Compare commits

...

48 commits

Author SHA1 Message Date
Víðir Valberg Guðmundsson 11b2e42637 Upgrade 2022-05-08 21:54:40 +02:00
Víðir Valberg Guðmundsson e9421fd928 Updated secrets. 2022-05-08 21:28:45 +02:00
Jesper Hess 1fb6f10433 graffens experiments 2022-05-08 21:28:44 +02:00
Víðir Valberg Guðmundsson 7abd92517f Move mailman containers to the mailu.yml file. 2022-05-08 21:28:06 +02:00
Víðir Valberg Guðmundsson 4f28fa9a9f Fix sending mails from mailman-web. Fix static files. 2022-05-08 21:28:04 +02:00
Víðir Valberg Guðmundsson 8f77f152ea Right port. 2022-05-08 21:27:40 +02:00
Víðir Valberg Guðmundsson fcd97ffc89 Getting closer... 2022-05-08 21:27:40 +02:00
Víðir Valberg Guðmundsson 827c70e722 Upgrade mailman containers. Add some actual secrets. Add (probably wrong) ips to postfix mynetworks variable. 2022-05-08 21:27:36 +02:00
Víðir Valberg Guðmundsson 9e686078be Some mailman stuff. 2022-05-08 21:25:59 +02:00
Víðir Valberg Guðmundsson 29971520d5 Rename smtp hostname to smtp.data.coop. 2022-05-08 13:58:21 +02:00
Víðir Valberg Guðmundsson e74753cab4 Mastodon! 2022-05-07 22:53:18 +02:00
Reynir Björnsson c0ec5c3853 Update host ip 2022-03-02 15:44:40 +00:00
Reynir Björnsson 3791e1351a Install mosh 2022-01-31 10:57:24 +00:00
Reynir Björnsson 25eab11d12 Add another key for reynir 2022-01-28 13:15:17 +00:00
Reynir Björnsson 5d745e0cde Allow for multiple ssh keys
This required restructuring users.yml.
2022-01-28 13:15:14 +00:00
Reynir Björnsson 54a38114d6 gitea: Enable notify emails 2022-01-28 13:13:12 +00:00
benjaoming 17d4513b97 Add security and password policy customization
I need someone with a functional Docker setup to help test this :)

Tip from a new user that we are requiring stupid password stuff

https://www.bbc.com/news/technology-40875534
2022-01-24 09:53:59 +00:00
Reynir Björnsson 36534604c1 Add dummy user and pass
It seems perhaps it is required by gitea before it will enable email
2022-01-24 09:39:03 +00:00
Reynir Björnsson d73cc9e28f Gitea mail typo: smpt_port -> smtp_host 2022-01-24 09:25:44 +00:00
Reynir Björnsson 554024f2b2 Gitea mail: add crucial configuration 2022-01-24 09:19:54 +00:00
Reynir Björnsson ac455beac0 Add quotes
Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: GITEA__mailer__ENABLED
2022-01-24 09:07:49 +00:00
valberg 1680ab0fc9 gitea-enhancements (#70) 2022-01-23 19:01:32 +00:00
valberg 499bd20ad1 Merge pull request 'Refactor allowed_sender_domains and allow more domains' (#69) from reynir/ansible:postfix-allowed_sender_domains into master
Reviewed-on: #69
2022-01-23 16:38:30 +00:00
Reynir Björnsson e3156c7c01 Gitea: setup mailer, raise LOGIN_REMEMBER_DAYS 2022-01-20 13:48:04 +00:00
Reynir Björnsson 6e57f1d0c2 Refactor allowed_sender_domains and allow more
A new object 'postfix' is created with a list of allowed_sender_domains.
Any services that expect to send mail this way should add its sender
domain to that list.
2022-01-20 13:36:48 +00:00
Jesper Hess 04b3fb4baa
Upgrade gitea -> v1.15.7 2021-12-14 16:24:02 +01:00
Jesper Hess c2f1f10e0d Merge pull request 'Define referenced variable nextcloud.volume_folder' (#67) from nextcloud-fixup into master
Reviewed-on: #67
2021-11-23 14:31:55 +00:00
Reynir Björnsson 9e0fcfc4a7 Define referenced variable nextcloud.volume_folder 2021-11-23 13:49:50 +01:00
Reynir Björnsson 68c82a785b Upgrade synapse to v1.47.1 2021-11-23 13:12:15 +01:00
Jesper Hess 682e205c0b Bump OpenLDAP to 1.5.0 and phpLDAPAdmin to 0.9.0 2021-10-11 18:53:22 +02:00
Jesper Hess e64c858df8 Bump portainer version to 2.9.1 2021-10-11 18:52:39 +02:00
Jesper Hess c0bd431d3c Change default sender domain to @services.data.coop so as not to cause issues with our @data.coop emails 2021-10-10 18:03:09 +02:00
Jesper Hess a5a2d38b0c Bump Synapse to v1.44.0 and Element to v1.9.0 2021-10-10 15:25:54 +02:00
Jesper Hess c34d9fcb90 Add Hedgedoc
- Add Hedgedoc as a replacement for CodiMD.
- Integrate it with the new SSO system
2021-10-09 22:42:35 +02:00
Jesper Hess 5294b5f230 Merge pull request 'Add keycloak service' (#66) from keycloak into master
Reviewed-on: #66
2021-10-09 12:20:18 +00:00
Jesper Hess 270b7aa0e1 Merge branch 'master' into keycloak 2021-10-09 12:19:45 +00:00
Jesper Hess b6c2db6434
Switch NextCloud to docker_compose in Ansible + upgrade to v22 2021-10-09 14:13:18 +02:00
Jesper Hess 2af5165349
Upgrade portainer to 2.9.0 2021-10-07 20:59:38 +02:00
Jesper Hess ca6c3a96a1
Comment out the KEYCLOAK_USER and KEYCLOAK_PASSWORD since they mess up things after first run 2021-10-07 20:58:31 +02:00
Jesper Hess e6ee76ddde Merge branch 'master' into keycloak 2021-10-07 11:31:07 +00:00
Jesper Hess 19e7a397e3 Merge pull request 'Bump element to v1.8.4' (#65) from element.v1.8.4 into master
Reviewed-on: #65
2021-10-07 11:26:56 +00:00
Jesper Hess 2c8482a5ab Merge branch 'master' into element.v1.8.4 2021-10-07 11:26:42 +00:00
Jesper Hess 3999db2eff
Add keycloak service 2021-10-07 13:20:30 +02:00
Reynir Björnsson 43f39c981d Bump element to v1.8.4
See https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
2021-09-14 15:30:08 +02:00
Jesper Hess b39df6003b
Disable Matrix registrations and move Matrix secrets to Ansible vault.
Fixes #46
2021-07-03 09:12:18 +02:00
Jesper Hess 0ef4f972ed
Update Element -> 1.7.29 & Synapse -> 1.34.0 2021-05-28 06:23:46 +02:00
Jesper Hess 9b1dc31163 Merge pull request 'Use inventory in ansible.cfg' (#60) from hosts into master
Reviewed-on: #60
2021-03-05 07:49:59 +00:00
Reynir Björnsson 62cc00bea7 Use inventory in ansible.cfg 2021-03-04 13:52:25 +01:00
28 changed files with 813 additions and 160 deletions

