Get rid of all docker compose files and use ansible modules to create resources.
This commit is contained in:
parent
3fa26a3f29
commit
b2a532c258
|
@ -1,2 +1,2 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
remote_user = root
|
remote_user = root
|
||||||
|
|
38
group_vars/all/secrets.yml
Normal file
38
group_vars/all/secrets.yml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63323530623531666436636366633932313030663465316462623730383562623961373734303630
|
||||||
|
3961356564343865353430353539626531396462376164360a383662633337353765356364366464
|
||||||
|
38363066303165666562393735663435393130396463333131396232386236363566653737323937
|
||||||
|
3562643633636633310a353731626562616230363536646538303636633262643366653566393538
|
||||||
|
39393639313933666330326235333661356335343031353935623737616432333633356533383266
|
||||||
|
64346438333630306634396534613534303038396662653035623832393339613232333465376436
|
||||||
|
35623037616532353061373635356536336437303666343239643236323530333534343331346639
|
||||||
|
34663335383962656534613739626538303663316437613338336562393866313862326336313464
|
||||||
|
64316438653233663063623938663864623235623463626666653366393062303639653733656534
|
||||||
|
35333161633638363564386338623739643366346462326434626336323766646462306535616534
|
||||||
|
31313063343032373732333762626233326233376137656164646666303962633034386437376131
|
||||||
|
61353235333164333632393964343962323930383861353434336236663437373333373065626635
|
||||||
|
35396261393031363339656665373235383134383930383238323363323961366162313161653731
|
||||||
|
33333635303638356338633166646463356533653065663035316563636139303137333733343138
|
||||||
|
37346164613235373965376131623732376463323265346234376565343364393262306362633933
|
||||||
|
36633563373932653663353063636238643665363666663536613562626632643235643934663465
|
||||||
|
63316162316234633561623965353166613939386136333261383830653431616662626366393838
|
||||||
|
31373861653962633065636637616631623832326565396533386331633034636666336234353662
|
||||||
|
62356631383334373631306163643161623333363264626436396437666234313637356666663334
|
||||||
|
34623039376632663839363539386661356666663030663239653634373237313066333337313837
|
||||||
|
34373530313834303038303839393566643538383138363035613066393239666165303162303932
|
||||||
|
33653462353638353033303364316433333564303565646165643065626163306365383836333665
|
||||||
|
30636234373636316265633965356232343762643362613966303063636439396439616130633835
|
||||||
|
36353062383032333431616434373133633038386530646531363439306263343464313762383866
|
||||||
|
66313237323336666162393439333737663434353466643631353039343433306264393030356362
|
||||||
|
63643030666433633631613733376330383034313632303263646439316635656334346439636334
|
||||||
|
31343235353366646566626431313734666232633539316363396665383434663532356330613462
|
||||||
|
35653037336532643236326534303335623265633633363462653638316637356230356236383365
|
||||||
|
66346361653236346366306462383364323662616664393365313238323936303062316136386664
|
||||||
|
30306366663235353630646537623237623631646139396533633439353839356637386437396132
|
||||||
|
36626139316335653333313037666231353734623436316563633763396637313233333938376130
|
||||||
|
30326364383833376161326563633166373631643762663063353764313665616335663233316336
|
||||||
|
61393735343734653136613539613262343331343938363364343530656234393839313830303133
|
||||||
|
38363630343262646230366234313538306430646161626534353030396661626336326230376261
|
||||||
|
65303231616238393430643533366630613361653431336432383331376533616665326537626336
|
||||||
|
34313439623232326166373636633135303766636133303465656332653633356339363761623833
|
||||||
|
63313762346233623338356466623638316466646436323238663434666232343765
|
10
playbook.yml
10
playbook.yml
|
@ -3,12 +3,18 @@
|
||||||
gather_facts: False
|
gather_facts: False
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
# Services are the names of the compose files in docker/files/composefiles
|
base_domain: data.coop
|
||||||
|
letsencrypt_email: bestyrelsen@data.coop
|
||||||
|
ldap_dn: "dc=data,dc=coop"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
- nginx-proxy
|
- nginx-proxy
|
||||||
|
- openldap
|
||||||
- thelounge
|
- thelounge
|
||||||
- gitea
|
|
||||||
- nextcloud
|
- nextcloud
|
||||||
