Merge branch 'master' into service/mailu
This commit is contained in:
commit
8a0a2bf0a0
|
@ -21,7 +21,9 @@
|
||||||
- codimd
|
- codimd
|
||||||
- netdata
|
- netdata
|
||||||
- docker_registry
|
- docker_registry
|
||||||
|
- drone
|
||||||
- websites
|
- websites
|
||||||
|
- ouroboros
|
||||||
|
|
||||||
smtp_host: postfix
|
smtp_host: postfix
|
||||||
smtp_port: 587
|
smtp_port: 587
|
||||||
|
|
|
@ -3,6 +3,7 @@ nginx:
|
||||||
|
|
||||||
ldap:
|
ldap:
|
||||||
domain: "ldap.{{ base_domain }}"
|
domain: "ldap.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
|
|
||||||
thelounge:
|
thelounge:
|
||||||
domain: "irc.{{ base_domain }}"
|
domain: "irc.{{ base_domain }}"
|
||||||
|
@ -22,9 +23,11 @@ fider:
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
domain: "matrix.{{ base_domain }}"
|
domain: "matrix.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
domain: "riot.{{ base_domain }}"
|
domain: "riot.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/riot"
|
||||||
|
|
||||||
privatebin:
|
privatebin:
|
||||||
domain: "paste.{{ base_domain }}"
|
domain: "paste.{{ base_domain }}"
|
||||||
|
@ -49,7 +52,13 @@ data_coop_website:
|
||||||
cryptohagen_website:
|
cryptohagen_website:
|
||||||
domain: "cryptohagen.dk"
|
domain: "cryptohagen.dk"
|
||||||
|
|
||||||
|
drone:
|
||||||
|
domain: "drone.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/drone"
|
||||||
|
|
||||||
mailu:
|
mailu:
|
||||||
domain: "mail.{{ base_domain }}"
|
domain: "mail.{{ base_domain }}"
|
||||||
dns: 192.168.203.254
|
dns: 192.168.203.254
|
||||||
subnet: 192.168.203.0/24
|
subnet: 192.168.203.0/24
|
||||||
|
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||||
|
|
||||||
|
|
1
roles/docker/files/configs/matrix/vhost-matrix
Normal file
1
roles/docker/files/configs/matrix/vhost-matrix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
listen 8008;
|
14
roles/docker/files/configs/matrix/vhost-root
Normal file
14
roles/docker/files/configs/matrix/vhost-root
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
location /_matrix {
|
||||||
|
proxy_pass http://0.0.0.0:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{"m.server": "matrix.data.coop:443"}';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.data.coop"}}';
|
||||||
|
}
|
|
@ -23,7 +23,7 @@
|
||||||
"feature_tabbed_settings": "enable",
|
"feature_tabbed_settings": "enable",
|
||||||
"feature_sas": "enable"
|
"feature_sas": "enable"
|
||||||
},
|
},
|
||||||
"welcomeUserId": "@riot-bot:matrix.org",
|
"welcomeUserId": "",
|
||||||
"piwik": false,
|
"piwik": false,
|
||||||
"roomDirectory": {
|
"roomDirectory": {
|
||||||
"servers": [
|
"servers": [
|
|
@ -32,7 +32,7 @@
|
||||||
- name: codimd app container
|
- name: codimd app container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: codimd_app
|
name: codimd_app
|
||||||
image: hackmdio/hackmd:1.2.1
|
image: hackmdio/hackmd:1.3.0
|
||||||
restart_policy: unless-stopped
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: codimd
|
- name: codimd
|
||||||
|
@ -51,6 +51,7 @@
|
||||||
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
|
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
|
||||||
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
|
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
|
||||||
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
|
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
|
||||||
|
CMD_USECDN: "false"
|
||||||
VIRTUAL_HOST: "{{ codimd.domain }}"
|
VIRTUAL_HOST: "{{ codimd.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ codimd.domain }}"
|
LETSENCRYPT_HOST: "{{ codimd.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
21
roles/docker/tasks/services/drone.yml
Normal file
21
roles/docker/tasks/services/drone.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Drone container
|
||||||
|
docker_container:
|
||||||
|
name: drone
|
||||||
|
image: drone/drone:latest
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ drone.volume_folder }}:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
env:
|
||||||
|
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||||
|
DRONE_GITEA_ALWAYS_AUTH: "False"
|
||||||
|
DRONE_RUNNER_CAPACITY: "2"
|
||||||
|
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: "https"
|
||||||
|
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||||
|
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -1,26 +1,45 @@
|
||||||
---
|
---
|
||||||
|
- name: create matrix volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "db"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: create riot volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ riot.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "data"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
- name: matrix network
|
- name: matrix network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: matrix
|
name: matrix
|
||||||
|
|
||||||
- name: matrix database volume
|
|
||||||
docker_volume:
|
|
||||||
name: matrix_db
|
|
||||||
|
|
||||||
- name: riot volume
|
|
||||||
docker_volume:
|
|
||||||
name: riot_app
|
|
||||||
|
|
||||||
- name: upload riot config.json
|
- name: upload riot config.json
|
||||||
template:
|
template:
|
||||||
src: files/configs/riot-config.json
|
src: files/configs/riot/config.json
|
||||||
dest: /var/lib/docker/volumes/riot_app/_data/config.json
|
dest: "{{ riot.volume_folder }}/data/config.json"
|
||||||
|
|
||||||
- name: upload riot.im.conf
|
- name: upload riot.im.conf
|
||||||
template:
|
template:
|
||||||
src: files/configs/riot.im.conf
|
src: files/configs/riot/riot.im.conf
|
||||||
dest: /var/lib/docker/volumes/riot_app/_data/riot.im.conf
|
