benjaoming
/
ansible
forked from data.coop/ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: benjaoming:master
Branches Tags
benjaoming:master
benjaoming:password-policy
benjaoming:nextcloud-fixup
benjaoming:gitea-security-and-upgrade
benjaoming:antifloc
benjaoming:mailman
benjaoming:hosts
benjaoming:no-template
benjaoming:passit-cleanup
benjaoming:restic_backup
benjaoming:sshd-password
benjaoming:cryptoaarhus.dk
benjaoming:drone-downgrade
benjaoming:add-ulovliglogning-website
benjaoming:gluu
benjaoming:service/mailu
benjaoming:watchtower
data.coop:proxmox
data.coop:main
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password
..
compare: benjaoming:gluu
Branches Tags
benjaoming:password-policy
benjaoming:master
benjaoming:nextcloud-fixup
benjaoming:gitea-security-and-upgrade
benjaoming:antifloc
benjaoming:mailman
benjaoming:hosts
benjaoming:no-template
benjaoming:passit-cleanup
benjaoming:restic_backup
benjaoming:sshd-password
benjaoming:cryptoaarhus.dk
benjaoming:drone-downgrade
benjaoming:add-ulovliglogning-website
benjaoming:gluu
benjaoming:service/mailu
benjaoming:watchtower
data.coop:proxmox
data.coop:main
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password

7 Commits
master ... gluu

Author SHA1 Message Date
Víðir Valberg Guðmundsson 03b12aa32e Small fixes. .. 2019-08-31 19:58:04 +02:00
Víðir Valberg Guðmundsson 44b5d0830f Update to new stuff 2019-08-31 18:43:14 +02:00
Víðir Valberg Guðmundsson f2d9554385 Some stuff. 2019-03-21 09:41:14 +01:00
Jesper Hess d5ff1c4e9d
Add network for gluu 2019-03-15 22:01:10 +01:00
Jesper Hess 95a4310566
Use volume folder instead of root folder.... 2019-03-15 21:22:46 +01:00
Jesper Hess 19df47bc55
Fix copy-paste typos when setting hostname on gluu containers 2019-03-15 21:00:08 +01:00
Jesper Hess 450041c797
Add initial version of Gluu configuration 2019-03-15 20:53:58 +01:00
32 changed files with 446 additions and 622 deletions
Show Stats Expand all files Collapse all files

1
ansible.cfg
View File

@ -1,3 +1,2 @@
[defaults]
remote_user = root
inventory = datacoop_hosts

2
deploy.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --ask-vault-pass"
if [ -z "$1" ]; then
echo "Deploying all!"

