WIP.
This commit is contained in:
parent
9e101bff21
commit
9b886a8b64
111
.ansible-lint
Normal file
111
.ansible-lint
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
# .ansible-lint
|
||||||
|
|
||||||
|
profile: null # min, basic, moderate,safety, shared, production
|
||||||
|
|
||||||
|
# exclude_paths included in this file are parsed relative to this file's location
|
||||||
|
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||||
|
# option are parsed relative to the CWD of execution.
|
||||||
|
exclude_paths:
|
||||||
|
- .cache/ # implicit unless exclude_paths is defined in config
|
||||||
|
- .github/
|
||||||
|
- test/fixtures/formatting-before/
|
||||||
|
- test/fixtures/formatting-prettier/
|
||||||
|
# parseable: true
|
||||||
|
# quiet: true
|
||||||
|
# strict: true
|
||||||
|
# verbosity: 1
|
||||||
|
|
||||||
|
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||||
|
mock_modules:
|
||||||
|
- zuul_return
|
||||||
|
# note the foo.bar is invalid as being neither a module or a collection
|
||||||
|
- fake_namespace.fake_collection.fake_module
|
||||||
|
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||||
|
mock_roles:
|
||||||
|
- mocked_role
|
||||||
|
- author.role_name # old standalone galaxy role
|
||||||
|
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||||
|
|
||||||
|
# Enable checking of loop variable prefixes in roles
|
||||||
|
loop_var_prefix: "{role}_"
|
||||||
|
|
||||||
|
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||||
|
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||||
|
# to skip_list.
|
||||||
|
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||||
|
|
||||||
|
use_default_rules: true
|
||||||
|
# Load custom rules from this specific folder
|
||||||
|
# rulesdir:
|
||||||
|
# - ./rule/directory/
|
||||||
|
|
||||||
|
# Ansible-lint completely ignores rules or tags listed below
|
||||||
|
skip_list:
|
||||||
|
- skip_this_tag
|
||||||
|
|
||||||
|
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||||
|
# You must enable opt-in rules by listing each rule 'id' below.
|
||||||
|
enable_list:
|
||||||
|
- empty-string-compare # opt-in
|
||||||
|
- no-log-password # opt-in
|
||||||
|
- no-same-owner # opt-in
|
||||||
|
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||||
|
# library is missing. Normally its absence just skips using that rule.
|
||||||
|
- yaml
|
||||||
|
# Report only a subset of tags and fully ignore any others
|
||||||
|
# tags:
|
||||||
|
# - jinja[spacing]
|
||||||
|
|
||||||
|
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||||
|
warn_list:
|
||||||
|
- skip_this_tag
|
||||||
|
- experimental # experimental is included in the implicit list
|
||||||
|
# - role-name
|
||||||
|
# - yaml[document-start] # you can also use sub-rule matches
|
||||||
|
|
||||||
|
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||||
|
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||||
|
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||||
|
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||||
|
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||||
|
# write_list:
|
||||||
|
# - all
|
||||||
|
|
||||||
|
# Offline mode disables installation of requirements.yml
|
||||||
|
offline: false
|
||||||
|
|
||||||
|
# Return success if number of violations compared with previous git
|
||||||
|
# commit has not increased. This feature works only in git
|
||||||
|
# repositories.
|
||||||
|
progressive: false
|
||||||
|
|
||||||
|
# Define required Ansible's variables to satisfy syntax check
|
||||||
|
extra_vars:
|
||||||
|
foo: bar
|
||||||
|
multiline_string_variable: |
|
||||||
|
line1
|
||||||
|
line2
|
||||||
|
complex_variable: ":{;\t$()"
