Compare commits

..

7 commits
master ... gluu

20 changed files with 338 additions and 268 deletions

View file

@ -1,67 +1,58 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
36303830393964636165353932336334643761653732643036303563313439623836626231313739 63333365303665346136333263333734363333616230313931356131633966646263316436356536
6239326131333263383438613161353435393036663162310a646237306461633337383838306139 3565366362616366393362636336383565366531333839620a333939613332646665633236343336
37303434653266303866643162306433636532333131366132366431303766306232653837653463 36633835396234643233643936396565636564343538633838343438353030306433346262393739
6139336230306131660a636165373732313930396632336532366239303766393937386135306235 6339346565653237370a313237653734353130343334306366323633636639383261306166306530
62633837363138323365646235333137646363626430633339376636333838663738316535396161 32326636653937633233353639663035383437636638653932653639373763623433633431643231
66653931666565353337623336636338383035333133643639323739393565396434373734323235 34396237653832616638623137666530326466393966323533313261353030343165636330396631
34306132666430376537643431343362383734343861633332373838383837316266336131353231 62386331323336326665343262363232376131613365393465613334643936326263316137396633
31356665313333343139303337633530643534376338343631396431663937616535306136343266 63336135356264613461616461316630636533373961373263373165356632643738366338373366
36323761653933386231386339666333306331326161306536616238623836306335373930386539 36663432386538323836613665646664313330336363633064373337383764663937316261636661
32326331366435386132393731633664333862656130636632656335353939656638613863633637 38373632316136636337396561373738376466613165653266313434393264646130663938653739
64366662623531333933613566356632383061656165323839623732306331653133393463373465 36393933326231626466613665373964313661663464383735663765336639663436336261613834
61363036613234353962353135366361363537313138626337376138383335633865663237303464 39616239366637373462363934656239653731383063373536363338326161633831343031636565
37373032353066323532313364333863663739613631633230323339346634663733326430343263 61616133333539393464323032636235633934343339356562343234373062353830336138386138
64636331616434343331333065633936313265393739353937396165363337366263393131316661 31393661303930656334343637646335656565303161363033353762623638323537643863643134
34643263343263306235326562663065343438363338326138653066326432646531643764396161 39393539393263313836623161633465386338653336633263633336316431666333393565386435
34343834643134363662373934346463383263636436346433303231656535626664626530326131 64363631316432636637633364646365323838386630626164383266386534316639393961663534
39303231646537316136653932306135303931333762343434623636623436383561353131303163 65666166653737646336303732333063313932336261323631306661613662643334316566666434
63373833656430336365316433663538643634303962623538663362383536613136366230396533 37623463646231346461643839386365333431353738626264663535366635623634653431356463
37363963613532666434653863623030653434303463616638653135666433613030656335396238 32356232383837666466383765353561666236363337666434623335363230363966323362666536
37356632376366383463343736303265326436383435363335333838313264333134653932616465 62646238633632626162363134373036353234393134626636366565353935333339346431316461
31363832656563383035306537376532343934373933306232333631363132616665663433666133 38306430663532396132656663313964346434656462373663616639323234306330666664383166
36643131386134303362373264356437333236663232373035363765303936313162353930353033 38346430613338303136643666613765333636306537346534633162323739343537303039353938
38303864643237323437653463313238613036386461303066353465336230303632613432353661 38613264666339303436353133323763306134343935396230396639623937376634666133393133
36313761303234303363346432666638323865663764623862623165633234363437653964343830 32643832313561613138656633306236383933303365626161373366313265626639383662356634
62656365363538303035326239663264646163366332306332383262356130356436366661383234 65353366613162616366343766333830633930323433643434366635646664636362666636336435
66643832656661623132303562333432656365323836363133373932333732323133383832623939 39343236636166653736623833386333356533326266633131666262353839306538656335643230
37333632623933656336316161376565653363633330646239666266313336306563366462376531 37656430663962333666376138326662376436383736643065316163396264663830356337323339
34623636646439366438316530386334313233613963643634366135373661373138316466313739 31346130613665656438623666363764643466366331303064386237363331383030373036633637
64623835613166616165383463323137303431303035363733366563623934366439323666653633 35323437383066323962353132383462383631633435306530336666623133306636643835653837
65663532343939343334616662366633353231636135346564643034666331616666316561386664 36646438623437333566633663613932616163666137313734666137376565626334323539623637