158
group_vars/all/secrets.yml
View File

@ -1,102 +1,58 @@
$ANSIBLE_VAULT;1.1;AES256
32336562633266653862666430393834306131343538636136643866306639313132383063393335
3437383263343337323637616330383761346661383065390a396466663135313433643830316439
65626336303339653730643435353366633839366165393463663031333030356464373338353765
3662646137623936650a633038376161633737376432306466663938333838333339626235663362
34303237306533343435346361346461613339323931666461313261623936653936656439663139
39666639616234653565303235313866636463656237363861636366666433393631366364623534
39313638363231646539383133383938353439356335313263656362376538623531636166383233
32653461653965303835613833383736396563306436623762613138343665343461623964666464
31363836343534616235323238663262343963376133636337333937353732623938616434333666
37386231356633653034656130383463643065373935633334653766396539326262646465376338
31346134356162613266393132313839363166623562316230313338373062393535363236363133
62653261663865323933323061353864643435323538633733363030356636653162616237323839
33636235396166326336303133613431326231356434383431623366386437303162396234626563
66333232343234613661363339653234343333323965353537353337303964653066356664303265
62333237343334333836623566643633656134353034623630323361376562353464636538623664
65313435316533633834303734636233333164616230393664646261663133323536356338323430
38623734366530313461653062376136336634386132333138666439326636373536636134333432
61396432353962366333373961323263633036656362653330393236333737306664633335313438
34383335313933613930376436323236343539363035323461333366646462623961633933313432
38656530653336306130313932393162626437383736393162656364333162623831356163303365
66343433316131313332346537343863343966323765373035306661366633336261306661363966
39326131336561633463613731396663336639613634636631373435623263353961323539623162
30383831393164373632336265373662663936336131306563323833643236616338653835633832
33383530623733386564373935663437613366633536386131363465363466306632373535646661
62616531363737336536616132343034663038623665666636613232663666303164663661366232
33626536336435323031663662383836326331633262386634393333373630343431333461393234
33656664666466623262353533363833616663303637393164633633336438393131366261326230
63623266353432613832633163663363663964303461386366373236386131376336623138366134
33626234383661646637323062363265623630663061353630313466626632623062386638643433
36333262666562396433393866393362303134616664616531386637336233306334383434616238
62353237396432353335316631336265326135616430383735353638346339623539393064373365
66336463653139323962333065666363363733376161613434363830663161303735306264396339
35643535326130313033636135656634303731323030623131613866653932346665343365343537
30393534346438343833336262646161643665613639373835336438663664643763323735646566
30303339386131353863643463383333616432333262633962656434343563323165366533643730
36646431336361316234393731373563656164646437636536353530343731373531373932313633
61363462386663333465333465363864643039346238303635323362646335363037323437633462
62373839666639326465383766333462356635636163376366373764373462386430616566386564
39353662346632623661326238306136373364343231303664626630663761643433393033633335
62336232376134656537383632643730303330353533626634633138383163356533646461656230
31373733326436323937373537363839653034356137343864656364313831336235396530373265
31663035326365373033313030363032343030346635343333656637343961303861393336316134
35383635393737643935646334373865386637373636303162363562326239326433396466396435
66336235373238326662323763333733636635313862653233353165346233313663353164383937
37373934343261373462373832363633323438663536356133343464316563316362343932396234
30343335396562336433353233306132656239663036663064653235376264653933363636326132
33353064663930626330386562396564323965393432353430326362616235353464623861313336
37363333623736306632643931356138373031363938363966616632666236346265323562306538
39303365613463393964376536383431326661323237616538353333373930616438633630633961
35303436353231373133666165306534346137396662653736343135303431613438363864616237
65643338633065663266303232643264316564373066663038306632653962626336346639393061
33326638323066323264353338636535336363376639646233336234643137646262666238363865
34623236396437623539653466653331326434643036663930333065393836383265613036393233
64333530636138356361643635613933313335636662646666656131613834376632313734373261
66626262373630386337303539323332343831373731643830323661656435626266386633366666
38626330663635623262336435373432383066393335633261383633343633616564353135613334
34616663333562643232333133626433313265316561633638633236343334323337643066386363
33316637303533393165656665373931313666616330316465643531303730333036613965383161
65346133303835643134643030373966636632663937343434633263633161366236613039313866
63343362303866313732326438393262643630633461316534313638343230653462636330363437
36613561366235646465326163343165633764333466643766316235396534363366366238626161
32656566386130623962643865643562623338353939306463663034653939383864356164316332
34396661303364323430323764346438393165313430623464373436323337303966613437626136
34303166396636666237383138636230306161323161343738353062383262373631643637366139
36313033623162366530366130376338623634363661623965643364666330313066646233303963
65353137616236396266336238346562343331363964356237356132303734326138646164663961
62383761663837326431343939666432663132396464646439626364373833653164313931353631
34633737333961646137663764363763356138396264353534303236633135643936313039303565
37663937613961643563346130653536653236346165633333383666623961303138363961646138
36613062346562326537656236343835383663386235353638653861613865333635333161326337
66343664373262383164313838393261663566393838633364363931653164613663643966643063
39656261643733663763383339653433616231653737623865353038646331373334666232346334
39653730613439393532326430623239666239616361313738343738376536303839623938396439
37393134343333383430303963356563633862336134373962306634613261653131636631626638
35613635643336306435643832383761353465633537666563333763646338656164333661666462
38643765313865626535326136343365643362373234326262366332653264363863646539366630
36623635396635363636373139383530633332386263656339396433653936333834656631373637
65663564353938623737303332373261623862646566386230313865643835323231373933303165