|
- fider
|
||||||
|
- passit
|
||||||
|
- gitea
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- import_role:
|
||||||
|
|
14
roles/docker/defaults/main.yml
Normal file
14
roles/docker/defaults/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
ldap:
|
||||||
|
domain: "ldap.{{ base_domain }}"
|
||||||
|
|
||||||
|
thelounge:
|
||||||
|
domain: "irc.{{ base_domain }}"
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
domain: "cloud.{{ base_domain }}"
|
||||||
|
|
||||||
|
passit:
|
||||||
|
domain: "passit.{{ base_domain }}"
|
||||||
|
|
||||||
|
fider:
|
||||||
|
domain: "feedback.{{ base_domain }}"
|
|
@ -1,43 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: postgres
|
|
||||||
networks:
|
|
||||||
- fider
|
|
||||||
volumes:
|
|
||||||
- /var/fider/pg_data:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: fider
|
|
||||||
POSTGRES_PASSWORD: "SOMESTRONGPASSWORD"
|
|
||||||
|
|
||||||
app:
|
|
||||||
restart: always
|
|
||||||
image: getfider/fider:stable
|
|
||||||
ports:
|
|
||||||
- "9999:3000"
|
|
||||||
networks:
|
|
||||||
- fider
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
GO_ENV: production
|
|
||||||
DATABASE_URL: postgres://fider:SOMESTRONGPASSWORD@db:5432/fider?sslmode=disable
|
|
||||||
JWT_SECRET: LONGRANDOMSTRING
|
|
||||||
|
|
||||||
EMAIL_NOREPLY: noreply@data.coop
|
|
||||||
EMAIL_SMTP_HOST: smtp.fastmail.com
|
|
||||||
EMAIL_SMTP_PORT: 587
|
|
||||||
EMAIL_SMTP_USERNAME: a_smtp_user
|
|
||||||
EMAIL_SMTP_PASSWORD: password_for_smtp_user
|
|
||||||
|
|
||||||
VIRTUAL_HOST: feedback.data.coop
|
|
||||||
LETSENCRYPT_HOST: feedback.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
|
|
||||||
networks:
|
|
||||||
fider:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,42 +0,0 @@
|
||||||
version: "2.3"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
gitea:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
services:
|
|
||||||
server:
|
|
||||||
image: gitea/gitea:latest
|
|
||||||
environment:
|
|
||||||
- USER_UID=1000
|
|
||||||
- USER_GID=1000
|
|
||||||
- VIRTUAL_HOST=gitea.local
|
|
||||||
- VIRTUAL_PORT=3000
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- gitea
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- gitea:/data
|
|
||||||
ports:
|
|
||||||
- "3000:3000"
|
|
||||||
- "222:22"
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
|
|
||||||
db:
|
|
||||||
image: postgres:9.6
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=gitea
|
|
||||||
- POSTGRES_PASSWORD=gitea
|
|
||||||
- POSTGRES_DB=gitea
|
|
||||||
networks:
|
|
||||||
- gitea
|
|
||||||
volumes:
|
|
||||||
- postgres:/var/lib/postgresql/data
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
gitea:
|
|
||||||
postgres:
|
|
|
@ -1,38 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- db:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
- POSTGRES_DB=nextcloud
|
|
||||||
- POSTGRES_USER=nextcloud
|
|
||||||
networks:
|
|
||||||
- nextcloud
|
|
||||||
app:
|
|
||||||
image: nextcloud
|
|
||||||
volumes:
|
|
||||||
- nextcloud:/var/www/html
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- POSTGRES_HOST=db
|
|
||||||
- POSTGRES_PASSWORD=hest
|
|
||||||
- POSTGRES_DB=nextcloud
|
|
||||||
- POSTGRES_USER=nextcloud
|
|
||||||
- VIRTUAL_HOST=nextcloud.local
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
ports:
|
|
||||||
- "80"
|
|
||||||
networks:
|
|
||||||
- nextcloud
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
nextcloud:
|
|
||||||
db:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
nextcloud:
|
|
|
@ -1,23 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
thelounge:
|
|
||||||
image: thelounge/lounge:latest
|
|
||||||
container_name: thelounge
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- "9000:9000"
|
|
||||||
volumes:
|
|
||||||
- thelounge:/home/lounge/data # bind lounge config from the host's file system
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: irc.data.coop
|
|
||||||
LETSENCRYPT_HOST: irc.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
thelounge:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
510
roles/docker/files/configs/thelounge.js
Normal file
510
roles/docker/files/configs/thelounge.js
Normal file
|
@ -0,0 +1,510 @@
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
//
|
||||||
|
// Set the server mode.
