Merge branch 'main' into watchtower
This commit is contained in:
commit
1356aa54c8
111
.ansible-lint
Normal file
111
.ansible-lint
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
# .ansible-lint
|
||||||
|
|
||||||
|
profile: null # min, basic, moderate,safety, shared, production
|
||||||
|
|
||||||
|
# exclude_paths included in this file are parsed relative to this file's location
|
||||||
|
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||||
|
# option are parsed relative to the CWD of execution.
|
||||||
|
exclude_paths:
|
||||||
|
- .cache/ # implicit unless exclude_paths is defined in config
|
||||||
|
- .github/
|
||||||
|
- test/fixtures/formatting-before/
|
||||||
|
- test/fixtures/formatting-prettier/
|
||||||
|
# parseable: true
|
||||||
|
# quiet: true
|
||||||
|
# strict: true
|
||||||
|
# verbosity: 1
|
||||||
|
|
||||||
|
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||||
|
mock_modules:
|
||||||
|
- zuul_return
|
||||||
|
# note the foo.bar is invalid as being neither a module or a collection
|
||||||
|
- fake_namespace.fake_collection.fake_module
|
||||||
|
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||||
|
mock_roles:
|
||||||
|
- mocked_role
|
||||||
|
- author.role_name # old standalone galaxy role
|
||||||
|
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||||
|
|
||||||
|
# Enable checking of loop variable prefixes in roles
|
||||||
|
loop_var_prefix: "{role}_"
|
||||||
|
|
||||||
|
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||||
|
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||||
|
# to skip_list.
|
||||||
|
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||||
|
|
||||||
|
use_default_rules: true
|
||||||
|
# Load custom rules from this specific folder
|
||||||
|
# rulesdir:
|
||||||
|
# - ./rule/directory/
|
||||||
|
|
||||||
|
# Ansible-lint completely ignores rules or tags listed below
|
||||||
|
skip_list:
|
||||||
|
- skip_this_tag
|
||||||
|
|
||||||
|
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||||
|
# You must enable opt-in rules by listing each rule 'id' below.
|
||||||
|
enable_list:
|
||||||
|
- empty-string-compare # opt-in
|
||||||
|
- no-log-password # opt-in
|
||||||
|
- no-same-owner # opt-in
|
||||||
|
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||||
|
# library is missing. Normally its absence just skips using that rule.
|
||||||
|
- yaml
|
||||||
|
# Report only a subset of tags and fully ignore any others
|
||||||
|
# tags:
|
||||||
|
# - jinja[spacing]
|
||||||
|
|
||||||
|
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||||
|
warn_list:
|
||||||
|
- skip_this_tag
|
||||||
|
- experimental # experimental is included in the implicit list
|
||||||
|
# - role-name
|
||||||
|
# - yaml[document-start] # you can also use sub-rule matches
|
||||||
|
|
||||||
|
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||||
|
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||||
|
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||||
|
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||||
|
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||||
|
# write_list:
|
||||||
|
# - all
|
||||||
|
|
||||||
|
# Offline mode disables installation of requirements.yml
|
||||||
|
offline: false
|
||||||
|
|
||||||
|
# Return success if number of violations compared with previous git
|
||||||
|
# commit has not increased. This feature works only in git
|
||||||
|
# repositories.
|
||||||
|
progressive: false
|
||||||
|
|
||||||
|
# Define required Ansible's variables to satisfy syntax check
|
||||||
|
extra_vars:
|
||||||
|
foo: bar
|
||||||
|
multiline_string_variable: |
|
||||||
|
line1
|
||||||
|
line2
|
||||||
|
complex_variable: ":{;\t$()"
|
||||||
|
|
||||||
|
# Uncomment to enforce action validation with tasks, usually is not
|
||||||
|
# needed as Ansible syntax check also covers it.
|
||||||
|
# skip_action_validation: false
|
||||||
|
|
||||||
|
# List of additional kind:pattern to be added at the top of the default
|
||||||
|
# match list, first match determines the file kind.
|
||||||
|
kinds:
|
||||||
|
# - playbook: "**/examples/*.{yml,yaml}"
|
||||||
|
# - galaxy: "**/folder/galaxy.yml"
|
||||||
|
# - tasks: "**/tasks/*.yml"
|
||||||
|
# - vars: "**/vars/*.yml"
|
||||||
|
# - meta: "**/meta/main.yml"
|
||||||
|
- yaml: "**/*.yaml-too"
|
||||||
|
|
||||||
|
# List of additional collections to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_collections:
|
||||||
|
# - example_ns.example_collection
|
||||||
|
|
||||||
|
# List of additions modules to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_modules:
|
||||||
|
# - example_module
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@ playbook.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
|
.idea/
|
||||||
|
venv/
|
||||||
|
|
14
.pre-commit-config.yaml
Normal file
14
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
repos:
|
||||||
|
|
||||||
|
#- repo: https://github.com/semaphor-dk/dansabel
|
||||||
|
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||||
|
# hooks:
|
||||||
|
# - id: dansabel
|
||||||
|
|
||||||
|
- repo: https://github.com/ansible/ansible-lint
|
||||||
|
rev: v6.9.0
|
||||||
|
hooks:
|
||||||
|
- id: ansible-lint
|
||||||
|
files: \.(yaml|yml)$
|
||||||
|
additional_dependencies:
|
||||||
|
- ansible
|
12
Makefile
Normal file
12
Makefile
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||||
|
|
||||||
|
create_venv:
|
||||||
|
python3 -m venv venv
|
||||||
|
venv/bin/pip install -U pip
|
||||||
|
venv/bin/pip install ansible pre-commit
|
||||||
|
|
||||||
|
install_pre_commit:
|
||||||
|
venv/bin/pre-commit install
|
||||||
|
|
||||||
|
install_ansible_galaxy_modules:
|
||||||
|
venv/bin/ansible-galaxy collection install community.general
|
13
deploy.sh
13
deploy.sh
|
@ -2,8 +2,13 @@
|
||||||
|
|
||||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||||
|
|
||||||
|
if [ "$1" = "--vagrant" ]; then
|
||||||
|
BASE_CMD="$BASE_CMD --inventory=vagrant_host"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||||
echo "Installing community modules"
|
echo "Installing community.general modules"
|
||||||
ansible-galaxy collection install community.general
|
ansible-galaxy collection install community.general
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -17,12 +22,14 @@ else
|
||||||
echo "Deploying all services!"
|
echo "Deploying all services!"
|
||||||
$BASE_CMD --tags setup_services
|
$BASE_CMD --tags setup_services
|
||||||
else
|
else
|
||||||
echo "Deploying services: $2"
|
echo "Deploying service: $2"
|
||||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
$BASE_CMD --tags setup_services --extra-vars "single_service=$2"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
"base")
|
"base")
|
||||||
$BASE_CMD --tags base_only
|
$BASE_CMD --tags base_only
|
||||||
;;
|
;;
|
||||||
|
*)
|
||||||
|
echo "Command \"$1\" not found!"