30636535633432336438663462356232383737393031383431666664303563623932666630653233 33633435303131656538616165643238313433316534616337316464383263633430663662323933
65323932303638653562663734386637323964333331356262346463333065633565386363393064 35323766303564643237316166646539396266633765653266663861653031346139316561326239
37646563366437646330353765623236306561646433636534666438323036373132363036626438 63373939363564353563623836373831303862306637323738396434363166653433323431343837
61393866626236316238326236656164643864343734353438313466633136343931376634366261 65363437623461383936626331636138373035666264363363313034613235643864336365643464
64353631363665366237356566323532306563333937343665393166336535383636303930346362 39306433333131306136313432646464613565346536353430326264363632316661333632343862
38333733306430636436623661653066313936626362373464396138343439376430626162316466 37653138666662663632303535623737633765323731633439323664363834333262326461366463
66623837353763333864663562653166316665363537636537626234666230636665396438313832 36323339643434636134356434353332313639376164373237396562396630353433373136623332
61613330396134666437306162386335613466383231633034393639366533363137613964383135 62366638623664333765323565393464373333366332623065653034626463313336633932316637
35356136393962353262313635343031323638326163336433303066393939646536653033343530 36323465623330643731303561336366303337626432356538643561343162326339643735323061
38303935663038303639616661346664666435393266653663373435363433386461633133343964 61303237306164353339663137386337363166303935363438373733386238636463653536313733
65633532656566613638333266393131653863336563386262643630633164346139383436326463 39363063393739663030376464616661393638333030633061653466396234656530343762346663
62316131363335376336366332323564383036333139386462353933316461346363626465396631 36313664316130643837313364656230386539633330363937333132623363633161376633636134
39616164316463323162616235653365363737373736646331303436303037333536633466303533 33383764356638376135633538646638626130646530386261313964353661656335376230346430
32663335386332663334653734303136333066636234643537393931626333303735386238373763 37383263646463623166633932376335633536383131343664646336326436316637376661396466
33323333646531633964613633356539636538306163303938373638623230396661663538653463 31356461656439306436646264626265356561333264323166303165346565376237663835323536
35396434303634316631376138336530393134353235383637326466306363313462323330623535 35663935393165656365323138346236363161353161333338363632333832636536646139656532
33353335306364323335316336643233386561306134636461336537353838373830373031616636 61633666306433343332343762373061316134396130653635663435396265363933626138353338
62333335616639353436303336653965303132316439316362303931373465376264396139346631 38363331396136343065633631626663306537376461643131636532313931356666633331333231
61393064326433366337613266306263336163393731633165303536636132636638656339373634 61663338313165663734356636323732336434396465316436383961313033313965303833636162
32313637666334313935613564316331396437343335313336666137366133376666306138383163 36333937623130653062613334353438306137653238356635313132666535643131323763636137
62383131616339393534613231616134383562346163343430323261336531306332363736396663 39636462393662633765626238636136636637643335373535653436376666326134376264323539
39643134633838393566643237656663313161326631316437663463653566343238343736656566 39353437303262343664313238306364353964633161366630663233633064313163386338643662
35663231623533323261326162356137646436643766646439663538306661643861356565666434 63303830643230303334336362653639323463336631323663613433336334383962663664303764
38353131363863666439316666353965663531323662376235636533363262353131323166326335 33653635626136633530356435383164383865633333353133346564666531303735643664313530
61656432666130313762376334656434333532636165313834333634646465346234653662393735 63333831343666623364623834396162636439396639343430313064303739636465323937653634
35643138623832646633666366616436323730383066323637316635336134356461353666636164 33333963326131353335326138326530393938353533383832656335623536643064643762636462
30633833313863656237653762373965376638393232376532666361396363303030383138616631 6262
32633739626565383161343065646232636464373538626330636466316337663739376638386337
32383763313064666464623137373036336562633734313663313463386430313838636165313962
31383466363466396337333837626462303434353739343338313137633736313664346239666237
62313462366136313037646264663533323738656138353235646136383334613035383236383865
38666432313761653234636363396361643139353730323237616663323433363463373666613765
31656430326138373434356130626465643733313065366562313566326633653832316265636538
35396164313932356432306639653461343063643666656265333033643863303637313031653134
39636436636333343030333762376463303538626665343434633236353236373765643231383933
3130336364366434306366623062613130616230366633333536

