Compare commits

..

1 commit

Author SHA1 Message Date
Reynir Björnsson c266a55213 Disallow ssh passwords 2020-12-13 15:25:21 +01:00
25 changed files with 202 additions and 413 deletions

View file

@ -1,3 +1,2 @@
[defaults] [defaults]
remote_user = root remote_user = root
inventory = datacoop_hosts

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass" BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --ask-vault-pass"
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Deploying all!" echo "Deploying all!"

View file

@ -1,102 +1,67 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
32336562633266653862666430393834306131343538636136643866306639313132383063393335 36303830393964636165353932336334643761653732643036303563313439623836626231313739
3437383263343337323637616330383761346661383065390a396466663135313433643830316439 6239326131333263383438613161353435393036663162310a646237306461633337383838306139
65626336303339653730643435353366633839366165393463663031333030356464373338353765 37303434653266303866643162306433636532333131366132366431303766306232653837653463
3662646137623936650a633038376161633737376432306466663938333838333339626235663362 6139336230306131660a636165373732313930396632336532366239303766393937386135306235
34303237306533343435346361346461613339323931666461313261623936653936656439663139 62633837363138323365646235333137646363626430633339376636333838663738316535396161
39666639616234653565303235313866636463656237363861636366666433393631366364623534 66653931666565353337623336636338383035333133643639323739393565396434373734323235
39313638363231646539383133383938353439356335313263656362376538623531636166383233 34306132666430376537643431343362383734343861633332373838383837316266336131353231
32653461653965303835613833383736396563306436623762613138343665343461623964666464 31356665313333343139303337633530643534376338343631396431663937616535306136343266
31363836343534616235323238663262343963376133636337333937353732623938616434333666 36323761653933386231386339666333306331326161306536616238623836306335373930386539
37386231356633653034656130383463643065373935633334653766396539326262646465376338 32326331366435386132393731633664333862656130636632656335353939656638613863633637
31346134356162613266393132313839363166623562316230313338373062393535363236363133 64366662623531333933613566356632383061656165323839623732306331653133393463373465
62653261663865323933323061353864643435323538633733363030356636653162616237323839 61363036613234353962353135366361363537313138626337376138383335633865663237303464
33636235396166326336303133613431326231356434383431623366386437303162396234626563 37373032353066323532313364333863663739613631633230323339346634663733326430343263
66333232343234613661363339653234343333323965353537353337303964653066356664303265 64636331616434343331333065633936313265393739353937396165363337366263393131316661
62333237343334333836623566643633656134353034623630323361376562353464636538623664 34643263343263306235326562663065343438363338326138653066326432646531643764396161
65313435316533633834303734636233333164616230393664646261663133323536356338323430 34343834643134363662373934346463383263636436346433303231656535626664626530326131
38623734366530313461653062376136336634386132333138666439326636373536636134333432 39303231646537316136653932306135303931333762343434623636623436383561353131303163
61396432353962366333373961323263633036656362653330393236333737306664633335313438 63373833656430336365316433663538643634303962623538663362383536613136366230396533
34383335313933613930376436323236343539363035323461333366646462623961633933313432 37363963613532666434653863623030653434303463616638653135666433613030656335396238
38656530653336306130313932393162626437383736393162656364333162623831356163303365 37356632376366383463343736303265326436383435363335333838313264333134653932616465
66343433316131313332346537343863343966323765373035306661366633336261306661363966 31363832656563383035306537376532343934373933306232333631363132616665663433666133
39326131336561633463613731396663336639613634636631373435623263353961323539623162 36643131386134303362373264356437333236663232373035363765303936313162353930353033
30383831393164373632336265373662663936336131306563323833643236616338653835633832 38303864643237323437653463313238613036386461303066353465336230303632613432353661
33383530623733386564373935663437613366633536386131363465363466306632373535646661 36313761303234303363346432666638323865663764623862623165633234363437653964343830
62616531363737336536616132343034663038623665666636613232663666303164663661366232 62656365363538303035326239663264646163366332306332383262356130356436366661383234
