Sam A.
b1c9113cb7
Fix git URL
2022-12-13 16:32:33 +01:00
Sam A.
76df6320a4
Upgrade Pinafore to v2.5.0
2022-12-13 16:30:43 +01:00
reynir
99f9615ef2
Use http git.data.coop endpoints for websites ( #139 )
...
Gitea is notoriously strict with its http smart git implementation. This required a few fixes in upstream ocaml-git. They are now released, and we don't have to use github or ssh-keys.
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #139
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-12-13 15:24:32 +00:00
Sam A.
3b8c475bb1
Fix vhost-www
2022-12-07 22:04:31 +01:00
Sam A.
019b646caa
Rename 2022_slides_website due to error
2022-12-07 21:57:36 +01:00
Sam A.
cf756ee881
Fix file source
2022-12-07 21:51:51 +01:00
Sam A.
000216d74d
Add vhost config for www.data.coop and move vhost-root copying task to data.coop.yml
2022-12-07 21:49:36 +01:00
Sam A.
cd03e98f10
Add missing services to defaults/main.yml
2022-12-07 21:37:54 +01:00
Sam A.
bbd6b6f8da
Upgrade Rallly
2022-12-06 18:18:41 +01:00
Sam A.
2c9c501562
Remove label from Pinafore
2022-12-06 18:06:31 +01:00
Sam A.
0dcc0a6d75
Merge branch 'main' into watchtower
2022-12-06 18:05:15 +01:00
reynir
51c8acc119
Add pinafore ( #135 )
...
I don't find any official docker images, so I set up a fork of the repo and build it with drone:
https://git.data.coop/data.coop/pinafore
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #135
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-12-05 15:37:18 +00:00
Víðir Valberg Guðmundsson
73bf2d41ba
Restart all mastodon containers instead of recreating them.
2022-12-04 22:55:00 +01:00
Sam A.
c4f3911400
Always recreate Mastodon containers ( #134 )
...
Fixes #133 .
Co-authored-by: Sam Al-Sapti <sam@sapti.me>
Reviewed-on: #134
Co-authored-by: Sam A. <samsapti@noreply@git.data.coop>
Co-committed-by: Sam A. <samsapti@noreply@git.data.coop>
2022-12-04 21:45:32 +00:00
Víðir Valberg Guðmundsson
759ea93dd3
Mastodon: Split sidekiq queues into different containers. Tune postgresql. Set threads and concurrency on web and streaming.
2022-12-02 23:35:36 +01:00
Sam A.
59dae865c5
Add missing file to codimd
2022-11-27 16:34:20 +01:00
reynir
e45eb02208
Don't hardcode domains ( #129 )
...
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #129
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-27 14:01:55 +00:00
Sam A.
a1e8203d55
Don't hardcode domains
2022-11-26 23:15:09 +01:00
Sam A.
ab1f170790
Opt out of Mailu statistics, and don't hardcode domains
2022-11-26 23:01:12 +01:00
Sam A.
f3fd5c7c74
Shorten Jinja2 filter in postfix.yml
2022-11-26 22:48:15 +01:00
Sam A.
e983499f9b
Use value_name='service' in setup services task
2022-11-26 22:13:51 +01:00
Sam A.
bb920407f3
Add depends_on conditions to Mastodon
2022-11-26 17:18:31 +01:00
Sam A.
1356aa54c8
Merge branch 'main' into watchtower
2022-11-26 16:49:53 +01:00
Sam A.
7962a75481
Remove thelounge.js
2022-11-26 16:38:32 +01:00
valberg
d15e7e562f
Collect versions and service information in docker/defaults/main.yml ( #125 )
2022-11-26 08:15:18 +00:00
Sam A.
e328c558cf
Rename Rallly's env_file to env_file.j2
2022-11-25 23:57:35 +01:00
Sam A.
44b5f91eef
Merge branch 'main' into watchtower
2022-11-25 22:12:47 +01:00
Sam A.
fa603b07d9
Upgrade HedgeDoc to 1.9.6
2022-11-25 22:04:38 +01:00
Sam A.
439a538c14
Lint
2022-11-25 21:41:37 +01:00
Sam A.
814a268965
Don't enable Restic Backup in Vagrant
2022-11-25 21:37:14 +01:00
Sam A.
5a63e8e1a8
Vagrant-based testing environment ( #111 )
...
Co-authored-by: Sam A. <samsapti@noreply@git.data.coop>
Co-committed-by: Sam A. <samsapti@noreply@git.data.coop>
2022-11-25 13:07:09 +00:00
Víðir Valberg Guðmundsson
124d8660db
Moved membersystem image.
2022-11-25 00:16:10 +01:00
Sam A.
74dfcfb5e8
Keycloak: avoid very long lines :(
2022-11-23 21:09:05 +01:00
Sam A.
221ddd987f
Upgrade Postfix to 3.5.1 and use Alpine-based image
2022-11-23 21:05:01 +01:00
Sam A.
687bff35e9
Pin netdata to v1
2022-11-23 21:00:48 +01:00
Sam A.
9261cb1952
Pin Keycoak to 20.0 (minor version)
2022-11-23 20:34:43 +01:00
Sam A.
1f61909605
Pin HedgeDoc to major version 1
...
From https://docs.hedgedoc.org/setup/getting-started/#upgrading-hedgedoc
> HedgeDoc follows [Semantic Versioning](https://semver.org/ ).
> This means that minor and patch releases should not introduce
> user-facing backwards-incompatible changes.
2022-11-23 20:16:36 +01:00
Sam A.
d9de1efc9a
Pin Gitea to 1.17 instead of 1.17.3
...
Gitea's "minor" version change seems to be the one that occasionally
introduces breaking changes, so let's not update that automatically.
Only keep the patch-releases automatically updated.
2022-11-23 20:02:30 +01:00
Sam A.
2fa5bf4982
Merge branch 'main' into watchtower
2022-11-23 19:51:58 +01:00
Víðir Valberg Guðmundsson
78b15ddcc4
Pin restic backup.
2022-11-22 23:13:01 +01:00
Víðir Valberg Guðmundsson
d6766e601a
Upgrade portainer to 2.16.2.
2022-11-22 22:52:23 +01:00
Víðir Valberg Guðmundsson
cbc209c381
Set keycloak path to the old path.
2022-11-22 22:52:08 +01:00
Víðir Valberg Guðmundsson
f040880c26
Pin rallly.
2022-11-22 22:47:22 +01:00
Víðir Valberg Guðmundsson
394e158c51
Make sure to always restart membersystem if it goes down.
2022-11-22 22:39:34 +01:00
Víðir Valberg Guðmundsson
14d97ee7a6
Upgrade keycloak to 20.0.1
2022-11-22 22:38:05 +01:00
Sam A.
fc7ca37b07
Make TCP the default allowed firewall protocol
...
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
2022-11-22 21:40:21 +01:00
Sam A.
71cc3e2241
Fix firewall ports format
2022-11-22 21:22:23 +01:00
Sam A.
d53c6d41dc
Merge pull request 'Firewall (UFW)' ( #107 ) from samsapti/ansible:main into main
...
Reviewed-on: #107
2022-11-22 20:05:00 +00:00
Sam A.
9852a42470
Upgrade Element to 1.11.8
2022-11-22 18:59:34 +01:00
Sam A.
efbdcc9a5a
Add missing postfix network to Nextcloud container
2022-11-22 17:45:13 +01:00
Sam A.
e0c0163aae
Add cron container to Nextcloud
2022-11-22 17:40:55 +01:00
Sam A.
fe4b3ede81
Add Redis memcache to Nextcloud
2022-11-22 17:15:59 +01:00
Sam A.
8180a736f7
Use Alpine-based nginx-proxy Docker image
2022-11-22 16:53:34 +01:00
reynir
728cffc453
Expose mastodon streaming api ( #124 )
...
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
Reviewed-on: #124
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-22 13:38:46 +00:00
Víðir Valberg Guðmundsson
31a73f48fb
Upgrade and pin nginx-proxy and acme-companion.
2022-11-22 14:37:31 +01:00
Víðir Valberg Guðmundsson
d467084fb7
Bump mastodon sidekiq threads to 32.
2022-11-22 09:36:36 +01:00
Sam A.
20b977eacb
Upgrade Nextcloud to version 25
2022-11-21 23:42:20 +01:00
Sam A.
e917636d05
Upgrade Nextcloud to 24
2022-11-21 23:37:07 +01:00
Sam A.
1ebfab5abf
Upgrade one major version at a time, 23 now
2022-11-21 23:31:22 +01:00
Sam A.
12effe5673
Upgrade Nextcloud to 25.x.x
2022-11-21 21:34:07 +01:00
Sam A.
c9ab9f0c66
Watchtower doesn't need external_services network
2022-11-19 18:20:10 +01:00
Sam A.
e5dcfea003
Pin Watchtower version
2022-11-19 18:19:43 +01:00
Sam A.
27b918b46b
Remove labels
2022-11-18 21:07:12 +01:00
Sam A.
5d26e1cdea
Fix mount point for Watchtower
...
The auth file created by the registry login task doesn't need to be
stored in a non-default path.
2022-11-18 20:58:22 +01:00
Sam A.
a4a06d8a58
Upgrade Watchtower and disable filter by enable label
2022-11-18 18:59:00 +01:00
Víðir Valberg Guðmundsson
2c9dce8600
Upgrade gitea to 1.17.3.
2022-11-17 20:50:38 +01:00
Víðir Valberg Guðmundsson
4bc69b49bb
Upgrade mastodon to 4.0.2
2022-11-17 20:40:59 +01:00
reynir
bcbe0a8285
Set up vhost for both {riot,element}.data.coop ( #121 )
...
A fix for #115 .
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #121
Co-authored-by: reynir <data.coop@reynir.dk>
Co-committed-by: reynir <data.coop@reynir.dk>
2022-11-16 19:13:45 +00:00
Reynir Björnsson
5a54eb6b1e
Flatten the list
2022-11-16 16:24:22 +01:00
Reynir Björnsson
c802777867
Add root keys for all users
...
And not just the last user.
2022-11-16 16:10:10 +01:00
Reynir Björnsson
a03263b1f5
riot/element: expose port 8080
...
nginx-proxy uses this information to determine if the (in nginx
parlance) server is up.
2022-11-16 13:45:58 +01:00
Sam A.
58dbf9ff22
Allow only TCP traffic on specified ports
2022-11-15 20:42:18 +01:00
Sam A.
ba44677cf3
Avoid conflicts with built-in function name keys
2022-11-15 20:28:34 +01:00
Sam A.
fc0c0c5036
Always update password and overwrite keys
2022-11-15 19:57:17 +01:00
Sam A.
5f718e1027
Add firewall setup with UFW
2022-11-12 19:41:55 +01:00
Reynir Björnsson
536441d24b
Fix 2022.slides, and use git.data.coop repo
...
The ocaml-git fix has been released, and don't call the container
new-new.data.coop_website D:
2022-11-12 19:30:38 +01:00
Sam A.
bf60417904
Fix FIDO2 authentication in Passit
2022-11-12 19:21:58 +01:00
Víðir Valberg Guðmundsson
0e7cc20bce
Update portainer to use the ee version.
2022-11-10 21:15:42 +01:00
Sam A.
cc2fab6ad7
Ports and domain fixes
2022-11-10 19:32:39 +01:00
Víðir Valberg Guðmundsson
a81862fd8b
Small fixes for rallly.
2022-11-09 20:58:32 +01:00
Víðir Valberg Guðmundsson
e85b119bfe
Small fixes to get rallly working.
2022-11-09 20:41:41 +01:00
Víðir Valberg Guðmundsson
dcb2e8be05
Upgrade mastodon to 3.5.3.
2022-11-09 20:29:31 +01:00
Sam A.
dc51b62872
Capitalization fix
2022-11-09 20:18:08 +01:00
Sam A.
dd6b29bccd
Add secrets and env file for Rally
2022-11-09 20:18:07 +01:00
Sam A.
f71d534afe
Add Rallly
2022-11-09 20:17:58 +01:00
Víðir Valberg Guðmundsson
b043b95353
Point backup at decibytes server.
2022-11-08 20:45:03 +01:00
Jesper Hess
74883a564d
Add handler to restart nginx container when adding nextcloud VHost config
2022-09-02 12:23:19 +02:00
Reynir Björnsson
f0979ec654
nextcloud: Raise upload limit to 1GB
2022-08-31 20:10:42 +02:00
Víðir Valberg Guðmundsson
73adef15f9
Fixing watchtower and membersystem.
2022-08-09 19:47:40 +02:00
Víðir Valberg Guðmundsson
9f3a6c67ff
Use latest tag for membersystem docker image.
2022-08-09 14:46:48 +02:00
Víðir Valberg Guðmundsson
e68145bc5e
Add membersystem to ansible.
2022-08-09 13:54:12 +02:00
Reynir Björnsson
326393aadb
Add 2022 slides
2022-08-07 13:28:38 +02:00
Víðir Valberg Guðmundsson
a6420830e4
Remove thelounge.
2022-07-23 15:48:49 +02:00
Víðir Valberg Guðmundsson
e806ffc3ad
Remove fider and tt-rss.
2022-07-23 15:46:30 +02:00
Víðir Valberg Guðmundsson
7b60ae1c28
Switch from ouroboros to watchtower. Close #82 .
2022-07-23 15:42:51 +02:00
reynir
09b05bf657
Add new-new.data.coop using unipi! ( #99 )
...
This exposes the contents of the git repository at https://git.data.coop/halfd/new-website using the MirageOS unikernel [unipi](https://github.com/roburio/unipi ).
Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Reviewed-on: #99
2022-07-23 12:46:26 +00:00
Reynir Björnsson
442bb4ad58
Add apt preferences file for dell repo
...
Deny all packages from dell repo that exist elsewhere
Fixes #95
2022-07-22 20:41:34 +02:00
Jesper Hess
a8287a712b
Add restart policy to OpenLDAP containers
2022-07-22 18:02:41 +00:00
Jesper Hess
ed9c742aed
Bump Synapse version -> 1.63.1 and Element -> 1.11.0
2022-07-22 18:02:06 +00:00
Jesper Hess
b07cf84dd3
Matrix: Workaround for incorrect db locale
...
Related to: #92
2022-07-22 15:14:01 +02:00
Jesper Hess
997779d627
Add Dell apt signing key
2022-07-22 12:37:39 +00:00
Jesper Hess
c6a3cb5150
move tags into main.yml instead
2022-07-22 12:37:39 +00:00
Jesper Hess
964a6c0793
Add some more useful ansible tags
...
- do-full-system-upgrade
- setup-users
- install-base-packages
2022-07-22 12:37:39 +00:00
Jesper Hess
70dff33044
Install Dell OpenManage
2022-07-22 12:37:39 +00:00
Jesper Hess
57f6e9ad4f
Add Dell OpenManage APT repo
2022-07-22 12:37:39 +00:00
Jesper Hess
515861c206
Fix config for default matrix server in element
...
Fixes : #88
2022-07-22 12:36:53 +00:00
Sam A.
2e3cd4c8b0
Update Docker image for nginx-proxy LE companion
2022-06-23 22:14:30 +02:00
Víðir Valberg Guðmundsson
1417c9dbf6
Upgrade gitea from 1.15.7 to 1.16.8.
2022-05-24 19:45:49 +02:00
valberg
40afe51998
Merge pull request 'gitea: require email confirmation on registration' ( #74 ) from gitea-require-email-confirmation into master
...
Reviewed-on: #74
2022-05-08 19:19:13 +00:00
Víðir Valberg Guðmundsson
29971520d5
Rename smtp hostname to smtp.data.coop.
2022-05-08 13:58:21 +02:00
Víðir Valberg Guðmundsson
e74753cab4
Mastodon!
2022-05-07 22:53:18 +02:00
Reynir Björnsson
0aeb0fef96
gitea: require email confirmation on registration
2022-04-07 14:35:21 +01:00
Reynir Björnsson
3791e1351a
Install mosh
2022-01-31 10:57:24 +00:00
Reynir Björnsson
5d745e0cde
Allow for multiple ssh keys
...
This required restructuring users.yml.
2022-01-28 13:15:14 +00:00
Reynir Björnsson
54a38114d6
gitea: Enable notify emails
2022-01-28 13:13:12 +00:00
benjaoming
17d4513b97
Add security and password policy customization
...
I need someone with a functional Docker setup to help test this :)
Tip from a new user that we are requiring stupid password stuff
https://www.bbc.com/news/technology-40875534
2022-01-24 09:53:59 +00:00
Reynir Björnsson
36534604c1
Add dummy user and pass
...
It seems perhaps it is required by gitea before it will enable email
2022-01-24 09:39:03 +00:00
Reynir Björnsson
d73cc9e28f
Gitea mail typo: smpt_port -> smtp_host
2022-01-24 09:25:44 +00:00
Reynir Björnsson
554024f2b2
Gitea mail: add crucial configuration
2022-01-24 09:19:54 +00:00
Reynir Björnsson
ac455beac0
Add quotes
...
Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: GITEA__mailer__ENABLED
2022-01-24 09:07:49 +00:00
valberg
1680ab0fc9
gitea-enhancements ( #70 )
2022-01-23 19:01:32 +00:00
valberg
499bd20ad1
Merge pull request 'Refactor allowed_sender_domains and allow more domains' ( #69 ) from reynir/ansible:postfix-allowed_sender_domains into master
...
Reviewed-on: #69
2022-01-23 16:38:30 +00:00
Reynir Björnsson
e3156c7c01
Gitea: setup mailer, raise LOGIN_REMEMBER_DAYS
2022-01-20 13:48:04 +00:00
Reynir Björnsson
6e57f1d0c2
Refactor allowed_sender_domains and allow more
...
A new object 'postfix' is created with a list of allowed_sender_domains.
Any services that expect to send mail this way should add its sender
domain to that list.
2022-01-20 13:36:48 +00:00
Jesper Hess
04b3fb4baa
Upgrade gitea -> v1.15.7
2021-12-14 16:24:02 +01:00
Reynir Björnsson
9e0fcfc4a7
Define referenced variable nextcloud.volume_folder
2021-11-23 13:49:50 +01:00
Reynir Björnsson
68c82a785b
Upgrade synapse to v1.47.1
2021-11-23 13:12:15 +01:00
Jesper Hess
682e205c0b
Bump OpenLDAP to 1.5.0 and phpLDAPAdmin to 0.9.0
2021-10-11 18:53:22 +02:00
Jesper Hess
e64c858df8
Bump portainer version to 2.9.1
2021-10-11 18:52:39 +02:00
Jesper Hess
c0bd431d3c
Change default sender domain to @services.data.coop so as not to cause issues with our @data.coop emails
2021-10-10 18:03:09 +02:00
Jesper Hess
a5a2d38b0c
Bump Synapse to v1.44.0 and Element to v1.9.0
2021-10-10 15:25:54 +02:00
Jesper Hess
c34d9fcb90
Add Hedgedoc
...
- Add Hedgedoc as a replacement for CodiMD.
- Integrate it with the new SSO system
2021-10-09 22:42:35 +02:00
Jesper Hess
270b7aa0e1
Merge branch 'master' into keycloak
2021-10-09 12:19:45 +00:00
Jesper Hess
b6c2db6434
Switch NextCloud to docker_compose in Ansible + upgrade to v22
2021-10-09 14:13:18 +02:00
Jesper Hess
2af5165349
Upgrade portainer to 2.9.0
2021-10-07 20:59:38 +02:00
Jesper Hess
ca6c3a96a1
Comment out the KEYCLOAK_USER and KEYCLOAK_PASSWORD since they mess up things after first run
2021-10-07 20:58:31 +02:00
Jesper Hess
e6ee76ddde
Merge branch 'master' into keycloak
2021-10-07 11:31:07 +00:00
Jesper Hess
2c8482a5ab
Merge branch 'master' into element.v1.8.4
2021-10-07 11:26:42 +00:00
Jesper Hess
3999db2eff
Add keycloak service
2021-10-07 13:20:30 +02:00
Reynir Björnsson
43f39c981d
Bump element to v1.8.4
...
See https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
2021-09-14 15:30:08 +02:00
Jesper Hess
b39df6003b
Disable Matrix registrations and move Matrix secrets to Ansible vault.
...
Fixes #46
2021-07-03 09:12:18 +02:00
Jesper Hess
0ef4f972ed
Update Element -> 1.7.29 & Synapse -> 1.34.0
2021-05-28 06:23:46 +02:00
Víðir Valberg Guðmundsson
30b9580d3c
Add required pip packages.
2021-02-01 21:06:39 +01:00
Víðir Valberg Guðmundsson
9e5c18f839
Rename docker_service tasks to docker_compose.
2021-02-01 21:06:23 +01:00
Víðir Valberg Guðmundsson
068502773e
Fix matrix_riot service.
2021-02-01 20:51:28 +01:00
Jesper Hess
a692e7d2cb
Migrate Passit to docker_service & set correct volume folder path
2021-01-28 14:01:19 +01:00
Víðir Valberg Guðmundsson
cec959a47e
Upgrade portainer to 2.0.1.
2021-01-26 21:59:26 +01:00
Jesper Hess
9ae295896f
Use docker_service ansible command
2021-01-26 20:40:22 +01:00
Jesper Hess
3fe7d162aa
Use correct volume folder
2021-01-26 20:01:05 +01:00
Jesper Hess
86de1fd24e
Initial work on restic container for backup
2021-01-26 19:57:06 +01:00