39356561656534326661346636633933613532373137393737623737383134333132363436373630
63653139356565356566663532313736613437623634313236663537376462383465613332656233
65306131356165366131633432383730356163326561326332346535373738636333333165666365
31636564303838333061323063653135623162636464656263613538306561303361633864383634
35613164386334646338613661356134303766393239366530666137376362646263333530623565
34643166313038376136643032393630303435376631336366343632383735626335333232303463
33643363313434363633393964323064653966353161636135633264333766386266646366316132
63303935356138356566306234356435343961356166646430633335386435366666333234636465
36336439663731643663353732353261313037363231306430373962613838616238313662343761
33316335316236626631636636386137376263323862306262316366663039396334326564303762
34623562363839386439366639323662393831653530663463396230663133396466326363303065
35646635323439323062333864336332333938663536373834663535643832316532313262326265
63376436356662663165616532613963303030613166663865376531613031383865363864333238
33616230336263306434643933356530303163653232323331643731353134353939363762303933
32363061346537666637663733346431643164323364363133316265306336626466353366313635
66653162643533316162363035373532656239356434623761666663626366663336376539656537
31323561356363393038323762646633323461666263633937313264346364356439343761623337
34643731393763323339653636656565663665646431313531616337616363373764626334656264
66633366346137613032313865666363613530643663373834313731353437373239653332656134
62376164313138303233623964663234643661336232366165616163313866336230353565393365
36613361346437336431376164663930393530626339626361323764623635396137396634316364
31393030323539376233383965366433623562646161643866346138316536613437383035656139
6533
63333365303665346136333263333734363333616230313931356131633966646263316436356536
3565366362616366393362636336383565366531333839620a333939613332646665633236343336
36633835396234643233643936396565636564343538633838343438353030306433346262393739
6339346565653237370a313237653734353130343334306366323633636639383261306166306530
32326636653937633233353639663035383437636638653932653639373763623433633431643231
34396237653832616638623137666530326466393966323533313261353030343165636330396631
62386331323336326665343262363232376131613365393465613334643936326263316137396633
63336135356264613461616461316630636533373961373263373165356632643738366338373366
36663432386538323836613665646664313330336363633064373337383764663937316261636661
38373632316136636337396561373738376466613165653266313434393264646130663938653739
36393933326231626466613665373964313661663464383735663765336639663436336261613834
39616239366637373462363934656239653731383063373536363338326161633831343031636565
61616133333539393464323032636235633934343339356562343234373062353830336138386138
31393661303930656334343637646335656565303161363033353762623638323537643863643134
39393539393263313836623161633465386338653336633263633336316431666333393565386435
64363631316432636637633364646365323838386630626164383266386534316639393961663534
65666166653737646336303732333063313932336261323631306661613662643334316566666434
37623463646231346461643839386365333431353738626264663535366635623634653431356463
32356232383837666466383765353561666236363337666434623335363230363966323362666536
62646238633632626162363134373036353234393134626636366565353935333339346431316461
38306430663532396132656663313964346434656462373663616639323234306330666664383166
38346430613338303136643666613765333636306537346534633162323739343537303039353938
38613264666339303436353133323763306134343935396230396639623937376634666133393133
32643832313561613138656633306236383933303365626161373366313265626639383662356634
65353366613162616366343766333830633930323433643434366635646664636362666636336435
39343236636166653736623833386333356533326266633131666262353839306538656335643230
37656430663962333666376138326662376436383736643065316163396264663830356337323339
31346130613665656438623666363764643466366331303064386237363331383030373036633637
35323437383066323962353132383462383631633435306530336666623133306636643835653837
36646438623437333566633663613932616163666137313734666137376565626334323539623637
33633435303131656538616165643238313433316534616337316464383263633430663662323933
35323766303564643237316166646539396266633765653266663861653031346139316561326239
63373939363564353563623836373831303862306637323738396434363166653433323431343837
65363437623461383936626331636138373035666264363363313034613235643864336365643464
39306433333131306136313432646464613565346536353430326264363632316661333632343862
37653138666662663632303535623737633765323731633439323664363834333262326461366463
36323339643434636134356434353332313639376164373237396562396630353433373136623332
62366638623664333765323565393464373333366332623065653034626463313336633932316637
36323465623330643731303561336366303337626432356538643561343162326339643735323061
61303237306164353339663137386337363166303935363438373733386238636463653536313733
39363063393739663030376464616661393638333030633061653466396234656530343762346663
36313664316130643837313364656230386539633330363937333132623363633161376633636134
33383764356638376135633538646638626130646530386261313964353661656335376230346430
37383263646463623166633932376335633536383131343664646336326436316637376661396466
31356461656439306436646264626265356561333264323166303165346565376237663835323536
35663935393165656365323138346236363161353161333338363632333832636536646139656532
61633666306433343332343762373061316134396130653635663435396265363933626138353338
38363331396136343065633631626663306537376461643131636532313931356666633331333231
61663338313165663734356636323732336434396465316436383961313033313965303833636162
36333937623130653062613334353438306137653238356635313132666535643131323763636137
39636462393662633765626238636136636637643335373535653436376666326134376264323539
39353437303262343664313238306364353964633161366630663233633064313163386338643662
63303830643230303334336362653639323463336631323663613433336334383962663664303764
33653635626136633530356435383164383865633333353133346564666531303735643664313530
63333831343666623364623834396162636439396639343430313064303739636465323937653634
33333963326131353335326138326530393938353533383832656335623536643064643762636462
6262

