This commit is contained in:
Víðir Valberg Guðmundsson 2022-11-25 13:55:50 +01:00
parent 5a63e8e1a8
commit 6708653c94
22 changed files with 303 additions and 274 deletions

View file

@ -1,122 +1,152 @@
---
volume_root_folder: "/docker-volumes"
nginx:
volume_folder: "{{ volume_root_folder }}/nginx"
services:
ldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
### Internal services ###
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
nginx_proxy:
version: "1.0-alpine"
volume_folder: "{{ volume_root_folder }}/nginx"
gitea:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
nginx_acme_companion:
version: "2.2"
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
openldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
version: "1.5.0"
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
phpldapadmin:
version: "0.9.0"
riot:
domains:
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot"
netdata:
domain: "netdata.{{ base_domain }}"
version: "v1"
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.16.2"
codimd:
domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "20.0"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
postfix:
version: "v3.5.0"
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
- "{{ rallly.domain }}"
- "{{ membersystem.domain }}"
netdata:
domain: "netdata.{{ base_domain }}"
restic:
user: "datacoop"
domain: "restic.cannedtuna.org"
repository: "datacoop-hevonen"
version: "1.6.0"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
username: "docker"
password: "{{ docker_password }}"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
username: "docker"
password: "{{ docker_password }}"
version: "2"
data_coop_website:
domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
### External services ###
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
gitea:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.17.3
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1
mailu:
version: 1.6
domain: "mail.{{ base_domain }}"
dns: 192.168.203.254
subnet: 192.168.203.0/24
volume_folder: "{{ volume_root_folder }}/mailu"
riot:
domains:
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot"
version: v1.11.8
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
version: 20221009
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"
codimd:
domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
version: 1.9.0
postfix:
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
- "{{ rallly.domain }}"
- "{{ membersystem.domain }}"
data_coop_website:
domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
restic:
user: "datacoop"
domain: "restic.cannedtuna.org"
repository: "datacoop-hevonen"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: 1
mailu:
version: 1.6
domain: "mail.{{ base_domain }}"
dns: 192.168.203.254
subnet: 192.168.203.0/24
volume_folder: "{{ volume_root_folder }}/mailu"
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
version: v4.0.2
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
version: a21f92bf74308d66cfcd545d49b81eba0211a222
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"

View file

@ -404,7 +404,7 @@ module.exports = {
//
// @type string
//
url: "ldap://{{ ldap.domain }}",
url: "ldap://{{ services.openldap.domain }}",
//
// LDAP connection tls options (only used if scheme is ldaps://)

View file

@ -2,34 +2,35 @@
- name: copy docker registry nginx configuration
copy:
src: "files/configs/docker_registry/nginx.conf"
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}"
mode: "0644"
- name: docker registry container
docker_container:
name: registry
image: registry:2
image: registry:{{ services.docker_registry.version }}
restart_policy: always
volumes:
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
- "{{ docker_registry.volume_folder }}/auth:/auth"
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ docker_registry.domain }}"
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
REGISTRY_AUTH: "htpasswd"
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
- name: generate htpasswd file
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
args:
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
- name: log in to registry
docker_login:
registry: "docker.data.coop"
registry: "{{ services.docker_registry.domain }}"
username: "docker"
password: "{{ docker_password }}"
config_path: "{{ services.docker_registry.volume_folder }}/auth/config.json"

View file

@ -14,31 +14,31 @@
- external_services
- drone
volumes:
- "{{ drone.volume_folder }}:/data"
- "{{ services.drone.volume_folder }}:/data"
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
DRONE_GITEA_SERVER: "https://{{ services.gitea.domain }}"
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
DRONE_SERVER_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}"
VIRTUAL_HOST: "{{ services.drone.domain }}"
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
drone-runner-docker:
container_name: "drone-runner-docker"
image: "drone/drone-runner-docker:1"
image: "drone/drone-runner-docker:{{ services.drone.version }}"
restart: unless-stopped
networks:
- drone
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_RPC_HOST: "{{ drone.domain }}"
DRONE_RPC_HOST: "{{ services.drone.domain }}"
DRONE_RPC_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
DRONE_RUNNER_CAPACITY: 2

View file

@ -7,25 +7,25 @@
- name: gitea container
docker_container:
name: gitea
image: gitea/gitea:1.17.3
image: gitea/gitea:{{ services.gitea.version }}
restart_policy: unless-stopped
networks:
- name: gitea
- name: postfix
- name: external_services
volumes:
- "{{ gitea.volume_folder }}:/data"
- "{{ services.gitea.volume_folder }}:/data"
published_ports:
- "22:22"
env:
VIRTUAL_HOST: "{{ gitea.domain }}"
VIRTUAL_HOST: "{{ services.gitea.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ gitea.domain }}"
LETSENCRYPT_HOST: "{{ services.gitea.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
GITEA__mailer__MAILER_TYPE: "smtp"
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
GITEA__mailer__USER: "noop"

View file

@ -1,7 +1,7 @@
---
- name: create hedgedoc volume folders
file:
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
@ -12,7 +12,7 @@
- name: copy sso public certificate
copy:
src: "files/sso/sso.data.coop.pem"
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: setup hedgedoc
@ -31,13 +31,13 @@
networks:
- "hedgedoc"
volumes:
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
app:
image: quay.io/hedgedoc/hedgedoc:1.9.0
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
environment:
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
CMD_DOMAIN: "{{ hedgedoc.domain }}"
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
CMD_ALLOW_EMAIL_REGISTER: "False"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_EMAIL: "False"
@ -47,12 +47,12 @@
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
CMD_USECDN: "false"
CMD_PROTOCOL_USESSL: "true"
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
restart: "unless-stopped"
networks:
- "hedgedoc"

View file

@ -12,24 +12,24 @@
networks:
- "keycloak"
volumes:
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
POSTGRES_DB: "keycloak"
app:
image: "quay.io/keycloak/keycloak:20.0.1"
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
restart: "unless-stopped"
networks:
- "keycloak"
- "postfix"
- "external_services"
command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ keycloak.domain }} --proxy=edge --https-port=8080 --http-relative-path=/auth"
command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ services.keycloak.domain }} --proxy=edge --https-port=8080 --http-relative-path=/auth"
environment:
VIRTUAL_HOST: "{{ keycloak.domain }}"
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:

View file

@ -2,7 +2,7 @@
- name: create mailu volume folders
file:
name: "{{ mailu.volume_folder }}/{{ volume }}"
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
state: directory
loop:
- redis
@ -20,20 +20,20 @@
- name: upload mailu.env file
template:
src: mailu.env.j2
dest: "{{ mailu.volume_folder}}/mailu.env"
dest: "{{ services.mailu.volume_folder}}/mailu.env"
- name: hard link to Let's Encrypt TLS certificate
file:
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard
force: yes
when: letsencrypt_enabled
- name: hard link to Let's Encrypt TLS key
file:
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
dest: "{{ mailu.volume_folder }}/certs/key.pem"
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard
force: yes
when: letsencrypt_enabled
@ -49,30 +49,30 @@
image: redis:alpine
restart: always
volumes:
- "{{ mailu.volume_folder }}/redis:/data"
- "{{ services.mailu.volume_folder }}/redis:/data"
database:
image: mailu/postgresql:{{ mailu.version }}
image: mailu/postgresql:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/data/psql_db:/data"
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
- "{{ services.mailu.volume_folder }}/data/psql_db:/data"
- "{{ services.mailu.volume_folder }}/data/psql_backup:/backup"
networks:
- default
- external_services
front:
image: mailu/nginx:{{ mailu.version }}
image: mailu/nginx:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
environment:
VIRTUAL_HOST: "{{ mailu.domain }}"
LETSENCRYPT_HOST: "{{ mailu.domain }}"
VIRTUAL_HOST: "{{ services.mailu.domain }}"
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ mailu.volume_folder }}/certs:/certs"
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
- "{{ services.mailu.volume_folder }}/certs:/certs"
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides"
expose:
- "80"
ports:
@ -85,70 +85,70 @@
- external_services
resolver:
image: mailu/unbound:{{ mailu.version }}
image: mailu/unbound:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
networks:
default:
ipv4_address: "{{ mailu.dns }}"
ipv4_address: "{{ services.mailu.dns }}"
admin:
image: mailu/admin:{{ mailu.version }}
image: mailu/admin:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/data:/data"
- "{{ mailu.volume_folder }}/dkim:/dkim"
- "{{ services.mailu.volume_folder }}/data:/data"
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
depends_on:
- redis
imap:
image: mailu/dovecot:{{ mailu.version }}
image: mailu/dovecot:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/mail:/mail"
- "{{ mailu.volume_folder }}/overrides:/overrides"
- "{{ services.mailu.volume_folder }}/mail:/mail"
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
depends_on:
- front
smtp:
image: mailu/postfix:{{ mailu.version }}
image: mailu/postfix:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/overrides:/overrides"
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
depends_on:
- front
- resolver
dns:
- "{{ mailu.dns }}"
- "{{ services.mailu.dns }}"
antispam:
image: mailu/rspamd:{{ mailu.version }}
image: mailu/rspamd:{{ services.mailu.version }}
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
- "{{ mailu.volume_folder }}/dkim:/dkim"
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
depends_on:
- front
- resolver
dns:
- "{{ mailu.dns }}"
- "{{ services.mailu.dns }}"
webmail:
image: mailu/rainloop:1.6
restart: always
env_file: "{{ mailu.volume_folder}}/mailu.env"
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
volumes:
- "{{ mailu.volume_folder }}/webmail:/data"
- "{{ services.mailu.volume_folder }}/webmail:/data"
depends_on:
- front
- resolver
dns:
- "{{ mailu.dns }}"
- "{{ services.mailu.dns }}"
networks:
default:
@ -156,7 +156,7 @@
ipam:
driver: default
config:
- subnet: "{{ mailu.subnet }}"
- subnet: "{{ services.mailu.subnet }}"
external_services:
external:
name: external_services

View file

@ -1,6 +1,6 @@
- name: create mastodon volume folders
file:
name: "{{ mastodon.volume_folder }}/{{ volume }}"
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
state: directory
owner: "991"
group: "991"
@ -14,12 +14,12 @@
- name: Copy mastodon environment file
template:
src: files/configs/mastodon/env_file.j2
dest: "{{ mastodon.volume_folder }}/env_file"
dest: "{{ services.mastodon.volume_folder }}/env_file"
- name: upload vhost config for root domain
template:
src: files/configs/mastodon/vhost-mastodon
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
- name: set up mastodon
docker_compose:
@ -37,7 +37,7 @@
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
@ -49,12 +49,12 @@
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- "{{ mastodon.volume_folder }}/redis_data:/data"
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
web:
image: "tootsuite/mastodon:{{ mastodon_version }}"
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
env_file: "{{ services.mastodon.volume_folder }}/env_file"
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- external_services
@ -66,18 +66,18 @@
- db
- redis
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
environment:
VIRTUAL_HOST: "{{ mastodon.domain }}"
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
VIRTUAL_PORT: "3000"
VIRTUAL_PATH: "/"
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
streaming:
image: "tootsuite/mastodon:{{ mastodon_version }}"
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
env_file: "{{ services.mastodon.volume_folder }}/env_file"
command: node ./streaming
networks:
- external_services
@ -91,14 +91,14 @@
- db
- redis
environment:
VIRTUAL_HOST: "{{ mastodon.domain }}"
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
VIRTUAL_PORT: "4000"
VIRTUAL_PATH: "/api/v1/streaming"
sidekiq:
image: "tootsuite/mastodon:{{ mastodon_version }}"
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
env_file: "{{ services.mastodon.volume_folder }}/env_file"
command: bundle exec sidekiq -c 32
environment:
DB_POOL: 32
@ -110,7 +110,7 @@
- external_services
- internal_network
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
@ -120,6 +120,4 @@
postfix:
external: true
internal_network:
internal: true
vars:
mastodon_version: "v4.0.2"
internal: true

View file

@ -1,7 +1,7 @@
---
- name: create matrix volume folders
file:
name: "{{ matrix.volume_folder }}/{{ volume }}"
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
state: directory
owner: "991"
group: "991"
@ -14,12 +14,12 @@
- name: create matrix DB folder
file:
name: "{{ matrix.volume_folder }}/db"
name: "{{ services.matrix.volume_folder }}/db"
state: "directory"
- name: create riot volume folders
file:
name: "{{ riot.volume_folder }}/{{ volume }}"
name: "{{ services.riot.volume_folder }}/{{ volume }}"
state: directory
loop:
- "data"
@ -29,38 +29,38 @@
- name: upload riot config.json
template:
src: files/configs/riot/config.json
dest: "{{ riot.volume_folder }}/data/config.json"
dest: "{{ services.riot.volume_folder }}/data/config.json"
- name: upload riot.im.conf
template:
src: files/configs/riot/riot.im.conf
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
dest: "{{ services.riot.volume_folder }}/data/riot.im.conf"
- name: upload vhost config for root domain
template:
src: files/configs/matrix/vhost-root
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
- name: upload vhost config for matrix domain
template:
src: files/configs/matrix/vhost-matrix
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
- name: upload vhost config for riot domain
template:
src: files/configs/matrix/vhost-riot
dest: "{{ nginx.volume_folder }}/vhost/{{ item }}"
loop: "{{ riot.domains }}"
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}"
loop: "{{ services.riot.domains }}"
- name: upload homeserver.yaml
template:
src: "files/configs/matrix/homeserver.yaml.j2"
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
- name: upload matrix logging config
template:
src: "files/configs/matrix/matrix.data.coop.log.config"
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
- name: set up matrix and riot
docker_compose:
@ -76,32 +76,32 @@
networks:
- matrix
volumes:
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "synapse"
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
matrix_app:
container_name: matrix
image: matrixdotorg/synapse:v1.63.1
image: matrixdotorg/synapse:{{ services.matrix.version }}
restart: unless-stopped
networks:
- matrix
- external_services
volumes:
- "{{ matrix.volume_folder }}/data:/data"
- "{{ services.matrix.volume_folder }}/data:/data"
environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
SYNAPSE_CACHE_FACTOR: "2"
SYNAPSE_LOG_LEVEL: "INFO"
VIRTUAL_HOST: "{{ matrix.domain }}"
VIRTUAL_HOST: "{{ services.matrix.domain }}"
VIRTUAL_PORT: "8008"
LETSENCRYPT_HOST: "{{ matrix.domain }}"
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
riot:
container_name: riot_app
image: avhost/docker-matrix-riot:v1.11.8
image: avhost/docker-matrix-riot:{{ services.riot.version }}
restart: unless-stopped
networks:
- matrix
@ -109,11 +109,11 @@
expose:
- 8080
volumes:
- "{{ riot.volume_folder }}/data:/data"
- "{{ services.riot.volume_folder }}/data:/data"
environment:
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:

View file

@ -3,7 +3,7 @@
- name: setup netdata docker container for system monitoring
docker_container:
name: netdata
image: netdata/netdata
image: netdata/netdata:{{ services.netdata.version }}
restart_policy: unless-stopped
hostname: "hevonen.servers.{{ base_domain }}"
capabilities:
@ -17,8 +17,8 @@
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ netdata.domain }}"
LETSENCRYPT_HOST: "{{ netdata.domain }}"
VIRTUAL_HOST : "{{ services.netdata.domain }}"
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
PGID: "999"
labels:

View file

@ -2,7 +2,7 @@
- name: upload vhost config for cloud.data.coop
template:
src: files/configs/nextcloud/vhost
dest: "{{ nginx.volume_folder }}/vhost/{{ nextcloud.domain }}"
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
notify: "restart nginx"
- name: setup nextcloud containers
@ -17,7 +17,7 @@
networks:
- "nextcloud"
volumes:
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
environment:
POSTGRES_DB: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
@ -33,7 +33,7 @@
- "nextcloud"
cron:
image: "nextcloud:25-apache"
image: "nextcloud:{{ services.nextcloud.version }}"
restart: "unless-stopped"
entrypoint: "/cron.sh"
networks:
@ -45,14 +45,14 @@
- "redis"
app:
image: "nextcloud:25-apache"
image: "nextcloud:{{ services.nextcloud.version }}"
restart: "unless-stopped"
networks:
- "nextcloud"
- "postfix"
- "external_services"
volumes:
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
environment:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"

View file

@ -2,7 +2,7 @@
- name: create nginx-proxy volume folders
file:
name: "{{ nginx.volume_folder }}/{{ volume }}"
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
state: directory
loop:
- conf
@ -16,7 +16,7 @@
- name: nginx proxy container
docker_container:
name: nginx-proxy
image: nginxproxy/nginx-proxy:1.0-alpine
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
restart_policy: always
networks:
- name: external_services
@ -24,23 +24,23 @@
- "80:80"
- "443:443"
volumes:
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
- /var/run/docker.sock:/tmp/docker.sock:ro
- name: nginx letsencrypt container
docker_container:
name: nginx-proxy-le
image: nginxproxy/acme-companion:2.2
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
restart_policy: always
volumes:
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
NGINX_PROXY_CONTAINER: nginx-proxy

View file

@ -1,7 +1,7 @@
---
- name: create ldap volume folders
file:
name: "{{ ldap.volume_folder }}/{{ volume }}"
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
state: directory
loop:
- "var/lib/ldap"
@ -17,19 +17,19 @@
- name: openLDAP container
docker_container:
name: openldap
image: osixia/openldap:1.5.0
image: osixia/openldap:{{ services.openldap.version }}
tty: true
interactive: true
restart_policy: unless-stopped
volumes:
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
published_ports:
- "389:389"
- "636:636"
hostname: "{{ ldap.domain }}"
domainname: "{{ ldap.domain }}" # important: same as hostname
hostname: "{{ services.openldap.domain }}"
domainname: "{{ services.openldap.domain }}" # important: same as hostname
networks:
- name: ldap
env:
@ -58,7 +58,7 @@
- name: phpLDAPadmin container
docker_container:
name: phpldapadmin
image: osixia/phpldapadmin:0.9.0
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
restart_policy: unless-stopped
networks:
- name: external_services
@ -68,6 +68,6 @@
PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
VIRTUAL_HOST: "{{ ldap.domain }}"
LETSENCRYPT_HOST: "{{ ldap.domain }}"
VIRTUAL_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -13,13 +13,13 @@
networks:
- "passit"
volumes:
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "passit"
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
passit_app:
image: "passit/passit:stable"
image: "passit/passit:{{ services.passit.version }}"
command: "bin/start.sh"
restart: "always"
networks:
@ -31,11 +31,11 @@
SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False'
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
FIDO_SERVER_ID: "{{ passit.domain }}"
VIRTUAL_HOST: "{{ passit.domain }}"
LETSENCRYPT_HOST: "{{ passit.domain }}"
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
FIDO_SERVER_ID: "{{ services.passit.domain }}"
VIRTUAL_HOST: "{{ services.passit.domain }}"
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:

View file

@ -2,21 +2,21 @@
- name: create portainer volume folder
file:
name: "{{ portainer.volume_folder }}"
name: "{{ services.portainer.volume_folder }}"
state: directory
- name: run portainer
docker_container:
name: portainer
image: portainer/portainer-ee:2.16.2
image: portainer/portainer-ee:{{ services.portainer.version }}
restart_policy: always
networks:
- name: external_services
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{ portainer.volume_folder }}:/data"
- "{{ services.portainer.volume_folder }}:/data"
env:
VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_HOST: "{{ services.portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ portainer.domain }}"
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -10,7 +10,7 @@
- name: setup postfix docker container for outgoing mail
docker_container:
name: postfix
image: boky/postfix:v3.5.0
image: boky/postfix:{{ services.postfix.version }}
restart_policy: always
networks:
- name: postfix

View file

@ -2,7 +2,7 @@
- name: create privatebin volume folders
file:
name: "{{ privatebin.volume_folder }}/{{ volume }}"
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
state: directory
loop:
- cfg
@ -13,19 +13,19 @@
- name: upload privatebin config
template:
src: files/configs/privatebin-conf.php
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
- name: privatebin app container
docker_container:
name: privatebin
image: jgeusebroek/privatebin:latest
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
restart_policy: unless-stopped
volumes:
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ privatebin.domain }}"
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,12 +1,12 @@
- name: Create rallly volume folders
file:
name: "{{ rallly.volume_folder }}/postgres"
name: "{{ services.rallly.volume_folder }}/postgres"
state: directory
- name: Copy Rallly environment file
template:
src: files/configs/rallly/env_file
dest: "{{ rallly.volume_folder }}/env_file"
dest: "{{ services.rallly.volume_folder }}/env_file"
- name: Set up Rallly
docker_compose:
@ -22,7 +22,7 @@
networks:
rallly_internal:
volumes:
- "{{ rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
environment:
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
POSTGRES_DB: "rallly_db"
@ -35,7 +35,7 @@
com.centurylinklabs.watchtower.enable: "true"
rallly:
image: "lukevella/rallly:a21f92bf74308d66cfcd545d49b81eba0211a222"
image: "lukevella/rallly:{{ services.rallly.version }}"
restart: "always"
networks:
rallly_internal:
@ -45,11 +45,11 @@
rallly_db:
condition: "service_healthy"
env_file:
- "{{ rallly.volume_folder }}/env_file"
- "{{ services.rallly.volume_folder }}/env_file"
environment:
VIRTUAL_HOST: "{{ rallly.domain }}"
VIRTUAL_HOST: "{{ services.rallly.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ rallly.domain }}"
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -7,12 +7,12 @@
version: '3.6'
services:
restic-backup:
image: mazzolino/restic:1.6.0
image: mazzolino/restic:{{ services.restic.version }}
restart: always
environment:
RUN_ON_STARTUP: "true"
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
RESTIC_BACKUP_ARGS: >-
@ -29,10 +29,10 @@
- /docker-volumes:/mnt/volumes:ro
restic-prune:
image: "mazzolino/restic:1.6.0"
image: "mazzolino/restic:{{ services.restic.version }}"
environment:
RUN_ON_STARTUP: "true"
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
TZ: Europe/copenhagen

View file

@ -8,7 +8,7 @@
- name: external_services
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- "{{ docker_registry.volume_folder }}/auth/config.json:/config.json"
- "{{ services.docker_registry.volume_folder }}/auth/config.json:/config.json"
env:
WATCHTOWER_LABEL_ENABLE: "true"
WATCHTOWER_POLL_INTERVAL: "60"

View file

@ -26,7 +26,7 @@ SECRET_KEY={{ mailu_secret_key }}
# PUBLIC_IPV6= ::1 (default: ::1)
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET={{ mailu.subnet }}
SUBNET={{ services.mailu.subnet }}
# Main mail domain
DOMAIN=data.coop