graffens experiments

ansible.cfg

@@ -1,3 +1,2 @@
 [defaults]
 remote_user = root
-inventory = datacoop_hosts

deploy.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
+BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --vault-password-file ~/.vault_password_file"
 
 if [ -z "$1" ]; then
     echo "Deploying all!"

group_vars/all/secrets.yml

@@ -1,102 +1,87 @@
 $ANSIBLE_VAULT;1.1;AES256
-32336562633266653862666430393834306131343538636136643866306639313132383063393335
-3437383263343337323637616330383761346661383065390a396466663135313433643830316439
-65626336303339653730643435353366633839366165393463663031333030356464373338353765
-3662646137623936650a633038376161633737376432306466663938333838333339626235663362
-34303237306533343435346361346461613339323931666461313261623936653936656439663139
-39666639616234653565303235313866636463656237363861636366666433393631366364623534
-39313638363231646539383133383938353439356335313263656362376538623531636166383233
-32653461653965303835613833383736396563306436623762613138343665343461623964666464
-31363836343534616235323238663262343963376133636337333937353732623938616434333666
-37386231356633653034656130383463643065373935633334653766396539326262646465376338
-31346134356162613266393132313839363166623562316230313338373062393535363236363133
-62653261663865323933323061353864643435323538633733363030356636653162616237323839
-33636235396166326336303133613431326231356434383431623366386437303162396234626563
-66333232343234613661363339653234343333323965353537353337303964653066356664303265
-62333237343334333836623566643633656134353034623630323361376562353464636538623664
-65313435316533633834303734636233333164616230393664646261663133323536356338323430
-38623734366530313461653062376136336634386132333138666439326636373536636134333432
-61396432353962366333373961323263633036656362653330393236333737306664633335313438
-34383335313933613930376436323236343539363035323461333366646462623961633933313432
-38656530653336306130313932393162626437383736393162656364333162623831356163303365
-66343433316131313332346537343863343966323765373035306661366633336261306661363966
-39326131336561633463613731396663336639613634636631373435623263353961323539623162
-30383831393164373632336265373662663936336131306563323833643236616338653835633832
-33383530623733386564373935663437613366633536386131363465363466306632373535646661
-62616531363737336536616132343034663038623665666636613232663666303164663661366232
-33626536336435323031663662383836326331633262386634393333373630343431333461393234
-33656664666466623262353533363833616663303637393164633633336438393131366261326230
-63623266353432613832633163663363663964303461386366373236386131376336623138366134
-33626234383661646637323062363265623630663061353630313466626632623062386638643433
-36333262666562396433393866393362303134616664616531386637336233306334383434616238
-62353237396432353335316631336265326135616430383735353638346339623539393064373365
-66336463653139323962333065666363363733376161613434363830663161303735306264396339
-35643535326130313033636135656634303731323030623131613866653932346665343365343537
-30393534346438343833336262646161643665613639373835336438663664643763323735646566
-30303339386131353863643463383333616432333262633962656434343563323165366533643730
-36646431336361316234393731373563656164646437636536353530343731373531373932313633
-61363462386663333465333465363864643039346238303635323362646335363037323437633462
-62373839666639326465383766333462356635636163376366373764373462386430616566386564
-39353662346632623661326238306136373364343231303664626630663761643433393033633335
-62336232376134656537383632643730303330353533626634633138383163356533646461656230
-31373733326436323937373537363839653034356137343864656364313831336235396530373265
-31663035326365373033313030363032343030346635343333656637343961303861393336316134
-35383635393737643935646334373865386637373636303162363562326239326433396466396435
-66336235373238326662323763333733636635313862653233353165346233313663353164383937
-37373934343261373462373832363633323438663536356133343464316563316362343932396234
-30343335396562336433353233306132656239663036663064653235376264653933363636326132
-33353064663930626330386562396564323965393432353430326362616235353464623861313336
-37363333623736306632643931356138373031363938363966616632666236346265323562306538
-39303365613463393964376536383431326661323237616538353333373930616438633630633961
-35303436353231373133666165306534346137396662653736343135303431613438363864616237
-65643338633065663266303232643264316564373066663038306632653962626336346639393061
-33326638323066323264353338636535336363376639646233336234643137646262666238363865
-34623236396437623539653466653331326434643036663930333065393836383265613036393233
-64333530636138356361643635613933313335636662646666656131613834376632313734373261
-66626262373630386337303539323332343831373731643830323661656435626266386633366666
-38626330663635623262336435373432383066393335633261383633343633616564353135613334
-34616663333562643232333133626433313265316561633638633236343334323337643066386363
-33316637303533393165656665373931313666616330316465643531303730333036613965383161
-65346133303835643134643030373966636632663937343434633263633161366236613039313866