|
||||||
|
// Public servers does not require authentication.
|
||||||
|
//
|
||||||
|
// Set to 'false' to enable users.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
public: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// IP address or hostname for the web server to listen on.
|
||||||
|
// Setting this to undefined will listen on all interfaces.
|
||||||
|
//
|
||||||
|
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default undefined
|
||||||
|
//
|
||||||
|
host: undefined,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Set the port to listen on.
|
||||||
|
//
|
||||||
|
// @type int
|
||||||
|
// @default 9000
|
||||||
|
//
|
||||||
|
port: 9000,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||||
|
// to let the operating system pick its preferred one.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default undefined
|
||||||
|
//
|
||||||
|
bind: undefined,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Sets whether the server is behind a reverse proxy and should honor the
|
||||||
|
// X-Forwarded-For header or not.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
reverseProxy: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Set the default theme.
|
||||||
|
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "example"
|
||||||
|
//
|
||||||
|
theme: "example",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prefetch URLs
|
||||||
|
//
|
||||||
|
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||||
|
// URLs posted in channels.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
prefetch: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Store and proxy prefetched images and thumbnails.
|
||||||
|
// This improves security and privacy by not exposing client IP address,
|
||||||
|
// and always loading images from The Lounge instance and making all assets secure,
|
||||||
|
// which in result fixes mixed content warnings.
|
||||||
|
//
|
||||||
|
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||||
|
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||||
|
//
|
||||||
|
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||||
|
// and the folder is cleaned up on every The Lounge restart.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
prefetchStorage: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prefetch URLs Image Preview size limit
|
||||||
|
//
|
||||||
|
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||||
|
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||||
|
//
|
||||||
|
// @type int
|
||||||
|
// @default 2048
|
||||||
|
//
|
||||||
|
prefetchMaxImageSize: 2048,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Display network
|
||||||
|
//
|
||||||
|
// If set to false network settings will not be shown in the login form.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default true
|
||||||
|
//
|
||||||
|
displayNetwork: true,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Lock network
|
||||||
|
//
|
||||||
|
// If set to true, users will not be able to modify host, port and tls
|
||||||
|
// settings and will be limited to the configured network.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
lockNetwork: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Hex IP
|
||||||
|
//
|
||||||
|
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||||
|
// This is done to share the real user IP address with the server for host masking purposes.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
useHexIp: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// WEBIRC support
|
||||||
|
//
|
||||||
|
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||||
|
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||||
|
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||||
|
// network you are connecting to.
|
||||||
|
//
|
||||||
|
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||||
|
// Format (function):
|
||||||
|
// {"irc.example.net": function(client, args, trusted) {
|
||||||
|
// // here, we return a webirc object fed directly to `irc-framework`
|
||||||
|
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||||
|
// }}
|
||||||
|
//
|
||||||
|
// @type string | function(client, args):object(webirc)
|
||||||
|
// @default null
|
||||||
|
webirc: null,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Log settings
|
||||||
|
//
|
||||||
|
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||||
|
// the 'logs/<user>/<network>/' folder.