42
group_vars/all/secrets.yml.contents
View File

@ -1,42 +0,0 @@
# These are the variables contained in secrets.yml
# Secrets are usually 32 characters or more, matching [a-Z0-9]
postgres_passwords:
fider: xxx
nextcloud: xxx
passit: xxx
gitea: xxx
matrix: xxx
codimd: xxx
mailu: xxx
ttrss: xxx
keycloak: xxx
fider_jwt_secret: xxx
ldap_admin_password: xxx
ldap_config_password: xxx
passit_secret_key: xxx
docker_password: xxx
mailu_secret_key: xxx
drone_secrets:
oauth_client_id: xxx
oauth_client_secret: xxx
rpc_shared_secret: xxx
restic_secrets:
user_secret: xxx
encryption_secret: xxx
matrix_secrets:
registration_shared_secret: xxx
macaroon_secret_key: xxx
form_secret: xxx
keycloak_secrets:
admin_user: xxx //used for setting up the initial admin user on first run
admin_password: xxx

2
playbook.yml
View File

@ -23,11 +23,9 @@
- docker_registry
- drone
- websites
- ulovliglogning-dk
- ouroboros
- mailu
- portainer
# - tt-rss
smtp_host: "postfix"
smtp_port: "587"

40
roles/docker/defaults/main.yml
View File

@ -12,7 +12,6 @@ thelounge:
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
gitea:
domain: "git.{{ base_domain }}"
@ -20,7 +19,6 @@ gitea:
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
fider:
domain: "feedback.{{ base_domain }}"
@ -30,9 +28,7 @@ matrix:
volume_folder: "{{ volume_root_folder }}/matrix"
riot:
domains:
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
domain: "riot.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot"
privatebin:
@ -40,12 +36,8 @@ privatebin:
volume_folder: "{{ volume_root_folder }}/privatebin"
codimd:
domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
volume_folder: "{{ volume_root_folder }}/codimd"
netdata:
domain: "netdata.{{ base_domain }}"
@ -57,25 +49,10 @@ docker_registry:
password: "{{ docker_password }}"
data_coop_website:
domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
domain: "{{ base_domain }}"
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
domain: "cryptohagen.dk"
drone:
domain: "drone.{{ base_domain }}"
@ -92,10 +69,7 @@ portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"
gluu:
domain: "gluu.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gluu"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"

16
roles/docker/files/configs/matrix/homeserver.yaml.j2 → roles/docker/files/configs/matrix/homeserver.yaml
View File

@ -54,10 +54,6 @@ soft_file_limit: 0
# Set to false to disable presence tracking on this homeserver.
use_presence: true
# If set to 'false', forbids any other homeserver to fetch the server's public
# rooms directory via federation.
allow_public_rooms_over_federation: true
# The GC threshold parameters to pass to `gc.set_threshold`, if defined
#
#gc_thresholds: [700, 10, 10]
@ -415,7 +411,7 @@ uploads_path: "/data/uploads"
# The largest allowed upload size in bytes
#
max_upload_size: "50M"
max_upload_size: "10M"
# Maximum number of pixels that will be thumbnailed
#
@ -577,7 +573,7 @@ turn_allow_guests: True
## Registration ##
# Enable registration for new users.
enable_registration: False
enable_registration: True
# The user must provide all of the below types of 3PID when registering.
#
@ -604,7 +600,7 @@ enable_registration: False
# If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled.
#
registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG"
# Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash.
@ -699,7 +695,7 @@ track_appservice_user_ips: False
# the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key.
#
macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X"
# Used to enable access token expiration.
#
@ -709,7 +705,7 @@ expire_access_token: False
# falsification of values. Must be specified for the User Consent
# forms to work.
#
form_secret: "{{ matrix_secrets.form_secret }}"
form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-"
## Signing Keys ##
@ -885,7 +881,7 @@ password_config:
# Whether to allow non server admins to create groups on this server
#
enable_group_creation: true
enable_group_creation: false
# If enabled, non server admins can only create groups with local parts
# starting with this prefix

3
roles/docker/files/configs/matrix/vhost-matrix
View File

@ -1,2 +1 @@
listen 8008;
client_max_body_size 50M; # default is 1M
listen 8008;

1
roles/docker/files/configs/matrix/vhost-riot
View File

@ -1 +0,0 @@
client_max_body_size 50M; # default is 1M

2
roles/docker/files/configs/riot/config.json
View File

@ -1,7 +1,7 @@
{
"default_hs_url": "https://{{ matrix.domain }}",
"default_is_url": "https://vector.im",
"brand": "element.data.coop",
"brand": "riot.data.coop",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [

1
roles/docker/files/sso/sso.data.coop.pem
View File

@ -1 +0,0 @@
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=

8
roles/docker/tasks/services.yml
View File

@ -3,6 +3,14 @@
docker_network:
name: external_services
- name: setup network for postfix
docker_network:
name: postfix
ipam_options:
subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup services
include_tasks: "services/{{ item }}.yml"
with_items: "{{ services }}"