-63343362303866313732326438393262643630633461316534313638343230653462636330363437
-36613561366235646465326163343165633764333466643766316235396534363366366238626161
-32656566386130623962643865643562623338353939306463663034653939383864356164316332
-34396661303364323430323764346438393165313430623464373436323337303966613437626136
-34303166396636666237383138636230306161323161343738353062383262373631643637366139
-36313033623162366530366130376338623634363661623965643364666330313066646233303963
-65353137616236396266336238346562343331363964356237356132303734326138646164663961
-62383761663837326431343939666432663132396464646439626364373833653164313931353631
-34633737333961646137663764363763356138396264353534303236633135643936313039303565
-37663937613961643563346130653536653236346165633333383666623961303138363961646138
-36613062346562326537656236343835383663386235353638653861613865333635333161326337
-66343664373262383164313838393261663566393838633364363931653164613663643966643063
-39656261643733663763383339653433616231653737623865353038646331373334666232346334
-39653730613439393532326430623239666239616361313738343738376536303839623938396439
-37393134343333383430303963356563633862336134373962306634613261653131636631626638
-35613635643336306435643832383761353465633537666563333763646338656164333661666462
-38643765313865626535326136343365643362373234326262366332653264363863646539366630
-36623635396635363636373139383530633332386263656339396433653936333834656631373637
-65663564353938623737303332373261623862646566386230313865643835323231373933303165
-39356561656534326661346636633933613532373137393737623737383134333132363436373630
-63653139356565356566663532313736613437623634313236663537376462383465613332656233
-65306131356165366131633432383730356163326561326332346535373738636333333165666365
-31636564303838333061323063653135623162636464656263613538306561303361633864383634
-35613164386334646338613661356134303766393239366530666137376362646263333530623565
-34643166313038376136643032393630303435376631336366343632383735626335333232303463
-33643363313434363633393964323064653966353161636135633264333766386266646366316132
-63303935356138356566306234356435343961356166646430633335386435366666333234636465
-36336439663731643663353732353261313037363231306430373962613838616238313662343761
-33316335316236626631636636386137376263323862306262316366663039396334326564303762
-34623562363839386439366639323662393831653530663463396230663133396466326363303065
-35646635323439323062333864336332333938663536373834663535643832316532313262326265
-63376436356662663165616532613963303030613166663865376531613031383865363864333238
-33616230336263306434643933356530303163653232323331643731353134353939363762303933
-32363061346537666637663733346431643164323364363133316265306336626466353366313635
-66653162643533316162363035373532656239356434623761666663626366663336376539656537
-31323561356363393038323762646633323461666263633937313264346364356439343761623337
-34643731393763323339653636656565663665646431313531616337616363373764626334656264
-66633366346137613032313865666363613530643663373834313731353437373239653332656134
-62376164313138303233623964663234643661336232366165616163313866336230353565393365
-36613361346437336431376164663930393530626339626361323764623635396137396634316364
-31393030323539376233383965366433623562646161643866346138316536613437383035656139
-6533
+62393230613162353938306335363361323162356461613234306332653236326632323038663738
+3832663036633166373961623738323162363532633638350a636565346534616431343862356534
+62306562623663623438623263636262303938303562343463333365613834623434623232303531
+6135343464616438360a383163343838323762626435346564313364376566356638623165363537
+65616337373633613530393361613561333939666131316366303761303964343762306462633038
+36303332336633653432613036346332663863376531623561343433383662623861633862363230
+65316536626365303764393839626364326539336637643631336439653761633730636562653066
+62353637633365336237663935383937633732363830623232376463326132353062336232363539
+64376632616631353138376263383162353866316366316562666538383538633038373535663033
+32663363383037666663373335306138623032343939313436656531616234303763396630663639
+66656538393538666166386635643563633465306662366436383936306233376361663331353630
+64333731396134646236653963356435656535613365353635383734346131383066356431663061
+37333533623439623164323738363035633664353831363162376331613965613635653663303339
+36623035633865633131363061346366643865636433303733613731643863333764313135616433
+30396636653734656631323562343330653839346461653037353439636135316134396533383731
+62303164366366616163656462346264383633353164333335613034363636373339613538376166
+38333238666334656632376465346538323938653661656130313232656137316463346430663134
+36636465356661666138616530326436326238383834336635663963363530316335613233396334
+36346634656331623039383266303437323239646563326161653831363833653338386533616231
+39613939393334353536613262643030323535396634363330396465303230646133356238373865
+62316630303366643965363835336563393838373933393435616532636338376265303830376162
+64653931343464656532373831666663326532373631376265636338323430396666383736636438