33626536336435323031663662383836326331633262386634393333373630343431333461393234 66643832656661623132303562333432656365323836363133373932333732323133383832623939
33656664666466623262353533363833616663303637393164633633336438393131366261326230 37333632623933656336316161376565653363633330646239666266313336306563366462376531
63623266353432613832633163663363663964303461386366373236386131376336623138366134 34623636646439366438316530386334313233613963643634366135373661373138316466313739
33626234383661646637323062363265623630663061353630313466626632623062386638643433 64623835613166616165383463323137303431303035363733366563623934366439323666653633
36333262666562396433393866393362303134616664616531386637336233306334383434616238 65663532343939343334616662366633353231636135346564643034666331616666316561386664
62353237396432353335316631336265326135616430383735353638346339623539393064373365 30636535633432336438663462356232383737393031383431666664303563623932666630653233
66336463653139323962333065666363363733376161613434363830663161303735306264396339 65323932303638653562663734386637323964333331356262346463333065633565386363393064
35643535326130313033636135656634303731323030623131613866653932346665343365343537 37646563366437646330353765623236306561646433636534666438323036373132363036626438
30393534346438343833336262646161643665613639373835336438663664643763323735646566 61393866626236316238326236656164643864343734353438313466633136343931376634366261
30303339386131353863643463383333616432333262633962656434343563323165366533643730 64353631363665366237356566323532306563333937343665393166336535383636303930346362
36646431336361316234393731373563656164646437636536353530343731373531373932313633 38333733306430636436623661653066313936626362373464396138343439376430626162316466
61363462386663333465333465363864643039346238303635323362646335363037323437633462 66623837353763333864663562653166316665363537636537626234666230636665396438313832
62373839666639326465383766333462356635636163376366373764373462386430616566386564 61613330396134666437306162386335613466383231633034393639366533363137613964383135
39353662346632623661326238306136373364343231303664626630663761643433393033633335 35356136393962353262313635343031323638326163336433303066393939646536653033343530
62336232376134656537383632643730303330353533626634633138383163356533646461656230 38303935663038303639616661346664666435393266653663373435363433386461633133343964
31373733326436323937373537363839653034356137343864656364313831336235396530373265 65633532656566613638333266393131653863336563386262643630633164346139383436326463
31663035326365373033313030363032343030346635343333656637343961303861393336316134 62316131363335376336366332323564383036333139386462353933316461346363626465396631
35383635393737643935646334373865386637373636303162363562326239326433396466396435 39616164316463323162616235653365363737373736646331303436303037333536633466303533
66336235373238326662323763333733636635313862653233353165346233313663353164383937 32663335386332663334653734303136333066636234643537393931626333303735386238373763
37373934343261373462373832363633323438663536356133343464316563316362343932396234 33323333646531633964613633356539636538306163303938373638623230396661663538653463
30343335396562336433353233306132656239663036663064653235376264653933363636326132 35396434303634316631376138336530393134353235383637326466306363313462323330623535
33353064663930626330386562396564323965393432353430326362616235353464623861313336 33353335306364323335316336643233386561306134636461336537353838373830373031616636
37363333623736306632643931356138373031363938363966616632666236346265323562306538 62333335616639353436303336653965303132316439316362303931373465376264396139346631
39303365613463393964376536383431326661323237616538353333373930616438633630633961 61393064326433366337613266306263336163393731633165303536636132636638656339373634
35303436353231373133666165306534346137396662653736343135303431613438363864616237 32313637666334313935613564316331396437343335313336666137366133376666306138383163
65643338633065663266303232643264316564373066663038306632653962626336346639393061 62383131616339393534613231616134383562346163343430323261336531306332363736396663
33326638323066323264353338636535336363376639646233336234643137646262666238363865 39643134633838393566643237656663313161326631316437663463653566343238343736656566
34623236396437623539653466653331326434643036663930333065393836383265613036393233 35663231623533323261326162356137646436643766646439663538306661643861356565666434
64333530636138356361643635613933313335636662646666656131613834376632313734373261 38353131363863666439316666353965663531323662376235636533363262353131323166326335
