From c5857d0ba8c73a36e72dbd520f62be711ca78c8d Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 9 Jul 2023 19:51:26 +0200 Subject: [PATCH 01/74] Don't put unnecessary executables in git --- roles/docker/files/byro_deploy_entrypoint.sh | 0 roles/docker/tasks/services/byro.yml | 15 +++++++-------- 2 files changed, 7 insertions(+), 8 deletions(-) mode change 100755 => 100644 roles/docker/files/byro_deploy_entrypoint.sh diff --git a/roles/docker/files/byro_deploy_entrypoint.sh b/roles/docker/files/byro_deploy_entrypoint.sh old mode 100755 new mode 100644 diff --git a/roles/docker/tasks/services/byro.yml b/roles/docker/tasks/services/byro.yml index 2d2eea9..266c9ca 100644 --- a/roles/docker/tasks/services/byro.yml +++ b/roles/docker/tasks/services/byro.yml @@ -1,29 +1,28 @@ +# vim: ft=yaml.ansible --- - -- name: ensure byro data folder exists +- name: Ensure byro data folder exists file: path: "{{ services.byro.volume_folder }}" state: directory -- name: create env file +- name: Create env file template: src: byro.env.j2 dest: "{{ services.byro.volume_folder }}/env" -- name: deploy entrypoint file +- name: Deploy entrypoint file copy: src: byro_deploy_entrypoint.sh dest: "{{ services.byro.volume_folder}}/data/deploy_entrypoint.sh" - mode: "preserve" + mode: u=rwx,g=rx,o=rx -- name: run byro +- name: Run byro docker_compose: - project_name: "byro member system" + project_name: byro_member_system" pull: yes definition: version: "3.8" services: - manage: image: ghcr.io/valberg/byro:add_missing_jquery_ui_images entrypoint: "/var/byro/data/deploy_entrypoint.sh" From 863b285b07fbc0c14e0b7627def15f9966548561 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 9 Jul 2023 20:27:32 +0200 Subject: [PATCH 02/74] Move files to their correct directories (files in files, Jinja2 templates in templates) --- .../deploy_entrypoint.sh} | 0 .../files/{configs => }/element/riot.im.conf | 0 .../{configs => }/mastodon/postgresql.conf | 0 .../log.config} | 0 .../conf.php} | 0 .../matrix/vhost-root => vhost/_root} | 0 .../matrix/vhost-element => vhost/cloud} | 0 .../nginx.conf => vhost/docker} | 0 .../nextcloud/vhost => vhost/element} | 0 .../matrix/vhost-matrix => vhost/matrix} | 0 .../mastodon/vhost-mastodon => vhost/social} | 0 .../files/{configs/vhost-www => vhost/www} | 0 roles/docker/handlers/main.yml | 1 - roles/docker/tasks/services/byro.yml | 2 +- .../docker/tasks/services/docker_registry.yml | 6 +++--- roles/docker/tasks/services/hedgedoc.yml | 6 +++--- roles/docker/tasks/services/mailu.yml | 2 +- roles/docker/tasks/services/mastodon.yml | 8 ++++---- .../docker/tasks/services/matrix_element.yml | 20 +++++++++---------- roles/docker/tasks/services/nextcloud.yml | 18 ++++++++--------- roles/docker/tasks/services/privatebin.yml | 4 ++-- roles/docker/tasks/services/rallly.yml | 4 ++-- .../tasks/services/websites/data.coop.yml | 4 ++-- .../element.config.json.j2} | 0 .../env_file.j2 => templates/mastodon.env.j2} | 0 .../matrix.homeserver.yaml.j2} | 0 .../env_file.j2 => templates/rallly.env.j2} | 0 27 files changed, 37 insertions(+), 38 deletions(-) rename roles/docker/files/{byro_deploy_entrypoint.sh => byro/deploy_entrypoint.sh} (100%) rename roles/docker/files/{configs => }/element/riot.im.conf (100%) rename roles/docker/files/{configs => }/mastodon/postgresql.conf (100%) rename roles/docker/files/{configs/matrix/matrix.data.coop.log.config => matrix/log.config} (100%) rename roles/docker/files/{configs/privatebin-conf.php => privatebin/conf.php} (100%) rename roles/docker/files/{configs/matrix/vhost-root => vhost/_root} (100%) rename roles/docker/files/{configs/matrix/vhost-element => vhost/cloud} (100%) rename roles/docker/files/{configs/docker_registry/nginx.conf => vhost/docker} (100%) rename roles/docker/files/{configs/nextcloud/vhost => vhost/element} (100%) rename roles/docker/files/{configs/matrix/vhost-matrix => vhost/matrix} (100%) rename roles/docker/files/{configs/mastodon/vhost-mastodon => vhost/social} (100%) rename roles/docker/files/{configs/vhost-www => vhost/www} (100%) rename roles/docker/{files/configs/element/config.json => templates/element.config.json.j2} (100%) rename roles/docker/{files/configs/mastodon/env_file.j2 => templates/mastodon.env.j2} (100%) rename roles/docker/{files/configs/matrix/homeserver.yaml.j2 => templates/matrix.homeserver.yaml.j2} (100%) rename roles/docker/{files/configs/rallly/env_file.j2 => templates/rallly.env.j2} (100%) diff --git a/roles/docker/files/byro_deploy_entrypoint.sh b/roles/docker/files/byro/deploy_entrypoint.sh similarity index 100% rename from roles/docker/files/byro_deploy_entrypoint.sh rename to roles/docker/files/byro/deploy_entrypoint.sh diff --git a/roles/docker/files/configs/element/riot.im.conf b/roles/docker/files/element/riot.im.conf similarity index 100% rename from roles/docker/files/configs/element/riot.im.conf rename to roles/docker/files/element/riot.im.conf diff --git a/roles/docker/files/configs/mastodon/postgresql.conf b/roles/docker/files/mastodon/postgresql.conf similarity index 100% rename from roles/docker/files/configs/mastodon/postgresql.conf rename to roles/docker/files/mastodon/postgresql.conf diff --git a/roles/docker/files/configs/matrix/matrix.data.coop.log.config b/roles/docker/files/matrix/log.config similarity index 100% rename from roles/docker/files/configs/matrix/matrix.data.coop.log.config rename to roles/docker/files/matrix/log.config diff --git a/roles/docker/files/configs/privatebin-conf.php b/roles/docker/files/privatebin/conf.php similarity index 100% rename from roles/docker/files/configs/privatebin-conf.php rename to roles/docker/files/privatebin/conf.php diff --git a/roles/docker/files/configs/matrix/vhost-root b/roles/docker/files/vhost/_root similarity index 100% rename from roles/docker/files/configs/matrix/vhost-root rename to roles/docker/files/vhost/_root diff --git a/roles/docker/files/configs/matrix/vhost-element b/roles/docker/files/vhost/cloud similarity index 100% rename from roles/docker/files/configs/matrix/vhost-element rename to roles/docker/files/vhost/cloud diff --git a/roles/docker/files/configs/docker_registry/nginx.conf b/roles/docker/files/vhost/docker similarity index 100% rename from roles/docker/files/configs/docker_registry/nginx.conf rename to roles/docker/files/vhost/docker diff --git a/roles/docker/files/configs/nextcloud/vhost b/roles/docker/files/vhost/element similarity index 100% rename from roles/docker/files/configs/nextcloud/vhost rename to roles/docker/files/vhost/element diff --git a/roles/docker/files/configs/matrix/vhost-matrix b/roles/docker/files/vhost/matrix similarity index 100% rename from roles/docker/files/configs/matrix/vhost-matrix rename to roles/docker/files/vhost/matrix diff --git a/roles/docker/files/configs/mastodon/vhost-mastodon b/roles/docker/files/vhost/social similarity index 100% rename from roles/docker/files/configs/mastodon/vhost-mastodon rename to roles/docker/files/vhost/social diff --git a/roles/docker/files/configs/vhost-www b/roles/docker/files/vhost/www similarity index 100% rename from roles/docker/files/configs/vhost-www rename to roles/docker/files/vhost/www diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index e37a19f..ad671dd 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -5,4 +5,3 @@ name: "nginx-proxy" restart: "yes" state: "started" - diff --git a/roles/docker/tasks/services/byro.yml b/roles/docker/tasks/services/byro.yml index 266c9ca..a3ed725 100644 --- a/roles/docker/tasks/services/byro.yml +++ b/roles/docker/tasks/services/byro.yml @@ -12,7 +12,7 @@ - name: Deploy entrypoint file copy: - src: byro_deploy_entrypoint.sh + src: byro/deploy_entrypoint.sh dest: "{{ services.byro.volume_folder}}/data/deploy_entrypoint.sh" mode: u=rwx,g=rx,o=rx diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index 79c03b7..d8c2347 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -1,9 +1,9 @@ # vim: ft=yaml.ansible --- -- name: copy docker registry nginx configuration +- name: copy docker registry vhost configuration copy: - src: "files/configs/docker_registry/nginx.conf" - dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}" + src: vhost/docker + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" mode: "0644" - name: docker registry container diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml index 9450d6e..8160a66 100644 --- a/roles/docker/tasks/services/hedgedoc.yml +++ b/roles/docker/tasks/services/hedgedoc.yml @@ -12,7 +12,7 @@ - name: copy sso public certificate copy: - src: "files/sso/sso.data.coop.pem" + src: sso/sso.data.coop.pem dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" mode: "0644" @@ -33,7 +33,7 @@ - "hedgedoc" volumes: - "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data" - + app: image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}" environment: @@ -55,7 +55,7 @@ - "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads" - "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem" restart: "unless-stopped" - networks: + networks: - "hedgedoc" - "external_services" depends_on: diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index e1181ef..77df546 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -106,7 +106,7 @@ admin: image: ghcr.io/mailu/admin:{{ services.mailu.version }} restart: always - env_file: "{{ services.mailu.volume_folder}}/mailu.env" + env_file: "{{ services.mailu.volume_folder }}/mailu.env" volumes: - "{{ services.mailu.volume_folder }}/data:/data" - "{{ services.mailu.volume_folder }}/dkim:/dkim" diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 654a32b..a99d92d 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -16,17 +16,17 @@ - name: Copy mastodon environment file template: - src: files/configs/mastodon/env_file.j2 + src: mastodon.env.j2 dest: "{{ services.mastodon.volume_folder }}/env_file" - name: Upload vhost config for root domain - template: - src: files/configs/mastodon/vhost-mastodon + copy: + src: vhost/social dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" - name: Copy PostgreSQL config copy: - src: files/configs/mastodon/postgresql.conf + src: mastodon/postgresql.conf dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" - name: Set up Mastodon diff --git a/roles/docker/tasks/services/matrix_element.yml b/roles/docker/tasks/services/matrix_element.yml index 62df3f3..604bba6 100644 --- a/roles/docker/tasks/services/matrix_element.yml +++ b/roles/docker/tasks/services/matrix_element.yml @@ -29,33 +29,33 @@ - name: Upload Element config.json template: - src: files/configs/element/config.json + src: element.config.json.j2 dest: "{{ services.element.volume_folder }}/data/config.json" - name: Upload Element riot.im.conf - template: - src: files/configs/element/riot.im.conf + copy: + src: element/riot.im.conf dest: "{{ services.element.volume_folder }}/data/riot.im.conf" - name: upload vhost config for matrix domain - template: - src: files/configs/matrix/vhost-matrix + copy: + src: vhost/matrix dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}" - name: Upload vhost config for Element domain - template: - src: files/configs/matrix/vhost-element + copy: + src: vhost/element dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}" loop: "{{ services.element.domains }}" - name: Upload homeserver.yaml template: - src: "files/configs/matrix/homeserver.yaml.j2" + src: matrix.homeserver.yaml.j2 dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml" - name: upload matrix logging config - template: - src: "files/configs/matrix/matrix.data.coop.log.config" + copy: + src: matrix/log.config dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" - name: Set up Matrix and Element diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 819b22d..337a6ed 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -1,8 +1,8 @@ # vim: ft=yaml.ansible --- - name: upload vhost config for cloud.data.coop - template: - src: files/configs/nextcloud/vhost + copy: + src: vhost/cloud dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" notify: "restart nginx" @@ -19,7 +19,7 @@ - "nextcloud" volumes: - "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data" - environment: + environment: POSTGRES_DB: "nextcloud" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_USER: "nextcloud" @@ -44,7 +44,7 @@ depends_on: - "postgres" - "redis" - + app: image: "nextcloud:{{ services.nextcloud.version }}" restart: "unless-stopped" @@ -69,8 +69,8 @@ - "redis" networks: - nextcloud: - postfix: - external: true - external_services: - external: true + nextcloud: + postfix: + external: true + external_services: + external: true diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml index fbbad29..354d81c 100644 --- a/roles/docker/tasks/services/privatebin.yml +++ b/roles/docker/tasks/services/privatebin.yml @@ -11,8 +11,8 @@ loop_var: volume - name: upload privatebin config - template: - src: files/configs/privatebin-conf.php + copy: + src: privatebin/conf.php dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" - name: privatebin app container diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index 1d092c5..1d3b481 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -1,13 +1,13 @@ # vim: ft=yaml.ansible --- -- name: Create rallly volume folders +- name: Create Rallly volume folders file: name: "{{ services.rallly.volume_folder }}/postgres" state: directory - name: Copy Rallly environment file template: - src: files/configs/rallly/env_file.j2 + src: rallly.env.j2 dest: "{{ services.rallly.volume_folder }}/env_file" - name: Set up Rallly diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index 25028e1..c803a8e 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -2,12 +2,12 @@ --- - name: Upload vhost config for root domain copy: - src: files/configs/matrix/vhost-root + src: vhost/_root dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}" - name: Upload vhost config for WWW domain copy: - src: files/configs/vhost-www + src: vhost/www dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}" - name: setup data.coop website docker container diff --git a/roles/docker/files/configs/element/config.json b/roles/docker/templates/element.config.json.j2 similarity index 100% rename from roles/docker/files/configs/element/config.json rename to roles/docker/templates/element.config.json.j2 diff --git a/roles/docker/files/configs/mastodon/env_file.j2 b/roles/docker/templates/mastodon.env.j2 similarity index 100% rename from roles/docker/files/configs/mastodon/env_file.j2 rename to roles/docker/templates/mastodon.env.j2 diff --git a/roles/docker/files/configs/matrix/homeserver.yaml.j2 b/roles/docker/templates/matrix.homeserver.yaml.j2 similarity index 100% rename from roles/docker/files/configs/matrix/homeserver.yaml.j2 rename to roles/docker/templates/matrix.homeserver.yaml.j2 diff --git a/roles/docker/files/configs/rallly/env_file.j2 b/roles/docker/templates/rallly.env.j2 similarity index 100% rename from roles/docker/files/configs/rallly/env_file.j2 rename to roles/docker/templates/rallly.env.j2 From ef7c00b748c96dc5f2a9bfbc75017c7d32b030c3 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 9 Jul 2023 20:39:07 +0200 Subject: [PATCH 03/74] Fix quote --- roles/docker/st | 30 ++++++++++++++++++++++++++++ roles/docker/tasks/services/byro.yml | 2 +- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 roles/docker/st diff --git a/roles/docker/st b/roles/docker/st new file mode 100644 index 0000000..6ae8157 --- /dev/null +++ b/roles/docker/st @@ -0,0 +1,30 @@ +files/ +├── byro/ +│ └── deploy_entrypoint.sh +├── element/ +│ └── riot.im.conf +├── mastodon/ +│ └── postgresql.conf +├── matrix/ +│ └── log.config +├── privatebin/ +│ └── conf.php +├── sso/ +│ └── sso.data.coop.pem +└── vhost/ + ├── _root + ├── cloud + ├── docker + ├── element + ├── matrix + ├── social + └── www +templates/ +├── byro.env.j2 +├── element.config.json.j2 +├── mailu.env.j2 +├── mastodon.env.j2 +├── matrix.homeserver.yaml.j2 +├── rallly.env.j2 +├── restic.ssh.config.j2 +└── restic.ssh.known_hosts.j2 diff --git a/roles/docker/tasks/services/byro.yml b/roles/docker/tasks/services/byro.yml index a3ed725..96f117a 100644 --- a/roles/docker/tasks/services/byro.yml +++ b/roles/docker/tasks/services/byro.yml @@ -18,7 +18,7 @@ - name: Run byro docker_compose: - project_name: byro_member_system" + project_name: byro_member_system pull: yes definition: version: "3.8" From 7d13fc53029587ba2a3cfd775a5ebd20d6bdcc77 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 9 Jul 2023 21:08:42 +0200 Subject: [PATCH 04/74] Use service names instead of subdomains for vhost file names --- .../docker/files/vhost/{_root => base_domain} | 0 .../files/vhost/{docker => docker_registry} | 0 roles/docker/files/vhost/{social => mastodon} | 0 roles/docker/files/vhost/{cloud => nextcloud} | 0 .../files/vhost/{www => www.base_domain} | 0 roles/docker/st | 30 ------------------- .../docker/tasks/services/docker_registry.yml | 2 +- roles/docker/tasks/services/mastodon.yml | 2 +- roles/docker/tasks/services/nextcloud.yml | 2 +- .../tasks/services/websites/data.coop.yml | 4 +-- 10 files changed, 5 insertions(+), 35 deletions(-) rename roles/docker/files/vhost/{_root => base_domain} (100%) rename roles/docker/files/vhost/{docker => docker_registry} (100%) rename roles/docker/files/vhost/{social => mastodon} (100%) rename roles/docker/files/vhost/{cloud => nextcloud} (100%) rename roles/docker/files/vhost/{www => www.base_domain} (100%) delete mode 100644 roles/docker/st diff --git a/roles/docker/files/vhost/_root b/roles/docker/files/vhost/base_domain similarity index 100% rename from roles/docker/files/vhost/_root rename to roles/docker/files/vhost/base_domain diff --git a/roles/docker/files/vhost/docker b/roles/docker/files/vhost/docker_registry similarity index 100% rename from roles/docker/files/vhost/docker rename to roles/docker/files/vhost/docker_registry diff --git a/roles/docker/files/vhost/social b/roles/docker/files/vhost/mastodon similarity index 100% rename from roles/docker/files/vhost/social rename to roles/docker/files/vhost/mastodon diff --git a/roles/docker/files/vhost/cloud b/roles/docker/files/vhost/nextcloud similarity index 100% rename from roles/docker/files/vhost/cloud rename to roles/docker/files/vhost/nextcloud diff --git a/roles/docker/files/vhost/www b/roles/docker/files/vhost/www.base_domain similarity index 100% rename from roles/docker/files/vhost/www rename to roles/docker/files/vhost/www.base_domain diff --git a/roles/docker/st b/roles/docker/st deleted file mode 100644 index 6ae8157..0000000 --- a/roles/docker/st +++ /dev/null @@ -1,30 +0,0 @@ -files/ -├── byro/ -│ └── deploy_entrypoint.sh -├── element/ -│ └── riot.im.conf -├── mastodon/ -│ └── postgresql.conf -├── matrix/ -│ └── log.config -├── privatebin/ -│ └── conf.php -├── sso/ -│ └── sso.data.coop.pem -└── vhost/ - ├── _root - ├── cloud - ├── docker - ├── element - ├── matrix - ├── social - └── www -templates/ -├── byro.env.j2 -├── element.config.json.j2 -├── mailu.env.j2 -├── mastodon.env.j2 -├── matrix.homeserver.yaml.j2 -├── rallly.env.j2 -├── restic.ssh.config.j2 -└── restic.ssh.known_hosts.j2 diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index d8c2347..3adee6d 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -2,7 +2,7 @@ --- - name: copy docker registry vhost configuration copy: - src: vhost/docker + src: vhost/docker_registry dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" mode: "0644" diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index a99d92d..b6a623e 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -21,7 +21,7 @@ - name: Upload vhost config for root domain copy: - src: vhost/social + src: vhost/mastodon dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" - name: Copy PostgreSQL config diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 337a6ed..f1d19b0 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -2,7 +2,7 @@ --- - name: upload vhost config for cloud.data.coop copy: - src: vhost/cloud + src: vhost/nextcloud dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" notify: "restart nginx" diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index c803a8e..60dcab6 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -2,12 +2,12 @@ --- - name: Upload vhost config for root domain copy: - src: vhost/_root + src: vhost/base_domain dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}" - name: Upload vhost config for WWW domain copy: - src: vhost/www + src: vhost/www.base_domain dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}" - name: setup data.coop website docker container From 4e6f18311d05b20fe6c234da1a36175c491fb6be Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 5 Aug 2023 19:35:55 +0200 Subject: [PATCH 05/74] Use subfolders for templates as well --- roles/docker/tasks/services/byro.yml | 2 +- roles/docker/tasks/services/mailu.yml | 2 +- roles/docker/tasks/services/mastodon.yml | 2 +- roles/docker/tasks/services/matrix_element.yml | 4 ++-- roles/docker/tasks/services/rallly.yml | 2 +- roles/docker/tasks/services/restic_backup.yml | 4 ++-- roles/docker/templates/{byro.env.j2 => byro/env.j2} | 0 .../{element.config.json.j2 => element/config.json.j2} | 0 roles/docker/templates/{mailu.env.j2 => mailu/env.j2} | 0 roles/docker/templates/{mastodon.env.j2 => mastodon/env.j2} | 0 .../{matrix.homeserver.yaml.j2 => matrix/homeserver.yaml.j2} | 0 roles/docker/templates/{rallly.env.j2 => rallly/env.j2} | 0 .../templates/{restic.ssh.config.j2 => restic/ssh.config.j2} | 0 .../{restic.ssh.known_hosts.j2 => restic/ssh.known_hosts.j2} | 0 14 files changed, 8 insertions(+), 8 deletions(-) rename roles/docker/templates/{byro.env.j2 => byro/env.j2} (100%) rename roles/docker/templates/{element.config.json.j2 => element/config.json.j2} (100%) rename roles/docker/templates/{mailu.env.j2 => mailu/env.j2} (100%) rename roles/docker/templates/{mastodon.env.j2 => mastodon/env.j2} (100%) rename roles/docker/templates/{matrix.homeserver.yaml.j2 => matrix/homeserver.yaml.j2} (100%) rename roles/docker/templates/{rallly.env.j2 => rallly/env.j2} (100%) rename roles/docker/templates/{restic.ssh.config.j2 => restic/ssh.config.j2} (100%) rename roles/docker/templates/{restic.ssh.known_hosts.j2 => restic/ssh.known_hosts.j2} (100%) diff --git a/roles/docker/tasks/services/byro.yml b/roles/docker/tasks/services/byro.yml index 96f117a..f7a4141 100644 --- a/roles/docker/tasks/services/byro.yml +++ b/roles/docker/tasks/services/byro.yml @@ -7,7 +7,7 @@ - name: Create env file template: - src: byro.env.j2 + src: byro/env.j2 dest: "{{ services.byro.volume_folder }}/env" - name: Deploy entrypoint file diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 77df546..168609a 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -25,7 +25,7 @@ - name: upload mailu.env file template: - src: mailu.env.j2 + src: mailu/env.j2 dest: "{{ services.mailu.volume_folder }}/mailu.env" - name: hard link to Let's Encrypt TLS certificate diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 38f94a9..1c100ce 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -31,7 +31,7 @@ - name: Copy mastodon environment file template: - src: mastodon.env.j2 + src: mastodon/env.j2 dest: "{{ services.mastodon.volume_folder }}/env_file" - name: Upload vhost config for root domain diff --git a/roles/docker/tasks/services/matrix_element.yml b/roles/docker/tasks/services/matrix_element.yml index f65aa2d..b5a04b0 100644 --- a/roles/docker/tasks/services/matrix_element.yml +++ b/roles/docker/tasks/services/matrix_element.yml @@ -29,7 +29,7 @@ - name: Upload Element config.json template: - src: element.config.json.j2 + src: element/config.json.j2 dest: "{{ services.element.volume_folder }}/data/config.json" - name: Upload Element riot.im.conf @@ -50,7 +50,7 @@ - name: Upload homeserver.yaml template: - src: matrix.homeserver.yaml.j2 + src: matrix/homeserver.yaml.j2 dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml" - name: upload matrix logging config diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index 1d3b481..400073f 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -7,7 +7,7 @@ - name: Copy Rallly environment file template: - src: rallly.env.j2 + src: rallly/env.j2 dest: "{{ services.rallly.volume_folder }}/env_file" - name: Set up Rallly diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml index 8fce1b5..df0c278 100644 --- a/roles/docker/tasks/services/restic_backup.yml +++ b/roles/docker/tasks/services/restic_backup.yml @@ -33,7 +33,7 @@ - name: Create SSH config template: - src: restic.ssh.config.j2 + src: restic/ssh.config.j2 dest: "{{ services.restic.volume_folder }}/ssh/config" owner: root group: root @@ -41,7 +41,7 @@ - name: Create SSH known_hosts file template: - src: restic.ssh.known_hosts.j2 + src: restic/ssh.known_hosts.j2 dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" owner: root group: root diff --git a/roles/docker/templates/byro.env.j2 b/roles/docker/templates/byro/env.j2 similarity index 100% rename from roles/docker/templates/byro.env.j2 rename to roles/docker/templates/byro/env.j2 diff --git a/roles/docker/templates/element.config.json.j2 b/roles/docker/templates/element/config.json.j2 similarity index 100% rename from roles/docker/templates/element.config.json.j2 rename to roles/docker/templates/element/config.json.j2 diff --git a/roles/docker/templates/mailu.env.j2 b/roles/docker/templates/mailu/env.j2 similarity index 100% rename from roles/docker/templates/mailu.env.j2 rename to roles/docker/templates/mailu/env.j2 diff --git a/roles/docker/templates/mastodon.env.j2 b/roles/docker/templates/mastodon/env.j2 similarity index 100% rename from roles/docker/templates/mastodon.env.j2 rename to roles/docker/templates/mastodon/env.j2 diff --git a/roles/docker/templates/matrix.homeserver.yaml.j2 b/roles/docker/templates/matrix/homeserver.yaml.j2 similarity index 100% rename from roles/docker/templates/matrix.homeserver.yaml.j2 rename to roles/docker/templates/matrix/homeserver.yaml.j2 diff --git a/roles/docker/templates/rallly.env.j2 b/roles/docker/templates/rallly/env.j2 similarity index 100% rename from roles/docker/templates/rallly.env.j2 rename to roles/docker/templates/rallly/env.j2 diff --git a/roles/docker/templates/restic.ssh.config.j2 b/roles/docker/templates/restic/ssh.config.j2 similarity index 100% rename from roles/docker/templates/restic.ssh.config.j2 rename to roles/docker/templates/restic/ssh.config.j2 diff --git a/roles/docker/templates/restic.ssh.known_hosts.j2 b/roles/docker/templates/restic/ssh.known_hosts.j2 similarity index 100% rename from roles/docker/templates/restic.ssh.known_hosts.j2 rename to roles/docker/templates/restic/ssh.known_hosts.j2 From a372c1a98008f05af9246206dc6c24914662c072 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 16 Sep 2023 17:41:05 +0200 Subject: [PATCH 06/74] Upgrade a bunch of stuff --- roles/docker/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 07c422c..36b4fc9 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -13,7 +13,7 @@ services: nginx_proxy: file: nginx_proxy.yml - version: "1.0-alpine" + version: "1.3-alpine" volume_folder: "{{ volume_root_folder }}/nginx" nginx_acme_companion: @@ -95,7 +95,7 @@ services: file: matrix_element.yml domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" - version: v1.87.0 + version: v1.90.0 postgres_version: 15-alpine allowed_sender_domain: true @@ -104,7 +104,7 @@ services: - "riot.{{ base_domain }}" - "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/element" - version: v1.11.28 + version: v1.11.43 privatebin: file: privatebin.yml @@ -121,7 +121,7 @@ services: file: hedgedoc.yml domain: "pad.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/hedgedoc" - version: 1.9.7-alpine + version: 1.9.9-alpine postgres_version: 10-alpine data_coop_website: From 0272b93527ce09812f5343d3bfc12fc39e9fad30 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 16 Sep 2023 18:01:11 +0200 Subject: [PATCH 07/74] Upgrade Keycloak --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 36b4fc9..998f185 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -43,7 +43,7 @@ services: file: keycloak.yml domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" - version: "20.0" + version: "22.0" postgres_version: "10" allowed_sender_domain: true From d662ae321e345c006dcbf132ff5df324b5d773cf Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 16 Sep 2023 18:22:48 +0200 Subject: [PATCH 08/74] Remove CodiMD, close #122 --- group_vars/all/secrets.yml | 324 ++++++++++++------------- group_vars/all/secrets.yml.contents | 1 - roles/docker/defaults/main.yml | 5 - roles/docker/tasks/services/codimd.yml | 55 ----- 4 files changed, 160 insertions(+), 225 deletions(-) delete mode 100644 roles/docker/tasks/services/codimd.yml diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index 6d94a0e..f70221f 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,165 +1,161 @@ $ANSIBLE_VAULT;1.1;AES256 -37303437623836623537343137326638663435303862366236656433656631353762383831393237 -6165336434633034613838386563303963386163623932300a636663666130613636323836613338 -61313938373163656333656666386463643463633736666431613762663439346131613366363137 -3731326163383337650a306561663939633939383437636662303138623064633264303463376536 -65336135623436383633383239663433353033353361613733643933636362373033393663613132 -34643034633432356330653834393039623039653538316661356230366562666561356132376332 -32323130663536363431366130366437666330313833656463356661356337346162373032323833 -65306531663434303163613732376233633237376364373361383164313139383131376538656231 -65343336353631626235346362316662363034646538376237343534356265626336643264343966 -33623962353235396435613536383639383439363131373961393131373538306433386464363839 -64656536643864363866396134353937626531373161323865663562626231313865666263653133 -38336432353933383238636238656364383361383535386232633433363362663539323131386338 -33316361663563363238626632303666396466326331363732326135643839373636636562653537 -38373266636336383261363461623035396265613764663161643766363061306264306365323061 -63346631366263326266303838393963353435643162306231633835336136666439393765643263 -61613063343164633031393838636233636466383036353665303063653236623334376639346264 -30343530653461336134383266633862373030376339656137356434383930396463363261663763 -34353531303336343435303330623433326565616639353364366363616233323532323133393462 -32386566353162656265373034663161313364666238363335373937646463626332396662373563 -61656237353932353262333038633164623466663930623232666365653466613439383164383439 -37313565383966633464646337323266666635613831356264656362353464616135306634623930 -63663331316532316464623130386138636531353536313736313561393233613936383062323863 -35303633666435376530646135366364376636653335663830363964323531356666366535346465 -63386262386531666136383265623666633762346137633839306233343238303638663365643461 -65616335353766653239356439346563636139653061663739616238376330633865656236666265 -34653763643562396266313037663837386664633065643431303261303764353234393832653033 -35613138663335363734316531636535616630636535323264633134393637383030613161633966 -61326333623962613566666365376266383037653330386534343765623061303139653935346135 -38386461613561316132666362323664623236333835323238346135616665306435663464313533 -38316162356561353431656231643134613266663536633138316561613633643032373234656435 -63626132356431353732386439396535353133623233336639373330623539643130303164376433 -35333833653665653030613865323332656637633439346537623733303464643264396431373966 -39366534343563313834303833303730373830633639363263373966663962323761363936323131 -31646465323931396133333461383337396330323664353536313230393761333039663866373337 -30383539343266333763316463393036363331333866343735666633353762613337303932363938 -33383463613937363039336565303035626538326161616136353439303936336137356131623666 -62363261636134306266636263646566323766376565366533303533376262646239356265663561 -62356437336139613136386330393738326562646237346131383562346265646238376462626165 -39666437336233393839653535313666323765666161396434653063316631386337356137373131 -62313238633261666637356161393638326332663565623765616565393134663836346638633763 -65653430636536623137373661363230636462366166376432613662323461653930653836643432 -34353062363832663135613062663265653234326433393134663464366232313766636637363661 -31633638323766346462626364323638323238663537653064303833383264333463333464343436 -62396366613763646138616665656334643332626265623135303662613162376130333136353539 -31343864656461346161363266663562326331333762366438333862653631613365316532306661 -39333134343338363230386362336637306330386437376564363563616437626135326531663234 -36353938633830636535633262336662366562373961343464653461383639323764643438313663 -61366461356436393735336332376236306136636664333962613632353938393461323432316138 -31626638313466663663313165376362396361356536363363643366313562393362646365663439 -38326134646636333562386566373038643233366232323130376333626661623235313930366334 -34383139353961623831343237643263376236313533363437303638396663653963336330663462 -34613130333766653532323130663337383936613864376136316535376364643964353131386463 -37653436663061333837386666616565356261663539363766336531326139356561616335343537 -30623435646232626639323664626337633832313262333366333066363739643836333336616565 -61323666323865366439363038316136343363383230386462366137653063616632333839346231 -65663137396535353063653237663261333838373864636637643238373035643563663366633661 -32323439636132666630646265636336343533646131366137373036333666653137396131373132 -38336139666362373633386162376562626563656632396661383866353035393863393564626631 -30316431613538396632373064646261373230376336616331303865373462336366376334626630 -39333239653434323466383966633031313038346163366566613561393437633563323834393233 -39353130643639636535623230663031303433313234333436343163616433346339653964636631 -35303032633937353539386534323763623561616135396466353532333139363062376364653063 -65343065316664323363643537373065343661383038363232323736636135633238383161363266 -36346463616562356265336637306236336531376439313330393865303166333366663731356430 -66356335326361393034386261393438363464666363623736633364383062666666323865323531 -65393036333836303434386463336636383066353964383062303930383137356336616634323438 -37306234343462376431393165343437643264333764613566636364313431613030666535643761 -34633135636262356638306432356238376631353663356165313861366431663063343035666332 -33323366656132366565646137353038326161353564366131633664316234383433616134653033 -33316439313232336533646464653537626262376433313533623530656538353636383333346266 -34376534383765383836333536346235386639643665313862323233386164376166616338653561 -33363033663431316431343032616563373463343437643939333763613233623838343837376366 -36343566323764343961636438623766616132363261353062623461303763346662383732303135 -34343137316632373561623039623139643939326334323561666462613138303433346236653263 -64383137383765646364363862613433356539613133396232363736633538323939663261666338 -35656365396432636533323130646530376537386532376133643662363433343337613661616139 -34343137616461626564396336323832303833386632353138306131376436383862353762343061 -32653237353131633962393365326235383138363235653634356661383061306162636265346561 -61663231626162353030343637393165343762373738373966333430616663373064643565666261 -61396563666333623363353666376637616361386564386537643165366561353134663665363930 -39623239656538333539656432396532623961356537623430626637333065383362663765353433 -37383139613666313363636162316365353864376464333334353236303538353932616565666430 -33363561393336623833373065616433363964353735353838326562383033663661313132303963 -64623230626636303037396133636632333635643938626163636639386366613163343665346566 -37343432656435646138353262323031396531353364646265663433353965613639346333396637 -66396230663635303230656235643464633634323363353466653836323462623437393739626164 -34363863613537353531633432336230303631663032353932346462656232363634373836613562 -38613238356464386666363434623335313035646562356363663737623634323464306630316431 -39623031393334383262613734663535643266666366616436666230346433616162313039643930 -38303563363565306139373538646666383131383161353933663561356265626434326638616465 -35306664386162316535643836373461313034653566653038626331363535613166396432393831 -66643833636231656365326434363233346431656435306333376566343165373537336238623632 -35623237393362346237353962626337356263323530616436303835333738646234663361303234 -34376633313162373530326233323134323561653264303338646536376235623534616137623035 -64383130306363393363386132373335616539653264613362396437366464346234646463633362 -39616430373761653265613861353165623331316364396534396434656336356535383630316133 -39643863313237303839663161303031393536626131346531636463333163323932303865326662 -63636137613065383865306263396439396238626464323135396362303334363363333337326362 -33303565396461663661613339623164383463353663313733643936323064376636633936366337 -37323761373039653737623065623663393438313066393936643430616536653432646164346430 -36653664383936383265666162343834653831393337343065363832356636663361313132306561 -61373263643364363736623330363636653262333733356362383264313763663662306663323438 -38626135613862663937346537333338303135346438613430653031636231366234323261336264 -61633532626231663266643462383236396366333938663134623061616163356534313535643734 -31666563323437643538613962366230623963346630303931663133613963366565663934323138 -63363666653130323139636161343836613137313535303530333832666234373530663339613630 -66636439636133376262653231636162643765333133633538303532376466643736393762386532 -38363633623865633838393666663762613233376536353833306435613463626332613833393435 -35656530306261306235643535396230373238336663333466316566316633376264666431336662 -31323535663630386362313166373965353131326461376337363965613434643638346634366331 -62313031373333343536376235323437346439346433393631346631616635323836393732363231 -33636133393964333662343537616264306366643561386465383436313138396562663435613131 -38643665613439623536343239613262623264326235306633623165613061386239636361626539 -33393763616139656239646136656232656536636562363763336266303836346635336235663536 -38393531323663663865303664323831623238643661653234383262303364646438303461386438 -38353861386134333763333232386538353130303139353965343361613535363762313035353939 -62636539366635383763643431356530643934623331396535616461633931393931336431643865 -63373032353131616131663461393939646433626636393761663637313331336466663636373863 -65346631656263653266646639663633613461363464646634336361323562376133393137373032 -62313465326637646533666565626532643538363332623835626334613235616562653933353335 -35363138663763653961356135373561633139663031306566316438633766646665316335633730 -39613064333937646533306362333539653866363139353432313535656633343066386339326664 -62366431666230613165613637356631386666306461353439333237303962386231373039393634 -33613633323939666434636131336461393233303034363961366630396561336635643764373532 -63643630636336386265616538613536373234613466356533323461633732363936343061326665 -34633732353437343133613932623864333065623836303661643039643430343131343237396239 -65626562646134343365333466383265343637373363626437363130666234356437643038313265 -32313031313536656130326132396636326437663434303433383934356438383334363135323361 -39613536343361316330653465613030343831643164636630383564623136613766383131323531 -64376135326131393663613065366666393166326532396365396463373131643431346663323663 -38616233313432383633306663363839636634613137353437363736356637323630336235383064 -64343632613063353961343063313261333839383064363662666339313661653864656138613062 -31326566316433336238383266613066383165616230646232666165303535633830623435323036 -37396434396566353632383432636266656361313837633162326137353464623831613831323264 -32656438373735653635393938353730356237646539663836383762393538636235343537393263 -38323139333233623064613034336233333638316533323734643465633338326166626464313361 -35616634643732353832353531353861353433356231383964383230643835353132396439663734 -32346561663632643732623432376233656238346236653337366531353263613463323763656161 -38633961326538333263373262323562303839393663363136373335393034613362623939336165 -63393434656639393662323239306432633661656161316236653861323363343461666265353065 -61376661383565356635333134616132646639383230363332326234326363316139663363353336 -32316466373934393864663531316265313537646239313936353062353638366465366132633339 -34656332636430643033326262636331616639356237393763326264393561393735333139643035 -64346461353463633833653566666164616532336234346238346433306563326132643465343939 -66343836663033613135383633303438626435353232393561323334373834633363653736623834 -64353064333766376432326163613762653966653434653764373436623939363232346165643637 -33643561653331336261636131623265646266663833623561373066666435333263353333646138 -62653962333961613664383466383031646533616363303438363566383265653762613765336130 -62343838323733653263633863313330336561613162643039656236363437393536336330323434 -34633134316331323265363631363137353331383937623632643436323433373032376436393363 -37363234313261343434323363316234663834396435386336666336636430653864353036386536 -32316262373932626635383834336566333962356539313166626637663038343931353261646563 -62303864346634343230353964323838316438656233306438656466396435643435396232636437 -39346536306436333232316666626333653030373662613630323765646265666466386364336438 -34633764303035356163653034376537393038303863353139373963616138663431666132383961 -62653066343461323466633062663763613234616263376635393834393835346165653238663537 -63353034633238343464616333656139343163313734643836303936373936386662396630663863 -61323030343337636636623034353635613636366238383861313838376632323438343231623631 -35613466303635313866353437373062616538626532306464613831383162616464313061356161 -32343131636434653635366634343335616263653331646264643336623563336633313132343163 -62616561376664313739643961353232343136356364653366353233333733363535656238616630 -37396135383031396130623037343038643035373633626633343532383739643462666635386539 -31316134383836373063386663303139393938383234383335346665373233373033643864356665 -34616262343761653564 +35346661396563636532323830616336353530313861666333666533343730306431633264303634 +6331383565663930343562326463313066326634306362620a613437633739383734326135666339 +35393137336462366533653438323035663165643130336664323766373362363065623265363461 +3230643732316231640a383432643065346137643763343065333161623034386563663838323764 +62653064396265323532353432333938656233363832353736323336666136613535393066666231 +38336230306239633865373634376537396133666539623630336335643535656461303530633731 +38616465343138636365653766363339323134626333313538613664333930366638656265373561 +39633762646631666539386130383032383034306364356662663333366638313064343334663534 +66616633633030343064376165333665303365616438333566386162653463313162336433303334 +36376534353039333238356464373531656636386566373166323261323033653230613664643962 +66386235653564656565633361353236393433303961633931306664633761653637313739333433 +34343365656535396365313032393362316537346563303230633333653233396663636535633339 +37623933613863303365616261303039383665396666303238663665333964343233636330626133 +38666465323163333730653439666436366236636563383936333535386662613436343838656132 +32333438633735353334343730303231336136303631653635663834643364663134356539323530 +63383136303263643463343839376461623633323830663238393564326133393534653264353363 +39353430333262303331356334313634303062653637613737633263306466313863373830356638 +30366539343330373635383234653465316637346537306236313139303164643838333333346433 +38393166653537396562386630333561623537653363663864393531336339653030656664623366 +61346161353264623565333733363331366530646530623461616366366234316131393032393830 +36373230313163396561353634653133346331343966366161616139313238336663333963636538 +65383461623234636662613534333439373838356432323331343064383730613336343935613737 +32323162656466323637613731303362623266656266343163343362313032633531613162396663 +63613637613035623333343864666162313165323565383163623138323663666261336265373533 +35323961366565383532666130633434323735336331353636316262306664646238306338666133 +31623333343765336537643663666363623139636633643130303733646262313864336434663065 +62303365366161313732323732356539646231643431323265303564376362366635326539613833 +35393566653162346137666462633338653637653832326661356164396364663762336464373661 +65616566643435386261363461633237383739613266356665613731326263313737326632386631 +66306633336631393566356235643730366436303334383132353266643739303237666331303463 +62303636313362336336613139616232383530623435643036616234356365323938353965653563 +35313039613262386137653236353734633939383562666136373761346335303538643961343135 +34333533363734356464393138356664316237323135316131376337616333383061626533313532 +65343461613464636663323038303133316637396338313132373863656430356533303530353930 +35356534613465383237616632323339316239336563363731373561663939386364613030326462 +61333134623534356262383961383434323861623130306630336166663332386136346663626562 +38653435616263363431356261653134613331346531653163313665633538356265633335633537 +61383035613262626636633866613465393463386164613761353761346637643738363733636230 +61623865386630336664356534356131383966393437383539616330656633316465636263663932 +38303532353962373464393434643937316432323539633961303836313763306561663963663761 +62346466656531303435326235316636643231373762636339623038343466613935623366643832 +38303636613230343036376534393738666163353539633032336336323732616565666531656138 +38623730306232383966303866616231633032376130323436336563643138636337653738313339 +61626562623432396132383265653334323337656332326137646665356632633163343537386365 +66663834383363646337356237396262346135653261653833356262343932366539663764343338 +30396662353961643234666139666434343363316662303335663963343963663032383532313431 +37653338663230663435623331643666383639643932346139383661663166376366666236363635 +61646131316636643264356164666162353936636464306330373961363139653661376630393262 +65373239383463373766363865303463326362316664666566343433636239333964313766336662 +61393132616562393734346162613431616632323536386363643938643431343361623261646265 +36616530326464353266343964326135663534373432313962326639396161333231623631663561 +65646466323335313665346430313761356333663262323434623265313530616439323336363632 +36333134356161333337343365313366303362313439303033346634333735626566353061626461 +30396266663261353030353939663562633361653362346235336264663633356633663865316536 +33636538656562613133613032343939313735333334343662643061346137356663393732316438 +34646437336434323564343764373565373564663039316435303132336635613861323430663730 +37653461643063633162356130396432613837613336366566663935616264623534653161666261 +66303731303465666134316138393964626137623639393935633162383262666165643831646662 +61663338353762303166363932663738333361313935666338386237666636623031663632656461 +30393763663565396131343065376562656335343564343966396334386261363865653963653537 +37336561316261383436393036396134303231303631616239323461653538666139386265336638 +39303565666466376639356465323861663164353863633930613138653435393664613837373131 +39343339653731613939643937646439343238653563333665643430663534366336613666626166 +31633633386166333434353165323632376662623031666164303865653937333235643733356339 +33336666393736366430373262383237346161393261303461313932393938353539636435646434 +65316433636661633731393837656261663031643032393734376231373933383830303161626334 +64653631343864303464666238303338653238633230663836653437323936316363633031656334 +62343632616338613865373736323865636632373530343562343566643465326232656566643739 +33303962626235373730373637613761306133633661623039343231376534326636313335626331 +65623461646339353135356562666264613364323661303165356163303265386338383066393162 +66333938363234373365303839616532323864383634303230626235396362643330323965613166 +36393333363035396366366530613439396534353065613763346565393736316538386463396339 +33313663633538393363356537333733366661303235363863393833336333373932613838396430 +33636532616363373763336436343532393235303138633536616334373931373931356339353731 +36636431613262626137323639343334353434623630656163366363636566363031323561643633 +39666366333263653739656230333537346533363062356532613030333637363465383364396638 +31316265643530633039383536393338366361363132303536313935323937333239313833646434 +32353839653834623062623032346164313063623033656164343836336136313631623436336165 +38303130303738323466623561386565306231653766643363353735653032633862373939616237 +30613566626533653565356232643233393461353933366632373561353139366463666462313233 +61363038386665323333663237373837356563366231613562343337323533616436353365333864 +36613638306133656230663634636638353361336236643131666135306330613865326163386366 +37386464313631653637356434636633633035376461646164396364323663383865386565353336 +31663262653332373633333630306339366436323339643962626137646362663164643632326336 +37323464333861313535366630656365316330613332326262383832383633646530626237313465 +38336334383163663538666232663731633530376262313864383033396330663431366436663330 +30333232346335343261393266303531373366643363333464353535313336613265373366356437 +35323038356338306331383466383335633630366663326463633239333763353461366131653831 +63393864643662323931666362306665393764613234366361313530363233353566656334393031 +64333562643937373864326262306462383066656237393732363164663038626166363234393239 +35393930383134613864306365323862653464626362326136383761376165363036633365326539 +38353439643537633663376462613332363165366166386266353738623434666161613735623633 +61636233633263376338323134636565363865343434373864393935366563653164353531313436 +32666666306666393132323263623063323464633963346532396465353033396238353936346265 +65363931336366366264306231333063613537363561313735363939636330343466346134663832 +37613738343262353838333032663237336536346535623630383562663230626631643063386263 +32616535613261386231323131333237623438346664646238336630326561643163393530306234 +61386662333938326533646230316536343162336366336133646561363936633363373335393633 +31636532666537663939653165633734363361386261346133333333323535623166383233383661 +64363735316563356436376430666536363939663962636433646466643464353863663034343332 +34306665633932613565326566663938396364343862313131643165636434363030303434333165 +36643632633135643562303535313232313534313931373665626262353065663062333237623036 +65393439613136633434646130316562643433653966373965383761616530613830613639343036 +37313831363235646137346230653937303138313031613532346138656631386634323933353466 +31633234653830643762633463623833326139643135353732666338626561643934356439623963 +66626337633965646334383636393033633530366364373930613335363737626265616639396365 +30386637373863333961306365646432656230333934366163613230303333356131613632386665 +63303230346635613434663734613163316637336266393338623237373063366233376463323937 +39323933386332353431373739646136653332646531623165393836616539616161373130646166 +66396436383536326565383133346366626532323361343430363833653539313536666530653035 +39616566663466363462383762313137383034663231656366643139646332356137346461386361 +64646439666336333532323031356534666332356133343737636465623463343438363762633932 +39653133363163343937386437356638316462373061393634333762633363396438333935623063 +39646361626164326165353136383432353730333066626365666466393333393066663138653232 +32323937653961656132366230333239336465643332663135303630346231653665343633613966 +33363835653065623430346539663162373233653932343865373733626431636666303335666666 +38616139646337323164376337366366306335323436653335646536333866366137636532613965 +36376637393333326236356233616461393363366237373363393564393636313935336439356339 +36663563653265376533386334353936376438386331396130333363303861613535383235633732 +63663537643861373537303461623633363535363631383337376361623066666633633035356564 +38323032346136636561353635646530363364323133326365333963313166386131616130616664 +39616561323433386233633264373166653162656166343366663031393732313736666433336566 +63643136643635346431323036666530343965393136663634663661323563333665393435383937 +62653739653764613830383333383539336436376139383036643866303361666265323461313963 +64646536643738356631343631393234613764306530316537363966626536386366616138626230 +30313862633966303066373435663966336338343530356565393933346262303461356334633234 +66663561656261333134303939663430366365616266373463383132363331396333653330313637 +37383736633861633338333165623639623736353730666535323936663166623331346639303137 +39383064343235643135616136333863353230323961393631613230643830663664626133613932 +62653734333066356166363234623136616638353666316632336131313830663466396562323332 +36623964383136326138613439366236633165663032616562363235666636623865306663393636 +37306530386238376437303437393932643265363062623733633661353230363666393537336265 +65396263643837366265663765653536376663306632336139313730303731386666613539313764 +61653763666331613132373561646637393566313638633034346262303566376263396239663133 +62393138646334666636303636626638316536393265323531393431306236333934373834623933 +34623434313061653265663335646564303932386265653365366430353530636236653237313264 +64643933353737333864383165303432353264306362303162323964383238386138383962373734 +38623938333163643466393134313562646236656665656639363764353766623332633931383634 +33666663363535646331376461343332353166386530663065623261613035666338343637363233 +63376436303662303365643466336237396635363062653531663565633137353134333834613961 +66303139363135363537303330346130333663663136306464393864343736373536326466623862 +30353834636366656532363132653339653465623266646638363637623136646232613361346262 +37633261373061363865613236316634383730383433303534303033396662373963366535333233 +66643431363636623334636164336433333366643235343639623136366261356165386634306165 +32336131353762326662623735656232396561333739643338363030646237353565626534646265 +34333437353265666462356566373031326438343231613332663463373731636265303737616332 +64353437646131643939303432633637386466313030656631613633343330376138666165333939 +61366366353266393939643764376536393234393863626237653836646264636232303033666434 +61333833666430316635373565643937396235316237623336383539633365653161616431613239 +36663430336665336537383839363834613736646633383133353132366537333238313337313566 +61613433643261666230303032346334353064646530663533393662636135363766386334613038 +36383836353339666230613161313463343862636134396431333935363437646463386333333366 +37636666313739343236613462626234353764663539323262353866623862623236323462306435 +61653534383737663932633236373834303937373565393966643738326430346263373134303966 +38313261643932336435623964613339353939663332346238333161316464633736623032643031 +34663534386330323431333733356564623634323163663733333530393833656437313339386239 +65333538323336386636346637323136316263353961383263363730303263626266643065346566 +30636139373932663964343138633938356366343636303563373161653962663931333631306432 +32316663643361386637646436363935666436653436613462383333363662313361616431363739 +39623362346439333437 diff --git a/group_vars/all/secrets.yml.contents b/group_vars/all/secrets.yml.contents index 5bd4105..3989b32 100644 --- a/group_vars/all/secrets.yml.contents +++ b/group_vars/all/secrets.yml.contents @@ -6,7 +6,6 @@ postgres_passwords: passit: xxx gitea: xxx matrix: xxx - codimd: xxx mailu: xxx keycloak: xxx hedgedoc: xxx diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 998f185..42f6f4e 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -112,11 +112,6 @@ services: volume_folder: "{{ volume_root_folder }}/privatebin" version: "20221009" - codimd: - file: codimd.yml - domain: "oldpad.{{ base_domain }}" - volume_folder: "{{ volume_root_folder }}/codimd" - hedgedoc: file: hedgedoc.yml domain: "pad.{{ base_domain }}" diff --git a/roles/docker/tasks/services/codimd.yml b/roles/docker/tasks/services/codimd.yml deleted file mode 100644 index 55fb18a..0000000 --- a/roles/docker/tasks/services/codimd.yml +++ /dev/null @@ -1,55 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: codimd network - docker_network: - name: codimd - -- name: create codimd volume folders - file: - name: "{{ services.codimd.volume_folder }}/{{ volume }}" - state: directory - loop: - - "db" - - "codimd/uploads" - loop_control: - loop_var: volume - -- name: codimd database container - docker_container: - name: codimd_db - image: postgres:10 - state: started - restart_policy: unless-stopped - networks: - - name: codimd - volumes: - - "{{ services.codimd.volume_folder }}/db:/var/lib/postgresql/data" - env: - POSTGRES_USER: "codimd" - POSTGRES_PASSWORD: "{{ postgres_passwords.codimd }}" - -- name: codimd app container - docker_container: - name: codimd_app - image: hackmdio/hackmd:1.3.0 - restart_policy: unless-stopped - networks: - - name: codimd - - name: ldap - - name: external_services - volumes: - - "{{ services.codimd.volume_folder }}/codimd/uploads:/codimd/public/uploads" - env: - CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.codimd }}@codimd_db:5432/codimd" - CMD_ALLOW_EMAIL_REGISTER: "False" - CMD_IMAGE_UPLOAD_TYPE: "filesystem" - CMD_EMAIL: "False" - CMD_LDAP_URL: "ldap://openldap" - CMD_LDAP_BINDDN: "cn=admin,dc=data,dc=coop" - CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}" - CMD_LDAP_SEARCHBASE: "dc=data,dc=coop" - CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))" - CMD_USECDN: "false" - VIRTUAL_HOST: "{{ services.codimd.domain }}" - LETSENCRYPT_HOST: "{{ services.codimd.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" From 927d1e31ee101c7a47e414b446eaf7f2047be320 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 23 Sep 2023 16:38:45 +0200 Subject: [PATCH 09/74] Replace deprecated option for Forgejo --- roles/docker/tasks/services/forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/forgejo.yml b/roles/docker/tasks/services/forgejo.yml index 0d26d3e..78a8295 100644 --- a/roles/docker/tasks/services/forgejo.yml +++ b/roles/docker/tasks/services/forgejo.yml @@ -27,7 +27,7 @@ # https://docs.gitea.io/en-us/config-cheat-sheet/#security-security FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}" - FORGEJO__mailer__MAILER_TYPE: "smtp" + FORGEJO__mailer__PROTOCOL: "smtp" FORGEJO__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}" FORGEJO__security__LOGIN_REMEMBER_DAYS: "60" FORGEJO__security__PASSWORD_COMPLEXITY: "off" From 2629c7c2f9aa5912d5b08bd10ce2e330036fd241 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 23 Sep 2023 16:43:31 +0200 Subject: [PATCH 10/74] Replace another deprecated option for Forgejo --- roles/docker/tasks/services/forgejo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/forgejo.yml b/roles/docker/tasks/services/forgejo.yml index 78a8295..9978b82 100644 --- a/roles/docker/tasks/services/forgejo.yml +++ b/roles/docker/tasks/services/forgejo.yml @@ -28,7 +28,7 @@ FORGEJO__mailer__ENABLED: "true" FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}" FORGEJO__mailer__PROTOCOL: "smtp" - FORGEJO__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}" + FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}" FORGEJO__security__LOGIN_REMEMBER_DAYS: "60" FORGEJO__security__PASSWORD_COMPLEXITY: "off" FORGEJO__security__MIN_PASSWORD_LENGTH: "8" From 191ba1e01170c4c8edad863ace2cb351d1e11dca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Mon, 25 Sep 2023 09:11:26 +0200 Subject: [PATCH 11/74] Bump mastodon to 4.1.9. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 42f6f4e..970b63b 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -180,7 +180,7 @@ services: file: mastodon.yml domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" - version: v4.1.4 + version: v4.1.9 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 14491855915b368024705837caac4aaacd17aa7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Mon, 25 Sep 2023 09:11:54 +0200 Subject: [PATCH 12/74] Remove byro. --- roles/docker/tasks/services/byro.yml | 85 ---------------------------- 1 file changed, 85 deletions(-) delete mode 100644 roles/docker/tasks/services/byro.yml diff --git a/roles/docker/tasks/services/byro.yml b/roles/docker/tasks/services/byro.yml deleted file mode 100644 index 2d2eea9..0000000 --- a/roles/docker/tasks/services/byro.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- - -- name: ensure byro data folder exists - file: - path: "{{ services.byro.volume_folder }}" - state: directory - -- name: create env file - template: - src: byro.env.j2 - dest: "{{ services.byro.volume_folder }}/env" - -- name: deploy entrypoint file - copy: - src: byro_deploy_entrypoint.sh - dest: "{{ services.byro.volume_folder}}/data/deploy_entrypoint.sh" - mode: "preserve" - -- name: run byro - docker_compose: - project_name: "byro member system" - pull: yes - definition: - version: "3.8" - services: - - manage: - image: ghcr.io/valberg/byro:add_missing_jquery_ui_images - entrypoint: "/var/byro/data/deploy_entrypoint.sh" - restart: "no" - volumes: - - "{{ services.byro.volume_folder }}/data:/var/byro/data" - - "{{ services.byro.volume_folder }}/static.dist:/byro/static.dist:rw" - networks: - - byro - - external_services - - postfix - env_file: "{{ services.byro.volume_folder }}/env" - - gunicorn: - image: ghcr.io/byro/byro:master - restart: unless-stopped - working_dir: '/byro' - entrypoint: - - 'gunicorn' - command: > - byro.wsgi --name byro --workers 4 - --max-requests 1200 --max-requests-jitter 50 - --log-level=info - --bind=0.0.0.0:8345 - links: - - postgres - depends_on: - postgres: - condition: service_healthy - volumes: - - "{{ services.byro.volume_folder }}/data:/var/byro/data" - - "{{ services.byro.volume_folder }}/static.dist:/byro/static.dist:rw" - networks: - - byro - - external_services - - postfix - env_file: "{{ services.byro.volume_folder }}/env" - - postgres: - image: postgres:{{ services.byro.postgres_version }} - volumes: - - "{{ services.byro.volume_folder }}/postgres/:/var/lib/postgresql/data" - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "pg_isready -U byro"] - interval: 5s - timeout: 5s - retries: 5 - environment: - POSTGRES_PASSWORD: "{{ postgres_passwords.byro }}" - networks: - - byro - - networks: - byro: - external_services: - external: true - postfix: - external: true From ddb9629deafa5e0cd128b13997fb6fba5c4d3291 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 29 Sep 2023 21:09:23 +0200 Subject: [PATCH 13/74] Fix spacing and indentation --- roles/docker/tasks/services/nextcloud.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 819b22d..20e6c55 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -19,7 +19,7 @@ - "nextcloud" volumes: - "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data" - environment: + environment: POSTGRES_DB: "nextcloud" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_USER: "nextcloud" @@ -44,7 +44,7 @@ depends_on: - "postgres" - "redis" - + app: image: "nextcloud:{{ services.nextcloud.version }}" restart: "unless-stopped" @@ -69,8 +69,8 @@ - "redis" networks: - nextcloud: - postfix: - external: true - external_services: - external: true + nextcloud: + postfix: + external: true + external_services: + external: true From 136b675ccd99e6c51ef495aa6afbc499f6ee60fe Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 29 Sep 2023 21:54:21 +0200 Subject: [PATCH 14/74] Upgrade Mastodon to 4.2.0, close #176 --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 970b63b..11979f4 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -180,7 +180,7 @@ services: file: mastodon.yml domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" - version: v4.1.9 + version: v4.2.0 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 28992b66af32350681989120ea84485613a1e499 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 29 Sep 2023 22:56:48 +0200 Subject: [PATCH 15/74] Remove remaining Byro files --- roles/docker/files/byro_deploy_entrypoint.sh | 5 ----- roles/docker/templates/byro.env.j2 | 23 -------------------- 2 files changed, 28 deletions(-) delete mode 100755 roles/docker/files/byro_deploy_entrypoint.sh delete mode 100644 roles/docker/templates/byro.env.j2 diff --git a/roles/docker/files/byro_deploy_entrypoint.sh b/roles/docker/files/byro_deploy_entrypoint.sh deleted file mode 100755 index 38649a1..0000000 --- a/roles/docker/files/byro_deploy_entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/env bash - -python /byro/manage.py migrate -python /byro/manage.py compress -python /byro/manage.py collectstatic --no-input diff --git a/roles/docker/templates/byro.env.j2 b/roles/docker/templates/byro.env.j2 deleted file mode 100644 index 17192d6..0000000 --- a/roles/docker/templates/byro.env.j2 +++ /dev/null @@ -1,23 +0,0 @@ -PYTHONUNBUFFERED=1 -DJANGO_SETTINGS_MODULE=byro.settings -BYRO_DEBUG="False" -BYRO_DATA_DIR="/var/byro/data" -BYRO_FILESYSTEM_MEDIA="/var/byro/data/media" -BYRO_FILESYSTEM_LOGS="/var/byro/data/logs" -BYRO_SITE_URL="https://{{ services.byro.domain }}" -BYRO_DB_NAME="postgres" -BYRO_DB_USER="postgres" -BYRO_DB_PASS="{{ postgres_passwords.byro }}" -BYRO_DB_HOST="postgres" -BYRO_DB_PORT="5432" -BYRO_MAIL_FROM="noreply@{{ services.byro.domain}}" -BYRO_MAIL_HOST="{{ smtp_host }}" -BYRO_MAIL_PORT="{{ smtp_port }}" -BYRO_MAIL_USER="noop" -BYRO_MAIL_TLS="True" -BYRO_MAIL_SSL="False" -BYRO_LOGGING_EMAIL="admin@data.coop" -VIRTUAL_HOST="{{ services.byro.domain }}" -VIRTUAL_PORT="8345" -LETSENCRYPT_HOST="{{ services.byro.domain }}" -LETSENCRYPT_EMAIL="{{ letsencrypt_email }}" From a47440b6b5a213f4c7db2b11efc72d62948e1b6c Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 30 Sep 2023 16:25:06 +0200 Subject: [PATCH 16/74] Move compose files into templates and upload them to the host --- roles/docker/defaults/main.yml | 2 +- roles/docker/tasks/services/drone.yml | 58 +----- roles/docker/tasks/services/hedgedoc.yml | 55 +----- roles/docker/tasks/services/keycloak.yml | 56 +----- roles/docker/tasks/services/mailu.yml | 147 ++------------- roles/docker/tasks/services/mastodon.yml | 167 ++---------------- .../docker/tasks/services/matrix_element.yml | 66 +------ roles/docker/tasks/services/membersystem.yml | 58 +----- roles/docker/tasks/services/nextcloud.yml | 76 +------- roles/docker/tasks/services/passit.yml | 52 +----- roles/docker/tasks/services/rallly.yml | 59 ++----- roles/docker/tasks/services/restic.yml | 59 +++++++ roles/docker/tasks/services/restic_backup.yml | 89 ---------- .../templates/compose-files/drone.yml.j2 | 40 +++++ .../templates/compose-files/hedgedoc.yml.j2 | 44 +++++ .../templates/compose-files/keycloak.yml.j2 | 42 +++++ .../templates/compose-files/mailu.yml.j2 | 131 ++++++++++++++ .../templates/compose-files/mastodon.yml.j2 | 146 +++++++++++++++ .../compose-files/matrix_element.yml.j2 | 52 ++++++ .../compose-files/membersystem.yml.j2 | 44 +++++ .../templates/compose-files/nextcloud.yml.j2 | 59 +++++++ .../templates/compose-files/passit.yml.j2 | 38 ++++ .../templates/compose-files/rallly.yml.j2 | 41 +++++ .../templates/compose-files/restic.yml.j2 | 37 ++++ roles/docker/templates/rallly/env.j2 | 2 +- 25 files changed, 827 insertions(+), 793 deletions(-) create mode 100644 roles/docker/tasks/services/restic.yml delete mode 100644 roles/docker/tasks/services/restic_backup.yml create mode 100644 roles/docker/templates/compose-files/drone.yml.j2 create mode 100644 roles/docker/templates/compose-files/hedgedoc.yml.j2 create mode 100644 roles/docker/templates/compose-files/keycloak.yml.j2 create mode 100644 roles/docker/templates/compose-files/mailu.yml.j2 create mode 100644 roles/docker/templates/compose-files/mastodon.yml.j2 create mode 100644 roles/docker/templates/compose-files/matrix_element.yml.j2 create mode 100644 roles/docker/templates/compose-files/membersystem.yml.j2 create mode 100644 roles/docker/templates/compose-files/nextcloud.yml.j2 create mode 100644 roles/docker/templates/compose-files/passit.yml.j2 create mode 100644 roles/docker/templates/compose-files/rallly.yml.j2 create mode 100644 roles/docker/templates/compose-files/restic.yml.j2 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 11979f4..5477414 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -48,7 +48,7 @@ services: allowed_sender_domain: true restic: - file: restic_backup.yml + file: restic.yml user: dc-user domain: rynkeby.skovgaard.tel host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml index 22b71cc..de8720e 100644 --- a/roles/docker/tasks/services/drone.yml +++ b/roles/docker/tasks/services/drone.yml @@ -1,52 +1,12 @@ # vim: ft=yaml.ansible --- -- name: set up drone with docker runner +- name: Upload Compose file for Drone + template: + src: compose-files/drone.yml.j2 + dest: "{{ services.drone.volume_folder }}/docker-compose.yml" + +- name: Deploy Drone docker_compose: - project_name: drone - pull: yes - definition: - version: "3.6" - services: - drone: - container_name: "drone" - image: "drone/drone:{{ services.drone.version }}" - restart: unless-stopped - networks: - - external_services - - drone - volumes: - - "{{ services.drone.volume_folder }}:/data" - - "/var/run/docker.sock:/var/run/docker.sock" - environment: - DRONE_GITEA_SERVER: "https://{{ services.forgejo.domain }}" - DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}" - DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}" - DRONE_GIT_ALWAYS_AUTH: "true" - DRONE_SERVER_HOST: "{{ services.drone.domain }}" - DRONE_SERVER_PROTO: "https" - DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}" - PLUGIN_CUSTOM_DNS: "91.239.100.100" - VIRTUAL_HOST: "{{ services.drone.domain }}" - LETSENCRYPT_HOST: "{{ services.drone.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - drone-runner-docker: - container_name: "drone-runner-docker" - image: "drone/drone-runner-docker:{{ services.drone.version }}" - restart: unless-stopped - networks: - - drone - volumes: - - "/var/run/docker.sock:/var/run/docker.sock" - environment: - DRONE_RPC_HOST: "{{ services.drone.domain }}" - DRONE_RPC_PROTO: "https" - DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}" - DRONE_RUNNER_CAPACITY: 2 - DRONE_RUNNER_NAME: "data.coop_drone_runner" - - networks: - drone: - external_services: - external: - name: external_services + project_src: "{{ services.drone.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml index 8160a66..6e5c874 100644 --- a/roles/docker/tasks/services/hedgedoc.yml +++ b/roles/docker/tasks/services/hedgedoc.yml @@ -16,52 +16,13 @@ dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" mode: "0644" +- name: Upload Compose file for for HedgeDoc + template: + src: compose-files/hedgedoc.yml.j2 + dest: "{{ services.hedgedoc.volume_folder }}/docker-compose.yml" + - name: setup hedgedoc docker_compose: - project_name: "hedgedoc" - pull: "yes" - definition: - services: - database: - image: "postgres:{{ services.hedgedoc.postgres_version }}" - environment: - POSTGRES_USER: "codimd" - POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}" - POSTGRES_DB: "codimd" - restart: "unless-stopped" - networks: - - "hedgedoc" - volumes: - - "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data" - - app: - image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}" - environment: - CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd" - CMD_DOMAIN: "{{ services.hedgedoc.domain }}" - CMD_ALLOW_EMAIL_REGISTER: "False" - CMD_IMAGE_UPLOAD_TYPE: "filesystem" - CMD_EMAIL: "False" - CMD_SAML_IDPCERT: "/sso.data.coop.pem" - CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml" - CMD_SAML_ISSUER: "hedgedoc" - CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" - CMD_USECDN: "false" - CMD_PROTOCOL_USESSL: "true" - VIRTUAL_HOST: "{{ services.hedgedoc.domain }}" - LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - volumes: - - "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads" - - "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem" - restart: "unless-stopped" - networks: - - "hedgedoc" - - "external_services" - depends_on: - - database - - networks: - hedgedoc: - external_services: - external: true + project_src: "{{ services.hedgedoc.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 7c23cfd..45feb25 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -1,50 +1,12 @@ # vim: ft=yaml.ansible --- -- name: setup keycloak containers for sso.data.coop +- name: Upload Compose file for for Keycloak + template: + src: compose-files/keycloak.yml.j2 + dest: "{{ services.keycloak.volume_folder }}/docker-compose.yml" + +- name: Deploy Keycloak docker_compose: - project_name: "keycloak" - pull: "yes" - definition: - version: "3.6" - services: - postgres: - image: "postgres:{{ services.keycloak.postgres_version }}" - restart: "unless-stopped" - networks: - - "keycloak" - volumes: - - "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data" - environment: - POSTGRES_USER: "keycloak" - POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}" - POSTGRES_DB: "keycloak" - - app: - image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}" - restart: "unless-stopped" - networks: - - "keycloak" - - "postfix" - - "external_services" - command: - - "start" - - "--db=postgres" - - "--db-url=jdbc:postgresql://postgres:5432/keycloak" - - "--db-username=keycloak" - - "--db-password={{ postgres_passwords.keycloak }}" - - "--hostname={{ services.keycloak.domain }}" - - "--proxy=edge" - - "--https-port=8080" - - "--http-relative-path=/auth" - environment: - VIRTUAL_HOST: "{{ services.keycloak.domain }}" - VIRTUAL_PORT: "8080" - LETSENCRYPT_HOST: "{{ services.keycloak.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - networks: - keycloak: - postfix: - external: true - external_services: - external: true + project_src: "{{ services.keycloak.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 168609a..de4916d 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -33,7 +33,7 @@ src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" state: hard - force: yes + force: true when: letsencrypt_enabled - name: hard link to Let's Encrypt TLS key @@ -41,141 +41,16 @@ src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem" state: hard - force: yes + force: true when: letsencrypt_enabled -- name: run mail server containers +- name: Upload Compose file for for Mailu + template: + src: compose-files/mailu.yml.j2 + dest: "{{ services.mailu.volume_folder }}/docker-compose.yml" + +- name: Deploy Mailu docker_compose: - project_name: mail_server - pull: yes - definition: - version: '3.6' - services: - postgres: - image: postgres:14-alpine - restart: always - environment: - POSTGRES_DB: mailu - POSTGRES_USER: mailu - POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}" - volumes: - - "{{ services.mailu.volume_folder }}/postgres:/var/lib/postgresql/data" - dns: - - "{{ services.mailu.dns }}" - - redis: - image: redis:alpine - restart: always - volumes: - - "{{ services.mailu.volume_folder }}/redis:/data" - depends_on: - - resolver - dns: - - "{{ services.mailu.dns }}" - - front: - image: ghcr.io/mailu/nginx:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - environment: - VIRTUAL_HOST: "{{ services.mailu.domain }}" - LETSENCRYPT_HOST: "{{ services.mailu.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - volumes: - - "{{ services.mailu.volume_folder }}/certs:/certs" - - "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides:ro" - expose: - - "80" - ports: - - "993:993" - - "25:25" - - "587:587" - - "465:465" - networks: - - default - - external_services - - resolver: - image: ghcr.io/mailu/unbound:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - networks: - default: - ipv4_address: "{{ services.mailu.dns }}" - - admin: - image: ghcr.io/mailu/admin:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/data:/data" - - "{{ services.mailu.volume_folder }}/dkim:/dkim" - depends_on: - - redis - - resolver - dns: - - "{{ services.mailu.dns }}" - - imap: - image: ghcr.io/mailu/dovecot:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/mail:/mail" - - "{{ services.mailu.volume_folder }}/overrides/dovecot:/overrides:ro" - depends_on: - - front - - resolver - dns: - - "{{ services.mailu.dns }}" - - smtp: - image: ghcr.io/mailu/postfix:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/mailqueue:/queue" - - "{{ services.mailu.volume_folder }}/overrides/postfix:/overrides:ro" - depends_on: - - front - - resolver - dns: - - "{{ services.mailu.dns }}" - - antispam: - image: ghcr.io/mailu/rspamd:{{ services.mailu.version }} - hostname: antispam - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd" - - "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d:ro" - depends_on: - - front - - resolver - dns: - - "{{ services.mailu.dns }}" - - webmail: - image: ghcr.io/mailu/rainloop:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" - volumes: - - "{{ services.mailu.volume_folder }}/webmail:/data" - - "{{ services.mailu.volume_folder }}/overrides/rainloop:/overrides:ro" - depends_on: - - imap - - resolver - dns: - - "{{ services.mailu.dns }}" - - networks: - default: - driver: bridge - ipam: - driver: default - config: - - subnet: "{{ services.mailu.subnet }}" - external_services: - external: - name: external_services + project_src: "{{ services.mailu.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 1c100ce..95a14c0 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -32,9 +32,9 @@ - name: Copy mastodon environment file template: src: mastodon/env.j2 - dest: "{{ services.mastodon.volume_folder }}/env_file" + dest: "{{ services.mastodon.volume_folder }}/mastodon.env" -- name: Upload vhost config for root domain +- name: Upload vhost config for Mastodon domain copy: src: vhost/mastodon dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" @@ -44,164 +44,17 @@ src: mastodon/postgresql.conf dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" -- name: Set up Mastodon +- name: Upload Compose file for Mastodon + template: + src: compose-files/mastodon.yml.j2 + dest: "{{ services.mastodon.volume_folder }}/docker-compose.yml" + +- name: Deploy Mastodon docker_compose: - project_name: mastodon + project_src: "{{ services.mastodon.volume_folder }}" pull: true restarted: true - definition: - x-sidekiq: &sidekiq - image: "tootsuite/mastodon:{{ services.mastodon.version }}" - restart: always - env_file: "{{ services.mastodon.volume_folder }}/env_file" - depends_on: - db: - condition: "service_healthy" - redis: - condition: "service_healthy" - networks: - - postfix - - external_services - - internal_network - volumes: - - "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system" - healthcheck: - test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] - - version: '3' - services: - db: - restart: always - image: "postgres:{{ services.mastodon.postgres_version }}" - shm_size: 256mb - networks: - - internal_network - healthcheck: - test: ['CMD', 'pg_isready', '-U', 'postgres'] - volumes: - - "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data" - - "{{ services.mastodon.volume_folder }}/postgres_config:/config:ro" - command: postgres -c config_file=/config/postgresql.conf - environment: - - 'POSTGRES_HOST_AUTH_METHOD=trust' - - redis: - restart: always - image: "redis:{{ services.mastodon.redis_version }}" - networks: - - internal_network - healthcheck: - test: ['CMD', 'redis-cli', 'ping'] - volumes: - - "{{ services.mastodon.volume_folder }}/redis_data:/data" - - web: - image: "tootsuite/mastodon:{{ services.mastodon.version }}" - restart: always - env_file: "{{ services.mastodon.volume_folder }}/env_file" - command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" - networks: - - external_services - - internal_network - healthcheck: - # prettier-ignore - test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] - depends_on: - db: - condition: "service_healthy" - redis: - condition: "service_healthy" - volumes: - - "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system" - environment: - MAX_THREADS: 10 - WEB_CONCURRENCY: 3 - VIRTUAL_HOST: "{{ services.mastodon.domain }}" - VIRTUAL_PORT: "3000" - VIRTUAL_PATH: "/" - LETSENCRYPT_HOST: "{{ services.mastodon.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - streaming: - image: "tootsuite/mastodon:{{ services.mastodon.version }}" - restart: always - env_file: "{{ services.mastodon.volume_folder }}/env_file" - command: node ./streaming - networks: - - external_services - - internal_network - healthcheck: - # prettier-ignore - test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] - ports: - - '127.0.0.1:4000:4000' - depends_on: - db: - condition: "service_healthy" - redis: - condition: "service_healthy" - environment: - DB_POOL: 15 - VIRTUAL_HOST: "{{ services.mastodon.domain }}" - VIRTUAL_PORT: "4000" - VIRTUAL_PATH: "/api/v1/streaming" - - # sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections - sidekiq-default-push-pull: - <<: *sidekiq - command: bundle exec sidekiq -c 25 -q default -q push -q pull - environment: - DB_POOL: 25 - - # sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections - sidekiq-default-pull-push: - <<: *sidekiq - command: bundle exec sidekiq -c 25 -q default -q pull -q push - environment: - DB_POOL: 25 - - # sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections - sidekiq-pull-default-push: - <<: *sidekiq - command: bundle exec sidekiq -c 25 -q pull -q default -q push - environment: - DB_POOL: 25 - - # sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections - sidekiq-push-default-pull: - <<: *sidekiq - command: bundle exec sidekiq -c 25 -q push -q default -q pull - environment: - DB_POOL: 25 - - # sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections - sidekiq-push-scheduler: - <<: *sidekiq - command: bundle exec sidekiq -c 5 -q push -q scheduler - environment: - DB_POOL: 5 - - # sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections - sidekiq-push-mailers: - <<: *sidekiq - command: bundle exec sidekiq -c 5 -q push -q mailers - environment: - DB_POOL: 5 - - # sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections - sidekiq-push-ingress: - <<: *sidekiq - command: bundle exec sidekiq -c 10 -q push -q ingress - environment: - DB_POOL: 10 - - networks: - external_services: - external: true - postfix: - external: true - internal_network: - internal: true + state: present - name: Configure cron job to remove old Mastodon media daily cron: diff --git a/roles/docker/tasks/services/matrix_element.yml b/roles/docker/tasks/services/matrix_element.yml index b5a04b0..605084b 100644 --- a/roles/docker/tasks/services/matrix_element.yml +++ b/roles/docker/tasks/services/matrix_element.yml @@ -58,63 +58,13 @@ src: matrix/log.config dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" -- name: Set up Matrix and Element +- name: Upload Compose file for Matrix and Element + template: + src: compose-files/matrix_element.yml.j2 + dest: "{{ services.matrix.volume_folder }}/docker-compose.yml" + +- name: Deploy Matrix and Element docker_compose: - project_name: matrix + project_src: "{{ services.matrix.volume_folder }}" pull: true - definition: - version: "3.6" - services: - postgres: - image: "postgres:{{ services.matrix.postgres_version }}" - restart: unless-stopped - networks: - - matrix - volumes: - - "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data" - environment: - POSTGRES_USER: "synapse" - POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" - - synapse: - image: "matrixdotorg/synapse:{{ services.matrix.version }}" - restart: unless-stopped - networks: - - matrix - - external_services - - postfix - volumes: - - "{{ services.matrix.volume_folder }}/data:/data" - environment: - SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml" - SYNAPSE_CACHE_FACTOR: "2" - SYNAPSE_LOG_LEVEL: "INFO" - VIRTUAL_HOST: "{{ services.matrix.domain }}" - VIRTUAL_PORT: "8008" - LETSENCRYPT_HOST: "{{ services.matrix.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - element: - image: "avhost/docker-matrix-element:{{ services.element.version }}" - restart: unless-stopped - networks: - - matrix - - external_services - expose: - - 8080 - volumes: - - "{{ services.element.volume_folder }}/data:/data" - environment: - VIRTUAL_HOST: "{{ services.element.domains | join(',') }}" - VIRTUAL_PORT: "8080" - LETSENCRYPT_HOST: "{{ services.element.domains | join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - networks: - external_services: - external: - name: external_services - postfix: - external: true - matrix: - name: "matrix" + state: present diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index d310554..ba9135e 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -1,52 +1,12 @@ # vim: ft=yaml.ansible --- -- name: run membersystem containers +- name: Upload Compose file for Membersystem + template: + src: compose-files/membersystem.yml.j2 + dest: "{{ services.membersystem.volume_folder }}/docker-compose.yml" + +- name: Deploy Membersystem docker_compose: - project_name: "member.data.coop" - pull: yes - definition: - version: "3" - services: - backend: - image: "docker.data.coop/membersystem:{{ services.membersystem.version }}" - restart: always - user: $UID:$GID - tty: true - depends_on: - - postgres - networks: - - membersystem - - external_services - - postfix - environment: - SECRET_KEY: "{{ membersystem_secrets.secret_key }}" - DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres - POSTGRES_HOST: postgres - POSTGRES_PORT: 5432 - EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend" - EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}" - VIRTUAL_HOST: "{{ services.membersystem.domain }}" - VIRTUAL_PORT: "8000" - LETSENCRYPT_HOST: "{{ services.membersystem.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - ALLOWED_HOSTS: "{{ services.membersystem.domain }}" - CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}" - DJANGO_ADMINS: "{{ services.membersystem.django_admins }}" - DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}" - - postgres: - image: "postgres:{{ services.membersystem.postgres_version }}" - restart: always - volumes: - - "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data" - networks: - - membersystem - environment: - POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}" - - networks: - membersystem: - external_services: - external: true - postfix: - external: true + project_src: "{{ services.membersystem.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index f1d19b0..acfa587 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -6,71 +6,13 @@ dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" notify: "restart nginx" -- name: setup nextcloud containers +- name: Upload Compose file for Nextcloud + template: + src: compose-files/nextcloud.yml.j2 + dest: "{{ services.nextcloud.volume_folder }}/docker-compose.yml" + +- name: Deploy Nextcloud docker_compose: - project_name: "nextcloud" - pull: "yes" - definition: - services: - postgres: - image: "postgres:{{ services.nextcloud.postgres_version }}" - restart: "unless-stopped" - networks: - - "nextcloud" - volumes: - - "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data" - environment: - POSTGRES_DB: "nextcloud" - POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" - POSTGRES_USER: "nextcloud" - - redis: - image: "redis:{{ services.nextcloud.redis_version }}" - restart: "unless-stopped" - command: "redis-server --requirepass {{ nextcloud_secrets.redis_password }}" - tmpfs: - - /var/lib/redis - networks: - - "nextcloud" - - cron: - image: "nextcloud:{{ services.nextcloud.version }}" - restart: "unless-stopped" - entrypoint: "/cron.sh" - networks: - - "nextcloud" - volumes: - - "{{ services.nextcloud.volume_folder }}/app:/var/www/html" - depends_on: - - "postgres" - - "redis" - - app: - image: "nextcloud:{{ services.nextcloud.version }}" - restart: "unless-stopped" - networks: - - "nextcloud" - - "postfix" - - "external_services" - volumes: - - "{{ services.nextcloud.volume_folder }}/app:/var/www/html" - environment: - VIRTUAL_HOST: "{{ services.nextcloud.domain }}" - LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - POSTGRES_HOST: "postgres" - POSTGRES_DB: "nextcloud" - POSTGRES_USER: "nextcloud" - POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" - REDIS_HOST: "redis" - REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}" - depends_on: - - "postgres" - - "redis" - - networks: - nextcloud: - postfix: - external: true - external_services: - external: true + project_src: "{{ services.nextcloud.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml index 58e87a6..eaf5baa 100644 --- a/roles/docker/tasks/services/passit.yml +++ b/roles/docker/tasks/services/passit.yml @@ -7,47 +7,13 @@ group: root state: directory -- name: setup passit containers +- name: Upload Compose file for Passit + template: + src: compose-files/passit.yml.j2 + dest: "{{ services.passit.volume_folder }}/docker-compose.yml" + +- name: Deploy Passit docker_compose: - project_name: "passit" - pull: "yes" - definition: - version: "3.6" - services: - passit_db: - image: "postgres:{{ services.passit.postgres_version }}" - restart: "always" - networks: - - "passit" - volumes: - - "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data" - environment: - POSTGRES_USER: "passit" - POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}" - - passit_app: - image: "passit/passit:{{ services.passit.version }}" - command: "bin/start.sh" - restart: "always" - networks: - - "passit" - - "postfix" - - "external_services" - environment: - DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit" - SECRET_KEY: "{{ passit_secret_key }}" - IS_DEBUG: 'False' - EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}" - DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}" - EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}" - FIDO_SERVER_ID: "{{ services.passit.domain }}" - VIRTUAL_HOST: "{{ services.passit.domain }}" - LETSENCRYPT_HOST: "{{ services.passit.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - networks: - passit: - postfix: - external: true - external_services: - external: true + project_src: "{{ services.passit.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index 400073f..e5f2b27 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -8,54 +8,15 @@ - name: Copy Rallly environment file template: src: rallly/env.j2 - dest: "{{ services.rallly.volume_folder }}/env_file" + dest: "{{ services.rallly.volume_folder }}/rallly.env" -- name: Set up Rallly +- name: Upload Compose file for Rallly + template: + src: compose-files/rallly.yml.j2 + dest: "{{ services.rallly.volume_folder }}/docker-compose.yml" + +- name: Deploy Rallly docker_compose: - project_name: "rallly" - pull: "yes" - definition: - version: "3.8" - services: - rallly_db: - image: "postgres:{{ services.rallly.postgres_version }}" - restart: "always" - shm_size: "256mb" - networks: - rallly_internal: - volumes: - - "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data" - environment: - POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}" - POSTGRES_DB: "rallly_db" - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 5s - timeout: 5s - retries: 5 - - rallly: - image: "lukevella/rallly:{{ services.rallly.version }}" - restart: "always" - networks: - rallly_internal: - external_services: - postfix: - depends_on: - rallly_db: - condition: "service_healthy" - env_file: - - "{{ services.rallly.volume_folder }}/env_file" - environment: - VIRTUAL_HOST: "{{ services.rallly.domain }}" - VIRTUAL_PORT: "3000" - LETSENCRYPT_HOST: "{{ services.rallly.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - - networks: - rallly_internal: - internal: true - external_services: - external: true - postfix: - external: true + project_src: "{{ services.rallly.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/restic.yml b/roles/docker/tasks/services/restic.yml new file mode 100644 index 0000000..c838e26 --- /dev/null +++ b/roles/docker/tasks/services/restic.yml @@ -0,0 +1,59 @@ +# vim: ft=yaml.ansible +--- +- name: Create SSH directory + file: + path: "{{ services.restic.volume_folder }}/ssh" + owner: root + group: root + mode: '0755' + state: directory + +- name: Copy private SSH key + copy: + dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519" + owner: root + group: root + mode: '0600' + content: "{{ restic_secrets.ssh_privkey }}" + +- name: Derive public SSH key + shell: >- + ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y + > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub + args: + creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub" + +- name: Set file permissions on public SSH key + file: + path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub" + owner: root + group: root + mode: '0644' + state: touch + +- name: Create SSH config + template: + src: restic/ssh.config.j2 + dest: "{{ services.restic.volume_folder }}/ssh/config" + owner: root + group: root + mode: '0600' + +- name: Create SSH known_hosts file + template: + src: restic/ssh.known_hosts.j2 + dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" + owner: root + group: root + mode: '0600' + +- name: Upload Compose file for Restic + template: + src: compose-files/restic.yml.j2 + dest: "{{ services.restic.volume_folder }}/docker-compose.yml" + +- name: Deploy Restic + docker_compose: + project_src: "{{ services.restic.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml deleted file mode 100644 index df0c278..0000000 --- a/roles/docker/tasks/services/restic_backup.yml +++ /dev/null @@ -1,89 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create SSH directory - file: - path: "{{ services.restic.volume_folder }}/ssh" - owner: root - group: root - mode: '0755' - state: directory - -- name: Copy private SSH key - copy: - dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519" - owner: root - group: root - mode: '0600' - content: "{{ restic_secrets.ssh_privkey }}" - -- name: Derive public SSH key - shell: >- - ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y - > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub - args: - creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub" - -- name: Set file permissions on public SSH key - file: - path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub" - owner: root - group: root - mode: '0644' - state: touch - -- name: Create SSH config - template: - src: restic/ssh.config.j2 - dest: "{{ services.restic.volume_folder }}/ssh/config" - owner: root - group: root - mode: '0600' - -- name: Create SSH known_hosts file - template: - src: restic/ssh.known_hosts.j2 - dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" - owner: root - group: root - mode: '0600' - -- name: Setup restic backup - docker_compose: - project_name: restic - pull: true - definition: - version: '3.6' - services: - backup: - image: mazzolino/restic:{{ services.restic.version }} - restart: always - environment: - RUN_ON_STARTUP: "false" - BACKUP_CRON: "0 30 3 * * *" - RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}" - RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" - RESTIC_BACKUP_SOURCES: "/mnt/volumes" - RESTIC_BACKUP_ARGS: >- - --tag datacoop-volumes - --exclude '*.tmp' - --verbose - RESTIC_FORGET_ARGS: >- - --keep-last 10 - --keep-daily 7 - --keep-weekly 5 - --keep-monthly 12 - TZ: Europe/Copenhagen - volumes: - - "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro" - - /docker-volumes:/mnt/volumes:ro - - prune: - image: "mazzolino/restic:{{ services.restic.version }}" - environment: - RUN_ON_STARTUP: "false" - PRUNE_CRON: "0 0 4 * * *" - RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}" - RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" - TZ: Europe/copenhagen - volumes: - - "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro" diff --git a/roles/docker/templates/compose-files/drone.yml.j2 b/roles/docker/templates/compose-files/drone.yml.j2 new file mode 100644 index 0000000..d62eb4b --- /dev/null +++ b/roles/docker/templates/compose-files/drone.yml.j2 @@ -0,0 +1,40 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + drone: + image: drone/drone:{{ services.drone.version }} + restart: unless-stopped + networks: + - default + - external_services + volumes: + - ".:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }} + DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}" + DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}" + DRONE_GIT_ALWAYS_AUTH: true + DRONE_SERVER_HOST: "{{ services.drone.domain }}" + DRONE_SERVER_PROTO: https + DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}" + VIRTUAL_HOST: "{{ services.drone.domain }}" + LETSENCRYPT_HOST: "{{ services.drone.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + + runner: + image: drone/drone-runner-docker:{{ services.drone.version }} + restart: unless-stopped + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + environment: + DRONE_RPC_HOST: "{{ services.drone.domain }}" + DRONE_RPC_PROTO: https + DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}" + DRONE_RUNNER_CAPACITY: 2 + DRONE_RUNNER_NAME: data.coop_drone_runner + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/hedgedoc.yml.j2 b/roles/docker/templates/compose-files/hedgedoc.yml.j2 new file mode 100644 index 0000000..b361116 --- /dev/null +++ b/roles/docker/templates/compose-files/hedgedoc.yml.j2 @@ -0,0 +1,44 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + db: + image: postgres:{{ services.hedgedoc.postgres_version }} + restart: unless-stopped + volumes: + - "./db:/var/lib/postgresql/data" + environment: + POSTGRES_USER: codimd + POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}" + POSTGRES_DB: codimd + + app: + image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }} + volumes: + - "./hedgedoc/uploads:/hedgedoc/public/uploads" + - "./sso.data.coop.pem:/sso.data.coop.pem" + restart: unless-stopped + networks: + - default + - external_services + environment: + CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd + CMD_DOMAIN: "{{ services.hedgedoc.domain }}" + CMD_ALLOW_EMAIL_REGISTER: False + CMD_IMAGE_UPLOAD_TYPE: filesystem + CMD_EMAIL: False + CMD_SAML_IDPCERT: /sso.data.coop.pem + CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml + CMD_SAML_ISSUER: hedgedoc + CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + CMD_USECDN: false + CMD_PROTOCOL_USESSL: true + VIRTUAL_HOST: "{{ services.hedgedoc.domain }}" + LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + depends_on: + - db + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/keycloak.yml.j2 b/roles/docker/templates/compose-files/keycloak.yml.j2 new file mode 100644 index 0000000..43c5bb9 --- /dev/null +++ b/roles/docker/templates/compose-files/keycloak.yml.j2 @@ -0,0 +1,42 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + db: + image: postgres:{{ services.keycloak.postgres_version }} + restart: unless-stopped + volumes: + - "./data:/var/lib/postgresql/data" + environment: + POSTGRES_USER: keycloak + POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}" + POSTGRES_DB: keycloak + + app: + image: quay.io/keycloak/keycloak:{{ services.keycloak.version }} + restart: unless-stopped + networks: + - default + - postfix + - external_services + command: + - "start" + - "--db=postgres" + - "--db-url=jdbc:postgresql://db:5432/keycloak" + - "--db-username=keycloak" + - "--db-password={{ postgres_passwords.keycloak }}" + - "--hostname={{ services.keycloak.domain }}" + - "--proxy=edge" + - "--https-port=8080" + - "--http-relative-path=/auth" + environment: + VIRTUAL_HOST: "{{ services.keycloak.domain }}" + VIRTUAL_PORT: "8080" + LETSENCRYPT_HOST: "{{ services.keycloak.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + postfix: + external: true + external_services: + external: true diff --git a/roles/docker/templates/compose-files/mailu.yml.j2 b/roles/docker/templates/compose-files/mailu.yml.j2 new file mode 100644 index 0000000..eddc18a --- /dev/null +++ b/roles/docker/templates/compose-files/mailu.yml.j2 @@ -0,0 +1,131 @@ +# vim: ft=yaml.docker-compose +version: '3.6' + +services: + postgres: + image: postgres:14-alpine + restart: always + environment: + POSTGRES_DB: mailu + POSTGRES_USER: mailu + POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}" + volumes: + - "./postgres:/var/lib/postgresql/data" + dns: + - "{{ services.mailu.dns }}" + + redis: + image: redis:alpine + restart: always + volumes: + - "./redis:/data" + depends_on: + - resolver + dns: + - "{{ services.mailu.dns }}" + + front: + image: ghcr.io/mailu/nginx:{{ services.mailu.version }} + restart: always + env_file: mailu.env + environment: + VIRTUAL_HOST: "{{ services.mailu.domain }}" + LETSENCRYPT_HOST: "{{ services.mailu.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + volumes: + - "./certs:/certs" + - "./overrides/nginx:/overrides:ro" + expose: + - "80" + ports: + - "993:993" + - "25:25" + - "587:587" + - "465:465" + networks: + - default + - external_services + + resolver: + image: ghcr.io/mailu/unbound:{{ services.mailu.version }} + restart: always + env_file: mailu.env + networks: + default: + ipv4_address: "{{ services.mailu.dns }}" + + admin: + image: ghcr.io/mailu/admin:{{ services.mailu.version }} + restart: always + env_file: "{{ services.mailu.volume_folder }}/mailu.env" + volumes: + - "./data:/data" + - "./dkim:/dkim" + depends_on: + - redis + - resolver + dns: + - "{{ services.mailu.dns }}" + + imap: + image: ghcr.io/mailu/dovecot:{{ services.mailu.version }} + restart: always + env_file: mailu.env + volumes: + - "./mail:/mail" + - "./overrides/dovecot:/overrides:ro" + depends_on: + - front + - resolver + dns: + - "{{ services.mailu.dns }}" + + smtp: + image: ghcr.io/mailu/postfix:{{ services.mailu.version }} + restart: always + env_file: mailu.env + volumes: + - "./mailqueue:/queue" + - "./overrides/postfix:/overrides:ro" + depends_on: + - front + - resolver + dns: + - "{{ services.mailu.dns }}" + + antispam: + image: ghcr.io/mailu/rspamd:{{ services.mailu.version }} + hostname: antispam + restart: always + env_file: mailu.env + volumes: + - "./filter:/var/lib/rspamd" + - "./overrides/rspamd:/etc/rspamd/override.d:ro" + depends_on: + - front + - resolver + dns: + - "{{ services.mailu.dns }}" + + webmail: + image: ghcr.io/mailu/rainloop:{{ services.mailu.version }} + restart: always + env_file: mailu.env + volumes: + - "./webmail:/data" + - "./overrides/rainloop:/overrides:ro" + depends_on: + - imap + - resolver + dns: + - "{{ services.mailu.dns }}" + +networks: + default: + driver: bridge + ipam: + driver: default + config: + - subnet: "{{ services.mailu.subnet }}" + external_services: + external: true diff --git a/roles/docker/templates/compose-files/mastodon.yml.j2 b/roles/docker/templates/compose-files/mastodon.yml.j2 new file mode 100644 index 0000000..2fcec43 --- /dev/null +++ b/roles/docker/templates/compose-files/mastodon.yml.j2 @@ -0,0 +1,146 @@ +# vim: ft=yaml.docker-compose +x-sidekiq: &sidekiq + image: tootsuite/mastodon:{{ services.mastodon.version }} + restart: always + env_file: mastodon.env + networks: + - default + - postfix + - external_services + volumes: + - "./mastodon_data:/mastodon/public/system" + healthcheck: + test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + +version: "3.8" + +services: + db: + restart: always + image: postgres:{{ services.mastodon.postgres_version }} + shm_size: 256mb + volumes: + - "./postgres_data:/var/lib/postgresql/data" + - "./postgres_config:/config:ro" + command: postgres -c config_file=/config/postgresql.conf + environment: + POSTGRES_HOST_AUTH_METHOD: trust + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'postgres'] + + redis: + restart: always + image: redis:{{ services.mastodon.redis_version }} + volumes: + - "./redis_data:/data" + healthcheck: + test: ['CMD', 'redis-cli', 'ping'] + + web: + image: tootsuite/mastodon:{{ services.mastodon.version }} + restart: always + env_file: mastodon.env + command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" + networks: + - default + - external_services + volumes: + - "./mastodon_data:/mastodon/public/system" + environment: + MAX_THREADS: 10 + WEB_CONCURRENCY: 3 + VIRTUAL_HOST: "{{ services.mastodon.domain }}" + VIRTUAL_PORT: "3000" + VIRTUAL_PATH: / + LETSENCRYPT_HOST: "{{ services.mastodon.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + healthcheck: + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + + streaming: + image: tootsuite/mastodon:{{ services.mastodon.version }} + restart: always + env_file: mastodon.env + command: node ./streaming + networks: + - default + - external_services + ports: + - "127.0.0.1:4000:4000" + environment: + DB_POOL: 15 + VIRTUAL_HOST: "{{ services.mastodon.domain }}" + VIRTUAL_PORT: "4000" + VIRTUAL_PATH: "/api/v1/streaming" + healthcheck: + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + + # sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections + sidekiq-default-push-pull: + <<: *sidekiq + command: bundle exec sidekiq -c 25 -q default -q push -q pull + environment: + DB_POOL: 25 + + # sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections + sidekiq-default-pull-push: + <<: *sidekiq + command: bundle exec sidekiq -c 25 -q default -q pull -q push + environment: + DB_POOL: 25 + + # sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections + sidekiq-pull-default-push: + <<: *sidekiq + command: bundle exec sidekiq -c 25 -q pull -q default -q push + environment: + DB_POOL: 25 + + # sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections + sidekiq-push-default-pull: + <<: *sidekiq + command: bundle exec sidekiq -c 25 -q push -q default -q pull + environment: + DB_POOL: 25 + + # sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections + sidekiq-push-scheduler: + <<: *sidekiq + command: bundle exec sidekiq -c 5 -q push -q scheduler + environment: + DB_POOL: 5 + + # sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections + sidekiq-push-mailers: + <<: *sidekiq + command: bundle exec sidekiq -c 5 -q push -q mailers + environment: + DB_POOL: 5 + + # sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections + sidekiq-push-ingress: + <<: *sidekiq + command: bundle exec sidekiq -c 10 -q push -q ingress + environment: + DB_POOL: 10 + +networks: + external_services: + external: true + postfix: + external: true diff --git a/roles/docker/templates/compose-files/matrix_element.yml.j2 b/roles/docker/templates/compose-files/matrix_element.yml.j2 new file mode 100644 index 0000000..f787e61 --- /dev/null +++ b/roles/docker/templates/compose-files/matrix_element.yml.j2 @@ -0,0 +1,52 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + postgres: + image: postgres:{{ services.matrix.postgres_version }} + restart: unless-stopped + volumes: + - "./db:/var/lib/postgresql/data" + environment: + POSTGRES_USER: synapse + POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" + + synapse: + image: matrixdotorg/synapse:{{ services.matrix.version }} + restart: unless-stopped + networks: + - default + - external_services + - postfix + volumes: + - "./data:/data" + environment: + SYNAPSE_CONFIG_PATH: /data/homeserver.yaml + SYNAPSE_CACHE_FACTOR: "2" + SYNAPSE_LOG_LEVEL: INFO + VIRTUAL_HOST: "{{ services.matrix.domain }}" + VIRTUAL_PORT: "8008" + LETSENCRYPT_HOST: "{{ services.matrix.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + + element: + image: avhost/docker-matrix-element:{{ services.element.version }} + restart: unless-stopped + networks: + - default + - external_services + expose: + - "8080" + volumes: + - "{{ services.element.volume_folder }}/data:/data" + environment: + VIRTUAL_HOST: "{{ services.element.domains | join(',') }}" + VIRTUAL_PORT: "8080" + LETSENCRYPT_HOST: "{{ services.element.domains | join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true + postfix: + external: true diff --git a/roles/docker/templates/compose-files/membersystem.yml.j2 b/roles/docker/templates/compose-files/membersystem.yml.j2 new file mode 100644 index 0000000..fae3767 --- /dev/null +++ b/roles/docker/templates/compose-files/membersystem.yml.j2 @@ -0,0 +1,44 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: docker.data.coop/membersystem:{{ services.membersystem.version }} + restart: always + user: "$UID:$GID" + tty: true + networks: + - default + - external_services + - postfix + environment: + SECRET_KEY: "{{ membersystem_secrets.secret_key }}" + DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres + POSTGRES_HOST: postgres + POSTGRES_PORT: 5432 + EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend + EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }} + VIRTUAL_HOST: "{{ services.membersystem.domain }}" + VIRTUAL_PORT: "8000" + LETSENCRYPT_HOST: "{{ services.membersystem.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + ALLOWED_HOSTS: "{{ services.membersystem.domain }}" + CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }} + DJANGO_ADMINS: "{{ services.membersystem.django_admins }}" + DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }} + depends_on: + - postgres + + postgres: + image: postgres:{{ services.membersystem.postgres_version }} + restart: always + volumes: + - "./postgres/data:/var/lib/postgresql/data" + environment: + POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}" + +networks: + external_services: + external: true + postfix: + external: true diff --git a/roles/docker/templates/compose-files/nextcloud.yml.j2 b/roles/docker/templates/compose-files/nextcloud.yml.j2 new file mode 100644 index 0000000..b95c55d --- /dev/null +++ b/roles/docker/templates/compose-files/nextcloud.yml.j2 @@ -0,0 +1,59 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + postgres: + image: postgres:{{ services.nextcloud.postgres_version }} + restart: unless-stopped + volumes: + - "./postgres:/var/lib/postgresql/data" + environment: + POSTGRES_DB: nextcloud + POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" + POSTGRES_USER: nextcloud + + redis: + image: redis:{{ services.nextcloud.redis_version }} + restart: unless-stopped + command: redis-server --requirepass {{ nextcloud_secrets.redis_password }} + tmpfs: + - /var/lib/redis + + cron: + image: nextcloud:{{ services.nextcloud.version }} + restart: unless-stopped + entrypoint: /cron.sh + volumes: + - "./app:/var/www/html" + depends_on: + - postgres + - redis + + app: + image: nextcloud:{{ services.nextcloud.version }} + restart: unless-stopped + networks: + - default + - postfix + - external_services + volumes: + - "./app:/var/www/html" + environment: + VIRTUAL_HOST: "{{ services.nextcloud.domain }}" + LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + POSTGRES_HOST: postgres + POSTGRES_DB: nextcloud + POSTGRES_USER: nextcloud + POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" + REDIS_HOST: redis + REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}" + depends_on: + - postgres + - redis + +networks: + postfix: + external: true + external_services: + external: true diff --git a/roles/docker/templates/compose-files/passit.yml.j2 b/roles/docker/templates/compose-files/passit.yml.j2 new file mode 100644 index 0000000..810d76e --- /dev/null +++ b/roles/docker/templates/compose-files/passit.yml.j2 @@ -0,0 +1,38 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + db: + image: postgres:{{ services.passit.postgres_version }} + restart: always + volumes: + - "./data:/var/lib/postgresql/data" + environment: + POSTGRES_USER: passit + POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}" + + app: + image: passit/passit:{{ services.passit.version }} + command: bin/start.sh + restart: always + networks: + - default + - postfix + - external_services + environment: + DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit + SECRET_KEY: "{{ passit_secret_key }}" + IS_DEBUG: "False" + EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }} + DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }} + EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }} + FIDO_SERVER_ID: "{{ services.passit.domain }}" + VIRTUAL_HOST: "{{ services.passit.domain }}" + LETSENCRYPT_HOST: "{{ services.passit.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + postfix: + external: true + external_services: + external: true diff --git a/roles/docker/templates/compose-files/rallly.yml.j2 b/roles/docker/templates/compose-files/rallly.yml.j2 new file mode 100644 index 0000000..f8cf987 --- /dev/null +++ b/roles/docker/templates/compose-files/rallly.yml.j2 @@ -0,0 +1,41 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + db: + image: postgres:{{ services.rallly.postgres_version }} + restart: always + shm_size: 256mb + volumes: + - "./postgres:/var/lib/postgresql/data" + environment: + POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}" + POSTGRES_DB: rallly_db + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + rallly: + image: lukevella/rallly:{{ services.rallly.version }} + restart: always + networks: + - default + - external_services + - postfix + depends_on: + db: + condition: service_healthy + env_file: rallly.env + environment: + VIRTUAL_HOST: "{{ services.rallly.domain }}" + VIRTUAL_PORT: "3000" + LETSENCRYPT_HOST: "{{ services.rallly.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true + postfix: + external: true diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 new file mode 100644 index 0000000..1f2ed2b --- /dev/null +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -0,0 +1,37 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + backup: + image: mazzolino/restic:{{ services.restic.version }} + restart: always + environment: + RUN_ON_STARTUP: false + BACKUP_CRON: "0 30 3 * * *" + RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }} + RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" + RESTIC_BACKUP_SOURCES: /mnt/volumes + RESTIC_BACKUP_ARGS: >- + --tag datacoop-volumes + --exclude '*.tmp' + --verbose + RESTIC_FORGET_ARGS: >- + --keep-last 10 + --keep-daily 7 + --keep-weekly 5 + --keep-monthly 12 + TZ: Europe/Copenhagen + volumes: + - "./ssh:/run/secrets/.ssh:ro" + - "/docker-volumes:/mnt/volumes:ro" + + prune: + image: mazzolino/restic:{{ services.restic.version }} + environment: + RUN_ON_STARTUP: false + PRUNE_CRON: "0 30 4 * * *" + RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }} + RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" + TZ: Europe/copenhagen + volumes: + - "./ssh:/run/secrets/.ssh:ro" diff --git a/roles/docker/templates/rallly/env.j2 b/roles/docker/templates/rallly/env.j2 index 6403696..5fa89ea 100644 --- a/roles/docker/templates/rallly/env.j2 +++ b/roles/docker/templates/rallly/env.j2 @@ -1,5 +1,5 @@ NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}" -DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db" +DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@db:5432/rallly_db" SECRET_PASSWORD="{{ rallly_secrets.secret_password }}" SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}" SMTP_HOST="{{ smtp_host }}" From 85aa718480224c61ddead116dadc82627dd9d2be Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 30 Sep 2023 16:42:16 +0200 Subject: [PATCH 17/74] Split Matrix and Element into their own Compose stacks --- roles/docker/defaults/main.yml | 7 ++-- roles/docker/tasks/services/element.yml | 32 +++++++++++++++++++ .../{matrix_element.yml => matrix.yml} | 31 ++---------------- .../templates/compose-files/element.yml.j2 | 22 +++++++++++++ .../{matrix_element.yml.j2 => matrix.yml.j2} | 16 ---------- 5 files changed, 60 insertions(+), 48 deletions(-) create mode 100644 roles/docker/tasks/services/element.yml rename roles/docker/tasks/services/{matrix_element.yml => matrix.yml} (56%) create mode 100644 roles/docker/templates/compose-files/element.yml.j2 rename roles/docker/templates/compose-files/{matrix_element.yml.j2 => matrix.yml.j2} (64%) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 5477414..46cca1b 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -92,7 +92,7 @@ services: allowed_sender_domain: true matrix: - file: matrix_element.yml + file: matrix.yml domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" version: v1.90.0 @@ -100,9 +100,8 @@ services: allowed_sender_domain: true element: - domains: - - "riot.{{ base_domain }}" - - "element.{{ base_domain }}" + file: element.yml + domain: "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/element" version: v1.11.43 diff --git a/roles/docker/tasks/services/element.yml b/roles/docker/tasks/services/element.yml new file mode 100644 index 0000000..b325bdf --- /dev/null +++ b/roles/docker/tasks/services/element.yml @@ -0,0 +1,32 @@ +# vim: ft=yaml.ansible +--- +- name: Create Element volume folder + file: + name: "{{ services.element.volume_folder }}/data" + state: directory + +- name: Upload Element config.json + template: + src: element/config.json.j2 + dest: "{{ services.element.volume_folder }}/data/config.json" + +- name: Upload Element riot.im.conf + copy: + src: element/riot.im.conf + dest: "{{ services.element.volume_folder }}/data/riot.im.conf" + +- name: Upload vhost config for Element domain + copy: + src: vhost/element + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}" + +- name: Upload Compose file for Element + template: + src: compose-files/element.yml.j2 + dest: "{{ services.element.volume_folder }}/docker-compose.yml" + +- name: Deploy Element + docker_compose: + project_src: "{{ services.element.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/matrix_element.yml b/roles/docker/tasks/services/matrix.yml similarity index 56% rename from roles/docker/tasks/services/matrix_element.yml rename to roles/docker/tasks/services/matrix.yml index 605084b..2a4a6f8 100644 --- a/roles/docker/tasks/services/matrix_element.yml +++ b/roles/docker/tasks/services/matrix.yml @@ -16,38 +16,13 @@ - name: Create Matrix DB folder file: name: "{{ services.matrix.volume_folder }}/db" - state: "directory" - -- name: Create Element volume folders - file: - name: "{{ services.element.volume_folder }}/{{ volume }}" state: directory - loop: - - "data" - loop_control: - loop_var: volume - -- name: Upload Element config.json - template: - src: element/config.json.j2 - dest: "{{ services.element.volume_folder }}/data/config.json" - -- name: Upload Element riot.im.conf - copy: - src: element/riot.im.conf - dest: "{{ services.element.volume_folder }}/data/riot.im.conf" - name: upload vhost config for matrix domain copy: src: vhost/matrix dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}" -- name: Upload vhost config for Element domain - copy: - src: vhost/element - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}" - loop: "{{ services.element.domains }}" - - name: Upload homeserver.yaml template: src: matrix/homeserver.yaml.j2 @@ -58,12 +33,12 @@ src: matrix/log.config dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" -- name: Upload Compose file for Matrix and Element +- name: Upload Compose file for Matrix template: - src: compose-files/matrix_element.yml.j2 + src: compose-files/matrix.yml.j2 dest: "{{ services.matrix.volume_folder }}/docker-compose.yml" -- name: Deploy Matrix and Element +- name: Deploy Matrix docker_compose: project_src: "{{ services.matrix.volume_folder }}" pull: true diff --git a/roles/docker/templates/compose-files/element.yml.j2 b/roles/docker/templates/compose-files/element.yml.j2 new file mode 100644 index 0000000..2a875ce --- /dev/null +++ b/roles/docker/templates/compose-files/element.yml.j2 @@ -0,0 +1,22 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + element: + image: avhost/docker-matrix-element:{{ services.element.version }} + restart: unless-stopped + networks: + - external_services + expose: + - "8080" + volumes: + - "./data:/data" + environment: + VIRTUAL_HOST: "{{ services.element.domain }}" + VIRTUAL_PORT: "8080" + LETSENCRYPT_HOST: "{{ services.element.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/matrix_element.yml.j2 b/roles/docker/templates/compose-files/matrix.yml.j2 similarity index 64% rename from roles/docker/templates/compose-files/matrix_element.yml.j2 rename to roles/docker/templates/compose-files/matrix.yml.j2 index f787e61..0bbffa5 100644 --- a/roles/docker/templates/compose-files/matrix_element.yml.j2 +++ b/roles/docker/templates/compose-files/matrix.yml.j2 @@ -29,22 +29,6 @@ services: LETSENCRYPT_HOST: "{{ services.matrix.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - element: - image: avhost/docker-matrix-element:{{ services.element.version }} - restart: unless-stopped - networks: - - default - - external_services - expose: - - "8080" - volumes: - - "{{ services.element.volume_folder }}/data:/data" - environment: - VIRTUAL_HOST: "{{ services.element.domains | join(',') }}" - VIRTUAL_PORT: "8080" - LETSENCRYPT_HOST: "{{ services.element.domains | join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - networks: external_services: external: true From 728455f42a732a0f572ae0c54700bbea26fb467e Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 30 Sep 2023 17:19:10 +0200 Subject: [PATCH 18/74] Convert Netdata to a Compose stack, close #80 --- roles/docker/tasks/services/netdata.yml | 31 ++++++---------- .../templates/compose-files/netdata.yml.j2 | 36 +++++++++++++++++++ 2 files changed, 46 insertions(+), 21 deletions(-) create mode 100644 roles/docker/templates/compose-files/netdata.yml.j2 diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index 7cf01e6..3631c99 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -1,23 +1,12 @@ # vim: ft=yaml.ansible --- -- name: setup netdata docker container for system monitoring - docker_container: - name: netdata - image: netdata/netdata:{{ services.netdata.version }} - restart_policy: unless-stopped - hostname: "hevonen.servers.{{ base_domain }}" - capabilities: - - SYS_PTRACE - security_opts: - - apparmor:unconfined - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ services.netdata.domain }}" - LETSENCRYPT_HOST: "{{ services.netdata.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - PGID: "999" +- name: Upload Compose file for Netdata + template: + src: compose-files/netdata.yml.j2 + dest: "{{ services.netdata.volume_folder }}/docker-compose.yml" + +- name: Deploy Netdata + docker_compose: + project_src: "{{ services.netdata.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/templates/compose-files/netdata.yml.j2 b/roles/docker/templates/compose-files/netdata.yml.j2 new file mode 100644 index 0000000..dcf5ead --- /dev/null +++ b/roles/docker/templates/compose-files/netdata.yml.j2 @@ -0,0 +1,36 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: netdata/netdata:{{ services.netdata.version }} + restart: unless-stopped + hostname: hevonen.servers.{{ base_domain }} + volumes: + - "/proc:/host/proc:ro" + - "/sys:/host/sys:ro" + - "/etc/os-release:/host/etc/os-release:ro" + networks: + - default + - external_services + environment: + VIRTUAL_HOST : "{{ services.netdata.domain }}" + LETSENCRYPT_HOST: "{{ services.netdata.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + PGID: "999" + DOCKER_HOST: "socket_proxy:2375" + cap_add: + - SYS_PTRACE + security_opt: + - apparmor:unconfined + + socket_proxy: + image: tecnativa/docker-socket-proxy:latest + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + environment: + CONTAINERS: 1 + +networks: + external_services: + external: true From f50831460c93041cac1bca5f6e75ae3360b28297 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 30 Sep 2023 18:15:27 +0200 Subject: [PATCH 19/74] Convert all services to Compose stacks --- roles/docker/defaults/main.yml | 20 ++--- .../docker/tasks/services/docker_registry.yml | 44 ++++++----- roles/docker/tasks/services/drone.yml | 5 ++ roles/docker/tasks/services/forgejo.yml | 48 ++++-------- roles/docker/tasks/services/keycloak.yml | 5 ++ roles/docker/tasks/services/membersystem.yml | 5 ++ roles/docker/tasks/services/netdata.yml | 5 ++ roles/docker/tasks/services/nextcloud.yml | 10 +++ roles/docker/tasks/services/nginx_proxy.yml | 41 +++------- roles/docker/tasks/services/openldap.yml | 77 ++++--------------- roles/docker/tasks/services/portainer.yml | 25 +++--- roles/docker/tasks/services/postfix.yml | 26 +++---- roles/docker/tasks/services/privatebin.yml | 24 +++--- roles/docker/tasks/services/watchtower.yml | 27 ++++--- .../compose-files/docker_registry.yml.j2 | 23 ++++++ .../templates/compose-files/drone.yml.j2 | 2 +- .../templates/compose-files/element.yml.j2 | 2 +- .../templates/compose-files/forgejo.yml.j2 | 37 +++++++++ .../compose-files/nginx_proxy.yml.j2 | 38 +++++++++ .../templates/compose-files/openldap.yml.j2 | 58 ++++++++++++++ .../templates/compose-files/portainer.yml.j2 | 21 +++++ .../templates/compose-files/postfix.yml.j2 | 20 +++++ .../templates/compose-files/privatebin.yml.j2 | 20 +++++ .../templates/compose-files/rallly.yml.j2 | 2 +- .../templates/compose-files/watchtower.yml.j2 | 12 +++ 25 files changed, 374 insertions(+), 223 deletions(-) create mode 100644 roles/docker/templates/compose-files/docker_registry.yml.j2 create mode 100644 roles/docker/templates/compose-files/forgejo.yml.j2 create mode 100644 roles/docker/templates/compose-files/nginx_proxy.yml.j2 create mode 100644 roles/docker/templates/compose-files/openldap.yml.j2 create mode 100644 roles/docker/templates/compose-files/portainer.yml.j2 create mode 100644 roles/docker/templates/compose-files/postfix.yml.j2 create mode 100644 roles/docker/templates/compose-files/privatebin.yml.j2 create mode 100644 roles/docker/templates/compose-files/watchtower.yml.j2 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 46cca1b..e0365ce 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -13,24 +13,21 @@ services: nginx_proxy: file: nginx_proxy.yml - version: "1.3-alpine" volume_folder: "{{ volume_root_folder }}/nginx" - - nginx_acme_companion: - version: "2.2" + version: "1.3-alpine" + acme_companion_version: "2.2" openldap: file: openldap.yml domain: "ldap.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/openldap" version: "1.5.0" - - phpldapadmin: - version: "0.9.0" + phpldapadmin_version: "0.9.0" netdata: file: netdata.yml domain: "netdata.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/netdata" version: "v1" portainer: @@ -196,17 +193,12 @@ services: file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" + volume_folder: "{{ volume_root_folder }}/membersystem" version: latest postgres_version: 13-alpine allowed_sender_domain: true - byro: - file: byro.yml - domain: "byro.{{ base_domain }}" - postgres_version: 14-alpine - volume_folder: "{{ volume_root_folder }}/byro-data" - allowed_sender_domain: true - watchtower: file: watchtower.yml + volume_folder: "{{ volume_root_folder }}/watchtower" version: "1.5.3" diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index 3adee6d..3ef9542 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -1,32 +1,36 @@ # vim: ft=yaml.ansible --- -- name: copy docker registry vhost configuration +- name: Create Docker registry volume folders + file: + path: "{{ services.docker_registry.volume_folder }}/{{ volume }}" + state: directory + loop: + - auth + - registry + loop_control: + loop_var: volume + +- name: Copy docker registry vhost configuration copy: src: vhost/docker_registry dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" mode: "0644" -- name: docker registry container - docker_container: - name: registry - image: registry:{{ services.docker_registry.version }} - restart_policy: always - volumes: - - "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry" - - "{{ services.docker_registry.volume_folder }}/auth:/auth" - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.docker_registry.domain }}" - LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - REGISTRY_AUTH: "htpasswd" - REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd" - REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry" +- name: Upload Compose file for Docker registry + template: + src: compose-files/docker_registry.yml.j2 + dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml" -- name: generate htpasswd file - shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd" +- name: Deploy Docker registry + docker_compose: + project_src: "{{ services.docker_registry.volume_folder }}" + pull: true + state: present + +- name: Generate htpasswd file + shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd" args: + chdir: "{{ services.docker_registry.volume_folder }}" creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" - name: log in to registry diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml index de8720e..8e4fa25 100644 --- a/roles/docker/tasks/services/drone.yml +++ b/roles/docker/tasks/services/drone.yml @@ -1,5 +1,10 @@ # vim: ft=yaml.ansible --- +- name: Create Drone volume folder + file: + path: "{{ services.drone.volume_folder }}" + state: directory + - name: Upload Compose file for Drone template: src: compose-files/drone.yml.j2 diff --git a/roles/docker/tasks/services/forgejo.yml b/roles/docker/tasks/services/forgejo.yml index 9978b82..826a190 100644 --- a/roles/docker/tasks/services/forgejo.yml +++ b/roles/docker/tasks/services/forgejo.yml @@ -1,37 +1,17 @@ # vim: ft=yaml.ansible --- -- name: Create Docker network for Forgejo - docker_network: - name: forgejo +- name: Create Forgejo volume folder + file: + name: "{{ services.portainer.volume_folder }}" + state: directory -# old DNS: 138.68.71.153 -- name: Set up Forgejo container - docker_container: - name: forgejo - image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }} - restart_policy: unless-stopped - networks: - - name: forgejo - - name: postfix - - name: external_services - volumes: - - "{{ services.forgejo.volume_folder }}:/data" - published_ports: - - "22:22" - env: - VIRTUAL_HOST: "{{ services.forgejo.domain }}" - VIRTUAL_PORT: "3000" - LETSENCRYPT_HOST: "{{ services.forgejo.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - # Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization - # https://docs.gitea.io/en-us/config-cheat-sheet/#security-security - FORGEJO__mailer__ENABLED: "true" - FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}" - FORGEJO__mailer__PROTOCOL: "smtp" - FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}" - FORGEJO__security__LOGIN_REMEMBER_DAYS: "60" - FORGEJO__security__PASSWORD_COMPLEXITY: "off" - FORGEJO__security__MIN_PASSWORD_LENGTH: "8" - FORGEJO__security__PASSWORD_CHECK_PWN: "true" - FORGEJO__service__ENABLE_NOTIFY_MAIL: "true" - FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true" +- name: Upload Compose file for Forgejo + template: + src: compose-files/forgejo.yml.j2 + dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" + +- name: Deploy Forgejo + docker_compose: + project_src: "{{ services.forgejo.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 45feb25..ff341b9 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -1,5 +1,10 @@ # vim: ft=yaml.ansible --- +- name: Create Keycloak volume folder + file: + path: "{{ services.keycloak.volume_folder }}/data" + state: directory + - name: Upload Compose file for for Keycloak template: src: compose-files/keycloak.yml.j2 diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index ba9135e..357c169 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -1,5 +1,10 @@ # vim: ft=yaml.ansible --- +- name: Create Membersystem volume folder + file: + name: "{{ services.membersystem.volume_folder }}" + state: directory + - name: Upload Compose file for Membersystem template: src: compose-files/membersystem.yml.j2 diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index 3631c99..e5234b6 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -1,5 +1,10 @@ # vim: ft=yaml.ansible --- +- name: Create Netdata volume folder + file: + path: "{{ services.netdata.volume_folder }}" + state: directory + - name: Upload Compose file for Netdata template: src: compose-files/netdata.yml.j2 diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index acfa587..7273bcf 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -1,5 +1,15 @@ # vim: ft=yaml.ansible --- +- name: Create Nextcloud volume folders + file: + path: "{{ services.nextcloud.volume_folder }}/{{ volume }}" + state: directory + loop: + - app + - postgres + loop_control: + loop_var: volume + - name: upload vhost config for cloud.data.coop copy: src: vhost/nextcloud diff --git a/roles/docker/tasks/services/nginx_proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml index 2f92611..6865952 100644 --- a/roles/docker/tasks/services/nginx_proxy.yml +++ b/roles/docker/tasks/services/nginx_proxy.yml @@ -13,36 +13,13 @@ loop_control: loop_var: volume -- name: nginx proxy container - docker_container: - name: nginx-proxy - image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }} - restart_policy: always - networks: - - name: external_services - published_ports: - - "80:80" - - "443:443" - volumes: - - "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d" - - "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d" - - "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html" - - "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam" - - "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro" - - /var/run/docker.sock:/tmp/docker.sock:ro - -- name: nginx letsencrypt container - docker_container: - name: nginx-proxy-le - image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }} - restart_policy: always - volumes: - - "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d" - - "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html" - - "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro" - - "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs" - - /var/run/docker.sock:/var/run/docker.sock:ro - env: - NGINX_PROXY_CONTAINER: nginx-proxy - when: letsencrypt_enabled +- name: Upload Compose file for nginx-proxy + template: + src: compose-files/nginx_proxy.yml.j2 + dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml" +- name: Deploy nginx-proxy + docker_compose: + project_src: "{{ services.nginx_proxy.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml index 4aace81..b477a5b 100644 --- a/roles/docker/tasks/services/openldap.yml +++ b/roles/docker/tasks/services/openldap.yml @@ -1,74 +1,23 @@ # vim: ft=yaml.ansible --- -- name: create ldap volume folders +- name: Create OpenLDAP volume folders file: name: "{{ services.openldap.volume_folder }}/{{ volume }}" state: directory loop: - - "var/lib/ldap" - - "etc/slapd" - - "certs" + - var/lib/ldap + - etc/slapd + - certs loop_control: loop_var: volume -- name: Create a network for ldap - docker_network: - name: ldap +- name: Upload Compose file for OpenLDAP + template: + src: compose-files/openldap.yml.j2 + dest: "{{ services.openldap.volume_folder }}/docker-compose.yml" -- name: openLDAP container - docker_container: - name: openldap - image: osixia/openldap:{{ services.openldap.version }} - tty: true - interactive: true - restart_policy: unless-stopped - volumes: - - "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap" - - "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d" - - "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/" - published_ports: - - "389:389" - - "636:636" - hostname: "{{ services.openldap.domain }}" - domainname: "{{ services.openldap.domain }}" # important: same as hostname - networks: - - name: ldap - env: - LDAP_LOG_LEVEL: "256" - LDAP_ORGANISATION: "{{ base_domain }}" - LDAP_DOMAIN: "{{ base_domain }}" - LDAP_BASE_DN: "" - LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}" - LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}" - LDAP_READONLY_USER: "false" - LDAP_RFC2307BIS_SCHEMA: "false" - LDAP_BACKEND: "mdb" - LDAP_TLS: "true" - LDAP_TLS_CRT_FILENAME: "ldap.crt" - LDAP_TLS_KEY_FILENAME: "ldap.key" - LDAP_TLS_CA_CRT_FILENAME: "ca.crt" - LDAP_TLS_ENFORCE: "false" - LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" - LDAP_TLS_PROTOCOL_MIN: "3.1" - LDAP_TLS_VERIFY_CLIENT: "demand" - LDAP_REPLICATION: "false" - KEEP_EXISTING_CONFIG: "false" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" - LDAP_SSL_HELPER_PREFIX: "ldap" - -- name: phpLDAPadmin container - docker_container: - name: phpldapadmin - image: osixia/phpldapadmin:{{ services.phpldapadmin.version }} - restart_policy: unless-stopped - networks: - - name: external_services - - name: ldap - env: - PHPLDAPADMIN_LDAP_HOSTS: "openldap" - PHPLDAPADMIN_HTTPS: "false" - PHPLDAPADMIN_TRUST_PROXY_SSL: "true" - - VIRTUAL_HOST: "{{ services.openldap.domain }}" - LETSENCRYPT_HOST: "{{ services.openldap.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" +- name: Deploy OpenLDAP + docker_compose: + project_src: "{{ services.openldap.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml index dae0e87..5f158c9 100644 --- a/roles/docker/tasks/services/portainer.yml +++ b/roles/docker/tasks/services/portainer.yml @@ -5,18 +5,13 @@ name: "{{ services.portainer.volume_folder }}" state: directory -- name: run portainer - docker_container: - name: portainer - image: portainer/portainer-ee:{{ services.portainer.version }} - restart_policy: always - networks: - - name: external_services - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - "{{ services.portainer.volume_folder }}:/data" - env: - VIRTUAL_HOST: "{{ services.portainer.domain }}" - VIRTUAL_PORT: "9000" - LETSENCRYPT_HOST: "{{ services.portainer.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" +- name: Upload Compose file for Portainer + template: + src: compose-files/portainer.yml.j2 + dest: "{{ services.portainer.volume_folder }}/docker-compose.yml" + +- name: Deploy Portainer + docker_compose: + project_src: "{{ services.portainer.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml index ece525e..5298b15 100644 --- a/roles/docker/tasks/services/postfix.yml +++ b/roles/docker/tasks/services/postfix.yml @@ -1,6 +1,6 @@ # vim: ft=yaml.ansible --- -- name: Set up network for postfix +- name: Set up network for Postfix docker_network: name: postfix ipam_config: @@ -12,17 +12,13 @@ name: "{{ services.postfix.volume_folder }}/dkim" state: directory -- name: Set up Postfix Docker container for outgoing mail from services - docker_container: - name: postfix - image: boky/postfix:{{ services.postfix.version }} - restart_policy: always - networks: - - name: postfix - volumes: - - "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys" - env: - # Get all services which have allowed_sender_domain defined - ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" - HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as - DKIM_AUTOGENERATE: "true" +- name: Upload Compose file for Postfix + template: + src: compose-files/postfix.yml.j2 + dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" + +- name: Deploy Postfix + docker_compose: + project_src: "{{ services.postfix.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml index 354d81c..09d648c 100644 --- a/roles/docker/tasks/services/privatebin.yml +++ b/roles/docker/tasks/services/privatebin.yml @@ -15,17 +15,13 @@ src: privatebin/conf.php dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" -- name: privatebin app container - docker_container: - name: privatebin - image: jgeusebroek/privatebin:{{ services.privatebin.version }} - restart_policy: unless-stopped - volumes: - - "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg" - - "{{ services.privatebin.volume_folder }}/data:/privatebin/data" - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.privatebin.domain }}" - LETSENCRYPT_HOST: "{{ services.privatebin.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" +- name: Upload Compose file for PrivateBin + template: + src: compose-files/privatebin.yml.j2 + dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml" + +- name: Deploy PrivateBin + docker_compose: + project_src: "{{ services.private.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml index c64c7f2..e528024 100644 --- a/roles/docker/tasks/services/watchtower.yml +++ b/roles/docker/tasks/services/watchtower.yml @@ -1,14 +1,17 @@ # vim: ft=yaml.ansible --- -- name: watchtower container - docker_container: - name: watchtower - image: containrrr/watchtower:{{ services.watchtower.version }} - restart_policy: unless-stopped - networks: - - name: external_services - env: - WATCHTOWER_POLL_INTERVAL: "60" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock" - - "/root/.docker/config.json:/config.json:ro" +- name: Create Watchtower volume folder + file: + name: "{{ services.watchtower.volume_folder }}" + state: directory + +- name: Upload Compose file for Watchtower + template: + src: compose-files/watchtower.yml.j2 + dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml" + +- name: Deploy Watchtower + docker_compose: + project_src: "{{ services.watchtower.volume_folder }}" + pull: true + state: present diff --git a/roles/docker/templates/compose-files/docker_registry.yml.j2 b/roles/docker/templates/compose-files/docker_registry.yml.j2 new file mode 100644 index 0000000..1e0d69c --- /dev/null +++ b/roles/docker/templates/compose-files/docker_registry.yml.j2 @@ -0,0 +1,23 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: registry:{{ services.docker_registry.version }} + restart: always + networks: + - external_services + volumes: + - "./registry:/var/lib/registry" + - "./auth:/auth" + environment: + VIRTUAL_HOST: "{{ services.docker_registry.domain }}" + LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + REGISTRY_AUTH: "htpasswd" + REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd" + REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/drone.yml.j2 b/roles/docker/templates/compose-files/drone.yml.j2 index d62eb4b..377720a 100644 --- a/roles/docker/templates/compose-files/drone.yml.j2 +++ b/roles/docker/templates/compose-files/drone.yml.j2 @@ -2,7 +2,7 @@ version: "3.8" services: - drone: + app: image: drone/drone:{{ services.drone.version }} restart: unless-stopped networks: diff --git a/roles/docker/templates/compose-files/element.yml.j2 b/roles/docker/templates/compose-files/element.yml.j2 index 2a875ce..5f615ea 100644 --- a/roles/docker/templates/compose-files/element.yml.j2 +++ b/roles/docker/templates/compose-files/element.yml.j2 @@ -2,7 +2,7 @@ version: "3.8" services: - element: + app: image: avhost/docker-matrix-element:{{ services.element.version }} restart: unless-stopped networks: diff --git a/roles/docker/templates/compose-files/forgejo.yml.j2 b/roles/docker/templates/compose-files/forgejo.yml.j2 new file mode 100644 index 0000000..530b463 --- /dev/null +++ b/roles/docker/templates/compose-files/forgejo.yml.j2 @@ -0,0 +1,37 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }} + restart: unless-stopped + networks: + - external_services + - postfix + volumes: + - ".:/data" + ports: + - "22:22" + environment: + VIRTUAL_HOST: "{{ services.forgejo.domain }}" + VIRTUAL_PORT: "3000" + LETSENCRYPT_HOST: "{{ services.forgejo.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + # Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization + # https://docs.gitea.io/en-us/config-cheat-sheet/#security-security + FORGEJO__mailer__ENABLED: true + FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }} + FORGEJO__mailer__PROTOCOL: smtp + FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}" + FORGEJO__security__LOGIN_REMEMBER_DAYS: "60" + FORGEJO__security__PASSWORD_COMPLEXITY: off + FORGEJO__security__MIN_PASSWORD_LENGTH: "8" + FORGEJO__security__PASSWORD_CHECK_PWN: true + FORGEJO__service__ENABLE_NOTIFY_MAIL: true + FORGEJO__service__REGISTER_EMAIL_CONFIRM: true + +networks: + external_services: + external: true + postfix: + external: true diff --git a/roles/docker/templates/compose-files/nginx_proxy.yml.j2 b/roles/docker/templates/compose-files/nginx_proxy.yml.j2 new file mode 100644 index 0000000..ffee37a --- /dev/null +++ b/roles/docker/templates/compose-files/nginx_proxy.yml.j2 @@ -0,0 +1,38 @@ +version: "3.8" + +services: + proxy: + image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }} + restart: always + networks: + - external_services + ports: + - "80:80" + - "443:443" + volumes: + - "./conf:/etc/nginx/conf.d" + - "./vhost:/etc/nginx/vhost.d" + - "./html:/usr/share/nginx/html" + - "./dhparam:/etc/nginx/dhparam" + - "./certs:/etc/nginx/certs:ro" + - "/var/run/docker.sock:/tmp/docker.sock:ro" + labels: + - com.github.nginx-proxy.nginx + +{% if letsencrypt_enabled %} + acme: + image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }} + restart: always + volumes: + - "./vhost:/etc/nginx/vhost.d" + - "./html:/usr/share/nginx/html" + - "./dhparam:/etc/nginx/dhparam:ro" + - "./certs:/etc/nginx/certs" + - /var/run/docker.sock:/var/run/docker.sock:ro + depends_on: + - proxy +{% endif %} + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/openldap.yml.j2 b/roles/docker/templates/compose-files/openldap.yml.j2 new file mode 100644 index 0000000..6d9532f --- /dev/null +++ b/roles/docker/templates/compose-files/openldap.yml.j2 @@ -0,0 +1,58 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: osixia/openldap:{{ services.openldap.version }} + restart: unless-stopped + tty: true + stdin_open: true + volumes: + - "./var/lib/ldap:/var/lib/ldap" + - "./etc/slapd.d:/etc/ldap/slapd.d" + - "./certs:/container/service/slapd/assets/certs/" + ports: + - "389:389" + - "636:636" + hostname: "{{ services.openldap.domain }}" + domainname: "{{ services.openldap.domain }}" # important: same as hostname + environment: + LDAP_LOG_LEVEL: "256" + LDAP_ORGANISATION: "{{ base_domain }}" + LDAP_DOMAIN: "{{ base_domain }}" + LDAP_BASE_DN: "" + LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}" + LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}" + LDAP_READONLY_USER: false + LDAP_RFC2307BIS_SCHEMA: false + LDAP_BACKEND: mdb + LDAP_TLS: true + LDAP_TLS_CRT_FILENAME: ldap.crt + LDAP_TLS_KEY_FILENAME: ldap.key + LDAP_TLS_CA_CRT_FILENAME: ca.crt + LDAP_TLS_ENFORCE: false + LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0 + LDAP_TLS_PROTOCOL_MIN: "3.1" + LDAP_TLS_VERIFY_CLIENT: demand + LDAP_REPLICATION: false + KEEP_EXISTING_CONFIG: false + LDAP_REMOVE_CONFIG_AFTER_SETUP: true + LDAP_SSL_HELPER_PREFIX: ldap + + admin: + image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }} + restart: unless-stopped + networks: + - default + - external_services + environment: + PHPLDAPADMIN_LDAP_HOSTS: app + PHPLDAPADMIN_HTTPS: false + PHPLDAPADMIN_TRUST_PROXY_SSL: true + VIRTUAL_HOST: "{{ services.openldap.domain }}" + LETSENCRYPT_HOST: "{{ services.openldap.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/portainer.yml.j2 b/roles/docker/templates/compose-files/portainer.yml.j2 new file mode 100644 index 0000000..5bbba8c --- /dev/null +++ b/roles/docker/templates/compose-files/portainer.yml.j2 @@ -0,0 +1,21 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: portainer/portainer-ee:{{ services.portainer.version }} + restart: always + networks: + - external_services + volumes: + - ".:/data" + - "/var/run/docker.sock:/var/run/docker.sock:rw" + environment: + VIRTUAL_HOST: "{{ services.portainer.domain }}" + VIRTUAL_PORT: "9000" + LETSENCRYPT_HOST: "{{ services.portainer.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/postfix.yml.j2 b/roles/docker/templates/compose-files/postfix.yml.j2 new file mode 100644 index 0000000..89f25ba --- /dev/null +++ b/roles/docker/templates/compose-files/postfix.yml.j2 @@ -0,0 +1,20 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: boky/postfix:{{ services.postfix.version }} + restart: always + networks: + - postfix + volumes: + - "./dkim:/etc/opendkim/keys" + environment: + # Get all services which have allowed_sender_domain defined + ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" + HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as + DKIM_AUTOGENERATE: true + +networks: + postfix: + external: true diff --git a/roles/docker/templates/compose-files/privatebin.yml.j2 b/roles/docker/templates/compose-files/privatebin.yml.j2 new file mode 100644 index 0000000..717515d --- /dev/null +++ b/roles/docker/templates/compose-files/privatebin.yml.j2 @@ -0,0 +1,20 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: jgeusebroek/privatebin:{{ services.privatebin.version }} + restart: unless-stopped + volumes: + - "./cfg:/privatebin/cfg" + - "./data:/privatebin/data" + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.privatebin.domain }}" + LETSENCRYPT_HOST: "{{ services.privatebin.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/rallly.yml.j2 b/roles/docker/templates/compose-files/rallly.yml.j2 index f8cf987..11a912d 100644 --- a/roles/docker/templates/compose-files/rallly.yml.j2 +++ b/roles/docker/templates/compose-files/rallly.yml.j2 @@ -17,7 +17,7 @@ services: timeout: 5s retries: 5 - rallly: + app: image: lukevella/rallly:{{ services.rallly.version }} restart: always networks: diff --git a/roles/docker/templates/compose-files/watchtower.yml.j2 b/roles/docker/templates/compose-files/watchtower.yml.j2 new file mode 100644 index 0000000..642b6aa --- /dev/null +++ b/roles/docker/templates/compose-files/watchtower.yml.j2 @@ -0,0 +1,12 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + app: + image: containrrr/watchtower:{{ services.watchtower.version }} + restart: unless-stopped + environment: + WATCHTOWER_POLL_INTERVAL: "60" + volumes: + - "/root/.docker/config.json:/config.json:ro" + - "/var/run/docker.sock:/var/run/docker.sock" From 52b1d1ccd2f44d7b79c6649dadc47a7235c46d71 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 3 Oct 2023 21:19:51 +0200 Subject: [PATCH 20/74] Use a block to deploy all services + add pre_deploy and post_deploy --- roles/docker/defaults/main.yml | 49 +++++------- .../tasks/post_deploy/docker_registry.yml | 13 ++++ roles/docker/tasks/post_deploy/mastodon.yml | 19 +++++ .../tasks/pre_deploy/docker_registry.yml | 17 +++++ .../{services => pre_deploy}/element.yml | 17 +---- roles/docker/tasks/pre_deploy/hedgedoc.yml | 17 +++++ .../tasks/{services => pre_deploy}/mailu.yml | 19 +---- roles/docker/tasks/pre_deploy/mastodon.yml | 45 +++++++++++ .../tasks/{services => pre_deploy}/matrix.yml | 25 ++----- roles/docker/tasks/pre_deploy/nextcloud.yml | 17 +++++ roles/docker/tasks/pre_deploy/nginx_proxy.yml | 14 ++++ roles/docker/tasks/pre_deploy/openldap.yml | 12 +++ roles/docker/tasks/pre_deploy/postfix.yml | 13 ++++ roles/docker/tasks/pre_deploy/privatebin.yml | 16 ++++ roles/docker/tasks/pre_deploy/rallly.yml | 11 +++ .../tasks/{services => pre_deploy}/restic.yml | 17 +---- roles/docker/tasks/services.yml | 31 ++++++++ .../docker/tasks/services/docker_registry.yml | 40 ---------- roles/docker/tasks/services/drone.yml | 17 ----- roles/docker/tasks/services/forgejo.yml | 17 ----- roles/docker/tasks/services/hedgedoc.yml | 28 ------- roles/docker/tasks/services/keycloak.yml | 17 ----- roles/docker/tasks/services/mastodon.yml | 75 ------------------- roles/docker/tasks/services/membersystem.yml | 17 ----- roles/docker/tasks/services/netdata.yml | 17 ----- roles/docker/tasks/services/nextcloud.yml | 28 ------- roles/docker/tasks/services/nginx_proxy.yml | 25 ------- roles/docker/tasks/services/openldap.yml | 23 ------ roles/docker/tasks/services/passit.yml | 19 ----- roles/docker/tasks/services/portainer.yml | 17 ----- roles/docker/tasks/services/postfix.yml | 24 ------ roles/docker/tasks/services/privatebin.yml | 27 ------- roles/docker/tasks/services/rallly.yml | 22 ------ roles/docker/tasks/services/watchtower.yml | 17 ----- 34 files changed, 260 insertions(+), 522 deletions(-) create mode 100644 roles/docker/tasks/post_deploy/docker_registry.yml create mode 100644 roles/docker/tasks/post_deploy/mastodon.yml create mode 100644 roles/docker/tasks/pre_deploy/docker_registry.yml rename roles/docker/tasks/{services => pre_deploy}/element.yml (55%) create mode 100644 roles/docker/tasks/pre_deploy/hedgedoc.yml rename roles/docker/tasks/{services => pre_deploy}/mailu.yml (68%) create mode 100644 roles/docker/tasks/pre_deploy/mastodon.yml rename roles/docker/tasks/{services => pre_deploy}/matrix.yml (57%) create mode 100644 roles/docker/tasks/pre_deploy/nextcloud.yml create mode 100644 roles/docker/tasks/pre_deploy/nginx_proxy.yml create mode 100644 roles/docker/tasks/pre_deploy/openldap.yml create mode 100644 roles/docker/tasks/pre_deploy/postfix.yml create mode 100644 roles/docker/tasks/pre_deploy/privatebin.yml create mode 100644 roles/docker/tasks/pre_deploy/rallly.yml rename roles/docker/tasks/{services => pre_deploy}/restic.yml (74%) delete mode 100644 roles/docker/tasks/services/docker_registry.yml delete mode 100644 roles/docker/tasks/services/drone.yml delete mode 100644 roles/docker/tasks/services/forgejo.yml delete mode 100644 roles/docker/tasks/services/hedgedoc.yml delete mode 100644 roles/docker/tasks/services/keycloak.yml delete mode 100644 roles/docker/tasks/services/mastodon.yml delete mode 100644 roles/docker/tasks/services/membersystem.yml delete mode 100644 roles/docker/tasks/services/netdata.yml delete mode 100644 roles/docker/tasks/services/nextcloud.yml delete mode 100644 roles/docker/tasks/services/nginx_proxy.yml delete mode 100644 roles/docker/tasks/services/openldap.yml delete mode 100644 roles/docker/tasks/services/passit.yml delete mode 100644 roles/docker/tasks/services/portainer.yml delete mode 100644 roles/docker/tasks/services/postfix.yml delete mode 100644 roles/docker/tasks/services/privatebin.yml delete mode 100644 roles/docker/tasks/services/rallly.yml delete mode 100644 roles/docker/tasks/services/watchtower.yml diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index e0365ce..6858779 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -6,38 +6,35 @@ services: ### Internal services ### postfix: - file: postfix.yml domain: "smtp.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/postfix" + pre_deploy_tasks: true version: "v3.6.1-alpine" nginx_proxy: - file: nginx_proxy.yml volume_folder: "{{ volume_root_folder }}/nginx" + pre_deploy_tasks: true version: "1.3-alpine" acme_companion_version: "2.2" openldap: - file: openldap.yml domain: "ldap.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/openldap" + pre_deploy_tasks: true version: "1.5.0" phpldapadmin_version: "0.9.0" netdata: - file: netdata.yml domain: "netdata.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/netdata" version: "v1" portainer: - file: portainer.yml domain: "portainer.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/portainer" version: "2.19.0" keycloak: - file: keycloak.yml domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" version: "22.0" @@ -45,19 +42,20 @@ services: allowed_sender_domain: true restic: - file: restic.yml + volume_folder: "{{ volume_root_folder }}/restic" + pre_deploy_tasks: true user: dc-user domain: rynkeby.skovgaard.tel host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo - volume_folder: "{{ volume_root_folder }}/restic" repository: restic version: "1.7.0" disabled_in_vagrant: true docker_registry: - file: docker_registry.yml domain: "docker.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/docker-registry" + pre_deploy_tasks: true + post_deploy_tasks: true username: "docker" password: "{{ docker_password }}" version: "2" @@ -65,23 +63,21 @@ services: ### External services ### nextcloud: - file: nextcloud.yml domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" + pre_deploy_tasks: true version: 27-apache postgres_version: "10" redis_version: 7-alpine allowed_sender_domain: true forgejo: - file: forgejo.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" version: "1.20" allowed_sender_domain: true passit: - file: passit.yml domain: "passit.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/passit" version: stable @@ -89,34 +85,33 @@ services: allowed_sender_domain: true matrix: - file: matrix.yml domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" + pre_deploy_tasks: true version: v1.90.0 postgres_version: 15-alpine allowed_sender_domain: true element: - file: element.yml domain: "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/element" + pre_deploy_tasks: true version: v1.11.43 privatebin: - file: privatebin.yml domain: "paste.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/privatebin" + pre_deploy_tasks: true version: "20221009" hedgedoc: - file: hedgedoc.yml domain: "pad.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/hedgedoc" + pre_deploy_tasks: true version: 1.9.9-alpine postgres_version: 10-alpine data_coop_website: - file: websites/data.coop.yml domain: "{{ base_domain }}" www_domain: "www.{{ base_domain }}" version: stable @@ -124,28 +119,23 @@ services: staging_version: staging slides_2022_website: - file: websites/2022.slides.data.coop.yml domain: "2022.slides.{{ base_domain }}" version: latest fedi_dk_website: - file: websites/fedi.dk.yaml domain: fedi.dk version: latest vhs_website: - file: websites/vhs.data.coop.yaml domain: vhs.data.coop version: latest cryptohagen_website: - file: websites/cryptohagen.dk.yml domains: - "cryptohagen.dk" - "www.cryptohagen.dk" ulovliglogning_website: - file: websites/ulovliglogning.dk.yml domains: - "ulovliglogning.dk" - "www.ulovliglogning.dk" @@ -153,44 +143,42 @@ services: - "www.ulovlig-logning.dk" cryptoaarhus_website: - file: websites/cryptoaarhus.dk.yml domains: - "cryptoaarhus.dk" - "www.cryptoaarhus.dk" drone: - file: drone.yml domain: "drone.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/drone" version: "1" mailu: - file: mailu.yml - version: "1.9" domain: "mail.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/mailu" + pre_deploy_tasks: true dns: 192.168.203.254 subnet: 192.168.203.0/24 - volume_folder: "{{ volume_root_folder }}/mailu" + version: "1.9" mastodon: - file: mastodon.yml domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" + pre_deploy_tasks: true + post_deploy_tasks: true version: v4.2.0 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true rallly: - file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" + pre_deploy_tasks: true version: "2" postgres_version: 14-alpine allowed_sender_domain: true membersystem: - file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" volume_folder: "{{ volume_root_folder }}/membersystem" @@ -199,6 +187,5 @@ services: allowed_sender_domain: true watchtower: - file: watchtower.yml volume_folder: "{{ volume_root_folder }}/watchtower" version: "1.5.3" diff --git a/roles/docker/tasks/post_deploy/docker_registry.yml b/roles/docker/tasks/post_deploy/docker_registry.yml new file mode 100644 index 0000000..10bc561 --- /dev/null +++ b/roles/docker/tasks/post_deploy/docker_registry.yml @@ -0,0 +1,13 @@ +# vim: ft=yaml.ansible +--- +- name: Generate htpasswd file + shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd + args: + chdir: "{{ services.docker_registry.volume_folder }}" + creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" + +- name: log in to registry + docker_login: + registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}" + username: docker + password: "{{ docker_password }}" diff --git a/roles/docker/tasks/post_deploy/mastodon.yml b/roles/docker/tasks/post_deploy/mastodon.yml new file mode 100644 index 0000000..790e2d8 --- /dev/null +++ b/roles/docker/tasks/post_deploy/mastodon.yml @@ -0,0 +1,19 @@ +# vim: ft=yaml.ansible +--- +- name: Configure cron job to remove old Mastodon media daily + cron: + name: Clean Mastodon media data older than a week + cron_file: ansible_mastodon_clean_media + job: docker exec mastodon_web_1 tootctl media remove --days 7 + special_time: daily + user: root + state: present + +- name: Configure cron job to remove old Mastodon preview cards daily + cron: + name: Clean Mastodon preview card data older than two weeks + cron_file: ansible_mastodon_clean_preview_cards + job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14 + special_time: daily + user: root + state: present diff --git a/roles/docker/tasks/pre_deploy/docker_registry.yml b/roles/docker/tasks/pre_deploy/docker_registry.yml new file mode 100644 index 0000000..33fd2ff --- /dev/null +++ b/roles/docker/tasks/pre_deploy/docker_registry.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + path: "{{ services.docker_registry.volume_folder }}/{{ volume }}" + state: directory + loop: + - auth + - registry + loop_control: + loop_var: volume + +- name: Copy docker registry vhost configuration + copy: + src: vhost/docker_registry + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" + mode: "0644" diff --git a/roles/docker/tasks/services/element.yml b/roles/docker/tasks/pre_deploy/element.yml similarity index 55% rename from roles/docker/tasks/services/element.yml rename to roles/docker/tasks/pre_deploy/element.yml index b325bdf..26e3b91 100644 --- a/roles/docker/tasks/services/element.yml +++ b/roles/docker/tasks/pre_deploy/element.yml @@ -1,16 +1,16 @@ # vim: ft=yaml.ansible --- -- name: Create Element volume folder +- name: Create subfolder file: name: "{{ services.element.volume_folder }}/data" state: directory -- name: Upload Element config.json +- name: Upload config.json template: src: element/config.json.j2 dest: "{{ services.element.volume_folder }}/data/config.json" -- name: Upload Element riot.im.conf +- name: Upload riot.im.conf copy: src: element/riot.im.conf dest: "{{ services.element.volume_folder }}/data/riot.im.conf" @@ -19,14 +19,3 @@ copy: src: vhost/element dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}" - -- name: Upload Compose file for Element - template: - src: compose-files/element.yml.j2 - dest: "{{ services.element.volume_folder }}/docker-compose.yml" - -- name: Deploy Element - docker_compose: - project_src: "{{ services.element.