+37346535373761663338653035653738396430316261326333313532653638393535386139376266
+32333037303831653364336130646462616537383035633338653435633938303638633364336635
+33343963666162356534656635316261353930336431323539393066333930323236396566356330
+62333162353965616465396365616630313363636135633835353939633662363664343266373562
+36636666343765653530653435316466356139323236356638383230623730643637613633633565
+32353234656233353734653233323563313764613333653331333232653730396635633438633362
+34306337653732646236346361663937616332353765613131393339393766313131633561376430
+62386662393864303865303438616637303363646462313634383431373736643230653665636165
+39636638656534363862633134663962383138656637386462356261336465386431343036646233
+64666166346334333862653035303461626235633830623639643166373238373136343061303837
+39633133653761646231653639653262366334373963343236363233373635306638653865653730
+34616230343637616232313639333136313231393133346532353761623038656531376337333339
+63316364386162616438303263653936643135316661633266613033366232383232356331336133
+35313836363361363637383637643831313238613136396637386136633061666430313963633933
+37343663666130326139643663313534313835643162363566396430363831343965613363366161
+30353165313932623536393734306461616662663763333031623738383437643862623632656161
+31323432633962613366306435626339663638633931323161373331353635306536623836376432
+37373033306530623162316430613933366331303766386538396666346464363662646639643634
+31373064646630343035326336376464663231343239643137353731303761643037313561313039
+32613631353862376230316130333936376565373961383838383932396363396533316530383830
+37386139396637613131366161376431323565643434333531656330643331653734393038303336
+31366538663231623937653730326264633531623333363932656138396637303932333662383935
+39323437396361613038376335353732333839383965313262643165363635386231666634653665
+63333034663735623438393063333064363133396537646433383861613337313631633634343063
+34303065343965343633653331393131613334356162323466656164343730323032396134303763
+63393835646361316530643932613531326235313961663937653264656535623932303038616662
+39336136346361636132303434373461333466333833313139346531303837306238613664613731
+33363766393862663336383930326638346132326138623537656263366262353637626436313736
+32643837303761336230353037663235323265313939323436323736366565663533626365376361
+62633730373864386438653137326136373866363164616633636137356133643330623035323838
+33326137393937383833346537633361383966313230636133363663373638373864393838636161
+64386631366530653063656634336537396330633763336235393538356139323565336134326337
+61633330333164643166373064623032356135623336393262386461646535326462393638373866
+37626266393962393564306530336462323137386434626363383365366238636235356432323533
+65343262666162643932393061363531346464393363623037366639376536386234646135646330
+36623837356637353132643435633632356266323830653866393636316130306538336334376234
+36303265363037306436346666376337653837373839313732386131306535666639653733353737
+66353531623431663532623865373931656233333234356532363730643234633963653435356237
+61633134333536616235626666333738613637366264613961333663336330653132313234653132
+39383336623736333634633863356366383430306465373932366534626131343236336439343663
+38643133626566366163653164356436313661626432653435616630336563386466383939613038
+30336433663563343532663032633161363535643962646161396531646130343431663863633736
+33656437363432623135313163323064353863303164656661633161616536313165383939663935
+65393164363533663934643034316332643137643861333233303062333138633337323330323865
+63633538626537363739623132336466393835316565633936616562656466316363623432303231
+37383465393034346130616632616539653735323730633035333138373632313662373566373265
+63623761323763616634343966386233306435633965633764363133306531363739613039386231
+39376432656662653165373162623565393964396538653065343164663233313465363537663963
+35326461313761363734306664623265663335333661633732626233323332383335613437633936
+66383031363332353937303165643864666236356133643861373032613366333837356434613437
+63346637316465306330306135343338623238363139633939653730323961353630353365323938
+30373165336337303434316336363737623439306633306363383433383666653661613030393466
+35323762616664393838396365636334626130663839666438633361356164663562303930623664
+39653235646230363031613061383563663761636131623064633265363737633433623130316234
+32643836393530373535353732373730303932313131653465353432353065326566633965656531
+64323462616638646234636662346532663964366538653934646538303237366531613939666338
+64643666626338333036363234663664326439306432353833633637373439616661666434313831
+34383334386538656564653862333565623165316439666235376535396232336263663033396532
+31393866636661303934306536343065366265376131326238616338336161646139393464346534
+34643664646535316133636236356430316434613762313738623066653336616339383366653934
+32663930333366623032663838656632643532303136663664303035346237616630653262346461
+33343066346233313534323831646139636263306132666563333963633664323463333262316664
+65636635333562636333303964666164393533653033336539663162333764376362373165613734
+6366393631666464616334646262316161363136646334356133