66626262373630386337303539323332343831373731643830323661656435626266386633366666 61656432666130313762376334656434333532636165313834333634646465346234653662393735
38626330663635623262336435373432383066393335633261383633343633616564353135613334 35643138623832646633666366616436323730383066323637316635336134356461353666636164
34616663333562643232333133626433313265316561633638633236343334323337643066386363 30633833313863656237653762373965376638393232376532666361396363303030383138616631
33316637303533393165656665373931313666616330316465643531303730333036613965383161 32633739626565383161343065646232636464373538626330636466316337663739376638386337
65346133303835643134643030373966636632663937343434633263633161366236613039313866 32383763313064666464623137373036336562633734313663313463386430313838636165313962
63343362303866313732326438393262643630633461316534313638343230653462636330363437 31383466363466396337333837626462303434353739343338313137633736313664346239666237
36613561366235646465326163343165633764333466643766316235396534363366366238626161 62313462366136313037646264663533323738656138353235646136383334613035383236383865
32656566386130623962643865643562623338353939306463663034653939383864356164316332 38666432313761653234636363396361643139353730323237616663323433363463373666613765
34396661303364323430323764346438393165313430623464373436323337303966613437626136 31656430326138373434356130626465643733313065366562313566326633653832316265636538
34303166396636666237383138636230306161323161343738353062383262373631643637366139 35396164313932356432306639653461343063643666656265333033643863303637313031653134
36313033623162366530366130376338623634363661623965643364666330313066646233303963 39636436636333343030333762376463303538626665343434633236353236373765643231383933
65353137616236396266336238346562343331363964356237356132303734326138646164663961 3130336364366434306366623062613130616230366633333536
62383761663837326431343939666432663132396464646439626364373833653164313931353631
34633737333961646137663764363763356138396264353534303236633135643936313039303565
37663937613961643563346130653536653236346165633333383666623961303138363961646138
36613062346562326537656236343835383663386235353638653861613865333635333161326337
66343664373262383164313838393261663566393838633364363931653164613663643966643063
39656261643733663763383339653433616231653737623865353038646331373334666232346334
39653730613439393532326430623239666239616361313738343738376536303839623938396439
37393134343333383430303963356563633862336134373962306634613261653131636631626638
35613635643336306435643832383761353465633537666563333763646338656164333661666462
38643765313865626535326136343365643362373234326262366332653264363863646539366630
36623635396635363636373139383530633332386263656339396433653936333834656631373637
65663564353938623737303332373261623862646566386230313865643835323231373933303165
39356561656534326661346636633933613532373137393737623737383134333132363436373630
63653139356565356566663532313736613437623634313236663537376462383465613332656233
65306131356165366131633432383730356163326561326332346535373738636333333165666365
31636564303838333061323063653135623162636464656263613538306561303361633864383634
35613164386334646338613661356134303766393239366530666137376362646263333530623565
34643166313038376136643032393630303435376631336366343632383735626335333232303463
33643363313434363633393964323064653966353161636135633264333766386266646366316132
63303935356138356566306234356435343961356166646430633335386435366666333234636465
36336439663731643663353732353261313037363231306430373962613838616238313662343761
33316335316236626631636636386137376263323862306262316366663039396334326564303762
34623562363839386439366639323662393831653530663463396230663133396466326363303065
35646635323439323062333864336332333938663536373834663535643832316532313262326265
63376436356662663165616532613963303030613166663865376531613031383865363864333238
33616230336263306434643933356530303163653232323331643731353134353939363762303933
32363061346537666637663733346431643164323364363133316265306336626466353366313635
66653162643533316162363035373532656239356434623761666663626366663336376539656537
31323561356363393038323762646633323461666263633937313264346364356439343761623337
34643731393763323339653636656565663665646431313531616337616363373764626334656264
66633366346137613032313865666363613530643663373834313731353437373239653332656134
62376164313138303233623964663234643661336232366165616163313866336230353565393365
36613361346437336431376164663930393530626339626361323764623635396137396634316364
31393030323539376233383965366433623562646161643866346138316536613437383035656139
6533