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
logs: {
|
||||||
|
//
|
||||||
|
// Timestamp format
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "YYYY-MM-DD HH:mm:ss"
|
||||||
|
//
|
||||||
|
format: "YYYY-MM-DD HH:mm:ss",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Timezone
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "UTC+00:00"
|
||||||
|
//
|
||||||
|
timezone: "UTC+00:00",
|
||||||
|
},
|
||||||
|
|
||||||
|
//
|
||||||
|
// Maximum number of history lines per channel
|
||||||
|
//
|
||||||
|
// Defines the maximum number of history lines that will be kept in
|
||||||
|
// memory per channel/query, in order to reduce the memory usage of
|
||||||
|
// the server. Setting this to -1 will keep unlimited amount.
|
||||||
|
//
|
||||||
|
// @type integer
|
||||||
|
// @default 10000
|
||||||
|
maxHistory: 10000,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Default values for the 'Connect' form.
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
defaults: {
|
||||||
|
//
|
||||||
|
// Name
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "Freenode"
|
||||||
|
//
|
||||||
|
name: "Freenode",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Host
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "chat.freenode.net"
|
||||||
|
//
|
||||||
|
host: "chat.freenode.net",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Port
|
||||||
|
//
|
||||||
|
// @type int
|
||||||
|
// @default 6697
|
||||||
|
//
|
||||||
|
port: 6697,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Password
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default ""
|
||||||
|
//
|
||||||
|
password: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Enable TLS/SSL
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default true
|
||||||
|
//
|
||||||
|
tls: true,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Nick
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "lounge-user"
|
||||||
|
//
|
||||||
|
nick: "lounge-user",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Username
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "lounge-user"
|
||||||
|
//
|
||||||
|
username: "lounge-user",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Real Name
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "The Lounge User"
|
||||||
|
//
|
||||||
|
realname: "The Lounge User",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Channels
|
||||||
|
// This is a comma-separated list.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "#thelounge"
|
||||||
|
//
|
||||||
|
join: "#thelounge",
|
||||||
|
},
|
||||||
|
|
||||||
|
//
|
||||||
|
// Set socket.io transports
|
||||||
|
//
|
||||||
|
// @type array
|
||||||
|
// @default ["polling", "websocket"]
|
||||||
|
//
|
||||||
|
transports: ["polling", "websocket"],
|
||||||
|
|
||||||
|
//
|
||||||
|
// Run The Lounge using encrypted HTTP/2.
|
||||||
|
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
https: {
|
||||||
|
//
|
||||||
|
// Enable HTTP/2 / HTTPS support.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
enable: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Path to the key.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @example "sslcert/key.pem"
|
||||||
|
// @default ""
|
||||||
|
//
|
||||||
|
key: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Path to the certificate.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @example "sslcert/key-cert.pem"
|
||||||
|
// @default ""
|
||||||
|
//
|
||||||
|
certificate: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Path to the CA bundle.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @example "sslcert/bundle.pem"
|
||||||
|
// @default ""
|
||||||
|
//
|
||||||
|
ca: "",
|
||||||
|
},
|
||||||
|
|
||||||
|
//
|
||||||
|
// Default quit and part message if none is provided.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "The Lounge - https://thelounge.github.io"
|
||||||
|
//
|
||||||
|
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Run The Lounge with identd support.
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
identd: {
|
||||||
|
//
|
||||||
|
// Run the identd daemon on server start.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
enable: false,
|
||||||
|
|
||||||
|
//
|
||||||
|
// Port to listen for ident requests.
|
||||||
|
//
|
||||||
|
// @type int
|
||||||
|
// @default 113
|
||||||
|
//
|
||||||
|
port: 113,
|
||||||
|
},
|
||||||
|
|
||||||
|
//
|
||||||
|
// Enable oidentd support using the specified file
|
||||||
|
//
|
||||||
|
// Example: oidentd: "~/.oidentd.conf",
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default null
|
||||||
|
//
|
||||||
|
oidentd: null,
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP authentication settings (only available if public=false)
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
// The authentication process works as follows:
|
||||||
|
//
|
||||||
|
// 1. Lounge connects to the LDAP server with its system credentials
|
||||||
|
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||||
|
// user requesting to log in.
|
||||||
|
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||||
|
// DN and password. Auth is validated iff this connection is successful.
|
||||||
|
//
|
||||||
|
// The search query takes a couple of parameters in `searchDN`:
|
||||||
|
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||||
|
// to be returned;
|
||||||
|
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||||
|
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||||
|
// where <username> is the user name provided in the log in request,
|
||||||
|
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||||
|
// also given in the config, to filter for instance only for nodes of type
|
||||||
|
// inetOrgPerson, or whatever LDAP search allows.
|
||||||
|
//
|
||||||
|
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||||
|
// ignore searchDN options and assume that the user DN is always:
|
||||||
|
// <bindDN>,<primaryKey>=<username>
|
||||||
|
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||||
|
// and <primaryKey> are provided by the config.
|
||||||
|
//
|
||||||
|
ldap: {
|
||||||
|
//
|
||||||
|
// Enable LDAP user authentication
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
enable: true,
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP server URL
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
//
|
||||||
|
url: "ldap://{{ ldap.domain }}",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||||
|
//
|
||||||
|
// @type object (see nodejs' tls.connect() options)
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
// Example:
|
||||||
|
// You can use this option in order to force the use of IPv6:
|
||||||
|
// {
|
||||||
|
// host: 'my::ip::v6',
|
||||||
|
// servername: 'example.com'
|
||||||
|
// }
|
||||||
|
tlsOptions: {},
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP base dn, alternative to searchDN
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
//
|
||||||
|
baseDN: "{{ ldap_dn }}",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP primary key
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "uid"
|
||||||
|
//
|
||||||
|
primaryKey: "uid",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP search dn settings. This defines the procedure by which the
|
||||||
|
// lounge first look for user DN before authenticating her.
|
||||||
|
// Ignored if baseDN is specified
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
//
|
||||||
|
searchDN: {
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP searching bind DN
|
||||||
|
// This bind DN is used to query the server for the DN of the user.
|
||||||
|
// This is supposed to be a system user that has access in read only to
|
||||||
|
// the DNs of the people that are allowed to log in.
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
//
|
||||||
|
rootDN: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// Password of the lounge LDAP system user
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
//
|
||||||
|
rootPassword: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP filter
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "uid"
|
||||||
|
//
|
||||||
|
filter: "uid",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP search base (search only within this node)
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
//
|
||||||
|
base: "",
|
||||||
|
|
||||||
|
//
|
||||||
|
// LDAP search scope
|
||||||
|
//
|
||||||
|
// @type string
|
||||||
|
// @default "sub"
|
||||||
|
//
|
||||||
|
scope: "sub",
|
||||||
|
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
// Extra debugging
|
||||||
|
//
|
||||||
|
// @type object
|
||||||
|
// @default {}
|
||||||
|
//
|
||||||
|
debug: {
|
||||||
|
// Enables extra debugging output provided by irc-framework.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
ircFramework: false,
|
||||||
|
|
||||||
|
// Enables logging raw IRC messages into each server window.