View file

@ -1,27 +0,0 @@
# These are the variables contained in secrets.yml
postgres_passwords:
fider: xxx
nextcloud: xxx
passit: xxx
gitea: xxx
matrix: xxx
codimd: xxx
mailu: xxx
ttrss: xxx
fider_jwt_secret: xxx
ldap_admin_password: xxx
ldap_config_password: xxx
passit_secret_key: xxx
docker_password: xxx
mailu_secret_key: xxx
drone_secrets:
oauth_client_id: xxx
oauth_client_secret: xxx
rpc_shared_secret: xxx

View file

@ -21,11 +21,4 @@ users:
groups: groups:
- sudo - sudo
deni:
comment: Denis Smajlović
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0pB42dtqruXr2Ha8Rdp3QoSrMOLU5cbLMfuNTNmgwPZmprhGGRTAsz8E0aG+5HCFBmW6JxiTGyHGdIZrhYWpKYshxxn4zODfitP7IzDgvg9Pz0Ugw/c5i5eKjkVfw9xLZKjO/H3Ql8R+wFMawpdw7j+Q9G+J3eIidEI6TmSvJVWijBxpLI4qrLceL084qg93XpJENYBOcvx9fYQQ+Es0jo4hmPuHWq5VIkIoIfvVvdhwjlaBsqv2je5BNx8uTMVIyV34ZHpJc95wJ6MOcqpQunW2bR4mGc9FLh67eP2ba9nDoQ0pnnlWGqAIKx5P1ELIg7RM3HhuwfRVh4DxCfjXpMz3l1gr1dA1wVD9bOtzbPWLjo7LNkRcT/loba/jpznTNIEv+kawmm/H0aTZZdlofkGHuX0iOpLV1c1tCDMH1s/MCqwosSRihrXhSOozsABvaaZpJiHcpE4DcNr+xJhe1XrHMqR30KU0r7ulIP8JdhzMNEsq3HxZQh9s8XLIUukrpcpOgJYyGuQK3kG6li5kYbmVqjLDQ1xHi/4r/4TXjJYpsFCZ71SURLzxoF1nauHpBLKcHI3MPFvqr27SQcM92fO14wKDAmAtHINwzMQjlda6B0jFNC+2xUfHrH7yIhwSktytq5qbhiFKK71DSLiMKFvOqoTVWRckO2+Zw1HZB+Q== deni@deni.dk
password: $6$ooKtdqASOxYJN2CJ$ziMrGG/qIOeyiTGjx.hPYjVBlHpzM9YY6qCJB9/L8aR33feUvXxZNBCgME93ZhbwDBjblS/tP796LsCF4i17D.
groups:
- sudo
volume_root_folder: "/docker-volumes" volume_root_folder: "/docker-volumes"

View file

@ -23,11 +23,9 @@
- docker_registry - docker_registry
- drone - drone
- websites - websites
- ulovliglogning-dk
- ouroboros - ouroboros
- mailu - mailu
- portainer - portainer
# - tt-rss
smtp_host: "postfix" smtp_host: "postfix"
smtp_port: "587" smtp_port: "587"

View file

@ -28,7 +28,7 @@ matrix:
volume_folder: "{{ volume_root_folder }}/matrix" volume_folder: "{{ volume_root_folder }}/matrix"
riot: riot:
domain: "riot.{{ base_domain }},element.{{ base_domain }}" domain: "riot.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot" volume_folder: "{{ volume_root_folder }}/riot"
privatebin: privatebin:
@ -49,13 +49,10 @@ docker_registry:
password: "{{ docker_password }}" password: "{{ docker_password }}"
data_coop_website: data_coop_website:
domain: "{{ base_domain }},www.{{ base_domain }}" domain: "{{ base_domain }}"
cryptohagen_website: cryptohagen_website:
domain: "cryptohagen.dk,www.cryptohagen.dk" domain: "cryptohagen.dk"
ulovliglogning_website:
domain: "ulovliglogning.dk,www.ulovliglogning.dk,ulovlig-logning.dk"
drone: drone:
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
@ -72,7 +69,7 @@ portainer:
domain: "portainer.{{ base_domain }}" domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer" volume_folder: "{{ volume_root_folder }}/portainer"
ttrss: gluu:
domain: rss.{{ base_domain }} domain: "gluu.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/tt-rss" volume_folder: "{{ volume_root_folder }}/gluu"

View file

@ -881,7 +881,7 @@ password_config:
# Whether to allow non server admins to create groups on this server # Whether to allow non server admins to create groups on this server
# #
enable_group_creation: true enable_group_creation: false
# If enabled, non server admins can only create groups with local parts # If enabled, non server admins can only create groups with local parts
# starting with this prefix # starting with this prefix

View file

@ -1,7 +1,7 @@
{ {
"default_hs_url": "https://{{ matrix.domain }}", "default_hs_url": "https://{{ matrix.domain }}",
"default_is_url": "https://vector.im", "default_is_url": "https://vector.im",
"brand": "element.data.coop", "brand": "riot.data.coop",
"integrations_ui_url": "https://scalar.vector.im/", "integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api", "integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [ "integrations_widgets_urls": [

View file

@ -3,6 +3,14 @@
docker_network: docker_network:
name: external_services name: external_services
- name: setup network for postfix
docker_network:
name: postfix
ipam_options:
subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup services - name: setup services
include_tasks: "services/{{ item }}.yml" include_tasks: "services/{{ item }}.yml"
with_items: "{{ services }}" with_items: "{{ services }}"

View file

@ -1,51 +1,21 @@
--- ---
- name: set up drone with docker runner - name: Drone container
docker_compose: docker_container:
project_name: drone name: drone
pull: yes image: drone/drone:latest
definition: restart_policy: unless-stopped
version: "3.6"
services:
drone:
container_name: "drone"
image: drone/drone:1
restart: unless-stopped
networks: networks:
- external_services - name: external_services
- drone
volumes: volumes:
- "{{ drone.volume_folder }}:/data" - "{{ drone.volume_folder }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock" - "/var/run/docker.sock:/var/run/docker.sock"
environment: env:
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}" DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}" DRONE_GITEA_ALWAYS_AUTH: "False"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}" DRONE_RUNNER_CAPACITY: "2"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_SERVER_HOST: "{{ drone.domain }}" DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_PROTO: "https" DRONE_SERVER_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
PLUGIN_CUSTOM_DNS: "91.239.100.100" PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}" VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}" LETSENCRYPT_HOST: "{{ drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
drone-runner-docker:
container_name: "drone-runner-docker"
image: "drone/drone-runner-docker:1"
restart: unless-stopped
networks:
- drone
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_RPC_HOST: "{{ drone.domain }}"
DRONE_RPC_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
DRONE_RUNNER_CAPACITY: 2
DRONE_RUNNER_NAME: "data.coop_drone_runner"
networks:
drone:
external_services:
external:
name: external_services

View file

@ -1,13 +1,9 @@
--- ---
- name: gitea network
docker_network:
name: gitea
# old DNS: 138.68.71.153 # old DNS: 138.68.71.153
- name: gitea container - name: gitea container
docker_container: docker_container:
name: gitea name: gitea
image: gitea/gitea:1.12.3 image: gitea/gitea:latest
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: gitea - name: gitea

View file

@ -0,0 +1,235 @@
- name: create gluu volume folders
file:
name: "{{ gluu.volume_folder }}/{{ volume }}"
state: directory
loop:
- "config-init/db"
- "consul/data"
- "opendj/config"
- "opendj/ldif"
- "opendj/logs"
- "opendj/db"
- "opendj/flag"
- "opendj/backup"
- "oxauth/custom"
- "oxauth/custom/pages"
- "oxauth/custom/static"
- "oxauth/lib/ext"
- "oxauth/logs"
- "oxtrust/custom/pages"
- "oxtrust/lib/ext"
- "oxtrust/logs"
- "shared-shibboleth-idp"
- "vault/config:/vault/config"
- "vault/data:/vault/data"
- "vault/logs:/vault/logs"
loop_control:
loop_var: "volume"
- name: set up gluu
docker_service:
project_name: gluu
pull: yes
definition:
version: "2.3"
services:
consul:
image: consul
container_name: consul
command: agent -server -bootstrap -ui
hostname: consul-1
environment:
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
restart: unless-stopped
volumes:
- "{{ gluu.volume_folder }}/consul:/consul/data"
networks:
- "gluu"
labels:
- "SERVICE_IGNORE=yes"
vault:
container_name: vault
image: vault:1.0.1
command: vault server -config=/vault/config
volumes:
- "{{ gluu.volume_folder }}/vault/config:/vault/config"
- "{{ gluu.volume_folder }}/vault/data:/vault/data"
- "{{ gluu.volume_folder }}/vault/logs:/vault/logs"
- "{{ gluu.volume_folder }}/vault/vault_gluu_policy.hcl:/vault/config/policy.hcl"
- "{{ gluu.volume_folder }}/vault/gcp_kms_stanza.hcl:/vault/config/stanza.hcl"
- "{{ gluu.volume_folder }}/vault/gcp_kms_creds.json:/vault/config/creds.json"
cap_add:
- IPC_LOCK
environment:
- VAULT_REDIRECT_INTERFACE=eth0
- VAULT_CLUSTER_INTERFACE=eth0
- VAULT_ADDR=http://0.0.0.0:8200
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
restart: unless-stopped
networks:
- "gluu"
depends_on:
- consul
labels:
- "SERVICE_IGNORE=yes"
registrator:
container_name: registrator
image: gluufederation/registrator:dev
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
volumes:
- /var/run/docker.sock:/tmp/docker.sock
networks:
- "gluu"
restart: unless-stopped
depends_on:
- consul
nginx:
container_name: nginx
image: gluufederation/nginx:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- VIRTUAL_HOST="{{ gluu.domain }}"
- LETSENCRYPT_HOST="{{ gluu.domain }}"
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
ports:
- "80"
- "443"
networks:
- "external_services"
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_IGNORE=yes"
ldap:
container_name: ldap
image: gluufederation/opendj:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_INIT=true
- GLUU_LDAP_INIT_HOST=ldap
- GLUU_LDAP_INIT_PORT=1636
- GLUU_OXTRUST_CONFIG_GENERATION=true
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
# - GLUU_REDIS_URL=redis:6379
# - GLUU_REDIS_TYPE=STANDALONE
# the value must match service name `ldap` because other containers
# use this value as LDAP hostname
- GLUU_CERT_ALT_NAME=ldap
volumes:
- "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config"
- "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif"
- "{{ gluu.volume_folder }}/opendj/logs:/opt/opendj/logs"
- "{{ gluu.volume_folder }}/opendj/db:/opt/opendj/db"
- "{{ gluu.volume_folder }}/opendj/flag:/flag"
- "{{ gluu.volume_folder }}/opendj/backup:/opt/opendj/bak"
networks:
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_IGNORE=yes"
oxauth:
container_name: oxauth
image: gluufederation/oxauth:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=consul
- GLUU_LDAP_URL=ldap:1636
extra_hosts:
- "{{ gluu.domain }}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
- "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
- "{{ gluu.volume_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext"
- "{{ gluu.volume_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs"
networks:
- "gluu"
mem_limit: 1536M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxauth"
- "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_TIMEOUT=5s"
oxtrust:
container_name: oxtrust
image: gluufederation/oxtrust:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
- GLUU_OXAUTH_BACKEND=oxauth:8080
extra_hosts:
- "{{ gluu.domain }}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages"
- "{{ gluu.volume_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static"
- "{{ gluu.volume_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext"
- "{{ gluu.volume_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs"
- "{{ gluu.volume_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
networks:
- "gluu"
mem_limit: 1536M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxtrust"
- "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration"
- "SERVICE_8080_CHECK_INTERVAL=15s"
- "SERVICE_8080_CHECK_TIMEOUT=5s"
oxshibboleth:
container_name: oxshibboleth
image: gluufederation/oxshibboleth:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
extra_hosts:
- "{{gluu.domain}}:85.235.225.231"
volumes:
- "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
networks:
- "gluu"
mem_limit: 1024M
restart: unless-stopped
labels:
- "SERVICE_NAME=oxshibboleth"
- "SERVICE_8086_CHECK_HTTP=/idp"
- "SERVICE_8086_CHECK_INTERVAL=15s"
- "SERVICE_8086_CHECK_TIMEOUT=5s"
oxpassport:
container_name: oxpassport
image: gluufederation/oxpassport:3.1.5_02
environment:
- GLUU_CONFIG_CONSUL_HOST=consul
- GLUU_SECRET_VAULT_HOST=vault
- GLUU_LDAP_URL=ldap:1636
# required by wait-for-it script
- GLUU_OXAUTH_BACKEND=oxauth:8080
- GLUU_OXTRUST_BACKEND=oxtrust:8080
extra_hosts:
- "{{gluu.domain}}:85.235.225.231"
networks:
- "gluu"
restart: unless-stopped
labels:
- "SERVICE_NAME=oxpassport"
- "SERVICE_8090_CHECK_HTTP=/passport"
- "SERVICE_8090_CHECK_INTERVAL=15s"
- "SERVICE_8090_CHECK_TIMEOUT=5s"
networks:
external_services:
external: true
gluu:
name: "gluu"

