diff --git a/Vagrantfile b/Vagrantfile index 1e462762..589d56cc 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,9 +21,6 @@ Vagrant.configure(2) do |config| ansible.playbook = "playbook.yml" ansible.ask_vault_pass = true ansible.verbose = "v" - ansible.extra_vars = { - base_domain: "datacoop.devel" - } # If the VM is already provisioned, we need to use the new port if provisioned? diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index d53a118f..cbe0bab4 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,141 +1,141 @@ $ANSIBLE_VAULT;1.1;AES256 -35343731613336373363633564396639393230633664336338396164303238316564326663643638 -3365306264343434623836656435653436396636353866620a646336316338373866313362363664 -65363931633031613362383337643038636435303739376131643564633831316435653937353061 -6330306330383865640a643937326634393437313864326361373634373930623464613363663831 -37373230366262323261316134326333663262643764623639306239623066613335616531613662 -32343331313266363630343465376332303862353834653262306536623538383662366562616635 -34636561663366323434356337376261373039353931636139656437346165656663653233333266 -62353961626665636463396566626330383836383030363032303563633466326339626263306165 -31313266636330653933363630396166333339376564333133623237373962386164616332616438 -39623132663766633331306636613532333739613938333435393633386166333335393565633963 -30363165643038623962353762323338306466353031383531623066363632363033383639393537 -31333037626638353830653538373634666432346166373661313531656466383263323262373565 -38383766343030643939633830343332666165643661363631633963393632666632643361656139 -35346131363539613137396465306663363836666662303932646262383231363634373231373333 -34366636346530383736393532646563643139343764333661663033316432386632393139326439 -39303661333732376433663539383662363232313135663838616231343863326631353434326337 -36313335393262663932666365336334396131393362636637653630653965643662626434323736 -65663966306661646131643962336366643235353863646136613463323337663865323262613461 -33363636386665646538333334373564396333316665343566653662666331666236303438343962 -63396164316561363132306237336365313835346663616339666538643033356637633432383331 -64363964356264643038396139383838616131383466666565383131663331336530663832306635 -30643630623861633939646665326262393635626265323261653339646263386334353064393534 -63303464623433333863386136626566336135346561343964323436643739343037383839373332 -34656439333538653461663764323265303064643165663263316164396633623232626535353863 -64643766623032653838306134376131623564363735386531383732346438343932353966333062 -30613166623138333865343735663530346635383162616635326330636161303863626539663166 -31336333643765303635643862666234643538313033663563663034343632653466626661343639 -33656436393738326135363166623633366331633065373633313864353333316131346664353532 -66646239373166376361326664646263616263323632636235353864656438383038663662376164 -37336431306166366561623836373938366336623866653730353861333431383832313039313739 -61616435666236373463616162653732373766336365313930383665363661356565613461373165 -66636537333333633832366234633066366537646138346233313233376135666666336264316435 -64613030323430343764336465353334633836653133343532386435636136336638313162626462 -33363830396462616662313030316166646531643238363130613036666631643737306138326234 -65323763636363393031616633633338653531633639356238316236303264303034623632626261 -36626639633234396230356236643766306232646230623665633866643434313334303265323465 -66386461323563343236633864396562306165616338306334353563656461346464353930646161 -36653064613736346237363362663835656365616334363238376566316137303737316630316363 -65393139313832353461313634393931633761666531316333373762373265613464303365326338 -66393165366334636431353836336535636233336332336664613263613465393235363235623037 -61313037633761366661303663636364346131326334393765646262393863363062333739376466 -65653434336532323365376233646365323537313131306661306363313864326361646432326632 -64383533313833333466313231353863656634623135386631363864363834633035636632366164 -66356539353264633461396132336435353234333132376130616335613136356364643165346537 -62366630363439336432353066323238363233613032343635663731613134393639656535333736 -32623733333866393565366661643030376137646437616336386530363230376637316436313763 -36323532643763363864336634623132343530333531363231383130333064653233363339646136 -35343165623864646530633731373539356665316164653365303965663862313462313362643637 -34633163363833626635613634633938656334366366316266636532613065333436663633656530 -65623561326565643739303931323539643337373736646663363362646139323333346237353731 -32643739626561396664646537376139326339626235336464343964613761396430343461346639 -33326631373030653637393865333837386432333634653066353366613334396639626631653737 -34353831386366636663323761656431663965303561636236366538393261653333396537326461 -31323332613737646364616565393534306131323234633933636638333637623661343334383561 -30323464373365626662323062363135333932666163323235633131303566323964343734383238 -32376435363737373336363363613738366337626162333236643738373266633933363162303833 -37366631343933313934313463363834643835333766663361303335313539363839663231333963 -66326261323631386532346637376132646263303466383330373833633034373933616538306330 -33386334306330346161633131386130636634643531633233376337343637363235356135383366 -31366463323831636438646262613239663830333531386330326131643032653033336339643561 -64636439323065343564306163303134623439343963383136633864623633363364646535666565 -31393564316234343066303664396534386537303364343234303832346331326430386432636332 -38316565346433663639646330393339303530623636386332633666656363376239383535386134 -35376135306461333237383562356162326338363435643133653838343535326535326337376130 -37306462633835666132653466373163613566633863343363653539343239316233616661633532 -64386538363163653963363331623531313237636431343934643136656536323734636261656333 -39636132613431653562393238346565323330656539666230643566633663316239353436383566 -64303535353031636662643062326565313837393932346431326137316337376361363338383533 -34613632323230393233666437346466626232363636636636393836333832633335393734343565 -33333461343530333135663436343333623966363230666330323562363136383166666665333861 -65366436643363383331353361656434336631396437616562303861666263353533313738326138 -33653735333230636437643038633763343063336262386663313237653661346262653834616665 -37343834323937623761386639653736313232323166373561643235336261306430393533376139 -31653132613331626435623333343862393038643364616236626466333338646639663930663436 -66636462646130653537343739646437363130313766636438663130616665333232396331303531 -30373762343531383239653132633363386239643666316166363931326563343633653433383538 -36333733626363626464636435626131653439313862666230393334353938356436376664323961 -62326566646463396536633265333461306430616437646630363239653333643732366430373133 -32323636636161623932376235383430366661636439643565366532376239613366303039376434 -39646437363636633265313838616463383231643030643732306364333161656236303131333533 -62343539613264383830306639303164643233653032616566646163656564356262323065303134 -61613563646538316232353833636536633435336663326262663062663030326234316131353835 -34363564306335356633343438396434363261646665653665633235303932383266393630623238 -31323037336566633035366464386232616561383566343061343031623630383238643433376231 -64633634616133386138326138393138353937363332646637663363363064393065336438303932 -38393139306330396338646233366235316435313838633563353838303832616630633731323535 -31393039306630613734343433633662343831313336616561656136323039333235383733363364 -66383836363239376539316362646232356636336665316664653565653439353932663433346438 -65306365623334656133636332393265643163313939363537323738646664326364343064396337 -37383637383064643763363135386434316664306231376462653066653063313962316231386162 -63343533386262616631333233316330666263656532306466623733343764646361666165393863 -62326435346532623635343535353263626566313061643563613937346562643962386565396439 -62616661626464613366656462353932323732313062363566316562396134346433376237326664 -39333238346464393930653435363336333365323537356531313830626437303736333635356534 -62653766323065373662366162333363343466373135623262663436626438306337333365633633 -37333931623434666564366430666462343162303030643733623637656337393763393437656335 -36393162363765383464316562306532336265373130623566646134666337333133363863373964 -33666437323733396139653436323262383336306561643738366463646461646462333338623662 -30656135343934633335376634326533313663653761656235626165313834356464636535326439 -32343834316433393236353739646663393930663635646366623835633363653662626535366361 -64626561613064646431306634393330333265366530353063653132353735663564326563323961 -39663535346539326165313263383933653633306330303930376336316632636537363437663063 -64376465663634363838623230386139636231353665616165323065633661343339373432373732 -63356130653535303934396335306566646538383938636331333362353534366632663930393732 -37353365343532646137343631383833616430326631323564666361323934383839303130636333 -38653139303663356337376261616463303665623431613963643137356439326162386337326161 -61383434383534353732343733326139313462396432366336653139363466653336626338366365 -31386438333438633465666337393732343533373363646234383265323132303433316135396232 -39373764333863626634343636306533393361643135323531383963366137626464353064613065 -61623063303865646161363432643765323361363364383635646538636232353337636235613861 -36396631383639633263303131383537326464313433663032346230386432633864613335616533 -61373238363930653866643933623561613363333139373135633332643563613838346434623033 -34353161396433663632656633356536323662386332626566393636323463363334613234376137 -38643465656262656236666332383361616164366230323936346565303961333761613136353435 -63643839636464323362396235333738626132393030393737373438393032323931643936306239 -31643537353462626238306563316132663139393635356631373839653462613238323831303537 -33626362636362383530386333343266383061646436353635396230396231343364323631343037 -65663363656463393234313465386233663635626333346132353539366464653532333830326661 -64343136323366346239373737666435366363663237663039636631656266333562376532396661 -35666430626233333166356139613233306536303365313262363366316135326662636166393031 -38356661396232366236303732326666353864353735336161326663623030343766633266623236 -65626237636133626335656663323533386236353164303230313237643130386133613466613933 -31343261356632643265623866373965326561363538326336656561373631373938343334653662 -32616366373839373737393262633064666437303538386363616431386138346439353534623631 -63323063346564646462313034623630396462623565646430363338393239343761396235303863 -31636531323732303230626437363764306631366363643766633734353336373564393731366238 -32623563633661646465396136396462663363376333613434666632383637616133626132616362 -61343032643966323539353033643136616463353563666462313731386261633333623832643439 -38323666666330356538313730306334336433613364313065313761636261363433356438323136 -61343233643138646263626333306265366239613266646663323733636162323332643531643331 -39396433636233366365336166356661623132656261656666386361326164643634366436303737 -61653832373162356634313163363233323964303738366266376665346365396635343332396166 -35393263373732313734353332663238326563366534623131386233633365303664616562386231 -36326138356230663731306339666138343161386331313137313861633039303930623663646333 -65336461653033333332323162363539663366653762303266656366386665396463626265303264 -35666437663966663130633663643861326563336466633133646562383230363332646639616436 -36656137653061303262633736653433343838323666646261386266353735326564386465646334 -34633339336336613531666132633832363838343333353862333136616532613462343364616539 -37363437613236323235383936613763383966366265303731303034373430333936366339323437 -32303537653062663233 +66323763353537626539666332316663373864616237386436666239366561366431396430626530 +3132383163653632383133393861373235623931636136390a353132383763626437373065663430 +64643662393961303936323265343663656431666563653633646532373563663263616634333764 +3766333631343961370a373237343531383863336632373862663435643239353934626637356365 +30666332626666333530656135343866613161643034383634373736636436636166346562666331 +30396437306263363564363862303737646232623266653032343230303965366338623238343134 +61353835663136383531663765653038323762313932313733646338623931353865363933333338 +39336434373137353738316336663038366334663231616263633565613464306439356235656630 +33396331313036623661353464626263393962306638353433343535613964353966313462613235 +36383563386461353036323164353539616135353761346361313363373266393464363864373633 +33636637366235383264353765383438646130373162323730663363303862333564383439633261 +64663961363161623037393830616466366632633661393463303732323365353665373435633537 +66356166336232366438333533616233363465623034623233363438346139656138336631366231 +33383238633532323665306338643562636135396566663537643733393931316131623262373164 +66393062376666383734393334646463616162363935343363303165393665613066306431366164 +64326564393464646664663839373563353966663063396434313362623664613834626636363233 +33343562343539663332346361316330383830623436306362373966366438653534313561366539 +34356166623562396361356161303739613230333663613232663861313331663233326633643530 +64353933626237636435303736623063373463326265633236653366303039313233623837306132 +65366235663666316631623361303634383539396661323232616338386133373330646365303238 +39306431366337333764373965623563383061323364396564366435376163663139346164323231 +63366435343761303562393933313263303265383237616261663838333430333935626563666162 +31363264356333663337313833353239316163643961393131346136633561623037636130353166 +38646239623433613031646465326431623461383036356266643534346430363033316230656662 +39643636383863336436363134633336613638356635623035313766633335323731343837393536 +31343861336237356234633366643932323366653461373636646131393935656162613238343263 +32333962333239643733333363303233633333383733336262373463623935663531313830653935 +32346334393463636465383738306163326464373961376436663264356165306463353861306361 +37356134346135633137643634656432633366643761616433393239363831323335356639343337 +37623330363333356466636637336563303465343738363638663837653534303364663935313463 +36653333376233343637346365666364393237306531626165333966393663633165356339663765 +66663361643533616539653833303562373834663932626539383363653338636362383633623534 +36653666343835663530393665383863393133353261616139616362353062623137393565323634 +35356163323432303435626336353866303836623064366464336161636162343862333761343030 +64613165646362643366373730643665303261323635313632353439353736376565333662653437 +38396438366539383765653635326265633535363738323835636563666663386435633331616239 +36313166363138653531373061633966633337643530623333646537383231336639343932653634 +32393335636534333963663035303236356436393637363030313031353832623432656233376430 +64333563333433373334643530366164353765346138303730663561356335613239333136326237 +63356566663033313363646664643639386366383765646230343632623061626334623564613338 +34313633326565353839396164663536613561643232353736303336613864313330323638356364 +30633335323438613636343964323431366364633031643235636330623935363266623939336631 +63393733396332636335366539333939383831663039313933343336663539323435373963666131 +33343638303537636134666236616566356234393031343461376439363133393834363565313065 +63333638393236663538616436386164303732383539393261633135643930643435636637373736 +64653333656235656161303166336233393864386263363330643264636263303563636463316364 +65396231393531343265663234366530396665333830343434316433303361333539303734383934 +35383936363435393231353532613534396231366630366461346235613436373537656335393966 +35666661633364326336666238346261616334303936613864633936613130333030343334396235 +30623136343934633636613062353230323961376639373033386132316132623932343432356266 +31333037656630333761633236303136633235636138653133363430613963393738383032643737 +36363037353630643137396661393736383035663963653465613437663865393565626438353264 +61646330343730656539373866363666393636373962366131306264313364366530653035373031 +61306461323038353261353430323133386135623433306564326237643334326264643932316434 +61623066323935373761616463636537666133303863333161393361626661623632656637336639 +36383538346633393265323130633037616364613934376337326566656237373363393738386366 +36386335646432646234336137623663336637323461663538316232656130633863336330383363 +34646530353539336432633165353039663338653139396365373664393030663164666432313265 +63396563306138383166396366616638373631616637633330666463343035333633346437393664 +64353736626432393632643263616139653131663264313466306664616437323739613936653839 +36653366396336376430623962373361343762363465373133663739313536323263633164373230 +35613466643839643831623138393137316661386234336131633763303731393663373364616131 +36383834633738326234663765383662383832323465383534353834633461333265656539633238 +64646665323938613735366165353361356236636163626535376131303464353365366234646438 +65316531356239663838323130393061646562653464633230353337316133333036626161336432 +66303438633139333964633766366262333235303262653733383934313638343336633566666338 +31633132653738326439326439616630323636666361646634663334366566396234633065626162 +38643565353738616232666330326365633264646637623836323761343866336635393436336331 +33663830643934633163353438343436303030343531666335326236376564333466343163643430 +35393031333834366335656431313033643936313839316431396333386135663761633562626163 +39366438393532363430326432356135356532646162306333663163613031336136353132656538 +31653762386538656663346263663531653063626463326534636337303639303561626334633935 +65666139663461343466643861393762316330316431613765653239316537616434626535396139 +35376434356533656336623839656138386565303266396532303665346264623034643664656137 +62633064356566366438626331633933373630363164373434613233386535633532653130376436 +34353336633966313365373439623633353364393838343335306665383361323766353431393662 +31356533333834383832333031386365316461376563646561646333313063393532303162393231 +61336165663938363437396564626430376362353736623232653430613464626234326234663335 +37373633306533363830353662633038306139626136663839383631623230396333313937653733 +39313163316161326263306530353465336363626530333966343934373866303664316536363466 +33343766393561643864366665353239366336323335656665303735326633323432333938323862 +66656230373937396465323731616133336533383966353564663364303538613362313139343865 +64383233613038626437613162663232373666363062373531373331343237306135333230303636 +31626537633637653961666638393330643932656234316363323339353930303738346336646266 +63346234333833376563656264383834363630613932306262376666356663613831393732636532 +64333638616364633965383034356232373065333232623961643239326565623063386339303064 +64653162663239376335383732383838386631333837323238393366363836373463656639646261 +32616238363463333339393138303333326461666663303238343839376632323539396235373766 +66356464393739616138346235643564386664393130613336343235633531646530306236616361 +61656465666566336132383035393636356134633131666438363661646364323764373961343864 +33613963343961626665353733356432346439646638643939626562326364386533366135306433 +34343961323537333233383633343635383436363232666166336131323262613135393532616161 +38633635646563646563303262383461333439653562383564303261303033376337343831343431 +35343632633138626364313433656364613439633531343136316436613231373233326362663736 +33323664306430336235666238336631303735626630336139353764643366353931306437653039 +34383433323662306164363462333934333463646136386564323764663862366235373632666662 +30386266373830636664613332353265366164353035306232353230393838303363613666396539 +66386663366439373566396334653335633662323230656132666631306432663836616462346264 +63346338666337663062626532353835316135616661323563636662333238653933613530313765 +30303864653037393131626631633338326235656632656339326463383061393635346333373730 +65386631336462363436346166366130383235396664303631383065666566343461393838633739 +63636334333462666131393430663335383466313762666134393062373238653730633864323137 +66643639383265656338323063356463626531346561336164656364633733343731373833376261 +33616663323837333266646635393564383439613630336566383336313036333933333230666230 +34646334306666626138333233343332366237646165636538326264663635373438656431636435 +35666334323035663933333764313564393536663335336561343734343662623939336531303235 +64393333313962333737616639663234393833633332643430326163323865613632663463346635 +35326632626363346536663563616334663366613734616562626165376335613165306531303932 +65623031386563326665303536646531306235613034336263393436363536303565656138303931 +30663237306161626130653663663365323030613635343563653465386561626361353532643737 +36626466626234376462373732653936326363376639613563653361366339363538383431383136 +61303134333665393039633263323238623539653233323732363163353762623730306366306134 +65663661633331393137396661313530663638383236656333393638356164643537663935343063 +34383039363832623663323661663530303534636635653631393536653837333766616161623839 +38383830326266353362613232643036393365633261333933363931313830666537363338633337 +66303166393430653263646338653539316234613432373763393664636631383737306236643431 +33396234386562346165346239343838323133653461646165643538666231323561376166393231 +39333534393961656234373235616332306639373764653164393232363535646239383432343963 +36343134363631626434323335303136346536393266363735316437333165366538373535333866 +36626537636465376533616130363564626238356162623539316133306663333763393033333663 +63383462643938373262643435623132653730346564383537633537303034326366616661393062 +31316532383035383632633535303564626238613438653265366261663033326463316366656266 +65636462323832353565383334646239393636323635623230343537646338613861633532343962 +36616432653936356266626533383433376663373838653533366631386262353337383236373166 +33373139323765326135356431613235346431623931333362663463646630336332616337333535 +34336130366564303136653933303233663538353561396430313937363536663961333431323435 +35316537393462316334366163346663623933653861376637336338383837303233623434353238 +34383866636361333061393630376431323165353036373435646566326461333737313038656135 +31623466316339353463393165626236333763396434396638646461393434353132373030613633 +32393032353730656562666431383236653461656566643332363034636134653737343537306136 +65316437376265323439326234653363353336343631363630613533303837313535306666313461 +63623339383432353739616664396666336638316131653133363066633461646336356636376534 +34663730666436613733336439653031306561616263373235346461306335616166303637343462 +38663364636536663764383164306436373563346562643038613065336366363939376136646332 +65353261346434316534313766633139623937366265316130646138656535303031626230326463 +32653530613139313534316132653531613438313339333163376665666539313661663430353336 +32663930326561646536393232393730386464643364366130356464633934316261643435303734 +39363666333362396266343331633266653539343862386535363736333363623035353866363335 +64626339313631306266373338323163393632353433643036353762396162666562653831623235 +39373332626536323866 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 8dfc4bdc..cc8dd427 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -7,7 +7,7 @@ services: postfix: file: postfix.yml domain: "smtp.{{ base_domain }}" - version: "v3.5.1" + version: "v3.5.1-alpine" nginx_proxy: file: nginx_proxy.yml @@ -42,6 +42,7 @@ services: domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" version: "20.0" + allowed_sender_domain: true restic: file: restic_backup.yml @@ -117,6 +118,16 @@ services: - "{{ base_domain }}" - "www.{{ base_domain }}" + new_data_coop_website: + file: websites/new.data.coop.yml + domain: "new.{{ base_domain }}" + version: hugo + + slides_2022_website: + file: websites/2022.slides.data.coop.yml + domain: "2022.slides.{{ base_domain }}" + version: latest + cryptohagen_website: file: websites/cryptohagen.dk.yml domains: @@ -144,7 +155,7 @@ services: mailu: file: mailu.yml - version: 1.6 + version: 1.9 domain: "mail.{{ base_domain }}" dns: 192.168.203.254 subnet: 192.168.203.0/24 @@ -161,16 +172,20 @@ services: file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" - version: a21f92bf74308d66cfcd545d49b81eba0211a222 + version: ac55701890cd866ee946deb25e2b2839fb14900e allowed_sender_domain: true pinafore: file: pinafore.yml domain: "pinafore.{{ base_domain }}" - version: v2.4.0 + version: v2.5.0 membersystem: file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" allowed_sender_domain: true + + watchtower: + file: watchtower.yml + version: amd64-1.5.1 diff --git a/roles/docker/files/configs/vhost-www b/roles/docker/files/configs/vhost-www new file mode 100644 index 00000000..2ced9695 --- /dev/null +++ b/roles/docker/files/configs/vhost-www @@ -0,0 +1,2 @@ +server_name www.data.coop; +return 301 $scheme://data.coop$request_uri; diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index a54eaa15..148ff671 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -18,9 +18,13 @@ - name: install docker python bindings pip: - executable: "pip3" - name: "docker-compose" + executable: pip3 + name: "{{ packages }}" state: present + vars: + packages: + - docker + - docker-compose - name: create folder structure for bind mounts file: diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index c1119c78..745f040b 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -1,5 +1,4 @@ --- - - name: create mailu volume folders file: name: "{{ services.mailu.volume_folder }}/{{ volume }}" @@ -7,13 +6,19 @@ loop: - redis - certs - - overrides - data - dkim - mail + - mailqueue - filter - - dav + - postgres - webmail + - overrides + - overrides/nginx + - overrides/dovecot + - overrides/postfix + - overrides/rspamd + - overrides/rainloop loop_control: loop_var: volume @@ -45,22 +50,27 @@ definition: version: '3.6' services: + postgres: + image: postgres:14-alpine + restart: always + environment: + POSTGRES_DB: mailu + POSTGRES_USER: mailu + POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}" + volumes: + - "{{ services.mailu.volume_folder }}/postgres:/var/lib/postgresql/data" + dns: + - "{{ services.mailu.dns }}" + redis: image: redis:alpine restart: always volumes: - "{{ services.mailu.volume_folder }}/redis:/data" - - database: - image: mailu/postgresql:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder}}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/data/psql_db:/data" - - "{{ services.mailu.volume_folder }}/data/psql_backup:/backup" - networks: - - default - - external_services + depends_on: + - resolver + dns: + - "{{ services.mailu.dns }}" front: image: mailu/nginx:{{ services.mailu.version }} @@ -72,7 +82,7 @@ LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" volumes: - "{{ services.mailu.volume_folder }}/certs:/certs" - - "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides" + - "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides:ro" expose: - "80" ports: @@ -101,6 +111,9 @@ - "{{ services.mailu.volume_folder }}/dkim:/dkim" depends_on: - redis + - resolver + dns: + - "{{ services.mailu.dns }}" imap: image: mailu/dovecot:{{ services.mailu.version }} @@ -108,16 +121,20 @@ env_file: "{{ services.mailu.volume_folder}}/mailu.env" volumes: - "{{ services.mailu.volume_folder }}/mail:/mail" - - "{{ services.mailu.volume_folder }}/overrides:/overrides" + - "{{ services.mailu.volume_folder }}/overrides/dovecot:/overrides:ro" depends_on: - front + - resolver + dns: + - "{{ services.mailu.dns }}" smtp: image: mailu/postfix:{{ services.mailu.version }} restart: always env_file: "{{ services.mailu.volume_folder}}/mailu.env" volumes: - - "{{ services.mailu.volume_folder }}/overrides:/overrides" + - "{{ services.mailu.volume_folder }}/mailqueue:/queue" + - "{{ services.mailu.volume_folder }}/overrides/postfix:/overrides:ro" depends_on: - front - resolver @@ -126,12 +143,12 @@ antispam: image: mailu/rspamd:{{ services.mailu.version }} + hostname: antispam restart: always env_file: "{{ services.mailu.volume_folder}}/mailu.env" volumes: - "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd" - - "{{ services.mailu.volume_folder }}/dkim:/dkim" - - "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d" + - "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d:ro" depends_on: - front - resolver @@ -139,13 +156,14 @@ - "{{ services.mailu.dns }}" webmail: - image: mailu/rainloop:1.6 + image: mailu/rainloop:{{ services.mailu.version }} restart: always env_file: "{{ services.mailu.volume_folder}}/mailu.env" volumes: - "{{ services.mailu.volume_folder }}/webmail:/data" + - "{{ services.mailu.volume_folder }}/overrides/rainloop:/overrides:ro" depends_on: - - front + - imap - resolver dns: - "{{ services.mailu.dns }}" diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 666c5447..34f302d4 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -36,11 +36,6 @@ src: files/configs/riot/riot.im.conf dest: "{{ services.riot.volume_folder }}/data/riot.im.conf" -- name: upload vhost config for root domain - template: - src: files/configs/matrix/vhost-root - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}" - - name: upload vhost config for matrix domain template: src: files/configs/matrix/vhost-matrix diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml index 4fc4bf55..0fe285d4 100644 --- a/roles/docker/tasks/services/watchtower.yml +++ b/roles/docker/tasks/services/watchtower.yml @@ -2,12 +2,12 @@ - name: watchtower container docker_container: name: watchtower - image: containrrr/watchtower:amd64-1.5.1 + image: containrrr/watchtower:{{ services.watchtower.version }} restart_policy: unless-stopped networks: - name: external_services env: - WATCHTOWER_POLL_INTERVAL: 60 + WATCHTOWER_POLL_INTERVAL: "60" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/root/.docker/config.json:/config.json:ro" diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml index 59953c07..b4a51e1d 100644 --- a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml +++ b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml @@ -1,19 +1,17 @@ --- - - name: setup 2022.slides.data.coop website using unipi docker_container: name: 2022.slides.data.coop_website - image: docker.data.coop/unipi:latest + image: docker.data.coop/unipi:{{ services.slides_2022_website.version }} restart_policy: unless-stopped purge_networks: yes networks: - name: external_services env: - VIRTUAL_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}" + VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}" + LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - # Temporarily hosting on github - command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022" + command: "--remote=https://git.data.coop/data.coop/slides.git#slides2022" capabilities: - NET_ADMIN devices: diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index 48d97f4e..ba1c091c 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -1,4 +1,13 @@ --- +- name: Upload vhost config for root domain + copy: + src: files/configs/matrix/vhost-root + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}" + +- name: Upload vhost config for WWW domain + copy: + src: files/configs/vhost-www + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}" - name: setup data.coop website docker container docker_container: diff --git a/roles/docker/tasks/services/websites/new-new.data.coop.yml b/roles/docker/tasks/services/websites/new-new.data.coop.yml deleted file mode 100644 index 26c213fb..00000000 --- a/roles/docker/tasks/services/websites/new-new.data.coop.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: setup new-new data.coop website using unipi - docker_container: - name: new-new.data.coop_website - image: docker.data.coop/unipi:latest - restart_policy: unless-stopped - purge_networks: yes - networks: - - name: external_services - env: - VIRTUAL_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - # The ssh-key is for read-only only - command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI" - capabilities: - - NET_ADMIN - devices: - - "/dev/net/tun" diff --git a/roles/docker/tasks/services/websites/new.data.coop.yml b/roles/docker/tasks/services/websites/new.data.coop.yml index 7e536ff7..153f4650 100644 --- a/roles/docker/tasks/services/websites/new.data.coop.yml +++ b/roles/docker/tasks/services/websites/new.data.coop.yml @@ -1,13 +1,12 @@ --- - - name: setup new data.coop website using hugo docker_container: name: new.data.coop_website - image: docker.data.coop/data-coop-website:hugo + image: docker.data.coop/data-coop-website:{{ services.new_data_coop_website.version }} restart_policy: unless-stopped networks: - name: external_services env: - VIRTUAL_HOST : "new.{{ services.data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "new.{{ services.data_coop_website.domains|join(',') }}" + VIRTUAL_HOST : "{{ services.new_data_coop_website.domain }}" + LETSENCRYPT_HOST: "{{ services.new_data_coop_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/templates/mailu.env.j2 b/roles/docker/templates/mailu.env.j2 index 52a48652..aee7777e 100644 --- a/roles/docker/templates/mailu.env.j2 +++ b/roles/docker/templates/mailu.env.j2 @@ -1,8 +1,6 @@ # Mailu main configuration file # -# Generated for compose flavor -# -# This file is autogenerated by the configuration management wizard. +# This file is autogenerated by the configuration management wizard for compose flavor. # For a detailed list of configuration variables, see the documentation at # https://mailu.io @@ -10,21 +8,9 @@ # Common configuration variables ################################### -# Set this to the path where Mailu data and configuration is stored -# This variable is now set directly in `docker-compose.yml by the setup utility -# ROOT=/mailu - -# Mailu version to run (1.0, 1.1, etc. or master) -#VERSION=1.6 - # Set to a randomly generated 16 bytes string SECRET_KEY={{ mailu_secret_key }} -# Address where listening ports should bind -# This variables are now set directly in `docker-compose.yml by the setup utility -# PUBLIC_IPV4= 127.0.0.1 (default: 127.0.0.1) -# PUBLIC_IPV6= ::1 (default: ::1) - # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) SUBNET={{ services.mailu.subnet }} @@ -40,8 +26,11 @@ POSTMASTER=admin # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) TLS_FLAVOR=mail -# Authentication rate limit (per source IP address) -AUTH_RATELIMIT=120/minute;1200/hour +# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6) +AUTH_RATELIMIT_IP=1200/hour + +# Authentication rate limit per user (regardless of the source-IP) +AUTH_RATELIMIT_USER=100/day # Opt-out of statistics, replace with "True" to opt out DISABLE_STATISTICS=True @@ -57,13 +46,10 @@ ADMIN=true WEBMAIL=rainloop # Dav server implementation (value: radicale, none) -WEBDAV=radicale +WEBDAV=none # Antivirus solution (value: clamav, none) -#ANTIVIRUS=clamav - -#Antispam solution -ANTISPAM=none +ANTIVIRUS=none ################################### # Mail settings @@ -74,6 +60,9 @@ ANTISPAM=none # Max attachment size will be 33% smaller MESSAGE_SIZE_LIMIT=50000000 +# Message rate limit (per user) +MESSAGE_RATELIMIT=200/day + # Networks granted relay permissions # Use this with care, all hosts in this networks will be able to send mail without authentication! RELAYNETS= @@ -98,11 +87,14 @@ WELCOME_SUBJECT=Welcome to your new email account WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly! # Maildir Compression -# choose compression-method, default: none (value: bz2, gz) +# choose compression-method, default: none (value: gz, bz2, lz4, zstd) COMPRESSION= # change compression-level, default: 6 (value: 1-9) COMPRESSION_LEVEL= +# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. +# FULL_TEXT_SEARCH=off + ################################### # Web settings ################################### @@ -135,17 +127,16 @@ WEBSITE=https://{{ services.mailu.domain }} # LOG_DRIVER=json-file # Docker-compose project name, this will prepended to containers names. -COMPOSE_PROJECT_NAME=mailu +COMPOSE_PROJECT_NAME=mail_server -# Default password scheme used for newly created accounts and changed passwords -# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) -PASSWORD_SCHEME=BLF-CRYPT +# Number of rounds used by the password hashing scheme +CREDENTIAL_ROUNDS=12 # Header to take the real ip from -REAL_IP_HEADER= +REAL_IP_HEADER=X-Forwarded-For # IPs for nginx set_real_ip_from (CIDR list separated by commas) -REAL_IP_FROM= +REAL_IP_FROM={{ services.mailu.subnet }} # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) REJECT_UNLISTED_RECIPIENT= @@ -153,8 +144,15 @@ REJECT_UNLISTED_RECIPIENT= # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) LOG_LEVEL=WARNING +# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Copenhagen + ################################### # Database settings ################################### DB_FLAVOR=postgresql +DB_USER=mailu DB_PW={{ postgres_passwords.mailu }} +DB_HOST=postgres +DB_NAME=mailu + diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 63e452c6..3289b2c8 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -14,11 +14,3 @@ apt: name: srvadmin-all when: not vagrant - -- name: Install necessary packages via pip - pip: - name: "{{ packages }}" - vars: - packages: - - docker - - docker-compose