Compare commits

..

No commits in common. "62f548d05be9afecd666916e9ca4cf5ea9273a40" and "f50831460c93041cac1bca5f6e75ae3360b28297" have entirely different histories.

48 changed files with 666 additions and 430 deletions

View file

@ -6,35 +6,38 @@ services:
### Internal services ### ### Internal services ###
postfix: postfix:
file: postfix.yml
domain: "smtp.{{ base_domain }}" domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix" volume_folder: "{{ volume_root_folder }}/postfix"
pre_deploy_tasks: true
version: "v3.6.1-alpine" version: "v3.6.1-alpine"
nginx_proxy: nginx_proxy:
file: nginx_proxy.yml
volume_folder: "{{ volume_root_folder }}/nginx" volume_folder: "{{ volume_root_folder }}/nginx"
pre_deploy_tasks: true
version: "1.3-alpine" version: "1.3-alpine"
acme_companion_version: "2.2" acme_companion_version: "2.2"
openldap: openldap:
file: openldap.yml
domain: "ldap.{{ base_domain }}" domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap" volume_folder: "{{ volume_root_folder }}/openldap"
pre_deploy_tasks: true
version: "1.5.0" version: "1.5.0"
phpldapadmin_version: "0.9.0" phpldapadmin_version: "0.9.0"
netdata: netdata:
file: netdata.yml
domain: "netdata.{{ base_domain }}" domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata" volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1" version: "v1"
portainer: portainer:
file: portainer.yml
domain: "portainer.{{ base_domain }}" domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer" volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.19.0" version: "2.19.0"
keycloak: keycloak:
file: keycloak.yml
domain: sso.{{ base_domain }} domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak" volume_folder: "{{ volume_root_folder }}/keycloak"
version: "22.0" version: "22.0"
@ -42,20 +45,19 @@ services:
allowed_sender_domain: true allowed_sender_domain: true
restic: restic:
volume_folder: "{{ volume_root_folder }}/restic" file: restic.yml
pre_deploy_tasks: true
user: dc-user user: dc-user
domain: rynkeby.skovgaard.tel domain: rynkeby.skovgaard.tel
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
volume_folder: "{{ volume_root_folder }}/restic"
repository: restic repository: restic
version: "1.7.0" version: "1.7.0"
disabled_in_vagrant: true disabled_in_vagrant: true
docker_registry: docker_registry:
file: docker_registry.yml
domain: "docker.{{ base_domain }}" domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry" volume_folder: "{{ volume_root_folder }}/docker-registry"
pre_deploy_tasks: true
post_deploy_tasks: true
username: "docker" username: "docker"
password: "{{ docker_password }}" password: "{{ docker_password }}"
version: "2" version: "2"
@ -63,21 +65,23 @@ services:
### External services ### ### External services ###
nextcloud: nextcloud:
file: nextcloud.yml
domain: "cloud.{{ base_domain }}" domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud" volume_folder: "{{ volume_root_folder }}/nextcloud"
pre_deploy_tasks: true
version: 27-apache version: 27-apache
postgres_version: "10" postgres_version: "10"
redis_version: 7-alpine redis_version: 7-alpine
allowed_sender_domain: true allowed_sender_domain: true
forgejo: forgejo:
file: forgejo.yml
domain: "git.{{ base_domain }}" domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/forgejo" volume_folder: "{{ volume_root_folder }}/forgejo"
version: "1.20" version: "1.20"
allowed_sender_domain: true allowed_sender_domain: true
passit: passit:
file: passit.yml
domain: "passit.{{ base_domain }}" domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit" volume_folder: "{{ volume_root_folder }}/passit"
version: stable version: stable
@ -85,58 +89,63 @@ services:
allowed_sender_domain: true allowed_sender_domain: true
matrix: matrix:
file: matrix.yml
domain: "matrix.{{ base_domain }}" domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix" volume_folder: "{{ volume_root_folder }}/matrix"
pre_deploy_tasks: true
version: v1.90.0 version: v1.90.0
postgres_version: 15-alpine postgres_version: 15-alpine
allowed_sender_domain: true allowed_sender_domain: true
element: element:
file: element.yml
domain: "element.{{ base_domain }}" domain: "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/element" volume_folder: "{{ volume_root_folder }}/element"
pre_deploy_tasks: true
version: v1.11.43 version: v1.11.43
privatebin: privatebin:
file: privatebin.yml
domain: "paste.{{ base_domain }}" domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin" volume_folder: "{{ volume_root_folder }}/privatebin"
pre_deploy_tasks: true
version: "20221009" version: "20221009"
hedgedoc: hedgedoc:
file: hedgedoc.yml
domain: "pad.{{ base_domain }}" domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc" volume_folder: "{{ volume_root_folder }}/hedgedoc"
pre_deploy_tasks: true
version: 1.9.9-alpine version: 1.9.9-alpine
postgres_version: 10-alpine postgres_version: 10-alpine
data_coop_website: data_coop_website:
file: websites/data.coop.yml
domain: "{{ base_domain }}" domain: "{{ base_domain }}"
www_domain: "www.{{ base_domain }}" www_domain: "www.{{ base_domain }}"
pre_deploy_tasks: true
version: stable version: stable
staging_domain: "staging.{{ base_domain }}" staging_domain: "staging.{{ base_domain }}"
staging_version: staging staging_version: staging
slides_2022_website: slides_2022_website:
file: websites/2022.slides.data.coop.yml
domain: "2022.slides.{{ base_domain }}" domain: "2022.slides.{{ base_domain }}"
version: latest version: latest
fedi_dk_website: fedi_dk_website:
file: websites/fedi.dk.yaml
domain: fedi.dk domain: fedi.dk
version: latest version: latest
vhs_website: vhs_website:
file: websites/vhs.data.coop.yaml
domain: vhs.data.coop domain: vhs.data.coop
version: latest version: latest
cryptohagen_website: cryptohagen_website:
file: websites/cryptohagen.dk.yml
domains: domains:
- "cryptohagen.dk" - "cryptohagen.dk"
- "www.cryptohagen.dk" - "www.cryptohagen.dk"
ulovliglogning_website: ulovliglogning_website:
file: websites/ulovliglogning.dk.yml
domains: domains:
- "ulovliglogning.dk" - "ulovliglogning.dk"
- "www.ulovliglogning.dk" - "www.ulovliglogning.dk"
@ -144,42 +153,44 @@ services:
- "www.ulovlig-logning.dk" - "www.ulovlig-logning.dk"
cryptoaarhus_website: cryptoaarhus_website:
file: websites/cryptoaarhus.dk.yml
domains: domains:
- "cryptoaarhus.dk" - "cryptoaarhus.dk"
- "www.cryptoaarhus.dk" - "www.cryptoaarhus.dk"
drone: drone:
file: drone.yml
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone" volume_folder: "{{ volume_root_folder }}/drone"
version: "1" version: "1"
mailu: mailu:
file: mailu.yml
version: "1.9"
domain: "mail.{{ base_domain }}" domain: "mail.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailu"
pre_deploy_tasks: true
dns: 192.168.203.254 dns: 192.168.203.254
subnet: 192.168.203.0/24 subnet: 192.168.203.0/24
version: "1.9" volume_folder: "{{ volume_root_folder }}/mailu"
mastodon: mastodon:
file: mastodon.yml
domain: "social.{{ base_domain }}" domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon" volume_folder: "{{ volume_root_folder }}/mastodon"
pre_deploy_tasks: true
post_deploy_tasks: true
version: v4.2.0 version: v4.2.0
postgres_version: 14-alpine postgres_version: 14-alpine
redis_version: 6-alpine redis_version: 6-alpine
allowed_sender_domain: true allowed_sender_domain: true
rallly: rallly:
file: rallly.yml
domain: "when.{{ base_domain }}" domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly" volume_folder: "{{ volume_root_folder }}/rallly"
pre_deploy_tasks: true
version: "2" version: "2"
postgres_version: 14-alpine postgres_version: 14-alpine
allowed_sender_domain: true allowed_sender_domain: true
membersystem: membersystem:
file: membersystem.yml
domain: "member.{{ base_domain }}" domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li" django_admins: "Vidir:valberg@orn.li"
volume_folder: "{{ volume_root_folder }}/membersystem" volume_folder: "{{ volume_root_folder }}/membersystem"
@ -188,5 +199,6 @@ services:
allowed_sender_domain: true allowed_sender_domain: true
watchtower: watchtower:
file: watchtower.yml
volume_folder: "{{ volume_root_folder }}/watchtower" volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3" version: "1.5.3"

View file

@ -1,13 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Generate htpasswd file
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
args:
chdir: "{{ services.docker_registry.volume_folder }}"
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
- name: log in to registry
docker_login:
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
username: docker
password: "{{ docker_password }}"

View file

@ -1,19 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Configure cron job to remove old Mastodon media daily
cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker exec mastodon_web_1 tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

View file

@ -1,11 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Upload vhost config for root domain
copy:
src: vhost/base_domain
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
- name: Upload vhost config for WWW domain
copy:
src: vhost/www.base_domain
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
state: directory
loop:
- auth
- registry
loop_control:
loop_var: volume
- name: Copy docker registry vhost configuration
copy:
src: vhost/docker_registry
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
mode: "0644"

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- db
- hedgedoc/uploads
loop_control:
loop_var: volume
- name: Copy SSO certificate
copy:
src: sso/sso.data.coop.pem
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"

View file

@ -1,45 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolder for Mastodon data
file:
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
state: directory
owner: "991"
mode: u=rwx,g=rx,o=rx
- name: Create subfolder for PostgreSQL data
file:
name: "{{ services.mastodon.volume_folder }}/postgres_data"
state: directory
owner: "70"
mode: u=rwx,go=
- name: Create subfolder for PostgreSQL config
file:
name: "{{ services.mastodon.volume_folder }}/postgres_config"
state: directory
owner: root
mode: u=rwx,g=rx,o=rx
- name: Create subfolder for Redis data
file:
name: "{{ services.mastodon.volume_folder }}/redis_data"
state: directory
owner: "999"
group: "1000"
mode: u=rwx,g=rx,o=rx
- name: Upload mastodon.env file
template:
src: mastodon/env.j2
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
- name: Upload vhost config for Mastodon domain
copy:
src: vhost/mastodon
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
- name: Upload PostgreSQL config
copy:
src: mastodon/postgresql.conf
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
state: directory
loop:
- app
- postgres
loop_control:
loop_var: volume
- name: Upload vhost config for Nextcloud domain
copy:
src: vhost/nextcloud
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
notify: "restart nginx"

View file

@ -1,14 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
state: directory
loop:
- conf
- vhost
- html
- dhparam
- certs
loop_control:
loop_var: volume

View file

@ -1,12 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
state: directory
loop:
- var/lib/ldap
- etc/slapd
- certs
loop_control:
loop_var: volume

View file

@ -1,13 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Set up network for Postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: Create subfolder
file:
name: "{{ services.postfix.volume_folder }}/dkim"
state: directory

View file

@ -1,16 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolders
file:
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
state: directory
loop:
- cfg
- data
loop_control:
loop_var: volume
- name: Upload PrivateBin config
copy:
src: privatebin/conf.php
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"

View file

@ -1,11 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create subfolder
file:
name: "{{ services.rallly.volume_folder }}/postgres"
state: directory
- name: Copy rallly.env file
template:
src: rallly/env.j2
dest: "{{ services.rallly.volume_folder }}/rallly.env"

View file

@ -4,62 +4,18 @@
docker_network: docker_network:
name: external_services name: external_services
- name: Service block for all services - name: setup services
loop: "{{ services | dict2items(key_name='name', value_name='vars') }}" include_tasks: "services/{{ item.service.file }}"
loop_control: loop: "{{ services | dict2items(value_name='service') }}"
loop_var: service
when: single_service is not defined and when: single_service is not defined and
(service.vars.disabled_in_vagrant is not defined or item.service.file is defined and
not (service.vars.disabled_in_vagrant and vagrant)) (item.service.disabled_in_vagrant is not defined or
block: not (item.service.disabled_in_vagrant and vagrant))
- name: Create volume folder
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file - name: setup single service
template: include_tasks: "services/{{ services[single_service].file }}"
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
- name: Run pre-deployment tasks
include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy Compose stack
command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks
include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
- name: Service block for a single service
when: single_service is defined and when: single_service is defined and
single_service in services and single_service in services and
services[single_service].file is defined and
(services[single_service].disabled_in_vagrant is not defined or (services[single_service].disabled_in_vagrant is not defined or
not (services[single_service].disabled_in_vagrant and vagrant)) not (services[single_service].disabled_in_vagrant and vagrant))
block:
- name: Create volume folder
file:
name: "{{ services[single_service].volume_folder }}"
state: directory
- name: Upload Compose file
template:
src: compose-files/{{ single_service }}.yml.j2
dest: "{{ services[single_service].volume_folder }}/docker-compose.yml"
- name: Run pre-deployment tasks
include_tasks: pre_deploy/{{ single_service }}.yml
when: services[single_service].pre_deploy_tasks is defined and services[single_service].pre_deploy_tasks
- name: Deploy Compose stack
command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ services[single_service].volume_folder }}"
- name: Run post-deployment tasks
include_tasks: post_deploy/{{ single_service }}.yml
when: services[single_service].post_deploy_tasks is defined and services[single_service].post_deploy_tasks

View file

@ -0,0 +1,40 @@
# vim: ft=yaml.ansible
---
- name: Create Docker registry volume folders
file:
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
state: directory
loop:
- auth
- registry
loop_control:
loop_var: volume
- name: Copy docker registry vhost configuration
copy:
src: vhost/docker_registry
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
mode: "0644"
- name: Upload Compose file for Docker registry
template:
src: compose-files/docker_registry.yml.j2
dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml"
- name: Deploy Docker registry
docker_compose:
project_src: "{{ services.docker_registry.volume_folder }}"
pull: true
state: present
- name: Generate htpasswd file
shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd"
args:
chdir: "{{ services.docker_registry.volume_folder }}"
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
- name: log in to registry
docker_login:
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
username: "docker"
password: "{{ docker_password }}"

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Drone volume folder
file:
path: "{{ services.drone.volume_folder }}"
state: directory
- name: Upload Compose file for Drone
template:
src: compose-files/drone.yml.j2
dest: "{{ services.drone.volume_folder }}/docker-compose.yml"
- name: Deploy Drone
docker_compose:
project_src: "{{ services.drone.volume_folder }}"
pull: true
state: present

View file

@ -1,16 +1,16 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create subfolder - name: Create Element volume folder
file: file:
name: "{{ services.element.volume_folder }}/data" name: "{{ services.element.volume_folder }}/data"
state: directory state: directory
- name: Upload config.json - name: Upload Element config.json
template: template:
src: element/config.json.j2 src: element/config.json.j2
dest: "{{ services.element.volume_folder }}/data/config.json" dest: "{{ services.element.volume_folder }}/data/config.json"
- name: Upload riot.im.conf - name: Upload Element riot.im.conf
copy: copy:
src: element/riot.im.conf src: element/riot.im.conf
dest: "{{ services.element.volume_folder }}/data/riot.im.conf" dest: "{{ services.element.volume_folder }}/data/riot.im.conf"
@ -19,3 +19,14 @@
copy: copy:
src: vhost/element src: vhost/element
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}" dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}"
- name: Upload Compose file for Element
template:
src: compose-files/element.yml.j2
dest: "{{ services.element.volume_folder }}/docker-compose.yml"
- name: Deploy Element
docker_compose:
project_src: "{{ services.element.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Forgejo volume folder
file:
name: "{{ services.portainer.volume_folder }}"
state: directory
- name: Upload Compose file for Forgejo
template:
src: compose-files/forgejo.yml.j2
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
- name: Deploy Forgejo
docker_compose:
project_src: "{{ services.forgejo.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,28 @@
# vim: ft=yaml.ansible
---
- name: create hedgedoc volume folders
file:
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
- "hedgedoc/uploads"
loop_control:
loop_var: volume
- name: copy sso public certificate
copy:
src: sso/sso.data.coop.pem
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: Upload Compose file for for HedgeDoc
template:
src: compose-files/hedgedoc.yml.j2
dest: "{{ services.hedgedoc.volume_folder }}/docker-compose.yml"
- name: setup hedgedoc
docker_compose:
project_src: "{{ services.hedgedoc.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Keycloak volume folder
file:
path: "{{ services.keycloak.volume_folder }}/data"
state: directory
- name: Upload Compose file for for Keycloak
template:
src: compose-files/keycloak.yml.j2
dest: "{{ services.keycloak.volume_folder }}/docker-compose.yml"
- name: Deploy Keycloak
docker_compose:
project_src: "{{ services.keycloak.volume_folder }}"
pull: true
state: present

