diff --git a/deploy.sh b/deploy.sh index d66caa2..5777829 100755 --- a/deploy.sh +++ b/deploy.sh @@ -37,6 +37,9 @@ else "base") $BASE_CMD --tags base_only ;; + "users") + $BASE_CMD --tags setup-users + ;; *) usage exit 1 diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index b665dc0..b811cfb 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- users: - name: graffen @@ -13,6 +14,7 @@ users: - sudo ssh_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0= - name: reynir comment: Reynir Björnsson @@ -29,4 +31,4 @@ users: groups: - sudo ssh_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf diff --git a/playbook.yml b/playbook.yml index f2c5a1d..d2ce5af 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - hosts: all gather_facts: true diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index ba5f2fe..46edde4 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- volume_root_folder: /docker-volumes @@ -7,6 +8,7 @@ services: postfix: file: postfix.yml domain: "smtp.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/postfix" version: v3.5.1-alpine nginx_proxy: @@ -76,7 +78,7 @@ services: file: gitea.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/gitea" - version: 1.17.4 + version: 1.18.0 allowed_sender_domain: true passit: @@ -182,8 +184,12 @@ services: file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" +<<<<<<< HEAD version: ac55701890cd866ee946deb25e2b2839fb14900e postgres_version: 14-alpine +======= + version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114 +>>>>>>> main allowed_sender_domain: true pinafore: diff --git a/roles/docker/files/configs/matrix/homeserver.yaml.j2 b/roles/docker/files/configs/matrix/homeserver.yaml.j2 index 4b8c3aa..73ba3f3 100644 --- a/roles/docker/files/configs/matrix/homeserver.yaml.j2 +++ b/roles/docker/files/configs/matrix/homeserver.yaml.j2 @@ -416,7 +416,7 @@ uploads_path: "/data/uploads" # The largest allowed upload size in bytes # -max_upload_size: "50M" +max_upload_size: "512M" # Maximum number of pixels that will be thumbnailed # diff --git a/roles/docker/files/configs/matrix/vhost-matrix b/roles/docker/files/configs/matrix/vhost-matrix index a597770..b65c59c 100644 --- a/roles/docker/files/configs/matrix/vhost-matrix +++ b/roles/docker/files/configs/matrix/vhost-matrix @@ -1,2 +1,2 @@ listen 8008; -client_max_body_size 50M; # default is 1M +client_max_body_size 1G; # default is 1M diff --git a/roles/docker/files/configs/matrix/vhost-riot b/roles/docker/files/configs/matrix/vhost-riot index 66b77ed..dec55e8 100644 --- a/roles/docker/files/configs/matrix/vhost-riot +++ b/roles/docker/files/configs/matrix/vhost-riot @@ -1 +1 @@ -client_max_body_size 50M; # default is 1M +client_max_body_size 1G; # default is 1M diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 8958588..e37a19f 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,7 +1,8 @@ +# vim: ft=yaml.ansible --- - name: "restart nginx" community.docker.docker_container: name: "nginx-proxy" restart: "yes" state: "started" - \ No newline at end of file + diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 148ff67..6b1b29b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: add docker gpg key apt_key: diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index c41f5e4..c05c6b6 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup external services network docker_network: diff --git a/roles/docker/tasks/services/codimd.yml b/roles/docker/tasks/services/codimd.yml index 6e13c21..55fb18a 100644 --- a/roles/docker/tasks/services/codimd.yml +++ b/roles/docker/tasks/services/codimd.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: codimd network docker_network: diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index 660e684..79c03b7 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: copy docker registry nginx configuration copy: diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml index 5d83007..f89d389 100644 --- a/roles/docker/tasks/services/drone.yml +++ b/roles/docker/tasks/services/drone.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: set up drone with docker runner docker_compose: diff --git a/roles/docker/tasks/services/gitea.yml b/roles/docker/tasks/services/gitea.yml index 514cc9e..e0234b8 100644 --- a/roles/docker/tasks/services/gitea.yml +++ b/roles/docker/tasks/services/gitea.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: gitea network docker_network: diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml index 3b907a1..9450d6e 100644 --- a/roles/docker/tasks/services/hedgedoc.yml +++ b/roles/docker/tasks/services/hedgedoc.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create hedgedoc volume folders file: diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 2603351..f5d2d41 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: setup keycloak containers for sso.data.coop docker_compose: project_name: "keycloak" diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 745f040..9cc449a 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create mailu volume folders file: diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 656f909..654a32b 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: create mastodon volume folders file: name: "{{ services.mastodon.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 6b5e950..600d81c 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create matrix volume folders file: diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index a56bf59..52d570b 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: run membersystem containers docker_compose: project_name: "member.data.coop" diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index e1a7bbe..3b45b65 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup netdata docker container for system monitoring docker_container: name: netdata diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 1c938b9..819b22d 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: upload vhost config for cloud.data.coop template: diff --git a/roles/docker/tasks/services/nginx_proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml index 8081ab6..2f92611 100644 --- a/roles/docker/tasks/services/nginx_proxy.yml +++ b/roles/docker/tasks/services/nginx_proxy.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create nginx-proxy volume folders file: name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml index a768235..4aace81 100644 --- a/roles/docker/tasks/services/openldap.yml +++ b/roles/docker/tasks/services/openldap.