70
roles/docker/tasks/services/drone.yml
View File

@ -1,51 +1,21 @@
---
- name: set up drone with docker runner
docker_compose:
project_name: drone
pull: yes
definition:
version: "3.6"
services:
drone:
container_name: "drone"
image: drone/drone:1
restart: unless-stopped
networks:
- external_services
- drone
volumes:
- "{{ drone.volume_folder }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
drone-runner-docker:
container_name: "drone-runner-docker"
image: "drone/drone-runner-docker:1"
restart: unless-stopped
networks:
- drone
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_RPC_HOST: "{{ drone.domain }}"
DRONE_RPC_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
DRONE_RUNNER_CAPACITY: 2
DRONE_RUNNER_NAME: "data.coop_drone_runner"
networks:
drone:
external_services:
external:
name: external_services
- name: Drone container
docker_container:
name: drone
image: drone/drone:latest
restart_policy: unless-stopped
networks:
- name: external_services
volumes:
- "{{ drone.volume_folder }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock"
env:
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
DRONE_GITEA_ALWAYS_AUTH: "False"
DRONE_RUNNER_CAPACITY: "2"
DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_PROTO: "https"
PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

6
roles/docker/tasks/services/gitea.yml
View File

@ -1,13 +1,9 @@
---
- name: gitea network
docker_network:
name: gitea
# old DNS: 138.68.71.153
- name: gitea container
docker_container:
name: gitea
image: gitea/gitea:1.15.7
image: gitea/gitea:latest
restart_policy: unless-stopped
networks:
- name: gitea

235
roles/docker/tasks/services/gluu.yml Normal file
View File

@ -0,0 +1,235 @@
- name: create gluu volume folders
file:
name: "{{ gluu.volume_folder }}/{{ volume }}"
state: directory
loop:
- "config-init/db"
- "consul/data"
- "opendj/config"
- "opendj/ldif"
- "opendj/logs"
- "opendj/db"
- "opendj/flag"
- "opendj/backup"
- "oxauth/custom"
- "oxauth/custom/pages"
- "oxauth/custom/static"
- "oxauth/lib/ext"
- "oxauth/logs"
- "oxtrust/custom/pages"
- "oxtrust/lib/ext"
- "oxtrust/logs"
- "shared-shibboleth-idp"
- "vault/config:/vault/config"
- "vault/data:/vault/data"
- "vault/logs:/vault/logs"
loop_control:
loop_var: "volume"
- name: set up gluu
docker_service:
project_name: gluu
pull: yes
definition:
version: "2.3"
services:
consul:
image: consul
container_name: consul
command: agent -server -bootstrap -ui
hostname: consul-1
environment:
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
restart: unless-stopped
volumes:
- "{{ gluu.volume_folder }}/consul:/consul/data"
networks:
- "gluu"
labels:
- "SERVICE_IGNORE=yes"
vault:
container_name: vault
image: vault:1.0.1
command: vault server -config=/vault/config
volumes:
- "{{ gluu.volume_folder }}/vault/config:/vault/config"
- "{{ gluu.volume_folder }}/vault/data:/vault/data"
- "{{ gluu.volume_folder }}/vault/logs:/vault/logs"
- "{{ gluu.volume_folder }}/vault/vault_gluu_policy.hcl:/vault/config/policy.hcl"
- "{{ gluu.volume_folder }}/vault/gcp_kms_stanza.hcl:/vault/config/stanza.hcl"
- "{{ gluu.volume_folder }}/vault/gcp_kms_creds.json:/vault/config/creds.json"
cap_add:
- IPC_LOCK
environment:
- VAULT_REDIRECT_INTERFACE=eth0
- VAULT_CLUSTER_INTERFACE=eth0
- VAULT_ADDR=http://0.0.0.0:8200
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
restart: unless-stopped
networks:
- "gluu"
depends_on:
- consul
labels:
- "SERVICE_IGNORE=yes"
registrator:
container_name: registrator
image: gluufederation/registrator:dev
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
volumes:
- /var/run/docker.sock:/tmp/docker.sock
networks:
- "gluu"
restart: unless-stopped
depends_on:
- consul
nginx:
container_name: nginx
image: gluufederation/nginx:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- VIRTUAL_HOST="{{ gluu.domain }}"
- LETSENCRYPT_HOST="{{ gluu.domain }}"
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
ports:
- "80"
- "443"
networks:
- "external_services"
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_IGNORE=yes"
ldap:
container_name: ldap
image: gluufederation/opendj:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_INIT=true
- GLUU_LDAP_INIT_HOST=ldap
- GLUU_LDAP_INIT_PORT=1636
- GLUU_OXTRUST_CONFIG_GENERATION=true
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
# - GLUU_REDIS_URL=redis:6379
# - GLUU_REDIS_TYPE=STANDALONE
# the value must match service name `ldap` because other containers
# use this value as LDAP hostname
- GLUU_CERT_ALT_NAME=ldap
volumes:
- "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config"
- "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif"
- "{{ gluu.volume_folder }}/opendj/logs:/opt/opendj/logs"
- "{{ gluu.volume_folder }}/opendj/db:/opt/opendj/db"
- "{{ gluu.volume_folder }}/opendj/flag:/flag"
- "{{ gluu.volume_folder }}/opendj/backup:/opt/opendj/bak"
networks:
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_IGNORE=yes"
oxauth:
container_name: oxauth
image: gluufederation/oxauth:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=consul
- GLUU_LDAP_URL=ldap:1636
extra_hosts:
- "{{ gluu.domain }}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
- "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
- "{{ gluu.volume_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext"
- "{{ gluu.volume_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs"
networks:
- "gluu"
mem_limit: 1536M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxauth"
- "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_TIMEOUT=5s"
oxtrust:
container_name: oxtrust
image: gluufederation/oxtrust:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
- GLUU_OXAUTH_BACKEND=oxauth:8080
extra_hosts:
- "{{ gluu.domain }}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages"
- "{{ gluu.volume_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static"
- "{{ gluu.volume_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext"
- "{{ gluu.volume_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs"
- "{{ gluu.volume_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
networks:
- "gluu"
mem_limit: 1536M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxtrust"
- "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_TIMEOUT=5s"
oxshibboleth:
container_name: oxshibboleth
image: gluufederation/oxshibboleth:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
extra_hosts:
- "{{gluu.domain}}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
networks:
- "gluu"
mem_limit: 1024M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxshibboleth"
- "SERVICE_8086_CHECK_HTTP=/idp"
- "SERVICE_8086_CHECK_INTERVAL=15s"
- "SERVICE_8086_CHECK_TIMEOUT=5s"
oxpassport:
container_name: oxpassport
image: gluufederation/oxpassport:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
# required by wait-for-it script
- GLUU_OXAUTH_BACKEND=oxauth:8080
- GLUU_OXTRUST_BACKEND=oxtrust:8080
extra_hosts:
- "{{gluu.domain}}:85.235.225.231"
networks:
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_NAME=oxpassport"
- "SERVICE_8090_CHECK_HTTP=/passport"
- "SERVICE_8090_CHECK_INTERVAL=15s"
- "SERVICE_8090_CHECK_TIMEOUT=5s"
networks:
external_services:
external: true
gluu:
name: "gluu"

66
roles/docker/tasks/services/hedgedoc.yml
View File

@ -1,66 +0,0 @@
---
- name: create hedgedoc volume folders
file:
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
- "hedgedoc/uploads"
loop_control:
loop_var: volume
- name: copy sso public certificate
copy:
src: "files/sso/sso.data.coop.pem"
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: setup hedgedoc
docker_compose:
project_name: "hedgedoc"
pull: "yes"
definition:
services:
database:
image: "postgres:10-alpine"
environment:
POSTGRES_USER: "codimd"
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
POSTGRES_DB: "codimd"
restart: "unless-stopped"
networks:
- "hedgedoc"
volumes:
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
app:
image: quay.io/hedgedoc/hedgedoc:1.9.0
environment:
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
CMD_DOMAIN: "{{ hedgedoc.domain }}"
CMD_ALLOW_EMAIL_REGISTER: "False"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_EMAIL: "False"
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
CMD_SAML_ISSUER: "hedgedoc"
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
CMD_USECDN: "false"
CMD_PROTOCOL_USESSL: "true"
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
restart: "unless-stopped"
networks:
- "hedgedoc"
- "external_services"
depends_on:
- database
networks:
hedgedoc:
external_services:
external: true

45
roles/docker/tasks/services/keycloak.yml
View File

@ -1,45 +0,0 @@
- name: setup keycloak containers for sso.data.coop
docker_compose:
project_name: "keycloak"
pull: "yes"
definition:
version: "3.6"
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "keycloak"
volumes:
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
POSTGRES_DB: "keycloak"
app:
image: "quay.io/keycloak/keycloak:15.0.2"
restart: "unless-stopped"
networks:
- "keycloak"
- "postfix"
- "external_services"
environment:
VIRTUAL_HOST: "{{ keycloak.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
DB_USER: "keycloak"
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
DB_ADDR: "keycloak_postgres_1"
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
PROXY_ADDRESS_FORWARDING: "true"
networks:
keycloak:
postfix:
external: true
external_services:
external: true

3
roles/docker/tasks/services/mailu.yml
View File

@ -38,7 +38,7 @@
force: yes
- name: run mail server containers
docker_compose:
docker_service:
project_name: mail_server
pull: yes
definition:
@ -78,7 +78,6 @@
- "993:993"
- "25:25"
- "587:587"
- "465:465"
networks:
- default
- external_services

26
roles/docker/tasks/services/matrix_riot.yml
View File

@ -46,14 +46,9 @@
src: files/configs/matrix/vhost-matrix
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
- name: upload vhost config for riot domain
template:
src: files/configs/matrix/vhost-riot
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
- name: upload homeserver.yaml
template:
src: "files/configs/matrix/homeserver.yaml.j2"
src: "files/configs/matrix/homeserver.yaml"
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
- name: upload matrix logging config
@ -62,7 +57,7 @@
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
- name: set up matrix and riot
docker_compose:
docker_service:
project_name: matrix
pull: yes
definition:
@ -82,18 +77,17 @@
matrix_app:
container_name: matrix
image: matrixdotorg/synapse:v1.47.1
image: matrixdotorg/synapse:v0.99.2
restart: unless-stopped
networks:
- matrix
- external_services
- external_services
ports:
- 8008
volumes:
volumes:
- "{{ matrix.volume_folder }}/data:/data"
environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
SYNAPSE_CACHE_FACTOR: "2"
SYNAPSE_LOG_LEVEL: "INFO"
VIRTUAL_HOST: "{{ matrix.domain }}"
VIRTUAL_PORT: "8008"
@ -102,7 +96,7 @@
riot:
container_name: riot_app
image: avhost/docker-matrix-riot:v1.9.0
image: avhost/docker-matrix-riot:v1.0.3
restart: unless-stopped
networks:
- matrix
@ -110,14 +104,14 @@
ports:
- 8080
volumes:
- "{{ riot.volume_folder }}/data:/data"
- "{{ riot.volume_folder }}/data:/data"
environment:
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
VIRTUAL_HOST: "{{ riot.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ riot.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
networks:
external_services:
external:
name: external_services

2
roles/docker/tasks/services/netdata.yml
View File

@ -21,7 +21,5 @@
LETSENCRYPT_HOST: "{{ netdata.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
PGID: "999"
labels:
com.ouroboros.enable: "true"

86
roles/docker/tasks/services/nextcloud.yml
View File

@ -1,42 +1,48 @@
---
- name: setup nextcloud containers
docker_compose:
project_name: "nextcloud"
pull: "yes"
definition:
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "nextcloud"
volumes:
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
environment:
POSTGRES_DB: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
POSTGRES_USER: "nextcloud"
app:
image: "nextcloud:22-apache"
restart: "unless-stopped"
networks:
- "nextcloud"
- "external_services"
volumes:
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
environment:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: "nextcloud_postgres_1"
POSTGRES_DB: "nextcloud"
POSTGRES_USER: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
networks:
nextcloud:
postfix:
external: true
external_services:
external: true
- name: nextcloud network
docker_network:
name: nextcloud
- name: nextcloud database volume
docker_volume:
name: nextcloud_db
- name: nextcloud database container
docker_container:
name: nextcloud_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: nextcloud
volumes:
- nextcloud_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
- name: nextcloud app volume
docker_volume:
name: nextcloud_app
- name: nextcloud app container
docker_container:
name: nextcloud_app
image: nextcloud:apache
state: started
restart_policy: always
networks:
- name: nextcloud
- name: external_services
volumes:
- nextcloud_app:/var/www/html
env:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"

4
roles/docker/tasks/services/openldap.yml
View File

@ -17,7 +17,7 @@
- name: openLDAP container
docker_container:
name: openldap
image: osixia/openldap:1.5.0
image: osixia/openldap:1.2.2
tty: true
interactive: true
volumes:
@ -57,7 +57,7 @@
- name: phpLDAPadmin container
docker_container:
name: phpldapadmin
image: osixia/phpldapadmin:0.9.0
image: osixia/phpldapadmin:latest
networks:
- name: external_services
- name: ldap

2
roles/docker/tasks/services/ouroboros.yml
View File

@ -14,5 +14,5 @@
LABELS_ONLY: "true"
CLEANUP: "true"
LATEST: "true"
CRON: "*/10 * * * *"
CRON: "*/1 * * * *"

