: "passit/passit:stable"
|
||||
command: "bin/start.sh"
|
||||
restart: "always"
|
||||
networks:
|
||||
- "passit"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
environment:
|
||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
||||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
|
||||
- name: passit app container
|
||||
docker_container:
|
||||
name: passit
|
||||
image: passit/passit:stable
|
||||
command: bin/start.sh
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: passit
|
||||
- name: postfix
|
||||
- name: external_services
|
||||
env:
|
||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
||||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
networks:
|
||||
passit:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -8,7 +8,7 @@
|
|||
- name: run portainer
|
||||
docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer
|
||||
image: portainer/portainer-ce:2.9.1
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
|
@ -19,5 +19,6 @@
|
|||
- 9001:9000
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -1,5 +1,12 @@
|
|||
---
|
||||
|
||||
- name: setup network for postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
- subnet: '172.16.0.0/16'
|
||||
gateway: 172.16.0.1
|
||||
|
||||
- name: setup postfix docker container for outgoing mail
|
||||
docker_container:
|
||||
name: postfix
|
||||
|
@ -8,5 +15,5 @@
|
|||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"
|
||||
ALLOWED_SENDER_DOMAINS: "services.{{ base_domain }}"
|
||||
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: setup restic backup
|
||||
docker_compose:
|
||||
project_name: restic_backup
|
||||
pull: yes
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
restic-backup:
|
||||
image: mazzolino/restic
|
||||
restart: always
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
BACKUP_CRON: "0 30 3 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
--tag datacoop-volumes
|
||||
--exclude='*.tmp'
|
||||
--verbose
|
||||
RESTIC_FORGET_ARGS: >-
|
||||
--keep-last 10
|
||||
--keep-daily 7
|
||||
--keep-weekly 5
|
||||
--keep-monthly 12
|
||||
TZ: Europe/Copenhagen
|
||||
volumes:
|
||||
- /docker-volumes:/mnt/volumes:ro
|
||||
|
||||
restic-prune:
|
||||
image: "mazzolino/restic"
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
PRUNE_CRON: "0 0 4 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||
TZ: Europe/copenhagen
|
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
- name: create tt-rss folders
|
||||
file:
|
||||
name: "{{ ttrss.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "config"
|
||||
- "db"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: "set up tt-rss"
|
||||
docker_compose:
|
||||
project_name: "tt-rss"
|
||||
pull: yes
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
ttrss_db:
|
||||
container_name: "ttrss_db"
|
||||
image: "postgres:11"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "ttrss"
|
||||
volumes:
|
||||
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "ttrss"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
|
||||
|
||||
ttrss_app:
|
||||
container_name: ttrss_app
|
||||
image: "linuxserver/tt-rss"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- ttrss
|
||||
- external_services
|
||||
volumes:
|
||||
- "{{ ttrss.volume_folder }}/config:/config"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ ttrss.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
TZ: "Europe/Copenhagen"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
ttrss:
|
||||
name: "ttrss"
|
|
@ -0,0 +1,13 @@
|
|||
- name: setup ulovliglogning.dk website docker container
|
||||
docker_container:
|
||||
name: ulovliglogning_website
|
||||
restart_policy: unless-stopped
|
||||
image: ulovliglogning/ulovliglogning.dk:latest
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
|
@ -8,11 +8,25 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
|
@ -22,8 +36,22 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
|
|
@ -41,7 +41,7 @@ POSTMASTER=admin
|
|||
TLS_FLAVOR=mail
|
||||
|
||||
# Authentication rate limit (per source IP address)
|
||||
AUTH_RATELIMIT=10/minute;1000/hour
|
||||
AUTH_RATELIMIT=120/minute;1200/hour
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
DISABLE_STATISTICS=False
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: Install necessary packages
|
||||
- name: Install necessary packages via apt
|
||||
apt:
|
||||
name: "{{ packages }}"
|
||||
vars:
|
||||
|
@ -8,4 +8,11 @@
|
|||
- python3-pip
|
||||
- apparmor
|
||||
- haveged
|
||||
|
||||
|
||||
- name: Install necessary packages via pip
|
||||
pip:
|
||||
name: "{{ packages }}"
|
||||
vars:
|
||||
packages:
|
||||
- docker
|
||||
- docker-compose
|
Loading…
Reference in New Issue