From 773df9487cf7849d4f3744edc14e21ecf9fa7dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Fri, 25 Nov 2022 15:57:03 +0100 Subject: [PATCH] WIP. --- playbook.yml | 22 ---- roles/docker/defaults/main.yml | 34 ++++-- roles/docker/tasks/services.yml | 5 +- .../{nginx-proxy.yml => nginx_proxy.yml} | 0 roles/docker/tasks/services/postfix.yml | 10 +- .../{restic-backup.yml => restic_backup.yml} | 0 roles/docker/tasks/services/websites.yml | 100 ------------------ .../websites/2022.slides.data.coop.yml | 23 ++++ .../services/websites/cryptoaarhus.dk.yml | 15 +++ .../services/websites/cryptohagen.dk.yml | 15 +++ .../tasks/services/websites/data.coop.yml | 15 +++ .../services/websites/new-new.data.coop.yml | 21 ++++ .../tasks/services/websites/new.data.coop.yml | 15 +++ .../ulovliglogning.dk.yml} | 0 14 files changed, 139 insertions(+), 136 deletions(-) rename roles/docker/tasks/services/{nginx-proxy.yml => nginx_proxy.yml} (100%) rename roles/docker/tasks/services/{restic-backup.yml => restic_backup.yml} (100%) delete mode 100644 roles/docker/tasks/services/websites.yml create mode 100644 roles/docker/tasks/services/websites/2022.slides.data.coop.yml create mode 100644 roles/docker/tasks/services/websites/cryptoaarhus.dk.yml create mode 100644 roles/docker/tasks/services/websites/cryptohagen.dk.yml create mode 100644 roles/docker/tasks/services/websites/data.coop.yml create mode 100644 roles/docker/tasks/services/websites/new-new.data.coop.yml create mode 100644 roles/docker/tasks/services/websites/new.data.coop.yml rename roles/docker/tasks/services/{ulovliglogning-dk.yml => websites/ulovliglogning.dk.yml} (100%) diff --git a/playbook.yml b/playbook.yml index ba93281..1ce47fb 100644 --- a/playbook.yml +++ b/playbook.yml @@ -10,28 +10,6 @@ vagrant: "{{ ansible_virtualization_role == 'guest' }}" letsencrypt_enabled: "{{ not vagrant }}" - services: - - nginx-proxy - - postfix - - openldap - - nextcloud - - passit - - gitea - - matrix_riot - - privatebin - - codimd - - netdata - - docker_registry - - drone - - websites - - ulovliglogning-dk - - watchtower - - mailu - - portainer - - mastodon - - rallly - - membersystem - smtp_host: "postfix" smtp_port: "587" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 00c3d83..e87ad37 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -6,6 +6,7 @@ services: ### Internal services ### nginx_proxy: + file: nginx_proxy.yml version: "1.0-alpine" volume_folder: "{{ volume_root_folder }}/nginx" @@ -13,6 +14,7 @@ services: version: "2.2" openldap: + file: openldap.yml domain: "ldap.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/openldap" version: "1.5.0" @@ -21,36 +23,35 @@ services: version: "0.9.0" netdata: + file: netdata.yml domain: "netdata.{{ base_domain }}" version: "v1" portainer: + file: portainer.yml domain: "portainer.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/portainer" version: "2.16.2" keycloak: + file: keycloak.yml domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" version: "20.0" postfix: + file: postfix.yml version: "v3.5.0" - allowed_sender_domains: - - "services.{{ base_domain }}" - - "{{ passit.domain }}" - - "{{ gitea.domain }}" - - "{{ mastodon.domain }}" - - "{{ rallly.domain }}" - - "{{ membersystem.domain }}" restic: + file: restic_backup.yml user: "datacoop" domain: "restic.cannedtuna.org" repository: "datacoop-hevonen" version: "1.6.0" docker_registry: + file: docker_registry.yml domain: "docker.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/docker-registry" username: "docker" @@ -60,21 +61,25 @@ services: ### External services ### nextcloud: + file: nextcloud.yml domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" version: 25-apache gitea: + file: gitea.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/gitea" version: 1.17.3 passit: + file: passit.yml domain: "passit.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/passit" version: stable matrix: + file: matrix_riot.yml domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" version: v1.63.1 @@ -87,6 +92,7 @@ services: version: v1.11.8 privatebin: + file: privatebin.yml domain: "paste.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/privatebin" version: 20221009 @@ -96,57 +102,63 @@ services: volume_folder: "{{ volume_root_folder }}/codimd" hedgedoc: + file: hedgedoc.yml domain: "pad.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/hedgedoc" version: 1.9.0 data_coop_website: + file: websites/data.coop.yml domains: - "{{ base_domain }}" - "www.{{ base_domain }}" cryptohagen_website: + file: websites/cryptohagen.dk.yml domains: - "cryptohagen.dk" - "www.cryptohagen.dk" ulovliglogning_website: + file: websites/ulovliglogning.dk.yml domains: - "ulovliglogning.dk" - "www.ulovliglogning.dk" - "ulovlig-logning.dk" cryptoaarhus_website: + file: websites/cryptoaarhus.dk.yml domains: - "cryptoaarhus.dk" - "www.cryptoaarhus.dk" drone: + file: drone.yml domain: "drone.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/drone" version: 1 mailu: + file: mailu.yml version: 1.6 domain: "mail.{{ base_domain }}" dns: 192.168.203.254 subnet: 192.168.203.0/24 volume_folder: "{{ volume_root_folder }}/mailu" - ttrss: - domain: rss.{{ base_domain }} - volume_folder: "{{ volume_root_folder }}/tt-rss" - mastodon: + file: mastodon.yml domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" version: v4.0.2 rallly: + file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" version: a21f92bf74308d66cfcd545d49b81eba0211a222 membersystem: + file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 45c9233..6b084f2 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,5 +4,6 @@ name: external_services - name: setup services - include_tasks: "services/{{ item }}.yml" - with_items: "{{ services }}" + include_tasks: "services/{{ item.value.file }}" + loop: "{{ services | dict2items }}" + when: item.value.file is defined diff --git a/roles/docker/tasks/services/nginx-proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml similarity index 100% rename from roles/docker/tasks/services/nginx-proxy.yml rename to roles/docker/tasks/services/nginx_proxy.yml diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml index 0bdeefc..505842d 100644 --- a/roles/docker/tasks/services/postfix.yml +++ b/roles/docker/tasks/services/postfix.yml @@ -15,5 +15,13 @@ networks: - name: postfix env: - ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}" + ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}" HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as + vars: + allowed_sender_domains: + - "services.{{ base_domain }}" + - "{{ services.passit.domain }}" + - "{{ services.gitea.domain }}" + - "{{ services.mastodon.domain }}" + - "{{ services.rallly.domain }}" + - "{{ services.membersystem.domain }}" diff --git a/roles/docker/tasks/services/restic-backup.yml b/roles/docker/tasks/services/restic_backup.yml similarity index 100% rename from roles/docker/tasks/services/restic-backup.yml rename to roles/docker/tasks/services/restic_backup.yml diff --git a/roles/docker/tasks/services/websites.yml b/roles/docker/tasks/services/websites.yml deleted file mode 100644 index 8c1b793..0000000 --- a/roles/docker/tasks/services/websites.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - -- name: setup data.coop website docker container - docker_container: - name: data.coop_website - image: docker.data.coop/data-coop-website - restart_policy: unless-stopped - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" - - -- name: setup new data.coop website using hugo - docker_container: - name: new.data.coop_website - image: docker.data.coop/data-coop-website:hugo - restart_policy: unless-stopped - networks: - - name: external_services - env: - VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" - -- name: setup new-new data.coop website using unipi - docker_container: - name: new-new.data.coop_website - image: docker.data.coop/unipi:latest - restart_policy: unless-stopped - purge_networks: yes - networks: - - name: external_services - env: - VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - # The ssh-key is for read-only only - command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI" - capabilities: - - NET_ADMIN - devices: - - "/dev/net/tun" - labels: - com.centurylinklabs.watchtower.enable: "true" - -- name: setup 2022.slides.data.coop website using unipi - docker_container: - name: 2022.slides.data.coop_website - image: docker.data.coop/unipi:latest - restart_policy: unless-stopped - purge_networks: yes - networks: - - name: external_services - env: - VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - # Temporarily hosting on github - command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022" - capabilities: - - NET_ADMIN - devices: - - "/dev/net/tun" - labels: - com.centurylinklabs.watchtower.enable: "true" - -- name: setup cryptohagen.dk website docker container - docker_container: - name: cryptohagen_website - restart_policy: unless-stopped - image: docker.data.coop/cryptohagen-website - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" - -- name: setup cryptoaarhus.dk website docker container - docker_container: - name: cryptoaarhus_website - restart_policy: unless-stopped - image: docker.data.coop/cryptoaarhus-website - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml new file mode 100644 index 0000000..33124b1 --- /dev/null +++ b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml @@ -0,0 +1,23 @@ +--- + +- name: setup 2022.slides.data.coop website using unipi + docker_container: + name: 2022.slides.data.coop_website + image: docker.data.coop/unipi:latest + restart_policy: unless-stopped + purge_networks: yes + networks: + - name: external_services + env: + VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + # Temporarily hosting on github + command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022" + capabilities: + - NET_ADMIN + devices: + - "/dev/net/tun" + labels: + com.centurylinklabs.watchtower.enable: "true" + diff --git a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml new file mode 100644 index 0000000..281cde8 --- /dev/null +++ b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml @@ -0,0 +1,15 @@ +--- + +- name: setup cryptoaarhus.dk website docker container + docker_container: + name: cryptoaarhus_website + restart_policy: unless-stopped + image: docker.data.coop/cryptoaarhus-website + networks: + - name: external_services + env: + VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}" + LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/cryptohagen.dk.yml b/roles/docker/tasks/services/websites/cryptohagen.dk.yml new file mode 100644 index 0000000..f9a2939 --- /dev/null +++ b/roles/docker/tasks/services/websites/cryptohagen.dk.yml @@ -0,0 +1,15 @@ +--- + +- name: setup cryptohagen.dk website docker container + docker_container: + name: cryptohagen_website + restart_policy: unless-stopped + image: docker.data.coop/cryptohagen-website + networks: + - name: external_services + env: + VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}" + LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml new file mode 100644 index 0000000..19e5536 --- /dev/null +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -0,0 +1,15 @@ +--- + +- name: setup data.coop website docker container + docker_container: + name: data.coop_website + image: docker.data.coop/data-coop-website + restart_policy: unless-stopped + networks: + - name: external_services + env: + VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/new-new.data.coop.yml b/roles/docker/tasks/services/websites/new-new.data.coop.yml new file mode 100644 index 0000000..2119f2b --- /dev/null +++ b/roles/docker/tasks/services/websites/new-new.data.coop.yml @@ -0,0 +1,21 @@ +- name: setup new-new data.coop website using unipi + docker_container: + name: new-new.data.coop_website + image: docker.data.coop/unipi:latest + restart_policy: unless-stopped + purge_networks: yes + networks: + - name: external_services + env: + VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + # The ssh-key is for read-only only + command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI" + capabilities: + - NET_ADMIN + devices: + - "/dev/net/tun" + labels: + com.centurylinklabs.watchtower.enable: "true" + diff --git a/roles/docker/tasks/services/websites/new.data.coop.yml b/roles/docker/tasks/services/websites/new.data.coop.yml new file mode 100644 index 0000000..404632c --- /dev/null +++ b/roles/docker/tasks/services/websites/new.data.coop.yml @@ -0,0 +1,15 @@ +--- + +- name: setup new data.coop website using hugo + docker_container: + name: new.data.coop_website + image: docker.data.coop/data-coop-website:hugo + restart_policy: unless-stopped + networks: + - name: external_services + env: + VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/ulovliglogning-dk.yml b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml similarity index 100% rename from roles/docker/tasks/services/ulovliglogning-dk.yml rename to roles/docker/tasks/services/websites/ulovliglogning.dk.yml