WIP.
This commit is contained in:
parent
c57becfa03
commit
9e101bff21
25
playbook.yml
25
playbook.yml
|
@ -10,31 +10,6 @@
|
|||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
services:
|
||||
- nginx-proxy
|
||||
- postfix
|
||||
- openldap
|
||||
- keycloak
|
||||
- restic-backup
|
||||
- nextcloud
|
||||
- passit
|
||||
- gitea
|
||||
- matrix_riot
|
||||
- privatebin
|
||||
- codimd
|
||||
- hedgedoc
|
||||
- netdata
|
||||
- docker_registry
|
||||
- drone
|
||||
- websites
|
||||
- ulovliglogning-dk
|
||||
- watchtower
|
||||
- mailu
|
||||
- portainer
|
||||
- mastodon
|
||||
- rallly
|
||||
- membersystem
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ services:
|
|||
### Internal services ###
|
||||
|
||||
nginx_proxy:
|
||||
file: nginx_proxy.yml
|
||||
version: "1.0-alpine"
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
|
||||
|
@ -13,6 +14,7 @@ services:
|
|||
version: "2.2"
|
||||
|
||||
openldap:
|
||||
file: openldap.yml
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
version: "1.5.0"
|
||||
|
@ -21,36 +23,35 @@ services:
|
|||
version: "0.9.0"
|
||||
|
||||
netdata:
|
||||
file: netdata.yml
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
version: "v1"
|
||||
|
||||
portainer:
|
||||
file: portainer.yml
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
version: "2.16.2"
|
||||
|
||||
keycloak:
|
||||
file: keycloak.yml
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
version: "20.0"
|
||||
|
||||
postfix:
|
||||
file: postfix.yml
|
||||
version: "v3.5.0"
|
||||
allowed_sender_domains:
|
||||
- "services.{{ base_domain }}"
|
||||
- "{{ passit.domain }}"
|
||||
- "{{ gitea.domain }}"
|
||||
- "{{ mastodon.domain }}"
|
||||
- "{{ rallly.domain }}"
|
||||
- "{{ membersystem.domain }}"
|
||||
|
||||
restic:
|
||||
file: restic_backup.yml
|
||||
user: "datacoop"
|
||||
domain: "restic.cannedtuna.org"
|
||||
repository: "datacoop-hevonen"
|
||||
version: "1.6.0"
|
||||
|
||||
docker_registry:
|
||||
file: docker_registry.yml
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
username: "docker"
|
||||
|
@ -60,21 +61,25 @@ services:
|
|||
### External services ###
|
||||
|
||||
nextcloud:
|
||||
file: nextcloud.yml
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
version: 25-apache
|
||||
|
||||
gitea:
|
||||
file: gitea.yml
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
version: 1.17.3
|
||||
|
||||
passit:
|
||||
file: passit.yml
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
version: stable
|
||||
|
||||
matrix:
|
||||
file: matrix_riot.yml
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
version: v1.63.1
|
||||
|
@ -87,6 +92,7 @@ services:
|
|||
version: v1.11.8
|
||||
|
||||
privatebin:
|
||||
file: privatebin.yml
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
version: 20221009
|
||||
|
@ -96,57 +102,63 @@ services:
|
|||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
file: hedgedoc.yml
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
version: 1.9.0
|
||||
|
||||
data_coop_website:
|
||||
file: websites/data.coop.yml
|
||||
domains:
|
||||
- "{{ base_domain }}"
|
||||
- "www.{{ base_domain }}"
|
||||
|
||||
cryptohagen_website:
|
||||
file: websites/cryptohagen.dk.yml
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
|
||||
ulovliglogning_website:
|
||||
file: websites/ulovliglogning.dk.yml
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
|
||||
cryptoaarhus_website:
|
||||
file: websites/cryptoaarhus.dk.yml
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
|
||||
drone:
|
||||
file: drone.yml
|
||||
domain: "drone.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/drone"
|
||||
version: 1
|
||||
|
||||
mailu:
|
||||
file: mailu.yml
|
||||
version: 1.6
|
||||
domain: "mail.{{ base_domain }}"
|
||||
dns: 192.168.203.254
|
||||
subnet: 192.168.203.0/24
|
||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||
|
||||
ttrss:
|
||||
domain: rss.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||
|
||||
mastodon:
|
||||
file: mastodon.yml
|
||||
domain: "social.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||
version: v4.0.2
|
||||
|
||||
rallly:
|
||||
file: rallly.yml
|
||||
domain: "when.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||
|
||||
membersystem:
|
||||
file: membersystem.yml
|
||||
domain: "member.{{ base_domain }}"
|
||||
django_admins: "Vidir:valberg@orn.li"
|
||||
|
|
|
@ -4,5 +4,6 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
include_tasks: "services/{{ item.value.file }}"
|
||||
loop: "{{ services | dict2items }}"
|
||||
when: item.value.file is defined
|
||||
|
|
|
@ -15,5 +15,13 @@
|
|||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
||||
ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
|
||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
||||
vars:
|
||||
allowed_sender_domains:
|
||||
- "services.{{ base_domain }}"
|
||||
- "{{ services.passit.domain }}"
|
||||
- "{{ services.gitea.domain }}"
|
||||
- "{{ services.mastodon.domain }}"
|
||||
- "{{ services.rallly.domain }}"
|
||||
- "{{ services.membersystem.domain }}"
|
||||
|
|
|
@ -1,100 +0,0 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
||||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
15
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
15
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
15
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
15
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
15
roles/docker/tasks/services/websites/data.coop.yml
Normal file
15
roles/docker/tasks/services/websites/data.coop.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
21
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
21
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
||||
|
15
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
15
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: "true"
|
Loading…
Reference in a new issue