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/hedgedoc.yml b/roles/docker/tasks/pre_deploy/hedgedoc.yml new file mode 100644 index 0000000..d849ed3 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/hedgedoc.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}" + state: directory + loop: + - db + - hedgedoc/uploads + loop_control: + loop_var: volume + +- name: Copy SSO certificate + copy: + src: sso/sso.data.coop.pem + dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" + mode: "0644" diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/pre_deploy/mailu.yml similarity index 68% rename from roles/docker/tasks/services/mailu.yml rename to roles/docker/tasks/pre_deploy/mailu.yml index de4916d..4dc1d5a 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/pre_deploy/mailu.yml @@ -1,6 +1,6 @@ # vim: ft=yaml.ansible --- -- name: create mailu volume folders +- name: Create subfolders file: name: "{{ services.mailu.volume_folder }}/{{ volume }}" state: directory @@ -23,12 +23,12 @@ loop_control: loop_var: volume -- name: upload mailu.env file +- name: Upload mailu.env file template: src: mailu/env.j2 dest: "{{ services.mailu.volume_folder }}/mailu.env" -- name: hard link to Let's Encrypt TLS certificate +- name: Hard link to Let's Encrypt TLS certificate file: src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" @@ -36,21 +36,10 @@ force: true when: letsencrypt_enabled -- name: hard link to Let's Encrypt TLS key +- name: Hard link to Let's Encrypt TLS key file: src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem" state: hard force: true when: letsencrypt_enabled - -- name: Upload Compose file for for Mailu - template: - src: compose-files/mailu.yml.j2 - dest: "{{ services.mailu.volume_folder }}/docker-compose.yml" - -- name: Deploy Mailu - docker_compose: - project_src: "{{ services.mailu.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/mastodon.yml b/roles/docker/tasks/pre_deploy/mastodon.yml new file mode 100644 index 0000000..c32d9e1 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/mastodon.yml @@ -0,0 +1,45 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolder for Mastodon data + file: + name: "{{ services.mastodon.volume_folder }}/mastodon_data" + state: directory + owner: "991" + mode: u=rwx,g=rx,o=rx + +- name: Create subfolder for PostgreSQL data + file: + name: "{{ services.mastodon.volume_folder }}/postgres_data" + state: directory + owner: "70" + mode: u=rwx,go= + +- name: Create subfolder for PostgreSQL config + file: + name: "{{ services.mastodon.volume_folder }}/postgres_config" + state: directory + owner: root + mode: u=rwx,g=rx,o=rx + +- name: Create subfolder for Redis data + file: + name: "{{ services.mastodon.volume_folder }}/redis_data" + state: directory + owner: "999" + group: "1000" + mode: u=rwx,g=rx,o=rx + +- name: Upload mastodon.env file + template: + src: mastodon/env.j2 + dest: "{{ services.mastodon.volume_folder }}/mastodon.env" + +- name: Upload vhost config for Mastodon domain + copy: + src: vhost/mastodon + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" + +- name: Upload PostgreSQL config + copy: + src: mastodon/postgresql.conf + dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" diff --git a/roles/docker/tasks/services/matrix.yml b/roles/docker/tasks/pre_deploy/matrix.yml similarity index 57% rename from roles/docker/tasks/services/matrix.yml rename to roles/docker/tasks/pre_deploy/matrix.yml index 2a4a6f8..32ce95e 100644 --- a/roles/docker/tasks/services/matrix.yml +++ b/roles/docker/tasks/pre_deploy/matrix.yml @@ -1,24 +1,24 @@ # vim: ft=yaml.ansible --- -- name: Create Matrix volume folders +- name: Create subfolders file: name: "{{ services.matrix.volume_folder }}/{{ volume }}" state: directory owner: "991" group: "991" loop: - - "data" - - "data/uploads" - - "data/media" + - data + - data/uploads + - data/media loop_control: loop_var: volume -- name: Create Matrix DB folder +- name: Create Matrix DB subfolder file: name: "{{ services.matrix.volume_folder }}/db" state: directory -- name: upload vhost config for matrix domain +- name: Upload vhost config for Matrix domain copy: src: vhost/matrix dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}" @@ -28,18 +28,7 @@ src: matrix/homeserver.yaml.j2 dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml" -- name: upload matrix logging config +- name: Upload Matrix logging config copy: src: matrix/log.config dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" - -- name: Upload Compose file for Matrix - template: - src: compose-files/matrix.yml.j2 - dest: "{{ services.matrix.volume_folder }}/docker-compose.yml" - -- name: Deploy Matrix - docker_compose: - project_src: "{{ services.matrix.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/pre_deploy/nextcloud.yml b/roles/docker/tasks/pre_deploy/nextcloud.yml new file mode 100644 index 0000000..5a8e90e --- /dev/null +++ b/roles/docker/tasks/pre_deploy/nextcloud.yml @@ -0,0 +1,17 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + path: "{{ services.nextcloud.volume_folder }}/{{ volume }}" + state: directory + loop: + - app + - postgres + loop_control: + loop_var: volume + +- name: Upload vhost config for Nextcloud domain + copy: + src: vhost/nextcloud + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" + notify: "restart nginx" diff --git a/roles/docker/tasks/pre_deploy/nginx_proxy.yml b/roles/docker/tasks/pre_deploy/nginx_proxy.yml new file mode 100644 index 0000000..be9e9d2 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/nginx_proxy.yml @@ -0,0 +1,14 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" + state: directory + loop: + - conf + - vhost + - html + - dhparam + - certs + loop_control: + loop_var: volume diff --git a/roles/docker/tasks/pre_deploy/openldap.yml b/roles/docker/tasks/pre_deploy/openldap.yml new file mode 100644 index 0000000..188c062 --- /dev/null +++ b/roles/docker/tasks/pre_deploy/openldap.yml @@ -0,0 +1,12 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.openldap.volume_folder }}/{{ volume }}" + state: directory + loop: + - var/lib/ldap + - etc/slapd + - certs + loop_control: + loop_var: volume diff --git a/roles/docker/tasks/pre_deploy/postfix.yml b/roles/docker/tasks/pre_deploy/postfix.yml new file mode 100644 index 0000000..e8b41fd --- /dev/null +++ b/roles/docker/tasks/pre_deploy/postfix.yml @@ -0,0 +1,13 @@ +# vim: ft=yaml.ansible +--- +- name: Set up network for Postfix + docker_network: + name: postfix + ipam_config: + - subnet: '172.16.0.0/16' + gateway: 172.16.0.1 + +- name: Create subfolder + file: + name: "{{ services.postfix.volume_folder }}/dkim" + state: directory diff --git a/roles/docker/tasks/pre_deploy/privatebin.yml b/roles/docker/tasks/pre_deploy/privatebin.yml new file mode 100644 index 0000000..012bd0b --- /dev/null +++ b/roles/docker/tasks/pre_deploy/privatebin.yml @@ -0,0 +1,16 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolders + file: + name: "{{ services.privatebin.volume_folder }}/{{ volume }}" + state: directory + loop: + - cfg + - data + loop_control: + loop_var: volume + +- name: Upload PrivateBin config + copy: + src: privatebin/conf.php + dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" diff --git a/roles/docker/tasks/pre_deploy/rallly.yml b/roles/docker/tasks/pre_deploy/rallly.yml new file mode 100644 index 0000000..3e91f9d --- /dev/null +++ b/roles/docker/tasks/pre_deploy/rallly.yml @@ -0,0 +1,11 @@ +# vim: ft=yaml.ansible +--- +- name: Create subfolder + file: + name: "{{ services.rallly.volume_folder }}/postgres" + state: directory + +- name: Copy rallly.env file + template: + src: rallly/env.j2 + dest: "{{ services.rallly.volume_folder }}/rallly.env" diff --git a/roles/docker/tasks/services/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml similarity index 74% rename from roles/docker/tasks/services/restic.yml rename to roles/docker/tasks/pre_deploy/restic.yml index c838e26..8a147d7 100644 --- a/roles/docker/tasks/services/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -8,7 +8,7 @@ mode: '0755' state: directory -- name: Copy private SSH key +- name: Upload private SSH key copy: dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519" owner: root @@ -31,7 +31,7 @@ mode: '0644' state: touch -- name: Create SSH config +- name: Upload SSH config template: src: restic/ssh.config.j2 dest: "{{ services.restic.volume_folder }}/ssh/config" @@ -39,21 +39,10 @@ group: root mode: '0600' -- name: Create SSH known_hosts file +- name: Upload SSH known_hosts file template: src: restic/ssh.known_hosts.j2 dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" owner: root group: root mode: '0600' - -- name: Upload Compose file for Restic - template: - src: compose-files/restic.yml.j2 - dest: "{{ services.restic.volume_folder }}/docker-compose.yml" - -- name: Deploy Restic - docker_compose: - project_src: "{{ services.restic.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 3b441e9..833554a 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,6 +4,37 @@ docker_network: name: external_services +- name: Service block + loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" + loop_control: + loop_var: service + when: single_service is not defined and + (service.vars.disabled_in_vagrant is not defined or + not (service.vars.disabled_in_vagrant and vagrant)) + block: + - name: Create volume folder + file: + name: "{{ service.vars.volume_folder }}" + state: directory + + - name: Upload Compose file + template: + src: compose-files/{{ service.name }}.yml.j2 + dest: "{{ service.vars.volume_folder }}/docker-compose.yml" + + - name: Run pre-deployment tasks + include_tasks: pre_deploy/{{ service.name }}.yml + when: service.vars.pre_deploy_tasks is defined and service.pre_deploy_tasks + + - name: Deploy Compose stack + command: docker compose up -d --remove-orphans --pull always + args: + chdir: "{{ service.vars.volume_folder }}" + + - name: Run post-deployment tasks + include_tasks: post_deploy/{{ service.name }}.yml + when: service.vars.post_deploy_tasks is defined and service.post_deploy_tasks + - name: setup services include_tasks: "services/{{ item.service.file }}" loop: "{{ services | dict2items(value_name='service') }}" diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml deleted file mode 100644 index 3ef9542..0000000 --- a/roles/docker/tasks/services/docker_registry.yml +++ /dev/null @@ -1,40 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Docker registry volume folders - file: - path: "{{ services.docker_registry.volume_folder }}/{{ volume }}" - state: directory - loop: - - auth - - registry - loop_control: - loop_var: volume - -- name: Copy docker registry vhost configuration - copy: - src: vhost/docker_registry - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" - mode: "0644" - -- name: Upload Compose file for Docker registry - template: - src: compose-files/docker_registry.yml.j2 - dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml" - -- name: Deploy Docker registry - docker_compose: - project_src: "{{ services.docker_registry.volume_folder }}" - pull: true - state: present - -- name: Generate htpasswd file - shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd" - args: - chdir: "{{ services.docker_registry.volume_folder }}" - creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" - -- name: log in to registry - docker_login: - registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}" - username: "docker" - password: "{{ docker_password }}" diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml deleted file mode 100644 index 8e4fa25..0000000 --- a/roles/docker/tasks/services/drone.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Drone volume folder - file: - path: "{{ services.drone.volume_folder }}" - state: directory - -- name: Upload Compose file for Drone - template: - src: compose-files/drone.yml.j2 - dest: "{{ services.drone.volume_folder }}/docker-compose.yml" - -- name: Deploy Drone - docker_compose: - project_src: "{{ services.drone.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/forgejo.yml b/roles/docker/tasks/services/forgejo.yml deleted file mode 100644 index 826a190..0000000 --- a/roles/docker/tasks/services/forgejo.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Forgejo volume folder - file: - name: "{{ services.portainer.volume_folder }}" - state: directory - -- name: Upload Compose file for Forgejo - template: - src: compose-files/forgejo.yml.j2 - dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" - -- name: Deploy Forgejo - docker_compose: - project_src: "{{ services.forgejo.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml deleted file mode 100644 index 6e5c874..0000000 --- a/roles/docker/tasks/services/hedgedoc.yml +++ /dev/null @@ -1,28 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create hedgedoc volume folders - file: - name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}" - state: directory - loop: - - "db" - - "hedgedoc/uploads" - loop_control: - loop_var: volume - -- name: copy sso public certificate - copy: - src: sso/sso.data.coop.pem - dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem" - mode: "0644" - -- name: Upload Compose file for for HedgeDoc - template: - src: compose-files/hedgedoc.yml.j2 - dest: "{{ services.hedgedoc.volume_folder }}/docker-compose.yml" - -- name: setup hedgedoc - docker_compose: - project_src: "{{ services.hedgedoc.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml deleted file mode 100644 index ff341b9..0000000 --- a/roles/docker/tasks/services/keycloak.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Keycloak volume folder - file: - path: "{{ services.keycloak.volume_folder }}/data" - state: directory - -- name: Upload Compose file for for Keycloak - template: - src: compose-files/keycloak.yml.j2 - dest: "{{ services.keycloak.volume_folder }}/docker-compose.yml" - -- name: Deploy Keycloak - docker_compose: - project_src: "{{ services.keycloak.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml deleted file mode 100644 index 95a14c0..0000000 --- a/roles/docker/tasks/services/mastodon.yml +++ /dev/null @@ -1,75 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create volume folder for Mastodon data - file: - name: "{{ services.mastodon.volume_folder }}/mastodon_data" - state: directory - owner: "991" - mode: u=rwx,g=rx,o=rx - -- name: Create volume folder for PostgreSQL data - file: - name: "{{ services.mastodon.volume_folder }}/postgres_data" - state: directory - owner: "70" - mode: u=rwx,go= - -- name: Create volume folder for PostgreSQL config - file: - name: "{{ services.mastodon.volume_folder }}/postgres_config" - state: directory - owner: root - mode: u=rwx,g=rx,o=rx - -- name: Create volume folder for Redis data - file: - name: "{{ services.mastodon.volume_folder }}/redis_data" - state: directory - owner: "999" - group: "1000" - mode: u=rwx,g=rx,o=rx - -- name: Copy mastodon environment file - template: - src: mastodon/env.j2 - dest: "{{ services.mastodon.volume_folder }}/mastodon.env" - -- name: Upload vhost config for Mastodon domain - copy: - src: vhost/mastodon - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}" - -- name: Copy PostgreSQL config - copy: - src: mastodon/postgresql.conf - dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" - -- name: Upload Compose file for Mastodon - template: - src: compose-files/mastodon.yml.j2 - dest: "{{ services.mastodon.volume_folder }}/docker-compose.yml" - -- name: Deploy Mastodon - docker_compose: - project_src: "{{ services.mastodon.volume_folder }}" - pull: true - restarted: true - state: present - -- name: Configure cron job to remove old Mastodon media daily - cron: - name: Clean Mastodon media data older than a week - cron_file: ansible_mastodon_clean_media - job: docker exec mastodon_web_1 tootctl media remove --days 7 - special_time: daily - user: root - state: present - -- name: Configure cron job to remove old Mastodon preview cards daily - cron: - name: Clean Mastodon preview card data older than two weeks - cron_file: ansible_mastodon_clean_preview_cards - job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14 - special_time: daily - user: root - state: present diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml deleted file mode 100644 index 357c169..0000000 --- a/roles/docker/tasks/services/membersystem.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Membersystem volume folder - file: - name: "{{ services.membersystem.volume_folder }}" - state: directory - -- name: Upload Compose file for Membersystem - template: - src: compose-files/membersystem.yml.j2 - dest: "{{ services.membersystem.volume_folder }}/docker-compose.yml" - -- name: Deploy Membersystem - docker_compose: - project_src: "{{ services.membersystem.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml deleted file mode 100644 index e5234b6..0000000 --- a/roles/docker/tasks/services/netdata.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Netdata volume folder - file: - path: "{{ services.netdata.volume_folder }}" - state: directory - -- name: Upload Compose file for Netdata - template: - src: compose-files/netdata.yml.j2 - dest: "{{ services.netdata.volume_folder }}/docker-compose.yml" - -- name: Deploy Netdata - docker_compose: - project_src: "{{ services.netdata.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml deleted file mode 100644 index 7273bcf..0000000 --- a/roles/docker/tasks/services/nextcloud.yml +++ /dev/null @@ -1,28 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Nextcloud volume folders - file: - path: "{{ services.nextcloud.volume_folder }}/{{ volume }}" - state: directory - loop: - - app - - postgres - loop_control: - loop_var: volume - -- name: upload vhost config for cloud.data.coop - copy: - src: vhost/nextcloud - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}" - notify: "restart nginx" - -- name: Upload Compose file for Nextcloud - template: - src: compose-files/nextcloud.yml.j2 - dest: "{{ services.nextcloud.volume_folder }}/docker-compose.yml" - -- name: Deploy Nextcloud - docker_compose: - project_src: "{{ services.nextcloud.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/nginx_proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml deleted file mode 100644 index 6865952..0000000 --- a/roles/docker/tasks/services/nginx_proxy.yml +++ /dev/null @@ -1,25 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create nginx-proxy volume folders - file: - name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" - state: directory - loop: - - conf - - vhost - - html - - dhparam - - certs - loop_control: - loop_var: volume - -- name: Upload Compose file for nginx-proxy - template: - src: compose-files/nginx_proxy.yml.j2 - dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml" - -- name: Deploy nginx-proxy - docker_compose: - project_src: "{{ services.nginx_proxy.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml deleted file mode 100644 index b477a5b..0000000 --- a/roles/docker/tasks/services/openldap.yml +++ /dev/null @@ -1,23 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create OpenLDAP volume folders - file: - name: "{{ services.openldap.volume_folder }}/{{ volume }}" - state: directory - loop: - - var/lib/ldap - - etc/slapd - - certs - loop_control: - loop_var: volume - -- name: Upload Compose file for OpenLDAP - template: - src: compose-files/openldap.yml.j2 - dest: "{{ services.openldap.volume_folder }}/docker-compose.yml" - -- name: Deploy OpenLDAP - docker_compose: - project_src: "{{ services.openldap.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml deleted file mode 100644 index eaf5baa..0000000 --- a/roles/docker/tasks/services/passit.yml +++ /dev/null @@ -1,19 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create directory for Passit data - file: - name: "{{ services.passit.volume_folder }}/data" - owner: '70' - group: root - state: directory - -- name: Upload Compose file for Passit - template: - src: compose-files/passit.yml.j2 - dest: "{{ services.passit.volume_folder }}/docker-compose.yml" - -- name: Deploy Passit - docker_compose: - project_src: "{{ services.passit.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml deleted file mode 100644 index 5f158c9..0000000 --- a/roles/docker/tasks/services/portainer.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create portainer volume folder - file: - name: "{{ services.portainer.volume_folder }}" - state: directory - -- name: Upload Compose file for Portainer - template: - src: compose-files/portainer.yml.j2 - dest: "{{ services.portainer.volume_folder }}/docker-compose.yml" - -- name: Deploy Portainer - docker_compose: - project_src: "{{ services.portainer.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml deleted file mode 100644 index 5298b15..0000000 --- a/roles/docker/tasks/services/postfix.yml +++ /dev/null @@ -1,24 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Set up network for Postfix - docker_network: - name: postfix - ipam_config: - - subnet: '172.16.0.0/16' - gateway: 172.16.0.1 - -- name: Create volume folders for Postfix - file: - name: "{{ services.postfix.volume_folder }}/dkim" - state: directory - -- name: Upload Compose file for Postfix - template: - src: compose-files/postfix.yml.j2 - dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml" - -- name: Deploy Postfix - docker_compose: - project_src: "{{ services.postfix.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml deleted file mode 100644 index 09d648c..0000000 --- a/roles/docker/tasks/services/privatebin.yml +++ /dev/null @@ -1,27 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: create privatebin volume folders - file: - name: "{{ services.privatebin.volume_folder }}/{{ volume }}" - state: directory - loop: - - cfg - - data - loop_control: - loop_var: volume - -- name: upload privatebin config - copy: - src: privatebin/conf.php - dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" - -- name: Upload Compose file for PrivateBin - template: - src: compose-files/privatebin.yml.j2 - dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml" - -- name: Deploy PrivateBin - docker_compose: - project_src: "{{ services.private.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml deleted file mode 100644 index e5f2b27..0000000 --- a/roles/docker/tasks/services/rallly.yml +++ /dev/null @@ -1,22 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Rallly volume folders - file: - name: "{{ services.rallly.volume_folder }}/postgres" - state: directory - -- name: Copy Rallly environment file - template: - src: rallly/env.j2 - dest: "{{ services.rallly.volume_folder }}/rallly.env" - -- name: Upload Compose file for Rallly - template: - src: compose-files/rallly.yml.j2 - dest: "{{ services.rallly.volume_folder }}/docker-compose.yml" - -- name: Deploy Rallly - docker_compose: - project_src: "{{ services.rallly.volume_folder }}" - pull: true - state: present diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml deleted file mode 100644 index e528024..0000000 --- a/roles/docker/tasks/services/watchtower.yml +++ /dev/null @@ -1,17 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Create Watchtower volume folder - file: - name: "{{ services.watchtower.volume_folder }}" - state: directory - -- name: Upload Compose file for Watchtower - template: - src: compose-files/watchtower.yml.j2 - dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml" - -- name: Deploy Watchtower - docker_compose: - project_src: "{{ services.watchtower.volume_folder }}" - pull: true - state: present From f067a1b6c2294a8d72d7fa93a376af55c661eae9 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 3 Oct 2023 21:45:21 +0200 Subject: [PATCH 21/74] Convert websites to Compose stacks --- roles/docker/defaults/main.yml | 1 + .../tasks/pre_deploy/data_coop_website.yml | 11 +++++ .../websites/2022.slides.data.coop.yml | 19 -------- .../services/websites/cryptoaarhus.dk.yml | 13 ----- .../services/websites/cryptohagen.dk.yml | 13 ----- .../tasks/services/websites/data.coop.yml | 47 ------------------- .../services/websites/ulovliglogning.dk.yml | 13 ----- .../services/websites/vhs.data.coop.yaml | 19 -------- .../compose-files/cryptoaarhus_website.yml.j2 | 17 +++++++ .../compose-files/cryptohagen_website.yml.j2 | 17 +++++++ .../compose-files/data_coop_website.yml.j2 | 27 +++++++++++ .../compose-files/fedi_dk_website.yml.j2} | 25 +++++----- .../compose-files/slides_2022_website.yml.j2 | 22 +++++++++ .../ulovliglogning_website.yml.j2 | 17 +++++++ .../compose-files/vhs_website.yml.j2 | 22 +++++++++ 15 files changed, 148 insertions(+), 135 deletions(-) create mode 100644 roles/docker/tasks/pre_deploy/data_coop_website.yml delete mode 100644 roles/docker/tasks/services/websites/2022.slides.data.coop.yml delete mode 100644 roles/docker/tasks/services/websites/cryptoaarhus.dk.yml delete mode 100644 roles/docker/tasks/services/websites/cryptohagen.dk.yml delete mode 100644 roles/docker/tasks/services/websites/data.coop.yml delete mode 100644 roles/docker/tasks/services/websites/ulovliglogning.dk.yml delete mode 100644 roles/docker/tasks/services/websites/vhs.data.coop.yaml create mode 100644 roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 create mode 100644 roles/docker/templates/compose-files/cryptohagen_website.yml.j2 create mode 100644 roles/docker/templates/compose-files/data_coop_website.yml.j2 rename roles/docker/{tasks/services/websites/fedi.dk.yaml => templates/compose-files/fedi_dk_website.yml.j2} (51%) create mode 100644 roles/docker/templates/compose-files/slides_2022_website.yml.j2 create mode 100644 roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 create mode 100644 roles/docker/templates/compose-files/vhs_website.yml.j2 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 6858779..118d8dc 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -114,6 +114,7 @@ services: data_coop_website: domain: "{{ base_domain }}" www_domain: "www.{{ base_domain }}" + pre_deploy_tasks: true version: stable staging_domain: "staging.{{ base_domain }}" staging_version: staging diff --git a/roles/docker/tasks/pre_deploy/data_coop_website.yml b/roles/docker/tasks/pre_deploy/data_coop_website.yml new file mode 100644 index 0000000..6ae6cbf --- /dev/null +++ b/roles/docker/tasks/pre_deploy/data_coop_website.yml @@ -0,0 +1,11 @@ +# vim: ft=yaml.ansible +--- +- name: Upload vhost config for root domain + copy: + src: vhost/base_domain + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}" + +- name: Upload vhost config for WWW domain + copy: + src: vhost/www.base_domain + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}" diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml deleted file mode 100644 index 352b14a..0000000 --- a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml +++ /dev/null @@ -1,19 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: setup 2022.slides.data.coop website using unipi - docker_container: - name: 2022.slides.data.coop_website - image: docker.data.coop/unipi:{{ services.slides_2022_website.version }} - restart_policy: unless-stopped - purge_networks: yes - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}" - LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - command: "--remote=https://git.data.coop/data.coop/slides.git#slides2022" - capabilities: - - NET_ADMIN - devices: - - "/dev/net/tun" diff --git a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml deleted file mode 100644 index 648e882..0000000 --- a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml +++ /dev/null @@ -1,13 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: setup cryptoaarhus.dk website docker container - docker_container: - name: cryptoaarhus_website - restart_policy: unless-stopped - image: docker.data.coop/cryptoaarhus-website - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/websites/cryptohagen.dk.yml b/roles/docker/tasks/services/websites/cryptohagen.dk.yml deleted file mode 100644 index 655a06e..0000000 --- a/roles/docker/tasks/services/websites/cryptohagen.dk.yml +++ /dev/null @@ -1,13 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: setup cryptohagen.dk website docker container - docker_container: - name: cryptohagen_website - restart_policy: unless-stopped - image: docker.data.coop/cryptohagen-website - networks: - - name: external_services - env: - VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml deleted file mode 100644 index 89eda56..0000000 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ /dev/null @@ -1,47 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: Upload vhost config for root domain - copy: -<<<<<<< HEAD - src: vhost/base_domain - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}" - -- name: Upload vhost config for WWW domain - copy: - src: vhost/www.base_domain - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}" -======= - src: files/configs/matrix/vhost-root - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}" - -- name: Upload vhost config for WWW domain - copy: - src: files/configs/vhost-www - dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}" ->>>>>>> main - -- name: setup data.coop website docker container - docker_container: - name: "{{ services.data_coop_website.domain }}_website" - image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }} - pull: true - restart_policy: unless-stopped - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}" - LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - -- name: setup staging data.coop website using hugo - docker_container: - name: "{{ services.data_coop_website.staging_domain }}_website" - image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }} - pull: true - restart_policy: unless-stopped - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}" - LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml deleted file mode 100644 index cc41789..0000000 --- a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml +++ /dev/null @@ -1,13 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: setup ulovliglogning.dk website docker container - docker_container: - name: ulovliglogning_website - restart_policy: unless-stopped - image: ulovliglogning/ulovliglogning.dk:latest - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}" - LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/websites/vhs.data.coop.yaml b/roles/docker/tasks/services/websites/vhs.data.coop.yaml deleted file mode 100644 index f3b951a..0000000 --- a/roles/docker/tasks/services/websites/vhs.data.coop.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# vim: ft=yaml.ansible ---- -- name: setup vhs.data.coop website with unipi - docker_container: - name: vhs.data.coop_website - image: docker.data.coop/unipi:{{ services.vhs_website.version }} - restart_policy: unless-stopped - purge_networks: yes - networks: - - name: external_services - env: - VIRTUAL_HOST: "{{ services.vhs_website.domain }}" - LETSENCRYPT_HOST: "{{ services.vhs_website.domain }}" - LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - command: "--remote=https://git.data.coop/vhs.data.coop/website.git#main" - capabilities: - - NET_ADMIN - devices: - - "/dev/net/tun" diff --git a/roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 b/roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 new file mode 100644 index 0000000..2a7d40a --- /dev/null +++ b/roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 @@ -0,0 +1,17 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: + image: docker.data.coop/cryptoaarhus-website + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}" + LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/cryptohagen_website.yml.j2 b/roles/docker/templates/compose-files/cryptohagen_website.yml.j2 new file mode 100644 index 0000000..f8520f8 --- /dev/null +++ b/roles/docker/templates/compose-files/cryptohagen_website.yml.j2 @@ -0,0 +1,17 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: + image: docker.data.coop/cryptohagen-website + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}" + LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/data_coop_website.yml.j2 b/roles/docker/templates/compose-files/data_coop_website.yml.j2 new file mode 100644 index 0000000..6910ca3 --- /dev/null +++ b/roles/docker/templates/compose-files/data_coop_website.yml.j2 @@ -0,0 +1,27 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + prod: + image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }} + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}" + LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + + staging: + image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }} + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}" + LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/tasks/services/websites/fedi.dk.yaml b/roles/docker/templates/compose-files/fedi_dk_website.yml.j2 similarity index 51% rename from roles/docker/tasks/services/websites/fedi.dk.yaml rename to roles/docker/templates/compose-files/fedi_dk_website.yml.j2 index f4b97b2..9439157 100644 --- a/roles/docker/tasks/services/websites/fedi.dk.yaml +++ b/roles/docker/templates/compose-files/fedi_dk_website.yml.j2 @@ -1,19 +1,22 @@ -# vim: ft=yaml.ansible ---- -- name: setup fedi.dk website with unipi - docker_container: - name: fedi.dk_website +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }} - restart_policy: unless-stopped - purge_networks: yes + restart: unless-stopped networks: - - name: external_services - env: + - external_services + environment: VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}" LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - command: "--remote=https://git.data.coop/fedi.dk/website.git#main" - capabilities: + command: --remote=https://git.data.coop/fedi.dk/website.git#main + cap_add: - NET_ADMIN devices: - "/dev/net/tun" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/slides_2022_website.yml.j2 b/roles/docker/templates/compose-files/slides_2022_website.yml.j2 new file mode 100644 index 0000000..6a78119 --- /dev/null +++ b/roles/docker/templates/compose-files/slides_2022_website.yml.j2 @@ -0,0 +1,22 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: + image: docker.data.coop/unipi:{{ services.slides_2022_website.version }} + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}" + LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + command: --remote=https://git.data.coop/data.coop/slides.git#slides2022 + cap_add: + - NET_ADMIN + devices: + - "/dev/net/tun" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 b/roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 new file mode 100644 index 0000000..8cea97c --- /dev/null +++ b/roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 @@ -0,0 +1,17 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: + image: ulovliglogning/ulovliglogning.dk:latest + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}" + LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +networks: + external_services: + external: true diff --git a/roles/docker/templates/compose-files/vhs_website.yml.j2 b/roles/docker/templates/compose-files/vhs_website.yml.j2 new file mode 100644 index 0000000..077dcfc --- /dev/null +++ b/roles/docker/templates/compose-files/vhs_website.yml.j2 @@ -0,0 +1,22 @@ +# vim: ft=yaml.docker-compose +version: "3.8" + +services: + web: + image: docker.data.coop/unipi:{{ services.vhs_website.version }} + restart: unless-stopped + networks: + - external_services + environment: + VIRTUAL_HOST: "{{ services.vhs_website.domain }}" + LETSENCRYPT_HOST: "{{ services.vhs_website.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + command: --remote=https://git.data.coop/vhs.data.coop/website.git#main + cap_add: + - NET_ADMIN + devices: + - "/dev/net/tun" + +networks: + external_services: + external: true From 62f548d05be9afecd666916e9ca4cf5ea9273a40 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 3 Oct 2023 22:00:51 +0200 Subject: [PATCH 22/74] Fix task for single service --- roles/docker/tasks/services.yml | 41 ++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 833554a..f170f1a 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,7 +4,7 @@ docker_network: name: external_services -- name: Service block +- name: Service block for all services loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" loop_control: loop_var: service @@ -24,7 +24,7 @@ - name: Run pre-deployment tasks include_tasks: pre_deploy/{{ service.name }}.yml - when: service.vars.pre_deploy_tasks is defined and service.pre_deploy_tasks + when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks - name: Deploy Compose stack command: docker compose up -d --remove-orphans --pull always @@ -33,20 +33,33 @@ - name: Run post-deployment tasks include_tasks: post_deploy/{{ service.name }}.yml - when: service.vars.post_deploy_tasks is defined and service.post_deploy_tasks + when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks -- name: setup services - include_tasks: "services/{{ item.service.file }}" - loop: "{{ services | dict2items(value_name='service') }}" - when: single_service is not defined and - item.service.file is defined and - (item.service.disabled_in_vagrant is not defined or - not (item.service.disabled_in_vagrant and vagrant)) - -- name: setup single service - include_tasks: "services/{{ services[single_service].file }}" +- name: Service block for a single service when: single_service is defined and single_service in services and - services[single_service].file is defined and (services[single_service].disabled_in_vagrant is not defined or not (services[single_service].disabled_in_vagrant and vagrant)) + block: + - name: Create volume folder + file: + name: "{{ services[single_service].volume_folder }}" + state: directory + + - name: Upload Compose file + template: + src: compose-files/{{ single_service }}.yml.j2 + dest: "{{ services[single_service].volume_folder }}/docker-compose.yml" + + - name: Run pre-deployment tasks + include_tasks: pre_deploy/{{ single_service }}.yml + when: services[single_service].pre_deploy_tasks is defined and services[single_service].pre_deploy_tasks + + - name: Deploy Compose stack + command: docker compose up -d --remove-orphans --pull always + args: + chdir: "{{ services[single_service].volume_folder }}" + + - name: Run post-deployment tasks + include_tasks: post_deploy/{{ single_service }}.yml + when: services[single_service].post_deploy_tasks is defined and services[single_service].post_deploy_tasks From 6cb06d43f1c66a1bf8aab5a9c0ee5c8467577fe2 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 3 Oct 2023 22:13:30 +0200 Subject: [PATCH 23/74] Formatting --- roles/docker/tasks/services.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index f170f1a..433a4f5 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -36,8 +36,7 @@ when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks - name: Service block for a single service - when: single_service is defined and - single_service in services and + when: single_service is defined and single_service in services and (services[single_service].disabled_in_vagrant is not defined or not (services[single_service].disabled_in_vagrant and vagrant)) block: From d0b23d4ef5258525cc77431e18906df26006d33c Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 18:37:57 +0200 Subject: [PATCH 24/74] Specify cpus in Vagrantfile --- Vagrantfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Vagrantfile b/Vagrantfile index 589d56c..eb6bf03 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -13,6 +13,7 @@ Vagrant.configure(2) do |config| config.vm.hostname = "datacoop" config.vm.provider :virtualbox do |v| + v.cpus = 4 v.memory = 8192 end From f8b4e49f7f574c3b87d901f0fce8feb69d970667 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 18:42:56 +0200 Subject: [PATCH 25/74] Don't base 'vagrant' on virtualization (prep for Proxmox) --- Vagrantfile | 7 ++++++- playbook.