View file

@ -1,2 +1,3 @@
[defaults] [defaults]
remote_user = root remote_user = root
inventory = datacoop_hosts

View file

@ -1,3 +1,3 @@
###################################### ######################################
### All hosts ### All hosts
85.235.225.231 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3 85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --ask-vault-pass" BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Deploying all!" echo "Deploying all!"

View file

@ -1,73 +1,144 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34376131343263336262656463373830643861336631626539643663333239313831626236306530 31306164623264616463396230366434306365373135343931323331383866613138316334316538
3335623130653432636133356363656465346366303062370a346130326536366638633536613161 3438343537333866353334646637633731643132323163340a613034626335613934396235666163
62623334363537636634373231353564396362343330623562383939373538633066616565306235 36333730376435393436323937323036366137366231626263376165306137613961383933383436
3332323863353334640a396462313862366362366535383737376333383361303065383937396530 3166393134323736390a383666623161316133313163383036356264353733643562663362616161
38326331396333396263363762346331356431623532343938613834663830393337646666336435 31393930613562613735643438303561346538386461333435393334376133376539643139376435
66356439333434356165613030306138666163653934386233663362646534303737323030636234 31363737343234353234356430663531643861306463663739626666373336663339613361393531
31616132613830363136666639386462363135656432373236393034316664363637663336366435 38663237366566663135393661386334316661303163613837313837316666343065643430363535
64373238633064623735666335636231656231666434383066313336303137333663333031363638 61333633616532613033383366386461386638363466323333306532363232333030616563616561
31643733336535383338376631656439633962653262356335383638373764353530643234303935 63346633333666373861333737383934336562613134376632303761363838346630333364643437
62383930393634613530643739643335616164633038326638356135623561326165376530363461 31386332353830333036326530656530653339316137396538386639396638643231396237653430
37373032393331653261373538633065333662393366666161396638383932393331623766343035 30303733333337663130333239643161666634613231623066323333373865303730326265646666
30333335663039323931306162313538373334393335306132626336643363323839633761383063 30666430656266343530326133633962613764646335313738333232313334633138366237373339
35343632363837383132656437303138303764316439343663303964396463363638336533653930 61396363343131376237656438343138333031306262383635306564343734663037323634616436
39303236353766373131623363653835666439333164366563346164626464633633363163323864 38306633316262393965336332636466643261666133373166366636306161363839616439343831
65363961393237666433623565343832306663323862666333343665376135646132363466616364 33646262616134626564396237663662343761326366666539626135343365396666666631376363
62356331666432336661343762333961333634396466333465633164326239386266643230393566 32616562336533343733613536373038643862623863616463633537303237363839613830323832
36376461373631636630303861313538333834646461663539623738636636626537656438646431 32323038306266363031656134376636316431663962653731613761363666313437313832363565
38383436393238363038313563633634396335346138626666366437333433383039363332623639 65643339626165663864383035376164323834333762656438656462386234623461663034616330
31396165346431333838393164616339656634346561313737306562343562323030613266633263 35373633626239393966333236613536623230326262633835383635633066393132343964633736
61333263653938653034356631333664323630306461346532626533363665363133376232316132 64353161323630313461323565333535613532663137376461333133633564326665356430303536
61346431383230656134373630653264363430383561313866363235333435633966386266653964 63636135393137346135306339373839336438333334306461366330353264613766366564613933
33363534343634343232373036633330613038303437333033313061313932373739343663303931 66383065343134623564333730656362336662326535643330636533666435643364353665653137
34333833386638353436653831623835323032303134366635613735643662636336616464313330 35346365373735663466373832343431646533663231643461343839643235396239326261303333
36633335613630663233326166633565386238656236633261396235363165656333333235643137 62346463646162646566623838613864303535643834383331346532343134663163653038376463
32623461663562313533333835396233383330613661646431646365343430626662326638653330 30626531646364363763613937386235363136326336386636333337656462303032386239613661
38646232386263356566373561353130616539346630613363313163363262356264653233313862 62656661313538663639393132363862316530396532383538326166626662633765353062396438
34386331363236386534353534616531643264613764343362646366393435383332653664353363 37396666333036343964386139313031393835336362316336626135373561396330383135333238
62333935363132373434613038353632643336633136656266316466373734646234636638316265 65643166656533383138353134633565396435333230306432343834643063303035363435633035
62646261396465623561633964313065626361316630353965616233356565343834656563353830 35636163626130363134383663653834646332666232326236633861346166333266306336353465
38346361336237646331366632633130613330336637326163663463386233643734356165666431 63363263376533303531343164303739663737616433346537653638663334343830323363343731
61396263656237333138356231306437653337656133663031303031616437633564613733316264 38373963666466323664396236326663343334313235346436363933656666613530303231653731
63633930353033636235653961393330326635626666626235336334653762373262633739356263 34323465636135383166333533613431333531626163366137393332643765306461333037616161
32323532333463653937386430663437303238313130643435353739393639303033343865323736 37383737653532626237633331306639343339356238393964353335333637353466393463366235