group_vars/all/secrets.yml.contents

@@ -10,7 +10,6 @@ postgres_passwords:
   codimd: xxx
   mailu: xxx
   ttrss: xxx
-  keycloak: xxx
 
 fider_jwt_secret: xxx
 
@@ -32,11 +31,7 @@ restic_secrets:
   user_secret: xxx
   encryption_secret: xxx
 
-matrix_secrets:
-  registration_shared_secret: xxx
-  macaroon_secret_key: xxx
-  form_secret: xxx
-
-keycloak_secrets:
-  admin_user: xxx    //used for setting up the initial admin user on first run
-  admin_password: xxx
+mailman_secrets:
+  postgres_password: xxx
+  hyperkitty_api_key: xxx
+  django_secret_key: xxx

roles/docker/defaults/main.yml

@@ -12,7 +12,6 @@ thelounge:
 
 nextcloud:
   domain: "cloud.{{ base_domain }}"
-  volume_folder: "{{ volume_root_folder }}/nextcloud"
 
 gitea:
   domain: "git.{{ base_domain }}"
@@ -40,12 +39,8 @@ privatebin:
   volume_folder: "{{ volume_root_folder }}/privatebin"
 
 codimd:
-  domain: "oldpad.{{ base_domain }}"
-  volume_folder: "{{ volume_root_folder }}/codimd"
-
-hedgedoc:
   domain: "pad.{{ base_domain }}"
-  volume_folder: "{{ volume_root_folder }}/hedgedoc"
+  volume_folder: "{{ volume_root_folder }}/codimd"
 
 netdata:
   domain: "netdata.{{ base_domain }}"
@@ -81,13 +76,22 @@ drone:
   domain: "drone.{{ base_domain }}"
   volume_folder: "{{ volume_root_folder }}/drone"
 
+mail_subnet_base: "192.168.203"
+
 mailu:
   version: 1.6
   domain: "mail.{{ base_domain }}"
-  dns: 192.168.203.254
-  subnet: 192.168.203.0/24
+  dns: "{{ mail_subnet_base }}.254"
+  subnet: "{{ mail_subnet_base }}.0/24"
   volume_folder: "{{ volume_root_folder }}/mailu"
 
+mailman:
+  domain: "lists.{{ base_domain }}"
+  volume_folder: "{{ volume_root_folder }}/mailman"
+  core_ip: "{{ mail_subnet_base }}.12"
+  web_ip: "{{ mail_subnet_base }}.13"
+  database_ip: "{{ mail_subnet_base }}.14"
+
 portainer:
   domain: "portainer.{{ base_domain }}"
   volume_folder: "{{ volume_root_folder }}/portainer"
@@ -95,7 +99,3 @@ portainer:
 ttrss:
   domain: rss.{{ base_domain }}
   volume_folder: "{{ volume_root_folder }}/tt-rss"
-
-keycloak:
-  domain: sso.{{ base_domain }}
-  volume_folder: "{{ volume_root_folder }}/keycloak"

roles/docker/files/configs/matrix/homeserver.yaml

@@ -577,7 +577,7 @@ turn_allow_guests: True
 ## Registration ##
 
 # Enable registration for new users.
-enable_registration: False
+enable_registration: True
 
 # The user must provide all of the below types of 3PID when registering.
 #
@@ -604,7 +604,7 @@ enable_registration: False
 # If set, allows registration by anyone who also has the shared
 # secret, even if registration is otherwise disabled.
 #
-registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
+registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG"
 
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@@ -699,7 +699,7 @@ track_appservice_user_ips: False
 # the registration_shared_secret is used, if one is given; otherwise,
 # a secret key is derived from the signing key.
 #
-macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
+macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X"
 
 # Used to enable access token expiration.
 #
@@ -709,7 +709,7 @@ expire_access_token: False
 # falsification of values. Must be specified for the User Consent
 # forms to work.
 #
-form_secret: "{{ matrix_secrets.form_secret }}"
+form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-"
 