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index eb6bf03..6a5b7ea 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -27,7 +27,12 @@ Vagrant.configure(2) do |config| if provisioned? config.ssh.guest_port = PORT ansible.extra_vars = { - ansible_port: PORT + ansible_port: PORT, + from_vagrant: true + } + else + ansible.extra_vars = { + from_vagrant: true } end end diff --git a/playbook.yml b/playbook.yml index d2ce5af..de51a46 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,7 +6,7 @@ vars: ldap_dn: "dc=data,dc=coop" - vagrant: "{{ ansible_virtualization_role == 'guest' }}" + vagrant: "{{ from_vagrant is defined and from_vagrant }}" letsencrypt_enabled: "{{ not vagrant }}" base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" From 301d1b77190f760ed0f61c0d9f76d914869a30a1 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:35:09 +0200 Subject: [PATCH 26/74] Add missing volume_folder vars --- roles/docker/defaults/main.yml | 8 ++++++++ .../templates/compose-files/data_coop_website.yml.j2 | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 118d8dc..6e539e8 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,6 +1,7 @@ # vim: ft=yaml.ansible --- volume_root_folder: "/docker-volumes" +volume_website_folder: "{{ volume_root_folder }}/websites" services: @@ -114,6 +115,7 @@ services: data_coop_website: domain: "{{ base_domain }}" www_domain: "www.{{ base_domain }}" + volume_folder: "{{ volume_website_folder }}/datacoop" pre_deploy_tasks: true version: stable staging_domain: "staging.{{ base_domain }}" @@ -121,20 +123,24 @@ services: slides_2022_website: domain: "2022.slides.{{ base_domain }}" + volume_folder: "{{ volume_website_folder }}/slides-2022" version: latest fedi_dk_website: domain: fedi.dk + volume_folder: "{{ volume_website_folder }}/fedidk" version: latest vhs_website: domain: vhs.data.coop + volume_folder: "{{ volume_website_folder }}/vhs" version: latest cryptohagen_website: domains: - "cryptohagen.dk" - "www.cryptohagen.dk" + volume_folder: "{{ volume_website_folder }}/cryptohagen" ulovliglogning_website: domains: @@ -142,11 +148,13 @@ services: - "www.ulovliglogning.dk" - "ulovlig-logning.dk" - "www.ulovlig-logning.dk" + volume_folder: "{{ volume_website_folder }}/ulovliglogning" cryptoaarhus_website: domains: - "cryptoaarhus.dk" - "www.cryptoaarhus.dk" + volume_folder: "{{ volume_website_folder }}/cryptoaarhus" drone: domain: "drone.{{ base_domain }}" diff --git a/roles/docker/templates/compose-files/data_coop_website.yml.j2 b/roles/docker/templates/compose-files/data_coop_website.yml.j2 index 6910ca3..909cbec 100644 --- a/roles/docker/templates/compose-files/data_coop_website.yml.j2 +++ b/roles/docker/templates/compose-files/data_coop_website.yml.j2 @@ -2,7 +2,7 @@ version: "3.8" services: - prod: + prod-web: image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }} restart: unless-stopped networks: @@ -12,7 +12,7 @@ services: LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - staging: + staging-web: image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }} restart: unless-stopped networks: From 3001317e20079b54fab4e9d7b58745f5789cc04a Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:35:52 +0200 Subject: [PATCH 27/74] Ansible doesn't support looping over a block --- roles/docker/tasks/loop.yml | 24 ++++++++++++++++++++++++ roles/docker/tasks/services.yml | 33 ++++++--------------------------- 2 files changed, 30 insertions(+), 27 deletions(-) create mode 100644 roles/docker/tasks/loop.yml diff --git a/roles/docker/tasks/loop.yml b/roles/docker/tasks/loop.yml new file mode 100644 index 0000000..9ad4773 --- /dev/null +++ b/roles/docker/tasks/loop.yml @@ -0,0 +1,24 @@ +# vim: ft=yaml.ansible +--- +- name: Create volume folder + file: + name: "{{ service.vars.volume_folder }}" + state: directory + +- name: Upload Compose file + template: + src: compose-files/{{ service.name }}.yml.j2 + dest: "{{ service.vars.volume_folder }}/docker-compose.yml" + +- name: Run pre-deployment tasks + include_tasks: pre_deploy/{{ service.name }}.yml + when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks + +- name: Deploy Compose stack + command: docker compose up -d --remove-orphans --pull always + args: + chdir: "{{ service.vars.volume_folder }}" + +- name: Run post-deployment tasks + include_tasks: post_deploy/{{ service.name }}.yml + when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 433a4f5..6943c51 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -5,35 +5,14 @@ name: external_services - name: Service block for all services + include_tasks: + file: loop.yml + vars: + service: "{{ item }}" loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" - loop_control: - loop_var: service when: single_service is not defined and - (service.vars.disabled_in_vagrant is not defined or - not (service.vars.disabled_in_vagrant and vagrant)) - block: - - name: Create volume folder - file: - name: "{{ service.vars.volume_folder }}" - state: directory - - - name: Upload Compose file - template: - src: compose-files/{{ service.name }}.yml.j2 - dest: "{{ service.vars.volume_folder }}/docker-compose.yml" - - - name: Run pre-deployment tasks - include_tasks: pre_deploy/{{ service.name }}.yml - when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks - - - name: Deploy Compose stack - command: docker compose up -d --remove-orphans --pull always - args: - chdir: "{{ service.vars.volume_folder }}" - - - name: Run post-deployment tasks - include_tasks: post_deploy/{{ service.name }}.yml - when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks + (item.vars.disabled_in_vagrant is not defined or + not (item.vars.disabled_in_vagrant and vagrant)) - name: Service block for a single service when: single_service is defined and single_service in services and From 3ac2d839716bf6c8c91c8cbbe36ff24c31976672 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:43:11 +0200 Subject: [PATCH 28/74] Magic --- roles/docker/tasks/{loop.yml => block.yml} | 0 roles/docker/tasks/services.yml | 35 +++++----------------- 2 files changed, 8 insertions(+), 27 deletions(-) rename roles/docker/tasks/{loop.yml => block.yml} (100%) diff --git a/roles/docker/tasks/loop.yml b/roles/docker/tasks/block.yml similarity index 100% rename from roles/docker/tasks/loop.yml rename to roles/docker/tasks/block.yml diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 6943c51..488b1de 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible --- -- name: setup external services network +- name: Set up external services network docker_network: name: external_services -- name: Service block for all services +- name: Deploy all services include_tasks: - file: loop.yml + file: block.yml vars: service: "{{ item }}" loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" @@ -14,30 +14,11 @@ (item.vars.disabled_in_vagrant is not defined or not (item.vars.disabled_in_vagrant and vagrant)) -- name: Service block for a single service +- name: Deploy single service + include_tasks: + file: block.yml + vars: + service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') }}" when: single_service is defined and single_service in services and (services[single_service].disabled_in_vagrant is not defined or not (services[single_service].disabled_in_vagrant and vagrant)) - block: - - name: Create volume folder - file: - name: "{{ services[single_service].volume_folder }}" - state: directory - - - name: Upload Compose file - template: - src: compose-files/{{ single_service }}.yml.j2 - dest: "{{ services[single_service].volume_folder }}/docker-compose.yml" - - - name: Run pre-deployment tasks - include_tasks: pre_deploy/{{ single_service }}.yml - when: services[single_service].pre_deploy_tasks is defined and services[single_service].pre_deploy_tasks - - - name: Deploy Compose stack - command: docker compose up -d --remove-orphans --pull always - args: - chdir: "{{ services[single_service].volume_folder }}" - - - name: Run post-deployment tasks - include_tasks: post_deploy/{{ single_service }}.yml - when: services[single_service].post_deploy_tasks is defined and services[single_service].post_deploy_tasks From 98fcc2d634713310c05d1fc5cafecf7b2aa7fdb5 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:44:39 +0200 Subject: [PATCH 29/74] Include service name in task names in block.yml --- roles/docker/tasks/block.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/docker/tasks/block.yml b/roles/docker/tasks/block.yml index 9ad4773..82da08e 100644 --- a/roles/docker/tasks/block.yml +++ b/roles/docker/tasks/block.yml @@ -1,24 +1,24 @@ # vim: ft=yaml.ansible --- -- name: Create volume folder +- name: Create volume folder for service {{ service.name }} file: name: "{{ service.vars.volume_folder }}" state: directory -- name: Upload Compose file +- name: Upload Compose file for service {{ service.name }} template: src: compose-files/{{ service.name }}.yml.j2 dest: "{{ service.vars.volume_folder }}/docker-compose.yml" -- name: Run pre-deployment tasks +- name: Run pre-deployment tasks for service {{ service.name }} include_tasks: pre_deploy/{{ service.name }}.yml when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks -- name: Deploy Compose stack +- name: Deploy Compose stack for service {{ service.name }} command: docker compose up -d --remove-orphans --pull always args: chdir: "{{ service.vars.volume_folder }}" -- name: Run post-deployment tasks +- name: Run post-deployment tasks for service {{ service.name }} include_tasks: post_deploy/{{ service.name }}.yml when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks From af6a130695b92590dd1f2146f3ad07c7f1dbd645 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:57:31 +0200 Subject: [PATCH 30/74] Fix handler and name --- roles/docker/handlers/main.yml | 9 ++++----- roles/docker/templates/compose-files/netdata.yml.j2 | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index ad671dd..d6c7875 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,7 +1,6 @@ # vim: ft=yaml.ansible --- -- name: "restart nginx" - community.docker.docker_container: - name: "nginx-proxy" - restart: "yes" - state: "started" +- name: restart nginx + command: docker compose restart proxy + args: + chdir: "{{ services.nginx_proxy.volume_folder }}" diff --git a/roles/docker/templates/compose-files/netdata.yml.j2 b/roles/docker/templates/compose-files/netdata.yml.j2 index dcf5ead..3497665 100644 --- a/roles/docker/templates/compose-files/netdata.yml.j2 +++ b/roles/docker/templates/compose-files/netdata.yml.j2 @@ -24,7 +24,7 @@ services: security_opt: - apparmor:unconfined - socket_proxy: + socket-proxy: image: tecnativa/docker-socket-proxy:latest volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" From 3dc4e14c156572d75cb52c82cb9a094beb6a1753 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 19:59:09 +0200 Subject: [PATCH 31/74] Bump Vagrant specs --- Vagrantfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 6a5b7ea..9a43d03 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -13,8 +13,8 @@ Vagrant.configure(2) do |config| config.vm.hostname = "datacoop" config.vm.provider :virtualbox do |v| - v.cpus = 4 - v.memory = 8192 + v.cpus = 8 + v.memory = 16384 end config.vm.provision :ansible do |ansible| From 5ae78bcd17e18fdaf679066b0a3f7d453054250d Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 21:34:59 +0200 Subject: [PATCH 32/74] Fix magic --- roles/docker/tasks/services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 488b1de..676335c 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -18,7 +18,7 @@ include_tasks: file: block.yml vars: - service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') }}" + service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') | join }}" when: single_service is defined and single_service in services and (services[single_service].disabled_in_vagrant is not defined or not (services[single_service].disabled_in_vagrant and vagrant)) From 2966e6715b33c430aae6335734b19d9932989d49 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 21:44:37 +0200 Subject: [PATCH 33/74] Add shell to users --- roles/ubuntu_base/tasks/users.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml index 8ef07b6..2e6d3e2 100644 --- a/roles/ubuntu_base/tasks/users.yml +++ b/roles/ubuntu_base/tasks/users.yml @@ -6,7 +6,8 @@ comment: "{{ item.comment }}" password: "{{ item.password }}" groups: "{{ item.groups }}" - update_password: "always" + update_password: always + shell: /bin/bash loop: "{{ users | default([]) }}" - name: "Add ssh authorized_keys" From 15fa5d6215bfcec3c1694c3678e3d7e7736153e8 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 22:02:11 +0200 Subject: [PATCH 34/74] No need for Python Docker bindings since we use Docker cmd --- roles/docker/tasks/main.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 81b56ee..e4d2b58 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -17,16 +17,6 @@ name: docker-ce state: present -- name: install docker python bindings - pip: - executable: pip3 - name: "{{ packages }}" - state: present - vars: - packages: - - docker - - docker-compose - - name: Configure cron job to prune unused Docker data weekly cron: name: Prune unused Docker data From 85e1da3cbf733ff4239b422ca2de7e3928c269eb Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 4 Oct 2023 22:05:59 +0200 Subject: [PATCH 35/74] Last fixes + install Compose v2 plugin --- roles/docker/tasks/main.yml | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e4d2b58..0a42ea2 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,21 +1,31 @@ # vim: ft=yaml.ansible --- -- name: add docker gpg key +- name: Add Docker PGP key apt_key: keyserver: pgp.mit.edu id: 8D81803C0EBFCD88 state: present -- name: add docker apt repository +- name: Add Docker apt repository apt_repository: repo: deb https://download.docker.com/linux/ubuntu bionic stable state: present update_cache: yes -- name: install docker-ce +- name: Install Docker apt: - name: docker-ce + name: "{{ pkgs }}" state: present + vars: + pkgs: + - docker-ce + - docker-compose-plugin + +- name: Create docker-compose symlink + ansible.builtin.file: + name: /usr/local/bin/docker-compose + src: /usr/libexec/docker/cli-plugins/docker-compose + state: link - name: Configure cron job to prune unused Docker data weekly cron: @@ -26,12 +36,15 @@ user: root state: present -- name: create folder structure for bind mounts +- name: Create folder structure for bind mounts file: - name: "{{ volume_root_folder }}" + name: "{{ item }}" state: directory + loop: + - "{{ volume_root_folder }}" + - "{{ volume_website_folder }}" -- name: setup services +- name: Set up services import_tasks: services.yml tags: - setup_services From 4082c6fde3601c805ddd339a89d578ca3ec9e9b5 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 4 Nov 2023 01:20:53 +0100 Subject: [PATCH 36/74] Add from_vagrant to deploy.sh --- deploy.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy.sh b/deploy.sh index ee10734..429e338 100755 --- a/deploy.sh +++ b/deploy.sh @@ -13,6 +13,7 @@ BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass" if [ "$1" = "--vagrant" ]; then BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host" + VAGRANT_VAR="from_vagrant" shift fi @@ -29,17 +30,17 @@ else "services") if [ -z "$2" ]; then echo "Deploying all services!" - $BASE_CMD --tags setup_services + eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" else echo "Deploying service: $2" - $BASE_CMD --tags setup_services --extra-vars "single_service=$2" + $BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}' fi ;; "base") - $BASE_CMD --tags base_only + eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" ;; "users") - $BASE_CMD --tags setup-users + eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")" ;; *) usage From 04d4e38751df0bccf4698ba129edd8e78a165612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Sun, 3 Dec 2023 22:20:19 +0100 Subject: [PATCH 37/74] Remove some more byro stuff. --- roles/docker/defaults/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 11979f4..e0ac83f 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -201,13 +201,6 @@ services: postgres_version: 13-alpine allowed_sender_domain: true - byro: - file: byro.yml - domain: "byro.{{ base_domain }}" - postgres_version: 14-alpine - volume_folder: "{{ volume_root_folder }}/byro-data" - allowed_sender_domain: true - watchtower: file: watchtower.yml version: "1.5.3" From 6e4b3e4aa490d4943c6208d6a722e1274d0efdf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Sun, 3 Dec 2023 23:21:34 +0100 Subject: [PATCH 38/74] Add writefreely instance. --- group_vars/all/secrets.yml | 325 +++++++++--------- roles/docker/defaults/main.yml | 8 + roles/docker/tasks/services/writefreely.yml | 65 ++++ .../templates/writefreely/config.ini.j2 | 44 +++ 4 files changed, 282 insertions(+), 160 deletions(-) create mode 100644 roles/docker/tasks/services/writefreely.yml create mode 100644 roles/docker/templates/writefreely/config.ini.j2 diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index f70221f..c35ade9 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,161 +1,166 @@ $ANSIBLE_VAULT;1.1;AES256 -35346661396563636532323830616336353530313861666333666533343730306431633264303634 -6331383565663930343562326463313066326634306362620a613437633739383734326135666339 -35393137336462366533653438323035663165643130336664323766373362363065623265363461 -3230643732316231640a383432643065346137643763343065333161623034386563663838323764 -62653064396265323532353432333938656233363832353736323336666136613535393066666231 -38336230306239633865373634376537396133666539623630336335643535656461303530633731 -38616465343138636365653766363339323134626333313538613664333930366638656265373561 -39633762646631666539386130383032383034306364356662663333366638313064343334663534 -66616633633030343064376165333665303365616438333566386162653463313162336433303334 -36376534353039333238356464373531656636386566373166323261323033653230613664643962 -66386235653564656565633361353236393433303961633931306664633761653637313739333433 -34343365656535396365313032393362316537346563303230633333653233396663636535633339 -37623933613863303365616261303039383665396666303238663665333964343233636330626133 -38666465323163333730653439666436366236636563383936333535386662613436343838656132 -32333438633735353334343730303231336136303631653635663834643364663134356539323530 -63383136303263643463343839376461623633323830663238393564326133393534653264353363 -39353430333262303331356334313634303062653637613737633263306466313863373830356638 -30366539343330373635383234653465316637346537306236313139303164643838333333346433 -38393166653537396562386630333561623537653363663864393531336339653030656664623366 -61346161353264623565333733363331366530646530623461616366366234316131393032393830 -36373230313163396561353634653133346331343966366161616139313238336663333963636538 -65383461623234636662613534333439373838356432323331343064383730613336343935613737 -32323162656466323637613731303362623266656266343163343362313032633531613162396663 -63613637613035623333343864666162313165323565383163623138323663666261336265373533 -35323961366565383532666130633434323735336331353636316262306664646238306338666133 -31623333343765336537643663666363623139636633643130303733646262313864336434663065 -62303365366161313732323732356539646231643431323265303564376362366635326539613833 -35393566653162346137666462633338653637653832326661356164396364663762336464373661 -65616566643435386261363461633237383739613266356665613731326263313737326632386631 -66306633336631393566356235643730366436303334383132353266643739303237666331303463 -62303636313362336336613139616232383530623435643036616234356365323938353965653563 -35313039613262386137653236353734633939383562666136373761346335303538643961343135 -34333533363734356464393138356664316237323135316131376337616333383061626533313532 -65343461613464636663323038303133316637396338313132373863656430356533303530353930 -35356534613465383237616632323339316239336563363731373561663939386364613030326462 -61333134623534356262383961383434323861623130306630336166663332386136346663626562 -38653435616263363431356261653134613331346531653163313665633538356265633335633537 -61383035613262626636633866613465393463386164613761353761346637643738363733636230 -61623865386630336664356534356131383966393437383539616330656633316465636263663932 -38303532353962373464393434643937316432323539633961303836313763306561663963663761 -62346466656531303435326235316636643231373762636339623038343466613935623366643832 -38303636613230343036376534393738666163353539633032336336323732616565666531656138 -38623730306232383966303866616231633032376130323436336563643138636337653738313339 -61626562623432396132383265653334323337656332326137646665356632633163343537386365 -66663834383363646337356237396262346135653261653833356262343932366539663764343338 -30396662353961643234666139666434343363316662303335663963343963663032383532313431 -37653338663230663435623331643666383639643932346139383661663166376366666236363635 -61646131316636643264356164666162353936636464306330373961363139653661376630393262 -65373239383463373766363865303463326362316664666566343433636239333964313766336662 -61393132616562393734346162613431616632323536386363643938643431343361623261646265 -36616530326464353266343964326135663534373432313962326639396161333231623631663561 -65646466323335313665346430313761356333663262323434623265313530616439323336363632 -36333134356161333337343365313366303362313439303033346634333735626566353061626461 -30396266663261353030353939663562633361653362346235336264663633356633663865316536 -33636538656562613133613032343939313735333334343662643061346137356663393732316438 -34646437336434323564343764373565373564663039316435303132336635613861323430663730 -37653461643063633162356130396432613837613336366566663935616264623534653161666261 -66303731303465666134316138393964626137623639393935633162383262666165643831646662 -61663338353762303166363932663738333361313935666338386237666636623031663632656461 -30393763663565396131343065376562656335343564343966396334386261363865653963653537 -37336561316261383436393036396134303231303631616239323461653538666139386265336638 -39303565666466376639356465323861663164353863633930613138653435393664613837373131 -39343339653731613939643937646439343238653563333665643430663534366336613666626166 -31633633386166333434353165323632376662623031666164303865653937333235643733356339 -33336666393736366430373262383237346161393261303461313932393938353539636435646434 -65316433636661633731393837656261663031643032393734376231373933383830303161626334 -64653631343864303464666238303338653238633230663836653437323936316363633031656334 -62343632616338613865373736323865636632373530343562343566643465326232656566643739 -33303962626235373730373637613761306133633661623039343231376534326636313335626331 -65623461646339353135356562666264613364323661303165356163303265386338383066393162 -66333938363234373365303839616532323864383634303230626235396362643330323965613166 -36393333363035396366366530613439396534353065613763346565393736316538386463396339 -33313663633538393363356537333733366661303235363863393833336333373932613838396430 -33636532616363373763336436343532393235303138633536616334373931373931356339353731 -36636431613262626137323639343334353434623630656163366363636566363031323561643633 -39666366333263653739656230333537346533363062356532613030333637363465383364396638 -31316265643530633039383536393338366361363132303536313935323937333239313833646434 -32353839653834623062623032346164313063623033656164343836336136313631623436336165 -38303130303738323466623561386565306231653766643363353735653032633862373939616237 -30613566626533653565356232643233393461353933366632373561353139366463666462313233 -61363038386665323333663237373837356563366231613562343337323533616436353365333864 -36613638306133656230663634636638353361336236643131666135306330613865326163386366 -37386464313631653637356434636633633035376461646164396364323663383865386565353336 -31663262653332373633333630306339366436323339643962626137646362663164643632326336 -37323464333861313535366630656365316330613332326262383832383633646530626237313465 -38336334383163663538666232663731633530376262313864383033396330663431366436663330 -30333232346335343261393266303531373366643363333464353535313336613265373366356437 -35323038356338306331383466383335633630366663326463633239333763353461366131653831 -63393864643662323931666362306665393764613234366361313530363233353566656334393031 -64333562643937373864326262306462383066656237393732363164663038626166363234393239 -35393930383134613864306365323862653464626362326136383761376165363036633365326539 -38353439643537633663376462613332363165366166386266353738623434666161613735623633 -61636233633263376338323134636565363865343434373864393935366563653164353531313436 -32666666306666393132323263623063323464633963346532396465353033396238353936346265 -65363931336366366264306231333063613537363561313735363939636330343466346134663832 -37613738343262353838333032663237336536346535623630383562663230626631643063386263 -32616535613261386231323131333237623438346664646238336630326561643163393530306234 -61386662333938326533646230316536343162336366336133646561363936633363373335393633 -31636532666537663939653165633734363361386261346133333333323535623166383233383661 -64363735316563356436376430666536363939663962636433646466643464353863663034343332 -34306665633932613565326566663938396364343862313131643165636434363030303434333165 -36643632633135643562303535313232313534313931373665626262353065663062333237623036 -65393439613136633434646130316562643433653966373965383761616530613830613639343036 -37313831363235646137346230653937303138313031613532346138656631386634323933353466 -31633234653830643762633463623833326139643135353732666338626561643934356439623963 -66626337633965646334383636393033633530366364373930613335363737626265616639396365 -30386637373863333961306365646432656230333934366163613230303333356131613632386665 -63303230346635613434663734613163316637336266393338623237373063366233376463323937 -39323933386332353431373739646136653332646531623165393836616539616161373130646166 -66396436383536326565383133346366626532323361343430363833653539313536666530653035 -39616566663466363462383762313137383034663231656366643139646332356137346461386361 -64646439666336333532323031356534666332356133343737636465623463343438363762633932 -39653133363163343937386437356638316462373061393634333762633363396438333935623063 -39646361626164326165353136383432353730333066626365666466393333393066663138653232 -32323937653961656132366230333239336465643332663135303630346231653665343633613966 -33363835653065623430346539663162373233653932343865373733626431636666303335666666 -38616139646337323164376337366366306335323436653335646536333866366137636532613965 -36376637393333326236356233616461393363366237373363393564393636313935336439356339 -36663563653265376533386334353936376438386331396130333363303861613535383235633732 -63663537643861373537303461623633363535363631383337376361623066666633633035356564 -38323032346136636561353635646530363364323133326365333963313166386131616130616664 -39616561323433386233633264373166653162656166343366663031393732313736666433336566 -63643136643635346431323036666530343965393136663634663661323563333665393435383937 -62653739653764613830383333383539336436376139383036643866303361666265323461313963 -64646536643738356631343631393234613764306530316537363966626536386366616138626230 -30313862633966303066373435663966336338343530356565393933346262303461356334633234 -66663561656261333134303939663430366365616266373463383132363331396333653330313637 -37383736633861633338333165623639623736353730666535323936663166623331346639303137 -39383064343235643135616136333863353230323961393631613230643830663664626133613932 -62653734333066356166363234623136616638353666316632336131313830663466396562323332 -36623964383136326138613439366236633165663032616562363235666636623865306663393636 -37306530386238376437303437393932643265363062623733633661353230363666393537336265 -65396263643837366265663765653536376663306632336139313730303731386666613539313764 -61653763666331613132373561646637393566313638633034346262303566376263396239663133 -62393138646334666636303636626638316536393265323531393431306236333934373834623933 -34623434313061653265663335646564303932386265653365366430353530636236653237313264 -64643933353737333864383165303432353264306362303162323964383238386138383962373734 -38623938333163643466393134313562646236656665656639363764353766623332633931383634 -33666663363535646331376461343332353166386530663065623261613035666338343637363233 -63376436303662303365643466336237396635363062653531663565633137353134333834613961 -66303139363135363537303330346130333663663136306464393864343736373536326466623862 -30353834636366656532363132653339653465623266646638363637623136646232613361346262 -37633261373061363865613236316634383730383433303534303033396662373963366535333233 -66643431363636623334636164336433333366643235343639623136366261356165386634306165 -32336131353762326662623735656232396561333739643338363030646237353565626534646265 -34333437353265666462356566373031326438343231613332663463373731636265303737616332 -64353437646131643939303432633637386466313030656631613633343330376138666165333939 -61366366353266393939643764376536393234393863626237653836646264636232303033666434 -61333833666430316635373565643937396235316237623336383539633365653161616431613239 -36663430336665336537383839363834613736646633383133353132366537333238313337313566 -61613433643261666230303032346334353064646530663533393662636135363766386334613038 -36383836353339666230613161313463343862636134396431333935363437646463386333333366 -37636666313739343236613462626234353764663539323262353866623862623236323462306435 -61653534383737663932633236373834303937373565393966643738326430346263373134303966 -38313261643932336435623964613339353939663332346238333161316464633736623032643031 -34663534386330323431333733356564623634323163663733333530393833656437313339386239 -65333538323336386636346637323136316263353961383263363730303263626266643065346566 -30636139373932663964343138633938356366343636303563373161653962663931333631306432 -32316663643361386637646436363935666436653436613462383333363662313361616431363739 -39623362346439333437 +64633439653739323864356533633331313134343730623162373736323137326339626162396330 +3636653431343664626638396438383733666139613531320a633836653331366134333338373939 +63643838623766623231393736316438643439383335336338303739316663383630306632623334 +6131303830653230630a623666363464643336343463656630613139643534623462363634656630 +62663865333762626334633164303230656433316361366462656235326430633138313963336638 +63626430396231303432663663366330303930313463663434633965396538623138383633646566 +30336232343137366535363233383536303931323034346134306165666661623063376435336637 +33383965643066363433646235383834656235373030356336646461386330366666353135396133 +33646661633239313630373835633131393662666365366162376335346533306462326233383933 +64633162623833363665343232636430393964306431663233376666343037333437313261376266 +63643631656436373232323931383136613366376335336436663032613662646262303236663231 +33343039646131653766663364323430356538343331373464663937613032343338313362306339 +35386462316561326431313365313765623938656635613135373331313630666339653464616665 +39643335376239633661616532333432313638666539666136623931653331656538383066383162 +35366530306264646365303439656235393634653234643636303066396434326232666664326339 +39656236356363336436646232616330393238613261333630373034343038353039626666333665 +33373661383566663133316334636235633337653862326430396361623737376562616132353865 +36643236666531643633623866626536363933393261616336336332393461346563643163333161 +34386461343965353064663332626635626238316664366466323634303964613630316662323430 +33393630303965383365346366323864383239393766383231636461373034636162653036626235 +33656333636566326633353365333131383761363163353331663931376333633135633431626334 +36386330333465336134383962363463636637356262623966386132653434393537343863623332 +31376238396536613935306265393663626538633539396262353562393337326139623333656463 +63666130353566373766643565333364313534346161626439656465356435393933313535633836 +38616464636364363062613733666564343633393131613239346361613365326534323833646162 +61363265336161366334373162626435386437656330383034653939663262396138323834343962 +33323061623734663231393633613531646331333635633462626363373731663437373539353032 +37643031616335633130616634313861303239313032656430373438333165376131643338666263 +33663165626364313963356639333132663863313436326438313266656437366333353764383535 +62323862613330643264613939633534393361383264313565333131666265346462393636356139 +64396462346633623037353865316431636335306331343535336663383265623033666566333065 +31303565386636393039646166383464646131656666386565353663316532303864396463373262 +35613436396635376539383838616439313663636237386331643961353066363932396632613434 +34643064626230383038306365393962366132633034316662646164313537626437656265613564 +39383866626661623266383734333137353135623166636336356332343237356563353333613234 +64353439366237313263353338353436323664363865643464363563616230373931663630326163 +66653466316536636461656161386665646165646463623934323931333963353735353930663161 +35353331663931326337333161396534363066633962303339633463623165363539393035313261 +33316665633464376232663363373233663234643236386631333330386362386464663732636539 +61656465303437633162393862643565343039656261316265663834343130353638333066343564 +65366430336435626237303565373637386137656137363161646334623733363130343732626333 +30316236633732623035663562313464356239393264646631366631623763396461333538653436 +61366336373761383038353062353661633065653663323837303430346633623861333635643762 +34633635376137366233353636303934333337333062643766383636666266386565323836386364 +63666330303239366435373532653730303136376162613261306638626338346633356236386230 +64343832373338363837663735633462336637396437623131303965353838646361323336613366 +30346262353831663061376137356334643238303264326332316236323133383136396437306138 +36346364363030656137316563636564663539303435623733653263643337333336306537636138 +32303139666661343839346137346163616562626636306437666662386632636262616264376561 +64396434633035653739643162393138643631653738653138393136663361313036643830343730 +61383661303439656636343461373033363366616461636665376664393937333633303664626432 +62653963623130326539646134633436386332663037303932623731383363336433643736366538 +39333238373664333237373333343534643264386636643133306232643037343062646132626133 +38316462636434653039333364653966313766383536346435626238376139306139663636316433 +31613933636530653631643432626530346238633539396666393463636263633165373435346262 +34336632386539373635636232363765366565373236323536633461386361636631346539373462 +64396639653666326464656261383466383834663735353931666466663862346665303030346366 +33653732306636626262373166623038623464346339636534363035383030623265323337366166 +33663839366364663638656138626333343737613635396338626634363761383538336135353361 +38393333626364613562663934666466663662303130363133306662306132383566636264313066 +31343133373766333265303161313230316465396337393339663133656631353037316634313935 +62393130343333353964623934636532313361323434663966616138376438363339323264393334 +61646630383565326335613063313732333737393336366630393936303333643435646663663035 +61346165353834386631326236663566336662653935653234326464386634636239323635636465 +36333931306233623465346530363637383566666235636266313030656430626132663031623838 +33333737353466343461613832623431666132303238626163393036316461313939376262343234 +37393262656263616165356539623534373935346466393338353038363336633632646130323862 +63353935663736313435653361396636313634383234633033643230396230346365323734613532 +30366439333738313534373639623963653639656232323238383435653932666461373634343866 +32396437363832616630646333623732346234643139646262343765303330613361343361636538 +37393461366432323830373162333631633262386632326162636236303130383261306662666439 +61653936366162626438326235333433366665356432643634663531613536396132613866303338 +35636637383633353765346436636233613435316634353735363731366432613034373734646366 +35666466363935363766393963336231336237643266393630343563626531323266656561633539 +63626537333364616165646366353830386634646338366232333763323438306239626431636633 +33393336346161633736643662393261633434396262326638356161393161383966386232376465 +35353130613165383662393631353162346430336262356163336234313632323232336631393164 +37376135373430333332633662396630336537646638643063313864316266653763336432366565 +35616434363265373938336139373036323665323131356363643233333136336138393937393336 +61376237663265326133303664653466626137656432643065346661323037306661623262626331 +34316338323336636430376139633765643039323363656233306332613230613732343231396261 +39343564306237643236653634666437363438313334653137653530623835653533616638663833 +31333664353862376435373763316337336530616533643061316639663035316462393231343930 +39663161376338666366353237316330396134363465386563376332356333663164386662633935 +31373230613336633330623239383062646332313632313265353166376564326339356537366463 +64333862356366393233383033353031646565393036653730386536393733653530623065393833 +62613936343838383531393862353934366538643038333733663836333433383538643036323935 +36613837306564623733353230316563306638613362633664646466363064613832653938363538 +36346166313865313135343833313433643137633061373333633332643632356662666536373466 +65656265363562363238346136616561613230353466383539326435333565353462373234346139 +32663261396166393530613966626633333237343737373033626430643764306136386639373032 +38616562303439386137626435663266646465343839356431646663643964376536663665646537 +34663964393761616662326162353461653765383637356663316662333236326262646232316130 +35656437666263623263363862303131313263666162613136303632613334333836663562353566 +38306131376534663535636338396339626361633733303934333164383564663839666565386565 +34633537656462666161323737373861613664633039643039626634373935383733653933393364 +30303339346261656230313337386563656532316166343731346433386637616161626561346539 +30353263386463313466306234336564303031656534626436373439363863643062316561393533 +35393534376166613764323138366561383161303930646364336136363866633933653462356337 +30333563613536663436663263656463326134383562656631386133346462383934386436313065 +32663734326339343865636266393438356533653564336638363864313632326261653639623335 +34303036353162353336326238393938356662303234363439393163653566353637363339343530 +31383336653031373561386335646162303265343432303061663931616464366664386636303264 +33383632633462613765616166333736396438663066363833646136316635383435376534616566 +31336233316434343037636131383336646637393234663531393430333662653637306437656263 +62633761343964666462306236646362366135626330613462633538383864666538636365353166 +37623463323035643663633539363635326530636235353730393336383537363463643065373265 +39343231653165376633363435363633313039396163363635313133643062376436333265383065 +30653562633436616537316536303563313936326165313136396462326335633362353136623636 +36666235613864363230326534383536333635363865346338353035306464616232323263633264 +64353163376633363234346335643765333033396439613631383965643563386331303666326565 +34306366663234623861316231646439643237313361383534396361333963373130376439653133 +31393234316161333536323133313933643861663739363938366561643739646436346563333538 +39653164313063323738306262376236356138313463396539343061626365653834363432303734 +66626662643965306262383261333236396130333835316462396233323162656366646536653535 +35306230626131643466393862616361623839306435343230383834396230623830646531633238 +31633836313337653239373264653962313234353266353762656336633461653238633032336231 +61303162373830336138666563656633613837373630376165353365376564623566633932336535 +65356631363136666432626231626635323962653132663237316264663063306238666561363064 +61663235333966383765643338316164396336383233306334653361656363353536643836666365 +33353764326564316336643330353966376234643166393233316463373565656665663463303537 +38333437656564666135316462353261353265616534373535393865366337346238373862616336 +64336361373634663335633665343034653430346133323237313737333132383438666661376262 +64656233656631643432636133393864393266323934393961323862393233323531376439306164 +37653935333631353663326437383332386162656364643164333933376238306434663737383738 +33646562386638346335363766653762326130376436343562613739633763303565346661393532 +33383563346536363163383661393561626237326334306333663435666536383464643332643839 +35346362356534373162386163633462646362666562333036306461636564313665343039623863 +34623439623737653536376139306165396530333835643862323065336265306536383435323233 +34303861326236636663386438356166373830343635343365376562646662323062656638633430 +32636364636535626266386461376535313764393364623739656232363263386233376261636639 +64353637333436633934366661383565303661656634616265323439646435306237656461316363 +31633736353364633237623030643639383431666633383865633038653062353465663735633634 +34313134643531346463353263373837313030363664356165333964633039366363613463326534 +36663130366361373866343734623861343238313038663264306639353031643635373137303036 +66653834343862663064386562613031653334616337613239346331383239353062633961663131 +61643037313836336464333562386231343163363937323330303065666363306436323661373338 +61313265656663383732633432376537613231336534656537366237616363363162613861653438 +31666631653633323432396435623963333262353235656562336536343761623939303931653935 +35616363646639373838376365666539613436363638653132386539303732396461663562346534 +35616162343964666361373936303230383464343964356561303537366662366564373735353530 +31666537623661636638653865326233383635363466613033366662636562653864623262343739 +38383336333931646130343832323837366464626332653936393965653239316663386164623939 +32386438646463663861613366323330386638393736363466343063396462343762633231636632 +66353764643465616664636330613037653236316338396232633738373931303032643165666261 +35663561666536663438373430353933636438616531336162623366643364653736623865383366 +31373839363162313765343136383336636635626232353565666133393766383435633430343165 +66326535333061613934393466373562313431386465356665623034636630383765333133373234 +31663664363833643361666537333263666533646531656135363331366238663539366338393937 +66316562356662663165366532363837306230663336613464313938346331653732323033306338 +30333166313437626334303833373965306237373638326537643539653839336537613561643263 +30373561623332646336643038316437666366383664393330353262373465323066616536383431 +35306562623437623963316535663363613562376130663438633864643333653438323363613730 +66613130633663396434663336326237323830613362356336363035313666613662663464343334 +37303931353030383966326165383030353363646131653037663839643537633637323639313631 +63346230633138303530383737623561653039313264643831646538356432306534393531316430 +37306561646366663232393632303236636364343933643138326239363530316365653433316336 +65333933626664653762363535373965323233366663316538626631373262633631396264633164 +38353565316664386130653564363435343065353732646262323734353862613634373033336635 +30333838383239313532343535643238356232393561366162346336636432323133313632646638 +62653939633961623264333137646339343665666662613536666233643430343665383764653531 +39653037333831386538663032613264626439333035333539653865373837633465353839303763 +39323532323432633666396430366165386464343664373465383166616538373733306361656666 +39653530316666323166653430663565353231323736633466656362386461326135363062653565 +6637 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index e0ac83f..a45dbe5 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -204,3 +204,11 @@ services: watchtower: file: watchtower.yml version: "1.5.3" + + writefreely: + file: writefreely.yml + domain: "write.