|
||||||
|
//
|
||||||
|
// @type boolean
|
||||||
|
// @default false
|
||||||
|
//
|
||||||
|
raw: false,
|
||||||
|
},
|
||||||
|
};
|
|
@ -4,8 +4,5 @@
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup services
|
- name: setup services
|
||||||
docker_service:
|
include_tasks: "services/{{ item }}.yml"
|
||||||
project_name: "{{ item }}"
|
|
||||||
definition:
|
|
||||||
"{{ lookup('file', 'composefiles/{{ item }}.yml') | from_yaml }}"
|
|
||||||
with_items: "{{ services }}"
|
with_items: "{{ services }}"
|
||||||
|
|
48
roles/docker/tasks/services/fider.yml
Normal file
48
roles/docker/tasks/services/fider.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: fider network
|
||||||
|
docker_network:
|
||||||
|
name: fider
|
||||||
|
|
||||||
|
- name: fider database volume
|
||||||
|
docker_volume:
|
||||||
|
name: fider_db
|
||||||
|
|
||||||
|
- name: fider database container
|
||||||
|
docker_container:
|
||||||
|
name: fider_db
|
||||||
|
image: postgres:10
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: fider
|
||||||
|
volumes:
|
||||||
|
- fider_db:/var/lib/postgresql/data
|
||||||
|
env:
|
||||||
|
POSTGRES_DB: somethingelse
|
||||||
|
POSTGRES_USER: fider
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.fider }}"
|
||||||
|
|
||||||
|
- name: fider app container
|
||||||
|
docker_container:
|
||||||
|
image: getfider/fider:stable
|
||||||
|
restart_policy: always
|
||||||
|
published_ports:
|
||||||
|
- "9999:3000"
|
||||||
|
networks:
|
||||||
|
- name: fider
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
GO_ENV: production
|
||||||
|
DATABASE_URL: postgres://fider:{{ postgres_passwords.fider }}@fider_db:5432/fider?sslmode=disable
|
||||||
|
JWT_SECRET: "{{ fider_jwt_secret }}"
|
||||||
|
|
||||||
|
EMAIL_NOREPLY: noreply@{{ fider.domain }}
|
||||||
|
EMAIL_SMTP_HOST: "{{ smtp_host }}"
|
||||||
|
EMAIL_SMTP_PORT: "{{ smtp_port }}"
|
||||||
|
EMAIL_SMTP_USERNAME: "{{ smtp_username }}"
|
||||||
|
EMAIL_SMTP_PASSWORD: "{{ smtp_password }}"
|
||||||
|
|
||||||
|
VIRTUAL_HOST: "{{ fider.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ fider.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email}}"
|
50
roles/docker/tasks/services/gitea.yml
Normal file
50
roles/docker/tasks/services/gitea.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: gitea network
|
||||||
|
docker_network:
|
||||||
|
name: gitea
|
||||||
|
|
||||||
|
- name: gitea app volume
|
||||||
|
docker_volume:
|
||||||
|
name: gitea
|
||||||
|
|
||||||
|
- name: gitea database volume
|
||||||
|
docker_volume:
|
||||||
|
name: gitea_db
|
||||||
|
|
||||||
|
- name: gitea database container
|
||||||
|
docker_container:
|
||||||
|
name: gitea_db
|
||||||
|
image: postgres:10
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: gitea
|
||||||
|
volumes:
|
||||||
|
- gitea_db:/var/lib/postgresql/data
|
||||||
|
env:
|
||||||
|
POSTGRES_DB: somethingelse
|
||||||
|
POSTGRES_USER: gitea
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"
|
||||||
|
|
||||||
|
- name: gitea container
|
||||||
|
docker_container:
|
||||||
|
name: gitea
|
||||||
|
image: gitea/gitea:latest
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: gitea
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- gitea:/data
|
||||||
|
published_ports:
|
||||||
|
- "3000:3000"
|
||||||
|
- "222:22"
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ gitea.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: gitea_db
|
||||||
|
POSTGRES_DB: gitea
|
||||||
|
POSTGRES_USER: gitea
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"
|
50
roles/docker/tasks/services/nextcloud.yml
Normal file
50
roles/docker/tasks/services/nextcloud.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: nextcloud network
|
||||||
|
docker_network:
|
||||||
|
name: nextcloud
|
||||||
|
|
||||||
|
- name: nextcloud database volume
|
||||||
|
docker_volume:
|
||||||
|
name: nextcloud_db
|
||||||
|
|
||||||
|
- name: nextcloud database container
|
||||||
|
docker_container:
|
||||||
|
name: nextcloud_db
|
||||||
|
image: postgres:10
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: nextcloud
|
||||||
|
volumes:
|
||||||
|
- nextcloud_db:/var/lib/postgresql/data
|
||||||
|
env:
|
||||||
|
POSTGRES_DB: somethingelse
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
|
||||||
|
- name: nextcloud app volume
|
||||||
|
docker_volume:
|
||||||
|
name: nextcloud_app
|
||||||
|
|
||||||
|
- name: nextcloud app container
|
||||||
|
docker_container:
|
||||||
|
name: nextcloud_app
|
||||||
|
image: nextcloud:apache
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: nextcloud
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- nextcloud_app:/var/www/html
|
||||||
|
published_ports:
|
||||||
|
- "80"
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: nextcloud_db
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
@ -1,14 +1,24 @@
|
||||||
---
|
---
|
||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
- docker_volume:
|
||||||
|
name: "{{ volume }}"
|
||||||
|
with_items:
|
||||||
|
- conf
|
||||||
|
- vhost
|
||||||
|
- html
|
||||||
|
- dhparam
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
nginx-proxy:
|
- name: nginx proxy container
|
||||||
|
docker_container:
|
||||||
|
name: nginx-proxy
|
||||||
image: jwilder/nginx-proxy
|
image: jwilder/nginx-proxy
|
||||||
container_name: nginx-proxy
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- external_services
|
- name: external_services
|
||||||
ports:
|
published_ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -18,32 +28,17 @@ services:
|
||||||
- dhparam:/etc/nginx/dhparam
|
- dhparam:/etc/nginx/dhparam
|
||||||
- certs:/etc/nginx/certs:ro
|
- certs:/etc/nginx/certs:ro
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
restart: always
|
|
||||||
|
|
||||||
|
- name: nginx letsencrypt container
|
||||||
letsencrypt:
|
docker_container:
|
||||||
|
name: nginx-proxy-le
|
||||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
container_name: nginx-proxy-le
|
restart_policy: always
|
||||||
depends_on:
|
|
||||||
- nginx-proxy
|
|
||||||
volumes:
|
volumes:
|
||||||
- vhost:/etc/nginx/vhost.d
|
- vhost:/etc/nginx/vhost.d
|
||||||
- html:/usr/share/nginx/html
|
- html:/usr/share/nginx/html
|
||||||
- dhparam:/etc/nginx/dhparam:ro
|
- dhparam:/etc/nginx/dhparam:ro
|
||||||
- certs:/etc/nginx/certs
|
- certs:/etc/nginx/certs
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
environment:
|
env:
|
||||||
- NGINX_PROXY_CONTAINER=nginx-proxy
|
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||||
restart: always
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
conf:
|
|
||||||
vhost:
|
|
||||||
html:
|
|
||||||
dhparam:
|
|
||||||
certs:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -1,18 +1,34 @@
|
||||||
version: '3'
|
---
|
||||||
services:
|
|
||||||
openldap:
|
- name: Create a network for ldap
|
||||||
|
docker_network:
|
||||||
|
name: ldap
|
||||||
|
|
||||||
|
- name: openLDAP container
|
||||||
|
docker_container:
|
||||||
|
name: openldap
|
||||||
image: osixia/openldap:1.2.2
|
image: osixia/openldap:1.2.2
|
||||||
container_name: openldap
|
tty: true
|
||||||
environment:
|
interactive: true
|
||||||
|
volumes:
|
||||||
|
- /var/lib/ldap
|
||||||
|
- /etc/ldap/slapd.d
|
||||||
|
- /container/service/slapd/assets/certs/
|
||||||
|
published_ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
hostname: "{{ ldap.domain }}"
|
||||||
|
domainname: "{{ ldap.domain }}" # important: same as hostname
|
||||||
|
networks:
|
||||||
|
- name: ldap
|
||||||
|
env:
|
||||||
LDAP_LOG_LEVEL: "256"
|
LDAP_LOG_LEVEL: "256"
|
||||||
LDAP_ORGANISATION: "data.coop"
|
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||||
LDAP_DOMAIN: "data.coop"
|
LDAP_DOMAIN: "{{ base_domain }}"
|
||||||
LDAP_BASE_DN: ""
|
LDAP_BASE_DN: ""
|
||||||
LDAP_ADMIN_PASSWORD: "admin"
|
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||||
LDAP_CONFIG_PASSWORD: "config"
|
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||||
LDAP_READONLY_USER: "true"
|
LDAP_READONLY_USER: "false"
|
||||||
LDAP_READONLY_USER_USERNAME: "readonly"
|
|
||||||
LDAP_READONLY_USER_PASSWORD: "readonly"