 ## Signing Keys ##
 

roles/docker/files/mailman/mailman-extra.cfg

@@ -0,0 +1,10 @@
+[mta]
+incoming: mailman.mta.postfix.LMTP
+outgoing: mailman.mta.deliver.deliver
+# mailman-core hostname or IP from the Postfix server
+lmtp_host: localhost
+lmtp_port: 8024
+# Postfix server's hostname or IP from mailman-core
+smtp_host: smtp
+smtp_port: 25
+configuration: /etc/postfix-mailman.cfg

roles/docker/files/mailman/postfix.cf

@@ -0,0 +1,11 @@
+append_at_myorigin=no
+append_dot_mydomain=no
+recipient_delimiter = +
+unknown_local_recipient_reject_code = 550
+owner_request_special = no
+virtual_mailbox_maps = regexp:/opt/mailman-core-data/postfix_lmtp \$virtual_alias_maps
+transport_maps = regexp:/opt/mailman-core-data/postfix_lmtp
+local_recipient_maps = regexp:/opt/mailman-core-data/postfix_lmtp
+relay_domains = regexp:/opt/mailman-core-data/postfix_domains
+always_add_missing_headers = yes
+local_header_rewrite_clients = permit_sasl_authenticated

roles/docker/files/sso/sso.data.coop.pem

@@ -1 +0,0 @@
-MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=

roles/docker/tasks/services/gitea.yml

@@ -7,7 +7,7 @@
 - name: gitea container
   docker_container:
     name: gitea
-    image: gitea/gitea:1.15.7
+    image: gitea/gitea:1.12.3
     restart_policy: unless-stopped
     networks:
       - name: gitea

roles/docker/tasks/services/hedgedoc.yml

@@ -1,66 +0,0 @@
----
-- name: create hedgedoc volume folders
-  file:
-    name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
-    state: directory
-  loop:
-    - "db"
-    - "hedgedoc/uploads"
-  loop_control:
-    loop_var: volume
-
-- name: copy sso public certificate
-  copy:
-    src: "files/sso/sso.data.coop.pem"
-    dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
-    mode: "0644"
-
-- name: setup hedgedoc
-  docker_compose:
-    project_name: "hedgedoc"
-    pull: "yes"
-    definition:
-      services:
-        database:
-          image: "postgres:10-alpine"
-          environment:
-            POSTGRES_USER: "codimd"
-            POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
-            POSTGRES_DB: "codimd"
-          restart: "unless-stopped"
-          networks:
-            - "hedgedoc"
-          volumes:
-            - "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
-        
-        app:
-          image: quay.io/hedgedoc/hedgedoc:1.9.0
-          environment:
-            CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
-            CMD_DOMAIN: "{{ hedgedoc.domain }}"
-            CMD_ALLOW_EMAIL_REGISTER: "False"
-            CMD_IMAGE_UPLOAD_TYPE: "filesystem"
-            CMD_EMAIL: "False"
-            CMD_SAML_IDPCERT: "/sso.data.coop.pem"
-            CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
-            CMD_SAML_ISSUER: "hedgedoc"
-            CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
-            CMD_USECDN: "false"
-            CMD_PROTOCOL_USESSL: "true"
-            VIRTUAL_HOST: "{{ hedgedoc.domain }}"
-            LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
-            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-          volumes:
-            - "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
-            - "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
-          restart: "unless-stopped"
-          networks: 
-            - "hedgedoc"
-            - "external_services"
-          depends_on:
-            - database
-
-      networks: 
-        hedgedoc:
-        external_services:
-          external: true

roles/docker/tasks/services/keycloak.yml

@@ -1,45 +0,0 @@
-- name: setup keycloak containers for sso.data.coop
-  docker_compose:
-    project_name: "keycloak"
-    pull: "yes"
-    definition:
-      version: "3.6"
-      services:
-
-        postgres:
-          image: "postgres:10"
-          restart: "unless-stopped"
-          networks:
-            - "keycloak"
-          volumes:
-            - "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
-          environment:
-            POSTGRES_USER: "keycloak"
-            POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
-            POSTGRES_DB: "keycloak"
-
-        app:
-          image: "quay.io/keycloak/keycloak:15.0.2"
-          restart: "unless-stopped"
-          networks:
-            - "keycloak"
-            - "postfix"
-            - "external_services"
-          environment:
-            VIRTUAL_HOST: "{{ keycloak.domain }}"
-            VIRTUAL_PORT: "8080"
-            LETSENCRYPT_HOST: "{{ keycloak.domain }}"
-            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-            DB_USER: "keycloak"
-            DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
-            DB_ADDR: "keycloak_postgres_1"
-            #KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
-            #KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
-            PROXY_ADDRESS_FORWARDING: "true"
-             
-      networks:
-        keycloak:
-        postfix:
-          external: true
-        external_services:
-          external: true