35366139643166626364373663333266376133636433653261316566366630396666336637326664 31633965303433333631313362626263633334326630653461353666356165333933363735323339
30343039633133626435363364346666613732666335313865326234366136366130616334396338 33333465613962363763653838306630626261613266366237663430353332626661396364396336
61663461623432303930623261336464643830303631396430363637383838616432356634303332 66376564616664363764623566323365313833653931343965613532306362373139323038366336
61346536313035376139313638393737393136643366366364363862383335353533313534366534 62653738303037656639636430383734333634666233363736303065396438306636383364383466
61356136366465373530393835613834366665653334376539303462336138646438653039306261 66303438313536666665633537316432313132356434353864383033343666306162626464626334
36613736323566636634666331396463623439323063356232306631616135623231336439303739 36363036376234663665666664316633383861313365363561383538393061353537633030353265
65393837653837336235396532323465656463636238643038383363616633383866333633663831 66303030306562626565626231663037323939386365393365376537633263343935363136366634
61363634356634636265663837306232303362313564323463303363323931396438646337363161 33613036343439386334333639363637313566623733643437363666333066393262373331666336
61313033343532336563393632373830326631616462616263346363636566663966396330386464 39653662303634343561616162386433653365326530386333366664353237356466333063386332
62613039323065343838653439303333396536366537313335353834613338623961646235633764 32623135336131663236383730636363333038356135633337646464396235373866323739326365
30333032323333663530613736313765343364363433366436666134623663653336386632333437 66313739376538356536396561333033623339306331656561643637316439383363346338636463
64386639636237333138323431333234316432366236613530376234636438356531636630396431 32666161323530643535333366313334323532666435633061333934623462666638383837333537
63643833366136363962346632616161363565336163313764383030303337346565613939383563 37363031303661616366616363633361323031346362393664653039323865656433633262386265
65306137633965326534356666346238363137323233336561643333386265613863396338383134 61383233393033623834353965663837646663633133353936373237356636303037656463323264
35363135303232376364306234323435356330333061613663326563343533636165356537336536 36636161326339313666373134633139326365646265643164623430636138666130663934633037
61656131343966346365396133666662393930663237643134383963303766306534633034356335 63653038373965316535633136663031383230393565396339316538656230646366373435363763
37633732393266633965616330643061616664336430643630633033326335643438373737653164 61383364343566663538323234373633393065633866613338363233373532313232356266333464
34633737303533666335306466306330343233326531343065666138633166383664333130653864 35646239373531373465333564343463616633346633393434363231633438386337663438396233
37623730333532633936316461333066313065316664383934343731616430366135346138663531 64323437346662616431383365636430386537316535303130633539303933303664663764333066
33353134333934376663336366663036383630393031303731653332373335333131633136616537 37306662393463363564373836333533616130646364396532363033626131363836353762616565
33666266373439346633373735643339653333626237623530346436306438396332613863346264 37623537346632633739666138616361636364643262613836646162656564373462386564333736
30346431393735326566393633626535383538343866653262653330366330623930646631663961 66613861646666656632396139316361343333373438366664663639336337366530366561626364
38656138313932623131613537376139666137653063313339666333313364343738306439656264 61646663633666393135613530373064313135613636623462616661353565653931643039626134
32346533646465376135376531383132396337653966393133316436616563613135353863653064 64666537303437653838613463653465643737383962643937343632356565333734373634396465
31373466616135393036333037623164346539323463333037613030386666396363353364396439 37383865313031636164626361346365373530626636343735636261343533636235663863346238
39616536646638623739623834363662643566393430623632646434336162316362653434343337 39353035326464383433633833613739616561336631663537323634623661653965326263633966
36623334303866343533623538663531303366343136636631376334653636313264376330313836 64353232363263323564323464353633343232643133323565653366633035646234666130613364
66333131343062373138663330313633623166303337306466313362343034316364666666373965 37643361373430643064386335636237333839653163623631663230613935613563353433366435
36373933343338646333373962623034353631623535306230346663373530346438386334303536 36303739316663363832316663666263663566373063633632303734333066613135633532346265
62366666646263303764303330353835633163363666303133333730343263613039346162356532 32396466626433383037346465653534643738613130616362396630373131653739373636356163
37323133613037313430366238313261633165643563666239623730653164666264633964626461 39333437393364363130313561303736373038343362636137333537316530363039316261313561
31323536623335636333393338333166346336323132373466396432613133613933356232373532 61343238623731623032346664326639353565386230333565373233333362306665663166666161
30653564323031636231343232646165653163393663663731313033323763663965356466366562 65323436303438663861303735643135336361336332643838393865623539633462396131366536
33303830656238653164646161366265636566393436323135356630393033316337363361306363 65363030376534333263323664353536316239363835343063363662613939656437343733306239
30393766636237336466353431616130653961326431323161313234333963643032393061303265 35663331643463336465313137306631613732623864356233303439343930646430643138643064
33396664336535353164643462303636616265306338333634376664323837303238623638313266 33643963643764393466393963613539363137313634333661356437383231636162396365366239
37643861343034646532626164353238373031633861623663316638333039643036353932323962 31313561373137626434323061343064613862376139303031623735383566343462616265313832