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
25
playbook.yml
25
playbook.yml
|
@ -10,31 +10,6 @@
|
||||||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
services:
|
|
||||||
- nginx-proxy
|
|
||||||
- postfix
|
|
||||||
- openldap
|
|
||||||
- keycloak
|
|
||||||
- restic-backup
|
|
||||||
- nextcloud
|
|
||||||
- passit
|
|
||||||
- gitea
|
|
||||||
- matrix_riot
|
|
||||||
- privatebin
|
|
||||||
- codimd
|
|
||||||
- hedgedoc
|
|
||||||
- netdata
|
|
||||||
- docker_registry
|
|
||||||
- drone
|
|
||||||
- websites
|
|
||||||
- ulovliglogning-dk
|
|
||||||
- watchtower
|
|
||||||
- mailu
|
|
||||||
- portainer
|
|
||||||
- mastodon
|
|
||||||
- rallly
|
|
||||||
- membersystem
|
|
||||||
|
|
||||||
smtp_host: "postfix"
|
smtp_host: "postfix"
|
||||||
smtp_port: "587"
|
smtp_port: "587"
|
||||||
|
|
||||||
|
|
|
@ -1,122 +1,169 @@
|
||||||
---
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
|
|
||||||
nginx:
|
services:
|
||||||
|
|
||||||
|
### Internal services ###
|
||||||
|
postfix:
|
||||||
|
file: postfix.yml
|
||||||
|
version: "v3.5.1"
|
||||||
|
|
||||||
|
nginx_proxy:
|
||||||
|
file: nginx_proxy.yml
|
||||||
|
version: "1.0-alpine"
|
||||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||||
|
|
||||||
ldap:
|
nginx_acme_companion:
|
||||||
|
version: "2.2"
|
||||||
|
|
||||||
|
openldap:
|
||||||
|
file: openldap.yml
|
||||||
domain: "ldap.{{ base_domain }}"
|
domain: "ldap.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
|
version: "1.5.0"
|
||||||
|
|
||||||
nextcloud:
|
phpldapadmin:
|
||||||
domain: "cloud.{{ base_domain }}"
|
version: "0.9.0"
|
||||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
|
||||||
|
|
||||||
gitea:
|
netdata:
|
||||||
domain: "git.{{ base_domain }}"
|
file: netdata.yml
|
||||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
|
||||||
|
|
||||||
passit:
|
|
||||||
domain: "passit.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/passit"
|
|
||||||
|
|
||||||
matrix:
|
|
||||||
domain: "matrix.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
|
||||||
|
|
||||||
riot:
|
|
||||||
domains:
|
|
||||||
- "riot.{{ base_domain }}"
|
|
||||||
- "element.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/riot"
|
|
||||||
|
|
||||||
privatebin:
|
|
||||||
domain: "paste.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
|
||||||
|
|
||||||
codimd:
|
|
||||||
domain: "oldpad.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
|
||||||
|
|
||||||
hedgedoc:
|
|
||||||
domain: "pad.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
|
||||||
|
|
||||||
netdata:
|
|
||||||
domain: "netdata.{{ base_domain }}"
|
domain: "netdata.{{ base_domain }}"
|
||||||
|
version: "v1"
|
||||||
|
|
||||||
docker_registry:
|
portainer:
|
||||||
|
file: portainer.yml
|
||||||
|
domain: "portainer.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
|
version: "2.16.2"
|
||||||
|
|
||||||
|
keycloak:
|
||||||
|
file: keycloak.yml
|
||||||
|
domain: sso.{{ base_domain }}
|
||||||
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
|
version: "20.0"
|
||||||
|
|
||||||
|
restic:
|
||||||
|
file: restic_backup.yml
|
||||||
|
user: "datacoop"
|
||||||
|
domain: "restic.cannedtuna.org"
|
||||||
|
repository: "datacoop-hevonen"
|
||||||
|
version: "1.6.0"
|
||||||
|
disabled_in_vagrant: true
|
||||||
|
|
||||||
|
docker_registry:
|
||||||
|
file: docker_registry.yml
|
||||||
domain: "docker.{{ base_domain }}"
|
domain: "docker.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||||
username: "docker"
|
username: "docker"
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
|
version: "2"
|
||||||
|
|
||||||
data_coop_website:
|
### External services ###
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
file: nextcloud.yml
|
||||||
|
domain: "cloud.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
|
version: 25-apache
|
||||||
|
|
||||||
|
gitea:
|
||||||
|
file: gitea.yml
|
||||||
|
domain: "git.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||||
|
version: 1.17
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
passit:
|
||||||
|
file: passit.yml
|
||||||
|
domain: "passit.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
|
version: stable
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
matrix:
|
||||||
|
file: matrix_riot.yml
|
||||||
|
domain: "matrix.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
|
version: v1.63.1
|
||||||
|
|
||||||
|
riot:
|
||||||
|
domains:
|
||||||
|
- "riot.{{ base_domain }}"
|
||||||
|
- "element.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/riot"
|
||||||
|
version: v1.11.8
|
||||||
|
|
||||||
|
privatebin:
|
||||||
|
file: privatebin.yml
|
||||||
|
domain: "paste.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||||
|
version: 20221009
|
||||||
|
|
||||||
|
codimd:
|
||||||
|
domain: "oldpad.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||||
|
|
||||||
|
hedgedoc:
|
||||||
|
file: hedgedoc.yml
|
||||||
|
domain: "pad.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
data_coop_website:
|
||||||
|
file: websites/data.coop.yml
|
||||||
domains:
|
domains:
|
||||||
- "{{ base_domain }}"
|
- "{{ base_domain }}"
|
||||||
- "www.{{ base_domain }}"
|
- "www.{{ base_domain }}"
|
||||||
|
|
||||||
cryptohagen_website:
|
cryptohagen_website:
|
||||||
|
file: websites/cryptohagen.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "cryptohagen.dk"
|
- "cryptohagen.dk"
|
||||||
- "www.cryptohagen.dk"
|
- "www.cryptohagen.dk"
|
||||||
|
|
||||||
ulovliglogning_website:
|
ulovliglogning_website:
|
||||||
|
file: websites/ulovliglogning.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "ulovliglogning.dk"
|
- "ulovliglogning.dk"
|
||||||
- "www.ulovliglogning.dk"
|
- "www.ulovliglogning.dk"
|
||||||
- "ulovlig-logning.dk"
|
- "ulovlig-logning.dk"
|
||||||
|
|
||||||
cryptoaarhus_website:
|
cryptoaarhus_website:
|
||||||
|
file: websites/cryptoaarhus.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "cryptoaarhus.dk"
|
- "cryptoaarhus.dk"
|
||||||
- "www.cryptoaarhus.dk"
|
- "www.cryptoaarhus.dk"
|
||||||
|
|
||||||
drone:
|
drone:
|
||||||
|
file: drone.yml
|
||||||
domain: "drone.{{ base_domain }}"
|
domain: "drone.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/drone"
|
volume_folder: "{{ volume_root_folder }}/drone"
|
||||||
|
version: 1
|
||||||
|
|
||||||
mailu:
|
mailu:
|
||||||
|
file: mailu.yml
|
||||||
version: 1.6
|
version: 1.6
|
||||||
domain: "mail.{{ base_domain }}"
|
domain: "mail.{{ base_domain }}"
|
||||||
dns: 192.168.203.254
|
dns: 192.168.203.254
|
||||||
subnet: 192.168.203.0/24
|
subnet: 192.168.203.0/24
|
||||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||||
|
|
||||||
portainer:
|
mastodon:
|
||||||
domain: "portainer.{{ base_domain }}"
|
file: mastodon.yml
|
||||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
|
||||||
|
|
||||||
ttrss:
|
|
||||||
domain: rss.{{ base_domain }}
|
|
||||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
|
||||||
|
|
||||||
keycloak:
|
|
||||||
domain: sso.{{ base_domain }}
|
|
||||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
|
||||||
|
|
||||||
postfix:
|
|
||||||
allowed_sender_domains:
|
|
||||||
- "services.{{ base_domain }}"
|
|
||||||
- "{{ passit.domain }}"
|
|
||||||
- "{{ gitea.domain }}"
|
|
||||||
- "{{ mastodon.domain }}"
|
|
||||||
- "{{ rallly.domain }}"
|
|
||||||
- "{{ membersystem.domain }}"
|
|
||||||
|
|
||||||
mastodon:
|
|
||||||
domain: "social.{{ base_domain }}"
|
domain: "social.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||||
|
version: v4.0.2
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
rallly:
|
rallly:
|
||||||
|
file: rallly.yml
|
||||||
domain: "when.{{ base_domain }}"
|
domain: "when.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
|
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
membersystem:
|
membersystem:
|
||||||
|
file: membersystem.yml
|
||||||
domain: "member.{{ base_domain }}"
|
domain: "member.{{ base_domain }}"
|
||||||
django_admins: "Vidir:valberg@orn.li"
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
|
allowed_sender_domain: true
|
||||||
restic:
|
|
||||||
user: "datacoop"
|
|
||||||
domain: "restic.cannedtuna.org"
|
|
||||||
repository: "datacoop-hevonen"
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# ----------
|
# ----------
|
||||||
# This identifies your server and cannot be changed safely later
|
# This identifies your server and cannot be changed safely later
|
||||||
# ----------
|
# ----------
|
||||||
LOCAL_DOMAIN={{ mastodon.domain }}
|
LOCAL_DOMAIN={{ services.mastodon.domain }}
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
# -----
|
# -----
|
||||||
|
@ -52,7 +52,7 @@ SMTP_SERVER={{ smtp_host }}
|
||||||
SMTP_PORT={{ smtp_port }}
|
SMTP_PORT={{ smtp_port }}
|
||||||
SMTP_LOGIN=
|
SMTP_LOGIN=
|
||||||
SMTP_PASSWORD=
|
SMTP_PASSWORD=
|
||||||
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
|
SMTP_FROM_ADDRESS=notifications@{{ services.mastodon.domain }}
|
||||||
|
|
||||||
# File storage (optional)
|
# File storage (optional)
|
||||||
# -----------------------
|
# -----------------------
|
||||||
|
|
|
@ -44,7 +44,7 @@ pid_file: /data/homeserver.pid
|
||||||
# use synapse with a reverse proxy, this should be the URL to reach
|
# use synapse with a reverse proxy, this should be the URL to reach
|
||||||
# synapse via the proxy.
|
# synapse via the proxy.
|
||||||
#
|
#
|
||||||
public_baseurl: "https://{{ matrix.domain }}"
|
public_baseurl: "https://{{ services.matrix.domain }}"
|
||||||
|
|
||||||
# Set the soft limit on the number of file descriptors synapse can use
|
# Set the soft limit on the number of file descriptors synapse can use
|
||||||
# Zero is used to indicate synapse should set the soft limit to the
|
# Zero is used to indicate synapse should set the soft limit to the
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
NEXT_PUBLIC_BASE_URL="https://{{ rallly.domain }}"
|
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||||
SUPPORT_EMAIL="noreply@{{ rallly.domain }}"
|
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||||
SMTP_HOST="{{ smtp_host }}"
|
SMTP_HOST="{{ smtp_host }}"
|
||||||
SMTP_PORT="{{ smtp_port }}"
|
SMTP_PORT="{{ smtp_port }}"
|
||||||
SMTP_SECURE="false"
|
SMTP_SECURE="false"
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"default_server_config": {
|
"default_server_config": {
|
||||||
"m.homeserver": {
|
"m.homeserver": {
|
||||||
"base_url": "https://{{ matrix.domain }}"
|
"base_url": "https://{{ services.matrix.domain }}"
|
||||||
},
|
},
|
||||||
"m.identity_server": {
|
"m.identity_server": {
|
||||||
"base_url": "https://vector.im"
|
"base_url": "https://vector.im"
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"enable_presence_by_hs_url": {
|
"enable_presence_by_hs_url": {
|
||||||
"https://{{ matrix.domain }}": false
|
"https://{{ services.matrix.domain }}": false
|
||||||
},
|
},
|
||||||
"terms_and_conditions_links": [
|
"terms_and_conditions_links": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,511 +0,0 @@
|
||||||
"use strict";
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
//
|
|
||||||
// Set the server mode.
|
|
||||||
// Public servers does not require authentication.
|
|
||||||
//
|
|
||||||
// Set to 'false' to enable users.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
public: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// IP address or hostname for the web server to listen on.
|
|
||||||
// Setting this to undefined will listen on all interfaces.
|
|
||||||
//
|
|
||||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default undefined
|
|
||||||
//
|
|
||||||
host: undefined,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the port to listen on.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 9000
|
|
||||||
//
|
|
||||||
port: 9000,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
|
||||||
// to let the operating system pick its preferred one.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default undefined
|
|
||||||
//
|
|
||||||
bind: undefined,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Sets whether the server is behind a reverse proxy and should honor the
|
|
||||||
// X-Forwarded-For header or not.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
reverseProxy: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the default theme.
|
|
||||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "example"
|
|
||||||
//
|
|
||||||
theme: "example",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Prefetch URLs
|
|
||||||
//
|
|
||||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
|
||||||
// URLs posted in channels.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
prefetch: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Store and proxy prefetched images and thumbnails.
|
|
||||||
// This improves security and privacy by not exposing client IP address,
|
|
||||||
// and always loading images from The Lounge instance and making all assets secure,
|
|
||||||
// which in result fixes mixed content warnings.
|
|
||||||
//
|
|
||||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
|
||||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
|
||||||
//
|
|
||||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
|
||||||
// and the folder is cleaned up on every The Lounge restart.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
prefetchStorage: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Prefetch URLs Image Preview size limit
|
|
||||||
//
|
|
||||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
|
||||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 2048
|
|
||||||
//
|
|
||||||
prefetchMaxImageSize: 2048,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display network
|
|
||||||
//
|
|
||||||
// If set to false network settings will not be shown in the login form.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default true
|
|
||||||
//
|
|
||||||
displayNetwork: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Lock network
|
|
||||||
//
|
|
||||||
// If set to true, users will not be able to modify host, port and tls
|
|
||||||
// settings and will be limited to the configured network.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
lockNetwork: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Hex IP
|
|
||||||
//
|
|
||||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
|
||||||
// This is done to share the real user IP address with the server for host masking purposes.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
useHexIp: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// WEBIRC support
|
|
||||||
//
|
|
||||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
|
||||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
|
||||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
|
||||||
// network you are connecting to.
|
|
||||||
//
|
|
||||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
|
||||||
// Format (function):
|
|
||||||
// {"irc.example.net": function(client, args, trusted) {
|
|
||||||
// // here, we return a webirc object fed directly to `irc-framework`
|
|
||||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
|
||||||
// }}
|
|
||||||
//
|
|
||||||
// @type string | function(client, args):object(webirc)
|
|
||||||
// @default null
|
|
||||||
webirc: null,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Log settings
|
|
||||||
//
|
|
||||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
|
||||||
// the 'logs/<user>/<network>/' folder.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
logs: {
|
|
||||||
//
|
|
||||||
// Timestamp format
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "YYYY-MM-DD HH:mm:ss"
|
|
||||||
//
|
|
||||||
format: "YYYY-MM-DD HH:mm:ss",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Timezone
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "UTC+00:00"
|
|
||||||
//
|
|
||||||
timezone: "UTC+00:00",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Maximum number of history lines per channel
|
|
||||||
//
|
|
||||||
// Defines the maximum number of history lines that will be kept in
|
|
||||||
// memory per channel/query, in order to reduce the memory usage of
|
|
||||||
// the server. Setting this to -1 will keep unlimited amount.
|
|
||||||
//
|
|
||||||
// @type integer
|
|
||||||
// @default 10000
|
|
||||||
maxHistory: 10000,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Default values for the 'Connect' form.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
defaults: {
|
|
||||||
//
|
|
||||||
// Name
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "Freenode"
|
|
||||||
//
|
|
||||||
name: "Freenode",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Host
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "chat.freenode.net"
|
|
||||||
//
|
|
||||||
host: "chat.freenode.net",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Port
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 6697
|
|
||||||
//
|
|
||||||
port: 6697,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Password
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
password: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Enable TLS/SSL
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default true
|
|
||||||
//
|
|
||||||
tls: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Nick
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "lounge-user"
|
|
||||||
//
|
|
||||||
nick: "lounge-user",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Username
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "lounge-user"
|
|
||||||
//
|
|
||||||
username: "lounge-user",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Real Name
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "The Lounge User"
|
|
||||||
//
|
|
||||||
realname: "The Lounge User",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Channels
|
|
||||||
// This is a comma-separated list.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "#thelounge"
|
|
||||||
//
|
|
||||||
join: "#thelounge",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set socket.io transports
|
|
||||||
//
|
|
||||||
// @type array
|
|
||||||
// @default ["polling", "websocket"]
|
|
||||||
//
|
|
||||||
transports: ["polling", "websocket"],
|
|
||||||
|
|
||||||
//
|
|
||||||
// Run The Lounge using encrypted HTTP/2.
|
|
||||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
https: {
|
|
||||||
//
|
|
||||||
// Enable HTTP/2 / HTTPS support.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the key.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/key.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
key: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the certificate.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/key-cert.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
certificate: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the CA bundle.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/bundle.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
ca: "",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Default quit and part message if none is provided.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "The Lounge - https://thelounge.github.io"
|
|
||||||
//
|
|
||||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Run The Lounge with identd support.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
identd: {
|
|
||||||
//
|
|
||||||
// Run the identd daemon on server start.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Port to listen for ident requests.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 113
|
|
||||||
//
|
|
||||||
port: 113,
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Enable oidentd support using the specified file
|
|
||||||
//
|
|
||||||
// Example: oidentd: "~/.oidentd.conf",
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default null
|
|
||||||
//
|
|
||||||
oidentd: null,
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP authentication settings (only available if public=false)
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
// The authentication process works as follows:
|
|
||||||
//
|
|
||||||
// 1. Lounge connects to the LDAP server with its system credentials
|
|
||||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
|
||||||
// user requesting to log in.
|
|
||||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
|
||||||
// DN and password. Auth is validated iff this connection is successful.
|
|
||||||
//
|
|
||||||
// The search query takes a couple of parameters in `searchDN`:
|
|
||||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
|
||||||
// to be returned;
|
|
||||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
|
||||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
|
||||||
// where <username> is the user name provided in the log in request,
|
|
||||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
|
||||||
// also given in the config, to filter for instance only for nodes of type
|
|
||||||
// inetOrgPerson, or whatever LDAP search allows.
|
|
||||||
//
|
|
||||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
|
||||||
// ignore searchDN options and assume that the user DN is always:
|
|
||||||
// <bindDN>,<primaryKey>=<username>
|
|
||||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
|
||||||
// and <primaryKey> are provided by the config.
|
|
||||||
//
|
|
||||||
ldap: {
|
|
||||||
//
|
|
||||||
// Enable LDAP user authentication
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP server URL
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
url: "ldap://{{ ldap.domain }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
|
||||||
//
|
|
||||||
// @type object (see nodejs' tls.connect() options)
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
// Example:
|
|
||||||
// You can use this option in order to force the use of IPv6:
|
|
||||||
// {
|
|
||||||
// host: 'my::ip::v6',
|
|
||||||
// servername: 'example.com'
|
|
||||||
// }
|
|
||||||
tlsOptions: {},
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP base dn, alternative to searchDN
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
// baseDN: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP primary key
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "uid"
|
|
||||||
//
|
|
||||||
primaryKey: "uid",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search dn settings. This defines the procedure by which the
|
|
||||||
// lounge first look for user DN before authenticating her.
|
|
||||||
// Ignored if baseDN is specified
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
//
|
|
||||||
searchDN: {
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP searching bind DN
|
|
||||||
// This bind DN is used to query the server for the DN of the user.
|
|
||||||
// This is supposed to be a system user that has access in read only to
|
|
||||||
// the DNs of the people that are allowed to log in.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
rootDN: "cn=admin,dc=data,dc=coop",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Password of the lounge LDAP system user
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
rootPassword: "{{ ldap_admin_password }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP filter
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "uid"
|
|
||||||
//
|
|
||||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
|
||||||
filter: "(objectClass=inetOrgPerson)",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search base (search only within this node)
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
base: "{{ ldap_dn }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search scope
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "sub"
|
|
||||||
//
|
|
||||||
scope: "sub",
|
|
||||||
|
|
||||||
},
|
|
||||||
},
|
|
||||||
|
|
||||||
// Extra debugging
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
debug: {
|
|
||||||
// Enables extra debugging output provided by irc-framework.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
ircFramework: false,
|
|
||||||
|
|
||||||
// Enables logging raw IRC messages into each server window.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
raw: false,
|
|
||||||
},
|
|
||||||
};
|
|
|
@ -4,5 +4,15 @@
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup services
|
- name: setup services
|
||||||
include_tasks: "services/{{ item }}.yml"
|
include_tasks: "services/{{ item.value.file }}"
|
||||||
with_items: "{{ services }}"
|
loop: "{{ services | dict2items }}"
|
||||||
|
when: single_service is not defined and
|
||||||
|
item.value.file is defined and
|
||||||
|
item.value.disabled_in_vagrant is not defined
|
||||||
|
|
||||||
|
- name: setup single service
|
||||||
|
include_tasks: "services/{{ services[single_service].file }}"
|
||||||
|
when: single_service is defined and
|
||||||
|
single_service in services and
|
||||||
|
services[single_service].file is defined and
|
||||||
|
services[single_service].disabled_in_vagrant is not defined
|
||||||
|
|
|
@ -2,34 +2,34 @@
|
||||||
- name: copy docker registry nginx configuration
|
- name: copy docker registry nginx configuration
|
||||||
copy:
|
copy:
|
||||||
src: "files/configs/docker_registry/nginx.conf"
|
src: "files/configs/docker_registry/nginx.conf"
|
||||||
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
|
dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: docker registry container
|
- name: docker registry container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: registry
|
name: registry
|
||||||
image: registry:2
|
image: registry:{{ services.docker_registry.version }}
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
|
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||||
- "{{ docker_registry.volume_folder }}/auth:/auth"
|
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ docker_registry.domain }}"
|
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
|
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
REGISTRY_AUTH: "htpasswd"
|
REGISTRY_AUTH: "htpasswd"
|
||||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||||
|
|
||||||
- name: generate htpasswd file
|
- name: generate htpasswd file
|
||||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
|
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
args:
|
args:
|
||||||
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
|
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
|
||||||
- name: log in to registry
|
- name: log in to registry
|
||||||
docker_login:
|
docker_login:
|
||||||
registry: "docker.data.coop"
|
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||||
username: "docker"
|
username: "docker"
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
|
|
|
@ -14,31 +14,31 @@
|
||||||
- external_services
|
- external_services
|
||||||
- drone
|
- drone
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ drone.volume_folder }}:/data"
|
- "{{ services.drone.volume_folder }}:/data"
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
environment:
|
environment:
|
||||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
DRONE_GITEA_SERVER: "https://{{ services.gitea.domain }}"
|
||||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||||
DRONE_SERVER_PROTO: "https"
|
DRONE_SERVER_PROTO: "https"
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
drone-runner-docker:
|
drone-runner-docker:
|
||||||
container_name: "drone-runner-docker"
|
container_name: "drone-runner-docker"
|
||||||
image: "drone/drone-runner-docker:1"
|
image: "drone/drone-runner-docker:{{ services.drone.version }}"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- drone
|
- drone
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
environment:
|
environment:
|
||||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||||
DRONE_RPC_PROTO: "https"
|
DRONE_RPC_PROTO: "https"
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
DRONE_RUNNER_CAPACITY: 2
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
|
|
@ -7,25 +7,25 @@
|
||||||
- name: gitea container
|
- name: gitea container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: gitea
|
name: gitea
|
||||||
image: gitea/gitea:1.17
|
image: gitea/gitea:{{ services.gitea.version }}
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: gitea
|
- name: gitea
|
||||||
- name: postfix
|
- name: postfix
|
||||||
- name: external_services
|
- name: external_services
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ gitea.volume_folder }}:/data"
|
- "{{ services.gitea.volume_folder }}:/data"
|
||||||
published_ports:
|
published_ports:
|
||||||
- "22:22"
|
- "22:22"
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
VIRTUAL_HOST: "{{ services.gitea.domain }}"
|
||||||
VIRTUAL_PORT: "3000"
|
VIRTUAL_PORT: "3000"
|
||||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
LETSENCRYPT_HOST: "{{ services.gitea.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||||
GITEA__mailer__ENABLED: "true"
|
GITEA__mailer__ENABLED: "true"
|
||||||
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
|
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
|
||||||
GITEA__mailer__MAILER_TYPE: "smtp"
|
GITEA__mailer__MAILER_TYPE: "smtp"
|
||||||
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
||||||
GITEA__mailer__USER: "noop"
|
GITEA__mailer__USER: "noop"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create hedgedoc volume folders
|
- name: create hedgedoc volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "db"
|
- "db"
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
- name: copy sso public certificate
|
- name: copy sso public certificate
|
||||||
copy:
|
copy:
|
||||||
src: "files/sso/sso.data.coop.pem"
|
src: "files/sso/sso.data.coop.pem"
|
||||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: setup hedgedoc
|
- name: setup hedgedoc
|
||||||
|
@ -31,13 +31,13 @@
|
||||||
networks:
|
networks:
|
||||||
- "hedgedoc"
|
- "hedgedoc"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
|
||||||
app:
|
app:
|
||||||
image: quay.io/hedgedoc/hedgedoc:1
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||||
environment:
|
environment:
|
||||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||||
CMD_EMAIL: "False"
|
CMD_EMAIL: "False"
|
||||||
|
@ -47,12 +47,12 @@
|
||||||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||||
CMD_USECDN: "false"
|
CMD_USECDN: "false"
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
CMD_PROTOCOL_USESSL: "true"
|
||||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
restart: "unless-stopped"
|
restart: "unless-stopped"
|
||||||
networks:
|
networks:
|
||||||
- "hedgedoc"
|
- "hedgedoc"
|
||||||
|
|
|
@ -12,14 +12,14 @@
|
||||||
networks:
|
networks:
|
||||||
- "keycloak"
|
- "keycloak"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: "keycloak"
|
POSTGRES_USER: "keycloak"
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
POSTGRES_DB: "keycloak"
|
POSTGRES_DB: "keycloak"
|
||||||
|
|
||||||
app:
|
app:
|
||||||
image: "quay.io/keycloak/keycloak:20.0"
|
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
|
||||||
restart: "unless-stopped"
|
restart: "unless-stopped"
|
||||||
networks:
|
networks:
|
||||||
- "keycloak"
|
- "keycloak"
|
||||||
|
@ -36,9 +36,9 @@
|
||||||
- "--https-port=8080"
|
- "--https-port=8080"
|
||||||
- "--http-relative-path=/auth"
|
- "--http-relative-path=/auth"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||||
VIRTUAL_PORT: "8080"
|
VIRTUAL_PORT: "8080"
|
||||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: create mailu volume folders
|
- name: create mailu volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ mailu.volume_folder }}/{{ volume }}"
|
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- redis
|
- redis
|
||||||
|
@ -20,20 +20,20 @@
|
||||||
- name: upload mailu.env file
|
- name: upload mailu.env file
|
||||||
template:
|
template:
|
||||||
src: mailu.env.j2
|
src: mailu.env.j2
|
||||||
dest: "{{ mailu.volume_folder}}/mailu.env"
|
dest: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
|
||||||
- name: hard link to Let's Encrypt TLS certificate
|
- name: hard link to Let's Encrypt TLS certificate
|
||||||
file:
|
file:
|
||||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||||
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: yes
|
force: yes
|
||||||
when: letsencrypt_enabled
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
- name: hard link to Let's Encrypt TLS key
|
- name: hard link to Let's Encrypt TLS key
|
||||||
file:
|
file:
|
||||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||||
dest: "{{ mailu.volume_folder }}/certs/key.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: yes
|
force: yes
|
||||||
when: letsencrypt_enabled
|
when: letsencrypt_enabled
|
||||||
|
@ -49,30 +49,30 @@
|
||||||
image: redis:alpine
|
image: redis:alpine
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/redis:/data"
|
- "{{ services.mailu.volume_folder }}/redis:/data"
|
||||||
|
|
||||||
database:
|
database:
|
||||||
image: mailu/postgresql:{{ mailu.version }}
|
image: mailu/postgresql:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/data/psql_db:/data"
|
- "{{ services.mailu.volume_folder }}/data/psql_db:/data"
|
||||||
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
|
- "{{ services.mailu.volume_folder }}/data/psql_backup:/backup"
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
- external_services
|
- external_services
|
||||||
|
|
||||||
front:
|
front:
|
||||||
image: mailu/nginx:{{ mailu.version }}
|
image: mailu/nginx:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ mailu.domain }}"
|
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ mailu.domain }}"
|
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/certs:/certs"
|
- "{{ services.mailu.volume_folder }}/certs:/certs"
|
||||||
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
|
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||||
expose:
|
expose:
|
||||||
- "80"
|
- "80"
|
||||||
ports:
|
ports:
|
||||||
|
@ -85,70 +85,70 @@
|
||||||
- external_services
|
- external_services
|
||||||
|
|
||||||
resolver:
|
resolver:
|
||||||
image: mailu/unbound:{{ mailu.version }}
|
image: mailu/unbound:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
ipv4_address: "{{ mailu.dns }}"
|
ipv4_address: "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
admin:
|
admin:
|
||||||
image: mailu/admin:{{ mailu.version }}
|
image: mailu/admin:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/data:/data"
|
- "{{ services.mailu.volume_folder }}/data:/data"
|
||||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
imap:
|
imap:
|
||||||
image: mailu/dovecot:{{ mailu.version }}
|
image: mailu/dovecot:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/mail:/mail"
|
- "{{ services.mailu.volume_folder }}/mail:/mail"
|
||||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
|
|
||||||
smtp:
|
smtp:
|
||||||
image: mailu/postfix:{{ mailu.version }}
|
image: mailu/postfix:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- "{{ mailu.dns }}"
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
antispam:
|
antispam:
|
||||||
image: mailu/rspamd:{{ mailu.version }}
|
image: mailu/rspamd:{{ services.mailu.version }}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
|
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||||
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- "{{ mailu.dns }}"
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
webmail:
|
webmail:
|
||||||
image: mailu/rainloop:1.6
|
image: mailu/rainloop:1.6
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mailu.volume_folder }}/webmail:/data"
|
- "{{ services.mailu.volume_folder }}/webmail:/data"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- "{{ mailu.dns }}"
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -156,7 +156,7 @@
|
||||||
ipam:
|
ipam:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: "{{ mailu.subnet }}"
|
- subnet: "{{ services.mailu.subnet }}"
|
||||||
external_services:
|
external_services:
|
||||||
external:
|
external:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
- name: create mastodon volume folders
|
- name: create mastodon volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ mastodon.volume_folder }}/{{ volume }}"
|
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "991"
|
owner: "991"
|
||||||
group: "991"
|
group: "991"
|
||||||
|
@ -14,12 +14,12 @@
|
||||||
- name: Copy mastodon environment file
|
- name: Copy mastodon environment file
|
||||||
template:
|
template:
|
||||||
src: files/configs/mastodon/env_file.j2
|
src: files/configs/mastodon/env_file.j2
|
||||||
dest: "{{ mastodon.volume_folder }}/env_file"
|
dest: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
|
|
||||||
- name: upload vhost config for root domain
|
- name: upload vhost config for root domain
|
||||||
template:
|
template:
|
||||||
src: files/configs/mastodon/vhost-mastodon
|
src: files/configs/mastodon/vhost-mastodon
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||||
|
|
||||||
- name: set up mastodon
|
- name: set up mastodon
|
||||||
docker_compose:
|
docker_compose:
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
||||||
|
|
||||||
|
@ -49,12 +49,12 @@
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD', 'redis-cli', 'ping']
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mastodon.volume_folder }}/redis_data:/data"
|
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
|
||||||
|
|
||||||
web:
|
web:
|
||||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
networks:
|
networks:
|
||||||
- external_services
|
- external_services
|
||||||
|
@ -66,18 +66,18 @@
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
VIRTUAL_PORT: "3000"
|
VIRTUAL_PORT: "3000"
|
||||||
VIRTUAL_PATH: "/"
|
VIRTUAL_PATH: "/"
|
||||||
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
|
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
command: node ./streaming
|
command: node ./streaming
|
||||||
networks:
|
networks:
|
||||||
- external_services
|
- external_services
|
||||||
|
@ -91,14 +91,14 @@
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
VIRTUAL_PORT: "4000"
|
VIRTUAL_PORT: "4000"
|
||||||
VIRTUAL_PATH: "/api/v1/streaming"
|
VIRTUAL_PATH: "/api/v1/streaming"
|
||||||
|
|
||||||
sidekiq:
|
sidekiq:
|
||||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
restart: always
|
restart: always
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
command: bundle exec sidekiq -c 32
|
command: bundle exec sidekiq -c 32
|
||||||
environment:
|
environment:
|
||||||
DB_POOL: 32
|
DB_POOL: 32
|
||||||
|
@ -110,7 +110,7 @@
|
||||||
- external_services
|
- external_services
|
||||||
- internal_network
|
- internal_network
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
|
||||||
|
@ -121,5 +121,3 @@
|
||||||
external: true
|
external: true
|
||||||
internal_network:
|
internal_network:
|
||||||
internal: true
|
internal: true
|
||||||
vars:
|
|
||||||
mastodon_version: "v4.0.2"
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create matrix volume folders
|
- name: create matrix volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "991"
|
owner: "991"
|
||||||
group: "991"
|
group: "991"
|
||||||
|
@ -14,12 +14,12 @@
|
||||||
|
|
||||||
- name: create matrix DB folder
|
- name: create matrix DB folder
|
||||||
file:
|
file:
|
||||||
name: "{{ matrix.volume_folder }}/db"
|
name: "{{ services.matrix.volume_folder }}/db"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
|
||||||
- name: create riot volume folders
|
- name: create riot volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ riot.volume_folder }}/{{ volume }}"
|
name: "{{ services.riot.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "data"
|
- "data"
|
||||||
|
@ -29,38 +29,38 @@
|
||||||
- name: upload riot config.json
|
- name: upload riot config.json
|
||||||
template:
|
template:
|
||||||
src: files/configs/riot/config.json
|
src: files/configs/riot/config.json
|
||||||
dest: "{{ riot.volume_folder }}/data/config.json"
|
dest: "{{ services.riot.volume_folder }}/data/config.json"
|
||||||
|
|
||||||
- name: upload riot.im.conf
|
- name: upload riot.im.conf
|
||||||
template:
|
template:
|
||||||
src: files/configs/riot/riot.im.conf
|
src: files/configs/riot/riot.im.conf
|
||||||
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
dest: "{{ services.riot.volume_folder }}/data/riot.im.conf"
|
||||||
|
|
||||||
- name: upload vhost config for root domain
|
- name: upload vhost config for root domain
|
||||||
template:
|
template:
|
||||||
src: files/configs/matrix/vhost-root
|
src: files/configs/matrix/vhost-root
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
|
||||||
|
|
||||||
- name: upload vhost config for matrix domain
|
- name: upload vhost config for matrix domain
|
||||||
template:
|
template:
|
||||||
src: files/configs/matrix/vhost-matrix
|
src: files/configs/matrix/vhost-matrix
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||||
|
|
||||||
- name: upload vhost config for riot domain
|
- name: upload vhost config for riot domain
|
||||||
template:
|
template:
|
||||||
src: files/configs/matrix/vhost-riot
|
src: files/configs/matrix/vhost-riot
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ item }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}"
|
||||||
loop: "{{ riot.domains }}"
|
loop: "{{ services.riot.domains }}"
|
||||||
|
|
||||||
- name: upload homeserver.yaml
|
- name: upload homeserver.yaml
|
||||||
template:
|
template:
|
||||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||||
|
|
||||||
- name: upload matrix logging config
|
- name: upload matrix logging config
|
||||||
template:
|
template:
|
||||||
src: "files/configs/matrix/matrix.data.coop.log.config"
|
src: "files/configs/matrix/matrix.data.coop.log.config"
|
||||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||||
|
|
||||||
- name: set up matrix and riot
|
- name: set up matrix and riot
|
||||||
docker_compose:
|
docker_compose:
|
||||||
|
@ -76,32 +76,32 @@
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: "synapse"
|
POSTGRES_USER: "synapse"
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
|
||||||
matrix_app:
|
matrix_app:
|
||||||
container_name: matrix
|
container_name: matrix
|
||||||
image: matrixdotorg/synapse:v1.63.1
|
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
- external_services
|
- external_services
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ matrix.volume_folder }}/data:/data"
|
- "{{ services.matrix.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||||
SYNAPSE_CACHE_FACTOR: "2"
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
SYNAPSE_LOG_LEVEL: "INFO"
|
SYNAPSE_LOG_LEVEL: "INFO"
|
||||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||||
VIRTUAL_PORT: "8008"
|
VIRTUAL_PORT: "8008"
|
||||||
LETSENCRYPT_HOST: "{{ matrix.domain }}"
|
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
container_name: riot_app
|
container_name: riot_app
|
||||||
image: avhost/docker-matrix-riot:v1.11.8
|
image: avhost/docker-matrix-riot:{{ services.riot.version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- matrix
|
- matrix
|
||||||
|
@ -109,11 +109,11 @@
|
||||||
expose:
|
expose:
|
||||||
- 8080
|
- 8080
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ riot.volume_folder }}/data:/data"
|
- "{{ services.riot.volume_folder }}/data:/data"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
|
||||||
VIRTUAL_PORT: "8080"
|
VIRTUAL_PORT: "8080"
|
||||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -25,14 +25,14 @@
|
||||||
POSTGRES_PORT: 5432
|
POSTGRES_PORT: 5432
|
||||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
VIRTUAL_PORT: "8000"
|
VIRTUAL_PORT: "8000"
|
||||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
||||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:13-alpine
|
image: postgres:13-alpine
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: setup netdata docker container for system monitoring
|
- name: setup netdata docker container for system monitoring
|
||||||
docker_container:
|
docker_container:
|
||||||
name: netdata
|
name: netdata
|
||||||
image: netdata/netdata:v1
|
image: netdata/netdata:{{ services.netdata.version }}
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
hostname: "hevonen.servers.{{ base_domain }}"
|
hostname: "hevonen.servers.{{ base_domain }}"
|
||||||
capabilities:
|
capabilities:
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
PGID: "999"
|
PGID: "999"
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: upload vhost config for cloud.data.coop
|
- name: upload vhost config for cloud.data.coop
|
||||||
template:
|
template:
|
||||||
src: files/configs/nextcloud/vhost
|
src: files/configs/nextcloud/vhost
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ nextcloud.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||||
notify: "restart nginx"
|
notify: "restart nginx"
|
||||||
|
|
||||||
- name: setup nextcloud containers
|
- name: setup nextcloud containers
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
networks:
|
networks:
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_DB: "nextcloud"
|
POSTGRES_DB: "nextcloud"
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
@ -33,29 +33,29 @@
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
|
|
||||||
cron:
|
cron:
|
||||||
image: "nextcloud:25-apache"
|
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||||
restart: "unless-stopped"
|
restart: "unless-stopped"
|
||||||
entrypoint: "/cron.sh"
|
entrypoint: "/cron.sh"
|
||||||
networks:
|
networks:
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
depends_on:
|
depends_on:
|
||||||
- "postgres"
|
- "postgres"
|
||||||
- "redis"
|
- "redis"
|
||||||
|
|
||||||
app:
|
app:
|
||||||
image: "nextcloud:25-apache"
|
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||||
restart: "unless-stopped"
|
restart: "unless-stopped"
|
||||||
networks:
|
networks:
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
- "postfix"
|
- "postfix"
|
||||||
- "external_services"
|
- "external_services"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
POSTGRES_HOST: "postgres"
|
POSTGRES_HOST: "postgres"
|
||||||
POSTGRES_DB: "nextcloud"
|
POSTGRES_DB: "nextcloud"
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: create nginx-proxy volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ nginx.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- conf
|
|
||||||
- vhost
|
|
||||||
- html
|
|
||||||
- dhparam
|
|
||||||
- certs
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: nginx proxy container
|
|
||||||
docker_container:
|
|
||||||
name: nginx-proxy
|
|
||||||
image: nginxproxy/nginx-proxy:1.0-alpine
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
published_ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
|
|
||||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
|
||||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
|
|
||||||
- name: nginx letsencrypt container
|
|
||||||
docker_container:
|
|
||||||
name: nginx-proxy-le
|
|
||||||
image: nginxproxy/acme-companion:2.2
|
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
|
||||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
env:
|
|
||||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
|
||||||
when: letsencrypt_enabled
|
|
||||||
|
|
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: create nginx-proxy volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- conf
|
||||||
|
- vhost
|
||||||
|
- html
|
||||||
|
- dhparam
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: nginx proxy container
|
||||||
|
docker_container:
|
||||||
|
name: nginx-proxy
|
||||||
|
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
published_ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
|
||||||
|
- name: nginx letsencrypt container
|
||||||
|
docker_container:
|
||||||
|
name: nginx-proxy-le
|
||||||
|
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||||
|
restart_policy: always
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
env:
|
||||||
|
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: create ldap volume folders
|
- name: create ldap volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "var/lib/ldap"
|
- "var/lib/ldap"
|
||||||
|
@ -17,19 +17,19 @@
|
||||||
- name: openLDAP container
|
- name: openLDAP container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: openldap
|
name: openldap
|
||||||
image: osixia/openldap:1.5.0
|
image: osixia/openldap:{{ services.openldap.version }}
|
||||||
tty: true
|
tty: true
|
||||||
interactive: true
|
interactive: true
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||||
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||||
published_ports:
|
published_ports:
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
hostname: "{{ ldap.domain }}"
|
hostname: "{{ services.openldap.domain }}"
|
||||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||||
networks:
|
networks:
|
||||||
- name: ldap
|
- name: ldap
|
||||||
env:
|
env:
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
- name: phpLDAPadmin container
|
- name: phpLDAPadmin container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: phpldapadmin
|
name: phpldapadmin
|
||||||
image: osixia/phpldapadmin:0.9.0
|
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
|
@ -68,6 +68,6 @@
|
||||||
PHPLDAPADMIN_HTTPS: "false"
|
PHPLDAPADMIN_HTTPS: "false"
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
|
@ -13,13 +13,13 @@
|
||||||
networks:
|
networks:
|
||||||
- "passit"
|
- "passit"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_USER: "passit"
|
POSTGRES_USER: "passit"
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
passit_app:
|
passit_app:
|
||||||
image: "passit/passit:stable"
|
image: "passit/passit:{{ services.passit.version }}"
|
||||||
command: "bin/start.sh"
|
command: "bin/start.sh"
|
||||||
restart: "always"
|
restart: "always"
|
||||||
networks:
|
networks:
|
||||||
|
@ -31,11 +31,11 @@
|
||||||
SECRET_KEY: "{{ passit_secret_key }}"
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
IS_DEBUG: 'False'
|
IS_DEBUG: 'False'
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
|
||||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
|
||||||
FIDO_SERVER_ID: "{{ passit.domain }}"
|
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -2,21 +2,21 @@
|
||||||
|
|
||||||
- name: create portainer volume folder
|
- name: create portainer volume folder
|
||||||
file:
|
file:
|
||||||
name: "{{ portainer.volume_folder }}"
|
name: "{{ services.portainer.volume_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: run portainer
|
- name: run portainer
|
||||||
docker_container:
|
docker_container:
|
||||||
name: portainer
|
name: portainer
|
||||||
image: portainer/portainer-ee:2.16.2
|
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- "{{ portainer.volume_folder }}:/data"
|
- "{{ services.portainer.volume_folder }}:/data"
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||||
VIRTUAL_PORT: "9000"
|
VIRTUAL_PORT: "9000"
|
||||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
|
@ -10,10 +10,11 @@
|
||||||
- name: setup postfix docker container for outgoing mail
|
- name: setup postfix docker container for outgoing mail
|
||||||
docker_container:
|
docker_container:
|
||||||
name: postfix
|
name: postfix
|
||||||
image: boky/postfix:v3.5.1-alpine
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
env:
|
env:
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'defined') | map(attribute='value.domain') | list | join(' ') }}"
|
||||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: create privatebin volume folders
|
- name: create privatebin volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ privatebin.volume_folder }}/{{ volume }}"
|
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- cfg
|
- cfg
|
||||||
|
@ -13,19 +13,19 @@
|
||||||
- name: upload privatebin config
|
- name: upload privatebin config
|
||||||
template:
|
template:
|
||||||
src: files/configs/privatebin-conf.php
|
src: files/configs/privatebin-conf.php
|
||||||
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
|
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||||
|
|
||||||
- name: privatebin app container
|
- name: privatebin app container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: privatebin
|
name: privatebin
|
||||||
image: jgeusebroek/privatebin:latest
|
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||||
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
|
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ privatebin.domain }}"
|
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
|
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
- name: Create rallly volume folders
|
- name: Create rallly volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ rallly.volume_folder }}/postgres"
|
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Copy Rallly environment file
|
- name: Copy Rallly environment file
|
||||||
template:
|
template:
|
||||||
src: files/configs/rallly/env_file
|
src: files/configs/rallly/env_file.j2
|
||||||
dest: "{{ rallly.volume_folder }}/env_file"
|
dest: "{{ services.rallly.volume_folder }}/env_file"
|
||||||
|
|
||||||
- name: Set up Rallly
|
- name: Set up Rallly
|
||||||
docker_compose:
|
docker_compose:
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
networks:
|
networks:
|
||||||
rallly_internal:
|
rallly_internal:
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||||
POSTGRES_DB: "rallly_db"
|
POSTGRES_DB: "rallly_db"
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|
||||||
rallly:
|
rallly:
|
||||||
image: "lukevella/rallly:a21f92bf74308d66cfcd545d49b81eba0211a222"
|
image: "lukevella/rallly:{{ services.rallly.version }}"
|
||||||
restart: "always"
|
restart: "always"
|
||||||
networks:
|
networks:
|
||||||
rallly_internal:
|
rallly_internal:
|
||||||
|
@ -43,11 +43,11 @@
|
||||||
rallly_db:
|
rallly_db:
|
||||||
condition: "service_healthy"
|
condition: "service_healthy"
|
||||||
env_file:
|
env_file:
|
||||||
- "{{ rallly.volume_folder }}/env_file"
|
- "{{ services.rallly.volume_folder }}/env_file"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ rallly.domain }}"
|
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||||
VIRTUAL_PORT: "3000"
|
VIRTUAL_PORT: "3000"
|
||||||
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Setup restic backup
|
- name: Setup restic backup
|
||||||
when: not vagrant
|
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: restic_backup
|
project_name: restic_backup
|
||||||
pull: true
|
pull: true
|
||||||
|
@ -8,12 +7,12 @@
|
||||||
version: '3.6'
|
version: '3.6'
|
||||||
services:
|
services:
|
||||||
restic-backup:
|
restic-backup:
|
||||||
image: mazzolino/restic:1.6.0
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
RUN_ON_STARTUP: "true"
|
RUN_ON_STARTUP: "true"
|
||||||
BACKUP_CRON: "0 30 3 * * *"
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||||
RESTIC_BACKUP_ARGS: >-
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
@ -30,10 +29,10 @@
|
||||||
- /docker-volumes:/mnt/volumes:ro
|
- /docker-volumes:/mnt/volumes:ro
|
||||||
|
|
||||||
restic-prune:
|
restic-prune:
|
||||||
image: "mazzolino/restic:1.6.0"
|
image: "mazzolino/restic:{{ services.restic.version }}"
|
||||||
environment:
|
environment:
|
||||||
RUN_ON_STARTUP: "true"
|
RUN_ON_STARTUP: "true"
|
||||||
PRUNE_CRON: "0 0 4 * * *"
|
PRUNE_CRON: "0 0 4 * * *"
|
||||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
TZ: Europe/copenhagen
|
TZ: Europe/copenhagen
|
|
@ -4,6 +4,8 @@
|
||||||
name: watchtower
|
name: watchtower
|
||||||
image: containrrr/watchtower:amd64-1.5.1
|
image: containrrr/watchtower:amd64-1.5.1
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
WATCHTOWER_POLL_INTERVAL: 60
|
WATCHTOWER_POLL_INTERVAL: 60
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -1,87 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: setup data.coop website docker container
|
|
||||||
docker_container:
|
|
||||||
name: data.coop_website
|
|
||||||
image: docker.data.coop/data-coop-website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
- name: setup new data.coop website using hugo
|
|
||||||
docker_container:
|
|
||||||
name: new.data.coop_website
|
|
||||||
image: docker.data.coop/data-coop-website:hugo
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
- name: setup new-new data.coop website using unipi
|
|
||||||
docker_container:
|
|
||||||
name: new-new.data.coop_website
|
|
||||||
image: docker.data.coop/unipi:latest
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
purge_networks: yes
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
# The ssh-key is for read-only only
|
|
||||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
|
||||||
capabilities:
|
|
||||||
- NET_ADMIN
|
|
||||||
devices:
|
|
||||||
- "/dev/net/tun"
|
|
||||||
|
|
||||||
- name: setup 2022.slides.data.coop website using unipi
|
|
||||||
docker_container:
|
|
||||||
name: 2022.slides.data.coop_website
|
|
||||||
image: docker.data.coop/unipi:latest
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
purge_networks: yes
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
# Temporarily hosting on github
|
|
||||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
|
||||||
capabilities:
|
|
||||||
- NET_ADMIN
|
|
||||||
devices:
|
|
||||||
- "/dev/net/tun"
|
|
||||||
|
|
||||||
- name: setup cryptohagen.dk website docker container
|
|
||||||
docker_container:
|
|
||||||
name: cryptohagen_website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
image: docker.data.coop/cryptohagen-website
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
- name: setup cryptoaarhus.dk website docker container
|
|
||||||
docker_container:
|
|
||||||
name: cryptoaarhus_website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
image: docker.data.coop/cryptoaarhus-website
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: setup 2022.slides.data.coop website using unipi
|
||||||
|
docker_container:
|
||||||
|
name: 2022.slides.data.coop_website
|
||||||
|
image: docker.data.coop/unipi:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
purge_networks: yes
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# Temporarily hosting on github
|
||||||
|
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: setup cryptoaarhus.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: cryptoaarhus_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: docker.data.coop/cryptoaarhus-website
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: setup cryptohagen.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: cryptohagen_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: docker.data.coop/cryptohagen-website
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: setup data.coop website docker container
|
||||||
|
docker_container:
|
||||||
|
name: data.coop_website
|
||||||
|
image: docker.data.coop/data-coop-website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
- name: setup new-new data.coop website using unipi
|
||||||
|
docker_container:
|
||||||
|
name: new-new.data.coop_website
|
||||||
|
image: docker.data.coop/unipi:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
purge_networks: yes
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# The ssh-key is for read-only only
|
||||||
|
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: setup new data.coop website using hugo
|
||||||
|
docker_container:
|
||||||
|
name: new.data.coop_website
|
||||||
|
image: docker.data.coop/data-coop-website:hugo
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -6,6 +6,6 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -26,7 +26,7 @@ SECRET_KEY={{ mailu_secret_key }}
|
||||||
# PUBLIC_IPV6= ::1 (default: ::1)
|
# PUBLIC_IPV6= ::1 (default: ::1)
|
||||||
|
|
||||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||||
SUBNET={{ mailu.subnet }}
|
SUBNET={{ services.mailu.subnet }}
|
||||||
|
|
||||||
# Main mail domain
|
# Main mail domain
|
||||||
DOMAIN=data.coop
|
DOMAIN=data.coop
|
||||||
|
|
|
@ -9,14 +9,14 @@
|
||||||
loop: "{{ users | default([]) }}"
|
loop: "{{ users | default([]) }}"
|
||||||
|
|
||||||
- name: "Add ssh authorized_keys"
|
- name: "Add ssh authorized_keys"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ item.name }}"
|
user: "{{ item.name }}"
|
||||||
key: "{{ item.ssh_keys | join('\n') }}"
|
key: "{{ item.ssh_keys | join('\n') }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
loop: "{{ users | default([]) }}"
|
loop: "{{ users | default([]) }}"
|
||||||
|
|
||||||
- name: "Add ssh authorized_keys to root user"
|
- name: "Add ssh authorized_keys to root user"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "root"
|
user: "root"
|
||||||
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
|
|
1
vagrant_host
Normal file
1
vagrant_host
Normal file
|
@ -0,0 +1 @@
|
||||||
|
localhost ansible_port=19022
|
Loading…
Reference in a new issue