View file

@ -1,6 +1,6 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create subfolders - name: create mailu volume folders
file: file:
name: "{{ services.mailu.volume_folder }}/{{ volume }}" name: "{{ services.mailu.volume_folder }}/{{ volume }}"
state: directory state: directory
@ -23,12 +23,12 @@
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: Upload mailu.env file - name: upload mailu.env file
template: template:
src: mailu/env.j2 src: mailu/env.j2
dest: "{{ services.mailu.volume_folder }}/mailu.env" dest: "{{ services.mailu.volume_folder }}/mailu.env"
- name: Hard link to Let's Encrypt TLS certificate - name: hard link to Let's Encrypt TLS certificate
file: file:
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem" src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
@ -36,10 +36,21 @@
force: true force: true
when: letsencrypt_enabled when: letsencrypt_enabled
- name: Hard link to Let's Encrypt TLS key - name: hard link to Let's Encrypt TLS key
file: file:
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem" src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
dest: "{{ services.mailu.volume_folder }}/certs/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard state: hard
force: true force: true
when: letsencrypt_enabled when: letsencrypt_enabled
- name: Upload Compose file for for Mailu
template:
src: compose-files/mailu.yml.j2
dest: "{{ services.mailu.volume_folder }}/docker-compose.yml"
- name: Deploy Mailu
docker_compose:
project_src: "{{ services.mailu.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,75 @@
# vim: ft=yaml.ansible
---
- name: Create volume folder for Mastodon data
file:
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
state: directory
owner: "991"
mode: u=rwx,g=rx,o=rx
- name: Create volume folder for PostgreSQL data
file:
name: "{{ services.mastodon.volume_folder }}/postgres_data"
state: directory
owner: "70"
mode: u=rwx,go=
- name: Create volume folder for PostgreSQL config
file:
name: "{{ services.mastodon.volume_folder }}/postgres_config"
state: directory
owner: root
mode: u=rwx,g=rx,o=rx
- name: Create volume folder for Redis data
file:
name: "{{ services.mastodon.volume_folder }}/redis_data"
state: directory
owner: "999"
group: "1000"
mode: u=rwx,g=rx,o=rx
- name: Copy mastodon environment file
template:
src: mastodon/env.j2
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
- name: Upload vhost config for Mastodon domain
copy:
src: vhost/mastodon
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
- name: Copy PostgreSQL config
copy:
src: mastodon/postgresql.conf
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
- name: Upload Compose file for Mastodon
template:
src: compose-files/mastodon.yml.j2
dest: "{{ services.mastodon.volume_folder }}/docker-compose.yml"
- name: Deploy Mastodon
docker_compose:
project_src: "{{ services.mastodon.volume_folder }}"
pull: true
restarted: true
state: present
- name: Configure cron job to remove old Mastodon media daily
cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker exec mastodon_web_1 tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker exec mastodon_web_1 tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

View file

@ -1,24 +1,24 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create subfolders - name: Create Matrix volume folders
file: file:
name: "{{ services.matrix.volume_folder }}/{{ volume }}" name: "{{ services.matrix.volume_folder }}/{{ volume }}"
state: directory state: directory
owner: "991" owner: "991"
group: "991" group: "991"
loop: loop:
- data - "data"
- data/uploads - "data/uploads"
- data/media - "data/media"
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: Create Matrix DB subfolder - name: Create Matrix DB folder
file: file:
name: "{{ services.matrix.volume_folder }}/db" name: "{{ services.matrix.volume_folder }}/db"
state: directory state: directory
- name: Upload vhost config for Matrix domain - name: upload vhost config for matrix domain
copy: copy:
src: vhost/matrix src: vhost/matrix
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}" dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
@ -28,7 +28,18 @@
src: matrix/homeserver.yaml.j2 src: matrix/homeserver.yaml.j2
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml" dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
- name: Upload Matrix logging config - name: upload matrix logging config
copy: copy:
src: matrix/log.config src: matrix/log.config
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config" dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
- name: Upload Compose file for Matrix
template:
src: compose-files/matrix.yml.j2
dest: "{{ services.matrix.volume_folder }}/docker-compose.yml"
- name: Deploy Matrix
docker_compose:
project_src: "{{ services.matrix.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Membersystem volume folder
file:
name: "{{ services.membersystem.volume_folder }}"
state: directory
- name: Upload Compose file for Membersystem
template:
src: compose-files/membersystem.yml.j2
dest: "{{ services.membersystem.volume_folder }}/docker-compose.yml"
- name: Deploy Membersystem
docker_compose:
project_src: "{{ services.membersystem.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Netdata volume folder
file:
path: "{{ services.netdata.volume_folder }}"
state: directory
- name: Upload Compose file for Netdata
template:
src: compose-files/netdata.yml.j2
dest: "{{ services.netdata.volume_folder }}/docker-compose.yml"
- name: Deploy Netdata
docker_compose:
project_src: "{{ services.netdata.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,28 @@
# vim: ft=yaml.ansible
---
- name: Create Nextcloud volume folders
file:
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
state: directory
loop:
- app
- postgres
loop_control:
loop_var: volume
- name: upload vhost config for cloud.data.coop
copy:
src: vhost/nextcloud
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
notify: "restart nginx"
- name: Upload Compose file for Nextcloud
template:
src: compose-files/nextcloud.yml.j2
dest: "{{ services.nextcloud.volume_folder }}/docker-compose.yml"
- name: Deploy Nextcloud
docker_compose:
project_src: "{{ services.nextcloud.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,25 @@
# vim: ft=yaml.ansible
---
- name: create nginx-proxy volume folders
file:
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
state: directory
loop:
- conf
- vhost
- html
- dhparam
- certs
loop_control:
loop_var: volume
- name: Upload Compose file for nginx-proxy
template:
src: compose-files/nginx_proxy.yml.j2
dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml"
- name: Deploy nginx-proxy
docker_compose:
project_src: "{{ services.nginx_proxy.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,23 @@
# vim: ft=yaml.ansible
---
- name: Create OpenLDAP volume folders
file:
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
state: directory
loop:
- var/lib/ldap
- etc/slapd
- certs
loop_control:
loop_var: volume
- name: Upload Compose file for OpenLDAP
template:
src: compose-files/openldap.yml.j2
dest: "{{ services.openldap.volume_folder }}/docker-compose.yml"
- name: Deploy OpenLDAP
docker_compose:
project_src: "{{ services.openldap.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,19 @@
# vim: ft=yaml.ansible
---
- name: Create directory for Passit data
file:
name: "{{ services.passit.volume_folder }}/data"
owner: '70'
group: root
state: directory
- name: Upload Compose file for Passit
template:
src: compose-files/passit.yml.j2
dest: "{{ services.passit.volume_folder }}/docker-compose.yml"
- name: Deploy Passit
docker_compose:
project_src: "{{ services.passit.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: create portainer volume folder
file:
name: "{{ services.portainer.volume_folder }}"
state: directory
- name: Upload Compose file for Portainer
template:
src: compose-files/portainer.yml.j2
dest: "{{ services.portainer.volume_folder }}/docker-compose.yml"
- name: Deploy Portainer
docker_compose:
project_src: "{{ services.portainer.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,24 @@
# vim: ft=yaml.ansible
---
- name: Set up network for Postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: Create volume folders for Postfix
file:
name: "{{ services.postfix.volume_folder }}/dkim"
state: directory
- name: Upload Compose file for Postfix
template:
src: compose-files/postfix.yml.j2
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
- name: Deploy Postfix
docker_compose:
project_src: "{{ services.postfix.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,27 @@
# vim: ft=yaml.ansible
---
- name: create privatebin volume folders
file:
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
state: directory
loop:
- cfg
- data
loop_control:
loop_var: volume
- name: upload privatebin config
copy:
src: privatebin/conf.php
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
- name: Upload Compose file for PrivateBin
template:
src: compose-files/privatebin.yml.j2
dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml"
- name: Deploy PrivateBin
docker_compose:
project_src: "{{ services.private.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,22 @@
# vim: ft=yaml.ansible
---
- name: Create Rallly volume folders
file:
name: "{{ services.rallly.volume_folder }}/postgres"
state: directory
- name: Copy Rallly environment file
template:
src: rallly/env.j2
dest: "{{ services.rallly.volume_folder }}/rallly.env"
- name: Upload Compose file for Rallly
template:
src: compose-files/rallly.yml.j2
dest: "{{ services.rallly.volume_folder }}/docker-compose.yml"
- name: Deploy Rallly
docker_compose:
project_src: "{{ services.rallly.volume_folder }}"
pull: true
state: present