80
roles/docker/tasks/services/passit.yml
View File

@ -1,47 +1,45 @@
---
- name: setup passit containers
docker_compose:
project_name: "passit"
pull: "yes"
definition:
version: "3.6"
services:
- name: passit network
docker_network:
name: passit
passit_db:
image: "postgres:10"
restart: "always"
networks:
- "passit"
volumes:
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "passit"
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
- name: passit database volume
docker_volume:
name: passit_db
passit_app:
image: "passit/passit:stable"
command: "bin/start.sh"
restart: "always"
networks:
- "passit"
- "postfix"
- "external_services"
environment:
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False'
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
- name: passit database container
docker_container:
name: passit_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: passit
volumes:
- passit_db:/var/lib/postgresql/data
env:
POSTGRES_USER: passit
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
VIRTUAL_HOST: "{{ passit.domain }}"
LETSENCRYPT_HOST: "{{ passit.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
- name: passit app container
docker_container:
name: passit
image: passit/passit:stable
command: bin/start.sh
restart_policy: always
networks:
- name: passit
- name: postfix
- name: external_services
env:
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False'
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
networks:
passit:
postfix:
external: true
external_services:
external: true
VIRTUAL_HOST: "{{ passit.domain }}"
LETSENCRYPT_HOST: "{{ passit.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

3
roles/docker/tasks/services/portainer.yml
View File

@ -8,7 +8,7 @@
- name: run portainer
docker_container:
name: portainer
image: portainer/portainer-ce:2.9.1
image: portainer/portainer
restart_policy: always
networks:
- name: external_services
@ -19,6 +19,5 @@
- 9001:9000
env:
VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

9
roles/docker/tasks/services/postfix.yml
View File

@ -1,12 +1,5 @@
---
- name: setup network for postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail
docker_container:
name: postfix
@ -15,5 +8,5 @@
networks:
- name: postfix
env:
ALLOWED_SENDER_DOMAINS: "services.{{ base_domain }}"
ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"

38
roles/docker/tasks/services/restic-backup.yml
View File

@ -1,38 +0,0 @@
---
- name: setup restic backup
docker_compose:
project_name: restic_backup
pull: yes
definition:
version: '3.6'
services:
restic-backup:
image: mazzolino/restic
restart: always
environment:
RUN_ON_STARTUP: "true"
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
RESTIC_BACKUP_ARGS: >-
--tag datacoop-volumes
--exclude='*.tmp'
--verbose
RESTIC_FORGET_ARGS: >-
--keep-last 10
--keep-daily 7
--keep-weekly 5
--keep-monthly 12
TZ: Europe/Copenhagen
volumes:
- /docker-volumes:/mnt/volumes:ro
restic-prune:
image: "mazzolino/restic"
environment:
RUN_ON_STARTUP: "true"
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
TZ: Europe/copenhagen

53
roles/docker/tasks/services/tt-rss.yml
View File

@ -1,53 +0,0 @@
---
- name: create tt-rss folders
file:
name: "{{ ttrss.volume_folder }}/{{ volume }}"
state: directory
loop:
- "config"
- "db"
loop_control:
loop_var: volume
- name: "set up tt-rss"
docker_compose:
project_name: "tt-rss"
pull: yes
definition:
version: "3.6"
services:
ttrss_db:
container_name: "ttrss_db"
image: "postgres:11"
restart: "unless-stopped"
networks:
- "ttrss"
volumes:
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "ttrss"
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
ttrss_app:
container_name: ttrss_app
image: "linuxserver/tt-rss"
restart: unless-stopped
networks:
- ttrss
- external_services
volumes:
- "{{ ttrss.volume_folder }}/config:/config"
environment:
VIRTUAL_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
TZ: "Europe/Copenhagen"
labels:
com.ouroboros.enable: "true"
networks:
external_services:
external:
name: external_services
ttrss:
name: "ttrss"

13
roles/docker/tasks/services/ulovliglogning-dk.yml
View File

@ -1,13 +0,0 @@
- name: setup ulovliglogning.dk website docker container
docker_container:
name: ulovliglogning_website
restart_policy: unless-stopped
image: ulovliglogning/ulovliglogning.dk:latest
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

38
roles/docker/tasks/services/websites.yml
View File

@ -8,25 +8,11 @@
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
VIRTUAL_HOST : "{{ data_coop_website.domain }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
com.ouroboros.enable: "true"
- name: setup cryptohagen.dk website docker container
docker_container:
@ -36,22 +22,8 @@
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

2
roles/docker/templates/mailu.env.j2
View File

@ -41,7 +41,7 @@ POSTMASTER=admin
TLS_FLAVOR=mail
# Authentication rate limit (per source IP address)
AUTH_RATELIMIT=120/minute;1200/hour
AUTH_RATELIMIT=10/minute;1000/hour
# Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=False

11
roles/ubuntu_base/tasks/base.yml
View File

@ -1,5 +1,5 @@
---
- name: Install necessary packages via apt
- name: Install necessary packages
apt:
name: "{{ packages }}"
vars:
@ -8,11 +8,4 @@
- python3-pip
- apparmor
- haveged
- name: Install necessary packages via pip
pip:
name: "{{ packages }}"
vars:
packages:
- docker
- docker-compose