View file

@ -78,7 +78,6 @@
- "993:993" - "993:993"
- "25:25" - "25:25"
- "587:587" - "587:587"
- "465:465"
networks: networks:
- default - default
- external_services - external_services

View file

@ -77,7 +77,7 @@
matrix_app: matrix_app:
container_name: matrix container_name: matrix
image: matrixdotorg/synapse:v1.18.0 image: matrixdotorg/synapse:v0.99.2
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -88,7 +88,6 @@
- "{{ matrix.volume_folder }}/data:/data" - "{{ matrix.volume_folder }}/data:/data"
environment: environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml" SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
SYNAPSE_CACHE_FACTOR: "2"
SYNAPSE_LOG_LEVEL: "INFO" SYNAPSE_LOG_LEVEL: "INFO"
VIRTUAL_HOST: "{{ matrix.domain }}" VIRTUAL_HOST: "{{ matrix.domain }}"
VIRTUAL_PORT: "8008" VIRTUAL_PORT: "8008"
@ -97,7 +96,7 @@
riot: riot:
container_name: riot_app container_name: riot_app
image: avhost/docker-matrix-riot:v1.7.3 image: avhost/docker-matrix-riot:v1.0.3
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix

View file

@ -21,7 +21,5 @@
LETSENCRYPT_HOST: "{{ netdata.domain }}" LETSENCRYPT_HOST: "{{ netdata.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
PGID: "999" PGID: "999"
labels:
com.ouroboros.enable: "true"

View file

@ -8,7 +8,7 @@
- name: run portainer - name: run portainer
docker_container: docker_container:
name: portainer name: portainer
image: portainer/portainer:1.23.1 image: portainer/portainer
restart_policy: always restart_policy: always
networks: networks:
- name: external_services - name: external_services

View file

@ -1,12 +1,5 @@
--- ---
- name: setup network for postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail - name: setup postfix docker container for outgoing mail
docker_container: docker_container:
name: postfix name: postfix

View file

@ -1,53 +0,0 @@
---
- name: create tt-rss folders
file:
name: "{{ ttrss.volume_folder }}/{{ volume }}"
state: directory
loop:
- "config"
- "db"
loop_control:
loop_var: volume
- name: "set up tt-rss"
docker_service:
project_name: "tt-rss"
pull: yes
definition:
version: "3.6"
services:
ttrss_db:
container_name: "ttrss_db"
image: "postgres:11"
restart: "unless-stopped"
networks:
- "ttrss"
volumes:
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "ttrss"
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
ttrss_app:
container_name: ttrss_app
image: "linuxserver/tt-rss"
restart: unless-stopped
networks:
- ttrss
- external_services
volumes:
- "{{ ttrss.volume_folder }}/config:/config"
environment:
VIRTUAL_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
TZ: "Europe/Copenhagen"
labels:
com.ouroboros.enable: "true"
networks:
external_services:
external:
name: external_services
ttrss:
name: "ttrss"

View file

@ -1,13 +0,0 @@
- name: setup ulovliglogning.dk website docker container
docker_container:
name: ulovliglogning_website
restart_policy: unless-stopped
image: ulovliglogning/ulovliglogning.dk:latest
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ ulovliglogning_website.domain }}"
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

View file

@ -14,20 +14,6 @@
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domain }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
- name: setup cryptohagen.dk website docker container - name: setup cryptohagen.dk website docker container
docker_container: docker_container:
name: cryptohagen_website name: cryptohagen_website

View file

@ -41,7 +41,7 @@ POSTMASTER=admin
TLS_FLAVOR=mail TLS_FLAVOR=mail
# Authentication rate limit (per source IP address) # Authentication rate limit (per source IP address)
AUTH_RATELIMIT=120/minute;1200/hour AUTH_RATELIMIT=10/minute;1000/hour
# Opt-out of statistics, replace with "True" to opt out # Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=False DISABLE_STATISTICS=False