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/writefreely" + version: latest + mariadb_version: 11.2 + allowed_sender_domain: true diff --git a/roles/docker/tasks/services/writefreely.yml b/roles/docker/tasks/services/writefreely.yml new file mode 100644 index 0000000..f5b674f --- /dev/null +++ b/roles/docker/tasks/services/writefreely.yml @@ -0,0 +1,65 @@ +# vim: ft=yaml.ansible +--- +- name: Create volume folder for MariaDB data + file: + name: "{{ services.writefreely.volume_folder }}/mariadb_data" + state: directory + +- name: Upload config.ini + template: + src: "writefreely/config.ini.j2" + dest: "{{ services.writefreely.volume_folder }}/config.ini" + +- name: setup writefreely containers + docker_compose: + project_name: "writefreely" + pull: "yes" + definition: + version: "3.6" + + networks: + external_services: + external: true + internal_writefreely: + internal: true + + services: + writefreely-web: + container_name: "writefreely-web" + image: "writeas/writefreely:{{ services.writefreely.version }}" + + volumes: + - "{{ services.writefreely.volume_folder }}/config.ini:/go/config.ini" + + networks: + - "internal_writefreely" + - "external_services" + + ports: + - "8080:8080" + + depends_on: + - "writefreely-db" + + environment: + VIRTUAL_HOST: "{{ services.writefreely.domain }}" + LETSENCRYPT_HOST: "{{ services.writefreely.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + + restart: unless-stopped + + writefreely-db: + container_name: "writefreely-db" + image: "mariadb:{{ services.writefreely.mariadb_version }}" + + volumes: + - "{{ services.writefreely.volume_folder }}/mariadb_data:/var/lib/mysql/data" + + networks: + - "internal_writefreely" + + environment: + - MYSQL_DATABASE=writefreely + - MYSQL_ROOT_PASSWORD={{ writefreely_secrets.db_password }} + + restart: unless-stopped \ No newline at end of file diff --git a/roles/docker/templates/writefreely/config.ini.j2 b/roles/docker/templates/writefreely/config.ini.j2 new file mode 100644 index 0000000..a71fb12 --- /dev/null +++ b/roles/docker/templates/writefreely/config.ini.j2 @@ -0,0 +1,44 @@ +[server] +port = 8080 +bind = 0.0.0.0 +autocert = false +gopher_port = 0 + +[database] +type = mysql +username = root +password = {{ writefreely_secrets.db_password }} +database = writefreely +host = writefreely-db +port = 3306 +tls = false + +[app] +site_name = data.coop +site_description = +host = https://write.data.coop +theme = write +editor = +disable_js = false +webfonts = true +landing = +simple_nav = false +wf_modesty = false +chorus = false +forest = false +disable_drafts = false +single_user = false +open_registration = false +open_deletion = false +min_username_len = 3 +max_blogs = 1 +federation = true +public_stats = false +monetization = false +notes_only = false +private = false +local_timeline = true +user_invites = +default_visibility = +update_checks = false +disable_password_auth = false \ No newline at end of file From 27321a16a2ea8436d16df683d1ba5b1564bdb8fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Sun, 3 Dec 2023 23:49:06 +0100 Subject: [PATCH 39/74] Fix writefreely mariadb datadir and set user_invites to admin. --- roles/docker/tasks/services/writefreely.yml | 2 +- roles/docker/templates/writefreely/config.ini.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/docker/tasks/services/writefreely.yml b/roles/docker/tasks/services/writefreely.yml index f5b674f..5a01471 100644 --- a/roles/docker/tasks/services/writefreely.yml +++ b/roles/docker/tasks/services/writefreely.yml @@ -53,7 +53,7 @@ image: "mariadb:{{ services.writefreely.mariadb_version }}" volumes: - - "{{ services.writefreely.volume_folder }}/mariadb_data:/var/lib/mysql/data" + - "{{ services.writefreely.volume_folder }}/mariadb_data:/var/lib/mysql" networks: - "internal_writefreely" diff --git a/roles/docker/templates/writefreely/config.ini.j2 b/roles/docker/templates/writefreely/config.ini.j2 index a71fb12..40ee41d 100644 --- a/roles/docker/templates/writefreely/config.ini.j2 +++ b/roles/docker/templates/writefreely/config.ini.j2 @@ -38,7 +38,7 @@ monetization = false notes_only = false private = false local_timeline = true -user_invites = +user_invites = admin default_visibility = update_checks = false disable_password_auth = false \ No newline at end of file From e426c3d6c5452e114902b36613e8f21f9a416fa8 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 7 Dec 2023 20:47:11 +0100 Subject: [PATCH 40/74] Rename Write Freely compose file --- .../compose-files/{writefreely.yml => writefreely.yml.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/docker/templates/compose-files/{writefreely.yml => writefreely.yml.j2} (100%) diff --git a/roles/docker/templates/compose-files/writefreely.yml b/roles/docker/templates/compose-files/writefreely.yml.j2 similarity index 100% rename from roles/docker/templates/compose-files/writefreely.yml rename to roles/docker/templates/compose-files/writefreely.yml.j2 From bd074929ac88ce5b6a533056fe204b21340907fa Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 9 Dec 2023 19:37:46 +0100 Subject: [PATCH 41/74] Fix stuff --- roles/docker/tasks/main.yml | 6 ------ roles/docker/templates/compose-files/nginx_proxy.yml.j2 | 2 +- roles/docker/templates/mailu/env.j2 | 2 +- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 0a42ea2..8d297ea 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -21,12 +21,6 @@ - docker-ce - docker-compose-plugin -- name: Create docker-compose symlink - ansible.builtin.file: - name: /usr/local/bin/docker-compose - src: /usr/libexec/docker/cli-plugins/docker-compose - state: link - - name: Configure cron job to prune unused Docker data weekly cron: name: Prune unused Docker data diff --git a/roles/docker/templates/compose-files/nginx_proxy.yml.j2 b/roles/docker/templates/compose-files/nginx_proxy.yml.j2 index ffee37a..e811955 100644 --- a/roles/docker/templates/compose-files/nginx_proxy.yml.j2 +++ b/roles/docker/templates/compose-files/nginx_proxy.yml.j2 @@ -17,7 +17,7 @@ services: - "./certs:/etc/nginx/certs:ro" - "/var/run/docker.sock:/tmp/docker.sock:ro" labels: - - com.github.nginx-proxy.nginx + - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy {% if letsencrypt_enabled %} acme: diff --git a/roles/docker/templates/mailu/env.j2 b/roles/docker/templates/mailu/env.j2 index 9b7f782..ad0ab16 100644 --- a/roles/docker/templates/mailu/env.j2 +++ b/roles/docker/templates/mailu/env.j2 @@ -127,7 +127,7 @@ WEBSITE=https://{{ services.mailu.domain }} # LOG_DRIVER=json-file # Docker-compose project name, this will prepended to containers names. -COMPOSE_PROJECT_NAME=mail_server +COMPOSE_PROJECT_NAME=mailu # Number of rounds used by the password hashing scheme CREDENTIAL_ROUNDS=12 From f627d1cf326cf7f2a0e216980034d59bc4e38592 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 10 Dec 2023 18:04:50 +0100 Subject: [PATCH 42/74] Upgrade Mailu, close #167 --- roles/docker/defaults/main.yml | 4 +- .../templates/compose-files/mailu.yml.j2 | 55 +++++++++++-------- roles/docker/templates/mailu/env.j2 | 25 ++++++++- 3 files changed, 58 insertions(+), 26 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index f1cc168..2937151 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -167,7 +167,9 @@ services: pre_deploy_tasks: true dns: 192.168.203.254 subnet: 192.168.203.0/24 - version: "1.9" + version: "2.0" + postgres_version: 14-alpine + redis_version: alpine mastodon: domain: "social.{{ base_domain }}" diff --git a/roles/docker/templates/compose-files/mailu.yml.j2 b/roles/docker/templates/compose-files/mailu.yml.j2 index eddc18a..4e6c6ed 100644 --- a/roles/docker/templates/compose-files/mailu.yml.j2 +++ b/roles/docker/templates/compose-files/mailu.yml.j2 @@ -1,10 +1,10 @@ # vim: ft=yaml.docker-compose -version: '3.6' +version: "3.8" services: postgres: - image: postgres:14-alpine - restart: always + image: postgres:{{ services.mailu.postgres_version }} + restart: unless-stopped environment: POSTGRES_DB: mailu POSTGRES_USER: mailu @@ -15,8 +15,8 @@ services: - "{{ services.mailu.dns }}" redis: - image: redis:alpine - restart: always + image: redis:{{ services.mailu.redis_version }} + restart: unless-stopped volumes: - "./redis:/data" depends_on: @@ -26,7 +26,7 @@ services: front: image: ghcr.io/mailu/nginx:{{ services.mailu.version }} - restart: always + restart: unless-stopped env_file: mailu.env environment: VIRTUAL_HOST: "{{ services.mailu.domain }}" @@ -38,17 +38,25 @@ services: expose: - "80" ports: - - "993:993" - "25:25" - - "587:587" - "465:465" + - "587:587" + - "110:110" + - "995:995" + - "143:143" + - "993:993" networks: - default + - webmail - external_services + depends_on: + - resolver + dns: + - "{{ services.mailu.dns }}" resolver: image: ghcr.io/mailu/unbound:{{ services.mailu.version }} - restart: always + restart: unless-stopped env_file: mailu.env networks: default: @@ -56,8 +64,8 @@ services: admin: image: ghcr.io/mailu/admin:{{ services.mailu.version }} - restart: always - env_file: "{{ services.mailu.volume_folder }}/mailu.env" + restart: unless-stopped + env_file: mailu.env volumes: - "./data:/data" - "./dkim:/dkim" @@ -69,7 +77,7 @@ services: imap: image: ghcr.io/mailu/dovecot:{{ services.mailu.version }} - restart: always + restart: unless-stopped env_file: mailu.env volumes: - "./mail:/mail" @@ -82,7 +90,7 @@ services: smtp: image: ghcr.io/mailu/postfix:{{ services.mailu.version }} - restart: always + restart: unless-stopped env_file: mailu.env volumes: - "./mailqueue:/queue" @@ -93,32 +101,33 @@ services: dns: - "{{ services.mailu.dns }}" + antispam: image: ghcr.io/mailu/rspamd:{{ services.mailu.version }} hostname: antispam - restart: always + restart: unless-stopped env_file: mailu.env volumes: - "./filter:/var/lib/rspamd" - - "./overrides/rspamd:/etc/rspamd/override.d:ro" + - "./overrides/rspamd:/overrides:ro" depends_on: - front + - redis - resolver dns: - "{{ services.mailu.dns }}" webmail: - image: ghcr.io/mailu/rainloop:{{ services.mailu.version }} - restart: always + image: ghcr.io/mailu/webmail:{{ services.mailu.version }} + restart: unless-stopped env_file: mailu.env volumes: - "./webmail:/data" - - "./overrides/rainloop:/overrides:ro" + - "./overrides/snappymail:/overrides:ro" + networks: + - webmail depends_on: - - imap - - resolver - dns: - - "{{ services.mailu.dns }}" + - front networks: default: @@ -127,5 +136,7 @@ networks: driver: default config: - subnet: "{{ services.mailu.subnet }}" + webmail: + driver: bridge external_services: external: true diff --git a/roles/docker/templates/mailu/env.j2 b/roles/docker/templates/mailu/env.j2 index ad0ab16..8826744 100644 --- a/roles/docker/templates/mailu/env.j2 +++ b/roles/docker/templates/mailu/env.j2 @@ -43,7 +43,10 @@ DISABLE_STATISTICS=True ADMIN=true # Choose which webmail to run if any (values: roundcube, rainloop, none) -WEBMAIL=rainloop +WEBMAIL=snappymail + +# Expose the API interface (value: true, false) +API=false # Dav server implementation (value: radicale, none) WEBDAV=none @@ -51,6 +54,9 @@ WEBDAV=none # Antivirus solution (value: clamav, none) ANTIVIRUS=none +# Scan Macros solution (value: true, false) +SCAN_MACROS=false + ################################### # Mail settings ################################### @@ -70,6 +76,9 @@ RELAYNETS= # Will relay all outgoing mails if configured RELAYHOST= +# Enable fetchmail +FETCHMAIL_ENABLED=False + # Fetchmail delay FETCHMAIL_DELAY=600 @@ -108,11 +117,14 @@ WEB_ADMIN=/admin # Path to the webmail if enabled WEB_WEBMAIL=/webmail +# Path to the API interface if enabled +WEB_API=/api + # Website name SITENAME={{ base_domain }} # Linked Website URL -WEBSITE=https://{{ services.mailu.domain }} +WEBSITE=https://{{ base_domain }} @@ -147,12 +159,19 @@ LOG_LEVEL=WARNING # Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones TZ=Europe/Copenhagen +# Default spam threshold used for new users +DEFAULT_SPAM_THRESHOLD=80 + +# API token required for authenticating to the RESTful API. +# This is a mandatory setting for using the RESTful API. +API_TOKEN= + ################################### # Database settings ################################### + DB_FLAVOR=postgresql DB_USER=mailu DB_PW={{ postgres_passwords.mailu }} DB_HOST=postgres DB_NAME=mailu - From dfcca8a3e9bc0c58a2367147ea6be37f10d7ff77 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 10 Dec 2023 22:01:04 +0100 Subject: [PATCH 43/74] Fix Mailu admin container DNS conflict with OpenLDAP admin --- roles/docker/templates/compose-files/mailu.yml.j2 | 4 ++++ roles/docker/templates/mailu/env.j2 | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/roles/docker/templates/compose-files/mailu.yml.j2 b/roles/docker/templates/compose-files/mailu.yml.j2 index 4e6c6ed..49db1df 100644 --- a/roles/docker/templates/compose-files/mailu.yml.j2 +++ b/roles/docker/templates/compose-files/mailu.yml.j2 @@ -69,6 +69,10 @@ services: volumes: - "./data:/data" - "./dkim:/dkim" + networks: + default: + aliases: + - admin.mailu depends_on: - redis - resolver diff --git a/roles/docker/templates/mailu/env.j2 b/roles/docker/templates/mailu/env.j2 index 8826744..43cfa7b 100644 --- a/roles/docker/templates/mailu/env.j2 +++ b/roles/docker/templates/mailu/env.j2 @@ -166,6 +166,12 @@ DEFAULT_SPAM_THRESHOLD=80 # This is a mandatory setting for using the RESTful API. API_TOKEN= +################################### +# Container address settings +################################### + +ADMIN_ADDRESS=admin.mailu + ################################### # Database settings ################################### From a3b5f5520de7a5044d790cbfd740fdd7b8a64e7f Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 10 Dec 2023 22:04:09 +0100 Subject: [PATCH 44/74] Correct folder name for webmail overrides --- roles/docker/tasks/pre_deploy/mailu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/pre_deploy/mailu.yml b/roles/docker/tasks/pre_deploy/mailu.yml index 4dc1d5a..682f501 100644 --- a/roles/docker/tasks/pre_deploy/mailu.yml +++ b/roles/docker/tasks/pre_deploy/mailu.yml @@ -19,7 +19,7 @@ - overrides/dovecot - overrides/postfix - overrides/rspamd - - overrides/rainloop + - overrides/snappymail loop_control: loop_var: volume From 7ef64bd132276d310d6f5aa8884cab208ecfb79a Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 12 Dec 2023 21:14:38 +0100 Subject: [PATCH 45/74] Upgrade Element, close #184 --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 2937151..91ba74f 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -97,7 +97,7 @@ services: domain: "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/element" pre_deploy_tasks: true - version: v1.11.43 + version: v1.11.51 privatebin: domain: "paste.{{ base_domain }}" From 88c4d99fc073c8e79913a14ef1209053607d3c1b Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 12 Dec 2023 21:30:47 +0100 Subject: [PATCH 46/74] Upgrade Matrix (Synapse) to v1.98.0 --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 91ba74f..9a5b127 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -89,7 +89,7 @@ services: domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" pre_deploy_tasks: true - version: v1.90.0 + version: v1.98.0 postgres_version: 15-alpine allowed_sender_domain: true From 9164b399063c709b79b94c930ebaa76578a0d9ce Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 12 Dec 2023 22:00:55 +0100 Subject: [PATCH 47/74] Fix Postfix DNS name not found --- roles/docker/templates/compose-files/postfix.yml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/docker/templates/compose-files/postfix.yml.j2 b/roles/docker/templates/compose-files/postfix.yml.j2 index 89f25ba..6a64111 100644 --- a/roles/docker/templates/compose-files/postfix.yml.j2 +++ b/roles/docker/templates/compose-files/postfix.yml.j2 @@ -6,7 +6,9 @@ services: image: boky/postfix:{{ services.postfix.version }} restart: always networks: - - postfix + postfix: + aliases: + - postfix volumes: - "./dkim:/etc/opendkim/keys" environment: From 0fdfd2e76fdd62d91326a3530d9d245d7c5e1013 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 10 Jan 2024 18:03:39 +0100 Subject: [PATCH 48/74] Exclude Mastodon cache from backup --- roles/docker/templates/compose-files/restic.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 index 1f2ed2b..333a7e5 100644 --- a/roles/docker/templates/compose-files/restic.yml.j2 +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -14,6 +14,7 @@ services: RESTIC_BACKUP_ARGS: >- --tag datacoop-volumes --exclude '*.tmp' + --exclude '/mnt/volumes/mastodon/mastodon_data/cache/' --verbose RESTIC_FORGET_ARGS: >- --keep-last 10 From 39fffe71aef5bfc4d88352adb90b00992185e1a2 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sat, 13 Jan 2024 15:04:02 +0100 Subject: [PATCH 49/74] Upgrade Nextcloud to version 28 --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 9a5b127..0ad23c5 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -67,7 +67,7 @@ services: domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" pre_deploy_tasks: true - version: 27-apache + version: 28-apache postgres_version: "10" redis_version: 7-alpine allowed_sender_domain: true From 068d3bd444ef6007ee7bcbc4c3661eff2ac39acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Thu, 1 Feb 2024 18:55:42 +0100 Subject: [PATCH 50/74] Bump mastodon to 4.2.5. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 0ad23c5..f0e8088 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -176,7 +176,7 @@ services: volume_folder: "{{ volume_root_folder }}/mastodon" pre_deploy_tasks: true post_deploy_tasks: true - version: v4.2.0 + version: v4.2.5 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 46ffcd792c1071c41aef28100dc919b2cc49b6ef Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 9 Feb 2024 22:00:02 +0100 Subject: [PATCH 51/74] Add missing bind mount and upgrade WriteFreely, close #192 --- roles/docker/defaults/main.yml | 2 +- roles/docker/tasks/pre_deploy/writefreely.yml | 9 +++++++++ roles/docker/templates/compose-files/writefreely.yml.j2 | 9 +++++---- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index f0e8088..457b302 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -201,7 +201,7 @@ services: domain: "write.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/writefreely" pre_deploy_tasks: true - version: latest + version: v0.15.0 mariadb_version: "11.2" allowed_sender_domain: true diff --git a/roles/docker/tasks/pre_deploy/writefreely.yml b/roles/docker/tasks/pre_deploy/writefreely.yml index c72bfbc..a1f558b 100644 --- a/roles/docker/tasks/pre_deploy/writefreely.yml +++ b/roles/docker/tasks/pre_deploy/writefreely.yml @@ -3,6 +3,15 @@ - name: Create subfolder for MariaDB data file: name: "{{ services.writefreely.volume_folder }}/db" + owner: "999" + group: "999" + state: directory + +- name: Create subfolder for encryption keys + file: + name: "{{ services.writefreely.volume_folder }}/keys" + owner: "2" + group: "2" state: directory - name: Upload config.ini diff --git a/roles/docker/templates/compose-files/writefreely.yml.j2 b/roles/docker/templates/compose-files/writefreely.yml.j2 index 1801b70..204740e 100644 --- a/roles/docker/templates/compose-files/writefreely.yml.j2 +++ b/roles/docker/templates/compose-files/writefreely.yml.j2 @@ -3,21 +3,22 @@ version: "3.8" services: db: - image: "mariadb:{{ services.writefreely.mariadb_version }}" + image: mariadb:{{ services.writefreely.mariadb_version }} restart: unless-stopped volumes: - "./db:/var/lib/mysql" environment: - - MYSQL_DATABASE=writefreely - - MYSQL_ROOT_PASSWORD={{ writefreely_secrets.db_password }} + MYSQL_DATABASE: writefreely + MYSQL_ROOT_PASSWORD: {{ writefreely_secrets.db_password }} app: - image: "writeas/writefreely:{{ services.writefreely.version }}" + image: ghcr.io/writefreely/writefreely:{{ services.writefreely.version }} restart: unless-stopped networks: - default - external_services volumes: + - "./keys:/go/keys" - "./config.ini:/go/config.ini" environment: VIRTUAL_HOST: "{{ services.writefreely.domain }}" From 54a63ca069d228a03dd711451d89ab315f7ea869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Sun, 11 Feb 2024 14:50:21 +0100 Subject: [PATCH 52/74] Add uptime kuma as a service we can deploy to a different host for monitoring. --- roles/docker/files/vhost/uptime_kuma | 4 +++ roles/docker/tasks/pre_deploy/uptime_kuma.yml | 9 ++++++ .../compose-files/uptime_kuma.yml.j2 | 23 +++++++++++++ roles/ubuntu_base/tasks/base.yml | 2 +- roles/ubuntu_base/tasks/main.yml | 3 +- uptime.data.coop.yml | 32 +++++++++++++++++++ 6 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 roles/docker/files/vhost/uptime_kuma create mode 100644 roles/docker/tasks/pre_deploy/uptime_kuma.yml create mode 100644 roles/docker/templates/compose-files/uptime_kuma.yml.j2 create mode 100644 uptime.data.coop.yml diff --git a/roles/docker/files/vhost/uptime_kuma b/roles/docker/files/vhost/uptime_kuma new file mode 100644 index 0000000..2cff0be --- /dev/null +++ b/roles/docker/files/vhost/uptime_kuma @@ -0,0 +1,4 @@ +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header Host $host; \ No newline at end of file diff --git a/roles/docker/tasks/pre_deploy/uptime_kuma.yml b/roles/docker/tasks/pre_deploy/uptime_kuma.yml new file mode 100644 index 0000000..f153e0e --- /dev/null +++ b/roles/docker/tasks/pre_deploy/uptime_kuma.yml @@ -0,0 +1,9 @@ +- name: Upload vhost config for uptime domain + copy: + src: vhost/uptime_kuma + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.domain }}_location" + +- name: Upload vhost config for status domain + copy: + src: vhost/uptime_kuma + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.status_domain }}_location" diff --git a/roles/docker/templates/compose-files/uptime_kuma.yml.j2 b/roles/docker/templates/compose-files/uptime_kuma.yml.j2 new file mode 100644 index 0000000..3d737b8 --- /dev/null +++ b/roles/docker/templates/compose-files/uptime_kuma.yml.j2 @@ -0,0 +1,23 @@ +# Simple docker-compose.yml +# You can change your port or volume location + +version: '3.3' + +services: + uptime-kuma: + image: "louislam/uptime-kuma:{{ services.uptime_kuma.version }}" + restart: always + container_name: uptime-kuma + networks: + - external_services + volumes: + - "./uptime-kuma-data:/app/data" + environment: + VIRTUAL_HOST: "{{ services.uptime_kuma.domain }},{{ services.uptime_kuma.status_domain }}" + LETSENCRYPT_HOST: "{{ services.uptime_kuma.domain }},{{ services.uptime_kuma.status_domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + + +networks: + external_services: + external: true \ No newline at end of file diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index f53f924..733270d 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -14,4 +14,4 @@ - name: Install Dell OpenManage apt: name: srvadmin-all - when: not vagrant + when: not vagrant and not skip_dell_apt_repo diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index e6a1f15..cc40345 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -2,10 +2,11 @@ --- - import_tasks: ssh-port.yml tags: [change-ssh-port] + when: not do_not_change_ssh_port - import_tasks: dell-apt-repo.yml tags: [setup-dell-apt-repo] - when: not vagrant + when: not skip_dell_apt_repo and not vagrant - import_tasks: upgrade.yml tags: [do-full-system-upgrade] diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml new file mode 100644 index 0000000..2eee6ae --- /dev/null +++ b/uptime.data.coop.yml @@ -0,0 +1,32 @@ +# vim: ft=yaml.ansible +--- +- hosts: all + gather_facts: true + become: true + vars: + base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" + letsencrypt_enabled: true + letsencrypt_email: "admin@{{ base_domain }}" + services: + nginx_proxy: + volume_folder: "{{ volume_root_folder }}/nginx" + pre_deploy_tasks: true + version: "1.3-alpine" + acme_companion_version: "2.2" + uptime_kuma: + domain: "uptime.{{ base_domain }}" + status_domain: "status.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/uptime_kuma" + pre_deploy_tasks: true + version: "latest" + do_not_change_ssh_port: true + skip_dell_apt_repo: true + vagrant: false + + tasks: + - import_role: + name: ubuntu_base + tags: + - base_only + - import_role: + name: docker From 542268ffc600a0a6da10f123180b54ca3682f543 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Wed, 14 Feb 2024 20:43:05 +0100 Subject: [PATCH 53/74] Bump mastodon to 4.2.6. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 457b302..f74c51c 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -176,7 +176,7 @@ services: volume_folder: "{{ volume_root_folder }}/mastodon" pre_deploy_tasks: true post_deploy_tasks: true - version: v4.2.5 + version: v4.2.6 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 26b98681fc17144abf09c6775eedbc35f55c0714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Fri, 16 Feb 2024 15:35:12 +0100 Subject: [PATCH 54/74] Bump mastodon to 4.2.7. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index f74c51c..f1f660d 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -176,7 +176,7 @@ services: volume_folder: "{{ volume_root_folder }}/mastodon" pre_deploy_tasks: true post_deploy_tasks: true - version: v4.2.6 + version: v4.2.7 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 7aae344da0515d1fd0c574dbf22db3adc23a3136 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 18 Feb 2024 17:18:54 +0100 Subject: [PATCH 55/74] Don't specify service settings twice --- playbook.yml | 3 +++ roles/docker/defaults/main.yml | 13 +++++++++++-- roles/docker/tasks/services.yml | 10 +++++++--- uptime.data.coop.yml | 15 +++------------ 4 files changed, 24 insertions(+), 17 deletions(-) diff --git a/playbook.yml b/playbook.yml index de51a46..df74f98 100644 --- a/playbook.yml +++ b/playbook.yml @@ -15,6 +15,9 @@ smtp_host: "postfix" smtp_port: "587" + services_exclude: + - uptime_kuma + tasks: - import_role: name: ubuntu_base diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 457b302..a3128a0 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -4,7 +4,6 @@ volume_root_folder: "/docker-volumes" volume_website_folder: "{{ volume_root_folder }}/websites" services: - ### Internal services ### postfix: domain: "smtp.{{ base_domain }}" @@ -62,7 +61,6 @@ services: version: "2" ### External services ### - nextcloud: domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" @@ -208,3 +206,14 @@ services: watchtower: volume_folder: "{{ volume_root_folder }}/watchtower" version: "1.5.3" + + ### Uptime monitoring ### + uptime_kuma: + domain: "uptime.{{ base_domain }}" + status_domain: "status.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/uptime_kuma" + pre_deploy_tasks: true + version: "latest" + +services_exclude: [] +services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}" diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 676335c..2c7276f 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -8,8 +8,10 @@ include_tasks: file: block.yml vars: - service: "{{ item }}" - loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" + service: + name: "{{ item }}" + vars: "{{ services[item] }}" + loop: "{{ services_include }}" when: single_service is not defined and (item.vars.disabled_in_vagrant is not defined or not (item.vars.disabled_in_vagrant and vagrant)) @@ -18,7 +20,9 @@ include_tasks: file: block.yml vars: - service: "{{ {single_service: services[single_service]} | dict2items(key_name='name', value_name='vars') | join }}" + service: + name: "{{ single_service }}" + vars: "{{ services[single_service] }}" when: single_service is defined and single_service in services and (services[single_service].disabled_in_vagrant is not defined or not (services[single_service].disabled_in_vagrant and vagrant)) diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml index 2eee6ae..e54e21c 100644 --- a/uptime.data.coop.yml +++ b/uptime.data.coop.yml @@ -7,18 +7,9 @@ base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" letsencrypt_enabled: true letsencrypt_email: "admin@{{ base_domain }}" - services: - nginx_proxy: - volume_folder: "{{ volume_root_folder }}/nginx" - pre_deploy_tasks: true - version: "1.3-alpine" - acme_companion_version: "2.2" - uptime_kuma: - domain: "uptime.{{ base_domain }}" - status_domain: "status.{{ base_domain }}" - volume_folder: "{{ volume_root_folder }}/uptime_kuma" - pre_deploy_tasks: true - version: "latest" + services_include: + - nginx_proxy + - uptime_kuma do_not_change_ssh_port: true skip_dell_apt_repo: true vagrant: false From d05a504e619467a5f5824d3eb7cc416bc99a1ff4 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 18 Feb 2024 17:27:52 +0100 Subject: [PATCH 56/74] Move vars around --- uptime.data.coop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml index e54e21c..993f3e9 100644 --- a/uptime.data.coop.yml +++ b/uptime.data.coop.yml @@ -4,6 +4,7 @@ gather_facts: true become: true vars: + vagrant: false base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}" letsencrypt_enabled: true letsencrypt_email: "admin@{{ base_domain }}" @@ -12,7 +13,6 @@ - uptime_kuma do_not_change_ssh_port: true skip_dell_apt_repo: true - vagrant: false tasks: - import_role: From 590597b137a1f2384c0d8d2aba04087cb8642734 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Wed, 21 Feb 2024 11:23:29 +0100 Subject: [PATCH 57/74] Forgejo SMTP_ADDR was split into ditto + SMTP_PORT And the default SMTP_PORT is 25 while we use 587 => mail notifications broke --- roles/docker/templates/compose-files/forgejo.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/docker/templates/compose-files/forgejo.yml.j2 b/roles/docker/templates/compose-files/forgejo.yml.j2 index 530b463..f4b9626 100644 --- a/roles/docker/templates/compose-files/forgejo.yml.j2 +++ b/roles/docker/templates/compose-files/forgejo.yml.j2 @@ -22,7 +22,8 @@ services: FORGEJO__mailer__ENABLED: true FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }} FORGEJO__mailer__PROTOCOL: smtp - FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}" + FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}" + FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}" FORGEJO__security__LOGIN_REMEMBER_DAYS: "60" FORGEJO__security__PASSWORD_COMPLEXITY: off FORGEJO__security__MIN_PASSWORD_LENGTH: "8" From 4c65521447b738ab3d7516f6541cc28c07f8eea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Wed, 21 Feb 2024 13:36:31 +0100 Subject: [PATCH 58/74] Mastodon: Fix container name for crontab cleanup jobs --- roles/docker/tasks/post_deploy/mastodon.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/docker/tasks/post_deploy/mastodon.yml b/roles/docker/tasks/post_deploy/mastodon.yml index 790e2d8..06c3bdd 100644 --- a/roles/docker/tasks/post_deploy/mastodon.yml +++ b/roles/docker/tasks/post_deploy/mastodon.yml @@ -4,7 +4,7 @@ cron: name: Clean Mastodon media data older than a week cron_file: ansible_mastodon_clean_media - job: docker exec mastodon_web_1 tootctl media remove --days 7 + job: docker exec mastodon-web-1 tootctl media remove --days 7 special_time: daily user: root state: present @@ -13,7 +13,7 @@ cron: name: Clean Mastodon preview card data older than two weeks cron_file: ansible_mastodon_clean_preview_cards - job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14 + job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14 special_time: daily user: root state: present From 241d63494fd5676d88151e5a5a7a0aab1597782a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Wed, 21 Feb 2024 14:26:28 +0100 Subject: [PATCH 59/74] Upgrade forgejo to 1.21. Closes #201. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index f1f660d..e70d56f 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -75,7 +75,7 @@ services: forgejo: domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" - version: "1.20" + version: "1.21" allowed_sender_domain: true passit: From 266f990d1a025ce0df2b6676a1a013138f44faed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Thu, 22 Feb 2024 20:44:55 +0100 Subject: [PATCH 60/74] Pin forgejo to 1.21.6-0. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index e70d56f..b4b9cd1 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -75,7 +75,7 @@ services: forgejo: domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" - version: "1.21" + version: "1.21.6-0" allowed_sender_domain: true passit: From f792bf3dd16b38114cfed30eac262ebcf62b21bf Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 29 Feb 2024 20:45:59 +0100 Subject: [PATCH 61/74] Fixes and add Watchtower to Uptime Kuma instance --- datacoop_hosts | 6 ++++-- playbook.yml | 2 +- roles/docker/templates/compose-files/uptime_kuma.yml.j2 | 4 +--- uptime.data.coop.yml | 3 ++- vagrant_host | 1 + 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/datacoop_hosts b/datacoop_hosts index 4fe371b..5b8c106 100644 --- a/datacoop_hosts +++ b/datacoop_hosts @@ -1,3 +1,5 @@ -###################################### -### All hosts +[production] hevonen.servers.data.coop ansible_port=19022 ansible_python_interpreter=/usr/bin/python3 + +[monitoring] +uptime.data.coop ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index df74f98..71b78eb 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,6 +1,6 @@ # vim: ft=yaml.ansible --- -- hosts: all +- hosts: production gather_facts: true become: true vars: diff --git a/roles/docker/templates/compose-files/uptime_kuma.yml.j2 b/roles/docker/templates/compose-files/uptime_kuma.yml.j2 index 3d737b8..0096d6f 100644 --- a/roles/docker/templates/compose-files/uptime_kuma.yml.j2 +++ b/roles/docker/templates/compose-files/uptime_kuma.yml.j2 @@ -1,6 +1,4 @@ -# Simple docker-compose.yml -# You can change your port or volume location - +# vim: ft=yaml.docker-compose version: '3.3' services: diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml index 993f3e9..714d469 100644 --- a/uptime.data.coop.yml +++ b/uptime.data.coop.yml @@ -1,6 +1,6 @@ # vim: ft=yaml.ansible --- -- hosts: all +- hosts: monitoring gather_facts: true become: true vars: @@ -11,6 +11,7 @@ services_include: - nginx_proxy - uptime_kuma + - watchtower do_not_change_ssh_port: true skip_dell_apt_repo: true diff --git a/vagrant_host b/vagrant_host index e247254..c49d9be 100644 --- a/vagrant_host +++ b/vagrant_host @@ -1 +1,2 @@ +[production] localhost ansible_port=19022 From 1b68766cd6cb4ff0e2bc1732e1379ba00ac2c392 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Fri, 1 Mar 2024 20:53:08 +0100 Subject: [PATCH 62/74] Improv --- .gitignore | 2 +- ansible.cfg | 6 +++++- datacoop_hosts | 4 ++-- deploy.sh | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6a544c3..f5f456e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -playbook.retry +*.retry *.sw* .vagrant/ *.log diff --git a/ansible.cfg b/ansible.cfg index 42063be..5f6cbac 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,4 +1,8 @@ [defaults] -remote_user = root +ask_vault_pass = True inventory = datacoop_hosts +interpreter_python = /usr/bin/python3 +remote_user = root +retry_files_enabled = True use_persistent_connections = True +forks = 10 diff --git a/datacoop_hosts b/datacoop_hosts index 5b8c106..3892265 100644 --- a/datacoop_hosts +++ b/datacoop_hosts @@ -1,5 +1,5 @@ [production] -hevonen.servers.data.coop ansible_port=19022 ansible_python_interpreter=/usr/bin/python3 +hevonen.servers.data.coop ansible_port=19022 [monitoring] -uptime.data.coop ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file +uptime.data.coop diff --git a/deploy.sh b/deploy.sh index 429e338..ba74d6f 100755 --- a/deploy.sh +++ b/deploy.sh @@ -9,7 +9,7 @@ usage () { } >&2 } -BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass" +BASE_CMD="ansible-playbook playbook.yml" if [ "$1" = "--vagrant" ]; then BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host" From 6982d0feaae84d110dac84b2c745baeaadda9d53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Sun, 3 Mar 2024 21:17:48 +0100 Subject: [PATCH 63/74] Restic: send an email on backup failure --- roles/docker/defaults/main.yml | 4 ++++ roles/docker/tasks/pre_deploy/restic.yml | 16 ++++++++++++++++ .../docker/templates/compose-files/restic.yml.j2 | 9 +++++++++ roles/docker/templates/restic/failure.sh.j2 | 14 ++++++++++++++ 4 files changed, 43 insertions(+) create mode 100644 roles/docker/templates/restic/failure.sh.j2 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 4ba6a88..dcb58b2 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -50,6 +50,10 @@ services: repository: restic version: "1.7.0" disabled_in_vagrant: true + # mail dance + domain: "noreply.{{ base_domain }}" + allowed_sender_domain: true + mail-from: "noreply@noreply.{{ base_domain }}" docker_registry: domain: "docker.{{ base_domain }}" diff --git a/roles/docker/tasks/pre_deploy/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml index 8a147d7..1c32e90 100644 --- a/roles/docker/tasks/pre_deploy/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -46,3 +46,19 @@ owner: root group: root mode: '0600' + +- name: Create scripts directory + file: + path: "{{ services.restic.volume_folder }}/scripts" + owner: root + group: root + mode: '0755' + state: directory + +- name: Upload failure.sh script + template: + src: restic/failure.sh.j2 + dest: "{{ services.restic.volume_folder }}/scripts/failure.sh" + owner: root + group: root + mode: '0755' diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 index 333a7e5..b69571e 100644 --- a/roles/docker/templates/compose-files/restic.yml.j2 +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -15,6 +15,7 @@ services: --tag datacoop-volumes --exclude '*.tmp' --exclude '/mnt/volumes/mastodon/mastodon_data/cache/' + --exclude '/mnt/volumes/restic/' --verbose RESTIC_FORGET_ARGS: >- --keep-last 10 @@ -22,9 +23,13 @@ services: --keep-weekly 5 --keep-monthly 12 TZ: Europe/Copenhagen + POST_COMMANDS_FAILURE=/run/libexec/failure.sh volumes: - "./ssh:/run/secrets/.ssh:ro" + - "./scripts:/run/libexec:ro" - "/docker-volumes:/mnt/volumes:ro" + networks: + - postfix prune: image: mazzolino/restic:{{ services.restic.version }} @@ -36,3 +41,7 @@ services: TZ: Europe/copenhagen volumes: - "./ssh:/run/secrets/.ssh:ro" + +networks: + postfix: + external: true diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/docker/templates/restic/failure.sh.j2 new file mode 100644 index 0000000..5f8411d --- /dev/null +++ b/roles/docker/templates/restic/failure.sh.j2 @@ -0,0 +1,14 @@ +#!/bin/sh +curl smtp://postfix --mail-from {{ services.restic.mail-from }} --mail-rcpt admin-hold@data.coop --upload-file . << END_OF_MAIL +From: Restic backup <{{ services.restic.mail-from }}> +To: admin-hold@data.coop +Subject: Restic backup failed +Date: $(date) + +Dear sir or madam, + +Tonight's backup failed! + +Best, +Your backup software. +END_OF_MAIL From 9fb16d3a69a709179a5fc30bede2e6e61b1a87a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Mon, 4 Mar 2024 09:20:04 +0100 Subject: [PATCH 64/74] Address comments by @samsapti We need to use ':' instead of '=' in yaml for environment variable bindings. Spurious tab where it should be all spaces Rename variable mail-from to mail_from to align with existing code style Nit: change email addresses --- roles/docker/defaults/main.yml | 2 +- roles/docker/templates/compose-files/restic.yml.j2 | 4 ++-- roles/docker/templates/restic/failure.sh.j2 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index dcb58b2..d181a8b 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -53,7 +53,7 @@ services: # mail dance domain: "noreply.{{ base_domain }}" allowed_sender_domain: true - mail-from: "noreply@noreply.{{ base_domain }}" + mail_from: "backup@noreply.{{ base_domain }}" docker_registry: domain: "docker.{{ base_domain }}" diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 index b69571e..ce3c101 100644 --- a/roles/docker/templates/compose-files/restic.yml.j2 +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -15,7 +15,7 @@ services: --tag datacoop-volumes --exclude '*.tmp' --exclude '/mnt/volumes/mastodon/mastodon_data/cache/' - --exclude '/mnt/volumes/restic/' + --exclude '/mnt/volumes/restic/' --verbose RESTIC_FORGET_ARGS: >- --keep-last 10 @@ -23,7 +23,7 @@ services: --keep-weekly 5 --keep-monthly 12 TZ: Europe/Copenhagen - POST_COMMANDS_FAILURE=/run/libexec/failure.sh + POST_COMMANDS_FAILURE: /run/libexec/failure.sh volumes: - "./ssh:/run/secrets/.ssh:ro" - "./scripts:/run/libexec:ro" diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/docker/templates/restic/failure.sh.j2 index 5f8411d..e0d49ef 100644 --- a/roles/docker/templates/restic/failure.sh.j2 +++ b/roles/docker/templates/restic/failure.sh.j2 @@ -1,5 +1,5 @@ #!/bin/sh -curl smtp://postfix --mail-from {{ services.restic.mail-from }} --mail-rcpt admin-hold@data.coop --upload-file . << END_OF_MAIL +curl smtp://postfix --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL From: Restic backup <{{ services.restic.mail-from }}> To: admin-hold@data.coop Subject: Restic backup failed From ac64706fcb29182447f580c5563dc47bd52d7021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Mon, 4 Mar 2024 12:48:51 +0100 Subject: [PATCH 65/74] . --- roles/docker/templates/restic/failure.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/docker/templates/restic/failure.sh.j2 index e0d49ef..42900e1 100644 --- a/roles/docker/templates/restic/failure.sh.j2 +++ b/roles/docker/templates/restic/failure.sh.j2 @@ -1,5 +1,5 @@ #!/bin/sh -curl smtp://postfix --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL +curl smtp://{{ smtp_host }} --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL From: Restic backup <{{ services.restic.mail-from }}> To: admin-hold@data.coop Subject: Restic backup failed From ae497f0284eedb30da23247db9a4301a87249213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Mon, 4 Mar 2024 13:30:58 +0100 Subject: [PATCH 66/74] . --- roles/docker/templates/restic/failure.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/docker/templates/restic/failure.sh.j2 index 42900e1..45da29f 100644 --- a/roles/docker/templates/restic/failure.sh.j2 +++ b/roles/docker/templates/restic/failure.sh.j2 @@ -1,6 +1,6 @@ #!/bin/sh curl smtp://{{ smtp_host }} --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL -From: Restic backup <{{ services.restic.mail-from }}> +From: Restic backup <{{ services.restic.mail_from }}> To: admin-hold@data.coop Subject: Restic backup failed Date: $(date) From d468e49830e1f3cf4f396fd00f9df2917ac70d66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Mon, 4 Mar 2024 14:15:52 +0100 Subject: [PATCH 67/74] . --- roles/docker/templates/restic/failure.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/docker/templates/restic/failure.sh.j2 index 45da29f..757f4ed 100644 --- a/roles/docker/templates/restic/failure.sh.j2 +++ b/roles/docker/templates/restic/failure.sh.j2 @@ -1,7 +1,7 @@ #!/bin/sh curl smtp://{{ smtp_host }} --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL From: Restic backup <{{ services.restic.mail_from }}> -To: admin-hold@data.coop +To: admin@data.coop Subject: Restic backup failed Date: $(date) From 4f129168c66fce3cbfb8c88ef7830a8bb15b9ff1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Tue, 5 Mar 2024 09:55:04 +0100 Subject: [PATCH 68/74] Add uptime-kuma push url for restic --- group_vars/all/secrets.yml | 334 +++++++++--------- group_vars/all/secrets.yml.contents | 1 + roles/docker/tasks/pre_deploy/restic.yml | 8 + .../templates/compose-files/restic.yml.j2 | 1 + roles/docker/templates/restic/success.sh.j2 | 2 + 5 files changed, 181 insertions(+), 165 deletions(-) create mode 100644 roles/docker/templates/restic/success.sh.j2 diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index c35ade9..6d8e999 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,166 +1,170 @@ $ANSIBLE_VAULT;1.1;AES256 -64633439653739323864356533633331313134343730623162373736323137326339626162396330 -3636653431343664626638396438383733666139613531320a633836653331366134333338373939 -63643838623766623231393736316438643439383335336338303739316663383630306632623334 -6131303830653230630a623666363464643336343463656630613139643534623462363634656630 -62663865333762626334633164303230656433316361366462656235326430633138313963336638 -63626430396231303432663663366330303930313463663434633965396538623138383633646566 -30336232343137366535363233383536303931323034346134306165666661623063376435336637 -33383965643066363433646235383834656235373030356336646461386330366666353135396133 -33646661633239313630373835633131393662666365366162376335346533306462326233383933 -64633162623833363665343232636430393964306431663233376666343037333437313261376266 -63643631656436373232323931383136613366376335336436663032613662646262303236663231 -33343039646131653766663364323430356538343331373464663937613032343338313362306339 -35386462316561326431313365313765623938656635613135373331313630666339653464616665 -39643335376239633661616532333432313638666539666136623931653331656538383066383162 -35366530306264646365303439656235393634653234643636303066396434326232666664326339 -39656236356363336436646232616330393238613261333630373034343038353039626666333665 -33373661383566663133316334636235633337653862326430396361623737376562616132353865 -36643236666531643633623866626536363933393261616336336332393461346563643163333161 -34386461343965353064663332626635626238316664366466323634303964613630316662323430 -33393630303965383365346366323864383239393766383231636461373034636162653036626235 -33656333636566326633353365333131383761363163353331663931376333633135633431626334 -36386330333465336134383962363463636637356262623966386132653434393537343863623332 -31376238396536613935306265393663626538633539396262353562393337326139623333656463 -63666130353566373766643565333364313534346161626439656465356435393933313535633836 -38616464636364363062613733666564343633393131613239346361613365326534323833646162 -61363265336161366334373162626435386437656330383034653939663262396138323834343962 -33323061623734663231393633613531646331333635633462626363373731663437373539353032 -37643031616335633130616634313861303239313032656430373438333165376131643338666263 -33663165626364313963356639333132663863313436326438313266656437366333353764383535 -62323862613330643264613939633534393361383264313565333131666265346462393636356139 -64396462346633623037353865316431636335306331343535336663383265623033666566333065 -31303565386636393039646166383464646131656666386565353663316532303864396463373262 -35613436396635376539383838616439313663636237386331643961353066363932396632613434 -34643064626230383038306365393962366132633034316662646164313537626437656265613564 -39383866626661623266383734333137353135623166636336356332343237356563353333613234 -64353439366237313263353338353436323664363865643464363563616230373931663630326163 -66653466316536636461656161386665646165646463623934323931333963353735353930663161 -35353331663931326337333161396534363066633962303339633463623165363539393035313261 -33316665633464376232663363373233663234643236386631333330386362386464663732636539 -61656465303437633162393862643565343039656261316265663834343130353638333066343564 -65366430336435626237303565373637386137656137363161646334623733363130343732626333 -30316236633732623035663562313464356239393264646631366631623763396461333538653436 -61366336373761383038353062353661633065653663323837303430346633623861333635643762 -34633635376137366233353636303934333337333062643766383636666266386565323836386364 -63666330303239366435373532653730303136376162613261306638626338346633356236386230 -64343832373338363837663735633462336637396437623131303965353838646361323336613366 -30346262353831663061376137356334643238303264326332316236323133383136396437306138 -36346364363030656137316563636564663539303435623733653263643337333336306537636138 -32303139666661343839346137346163616562626636306437666662386632636262616264376561 -64396434633035653739643162393138643631653738653138393136663361313036643830343730 -61383661303439656636343461373033363366616461636665376664393937333633303664626432 -62653963623130326539646134633436386332663037303932623731383363336433643736366538 -39333238373664333237373333343534643264386636643133306232643037343062646132626133 -38316462636434653039333364653966313766383536346435626238376139306139663636316433 -31613933636530653631643432626530346238633539396666393463636263633165373435346262 -34336632386539373635636232363765366565373236323536633461386361636631346539373462 -64396639653666326464656261383466383834663735353931666466663862346665303030346366 -33653732306636626262373166623038623464346339636534363035383030623265323337366166 -33663839366364663638656138626333343737613635396338626634363761383538336135353361 -38393333626364613562663934666466663662303130363133306662306132383566636264313066 -31343133373766333265303161313230316465396337393339663133656631353037316634313935 -62393130343333353964623934636532313361323434663966616138376438363339323264393334 -61646630383565326335613063313732333737393336366630393936303333643435646663663035 -61346165353834386631326236663566336662653935653234326464386634636239323635636465 -36333931306233623465346530363637383566666235636266313030656430626132663031623838 -33333737353466343461613832623431666132303238626163393036316461313939376262343234 -37393262656263616165356539623534373935346466393338353038363336633632646130323862 -63353935663736313435653361396636313634383234633033643230396230346365323734613532 -30366439333738313534373639623963653639656232323238383435653932666461373634343866 -32396437363832616630646333623732346234643139646262343765303330613361343361636538 -37393461366432323830373162333631633262386632326162636236303130383261306662666439 -61653936366162626438326235333433366665356432643634663531613536396132613866303338 -35636637383633353765346436636233613435316634353735363731366432613034373734646366 -35666466363935363766393963336231336237643266393630343563626531323266656561633539 -63626537333364616165646366353830386634646338366232333763323438306239626431636633 -33393336346161633736643662393261633434396262326638356161393161383966386232376465 -35353130613165383662393631353162346430336262356163336234313632323232336631393164 -37376135373430333332633662396630336537646638643063313864316266653763336432366565 -35616434363265373938336139373036323665323131356363643233333136336138393937393336 -61376237663265326133303664653466626137656432643065346661323037306661623262626331 -34316338323336636430376139633765643039323363656233306332613230613732343231396261 -39343564306237643236653634666437363438313334653137653530623835653533616638663833 -31333664353862376435373763316337336530616533643061316639663035316462393231343930 -39663161376338666366353237316330396134363465386563376332356333663164386662633935 -31373230613336633330623239383062646332313632313265353166376564326339356537366463 -64333862356366393233383033353031646565393036653730386536393733653530623065393833 -62613936343838383531393862353934366538643038333733663836333433383538643036323935 -36613837306564623733353230316563306638613362633664646466363064613832653938363538 -36346166313865313135343833313433643137633061373333633332643632356662666536373466 -65656265363562363238346136616561613230353466383539326435333565353462373234346139 -32663261396166393530613966626633333237343737373033626430643764306136386639373032 -38616562303439386137626435663266646465343839356431646663643964376536663665646537 -34663964393761616662326162353461653765383637356663316662333236326262646232316130 -35656437666263623263363862303131313263666162613136303632613334333836663562353566 -38306131376534663535636338396339626361633733303934333164383564663839666565386565 -34633537656462666161323737373861613664633039643039626634373935383733653933393364 -30303339346261656230313337386563656532316166343731346433386637616161626561346539 -30353263386463313466306234336564303031656534626436373439363863643062316561393533 -35393534376166613764323138366561383161303930646364336136363866633933653462356337 -30333563613536663436663263656463326134383562656631386133346462383934386436313065 -32663734326339343865636266393438356533653564336638363864313632326261653639623335 -34303036353162353336326238393938356662303234363439393163653566353637363339343530 -31383336653031373561386335646162303265343432303061663931616464366664386636303264 -33383632633462613765616166333736396438663066363833646136316635383435376534616566 -31336233316434343037636131383336646637393234663531393430333662653637306437656263 -62633761343964666462306236646362366135626330613462633538383864666538636365353166 -37623463323035643663633539363635326530636235353730393336383537363463643065373265 -39343231653165376633363435363633313039396163363635313133643062376436333265383065 -30653562633436616537316536303563313936326165313136396462326335633362353136623636 -36666235613864363230326534383536333635363865346338353035306464616232323263633264 -64353163376633363234346335643765333033396439613631383965643563386331303666326565 -34306366663234623861316231646439643237313361383534396361333963373130376439653133 -31393234316161333536323133313933643861663739363938366561643739646436346563333538 -39653164313063323738306262376236356138313463396539343061626365653834363432303734 -66626662643965306262383261333236396130333835316462396233323162656366646536653535 -35306230626131643466393862616361623839306435343230383834396230623830646531633238 -31633836313337653239373264653962313234353266353762656336633461653238633032336231 -61303162373830336138666563656633613837373630376165353365376564623566633932336535 -65356631363136666432626231626635323962653132663237316264663063306238666561363064 -61663235333966383765643338316164396336383233306334653361656363353536643836666365 -33353764326564316336643330353966376234643166393233316463373565656665663463303537 -38333437656564666135316462353261353265616534373535393865366337346238373862616336 -64336361373634663335633665343034653430346133323237313737333132383438666661376262 -64656233656631643432636133393864393266323934393961323862393233323531376439306164 -37653935333631353663326437383332386162656364643164333933376238306434663737383738 -33646562386638346335363766653762326130376436343562613739633763303565346661393532 -33383563346536363163383661393561626237326334306333663435666536383464643332643839 -35346362356534373162386163633462646362666562333036306461636564313665343039623863 -34623439623737653536376139306165396530333835643862323065336265306536383435323233 -34303861326236636663386438356166373830343635343365376562646662323062656638633430 -32636364636535626266386461376535313764393364623739656232363263386233376261636639 -64353637333436633934366661383565303661656634616265323439646435306237656461316363 -31633736353364633237623030643639383431666633383865633038653062353465663735633634 -34313134643531346463353263373837313030363664356165333964633039366363613463326534 -36663130366361373866343734623861343238313038663264306639353031643635373137303036 -66653834343862663064386562613031653334616337613239346331383239353062633961663131 -61643037313836336464333562386231343163363937323330303065666363306436323661373338 -61313265656663383732633432376537613231336534656537366237616363363162613861653438 -31666631653633323432396435623963333262353235656562336536343761623939303931653935 -35616363646639373838376365666539613436363638653132386539303732396461663562346534 -35616162343964666361373936303230383464343964356561303537366662366564373735353530 -31666537623661636638653865326233383635363466613033366662636562653864623262343739 -38383336333931646130343832323837366464626332653936393965653239316663386164623939 -32386438646463663861613366323330386638393736363466343063396462343762633231636632 -66353764643465616664636330613037653236316338396232633738373931303032643165666261 -35663561666536663438373430353933636438616531336162623366643364653736623865383366 -31373839363162313765343136383336636635626232353565666133393766383435633430343165 -66326535333061613934393466373562313431386465356665623034636630383765333133373234 -31663664363833643361666537333263666533646531656135363331366238663539366338393937 -66316562356662663165366532363837306230663336613464313938346331653732323033306338 -30333166313437626334303833373965306237373638326537643539653839336537613561643263 -30373561623332646336643038316437666366383664393330353262373465323066616536383431 -35306562623437623963316535663363613562376130663438633864643333653438323363613730 -66613130633663396434663336326237323830613362356336363035313666613662663464343334 -37303931353030383966326165383030353363646131653037663839643537633637323639313631 -63346230633138303530383737623561653039313264643831646538356432306534393531316430 -37306561646366663232393632303236636364343933643138326239363530316365653433316336 -65333933626664653762363535373965323233366663316538626631373262633631396264633164 -38353565316664386130653564363435343065353732646262323734353862613634373033336635 -30333838383239313532343535643238356232393561366162346336636432323133313632646638 -62653939633961623264333137646339343665666662613536666233643430343665383764653531 -39653037333831386538663032613264626439333035333539653865373837633465353839303763 -39323532323432633666396430366165386464343664373465383166616538373733306361656666 -39653530316666323166653430663565353231323736633466656362386461326135363062653565 -6637 +30613439636234396439623634656338666330643936373563656336323831353464353239353661 +6234316535383838653865643964353033623935313432630a666563316534343733363464396635 +34396664643137643136633837656432623633383361633336343562333039326538393034616637 +6634613631636433610a663835343739376534356133323163343132323233643135613333313132 +65373233666535366137343839363938303561653731633038376631386161653038613631396364 +33636131636536306134346336636332393436303063306262333430613137376438626133353963 +66396332363335333436623335613966323730616139353762656662386530356435623831656632 +30333363376132653362323339386437346134323232363336363461323332613962613131386264 +37383435653061653466613834346430656632626338316564656136666266353231363661666461 +32646461313365626232376536376463313531613861363462643062326538326234613332646430 +33383438613961623134343665383638346164653031363435656162306163653232353162343431 +38333239393332613466663231383932316330376535383466643233326134623530306361393639 +63386530643733393033646139613730313239313866343730643337393533366330373363353338 +62313739613531636166663135646262396334373538636634393534616337363337323630666261 +39643164363437653661633666376431303662396431633661663933343666613234326637636231 +38383537333532326636343366343564646630363838323162373339323365666262303836636232 +31343637616261636130656637393633383165353332346239323063646162306235313962363935 +64633639653261363563646664393630666564646165393736363562623231626634326163306630 +37613635306136643334616364303439323332666431386264623265323636623738303364396636 +37626161363466646166633434333265623236633033666562643264303662333363396631646638 +36626636363261313966393235313866353936323064343331626362306162323166323063656433 +63303762346330323031353034356162373433356436663134373930633634366330653233613139 +63363639343833616431633765613938623037323961623663336662666135313466303661316133 +39353664633036323031373862393530653433373062623233313965653735353566306538393439 +30366162663138326535346639393337393362366630343266643035353465663332333539613337 +30666666363134313239306231356663343166363137366636643931313039333732383833313036 +37393064396662623063613462336363386336393839313465323062646535373733326338353766 +31666639303836316266343764336462343765363930326338313635336633323662366238356264 +38613631313434383830333031643938393566633236383861633266326336653033663163336132 +61313132643062666434346333653234393865656463343363313636613364616361353561343739 +38313231333431303664323730626162613264343630356438336636373739653234336666646438 +37636437623336323461613063396137396533353265333034333435306666636261353933613232 +65363632383039666666323030323830333534376362326136313232393732613166303461383933 +62303166396533616538666566356238393265663163343264333664393936613066313665616137 +38613030623937633730646461666233333035323661363835313161613930336237396332623338 +30666166636662613130363430333436613532326437393730376536353963356633393736303065 +31393534646537323037316664313438643836386333613961663031383231663932633934656461 +62313163616635626131663961326438396439383432346337386261313330343330353637376330 +38346532396533326135303264613361663836646163623630323832653032396237353966663661 +36353365313962663832393333336138346335363832396535346336643565366465643565616638 +63616565356663623531323935393334326639626236353338643237343764366464666131393332 +64396665343535323339383434366133613235313866653663313639633930323864646536346232 +65316465643662376264373536393232326666663335316631376433343062646361376165363732 +66326165643163333737313139386461363431353239626236366238343035386663363435366464 +31633738336263633961306436613233303861633263343030336637373165663261316632663537 +31613636663163323365303038373134306264343831326264326261633834393366623061616262 +63393463333833393636666232626662643738653634306364326231343830633834643664353730 +37346131346263356539363630363230626364663161643064323538396131636633623866383939 +66346434323935353632633837363530663438636539616130633532346236343661633766383434 +34343339646662393030323661623665643432376365633435666333316439356631386234303062 +35346631656230346565323130333765663933373638303639363530373431343232393864656639 +33666433366131396464323137393239653531376662646235343962613639343831636261326265 +65663564613766313634653938316339306434663463623563316431633234323330623738646636 +37643535623664323433626561383462393033343232303838333930653366376536353765613036 +35663165623265616630373161336632646435613331373166303632373633313865386134636362 +61636134343839643735636461626663626237613262316564646339323933363864303935353834 +39396637646264633736366336616336643032313237653662646331383963366533373766356539 +35306165306534393463663332336430336635666135643561303935386635393838323865623162 +36323565616232353261303139623465646234313136383436376162376165303664613164356162 +33373237333666616135636231653637396330663930663962636161326664333261343737343735 +37313465396130653138613539376436373237343138636535626632326435383234326466363235 +34646663653038396630353637636166346261346233333632363361326536383634663433613564 +35633864343630333033613133626635313931333031643564396164393135346131343832363861 +61366664363838653438653137383933386233633836323332643531303936353237623734666135 +31356166613664636634336536343032646239643130346564303162356431346539646336323339 +61626236346535336638353134353838333434663838303730613363393365633739383563613434 +64336331306639323061386338656361653636353831346237373134346538623464343562393735 +39333764343139333133393233626564643266373034623764633835383561366265636632633937 +62343635343161363231653138613263313562366439316435633964396161343566316435303465 +39666236316339653839313333396264623636663561653932386638366366663933353761353162 +61343038383939396231346534336361306430373564353633653139306334623630343738636430 +66376631366662313131646130363530323232383535333163363466636262363461633232343532 +63626430336261353861633362396638643937623832386638626334663333363637393637373939 +64303039666432303535636265613564376139333331653336666563663238366639393366363334 +36303635633933333832396562373965653361303034653139643466656534326231383162336366 +31656138656539383539396462326134333331653131306537643962653762373035343235333233 +34373730623663346430303962653061623330653263393633383835663739663961326566323036 +30336365616532303362396230616531386639333636336332366335613935623836616134393033 +62653535396630383436393631396337336163323361663930323532633666663238333366383462 +36393261376262643336643761613731643032626632646332366661626331333233363436613937 +34653731666137313733653863396164323963383037353265373532303137623037343733616537 +66336433343334626536323639636139653931383466633833326234633332613431353432343561 +36626339656536383862623833633634356435393764316633353135326639623534366538313330 +62633333303266613630326330333336353264343937393864393239623664323366373565383334 +37383237376664643065383834633961366632643261343635336335353765353863323131653866 +31326531303461323736303730623638663863353939636437636231636437323730656463633733 +65383934343534383631363162363830386365313935663337366335326131393262353030663765 +30643665383332613030336439346332363135366232303166623534333637366133656437643231 +30306634636430643864363561316334383530613165326663326665613633636237353830393334 +62653333623563626131666166646335663334393662336337333836376631303631666136376332 +37316537356531346464623363653033306537636239633065646533643239653063613835363665 +30383139326465613864316533643033333430326230646334353364633138666532353736313265 +34623733613864646661353730666433613961643261346166303264386435643565373565323864 +61346465336231613865363263303034396439346163393534666439666437353266323565653032 +39386439646438313938356237643831643434666161383632316530356465616632313235643834 +33303865653836303632656663366465333331616634313863656438393838636631313364633637 +38646230643734393733663261326161376536643237626130353831363731306231313864613066 +34623239396362336639363163313161323065653461363563353631613730373830643133336464 +31336439636361363539383539323631303462633833353032373530333539336538363033383363 +32613733623839623938326165356237313165383366646233393933393965613363666532646434 +63316133613130313363303537366230646235663130313538333761633237383262316633366364 +65373664616237316534613831313966623939396331626334313430386638653461386334363939 +35333339643837666264356535643365353331393437313866643034663934336466336534343035 +61313837666662343363613962623462333935353837333336363839623466303534303837396634 +38656330666661356235626130303538666533666563323936633564383164633834353831306634 +36343836353464623962333362353133386563343831336463646635646263383832666232323736 +38613730316634373365343938623237356231643931303333366462373134383137366339613662 +62643832323734363635643634373066303366306366663036623139393761636533326130313336 +30316536396466383463393233363035393335343565323635333665346464366139626165636661 +39363066643437613537653836636363376532643038363063383234353066313737663061363334 +38306563613561663165623630366135303332636133343733343836383865613661393761333031 +62653162626461616564643138613737623632313739393962396439306133646138303936636435 +39393663653865363166316365376562353461633163353734343132343831386434653037323732 +36356162356336616330636630376438636165653439376137313934663939376639396266323962 +37383736333536653438363963316435326632393966383534326337303336386135616636363936 +35393331313938653830646332376631623763383439623633396433633739663038313264323835 +33373664313562366664363630316132643465363964383339363339656237323465626262306364 +33306133373065303135613235623262396365363634316365356364373561363762666235666430 +62336362643564313238363933623366396138646237336336623062326161326536323534326364 +39316162643966616436343737313434616230346237346237363962653033613930623462386431 +38343662356665383763633034393236613733643430313937326335356466376139653533333965 +39386138623134666132663837616637376362303561393133656139653438386363613965393661 +36343566643931393061373031343331336463643034383065383763663234373438383064303232 +64666236313935346237666466333562613935646163653331303661386138313739326538353935 +64323737323532663731353136336138633533386464616362333838396332323563353537613430 +33633631326238366166346437316638363161386562383630623466386564323266333033313461 +63666535363034613232346239636233623130393032353030363334333531646238373262323765 +61373739396162643661353031613663353531653836323730326166383463613330333966336233 +30386136346466336361303237303534373064353230653238363231633530613866663461643465 +30396266356164353063323432663561396564636231346534366661663766613634376235356637 +39313839616336666461313431326430333932623262333437386464636264373430653566386631 +64653866623662363864376663613136306165393863346533303634623936373835633864313462 +61333562646233303232623861366634383466633537383831626334356561353637663038643531 +39386635326366646134333231653737653630356135396634326537633232333166616161653136 +33393562383233656564356530386465623239386666313964343534343466616134373132636631 +39666365393063323838343963366339373434353839383039383238613133636237316365323861 +30626330643665626465666338353030653839383234393237623633646566376361646536353233 +31393235623561323765633835313139313538343761393064353632316335656231353930656437 +31313639313931636633333230653730666638373864326239333561393134356632623138366131 +65356462373336383039316131626562633330666363386631383663343838393435663538343934 +65386339626362623664393532386131303234633466363437383236616463343831353862323961 +39663835313234326137303965663963663761656531653437343234643634316565333762663139 +65393830633237623031303234636134633539316131396135616237316266333437633861303831 +62656630373763343366636635653033666630613533363365636261323661383364343161343439 +35626531346665656263643461306261376238353033343032353731373861333239333862653231 +31336562653133623163353230633331346237356534333534613161323462636639636662623435 +63633035336662376636623339326433393035646539626231363762643532323463316263393736 +62613038333733636362356636373331313661663830633433643039653233626261613739663836 +38643030313338383266323134326337323334343230623331386664333937316266623134336362 +61373037353664623863393233376264616438656332386130316361663665323135386463383763 +33303633356133353439393664363630336133306364363430393232326665393339323265383630 +31656463343064383837333630366465396633393465666235626330343937313630623039383465 +63326361663238653035613935343932623237396362643833313731323830313962616362613539 +32346165303930323739313837643933363863643937346561643930653530393636383036613235 +61376166386563643733333233343437623630323632643463353131386461663936313065313562 +31393032646262386634353436643466323731366631393136393433616332613036666163336635 +37303365633338613630656463663533653336666562653236336264303238383930383132346365 +35386662636439653930343738633265363635626132343030653462306431363234633635643537 +61666363346430653131623762666564313665653262386332396532646339383136383337353863 +38386632316632373338653535323335363265653563376330663239343861346563646366313039 +33306364623536346339393566326533633133393866303535326535306435626531346264616138 +34356231373561633337653663643566633632393330386564393966666365306565316135646163 +63366365383839343134303635376233343865663631633331333230616630366633396231333435 +30366137383238393139336433353764633038616238326136663636656132626538393565393130 +38653765326137393136386233383636383165613235373437353730306564643033306534386666 +61623538663537653166313264303533623162356134393333373732383535386261333535383039 +65613166666230336265366335323434636336663835323034373930393430363065376665666337 +35363265666130653830333536326433316639613638613730666139623137333736663535633032 +33363135376636636536623731323134343237393633333038393364376237386165 diff --git a/group_vars/all/secrets.yml.contents b/group_vars/all/secrets.yml.contents index 3989b32..accbc75 100644 --- a/group_vars/all/secrets.yml.contents +++ b/group_vars/all/secrets.yml.contents @@ -33,6 +33,7 @@ drone_secrets: restic_secrets: repository_password: xxx ssh_privkey: xxx + uptime_kuma_url: xxx matrix_secrets: registration_shared_secret: xxx diff --git a/roles/docker/tasks/pre_deploy/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml index 1c32e90..d756a91 100644 --- a/roles/docker/tasks/pre_deploy/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -62,3 +62,11 @@ owner: root group: root mode: '0755' + +-name: Upload success.sh script + template: + src: restic/success.sh.j2 + dest: "{{ services.restic.volume_folder }}/scripts/success.sh" + owner: root + group: root + mode: '0755' diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 index ce3c101..13dd9a7 100644 --- a/roles/docker/templates/compose-files/restic.yml.j2 +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -24,6 +24,7 @@ services: --keep-monthly 12 TZ: Europe/Copenhagen POST_COMMANDS_FAILURE: /run/libexec/failure.sh + POST_COMMANDS_SUCCESS: /run/libexec/success.sh volumes: - "./ssh:/run/secrets/.ssh:ro" - "./scripts:/run/libexec:ro" diff --git a/roles/docker/templates/restic/success.sh.j2 b/roles/docker/templates/restic/success.sh.j2 new file mode 100644 index 0000000..656f85d --- /dev/null +++ b/roles/docker/templates/restic/success.sh.j2 @@ -0,0 +1,2 @@ +#!/bin/sh +curl '{{ restic_secrets.uptime_kuma_url }}' From ce030b2dea4769a0941f4da875ea0e6b23334a9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Tue, 5 Mar 2024 09:57:55 +0100 Subject: [PATCH 69/74] Fixup yaml --- roles/docker/tasks/pre_deploy/restic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/pre_deploy/restic.yml b/roles/docker/tasks/pre_deploy/restic.yml index d756a91..23f01b2 100644 --- a/roles/docker/tasks/pre_deploy/restic.yml +++ b/roles/docker/tasks/pre_deploy/restic.yml @@ -63,7 +63,7 @@ group: root mode: '0755' --name: Upload success.sh script +- name: Upload success.sh script template: src: restic/success.sh.j2 dest: "{{ services.restic.volume_folder }}/scripts/success.sh" From e30f1d57d5f29e05cfd6572adaafa52231dd70be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Wed, 6 Mar 2024 13:32:50 +0100 Subject: [PATCH 70/74] Bump mastodon (deployed some time ago). --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index d181a8b..011191b 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -178,7 +178,7 @@ services: volume_folder: "{{ volume_root_folder }}/mastodon" pre_deploy_tasks: true post_deploy_tasks: true - version: v4.2.7 + version: v4.2.8 postgres_version: 14-alpine redis_version: 6-alpine allowed_sender_domain: true From 4112bb73b67f98b04b655611b81f7433bd1be63c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Wed, 6 Mar 2024 13:35:47 +0100 Subject: [PATCH 71/74] Bump forgejo to 1.21.7. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 011191b..a16ca25 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -77,7 +77,7 @@ services: forgejo: domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" - version: "1.21.6-0" + version: "1.21.7-0" allowed_sender_domain: true passit: From a0988aa05de376e379cc18174f3679f06754f54e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Wed, 6 Mar 2024 13:38:46 +0100 Subject: [PATCH 72/74] Rename variables to avoid name clash --- roles/docker/defaults/main.yml | 4 ++-- roles/docker/templates/compose-files/restic.yml.j2 | 4 ++-- roles/docker/templates/restic/ssh.config.j2 | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index a16ca25..c34b43b 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -44,8 +44,8 @@ services: restic: volume_folder: "{{ volume_root_folder }}/restic" pre_deploy_tasks: true - user: dc-user - domain: rynkeby.skovgaard.tel + remote_user: dc-user + remote_domain: rynkeby.skovgaard.tel host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo repository: restic version: "1.7.0" diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/docker/templates/compose-files/restic.yml.j2 index 13dd9a7..89027a3 100644 --- a/roles/docker/templates/compose-files/restic.yml.j2 +++ b/roles/docker/templates/compose-files/restic.yml.j2 @@ -8,7 +8,7 @@ services: environment: RUN_ON_STARTUP: false BACKUP_CRON: "0 30 3 * * *" - RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }} + RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }} RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" RESTIC_BACKUP_SOURCES: /mnt/volumes RESTIC_BACKUP_ARGS: >- @@ -37,7 +37,7 @@ services: environment: RUN_ON_STARTUP: false PRUNE_CRON: "0 30 4 * * *" - RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }} + RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }} RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" TZ: Europe/copenhagen volumes: diff --git a/roles/docker/templates/restic/ssh.config.j2 b/roles/docker/templates/restic/ssh.config.j2 index 1b6b024..98aa337 100644 --- a/roles/docker/templates/restic/ssh.config.j2 +++ b/roles/docker/templates/restic/ssh.config.j2 @@ -1,3 +1,3 @@ -Host {{ services.restic.domain }} +Host {{ services.restic.remote_domain }} ServerAliveInterval 60 ServerAliveCountMax 240 From 9a03f71252bcdca98768c22e21f2b9b54c70c231 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Fri, 8 Mar 2024 10:57:32 +0100 Subject: [PATCH 73/74] Fix another instance of domain=>remote_domain --- roles/docker/templates/restic/ssh.known_hosts.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/templates/restic/ssh.known_hosts.j2 b/roles/docker/templates/restic/ssh.known_hosts.j2 index 19ac263..daae188 100644 --- a/roles/docker/templates/restic/ssh.known_hosts.j2 +++ b/roles/docker/templates/restic/ssh.known_hosts.j2 @@ -1 +1 @@ -{{ services.restic.domain }} {{ services.restic.host_key }} +{{ services.restic.remote_domain }} {{ services.restic.host_key }} From 41116063a2bc4fab528a0fe2029c0ec2c860caee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Thu, 28 Mar 2024 14:33:06 +0100 Subject: [PATCH 74/74] Bump forgejo to 1.21.8. --- roles/docker/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index c34b43b..f84a4dc 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -77,7 +77,7 @@ services: forgejo: domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/forgejo" - version: "1.21.7-0" + version: "1.21.8-0" allowed_sender_domain: true passit: