data.coop
/
ansible
8
3
Fork 7
Code Issues 44 Pull Requests 7 Projects 1 Releases Wiki Activity

WIP.

This commit is contained in:
Víðir Valberg Guðmundsson 2022-11-25 15:57:03 +01:00
parent 6708653c94
commit 773df9487c
14 changed files with 139 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
playbook.yml
View File

@ -10,28 +10,6 @@
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
letsencrypt_enabled: "{{ not vagrant }}"
services:
- nginx-proxy
- postfix
- openldap
- nextcloud
- passit
- gitea
- matrix_riot
- privatebin
- codimd
- netdata
- docker_registry
- drone
- websites
- ulovliglogning-dk
- watchtower
- mailu
- portainer
- mastodon
- rallly
- membersystem
smtp_host: "postfix"
smtp_port: "587"

34
roles/docker/defaults/main.yml
View File

@ -6,6 +6,7 @@ services:
### Internal services ###
nginx_proxy:
file: nginx_proxy.yml
version: "1.0-alpine"
volume_folder: "{{ volume_root_folder }}/nginx"
@ -13,6 +14,7 @@ services:
version: "2.2"
openldap:
file: openldap.yml
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
version: "1.5.0"
@ -21,36 +23,35 @@ services:
version: "0.9.0"
netdata:
file: netdata.yml
domain: "netdata.{{ base_domain }}"
version: "v1"
portainer:
file: portainer.yml
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.16.2"
keycloak:
file: keycloak.yml
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "20.0"
postfix:
file: postfix.yml
version: "v3.5.0"
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
- "{{ rallly.domain }}"
- "{{ membersystem.domain }}"
restic:
file: restic_backup.yml
user: "datacoop"
domain: "restic.cannedtuna.org"
repository: "datacoop-hevonen"
version: "1.6.0"
docker_registry:
file: docker_registry.yml
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
username: "docker"
@ -60,21 +61,25 @@ services:
### External services ###
nextcloud:
file: nextcloud.yml
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache
gitea:
file: gitea.yml
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.17.3
passit:
file: passit.yml
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
matrix:
file: matrix_riot.yml
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1
@ -87,6 +92,7 @@ services:
version: v1.11.8
privatebin:
file: privatebin.yml
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
version: 20221009
@ -96,57 +102,63 @@ services:
volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
file: hedgedoc.yml
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
version: 1.9.0
data_coop_website:
file: websites/data.coop.yml
domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
cryptohagen_website:
file: websites/cryptohagen.dk.yml
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
ulovliglogning_website:
file: websites/ulovliglogning.dk.yml
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
cryptoaarhus_website:
file: websites/cryptoaarhus.dk.yml
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
drone:
file: drone.yml
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: 1
mailu:
file: mailu.yml
version: 1.6
domain: "mail.{{ base_domain }}"
dns: 192.168.203.254
subnet: 192.168.203.0/24
volume_folder: "{{ volume_root_folder }}/mailu"
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"
mastodon:
file: mastodon.yml
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
version: v4.0.2
rallly:
file: rallly.yml
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
version: a21f92bf74308d66cfcd545d49b81eba0211a222
membersystem:
file: membersystem.yml
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"

5
roles/docker/tasks/services.yml
View File

@ -4,5 +4,6 @@
name: external_services
- name: setup services
include_tasks: "services/{{ item }}.yml"
with_items: "{{ services }}"
include_tasks: "services/{{ item.value.file }}"
loop: "{{ services | dict2items }}"
when: item.value.file is defined

0
roles/docker/tasks/services/nginx-proxy.yml → roles/docker/tasks/services/nginx_proxy.yml
View File

10
roles/docker/tasks/services/postfix.yml
View File

@ -15,5 +15,13 @@
networks:
- name: postfix
env:
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
vars:
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ services.passit.domain }}"
- "{{ services.gitea.domain }}"
- "{{ services.mastodon.domain }}"
- "{{ services.rallly.domain }}"
- "{{ services.membersystem.domain }}"

0
roles/docker/tasks/services/restic-backup.yml → roles/docker/tasks/services/restic_backup.yml
View File

100
roles/docker/tasks/services/websites.yml
View File

@ -1,100 +0,0 @@
---
- name: setup data.coop website docker container
docker_container:
name: data.coop_website
image: docker.data.coop/data-coop-website
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup new-new data.coop website using unipi
docker_container:
name: new-new.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# The ssh-key is for read-only only
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup 2022.slides.data.coop website using unipi
docker_container:
name: 2022.slides.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Temporarily hosting on github
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

23
roles/docker/tasks/services/websites/2022.slides.data.coop.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: setup 2022.slides.data.coop website using unipi
docker_container:
name: 2022.slides.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Temporarily hosting on github
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"

15
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

15
roles/docker/tasks/services/websites/cryptohagen.dk.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

15
roles/docker/tasks/services/websites/data.coop.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: setup data.coop website docker container
docker_container:
name: data.coop_website
image: docker.data.coop/data-coop-website
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

21
roles/docker/tasks/services/websites/new-new.data.coop.yml Normal file
View File

@ -0,0 +1,21 @@
- name: setup new-new data.coop website using unipi
docker_container:
name: new-new.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# The ssh-key is for read-only only
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"

15
roles/docker/tasks/services/websites/new.data.coop.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

0
roles/docker/tasks/services/ulovliglogning-dk.yml → roles/docker/tasks/services/websites/ulovliglogning.dk.yml
View File