This commit is contained in:
Víðir Valberg Guðmundsson 2022-11-25 15:57:03 +01:00
parent c57becfa03
commit 9e101bff21
14 changed files with 139 additions and 139 deletions

View file

@ -10,31 +10,6 @@
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
letsencrypt_enabled: "{{ not vagrant }}"
services:
- nginx-proxy
- postfix
- openldap
- keycloak
- restic-backup
- nextcloud
- passit
- gitea
- matrix_riot
- privatebin
- codimd
- hedgedoc
- netdata
- docker_registry
- drone
- websites
- ulovliglogning-dk
- watchtower
- mailu
- portainer
- mastodon
- rallly
- membersystem
smtp_host: "postfix"
smtp_port: "587"

View file

@ -6,6 +6,7 @@ services:
### Internal services ###
nginx_proxy:
file: nginx_proxy.yml
version: "1.0-alpine"
volume_folder: "{{ volume_root_folder }}/nginx"
@ -13,6 +14,7 @@ services:
version: "2.2"
openldap:
file: openldap.yml
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
version: "1.5.0"
@ -21,36 +23,35 @@ services:
version: "0.9.0"
netdata:
file: netdata.yml
domain: "netdata.{{ base_domain }}"
version: "v1"
portainer:
file: portainer.yml
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.16.2"
keycloak:
file: keycloak.yml
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "20.0"
postfix:
file: postfix.yml
version: "v3.5.0"
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
- "{{ rallly.domain }}"
- "{{ membersystem.domain }}"
restic:
file: restic_backup.yml
user: "datacoop"
domain: "restic.cannedtuna.org"
repository: "datacoop-hevonen"
version: "1.6.0"
docker_registry:
file: docker_registry.yml
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
username: "docker"
@ -60,21 +61,25 @@ services:
### External services ###
nextcloud:
file: nextcloud.yml
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache
gitea:
file: gitea.yml
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.17.3
passit:
file: passit.yml
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
matrix:
file: matrix_riot.yml
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1
@ -87,6 +92,7 @@ services:
version: v1.11.8
privatebin:
file: privatebin.yml
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
version: 20221009
@ -96,57 +102,63 @@ services:
volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
file: hedgedoc.yml
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
version: 1.9.0
data_coop_website:
file: websites/data.coop.yml
domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
cryptohagen_website:
file: websites/cryptohagen.dk.yml
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
ulovliglogning_website:
file: websites/ulovliglogning.dk.yml
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
cryptoaarhus_website:
file: websites/cryptoaarhus.dk.yml
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
drone:
file: drone.yml
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: 1
mailu:
file: mailu.yml
version: 1.6
domain: "mail.{{ base_domain }}"
dns: 192.168.203.254
subnet: 192.168.203.0/24
volume_folder: "{{ volume_root_folder }}/mailu"
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"
mastodon:
file: mastodon.yml
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
version: v4.0.2
rallly:
file: rallly.yml
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
version: a21f92bf74308d66cfcd545d49b81eba0211a222
membersystem:
file: membersystem.yml
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"

View file

@ -4,5 +4,6 @@
name: external_services
- name: setup services
include_tasks: "services/{{ item }}.yml"
with_items: "{{ services }}"
include_tasks: "services/{{ item.value.file }}"
loop: "{{ services | dict2items }}"
when: item.value.file is defined

View file

@ -15,5 +15,13 @@
networks:
- name: postfix
env:
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
vars:
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ services.passit.domain }}"
- "{{ services.gitea.domain }}"
- "{{ services.mastodon.domain }}"
- "{{ services.rallly.domain }}"
- "{{ services.membersystem.domain }}"

View file

@ -1,100 +0,0 @@
---
- name: setup data.coop website docker container
docker_container:
name: data.coop_website
image: docker.data.coop/data-coop-website
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup new-new data.coop website using unipi
docker_container:
name: new-new.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# The ssh-key is for read-only only
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup 2022.slides.data.coop website using unipi
docker_container:
name: 2022.slides.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Temporarily hosting on github
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,23 @@
---
- name: setup 2022.slides.data.coop website using unipi
docker_container:
name: 2022.slides.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Temporarily hosting on github
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,15 @@
---
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,15 @@
---
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,15 @@
---
- name: setup data.coop website docker container
docker_container:
name: data.coop_website
image: docker.data.coop/data-coop-website
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,21 @@
- name: setup new-new data.coop website using unipi
docker_container:
name: new-new.data.coop_website
image: docker.data.coop/unipi:latest
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# The ssh-key is for read-only only
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"

View file

@ -0,0 +1,15 @@
---
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"