|
|
||||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||||
LDAP_BACKEND: "mdb"
|
LDAP_BACKEND: "mdb"
|
||||||
LDAP_TLS: "true"
|
LDAP_TLS: "true"
|
||||||
|
@ -27,35 +43,19 @@ services:
|
||||||
KEEP_EXISTING_CONFIG: "false"
|
KEEP_EXISTING_CONFIG: "false"
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||||
tty: true
|
|
||||||
stdin_open: true
|
|
||||||
volumes:
|
|
||||||
- /var/lib/ldap
|
|
||||||
- /etc/ldap/slapd.d
|
|
||||||
- /container/service/slapd/assets/certs/
|
|
||||||
ports:
|
|
||||||
- "389:389"
|
|
||||||
- "636:636"
|
|
||||||
domainname: "ldap.data.coop" # important: same as hostname
|
|
||||||
hostname: "ldap.data.coop"
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
phpldapadmin:
|
- name: phpLDAPadmin container
|
||||||
|
docker_container:
|
||||||
|
name: phpldapadmin
|
||||||
image: osixia/phpldapadmin:latest
|
image: osixia/phpldapadmin:latest
|
||||||
container_name: phpldapadmin
|
networks:
|
||||||
environment:
|
- name: external_services
|
||||||
|
- name: ldap
|
||||||
|
env:
|
||||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||||
PHPLDAPADMIN_HTTPS: "false"
|
PHPLDAPADMIN_HTTPS: "false"
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||||
VIRTUAL_HOST: ldap.data.coop
|
|
||||||
LETSENCRYPT_HOST: ldap.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
depends_on:
|
|
||||||
- openldap
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
networks:
|
VIRTUAL_HOST: "{{ ldap.domain }}"
|
||||||
external_services:
|
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
||||||
external: true
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
46
roles/docker/tasks/services/passit.yml
Normal file
46
roles/docker/tasks/services/passit.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: passit network
|
||||||
|
docker_network:
|
||||||
|
name: passit
|
||||||
|
|
||||||
|
- name: passit database volume
|
||||||
|
docker_volume:
|
||||||
|
name: passit_db
|
||||||
|
|
||||||
|
- name: passit database container
|
||||||
|
docker_container:
|
||||||
|
name: passit_db
|
||||||
|
image: postgres:10
|
||||||
|
state: started
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: passit
|
||||||
|
volumes:
|
||||||
|
- passit_db:/var/lib/postgresql/data
|
||||||
|
env:
|
||||||
|
POSTGRES_DB: somethingelse
|
||||||
|
POSTGRES_USER: passit
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
|
- name: passit app container
|
||||||
|
docker_container:
|
||||||
|
image: passit/passit:stable
|
||||||
|
command: bin/start.sh
|
||||||
|
restart_policy: always
|
||||||
|
published_ports:
|
||||||
|
- "8000:8080"
|
||||||
|
networks:
|
||||||
|
- name: passit
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit"
|
||||||
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
|
IS_DEBUG: 'False'
|
||||||
|
EMAIL_URL: smtp://{{ smtp_user }}:{{ smtp_password }}@{{ smtp_host }}:{{ smtp_port}}
|
||||||
|
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||||
|
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||||
|
|
||||||
|
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
27
roles/docker/tasks/services/thelounge.yml
Normal file
27
roles/docker/tasks/services/thelounge.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: thelounge volume
|
||||||
|
docker_volume:
|
||||||
|
name: thelounge
|
||||||
|
|
||||||
|
- name: upload thelounge config
|
||||||
|
template:
|
||||||
|
src: files/configs/thelounge.js
|
||||||
|
dest: /var/lib/docker/volumes/thelounge/_data/config.js
|
||||||
|
|
||||||
|
- name: thelounge container
|
||||||
|
docker_container:
|
||||||
|
name: thelounge
|
||||||
|
image: thelounge/lounge:latest
|
||||||
|
restart_policy: always
|
||||||
|
published_ports:
|
||||||
|
- "9000:9000"
|
||||||
|
volumes:
|
||||||
|
- thelounge:/home/lounge/data
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
- name: ldap
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ thelounge.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ thelounge.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
Loading…
Reference in a new issue