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
||||||
|
|
||||||
|
- name: upload vhost config for root domain
|
||||||
|
template:
|
||||||
|
src: files/configs/matrix/vhost-root
|
||||||
|
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
||||||
|
|
||||||
|
- name: upload vhost config for matrix domain
|
||||||
|
template:
|
||||||
|
src: files/configs/matrix/vhost-matrix
|
||||||
|
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||||
|
|
||||||
- name: matrix database container
|
- name: matrix database container
|
||||||
docker_container:
|
docker_container:
|
||||||
|
@ -31,7 +50,7 @@
|
||||||
networks:
|
networks:
|
||||||
- name: matrix
|
- name: matrix
|
||||||
volumes:
|
volumes:
|
||||||
- matrix_db:/var/lib/postgresql/data
|
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
env:
|
env:
|
||||||
POSTGRES_USER: "synapse"
|
POSTGRES_USER: "synapse"
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
@ -44,8 +63,7 @@
|
||||||
networks:
|
networks:
|
||||||
- name: matrix
|
- name: matrix
|
||||||
published_ports:
|
published_ports:
|
||||||
- 8008:8008
|
- "8008"
|
||||||
- 8448:8448
|
|
||||||
env:
|
env:
|
||||||
SYNAPSE_SERVER_NAME: "{{ base_domain }}"
|
SYNAPSE_SERVER_NAME: "{{ base_domain }}"
|
||||||
SYNAPSE_REPORT_STATS: "False"
|
SYNAPSE_REPORT_STATS: "False"
|
||||||
|
@ -63,19 +81,18 @@
|
||||||
- name: riot container
|
- name: riot container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: riot_app
|
name: riot_app
|
||||||
image: avhost/docker-matrix-riot:v1.0.0
|
image: avhost/docker-matrix-riot:v1.0.1
|
||||||
state: started
|
state: started
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: matrix
|
- name: matrix
|
||||||
- name: external_services
|
- name: external_services
|
||||||
volumes:
|
|
||||||
- riot_app:/data
|
|
||||||
published_ports:
|
published_ports:
|
||||||
- 8080
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- "{{ riot.volume_folder }}/data:/data"
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ riot.domain }}"
|
VIRTUAL_HOST: "{{ riot.domain }}"
|
||||||
VIRTUAL_PORT: "8080"
|
VIRTUAL_PORT: "8080"
|
||||||
LETSENCRYPT_HOST: "{{ riot.domain }}"
|
LETSENCRYPT_HOST: "{{ riot.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
docker_container:
|
docker_container:
|
||||||
name: netdata
|
name: netdata
|
||||||
image: netdata/netdata
|
image: netdata/netdata
|
||||||
|
restart_policy: unless-stopped
|
||||||
hostname: "hevonen.servers.{{ base_domain }}"
|
hostname: "hevonen.servers.{{ base_domain }}"
|
||||||
capabilities:
|
capabilities:
|
||||||
- SYS_PTRACE
|
- SYS_PTRACE
|
||||||
|
|
|
@ -1,4 +1,14 @@
|
||||||
---
|
---
|
||||||
|
- name: create ldap volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "var/lib/ldap"
|
||||||
|
- "etc/slapd"
|
||||||
|
- "certs"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
- name: Create a network for ldap
|
- name: Create a network for ldap
|
||||||
docker_network:
|
docker_network:
|
||||||
|
@ -11,9 +21,9 @@
|
||||||
tty: true
|
tty: true
|
||||||
interactive: true
|
interactive: true
|
||||||
volumes:
|
volumes:
|
||||||
- /var/lib/ldap
|
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||||
- /etc/ldap/slapd.d
|
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
- /container/service/slapd/assets/certs/
|
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||||
published_ports:
|
published_ports:
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
|
|
18
roles/docker/tasks/services/ouroboros.yml
Normal file
18
roles/docker/tasks/services/ouroboros.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: ouroboros container
|
||||||
|
docker_container:
|
||||||
|
name: ouroboros
|
||||||
|
image: pyouroboros/ouroboros
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /root/.docker/config.json:/root/.docker/config.json
|
||||||
|
env:
|
||||||
|
LABEL_ENABLE: "true"
|
||||||
|
LABELS_ONLY: "true"
|
||||||
|
CLEANUP: "true"
|
||||||
|
LATEST: "true"
|
||||||
|
CRON: "*/1 * * * *"
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
docker_container:
|
docker_container:
|
||||||
name: postfix
|
name: postfix
|
||||||
image: boky/postfix
|
image: boky/postfix
|
||||||
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
env:
|
env:
|
||||||
|
|
|
@ -2,18 +2,22 @@
|
||||||
|
|
||||||
- name: setup data.coop website docker container
|
- name: setup data.coop website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: website
|
name: data.coop_website
|
||||||
image: docker.data.coop/data-coop-website
|
image: docker.data.coop/data-coop-website
|
||||||
|
restart_policy: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ data_coop_website.domain }}"
|
VIRTUAL_HOST : "{{ data_coop_website.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
|
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
||||||
- name: setup cryptohagen.dk website docker container
|
- name: setup cryptohagen.dk website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: website
|
name: cryptohagen_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
image: docker.data.coop/cryptohagen-website
|
image: docker.data.coop/cryptohagen-website
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
|
@ -21,3 +25,5 @@
|
||||||
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
|
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
|
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
labels:
|
||||||
|
com.ouroboros.enable: "true"
|
||||||
|
|
|
@ -7,4 +7,5 @@
|
||||||
- aptitude
|
- aptitude
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- apparmor
|
- apparmor
|
||||||
|
- haveged
|
||||||
|
|
Loading…
Reference in a new issue