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create ldap volume folders file: diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml index e76b6ca..60cb7bf 100644 --- a/roles/docker/tasks/services/passit.yml +++ b/roles/docker/tasks/services/passit.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup passit containers docker_compose: project_name: "passit" diff --git a/roles/docker/tasks/services/pinafore.yml b/roles/docker/tasks/services/pinafore.yml index a275f3a..1234329 100644 --- a/roles/docker/tasks/services/pinafore.yml +++ b/roles/docker/tasks/services/pinafore.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: Set up Pinafore docker_container: name: pinafore diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml index 005da7f..dae0e87 100644 --- a/roles/docker/tasks/services/portainer.yml +++ b/roles/docker/tasks/services/portainer.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create portainer volume folder file: name: "{{ services.portainer.volume_folder }}" diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml index 1fb67df..ece525e 100644 --- a/roles/docker/tasks/services/postfix.yml +++ b/roles/docker/tasks/services/postfix.yml @@ -1,20 +1,28 @@ +# vim: ft=yaml.ansible --- - -- name: setup network for postfix +- name: Set up network for postfix docker_network: name: postfix ipam_config: - subnet: '172.16.0.0/16' gateway: 172.16.0.1 -- name: setup postfix docker container for outgoing mail +- name: Create volume folders for Postfix + file: + name: "{{ services.postfix.volume_folder }}/dkim" + state: directory + +- name: Set up Postfix Docker container for outgoing mail from services docker_container: name: postfix image: boky/postfix:{{ services.postfix.version }} restart_policy: always networks: - name: postfix + volumes: + - "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys" env: # Get all services which have allowed_sender_domain defined ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as + DKIM_AUTOGENERATE: "true" diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml index bede175..fbbad29 100644 --- a/roles/docker/tasks/services/privatebin.yml +++ b/roles/docker/tasks/services/privatebin.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create privatebin volume folders file: name: "{{ services.privatebin.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index 22b1127..522042d 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: Create rallly volume folders file: name: "{{ services.rallly.volume_folder }}/postgres" diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml index 9dddb49..655ddb6 100644 --- a/roles/docker/tasks/services/restic_backup.yml +++ b/roles/docker/tasks/services/restic_backup.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Setup restic backup docker_compose: diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml index 7641b0b..1a65656 100644 --- a/roles/docker/tasks/services/watchtower.yml +++ b/roles/docker/tasks/services/watchtower.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: watchtower container docker_container: diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml index 36cf17d..09e0690 100644 --- a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml +++ b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup 2022.slides.data.coop website using unipi docker_container: diff --git a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml index 28d6997..d059c3c 100644 --- a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml +++ b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup cryptoaarhus.dk website docker container docker_container: name: cryptoaarhus_website diff --git a/roles/docker/tasks/services/websites/cryptohagen.dk.yml b/roles/docker/tasks/services/websites/cryptohagen.dk.yml index dcca218..b65794f 100644 --- a/roles/docker/tasks/services/websites/cryptohagen.dk.yml +++ b/roles/docker/tasks/services/websites/cryptohagen.dk.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup cryptohagen.dk website docker container docker_container: name: cryptohagen_website diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index 58d8af0..475240f 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Upload vhost config for root domain copy: diff --git a/roles/docker/tasks/services/websites/new.data.coop.yml b/roles/docker/tasks/services/websites/new.data.coop.yml index 90ba65c..aa89969 100644 --- a/roles/docker/tasks/services/websites/new.data.coop.yml +++ b/roles/docker/tasks/services/websites/new.data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup new data.coop website using hugo docker_container: diff --git a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml index 7abec88..4f4c8ca 100644 --- a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml +++ b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: setup ulovliglogning.dk website docker container docker_container: name: ulovliglogning_website diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 3289b2c..f53f924 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Install necessary packages via apt apt: diff --git a/roles/ubuntu_base/tasks/dell-apt-repo.yml b/roles/ubuntu_base/tasks/dell-apt-repo.yml index b7d9d48..2472e91 100644 --- a/roles/ubuntu_base/tasks/dell-apt-repo.yml +++ b/roles/ubuntu_base/tasks/dell-apt-repo.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Import dell apt signing key apt_key: diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index 17860a8..85c359a 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Setup firewall with UFW community.general.ufw: diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index a34d5b0..e6a1f15 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - import_tasks: ssh-port.yml tags: [change-ssh-port] diff --git a/roles/ubuntu_base/tasks/ssh-port.yml b/roles/ubuntu_base/tasks/ssh-port.yml index 1935168..e02302b 100644 --- a/roles/ubuntu_base/tasks/ssh-port.yml +++ b/roles/ubuntu_base/tasks/ssh-port.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Change SSH port on host lineinfile: diff --git a/roles/ubuntu_base/tasks/upgrade.yml b/roles/ubuntu_base/tasks/upgrade.yml index c4cd33b..0ccc7d6 100644 --- a/roles/ubuntu_base/tasks/upgrade.yml +++ b/roles/ubuntu_base/tasks/upgrade.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: update and upgrade system via apt apt: diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml index deea339..8ef07b6 100644 --- a/roles/ubuntu_base/tasks/users.yml +++ b/roles/ubuntu_base/tasks/users.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: "Add users" user: