data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 9 Projects 1 Releases Wiki Activity

Get rid of all docker compose files and use ansible modules to create resources.

Browse source
This commit is contained in:
Víðir Valberg Guðmundsson 2019-01-26 17:54:45 +01:00
parent 3fa26a3f29
commit b2a532c258
18 changed files with 853 additions and 218 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
group_vars/all/secrets.yml Normal file
View file

@ -0,0 +1,38 @@
$ANSIBLE_VAULT;1.1;AES256
63323530623531666436636366633932313030663465316462623730383562623961373734303630
3961356564343865353430353539626531396462376164360a383662633337353765356364366464
38363066303165666562393735663435393130396463333131396232386236363566653737323937
3562643633636633310a353731626562616230363536646538303636633262643366653566393538
39393639313933666330326235333661356335343031353935623737616432333633356533383266
64346438333630306634396534613534303038396662653035623832393339613232333465376436
35623037616532353061373635356536336437303666343239643236323530333534343331346639
34663335383962656534613739626538303663316437613338336562393866313862326336313464
64316438653233663063623938663864623235623463626666653366393062303639653733656534
35333161633638363564386338623739643366346462326434626336323766646462306535616534
31313063343032373732333762626233326233376137656164646666303962633034386437376131
61353235333164333632393964343962323930383861353434336236663437373333373065626635
35396261393031363339656665373235383134383930383238323363323961366162313161653731
33333635303638356338633166646463356533653065663035316563636139303137333733343138
37346164613235373965376131623732376463323265346234376565343364393262306362633933
36633563373932653663353063636238643665363666663536613562626632643235643934663465
63316162316234633561623965353166613939386136333261383830653431616662626366393838
31373861653962633065636637616631623832326565396533386331633034636666336234353662
62356631383334373631306163643161623333363264626436396437666234313637356666663334
34623039376632663839363539386661356666663030663239653634373237313066333337313837
34373530313834303038303839393566643538383138363035613066393239666165303162303932
33653462353638353033303364316433333564303565646165643065626163306365383836333665
30636234373636316265633965356232343762643362613966303063636439396439616130633835
36353062383032333431616434373133633038386530646531363439306263343464313762383866
66313237323336666162393439333737663434353466643631353039343433306264393030356362
63643030666433633631613733376330383034313632303263646439316635656334346439636334
31343235353366646566626431313734666232633539316363396665383434663532356330613462
35653037336532643236326534303335623265633633363462653638316637356230356236383365
66346361653236346366306462383364323662616664393365313238323936303062316136386664
30306366663235353630646537623237623631646139396533633439353839356637386437396132
36626139316335653333313037666231353734623436316563633763396637313233333938376130
30326364383833376161326563633166373631643762663063353764313665616335663233316336
61393735343734653136613539613262343331343938363364343530656234393839313830303133
38363630343262646230366234313538306430646161626534353030396661626336326230376261
65303231616238393430643533366630613361653431336432383331376533616665326537626336
34313439623232326166373636633135303766636133303465656332653633356339363761623833
63313762346233623338356466623638316466646436323238663434666232343765

0
group_vars/all.yml → group_vars/all/vars.yml
View file

10
playbook.yml
View file

@ -3,12 +3,18 @@
gather_facts: False gather_facts: False
become: true become: true
vars: vars:
# Services are the names of the compose files in docker/files/composefiles base_domain: data.coop
letsencrypt_email: bestyrelsen@data.coop
ldap_dn: "dc=data,dc=coop"
services: services:
- nginx-proxy - nginx-proxy
- openldap
- thelounge - thelounge
- gitea
- nextcloud - nextcloud
- fider
- passit
- gitea
tasks: tasks:
- import_role: - import_role:

14
roles/docker/defaults/main.yml Normal file
View file

@ -0,0 +1,14 @@
ldap:
domain: "ldap.{{ base_domain }}"
thelounge:
domain: "irc.{{ base_domain }}"
nextcloud:
domain: "cloud.{{ base_domain }}"
passit:
domain: "passit.{{ base_domain }}"
fider:
domain: "feedback.{{ base_domain }}"