View file

@ -1,5 +1,4 @@
# These are the variables contained in secrets.yml # These are the variables contained in secrets.yml
# Secrets are usually 32 characters or more, matching [a-Z0-9]
postgres_passwords: postgres_passwords:
fider: xxx fider: xxx
@ -10,7 +9,6 @@ postgres_passwords:
codimd: xxx codimd: xxx
mailu: xxx mailu: xxx
ttrss: xxx ttrss: xxx
keycloak: xxx
fider_jwt_secret: xxx fider_jwt_secret: xxx
@ -27,16 +25,3 @@ drone_secrets:
oauth_client_id: xxx oauth_client_id: xxx
oauth_client_secret: xxx oauth_client_secret: xxx
rpc_shared_secret: xxx rpc_shared_secret: xxx
restic_secrets:
user_secret: xxx
encryption_secret: xxx
matrix_secrets:
registration_shared_secret: xxx
macaroon_secret_key: xxx
form_secret: xxx
keycloak_secrets:
admin_user: xxx //used for setting up the initial admin user on first run
admin_password: xxx

View file

@ -21,4 +21,11 @@ users:
groups: groups:
- sudo - sudo
deni:
comment: Denis Smajlović
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0pB42dtqruXr2Ha8Rdp3QoSrMOLU5cbLMfuNTNmgwPZmprhGGRTAsz8E0aG+5HCFBmW6JxiTGyHGdIZrhYWpKYshxxn4zODfitP7IzDgvg9Pz0Ugw/c5i5eKjkVfw9xLZKjO/H3Ql8R+wFMawpdw7j+Q9G+J3eIidEI6TmSvJVWijBxpLI4qrLceL084qg93XpJENYBOcvx9fYQQ+Es0jo4hmPuHWq5VIkIoIfvVvdhwjlaBsqv2je5BNx8uTMVIyV34ZHpJc95wJ6MOcqpQunW2bR4mGc9FLh67eP2ba9nDoQ0pnnlWGqAIKx5P1ELIg7RM3HhuwfRVh4DxCfjXpMz3l1gr1dA1wVD9bOtzbPWLjo7LNkRcT/loba/jpznTNIEv+kawmm/H0aTZZdlofkGHuX0iOpLV1c1tCDMH1s/MCqwosSRihrXhSOozsABvaaZpJiHcpE4DcNr+xJhe1XrHMqR30KU0r7ulIP8JdhzMNEsq3HxZQh9s8XLIUukrpcpOgJYyGuQK3kG6li5kYbmVqjLDQ1xHi/4r/4TXjJYpsFCZ71SURLzxoF1nauHpBLKcHI3MPFvqr27SQcM92fO14wKDAmAtHINwzMQjlda6B0jFNC+2xUfHrH7yIhwSktytq5qbhiFKK71DSLiMKFvOqoTVWRckO2+Zw1HZB+Q== deni@deni.dk
password: $6$ooKtdqASOxYJN2CJ$ziMrGG/qIOeyiTGjx.hPYjVBlHpzM9YY6qCJB9/L8aR33feUvXxZNBCgME93ZhbwDBjblS/tP796LsCF4i17D.
groups:
- sudo
volume_root_folder: "/docker-volumes" volume_root_folder: "/docker-volumes"

View file

@ -12,7 +12,6 @@ thelounge:
nextcloud: nextcloud:
domain: "cloud.{{ base_domain }}" domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
gitea: gitea:
domain: "git.{{ base_domain }}" domain: "git.{{ base_domain }}"
@ -20,7 +19,6 @@ gitea:
passit: passit:
domain: "passit.{{ base_domain }}" domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
fider: fider:
domain: "feedback.{{ base_domain }}" domain: "feedback.{{ base_domain }}"
@ -30,9 +28,7 @@ matrix:
volume_folder: "{{ volume_root_folder }}/matrix" volume_folder: "{{ volume_root_folder }}/matrix"
riot: riot:
domains: domain: "riot.{{ base_domain }},element.{{ base_domain }}"
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot" volume_folder: "{{ volume_root_folder }}/riot"
privatebin: privatebin:
@ -40,12 +36,8 @@ privatebin:
volume_folder: "{{ volume_root_folder }}/privatebin" volume_folder: "{{ volume_root_folder }}/privatebin"
codimd: codimd:
domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
domain: "pad.{{ base_domain }}" domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc" volume_folder: "{{ volume_root_folder }}/codimd"
netdata: netdata:
domain: "netdata.{{ base_domain }}" domain: "netdata.{{ base_domain }}"
@ -57,25 +49,16 @@ docker_registry:
password: "{{ docker_password }}" password: "{{ docker_password }}"
data_coop_website: data_coop_website:
domains: domain: "{{ base_domain }},www.{{ base_domain }}"
- "{{ base_domain }}"
- "www.{{ base_domain }}"
cryptohagen_website: cryptohagen_website:
domains: domain: "cryptohagen.dk,www.cryptohagen.dk"
- "cryptohagen.dk"
- "www.cryptohagen.dk"
ulovliglogning_website: ulovliglogning_website:
domains: domain: "ulovliglogning.dk,www.ulovliglogning.dk,ulovlig-logning.dk"
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
cryptoaarhus_website: cryptoaarhus_website:
domains: domain: "cryptoaarhus.dk,www.cryptoaarhus.dk"
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
drone: drone:
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
@ -96,6 +79,3 @@ ttrss:
domain: rss.{{ base_domain }} domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss" volume_folder: "{{ volume_root_folder }}/tt-rss"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"