39616136653639313232326362663834333363633562646563393561396464383765616230333230 35623365343037643435343638363836373963383934653434333635346430613763613863636630
39663939326332333362 61313533303631333564383530653333326464626536646334323761343131373835323261316466
64663431376632366437663430316138333238313637666634373132643430306635616331656364
39666461663830666634363938653638663238343837336466383539656162366332626235303332
32393738376266323330383932666564333337353866313134326634373263346233646238303639
62393661636431343663393135656439353137396535663131323264636261393436356234393139
36623830323435653733353066613461626338626438626533363938666139643037373264393735
33326363303936346362646532626531343039386133643439613239636232636138636161623861
37373030656336303430656536396332613763313338653337326334303664356136626336383065
37326332623231353939623763616464663166336163616235663639353863386238363933616234
30373737653661626464666233363438343566323530613866346261333262316332303437303239
61616138303432393566356463643730323765323430303065656532353338636533326438653533
33613332333664366333663735323332386234376137613837643434646539653964303432393864
38333332343536313865303331623330393039383136643932373331356436373634663737626239
34626133363236343931383665333634303763323265613931653865636439353362623264323033
30633133643933393161306233343734646431326538663164616361626266646565663939366261
30623932356433303765343730646166653362626463323564656163613131646466323336643938
64613232666261396232316332386165383465356639663762373138323066643232396266323738
61633938393131366431613966383133356334383830653264383739346333366564666135326431
31306230333933656339626461643365316465616334336133666431616461383632383436356534
39376430616235326337373566383463396131613537643535376230303832333565353737353130
65383365636362393863373334336366356164346637323231643336393336613636376235333437
62336562343132623565303130393562383736303439313235323631343539343836623337646331
65633535373139663231633337626263363936366238633231666533646539343334313964643061
33623739643262333232653335393561353739323433313466393432353665333339653761393635
36383238653936383836396436383861353365373033316434353965656635666338626539643638
36313162376666653933363036666564363563353836613637653266313936333731653563326330
31626366386535376262626565333034396338326163376237366564336430643765613539613236
37313036383631663363663064393365313538313663386563613864626365376330356333356562
37386432393230353666613339343736336236653865353036356536626265636135373431383534
63346436326131346230326564336436616430636664326231663464616334366461623733353734
34646633653030366535373961633663353239373162303431303238366133393066663161616361
62366262626131386163616534383064326466643437366631366464326366306666326637306263
32663637363562336637333230346432353562323233373065303534666239656263356462393465
36626436393232646362643731613636643436323261656566396136376538633930383566396139
66356562613237303533353063616433346231623931656362623733356537663661616361653438
30383937623565306635663235656239303865643933343231366463636331653337316231383763
64643332626339386265633965396239383161366133626538346365316130323561656237353164
33643365353435386632366231343533623964343938336431386462316638333132353231363836
36666666643335353432353638613663613961343163653039393362396361626162633862363233
64313865356562643765303739366338313039643738373134326634613532343832366532656136
34656237376232646565366466336432376264303039333339393538666133313633393761353966
32636430633137663336353839616431646232636436336661643039643566613835373030626465
31313630346562313365376539346164313265653934383662663863376434383363323435383364
32626632333666303232323563613663363063386238303865323935313639623839393331323562
34666661366139633933366164663532653131666162663632396130333737313663383464316431
30366133666437363466316536356232353832356136643036663463316338343435316535353762
31356233633734616134373161316436353938323537663562376230376361653561316139343933
64346336613764366334666162316533363930623735363461663965646566303530313061623662
38643964326135363234343762626164353161323962636530656533353032333264333036396265
39366263643535343731353065336130333430663135323665613638303863343138313033356630
64363430663537306334636435346335653261643339636436383261346461353034633636373337
34343534636234306662616564616134636530363362326639346138393430343562386166663539
65656136373438623436663836646132363530316630393533356539343463616232353938663165
30306135333130643666616161303530626436626463663931346362303530666665646131656462
62643037373138313635643939636230663731386565333165333865383936376438323536383666
64313335653364346664653239633164393133376138333231353032623966393437373064616462
36336639316463623432653861666261346531623264336535616633646335663837383236343031
36303237636234356631663538626535356536333336323964313862353432356533633161306439
61366364643137633839313964383538343763616163346434356633386563323636353138336234
38393438653637386364613734373837366562356266383238663764656263383737353034343232
35386166396163323738666137616564666638616532366564366432326532623833313939646665
64656634336635303235303465396462626565386133623866306532353730323932613361346330
38376362656466343562636539313264643330353139336139653866383935373930636230393161
39396662653637636637333965623763343136623632396535623131303764353539393362663165
64326337663137326432373864643438653836303538653138643534383765653239353633393162
35653465636437393135303238343664386633396239323437396531656332653534383834356438
32373463653863333161326266306135356238343737623735383764313366663136363533663936
64656561646661336261633161633532353766333230306565616638343330643033613366363566
63396463386266346161376535363339653437306664626134303037656663356432333466393332
66613365306536333134643763376166646561326330326335363235393437313632326162333136
35643833376365616337376365343230343437333461356135333338363966666435323831616135
623538643430323665623033623939656232