43
roles/docker/files/composefiles/fider.yml
View file

@ -1,43 +0,0 @@
version: '3'
services:
db:
restart: always
image: postgres
networks:
- fider
volumes:
- /var/fider/pg_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: fider
POSTGRES_PASSWORD: "SOMESTRONGPASSWORD"
app:
restart: always
image: getfider/fider:stable
ports:
- "9999:3000"
networks:
- fider
- external_services
environment:
GO_ENV: production
DATABASE_URL: postgres://fider:SOMESTRONGPASSWORD@db:5432/fider?sslmode=disable
JWT_SECRET: LONGRANDOMSTRING
EMAIL_NOREPLY: noreply@data.coop
EMAIL_SMTP_HOST: smtp.fastmail.com
EMAIL_SMTP_PORT: 587
EMAIL_SMTP_USERNAME: a_smtp_user
EMAIL_SMTP_PASSWORD: password_for_smtp_user
VIRTUAL_HOST: feedback.data.coop
LETSENCRYPT_HOST: feedback.data.coop
LETSENCRYPT_EMAIL: valberg@orn.li
depends_on:
- db
networks:
fider:
external_services:
external: true

42
roles/docker/files/composefiles/gitea.yml
View file

@ -1,42 +0,0 @@
version: "2.3"
networks:
gitea:
external_services:
external: true
services:
server:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
- VIRTUAL_HOST=gitea.local
- VIRTUAL_PORT=3000
restart: always
networks:
- gitea
- external_services
volumes:
- gitea:/data
ports:
- "3000:3000"
- "222:22"
depends_on:
- db
db:
image: postgres:9.6
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- postgres:/var/lib/postgresql/data
volumes:
gitea:
postgres:

38
roles/docker/files/composefiles/nextcloud.yml
View file

@ -1,38 +0,0 @@
version: '3'
services:
db:
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
networks:
- nextcloud
app:
image: nextcloud
volumes:
- nextcloud:/var/www/html
restart: always
environment:
- POSTGRES_HOST=db
- POSTGRES_PASSWORD=hest
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- VIRTUAL_HOST=nextcloud.local
depends_on:
- db
ports:
- "80"
networks:
- nextcloud
- external_services
volumes:
nextcloud:
db:
networks:
external_services:
external: true
nextcloud:

23
roles/docker/files/composefiles/thelounge.yml
View file

@ -1,23 +0,0 @@
version: '3'
services:
thelounge:
image: thelounge/lounge:latest
container_name: thelounge
restart: always
ports:
- "9000:9000"
volumes:
- thelounge:/home/lounge/data # bind lounge config from the host's file system
networks:
- external_services
environment:
VIRTUAL_HOST: irc.data.coop
LETSENCRYPT_HOST: irc.data.coop
LETSENCRYPT_EMAIL: valberg@orn.li
volumes:
thelounge:
networks:
external_services:
external: true

510
roles/docker/files/configs/thelounge.js Normal file
View file

@ -0,0 +1,510 @@
"use strict";
module.exports = {
//
// Set the server mode.
// Public servers does not require authentication.
//
// Set to 'false' to enable users.
//
// @type boolean
// @default false
//
public: false,
//
// IP address or hostname for the web server to listen on.
// Setting this to undefined will listen on all interfaces.
//
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
//
// @type string
// @default undefined
//
host: undefined,
//
// Set the port to listen on.
//
// @type int
// @default 9000
//
port: 9000,
//
// Set the local IP to bind to for outgoing connections. Leave to undefined
// to let the operating system pick its preferred one.
//
// @type string
// @default undefined
//
bind: undefined,
//
// Sets whether the server is behind a reverse proxy and should honor the
// X-Forwarded-For header or not.
//
// @type boolean
// @default false
//
reverseProxy: false,
//
// Set the default theme.
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
//
// @type string
// @default "example"
//
theme: "example",
//
// Prefetch URLs
//
// If enabled, The Lounge will try to load thumbnails and site descriptions from
// URLs posted in channels.
//
// @type boolean
// @default false
//
prefetch: false,
//
// Store and proxy prefetched images and thumbnails.
// This improves security and privacy by not exposing client IP address,
// and always loading images from The Lounge instance and making all assets secure,
// which in result fixes mixed content warnings.
//
// If storage is enabled, The Lounge will fetch and store images and thumbnails
// in the `${THELOUNGE_HOME}/storage` folder.
//
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
// and the folder is cleaned up on every The Lounge restart.
//
// @type boolean
// @default false
//
prefetchStorage: false,
//
// Prefetch URLs Image Preview size limit
//
// If prefetch is enabled, The Lounge will only display content under the maximum size.
// Specified value is in kilobytes. Default value is 2048 kilobytes.
//
// @type int
// @default 2048
//
prefetchMaxImageSize: 2048,
//
// Display network
//
// If set to false network settings will not be shown in the login form.
//
// @type boolean
// @default true
//
displayNetwork: true,
//
// Lock network
//
// If set to true, users will not be able to modify host, port and tls
// settings and will be limited to the configured network.
//
// @type boolean
// @default false
//
lockNetwork: false,
//
// Hex IP
//
// If enabled, clients' username will be set to their IP encoded has hex.
// This is done to share the real user IP address with the server for host masking purposes.
//
// @type boolean
// @default false
//
useHexIp: false,
//
// WEBIRC support
//
// If enabled, The Lounge will pass the connecting user's host and IP to the
// IRC server. Note that this requires to obtain a password from the IRC network
// The Lounge will be connecting to and generally involves a lot of trust from the
// network you are connecting to.
//
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
// Format (function):
// {"irc.example.net": function(client, args, trusted) {
// // here, we return a webirc object fed directly to `irc-framework`
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
// }}
//
// @type string | function(client, args):object(webirc)
// @default null
webirc: null,
//
// Log settings
//
// Logging has to be enabled per user. If enabled, logs will be stored in
// the 'logs/<user>/<network>/' folder.
//
// @type object
// @default {}
//
logs: {
//
// Timestamp format
//
// @type string
// @default "YYYY-MM-DD HH:mm:ss"
//
format: "YYYY-MM-DD HH:mm:ss",
//
// Timezone
//
// @type string
// @default "UTC+00:00"
//
timezone: "UTC+00:00",
},
//
// Maximum number of history lines per channel
//
// Defines the maximum number of history lines that will be kept in
// memory per channel/query, in order to reduce the memory usage of
// the server. Setting this to -1 will keep unlimited amount.
//
// @type integer
// @default 10000
maxHistory: 10000,
//
// Default values for the 'Connect' form.
//
// @type object
// @default {}
//
defaults: {
//
// Name
//
// @type string
// @default "Freenode"
//
name: "Freenode",
//
// Host
//
// @type string
// @default "chat.freenode.net"
//
host: "chat.freenode.net",
//
// Port
//
// @type int
// @default 6697
//
port: 6697,
//
// Password
//
// @type string
// @default ""
//
password: "",
//
// Enable TLS/SSL
//
// @type boolean
// @default true
//
tls: true,
//
// Nick
//
// @type string
// @default "lounge-user"
//
nick: "lounge-user",
//
// Username
//
// @type string
// @default "lounge-user"
//
username: "lounge-user",
//
// Real Name
//
// @type string
// @default "The Lounge User"
//
realname: "The Lounge User",
//
// Channels
// This is a comma-separated list.
//
// @type string
// @default "#thelounge"
//
join: "#thelounge",
},
//
// Set socket.io transports
//
// @type array
// @default ["polling", "websocket"]
//
transports: ["polling", "websocket"],
//
// Run The Lounge using encrypted HTTP/2.
// This will fallback to regular HTTPS if HTTP/2 is not supported.
//
// @type object
// @default {}
//
https: {
//
// Enable HTTP/2 / HTTPS support.
//
// @type boolean
// @default false
//
enable: false,
//
// Path to the key.
//
// @type string
// @example "sslcert/key.pem"
// @default ""
//
key: "",
//
// Path to the certificate.
//
// @type string
// @example "sslcert/key-cert.pem"
// @default ""
//
certificate: "",
//
// Path to the CA bundle.
//
// @type string
// @example "sslcert/bundle.pem"
// @default ""
//
ca: "",
},
//
// Default quit and part message if none is provided.
//
// @type string
// @default "The Lounge - https://thelounge.github.io"
//
leaveMessage: "The Lounge - https://thelounge.github.io",
//
// Run The Lounge with identd support.
//
// @type object
// @default {}
//
identd: {
//
// Run the identd daemon on server start.
//
// @type boolean
// @default false
//
enable: false,
//
// Port to listen for ident requests.
//
// @type int
// @default 113
//
port: 113,
},
//
// Enable oidentd support using the specified file
//
// Example: oidentd: "~/.oidentd.conf",
//
// @type string
// @default null
//
oidentd: null,
//
// LDAP authentication settings (only available if public=false)
// @type object
// @default {}
//
// The authentication process works as follows:
//
// 1. Lounge connects to the LDAP server with its system credentials
// 2. It performs a LDAP search query to find the full DN associated to the
// user requesting to log in.
// 3. Lounge tries to connect a second time, but this time using the user's
// DN and password. Auth is validated iff this connection is successful.
//
// The search query takes a couple of parameters in `searchDN`:
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
// to be returned;
// - a search scope `searchDN/scope` (see LDAP documentation);
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
// where <username> is the user name provided in the log in request,
// <primaryKey> is provided by the config and <fitler> is a filtering complement
// also given in the config, to filter for instance only for nodes of type
// inetOrgPerson, or whatever LDAP search allows.
//
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
// ignore searchDN options and assume that the user DN is always:
// <bindDN>,<primaryKey>=<username>
// where <username> is the user name provided in the log in request, and <bindDN>
// and <primaryKey> are provided by the config.
//
ldap: {
//
// Enable LDAP user authentication
//
// @type boolean
// @default false
//
enable: true,
//
// LDAP server URL
//
// @type string
//
url: "ldap://{{ ldap.domain }}",
//
// LDAP connection tls options (only used if scheme is ldaps://)
//
// @type object (see nodejs' tls.connect() options)
// @default {}
//
// Example:
// You can use this option in order to force the use of IPv6:
// {
// host: 'my::ip::v6',
// servername: 'example.com'
// }
tlsOptions: {},
//
// LDAP base dn, alternative to searchDN
//
// @type string
//
baseDN: "{{ ldap_dn }}",
//
// LDAP primary key
//
// @type string
// @default "uid"
//
primaryKey: "uid",
//
// LDAP search dn settings. This defines the procedure by which the
// lounge first look for user DN before authenticating her.
// Ignored if baseDN is specified
//
// @type object
//
searchDN: {
//
// LDAP searching bind DN
// This bind DN is used to query the server for the DN of the user.
// This is supposed to be a system user that has access in read only to
// the DNs of the people that are allowed to log in.
//
// @type string
//
rootDN: "",
//
// Password of the lounge LDAP system user
//
// @type string
//
rootPassword: "",
//
// LDAP filter
//
// @type string
// @default "uid"
//
filter: "uid",
//
// LDAP search base (search only within this node)
//
// @type string
//
base: "",
//
// LDAP search scope
//
// @type string
// @default "sub"
//
scope: "sub",
},
},
// Extra debugging
//
// @type object
// @default {}
//
debug: {
// Enables extra debugging output provided by irc-framework.
//
// @type boolean
// @default false
//
ircFramework: false,
// Enables logging raw IRC messages into each server window.
//
// @type boolean
// @default false
//
raw: false,
},
};