View file

@ -577,7 +577,7 @@ turn_allow_guests: True
## Registration ## ## Registration ##
# Enable registration for new users. # Enable registration for new users.
enable_registration: False enable_registration: True
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
@ -604,7 +604,7 @@ enable_registration: False
# If set, allows registration by anyone who also has the shared # If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled. # secret, even if registration is otherwise disabled.
# #
registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}" registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG"
# Set the number of bcrypt rounds used to generate password hash. # Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash. # Larger numbers increase the work factor needed to generate the hash.
@ -699,7 +699,7 @@ track_appservice_user_ips: False
# the registration_shared_secret is used, if one is given; otherwise, # the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key. # a secret key is derived from the signing key.
# #
macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}" macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X"
# Used to enable access token expiration. # Used to enable access token expiration.
# #
@ -709,7 +709,7 @@ expire_access_token: False
# falsification of values. Must be specified for the User Consent # falsification of values. Must be specified for the User Consent
# forms to work. # forms to work.
# #
form_secret: "{{ matrix_secrets.form_secret }}" form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-"
## Signing Keys ## ## Signing Keys ##

View file

@ -1 +0,0 @@
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=

View file

@ -7,7 +7,7 @@
- name: gitea container - name: gitea container
docker_container: docker_container:
name: gitea name: gitea
image: gitea/gitea:1.15.7 image: gitea/gitea:1.12.3
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: gitea - name: gitea

View file

@ -1,66 +0,0 @@
---
- name: create hedgedoc volume folders
file:
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
- "hedgedoc/uploads"
loop_control:
loop_var: volume
- name: copy sso public certificate
copy:
src: "files/sso/sso.data.coop.pem"
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: setup hedgedoc
docker_compose:
project_name: "hedgedoc"
pull: "yes"
definition:
services:
database:
image: "postgres:10-alpine"
environment:
POSTGRES_USER: "codimd"
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
POSTGRES_DB: "codimd"
restart: "unless-stopped"
networks:
- "hedgedoc"
volumes:
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
app:
image: quay.io/hedgedoc/hedgedoc:1.9.0
environment:
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
CMD_DOMAIN: "{{ hedgedoc.domain }}"
CMD_ALLOW_EMAIL_REGISTER: "False"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_EMAIL: "False"
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
CMD_SAML_ISSUER: "hedgedoc"
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
CMD_USECDN: "false"
CMD_PROTOCOL_USESSL: "true"
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
restart: "unless-stopped"
networks:
- "hedgedoc"
- "external_services"
depends_on:
- database
networks:
hedgedoc:
external_services:
external: true

View file

@ -1,45 +0,0 @@
- name: setup keycloak containers for sso.data.coop
docker_compose:
project_name: "keycloak"
pull: "yes"
definition:
version: "3.6"
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "keycloak"
volumes:
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
POSTGRES_DB: "keycloak"
app:
image: "quay.io/keycloak/keycloak:15.0.2"
restart: "unless-stopped"
networks:
- "keycloak"
- "postfix"
- "external_services"
environment:
VIRTUAL_HOST: "{{ keycloak.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
DB_USER: "keycloak"
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
DB_ADDR: "keycloak_postgres_1"
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
PROXY_ADDRESS_FORWARDING: "true"
networks:
keycloak:
postfix:
external: true
external_services:
external: true

View file

@ -38,7 +38,7 @@
force: yes force: yes
- name: run mail server containers - name: run mail server containers
docker_compose: docker_service:
project_name: mail_server project_name: mail_server
pull: yes pull: yes
definition: definition:

View file

@ -49,11 +49,11 @@
- name: upload vhost config for riot domain - name: upload vhost config for riot domain
template: template:
src: files/configs/matrix/vhost-riot src: files/configs/matrix/vhost-riot
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}" dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domain }}"
- name: upload homeserver.yaml - name: upload homeserver.yaml
template: template:
src: "files/configs/matrix/homeserver.yaml.j2" src: "files/configs/matrix/homeserver.yaml"
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml" dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
- name: upload matrix logging config - name: upload matrix logging config
@ -62,7 +62,7 @@
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config" dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
- name: set up matrix and riot - name: set up matrix and riot
docker_compose: docker_service:
project_name: matrix project_name: matrix
pull: yes pull: yes
definition: definition:
@ -82,7 +82,7 @@
matrix_app: matrix_app:
container_name: matrix container_name: matrix
image: matrixdotorg/synapse:v1.47.1 image: matrixdotorg/synapse:v1.18.0
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -102,7 +102,7 @@
riot: riot:
container_name: riot_app container_name: riot_app
image: avhost/docker-matrix-riot:v1.9.0 image: avhost/docker-matrix-riot:v1.7.3
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -112,9 +112,9 @@
volumes: volumes:
- "{{ riot.volume_folder }}/data:/data" - "{{ riot.volume_folder }}/data:/data"
environment: environment:
VIRTUAL_HOST: "{{ riot.domains|join(',') }}" VIRTUAL_HOST: "{{ riot.domain }}"
VIRTUAL_PORT: "8080" VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}" LETSENCRYPT_HOST: "{{ riot.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks: networks:

View file

@ -1,42 +1,48 @@
--- ---
- name: setup nextcloud containers
docker_compose:
project_name: "nextcloud"
pull: "yes"
definition:
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "nextcloud"
volumes:
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
environment:
POSTGRES_DB: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
POSTGRES_USER: "nextcloud"
app: - name: nextcloud network
image: "nextcloud:22-apache" docker_network:
restart: "unless-stopped" name: nextcloud
- name: nextcloud database volume
docker_volume:
name: nextcloud_db
- name: nextcloud database container
docker_container:
name: nextcloud_db
image: postgres:10
state: started
restart_policy: always
networks: networks:
- "nextcloud" - name: nextcloud
- "external_services"
volumes: volumes:
- "{{ nextcloud.volume_folder }}/app:/var/www/html" - nextcloud_db:/var/lib/postgresql/data
environment: env:
POSTGRES_DB: somethingelse
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
- name: nextcloud app volume
docker_volume:
name: nextcloud_app
- name: nextcloud app container
docker_container:
name: nextcloud_app
image: nextcloud:apache
state: started
restart_policy: always
networks:
- name: nextcloud
- name: external_services
volumes:
- nextcloud_app:/var/www/html
env:
VIRTUAL_HOST: "{{ nextcloud.domain }}" VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}" LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: "nextcloud_postgres_1" POSTGRES_HOST: nextcloud_db
POSTGRES_DB: "nextcloud" POSTGRES_DB: nextcloud
POSTGRES_USER: "nextcloud" POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
networks:
nextcloud:
postfix:
external: true
external_services:
external: true

View file

@ -17,7 +17,7 @@
- name: openLDAP container - name: openLDAP container
docker_container: docker_container:
name: openldap name: openldap
image: osixia/openldap:1.5.0 image: osixia/openldap:1.2.2
tty: true tty: true
interactive: true interactive: true
volumes: volumes:
@ -57,7 +57,7 @@
- name: phpLDAPadmin container - name: phpLDAPadmin container
docker_container: docker_container:
name: phpldapadmin name: phpldapadmin
image: osixia/phpldapadmin:0.9.0 image: osixia/phpldapadmin:latest
networks: networks:
- name: external_services - name: external_services
- name: ldap - name: ldap