roles/docker/tasks/services/mailman.yml

@@ -0,0 +1,97 @@
+---
+
+- name: copy nginx configuration to link static files
+  template:
+    src: "templates/mailman/nginx_vhost"
+    dest: "{{ nginx.volume_folder }}/vhost/lists.data.coop"
+    mode: "0644"
+
+- name: run mailman server containers
+  docker_compose:
+    project_name: "mailman"
+    definition:
+      version: '3'
+
+      services:
+
+        mailman-core:
+          image: maxking/mailman-core:0.3.11
+          volumes:
+            - "{{ volume_root_folder }}/mailman/core:/opt/mailman"
+          stop_grace_period: 30s
+          links:
+            - mailman-web:mailmain-web
+            - database:database
+          depends_on:
+            - database
+          environment:
+            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@172.19.199.4/mailmandb"
+            DATABASE_TYPE: "postgres"
+            DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
+            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
+            HYPERKITTY_URL: http://172.19.199.3:8000/hyperkitty
+            MTA: "postfix"
+            SMTP_HOST: "{{ smtp_host }}"
+            SMTP_PORT: "{{ smtp_port }}"
+            SMTP_HOST_USER: "noop"
+            MM_HOSTNAME: "172.19.199.2"
+          networks:
+            mailman:
+              ipv4_address: 172.19.199.2
+            postfix:
+            external_services:
+
+        mailman-web:
+          image: maxking/mailman-web:0.3.11
+          depends_on:
+            - database
+          links:
+            - database:database
+          volumes:
+            - "{{ volume_root_folder }}/mailman/web:/opt/mailman-web-data"
+          environment:
+            DATABASE_TYPE: "postgres"
+            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@172.19.199.4/mailmandb"
+            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
+            DJANGO_ALLOWED_HOSTS: "lists.data.coop"
+            SERVE_FROM_DOMAIN: "lists.data.coop"
+            MAILMAN_ADMIN_USER: "valberg"
+            MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
+            MAILMAN_REST_URL: "http://172.19.199.2:8001"
+            SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
+            SMTP_HOST: "{{ smtp_host }}"
+            SMTP_PORT: "{{ smtp_port }}"
+            VIRTUAL_HOST: "lists.data.coop"
+            VIRTUAL_PORT: 8000
+            LETSENCRYPT_HOST: "lists.data.coop"
+            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+          networks:
+            mailman:
+              ipv4_address: 172.19.199.3
+            postfix:
+            external_services:
+
+        database:
+          image: postgres:13
+          restart: always
+          environment:
+            POSTGRES_DB: mailmandb
+            POSTGRES_USER: mailman
+            POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
+          volumes:
+            - "{{ volume_root_folder }}/mailman/database:/var/lib/postgresql/data"
+          networks:
+            mailman:
+              ipv4_address: 172.19.199.4
+
+      networks:
+        mailman:
+          driver: bridge
+          ipam:
+            driver: default
+            config:
+              - subnet: 172.19.199.0/24
+        postfix:
+          external: true
+        external_services:
+          external: true

roles/docker/tasks/services/mailu.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: create mailu volume folders
+- name: "[Mailu] create mailu volume folders"
   file:
     name: "{{ mailu.volume_folder }}/{{ volume }}"
     state: directory
@@ -17,12 +17,12 @@
   loop_control:
     loop_var: volume
 
-- name: upload mailu.env file
+- name: "[Mailu] upload mailu.env file"
   template:
     src: mailu.env.j2
     dest: "{{ mailu.volume_folder}}/mailu.env"
 
-- name: hard link to Let's Encrypt TLS certificate
+- name: "[Mailu] hard link to Let's Encrypt TLS certificate"
   file:
     src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
     dest: "{{ mailu.volume_folder }}/certs/cert.pem"
@@ -30,20 +30,40 @@
     force: yes
 
 
-- name: hard link to Let's Encrypt TLS key
+- name: "[Mailu] hard link to Let's Encrypt TLS key"
   file:
     src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
     dest: "{{ mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: yes
 