5
roles/docker/tasks/services.yml
View file

@ -4,8 +4,5 @@
name: external_services name: external_services
- name: setup services - name: setup services
docker_service: include_tasks: "services/{{ item }}.yml"
project_name: "{{ item }}"
definition:
"{{ lookup('file', 'composefiles/{{ item }}.yml') | from_yaml }}"
with_items: "{{ services }}" with_items: "{{ services }}"

48
roles/docker/tasks/services/fider.yml Normal file
View file

@ -0,0 +1,48 @@
---
- name: fider network
docker_network:
name: fider
- name: fider database volume
docker_volume:
name: fider_db
- name: fider database container
docker_container:
name: fider_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: fider
volumes:
- fider_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: fider
POSTGRES_PASSWORD: "{{ postgres_passwords.fider }}"
- name: fider app container
docker_container:
image: getfider/fider:stable
restart_policy: always
published_ports:
- "9999:3000"
networks:
- name: fider
- name: external_services
env:
GO_ENV: production
DATABASE_URL: postgres://fider:{{ postgres_passwords.fider }}@fider_db:5432/fider?sslmode=disable
JWT_SECRET: "{{ fider_jwt_secret }}"
EMAIL_NOREPLY: noreply@{{ fider.domain }}
EMAIL_SMTP_HOST: "{{ smtp_host }}"
EMAIL_SMTP_PORT: "{{ smtp_port }}"
EMAIL_SMTP_USERNAME: "{{ smtp_username }}"
EMAIL_SMTP_PASSWORD: "{{ smtp_password }}"
VIRTUAL_HOST: "{{ fider.domain }}"
LETSENCRYPT_HOST: "{{ fider.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email}}"

50
roles/docker/tasks/services/gitea.yml Normal file
View file

@ -0,0 +1,50 @@
---
- name: gitea network
docker_network:
name: gitea
- name: gitea app volume
docker_volume:
name: gitea
- name: gitea database volume
docker_volume:
name: gitea_db
- name: gitea database container
docker_container:
name: gitea_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: gitea
volumes:
- gitea_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: gitea
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"
- name: gitea container
docker_container:
name: gitea
image: gitea/gitea:latest
restart_policy: always
networks:
- name: gitea
- name: external_services
volumes:
- gitea:/data
published_ports:
- "3000:3000"
- "222:22"
env:
VIRTUAL_HOST: "{{ gitea.domain }}"
LETSENCRYPT_HOST: "{{ gitea.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: gitea_db
POSTGRES_DB: gitea
POSTGRES_USER: gitea
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"

50
roles/docker/tasks/services/nextcloud.yml Normal file
View file

@ -0,0 +1,50 @@
---
- name: nextcloud network
docker_network:
name: nextcloud
- name: nextcloud database volume
docker_volume:
name: nextcloud_db
- name: nextcloud database container
docker_container:
name: nextcloud_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: nextcloud
volumes:
- nextcloud_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
- name: nextcloud app volume
docker_volume:
name: nextcloud_app
- name: nextcloud app container
docker_container:
name: nextcloud_app
image: nextcloud:apache
state: started
restart_policy: always
networks:
- name: nextcloud
- name: external_services
volumes:
- nextcloud_app:/var/www/html
published_ports:
- "80"
env:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"

49
roles/docker/files/composefiles/nginx-proxy.yml → roles/docker/tasks/services/nginx-proxy.yml
View file

@ -1,14 +1,24 @@
--- ---
version: '3'
services: - docker_volume:
name: "{{ volume }}"
with_items:
- conf
- vhost
- html
- dhparam
- certs
loop_control:
loop_var: volume
nginx-proxy: - name: nginx proxy container
docker_container:
name: nginx-proxy
image: jwilder/nginx-proxy image: jwilder/nginx-proxy
container_name: nginx-proxy restart_policy: always
networks: networks:
- external_services - name: external_services
ports: published_ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
@ -18,32 +28,17 @@ services:
- dhparam:/etc/nginx/dhparam - dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro - certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
restart: always
- name: nginx letsencrypt container
letsencrypt: docker_container:
name: nginx-proxy-le
image: jrcs/letsencrypt-nginx-proxy-companion image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le restart_policy: always
depends_on:
- nginx-proxy
volumes: volumes:
- vhost:/etc/nginx/vhost.d - vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html - html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam:ro - dhparam:/etc/nginx/dhparam:ro
- certs:/etc/nginx/certs - certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
environment: env:
- NGINX_PROXY_CONTAINER=nginx-proxy NGINX_PROXY_CONTAINER: nginx-proxy
restart: always
volumes:
conf:
vhost:
html:
dhparam:
certs:
networks:
external_services:
external: true

