WIP.

playbook.yml

@@ -10,31 +10,6 @@
     vagrant: "{{ ansible_virtualization_role == 'guest' }}"
     letsencrypt_enabled: "{{ not vagrant }}"
 
-    services:
-      - nginx-proxy
-      - postfix
-      - openldap
-      - keycloak
-      - restic-backup
-      - nextcloud
-      - passit
-      - gitea
-      - matrix_riot
-      - privatebin
-      - codimd
-      - hedgedoc
-      - netdata
-      - docker_registry
-      - drone
-      - websites
-      - ulovliglogning-dk
-      - watchtower
-      - mailu
-      - portainer
-      - mastodon
-      - rallly
-      - membersystem
-
     smtp_host: "postfix"
     smtp_port: "587"
 

roles/docker/defaults/main.yml

@@ -6,6 +6,7 @@ services:
   ### Internal services ###
 
   nginx_proxy:
+    file: nginx_proxy.yml
     version: "1.0-alpine"
     volume_folder: "{{ volume_root_folder }}/nginx"
 
@@ -13,6 +14,7 @@ services:
     version: "2.2"
 
   openldap:
+    file: openldap.yml
     domain: "ldap.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/openldap"
     version: "1.5.0"
@@ -21,36 +23,35 @@ services:
     version: "0.9.0"
 
   netdata:
+    file: netdata.yml
     domain: "netdata.{{ base_domain }}"
     version: "v1"
 
   portainer:
+    file: portainer.yml
     domain: "portainer.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/portainer"
     version: "2.16.2"
 
   keycloak:
+    file: keycloak.yml
     domain: sso.{{ base_domain }}
     volume_folder: "{{ volume_root_folder }}/keycloak"
     version: "20.0"
 
   postfix:
+    file: postfix.yml
     version: "v3.5.0"
-    allowed_sender_domains:
-      - "services.{{ base_domain }}"
-      - "{{ passit.domain }}"
-      - "{{ gitea.domain }}"
-      - "{{ mastodon.domain }}"
-      - "{{ rallly.domain }}"
-      - "{{ membersystem.domain }}"
 
   restic:
+    file: restic_backup.yml
     user: "datacoop"
     domain: "restic.cannedtuna.org"
     repository: "datacoop-hevonen"
     version: "1.6.0"
 
   docker_registry:
+    file: docker_registry.yml
     domain: "docker.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/docker-registry"
     username: "docker"
@@ -60,21 +61,25 @@ services:
   ### External services ###
 
   nextcloud:
+    file: nextcloud.yml
     domain: "cloud.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/nextcloud"
     version: 25-apache
 
   gitea:
+    file: gitea.yml
     domain: "git.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/gitea"
     version: 1.17.3
 
   passit:
+    file: passit.yml
     domain: "passit.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/passit"
     version: stable
 
   matrix:
+    file: matrix_riot.yml
     domain: "matrix.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/matrix"
     version: v1.63.1
@@ -87,6 +92,7 @@ services:
     version: v1.11.8
 
   privatebin:
+    file: privatebin.yml
     domain: "paste.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/privatebin"
     version: 20221009
@@ -96,57 +102,63 @@ services:
     volume_folder: "{{ volume_root_folder }}/codimd"
 
   hedgedoc:
+    file: hedgedoc.yml
     domain: "pad.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/hedgedoc"
     version: 1.9.0
 
   data_coop_website:
+    file: websites/data.coop.yml
     domains:
     - "{{ base_domain }}"
     - "www.{{ base_domain }}"
 
   cryptohagen_website:
+    file: websites/cryptohagen.dk.yml
     domains:
     - "cryptohagen.dk"
     - "www.cryptohagen.dk"
 
   ulovliglogning_website:
+    file: websites/ulovliglogning.dk.yml
     domains:
     - "ulovliglogning.dk"
     - "www.ulovliglogning.dk"
     - "ulovlig-logning.dk"
 
   cryptoaarhus_website:
+    file: websites/cryptoaarhus.dk.yml
     domains:
     - "cryptoaarhus.dk"
     - "www.cryptoaarhus.dk"
 
   drone:
+    file: drone.yml
     domain: "drone.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/drone"
     version: 1
 
   mailu:
+    file: mailu.yml
     version: 1.6
     domain: "mail.{{ base_domain }}"
     dns: 192.168.203.254
     subnet: 192.168.203.0/24
     volume_folder: "{{ volume_root_folder }}/mailu"
 
-  ttrss:
-    domain: rss.{{ base_domain }}
-    volume_folder: "{{ volume_root_folder }}/tt-rss"
-
   mastodon:
+    file: mastodon.yml
     domain: "social.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/mastodon"
     version: v4.0.2
 
   rallly:
+    file: rallly.yml
     domain: "when.{{ base_domain }}"
     volume_folder: "{{ volume_root_folder }}/rallly"
     version: a21f92bf74308d66cfcd545d49b81eba0211a222
 
   membersystem:
+    file: membersystem.yml
     domain: "member.{{ base_domain }}"
     django_admins: "Vidir:valberg@orn.li"

roles/docker/tasks/services.yml

@@ -4,5 +4,6 @@
     name: external_services
 
 - name: setup services
-  include_tasks: "services/{{ item }}.yml"
-  with_items: "{{ services }}"
+  include_tasks: "services/{{ item.value.file }}"
+  loop: "{{ services | dict2items }}"
+  when: item.value.file is defined

roles/docker/tasks/services/postfix.yml

@@ -15,5 +15,13 @@
     networks:
       - name: postfix
     env:
-      ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
+      ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}"
       HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
+  vars:
+    allowed_sender_domains:
+      - "services.{{ base_domain }}"
+      - "{{ services.passit.domain }}"
+      - "{{ services.gitea.domain }}"
+      - "{{ services.mastodon.domain }}"
+      - "{{ services.rallly.domain }}"
+      - "{{ services.membersystem.domain }}"

roles/docker/tasks/services/websites.yml

@@ -1,100 +0,0 @@
----
-
-- name: setup data.coop website docker container
-  docker_container:
-    name: data.coop_website
-    image: docker.data.coop/data-coop-website
-    restart_policy: unless-stopped
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"
-      
-
-- name: setup new data.coop website using hugo
-  docker_container:
-    name: new.data.coop_website
-    image: docker.data.coop/data-coop-website:hugo
-    restart_policy: unless-stopped
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"
-
-- name: setup new-new data.coop website using unipi
-  docker_container:
-    name: new-new.data.coop_website
-    image: docker.data.coop/unipi:latest
-    restart_policy: unless-stopped
-    purge_networks: yes
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    # The ssh-key is for read-only only
-    command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
-    capabilities:
-      - NET_ADMIN
-    devices:
-      - "/dev/net/tun"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"
-
-- name: setup 2022.slides.data.coop website using unipi
-  docker_container:
-    name: 2022.slides.data.coop_website
-    image: docker.data.coop/unipi:latest
-    restart_policy: unless-stopped
-    purge_networks: yes
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    # Temporarily hosting on github
-    command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
-    capabilities:
-      - NET_ADMIN
-    devices:
-      - "/dev/net/tun"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"
-
-- name: setup cryptohagen.dk website docker container
-  docker_container:
-    name: cryptohagen_website
-    restart_policy: unless-stopped
-    image: docker.data.coop/cryptohagen-website
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"
-
-- name: setup cryptoaarhus.dk website docker container
-  docker_container:
-    name: cryptoaarhus_website
-    restart_policy: unless-stopped
-    image: docker.data.coop/cryptoaarhus-website
-    networks:
-      - name: external_services
-    env:
-      VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
-      LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
-      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
-    labels:
-      com.centurylinklabs.watchtower.enable: "true"

roles/docker/tasks/services/websites/2022.slides.data.coop.yml

@@ -0,0 +1,23 @@
+---
+
+- name: setup 2022.slides.data.coop website using unipi
+  docker_container:
+    name: 2022.slides.data.coop_website
+    image: docker.data.coop/unipi:latest
+    restart_policy: unless-stopped
+    purge_networks: yes
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    # Temporarily hosting on github
+    command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
+    capabilities:
+      - NET_ADMIN
+    devices:
+      - "/dev/net/tun"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"
+

roles/docker/tasks/services/websites/cryptoaarhus.dk.yml

@@ -0,0 +1,15 @@
+---
+
+- name: setup cryptoaarhus.dk website docker container
+  docker_container:
+    name: cryptoaarhus_website
+    restart_policy: unless-stopped
+    image: docker.data.coop/cryptoaarhus-website
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"

roles/docker/tasks/services/websites/cryptohagen.dk.yml

@@ -0,0 +1,15 @@
+---
+
+- name: setup cryptohagen.dk website docker container
+  docker_container:
+    name: cryptohagen_website
+    restart_policy: unless-stopped
+    image: docker.data.coop/cryptohagen-website
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"

roles/docker/tasks/services/websites/data.coop.yml

@@ -0,0 +1,15 @@
+---
+
+- name: setup data.coop website docker container
+  docker_container:
+    name: data.coop_website
+    image: docker.data.coop/data-coop-website
+    restart_policy: unless-stopped
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"

roles/docker/tasks/services/websites/new-new.data.coop.yml

@@ -0,0 +1,21 @@
+- name: setup new-new data.coop website using unipi
+  docker_container:
+    name: new-new.data.coop_website
+    image: docker.data.coop/unipi:latest
+    restart_policy: unless-stopped
+    purge_networks: yes
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    # The ssh-key is for read-only only
+    command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
+    capabilities:
+      - NET_ADMIN
+    devices:
+      - "/dev/net/tun"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"
+

roles/docker/tasks/services/websites/new.data.coop.yml

@@ -0,0 +1,15 @@
+---
+
+- name: setup new data.coop website using hugo
+  docker_container:
+    name: new.data.coop_website
+    image: docker.data.coop/data-coop-website:hugo
+    restart_policy: unless-stopped
+    networks:
+      - name: external_services
+    env:
+      VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    labels:
+      com.centurylinklabs.watchtower.enable: "true"