-- name: run mail server containers
+- name: "[Mailman] copy nginx configuration to link static files"
+  template:
+    src: mailman/nginx_vhost.j2
+    dest: "{{ nginx.volume_folder }}/vhost/{{ mailman.domain }}"
+    mode: "0644"
+
+- name: "[Mailman] copy postfix override"
+  copy:
+    src: mailman/postfix.cf
+    dest: "{{ mailu.volume_folder }}/overrides/postfix.cf"
+    mode: "0644"
+
+- name: "[Mailman] copy mailman config"
+  copy:
+    src: mailman/mailman-extra.cfg
+    dest: "{{ mailman.volume_folder }}/core/mailman-extra.cfg"
+    mode: "0644"
+
+- name: Start containers
   docker_compose:
     project_name: mail_server
     pull: yes
     definition:
       version: '3.6'
       services:
+
+        ### Mailu containers ###
         redis:
           image: redis:alpine
           restart: always
@@ -117,6 +137,7 @@
           env_file: "{{ mailu.volume_folder}}/mailu.env"
           volumes:
             - "{{ mailu.volume_folder }}/overrides:/overrides"
+            - "{{ mailman.volume_folder }}/core/var/data:/opt/mailman-core-data/"
           depends_on:
             - front
             - resolver
@@ -149,6 +170,73 @@
           dns:
             - "{{ mailu.dns }}"
 
+        ### Mailman containers ###
+        mailman-core:
+          image: maxking/mailman-core:0.3.11
+          volumes:
+            - "{{ mailman.volume_folder }}/core:/opt/mailman"
+          stop_grace_period: 30s
+          links:
+            - mailman-web:mailmain-web
+            - database:database
+          depends_on:
+            - database
+          environment:
+            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@{{ mailman.database_ip }}/mailmandb"
+            DATABASE_TYPE: "postgres"
+            DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
+            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
+            HYPERKITTY_URL: "http://{{ mailman.web_ip }}:8000/hyperkitty"
+            MTA: "postfix"
+            SMTP_HOST: smtp
+            MM_HOSTNAME: "{{ mailman.core_ip }}"
+          networks:
+            default:
+              ipv4_address: "{{ mailman.core_ip }}"
+            external_services:
+
+        mailman-web:
+          image: maxking/mailman-web:0.3.11
+          depends_on:
+            - database
+          links:
+            - database:database
+          volumes:
+            - "{{ mailman.volume_folder }}/web:/opt/mailman-web-data"
+          environment:
+            DATABASE_TYPE: "postgres"
+            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@{{ mailman.database_ip }}/mailmandb"
+            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
+            DJANGO_ALLOWED_HOSTS: "{{ mailman.domain }}"
+            SERVE_FROM_DOMAIN: "{{ mailman.domain }}"
+            MAILMAN_ADMIN_USER: "valberg"
+            MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
+            MAILMAN_REST_URL: "http://{{ mailman.core_ip }}:8001"
+            MAILMAN_HOST_IP: "{{ mailman.core_ip }}"
+            SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
+            SMTP_HOST: smtp
+            VIRTUAL_HOST: "{{ mailman.domain }}"
+            VIRTUAL_PORT: 8000
+            LETSENCRYPT_HOST: "{{ mailman.domain }}"
+            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+          networks:
+            default:
+              ipv4_address: "{{ mailman.web_ip }}"
+            external_services:
+
+        mailman-database:
+          image: postgres:13
+          restart: always
+          environment:
+            POSTGRES_DB: mailmandb
+            POSTGRES_USER: mailman
+            POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
+          volumes:
+            - "{{ mailman.volume_folder }}/database:/var/lib/postgresql/data"
+          networks:
+            default:
+              ipv4_address: "{{ mailman.database_ip }}"
+
       networks:
         default:
           driver: bridge

roles/docker/tasks/services/matrix_riot.yml

@@ -53,7 +53,7 @@
 
 - name: upload homeserver.yaml
   template:
-    src: "files/configs/matrix/homeserver.yaml.j2"
+    src: "files/configs/matrix/homeserver.yaml"
     dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
 
 - name: upload matrix logging config
@@ -82,7 +82,7 @@
 
         matrix_app:
           container_name: matrix
-          image: matrixdotorg/synapse:v1.47.1
+          image: matrixdotorg/synapse:v1.18.0
           restart: unless-stopped
           networks:
             - matrix
@@ -102,7 +102,7 @@
 
         riot:
           container_name: riot_app
-          image: avhost/docker-matrix-riot:v1.9.0
+          image: avhost/docker-matrix-riot:v1.7.3
           restart: unless-stopped
           networks:
             - matrix

roles/docker/tasks/services/nextcloud.yml

@@ -1,42 +1,48 @@
 ---
-- name: setup nextcloud containers
-  docker_compose:
-    project_name: "nextcloud"
-    pull: "yes"
-    definition:
-      services:
-        postgres:
-          image: "postgres:10"
-          restart: "unless-stopped"
-          networks:
-            - "nextcloud"
-          volumes:
-            - "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
-          environment: 
-            POSTGRES_DB: "nextcloud"
-            POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
-            POSTGRES_USER: "nextcloud"
-        
-        app:
-          image: "nextcloud:22-apache"
-          restart: "unless-stopped"
-          networks:
-            - "nextcloud"
-            - "external_services"
-          volumes:
-          - "{{ nextcloud.volume_folder }}/app:/var/www/html"
-          environment:
-            VIRTUAL_HOST: "{{ nextcloud.domain }}"
-            LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
-            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-            POSTGRES_HOST: "nextcloud_postgres_1"
-            POSTGRES_DB: "nextcloud"
-            POSTGRES_USER: "nextcloud"
-            POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
 
-      networks:
-          nextcloud:
-          postfix:
-            external: true
-          external_services:
-            external: true
+- name: nextcloud network
+  docker_network:
+    name: nextcloud
+
+- name: nextcloud database volume
+  docker_volume:
+    name: nextcloud_db
+
+- name: nextcloud database container
+  docker_container:
+    name: nextcloud_db
+    image: postgres:10
+    state: started
+    restart_policy: always
+    networks:
+      - name: nextcloud
+    volumes:
+      - nextcloud_db:/var/lib/postgresql/data
+    env:
+      POSTGRES_DB: somethingelse
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
+
+- name: nextcloud app volume
+  docker_volume:
+    name: nextcloud_app
+
+- name: nextcloud app container
+  docker_container:
+    name: nextcloud_app
+    image: nextcloud:apache
+    state: started
+    restart_policy: always
+    networks:
+      - name: nextcloud
+      - name: external_services
+    volumes:
+      - nextcloud_app:/var/www/html
+    env:
+      VIRTUAL_HOST: "{{ nextcloud.domain }}"
+      LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+      POSTGRES_HOST: nextcloud_db
+      POSTGRES_DB: nextcloud
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"

roles/docker/tasks/services/nginx-proxy.yml

@@ -29,6 +29,7 @@
       - "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
       - "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
       - "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
+      - "{{ volume_root_folder }}:/docker-volumes/:ro"
       - /var/run/docker.sock:/tmp/docker.sock:ro
 
 - name: nginx letsencrypt container

roles/docker/tasks/services/openldap.yml

@@ -17,7 +17,7 @@
 - name: openLDAP container
   docker_container:
     name: openldap
-    image: osixia/openldap:1.5.0
+    image: osixia/openldap:1.2.2
     tty: true
     interactive: true
     volumes:
@@ -57,7 +57,7 @@
 - name: phpLDAPadmin container
   docker_container:
     name: phpldapadmin
-    image: osixia/phpldapadmin:0.9.0
+    image: osixia/phpldapadmin:latest
     networks:
       - name: external_services
       - name: ldap

roles/docker/tasks/services/portainer.yml

@@ -8,7 +8,7 @@
 - name: run portainer
   docker_container:
     name: portainer
-    image: portainer/portainer-ce:2.9.1
+    image: portainer/portainer-ce:2.0.1
     restart_policy: always
     networks:
       - name: external_services

roles/docker/tasks/services/postfix.yml

@@ -8,6 +8,17 @@
         gateway: 172.16.0.1
 
 - name: setup postfix docker container for outgoing mail
+  vars:
+    mynetworks:
+      - 127.0.0.0/8
+      - 10.0.0.0/8
+      - 172.16.0.0/12
+      - 192.168.0.0/16
+      - 172.19.199.2
+      - 172.19.199.3
+    allowed_sender_domains:
+      - "{{ base_domain }}"
+      - "lists.data.coop"
   docker_container:
     name: postfix
     image: boky/postfix
@@ -15,5 +26,5 @@
     networks:
       - name: postfix
     env:
-      ALLOWED_SENDER_DOMAINS: "services.{{ base_domain }}"
-
+      ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
+      MYNETWORKS: "{{ mynetworks|join(',') }}"

roles/docker/templates/mailman/nginx_vhost.j2

@@ -0,0 +1,3 @@
+location /static/ {
+    alias {{ volume_root_folder }}/mailman/web/static/;
+}