View file

@ -10,6 +10,8 @@ postgres_passwords:
codimd: xxx codimd: xxx
mailu: xxx mailu: xxx
ttrss: xxx ttrss: xxx
keycloak: xxx
mastodon: xxx
fider_jwt_secret: xxx fider_jwt_secret: xxx
@ -30,3 +32,23 @@ drone_secrets:
restic_secrets: restic_secrets:
user_secret: xxx user_secret: xxx
encryption_secret: xxx encryption_secret: xxx
matrix_secrets:
registration_shared_secret: xxx
macaroon_secret_key: xxx
form_secret: xxx
keycloak_secrets:
admin_user: xxx //used for setting up the initial admin user on first run
admin_password: xxx
mastodon_secrets:
secret_key_base: xxx
otp_secret: xxx
vapid_private_key: xxx
vapid_public_key: xxx
mailman_secrets:
postgres_password: xxx
hyperkitty_api_key: xxx
django_secret_key: xxx

View file

@ -1,24 +1,28 @@
--- ---
users: users:
graffen: - name: graffen
comment: Jesper Hess Nielsen comment: Jesper Hess Nielsen
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30 password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
valberg: - name: valberg
comment: Vidir Valberg Gudmundsson comment: Vidir Valberg Gudmundsson
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/ password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
reynir: - name: reynir
comment: Reynir Björnsson comment: Reynir Björnsson
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0 password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
volume_root_folder: "/docker-volumes" volume_root_folder: "/docker-volumes"

View file

@ -12,6 +12,7 @@ thelounge:
nextcloud: nextcloud:
domain: "cloud.{{ base_domain }}" domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
gitea: gitea:
domain: "git.{{ base_domain }}" domain: "git.{{ base_domain }}"
@ -39,9 +40,13 @@ privatebin:
volume_folder: "{{ volume_root_folder }}/privatebin" volume_folder: "{{ volume_root_folder }}/privatebin"
codimd: codimd:
domain: "pad.{{ base_domain }}" domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd" volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
netdata: netdata:
domain: "netdata.{{ base_domain }}" domain: "netdata.{{ base_domain }}"
@ -76,13 +81,22 @@ drone:
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone" volume_folder: "{{ volume_root_folder }}/drone"
mail_subnet_base: "192.168.203"
mailu: mailu:
version: 1.6 version: 1.6
domain: "mail.{{ base_domain }}" domain: "mail.{{ base_domain }}"
dns: 192.168.203.254 dns: "{{ mail_subnet_base }}.254"
subnet: 192.168.203.0/24 subnet: "{{ mail_subnet_base }}.0/24"
volume_folder: "{{ volume_root_folder }}/mailu" volume_folder: "{{ volume_root_folder }}/mailu"
mailman:
domain: "lists.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailman"
core_ip: "{{ mail_subnet_base }}.12"
web_ip: "{{ mail_subnet_base }}.13"
database_ip: "{{ mail_subnet_base }}.14"
portainer: portainer:
domain: "portainer.{{ base_domain }}" domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer" volume_folder: "{{ volume_root_folder }}/portainer"
@ -90,3 +104,19 @@ portainer:
ttrss: ttrss:
domain: rss.{{ base_domain }} domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss" volume_folder: "{{ volume_root_folder }}/tt-rss"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
postfix:
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ fider.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"

View file

@ -0,0 +1,59 @@
# This is a sample configuration file. You can generate your configuration
# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
LOCAL_DOMAIN={{ mastodon.domain }}
# Redis
# -----
REDIS_HOST=redis
REDIS_PORT=6379
# PostgreSQL
# ----------
DB_HOST=db
DB_USER=postgres
DB_NAME=mastodon
DB_PASS={{ postgres_passwords.mastodon }}
DB_PORT=5432
# ------------------------
ES_ENABLED=false
# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE={{ mastodon_secrets.secret_key_base }}
OTP_SECRET={{ mastodon_secrets.otp_secret }}
# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY={{ mastodon_secrets.vapid_private_key }}
VAPID_PUBLIC_KEY={{ mastodon_secrets.vapid_public_key }}
# Sending mail
# ------------
SMTP_SERVER={{ smtp_host }}
SMTP_PORT={{ smtp_port }}
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
# File storage (optional)
# -----------------------
S3_ENABLED=false

View file

@ -0,0 +1,2 @@
listen 3000;
client_max_body_size 50M; # default is 1M

View file

@ -577,7 +577,7 @@ turn_allow_guests: True
## Registration ## ## Registration ##
# Enable registration for new users. # Enable registration for new users.
enable_registration: True enable_registration: False
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
@ -604,7 +604,7 @@ enable_registration: True
# If set, allows registration by anyone who also has the shared # If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled. # secret, even if registration is otherwise disabled.
# #
registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG" registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
# Set the number of bcrypt rounds used to generate password hash. # Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash. # Larger numbers increase the work factor needed to generate the hash.
@ -699,7 +699,7 @@ track_appservice_user_ips: False
# the registration_shared_secret is used, if one is given; otherwise, # the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key. # a secret key is derived from the signing key.
# #
macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X" macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
# Used to enable access token expiration. # Used to enable access token expiration.
# #
@ -709,7 +709,7 @@ expire_access_token: False
# falsification of values. Must be specified for the User Consent # falsification of values. Must be specified for the User Consent
# forms to work. # forms to work.
# #
form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-" form_secret: "{{ matrix_secrets.form_secret }}"
## Signing Keys ## ## Signing Keys ##

View file

@ -0,0 +1,10 @@
[mta]
incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
# mailman-core hostname or IP from the Postfix server
lmtp_host: localhost
lmtp_port: 8024
# Postfix server's hostname or IP from mailman-core
smtp_host: smtp
smtp_port: 25
configuration: /etc/postfix-mailman.cfg

View file

@ -0,0 +1,11 @@
append_at_myorigin=no
append_dot_mydomain=no
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
owner_request_special = no
virtual_mailbox_maps = regexp:/opt/mailman-core-data/postfix_lmtp \$virtual_alias_maps
transport_maps = regexp:/opt/mailman-core-data/postfix_lmtp
local_recipient_maps = regexp:/opt/mailman-core-data/postfix_lmtp
relay_domains = regexp:/opt/mailman-core-data/postfix_domains
always_add_missing_headers = yes
local_header_rewrite_clients = permit_sasl_authenticated

View file

@ -0,0 +1 @@
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=

View file

@ -7,10 +7,11 @@
- name: gitea container - name: gitea container
docker_container: docker_container:
name: gitea name: gitea
image: gitea/gitea:1.12.3 image: gitea/gitea:1.15.7
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: gitea - name: gitea
- name: postfix
- name: external_services - name: external_services
volumes: volumes:
- "{{ gitea.volume_folder }}:/data" - "{{ gitea.volume_folder }}:/data"
@ -21,3 +22,16 @@
VIRTUAL_PORT: "3000" VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ gitea.domain }}" LETSENCRYPT_HOST: "{{ gitea.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
GITEA__mailer__MAILER_TYPE: "smtp"
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
GITEA__mailer__USER: "noop"
GITEA__mailer__PASSWD: "noop"
GITEA__security__LOGIN_REMEMBER_DAYS: "60"
GITEA__security__PASSWORD_COMPLEXITY: "off"
GITEA__security__MIN_PASSWORD_LENGTH: "8"
GITEA__security__PASSWORD_CHECK_PWN: "true"
GITEA__service__ENABLE_NOTIFY_MAIL: "true"

View file

@ -0,0 +1,66 @@
---
- name: create hedgedoc volume folders
file:
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
- "hedgedoc/uploads"
loop_control:
loop_var: volume
- name: copy sso public certificate
copy:
src: "files/sso/sso.data.coop.pem"
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: setup hedgedoc
docker_compose:
project_name: "hedgedoc"
pull: "yes"
definition:
services:
database:
image: "postgres:10-alpine"
environment:
POSTGRES_USER: "codimd"
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
POSTGRES_DB: "codimd"
restart: "unless-stopped"
networks:
- "hedgedoc"
volumes:
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
app:
image: quay.io/hedgedoc/hedgedoc:1.9.0
environment:
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
CMD_DOMAIN: "{{ hedgedoc.domain }}"
CMD_ALLOW_EMAIL_REGISTER: "False"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_EMAIL: "False"
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
CMD_SAML_ISSUER: "hedgedoc"
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
CMD_USECDN: "false"
CMD_PROTOCOL_USESSL: "true"
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
restart: "unless-stopped"
networks:
- "hedgedoc"
- "external_services"
depends_on:
- database
networks:
hedgedoc:
external_services:
external: true

View file

@ -0,0 +1,45 @@
- name: setup keycloak containers for sso.data.coop
docker_compose:
project_name: "keycloak"
pull: "yes"
definition:
version: "3.6"
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "keycloak"
volumes:
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
POSTGRES_DB: "keycloak"
app:
image: "quay.io/keycloak/keycloak:15.0.2"
restart: "unless-stopped"
networks:
- "keycloak"
- "postfix"
- "external_services"
environment:
VIRTUAL_HOST: "{{ keycloak.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
DB_USER: "keycloak"
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
DB_ADDR: "keycloak_postgres_1"
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
PROXY_ADDRESS_FORWARDING: "true"
networks:
keycloak:
postfix:
external: true
external_services:
external: true

View file

@ -0,0 +1,97 @@
---
- name: copy nginx configuration to link static files
template:
src: "templates/mailman/nginx_vhost"
dest: "{{ nginx.volume_folder }}/vhost/lists.data.coop"
mode: "0644"
- name: run mailman server containers
docker_compose:
project_name: "mailman"
definition:
version: '3'
services:
mailman-core:
image: maxking/mailman-core:0.3.11
volumes:
- "{{ volume_root_folder }}/mailman/core:/opt/mailman"
stop_grace_period: 30s
links:
- mailman-web:mailmain-web
- database:database
depends_on:
- database
environment:
DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@172.19.199.4/mailmandb"
DATABASE_TYPE: "postgres"
DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
HYPERKITTY_URL: http://172.19.199.3:8000/hyperkitty
MTA: "postfix"
SMTP_HOST: "{{ smtp_host }}"
SMTP_PORT: "{{ smtp_port }}"
SMTP_HOST_USER: "noop"
MM_HOSTNAME: "172.19.199.2"
networks:
mailman:
ipv4_address: 172.19.199.2
postfix:
external_services:
mailman-web:
image: maxking/mailman-web:0.3.11
depends_on:
- database
links:
- database:database
volumes:
- "{{ volume_root_folder }}/mailman/web:/opt/mailman-web-data"
environment:
DATABASE_TYPE: "postgres"
DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@172.19.199.4/mailmandb"
HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
DJANGO_ALLOWED_HOSTS: "lists.data.coop"
SERVE_FROM_DOMAIN: "lists.data.coop"
MAILMAN_ADMIN_USER: "valberg"
MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
MAILMAN_REST_URL: "http://172.19.199.2:8001"
SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
SMTP_HOST: "{{ smtp_host }}"
SMTP_PORT: "{{ smtp_port }}"
VIRTUAL_HOST: "lists.data.coop"
VIRTUAL_PORT: 8000
LETSENCRYPT_HOST: "lists.data.coop"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
mailman:
ipv4_address: 172.19.199.3
postfix:
external_services:
database:
image: postgres:13
restart: always
environment:
POSTGRES_DB: mailmandb
POSTGRES_USER: mailman
POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
volumes:
- "{{ volume_root_folder }}/mailman/database:/var/lib/postgresql/data"
networks:
mailman:
ipv4_address: 172.19.199.4
networks:
mailman:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.19.199.0/24
postfix:
external: true
external_services:
external: true

View file

@ -1,6 +1,6 @@
--- ---
- name: create mailu volume folders - name: "[Mailu] create mailu volume folders"
file: file:
name: "{{ mailu.volume_folder }}/{{ volume }}" name: "{{ mailu.volume_folder }}/{{ volume }}"
state: directory state: directory
@ -17,12 +17,12 @@
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: upload mailu.env file - name: "[Mailu] upload mailu.env file"
template: template:
src: mailu.env.j2 src: mailu.env.j2
dest: "{{ mailu.volume_folder}}/mailu.env" dest: "{{ mailu.volume_folder}}/mailu.env"
- name: hard link to Let's Encrypt TLS certificate - name: "[Mailu] hard link to Let's Encrypt TLS certificate"
file: file:
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem" src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
dest: "{{ mailu.volume_folder }}/certs/cert.pem" dest: "{{ mailu.volume_folder }}/certs/cert.pem"
@ -30,20 +30,40 @@
force: yes force: yes
- name: hard link to Let's Encrypt TLS key - name: "[Mailu] hard link to Let's Encrypt TLS key"
file: file:
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem" src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
dest: "{{ mailu.volume_folder }}/certs/key.pem" dest: "{{ mailu.volume_folder }}/certs/key.pem"
state: hard state: hard
force: yes force: yes
- name: run mail server containers - name: "[Mailman] copy nginx configuration to link static files"
template:
src: mailman/nginx_vhost.j2
dest: "{{ nginx.volume_folder }}/vhost/{{ mailman.domain }}"
mode: "0644"
- name: "[Mailman] copy postfix override"
copy:
src: mailman/postfix.cf
dest: "{{ mailu.volume_folder }}/overrides/postfix.cf"
mode: "0644"
- name: "[Mailman] copy mailman config"
copy:
src: mailman/mailman-extra.cfg
dest: "{{ mailman.volume_folder }}/core/mailman-extra.cfg"
mode: "0644"
- name: Start containers
docker_compose: docker_compose:
project_name: mail_server project_name: mail_server
pull: yes pull: yes
definition: definition:
version: '3.6' version: '3.6'
services: services:
### Mailu containers ###
redis: redis:
image: redis:alpine image: redis:alpine
restart: always restart: always
@ -117,6 +137,7 @@
env_file: "{{ mailu.volume_folder}}/mailu.env" env_file: "{{ mailu.volume_folder}}/mailu.env"
volumes: volumes:
- "{{ mailu.volume_folder }}/overrides:/overrides" - "{{ mailu.volume_folder }}/overrides:/overrides"
- "{{ mailman.volume_folder }}/core/var/data:/opt/mailman-core-data/"
depends_on: depends_on:
- front - front
- resolver - resolver
@ -149,6 +170,73 @@
dns: dns:
- "{{ mailu.dns }}" - "{{ mailu.dns }}"
### Mailman containers ###
mailman-core:
image: maxking/mailman-core:0.4
volumes:
- "{{ mailman.volume_folder }}/core:/opt/mailman"
stop_grace_period: 30s
links:
- mailman-web:mailmain-web
- database:database
depends_on:
- database
environment:
DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@{{ mailman.database_ip }}/mailmandb"
DATABASE_TYPE: "postgres"
DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
HYPERKITTY_URL: "http://{{ mailman.web_ip }}:8000/hyperkitty"
MTA: "postfix"
SMTP_HOST: smtp
MM_HOSTNAME: "{{ mailman.core_ip }}"
networks:
default:
ipv4_address: "{{ mailman.core_ip }}"
external_services:
mailman-web:
image: maxking/mailman-web:0.4
depends_on:
- database
links:
- database:database
volumes:
- "{{ mailman.volume_folder }}/web:/opt/mailman-web-data"
environment:
DATABASE_TYPE: "postgres"
DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@{{ mailman.database_ip }}/mailmandb"
HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
DJANGO_ALLOWED_HOSTS: "{{ mailman.domain }}"
SERVE_FROM_DOMAIN: "{{ mailman.domain }}"
MAILMAN_ADMIN_USER: "valberg"
MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
MAILMAN_REST_URL: "http://{{ mailman.core_ip }}:8001"
MAILMAN_HOST_IP: "{{ mailman.core_ip }}"
SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
SMTP_HOST: smtp
VIRTUAL_HOST: "{{ mailman.domain }}"
VIRTUAL_PORT: 8000
LETSENCRYPT_HOST: "{{ mailman.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
default:
ipv4_address: "{{ mailman.web_ip }}"
external_services:
mailman-database:
image: postgres:13
restart: always
environment:
POSTGRES_DB: mailmandb
POSTGRES_USER: mailman
POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
volumes:
- "{{ mailman.volume_folder }}/database:/var/lib/postgresql/data"
networks:
default:
ipv4_address: "{{ mailman.database_ip }}"
networks: networks:
default: default:
driver: bridge driver: bridge

View file

@ -0,0 +1,118 @@
- name: create mastodon volume folders
file:
name: "{{ mastodon.volume_folder }}/{{ volume }}"
state: directory
owner: "991"
group: "991"
loop:
- "postgres_data"
- "redis_data"
- "mastodon_data"
loop_control:
loop_var: volume
- name: Copy mastodon environment file
template:
src: files/configs/mastodon/env_file.j2
dest: "{{ mastodon.volume_folder }}/env_file"
- name: upload vhost config for root domain
template:
src: files/configs/mastodon/vhost-mastodon
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
- name: set up mastodon
docker_compose:
project_name: mastodon
pull: yes
definition:
version: '3'
services:
db:
restart: always
image: postgres:14-alpine
shm_size: 256mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
redis:
restart: always
image: redis:6-alpine
networks:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- "{{ mastodon.volume_folder }}/redis_data:/data"
web:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- external_services
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- '127.0.0.1:3000:3000'
depends_on:
- db
- redis
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
environment:
VIRTUAL_HOST: "{{ mastodon.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
streaming:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: node ./streaming
networks:
- external_services
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
ports:
- '127.0.0.1:4000:4000'
depends_on:
- db
- redis
sidekiq:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: bundle exec sidekiq
depends_on:
- db
- redis
networks:
- postfix
- external_services
- internal_network
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
networks:
external_services:
external: true
postfix:
external: true
internal_network:
internal: true

View file

@ -53,7 +53,7 @@
- name: upload homeserver.yaml - name: upload homeserver.yaml
template: template:
src: "files/configs/matrix/homeserver.yaml" src: "files/configs/matrix/homeserver.yaml.j2"
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml" dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
- name: upload matrix logging config - name: upload matrix logging config
@ -82,7 +82,7 @@
matrix_app: matrix_app:
container_name: matrix container_name: matrix
image: matrixdotorg/synapse:v1.18.0 image: matrixdotorg/synapse:v1.47.1
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -102,7 +102,7 @@
riot: riot:
container_name: riot_app container_name: riot_app
image: avhost/docker-matrix-riot:v1.7.3 image: avhost/docker-matrix-riot:v1.9.0
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix

View file

@ -1,48 +1,42 @@
--- ---
- name: setup nextcloud containers
- name: nextcloud network docker_compose:
docker_network: project_name: "nextcloud"
name: nextcloud pull: "yes"
definition:
- name: nextcloud database volume services:
docker_volume: postgres:
name: nextcloud_db image: "postgres:10"
restart: "unless-stopped"
- name: nextcloud database container
docker_container:
name: nextcloud_db
image: postgres:10
state: started
restart_policy: always
networks: networks:
- name: nextcloud - "nextcloud"
volumes: volumes:
- nextcloud_db:/var/lib/postgresql/data - "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
env: environment:
POSTGRES_DB: somethingelse POSTGRES_DB: "nextcloud"
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
POSTGRES_USER: "nextcloud"
- name: nextcloud app volume app:
docker_volume: image: "nextcloud:22-apache"
name: nextcloud_app restart: "unless-stopped"
- name: nextcloud app container
docker_container:
name: nextcloud_app
image: nextcloud:apache
state: started
restart_policy: always
networks: networks:
- name: nextcloud - "nextcloud"
- name: external_services - "external_services"
volumes: volumes:
- nextcloud_app:/var/www/html - "{{ nextcloud.volume_folder }}/app:/var/www/html"
env: environment:
VIRTUAL_HOST: "{{ nextcloud.domain }}" VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}" LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: nextcloud_db POSTGRES_HOST: "nextcloud_postgres_1"
POSTGRES_DB: nextcloud POSTGRES_DB: "nextcloud"
POSTGRES_USER: nextcloud POSTGRES_USER: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
networks:
nextcloud:
postfix:
external: true
external_services:
external: true

View file

@ -29,6 +29,7 @@
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html" - "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam" - "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro" - "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
- "{{ volume_root_folder }}:/docker-volumes/:ro"
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- name: nginx letsencrypt container - name: nginx letsencrypt container

View file

@ -17,7 +17,7 @@
- name: openLDAP container - name: openLDAP container
docker_container: docker_container:
name: openldap name: openldap
image: osixia/openldap:1.2.2 image: osixia/openldap:1.5.0
tty: true tty: true
interactive: true interactive: true
volumes: volumes:
@ -57,7 +57,7 @@
- name: phpLDAPadmin container - name: phpLDAPadmin container
docker_container: docker_container:
name: phpldapadmin name: phpldapadmin
image: osixia/phpldapadmin:latest image: osixia/phpldapadmin:0.9.0
networks: networks:
- name: external_services - name: external_services
- name: ldap - name: ldap

View file

@ -8,7 +8,7 @@
- name: run portainer - name: run portainer
docker_container: docker_container:
name: portainer name: portainer
image: portainer/portainer-ce:2.0.1 image: portainer/portainer-ce:2.9.1
restart_policy: always restart_policy: always
networks: networks:
- name: external_services - name: external_services

View file

@ -8,12 +8,23 @@
gateway: 172.16.0.1 gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail - name: setup postfix docker container for outgoing mail
vars:
mynetworks:
- 127.0.0.0/8
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 172.19.199.2
- 172.19.199.3
allowed_sender_domains:
- "{{ base_domain }}"
- "lists.data.coop"
docker_container: docker_container:
name: postfix name: postfix
image: boky/postfix image: boky/postfix:v3.5.0
restart_policy: unless-stopped restart_policy: always
networks: networks:
- name: postfix - name: postfix
env: env:
ALLOWED_SENDER_DOMAINS: "{{ base_domain }}" ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as

View file

@ -0,0 +1,3 @@
location /static/ {
alias {{ volume_root_folder }}/mailman/web/static/;
}

View file

@ -8,6 +8,7 @@
- python3-pip - python3-pip
- apparmor - apparmor
- haveged - haveged
- mosh
- name: Install necessary packages via pip - name: Install necessary packages via pip
pip: pip:

View file

@ -1,21 +1,25 @@
--- ---
- name: "Add users" - name: "Add users"
user: user:
name: "{{ item.key }}" name: "{{ item.name }}"
comment: "{{ item.value.comment }}" comment: "{{ item.comment }}"
password: "{{ item.value.password }}" password: "{{ item.password }}"
update_password: "on_create" update_password: "on_create"
groups: "{{ item.value.groups }}" groups: "{{ item.groups }}"
with_dict: "{{ users | default({}) }}" loop: "{{ users | default([]) }}"
- name: "Add ssh authorized_keys" - name: "Add ssh authorized_keys"
authorized_key: authorized_key:
user: "{{ item.key }}" user: "{{ item.0.name }}"
key: "{{ item.value.key }}" key: "{{ item.1 }}"
with_dict: "{{ users | default({}) }}" with_subelements:
- "{{ users | default([]) }}"
- keys
- name: "Add ssh authorized_keys to root user" - name: "Add ssh authorized_keys to root user"
authorized_key: authorized_key:
user: "root" user: "root"
key: "{{ item.value.key }}" key: "{{ item.1 }}"
with_dict: "{{ users | default({}) }}" with_subelements:
- "{{ users | default([]) }}"
- keys