76
roles/docker/files/composefiles/openldap.yml → roles/docker/tasks/services/openldap.yml
View file

@ -1,18 +1,34 @@
version: '3' ---
services:
openldap: - name: Create a network for ldap
docker_network:
name: ldap
- name: openLDAP container
docker_container:
name: openldap
image: osixia/openldap:1.2.2 image: osixia/openldap:1.2.2
container_name: openldap tty: true
environment: interactive: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
published_ports:
- "389:389"
- "636:636"
hostname: "{{ ldap.domain }}"
domainname: "{{ ldap.domain }}" # important: same as hostname
networks:
- name: ldap
env:
LDAP_LOG_LEVEL: "256" LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "data.coop" LDAP_ORGANISATION: "{{ base_domain }}"
LDAP_DOMAIN: "data.coop" LDAP_DOMAIN: "{{ base_domain }}"
LDAP_BASE_DN: "" LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "admin" LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
LDAP_CONFIG_PASSWORD: "config" LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
LDAP_READONLY_USER: "true" LDAP_READONLY_USER: "false"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "false" LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb" LDAP_BACKEND: "mdb"
LDAP_TLS: "true" LDAP_TLS: "true"
@ -27,35 +43,19 @@ services:
KEEP_EXISTING_CONFIG: "false" KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap" LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
domainname: "ldap.data.coop" # important: same as hostname
hostname: "ldap.data.coop"
networks:
- external_services
phpldapadmin: - name: phpLDAPadmin container
docker_container:
name: phpldapadmin
image: osixia/phpldapadmin:latest image: osixia/phpldapadmin:latest
container_name: phpldapadmin networks:
environment: - name: external_services
- name: ldap
env:
PHPLDAPADMIN_LDAP_HOSTS: "openldap" PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false" PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_TRUST_PROXY_SSL: "true" PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
VIRTUAL_HOST: ldap.data.coop
LETSENCRYPT_HOST: ldap.data.coop
LETSENCRYPT_EMAIL: valberg@orn.li
depends_on:
- openldap
networks:
- external_services
networks: VIRTUAL_HOST: "{{ ldap.domain }}"
external_services: LETSENCRYPT_HOST: "{{ ldap.domain }}"
external: true LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

46
roles/docker/tasks/services/passit.yml Normal file
View file

@ -0,0 +1,46 @@
---
- name: passit network
docker_network:
name: passit
- name: passit database volume
docker_volume:
name: passit_db
- name: passit database container
docker_container:
name: passit_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: passit
volumes:
- passit_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: passit
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
- name: passit app container
docker_container:
image: passit/passit:stable
command: bin/start.sh
restart_policy: always
published_ports:
- "8000:8080"
networks:
- name: passit
- name: external_services
env:
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit"
SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False'
EMAIL_URL: smtp://{{ smtp_user }}:{{ smtp_password }}@{{ smtp_host }}:{{ smtp_port}}
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
VIRTUAL_HOST: "{{ passit.domain }}"
LETSENCRYPT_HOST: "{{ passit.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

27
roles/docker/tasks/services/thelounge.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: thelounge volume
docker_volume:
name: thelounge
- name: upload thelounge config
template:
src: files/configs/thelounge.js
dest: /var/lib/docker/volumes/thelounge/_data/config.js
- name: thelounge container
docker_container:
name: thelounge
image: thelounge/lounge:latest
restart_policy: always
published_ports:
- "9000:9000"
volumes:
- thelounge:/home/lounge/data
networks:
- name: external_services
- name: ldap
env:
VIRTUAL_HOST: "{{ thelounge.domain }}"
LETSENCRYPT_HOST: "{{ thelounge.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"