View file

@ -1,47 +1,45 @@
--- ---
- name: setup passit containers - name: passit network
docker_compose: docker_network:
project_name: "passit" name: passit
pull: "yes"
definition:
version: "3.6"
services:
passit_db: - name: passit database volume
image: "postgres:10" docker_volume:
restart: "always" name: passit_db
- name: passit database container
docker_container:
name: passit_db
image: postgres:10
state: started
restart_policy: always
networks: networks:
- "passit" - name: passit
volumes: volumes:
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data" - passit_db:/var/lib/postgresql/data
environment: env:
POSTGRES_USER: "passit" POSTGRES_USER: passit
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}" POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
passit_app: - name: passit app container
image: "passit/passit:stable" docker_container:
command: "bin/start.sh" name: passit
restart: "always" image: passit/passit:stable
command: bin/start.sh
restart_policy: always
networks: networks:
- "passit" - name: passit
- "postfix" - name: postfix
- "external_services" - name: external_services
environment: env:
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit" DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
SECRET_KEY: "{{ passit_secret_key }}" SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False' IS_DEBUG: 'False'
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}" EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}" DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}" EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
VIRTUAL_HOST: "{{ passit.domain }}" VIRTUAL_HOST: "{{ passit.domain }}"
LETSENCRYPT_HOST: "{{ passit.domain }}" LETSENCRYPT_HOST: "{{ passit.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
passit:
postfix:
external: true
external_services:
external: true

View file

@ -8,7 +8,7 @@
- name: run portainer - name: run portainer
docker_container: docker_container:
name: portainer name: portainer
image: portainer/portainer-ce:2.9.1 image: portainer/portainer:1.23.1
restart_policy: always restart_policy: always
networks: networks:
- name: external_services - name: external_services
@ -19,6 +19,5 @@
- 9001:9000 - 9001:9000
env: env:
VIRTUAL_HOST: "{{ portainer.domain }}" VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ portainer.domain }}" LETSENCRYPT_HOST: "{{ portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -15,5 +15,5 @@
networks: networks:
- name: postfix - name: postfix
env: env:
ALLOWED_SENDER_DOMAINS: "services.{{ base_domain }}" ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"

View file

@ -1,38 +0,0 @@
---
- name: setup restic backup
docker_compose:
project_name: restic_backup
pull: yes
definition:
version: '3.6'
services:
restic-backup:
image: mazzolino/restic
restart: always
environment:
RUN_ON_STARTUP: "true"
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
RESTIC_BACKUP_ARGS: >-
--tag datacoop-volumes
--exclude='*.tmp'
--verbose
RESTIC_FORGET_ARGS: >-
--keep-last 10
--keep-daily 7
--keep-weekly 5
--keep-monthly 12
TZ: Europe/Copenhagen
volumes:
- /docker-volumes:/mnt/volumes:ro
restic-prune:
image: "mazzolino/restic"
environment:
RUN_ON_STARTUP: "true"
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
TZ: Europe/copenhagen

View file

@ -10,7 +10,7 @@
loop_var: volume loop_var: volume
- name: "set up tt-rss" - name: "set up tt-rss"
docker_compose: docker_service:
project_name: "tt-rss" project_name: "tt-rss"
pull: yes pull: yes
definition: definition:

View file

@ -6,8 +6,8 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}" VIRTUAL_HOST: "{{ ulovliglogning_website.domain }}"
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ ulovliglogning_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"

View file

@ -8,8 +8,8 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}" VIRTUAL_HOST : "{{ data_coop_website.domain }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
@ -22,8 +22,8 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}" VIRTUAL_HOST : "new.{{ data_coop_website.domain }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}" LETSENCRYPT_HOST: "new.{{ data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
@ -36,8 +36,8 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}" VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
@ -50,8 +50,8 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}" VIRTUAL_HOST : "{{ cryptoaarhus_website.domain }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"

View file

@ -1,5 +1,5 @@
--- ---
- name: Install necessary packages via apt - name: Install necessary packages
apt: apt:
name: "{{ packages }}" name: "{{ packages }}"
vars: vars:
@ -9,10 +9,3 @@
- apparmor - apparmor
- haveged - haveged
- name: Install necessary packages via pip
pip:
name: "{{ packages }}"
vars:
packages:
- docker
- docker-compose

View file

@ -2,3 +2,4 @@
- import_tasks: upgrade.yml - import_tasks: upgrade.yml
- import_tasks: base.yml - import_tasks: base.yml
- import_tasks: users.yml - import_tasks: users.yml
- import_tasks: sshd.yml

View file

@ -0,0 +1,6 @@
---
- name: Disallow ssh password login
lineinfile:
path: /etc/ssh/sshd_config
line: "PasswordAuthentication no"
regexp: "^#?PasswordAuthentication "