|
||||||
|
|
||||||
|
# Uncomment to enforce action validation with tasks, usually is not
|
||||||
|
# needed as Ansible syntax check also covers it.
|
||||||
|
# skip_action_validation: false
|
||||||
|
|
||||||
|
# List of additional kind:pattern to be added at the top of the default
|
||||||
|
# match list, first match determines the file kind.
|
||||||
|
kinds:
|
||||||
|
# - playbook: "**/examples/*.{yml,yaml}"
|
||||||
|
# - galaxy: "**/folder/galaxy.yml"
|
||||||
|
# - tasks: "**/tasks/*.yml"
|
||||||
|
# - vars: "**/vars/*.yml"
|
||||||
|
# - meta: "**/meta/main.yml"
|
||||||
|
- yaml: "**/*.yaml-too"
|
||||||
|
|
||||||
|
# List of additional collections to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_collections:
|
||||||
|
# - example_ns.example_collection
|
||||||
|
|
||||||
|
# List of additions modules to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_modules:
|
||||||
|
# - example_module
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@ playbook.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
|
.idea/
|
||||||
|
venv/
|
||||||
|
|
14
.pre-commit-config.yaml
Normal file
14
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
repos:
|
||||||
|
|
||||||
|
#- repo: https://github.com/semaphor-dk/dansabel
|
||||||
|
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||||
|
# hooks:
|
||||||
|
# - id: dansabel
|
||||||
|
|
||||||
|
- repo: https://github.com/ansible/ansible-lint
|
||||||
|
rev: v6.9.0
|
||||||
|
hooks:
|
||||||
|
- id: ansible-lint
|
||||||
|
files: \.(yaml|yml)$
|
||||||
|
additional_dependencies:
|
||||||
|
- ansible
|
12
Makefile
Normal file
12
Makefile
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||||
|
|
||||||
|
create_venv:
|
||||||
|
python3 -m venv venv
|
||||||
|
venv/bin/pip install -U pip
|
||||||
|
venv/bin/pip install ansible pre-commit
|
||||||
|
|
||||||
|
install_pre_commit:
|
||||||
|
venv/bin/pre-commit install
|
||||||
|
|
||||||
|
install_ansible_galaxy_modules:
|
||||||
|
venv/bin/ansible-galaxy collection install community.general
|
|
@ -18,7 +18,7 @@ else
|
||||||
$BASE_CMD --tags setup_services
|
$BASE_CMD --tags setup_services
|
||||||
else
|
else
|
||||||
echo "Deploying services: $2"
|
echo "Deploying services: $2"
|
||||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
$BASE_CMD --tags setup_services --extra-vars "enabled_services=$2"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
"base")
|
"base")
|
||||||
|
|
25
playbook.yml
25
playbook.yml
|
@ -13,6 +13,31 @@
|
||||||
smtp_host: "postfix"
|
smtp_host: "postfix"
|
||||||
smtp_port: "587"
|
smtp_port: "587"
|
||||||
|
|
||||||
|
enabled_services:
|
||||||
|
- nginx_proxy
|
||||||
|
- postfix
|
||||||
|
- openldap
|
||||||
|
- keycloak
|
||||||
|
- restic_backup
|
||||||
|
- nextcloud
|
||||||
|
- passit
|
||||||
|
- gitea
|
||||||
|
- matrix_riot
|
||||||
|
- privatebin
|
||||||
|
- codimd
|
||||||
|
- hedgedoc
|
||||||
|
- netdata
|
||||||
|
- docker_registry
|
||||||
|
- drone
|
||||||
|
- websites
|
||||||
|
- ulovliglogning-dk
|
||||||
|
- watchtower
|
||||||
|
- mailu
|
||||||
|
- portainer
|
||||||
|
- mastodon
|
||||||
|
- rallly
|
||||||
|
- membersystem
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- import_role:
|
||||||
name: ubuntu_base
|
name: ubuntu_base
|
||||||
|
|
|
@ -4,6 +4,9 @@ volume_root_folder: "/docker-volumes"
|
||||||
services:
|
services:
|
||||||
|
|
||||||
### Internal services ###
|
### Internal services ###
|
||||||
|
postfix:
|
||||||
|
file: postfix.yml
|
||||||
|
version: "v3.5.0"
|
||||||
|
|
||||||
nginx_proxy:
|
nginx_proxy:
|
||||||
file: nginx_proxy.yml
|
file: nginx_proxy.yml
|
||||||
|
@ -39,16 +42,13 @@ services:
|
||||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
version: "20.0"
|
version: "20.0"
|
||||||
|
|
||||||
postfix:
|
|
||||||
file: postfix.yml
|
|
||||||
version: "v3.5.0"
|
|
||||||
|
|
||||||
restic:
|
restic:
|
||||||
file: restic_backup.yml
|
file: restic_backup.yml
|
||||||
user: "datacoop"
|
user: "datacoop"
|
||||||
domain: "restic.cannedtuna.org"
|
domain: "restic.cannedtuna.org"
|
||||||
repository: "datacoop-hevonen"
|
repository: "datacoop-hevonen"
|
||||||
version: "1.6.0"
|
version: "1.6.0"
|
||||||
|
disabled_in_vagrant: true
|
||||||
|
|
||||||
docker_registry:
|
docker_registry:
|
||||||
file: docker_registry.yml
|
file: docker_registry.yml
|
||||||
|
@ -71,12 +71,14 @@ services:
|
||||||
domain: "git.{{ base_domain }}"
|
domain: "git.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||||
version: 1.17.3
|
version: 1.17.3
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
passit:
|
passit:
|
||||||
file: passit.yml
|
file: passit.yml
|
||||||
domain: "passit.{{ base_domain }}"
|
domain: "passit.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/passit"
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
version: stable
|
version: stable
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
file: matrix_riot.yml
|
file: matrix_riot.yml
|
||||||
|
@ -105,7 +107,7 @@ services:
|
||||||
file: hedgedoc.yml
|
file: hedgedoc.yml
|
||||||
domain: "pad.{{ base_domain }}"
|
domain: "pad.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
version: 1.9.0
|
version: 1.9.6
|
||||||
|
|
||||||
data_coop_website:
|
data_coop_website:
|
||||||
file: websites/data.coop.yml
|
file: websites/data.coop.yml
|
||||||
|
@ -151,14 +153,17 @@ services:
|
||||||
domain: "social.{{ base_domain }}"
|
domain: "social.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||||
version: v4.0.2
|
version: v4.0.2
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
rallly:
|
rallly:
|
||||||
file: rallly.yml
|
file: rallly.yml
|
||||||
domain: "when.{{ base_domain }}"
|
domain: "when.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
membersystem:
|
membersystem:
|
||||||
file: membersystem.yml
|
file: membersystem.yml
|
||||||
domain: "member.{{ base_domain }}"
|
domain: "member.{{ base_domain }}"
|
||||||
django_admins: "Vidir:valberg@orn.li"
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# ----------
|
# ----------
|
||||||
# This identifies your server and cannot be changed safely later
|
# This identifies your server and cannot be changed safely later
|
||||||
# ----------
|
# ----------
|
||||||
LOCAL_DOMAIN={{ mastodon.domain }}
|
LOCAL_DOMAIN={{ services.mastodon.domain }}
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
# -----
|
# -----
|
||||||
|
@ -52,7 +52,7 @@ SMTP_SERVER={{ smtp_host }}
|
||||||
SMTP_PORT={{ smtp_port }}
|
SMTP_PORT={{ smtp_port }}
|
||||||
SMTP_LOGIN=
|
SMTP_LOGIN=
|
||||||
SMTP_PASSWORD=
|
SMTP_PASSWORD=
|
||||||
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
|
SMTP_FROM_ADDRESS=notifications@{{ services.mastodon.domain }}
|
||||||
|
|
||||||
# File storage (optional)
|
# File storage (optional)
|
||||||
# -----------------------
|
# -----------------------
|
||||||
|
|
|
@ -44,7 +44,7 @@ pid_file: /data/homeserver.pid
|
||||||
# use synapse with a reverse proxy, this should be the URL to reach
|
# use synapse with a reverse proxy, this should be the URL to reach
|
||||||
# synapse via the proxy.
|
# synapse via the proxy.
|
||||||
#
|
#
|
||||||
public_baseurl: "https://{{ matrix.domain }}"
|
public_baseurl: "https://{{ services.matrix.domain }}"
|
||||||
|
|
||||||
# Set the soft limit on the number of file descriptors synapse can use
|
# Set the soft limit on the number of file descriptors synapse can use
|
||||||
# Zero is used to indicate synapse should set the soft limit to the
|
# Zero is used to indicate synapse should set the soft limit to the
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
NEXT_PUBLIC_BASE_URL="https://{{ rallly.domain }}"
|
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||||
SUPPORT_EMAIL="noreply@{{ rallly.domain }}"
|
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||||
SMTP_HOST="{{ smtp_host }}"
|
SMTP_HOST="{{ smtp_host }}"
|
||||||
SMTP_PORT="{{ smtp_port }}"
|
SMTP_PORT="{{ smtp_port }}"
|
||||||
SMTP_SECURE="false"
|
SMTP_SECURE="false"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"default_server_config": {
|
"default_server_config": {
|
||||||
"m.homeserver": {
|
"m.homeserver": {
|
||||||
"base_url": "https://{{ matrix.domain }}"
|
"base_url": "https://{{ services.matrix.domain }}"
|
||||||
},
|
},
|
||||||
"m.identity_server": {
|
"m.identity_server": {
|
||||||
"base_url": "https://vector.im"
|
"base_url": "https://vector.im"
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"enable_presence_by_hs_url": {
|
"enable_presence_by_hs_url": {
|
||||||
"https://{{ matrix.domain }}": false
|
"https://{{ services.matrix.domain }}": false
|
||||||
},
|
},
|
||||||
"terms_and_conditions_links": [
|
"terms_and_conditions_links": [
|
||||||
{
|
{
|
||||||
|
|
|
@ -3,7 +3,12 @@
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
|
#- name: setup services
|
||||||
|
# include_tasks: "services/{{ item.value.file }}"
|
||||||
|
# loop: "{{ services | dict2items }}"
|
||||||
|
# when: item.key in enabled_services and item.value.file is defined and item.value.disabled_in_vagrant is not defined
|
||||||
|
|
||||||
- name: setup services
|
- name: setup services
|
||||||
include_tasks: "services/{{ item.value.file }}"
|
include_tasks: "services/{{ services[item].file }}"
|
||||||
loop: "{{ services | dict2items }}"
|
loop: "{{ enabled_services }}"
|
||||||
when: item.value.file is defined
|
when: item in services and services[item].file is defined and services[item].disabled_in_vagrant is not defined
|
||||||
|
|
|
@ -30,7 +30,6 @@
|
||||||
|
|
||||||
- name: log in to registry
|
- name: log in to registry
|
||||||
docker_login:
|
docker_login:
|
||||||
registry: "{{ services.docker_registry.domain }}"
|
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||||
username: "docker"
|
username: "docker"
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
config_path: "{{ services.docker_registry.volume_folder }}/auth/config.json"
|
|
||||||
|
|
|
@ -25,14 +25,14 @@
|
||||||
POSTGRES_PORT: 5432
|
POSTGRES_PORT: 5432
|
||||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
VIRTUAL_PORT: "8000"
|
VIRTUAL_PORT: "8000"
|
||||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
||||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
networks:
|
networks:
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
depends_on:
|
depends_on:
|
||||||
- "postgres"
|
- "postgres"
|
||||||
- "redis"
|
- "redis"
|
||||||
|
@ -54,8 +54,8 @@
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
environment:
|
environment:
|
||||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
POSTGRES_HOST: "postgres"
|
POSTGRES_HOST: "postgres"
|
||||||
POSTGRES_DB: "nextcloud"
|
POSTGRES_DB: "nextcloud"
|
||||||
|
|
|
@ -15,13 +15,6 @@
|
||||||
networks:
|
networks:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
env:
|
env:
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'defined') | map(attribute='value.domain') | list | join(' ') }}"
|
||||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
||||||
vars:
|
|
||||||
allowed_sender_domains:
|
|
||||||
- "services.{{ base_domain }}"
|
|
||||||
- "{{ services.passit.domain }}"
|
|
||||||
- "{{ services.gitea.domain }}"
|
|
||||||
- "{{ services.mastodon.domain }}"
|
|
||||||
- "{{ services.rallly.domain }}"
|
|
||||||
- "{{ services.membersystem.domain }}"
|
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
VIRTUAL_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
# Temporarily hosting on github
|
# Temporarily hosting on github
|
||||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
VIRTUAL_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
# The ssh-key is for read-only only
|
# The ssh-key is for read-only only
|
||||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||||
|
|
|
@ -8,8 +8,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
VIRTUAL_HOST : "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
|
@ -6,8 +6,8 @@
|
||||||
networks:
|
networks:
|
||||||
- name: external_services
|
- name: external_services
|
||||||
env:
|
env:
|
||||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
labels:
|
labels:
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
|
|
|
@ -9,14 +9,14 @@
|
||||||
loop: "{{ users | default([]) }}"
|
loop: "{{ users | default([]) }}"
|
||||||
|
|
||||||
- name: "Add ssh authorized_keys"
|
- name: "Add ssh authorized_keys"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ item.name }}"
|
user: "{{ item.name }}"
|
||||||
key: "{{ item.ssh_keys | join('\n') }}"
|
key: "{{ item.ssh_keys | join('\n') }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
loop: "{{ users | default([]) }}"
|
loop: "{{ users | default([]) }}"
|
||||||
|
|
||||||
- name: "Add ssh authorized_keys to root user"
|
- name: "Add ssh authorized_keys to root user"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "root"
|
user: "root"
|
||||||
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
||||||
exclusive: true
|
exclusive: true
|
||||||
|
|
Loading…
Reference in a new issue