View file

@ -8,7 +8,7 @@
mode: '0755' mode: '0755'
state: directory state: directory
- name: Upload private SSH key - name: Copy private SSH key
copy: copy:
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519" dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
owner: root owner: root
@ -31,7 +31,7 @@
mode: '0644' mode: '0644'
state: touch state: touch
- name: Upload SSH config - name: Create SSH config
template: template:
src: restic/ssh.config.j2 src: restic/ssh.config.j2
dest: "{{ services.restic.volume_folder }}/ssh/config" dest: "{{ services.restic.volume_folder }}/ssh/config"
@ -39,10 +39,21 @@
group: root group: root
mode: '0600' mode: '0600'
- name: Upload SSH known_hosts file - name: Create SSH known_hosts file
template: template:
src: restic/ssh.known_hosts.j2 src: restic/ssh.known_hosts.j2
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts" dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
owner: root owner: root
group: root group: root
mode: '0600' mode: '0600'
- name: Upload Compose file for Restic
template:
src: compose-files/restic.yml.j2
dest: "{{ services.restic.volume_folder }}/docker-compose.yml"
- name: Deploy Restic
docker_compose:
project_src: "{{ services.restic.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,17 @@
# vim: ft=yaml.ansible
---
- name: Create Watchtower volume folder
file:
name: "{{ services.watchtower.volume_folder }}"
state: directory
- name: Upload Compose file for Watchtower
template:
src: compose-files/watchtower.yml.j2
dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml"
- name: Deploy Watchtower
docker_compose:
project_src: "{{ services.watchtower.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,19 @@
# vim: ft=yaml.ansible
---
- name: setup 2022.slides.data.coop website using unipi
docker_container:
name: 2022.slides.data.coop_website
image: docker.data.coop/unipi:{{ services.slides_2022_website.version }}
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}"
LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: "--remote=https://git.data.coop/data.coop/slides.git#slides2022"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"

View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
---
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
---
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website
restart_policy: unless-stopped
image: docker.data.coop/cryptohagen-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -0,0 +1,47 @@
# vim: ft=yaml.ansible
---
- name: Upload vhost config for root domain
copy:
<<<<<<< HEAD
src: vhost/base_domain
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
- name: Upload vhost config for WWW domain
copy:
src: vhost/www.base_domain
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}"
=======
src: files/configs/matrix/vhost-root
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
- name: Upload vhost config for WWW domain
copy:
src: files/configs/vhost-www
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"
>>>>>>> main
- name: setup data.coop website docker container
docker_container:
name: "{{ services.data_coop_website.domain }}_website"
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
pull: true
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
- name: setup staging data.coop website using hugo
docker_container:
name: "{{ services.data_coop_website.staging_domain }}_website"
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
pull: true
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,22 +1,19 @@
# vim: ft=yaml.docker-compose # vim: ft=yaml.ansible
version: "3.8" ---
- name: setup fedi.dk website with unipi
services: docker_container:
web: name: fedi.dk_website
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }} image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
restart: unless-stopped restart_policy: unless-stopped
purge_networks: yes
networks: networks:
- external_services - name: external_services
environment: env:
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}" VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}" LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: --remote=https://git.data.coop/fedi.dk/website.git#main command: "--remote=https://git.data.coop/fedi.dk/website.git#main"
cap_add: capabilities:
- NET_ADMIN - NET_ADMIN
devices: devices:
- "/dev/net/tun" - "/dev/net/tun"
networks:
external_services:
external: true

View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
---
- name: setup ulovliglogning.dk website docker container
docker_container:
name: ulovliglogning_website
restart_policy: unless-stopped
image: ulovliglogning/ulovliglogning.dk:latest
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -0,0 +1,19 @@
# vim: ft=yaml.ansible
---
- name: setup vhs.data.coop website with unipi
docker_container:
name: vhs.data.coop_website
image: docker.data.coop/unipi:{{ services.vhs_website.version }}
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.vhs_website.domain }}"
LETSENCRYPT_HOST: "{{ services.vhs_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: "--remote=https://git.data.coop/vhs.data.coop/website.git#main"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: docker.data.coop/cryptoaarhus-website
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: docker.data.coop/cryptohagen-website
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -1,27 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
prod:
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
staging:
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -1,22 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: docker.data.coop/unipi:{{ services.slides_2022_website.version }}
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}"
LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: --remote=https://git.data.coop/data.coop/slides.git#slides2022
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
networks:
external_services:
external: true

View file

@ -1,17 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: ulovliglogning/ulovliglogning.dk:latest
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}"
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -1,22 +0,0 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: docker.data.coop/unipi:{{ services.vhs_website.version }}
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.vhs_website.domain }}"
LETSENCRYPT_HOST: "{{ services.vhs_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: --remote=https://git.data.coop/vhs.data.coop/website.git#main
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
networks:
external_services:
external: true