Compare commits

..

48 commits

Author SHA1 Message Date
Víðir Valberg Guðmundsson 11b2e42637 Upgrade 2022-05-08 21:54:40 +02:00
Víðir Valberg Guðmundsson e9421fd928 Updated secrets. 2022-05-08 21:28:45 +02:00
Jesper Hess 1fb6f10433 graffens experiments 2022-05-08 21:28:44 +02:00
Víðir Valberg Guðmundsson 7abd92517f Move mailman containers to the mailu.yml file. 2022-05-08 21:28:06 +02:00
Víðir Valberg Guðmundsson 4f28fa9a9f Fix sending mails from mailman-web. Fix static files. 2022-05-08 21:28:04 +02:00
Víðir Valberg Guðmundsson 8f77f152ea Right port. 2022-05-08 21:27:40 +02:00
Víðir Valberg Guðmundsson fcd97ffc89 Getting closer... 2022-05-08 21:27:40 +02:00
Víðir Valberg Guðmundsson 827c70e722 Upgrade mailman containers. Add some actual secrets. Add (probably wrong) ips to postfix mynetworks variable. 2022-05-08 21:27:36 +02:00
Víðir Valberg Guðmundsson 9e686078be Some mailman stuff. 2022-05-08 21:25:59 +02:00
Víðir Valberg Guðmundsson 29971520d5 Rename smtp hostname to smtp.data.coop. 2022-05-08 13:58:21 +02:00
Víðir Valberg Guðmundsson e74753cab4 Mastodon! 2022-05-07 22:53:18 +02:00
Reynir Björnsson c0ec5c3853 Update host ip 2022-03-02 15:44:40 +00:00
Reynir Björnsson 3791e1351a Install mosh 2022-01-31 10:57:24 +00:00
Reynir Björnsson 25eab11d12 Add another key for reynir 2022-01-28 13:15:17 +00:00
Reynir Björnsson 5d745e0cde Allow for multiple ssh keys
This required restructuring users.yml.
2022-01-28 13:15:14 +00:00
Reynir Björnsson 54a38114d6 gitea: Enable notify emails 2022-01-28 13:13:12 +00:00
benjaoming 17d4513b97 Add security and password policy customization
I need someone with a functional Docker setup to help test this :)

Tip from a new user that we are requiring stupid password stuff

https://www.bbc.com/news/technology-40875534
2022-01-24 09:53:59 +00:00
Reynir Björnsson 36534604c1 Add dummy user and pass
It seems perhaps it is required by gitea before it will enable email
2022-01-24 09:39:03 +00:00
Reynir Björnsson d73cc9e28f Gitea mail typo: smpt_port -> smtp_host 2022-01-24 09:25:44 +00:00
Reynir Björnsson 554024f2b2 Gitea mail: add crucial configuration 2022-01-24 09:19:54 +00:00
Reynir Björnsson ac455beac0 Add quotes
Non-string value found for env option. Ambiguous env options must be wrapped in quotes to avoid them being interpreted. Key: GITEA__mailer__ENABLED
2022-01-24 09:07:49 +00:00
valberg 1680ab0fc9 gitea-enhancements (#70) 2022-01-23 19:01:32 +00:00
valberg 499bd20ad1 Merge pull request 'Refactor allowed_sender_domains and allow more domains' (#69) from reynir/ansible:postfix-allowed_sender_domains into master
Reviewed-on: #69
2022-01-23 16:38:30 +00:00
Reynir Björnsson e3156c7c01 Gitea: setup mailer, raise LOGIN_REMEMBER_DAYS 2022-01-20 13:48:04 +00:00
Reynir Björnsson 6e57f1d0c2 Refactor allowed_sender_domains and allow more
A new object 'postfix' is created with a list of allowed_sender_domains.
Any services that expect to send mail this way should add its sender
domain to that list.
2022-01-20 13:36:48 +00:00
Jesper Hess 04b3fb4baa
Upgrade gitea -> v1.15.7 2021-12-14 16:24:02 +01:00
Jesper Hess c2f1f10e0d Merge pull request 'Define referenced variable nextcloud.volume_folder' (#67) from nextcloud-fixup into master
Reviewed-on: #67
2021-11-23 14:31:55 +00:00
Reynir Björnsson 9e0fcfc4a7 Define referenced variable nextcloud.volume_folder 2021-11-23 13:49:50 +01:00
Reynir Björnsson 68c82a785b Upgrade synapse to v1.47.1 2021-11-23 13:12:15 +01:00
Jesper Hess 682e205c0b Bump OpenLDAP to 1.5.0 and phpLDAPAdmin to 0.9.0 2021-10-11 18:53:22 +02:00
Jesper Hess e64c858df8 Bump portainer version to 2.9.1 2021-10-11 18:52:39 +02:00
Jesper Hess c0bd431d3c Change default sender domain to @services.data.coop so as not to cause issues with our @data.coop emails 2021-10-10 18:03:09 +02:00
Jesper Hess a5a2d38b0c Bump Synapse to v1.44.0 and Element to v1.9.0 2021-10-10 15:25:54 +02:00
Jesper Hess c34d9fcb90 Add Hedgedoc
- Add Hedgedoc as a replacement for CodiMD.
- Integrate it with the new SSO system
2021-10-09 22:42:35 +02:00
Jesper Hess 5294b5f230 Merge pull request 'Add keycloak service' (#66) from keycloak into master
Reviewed-on: #66
2021-10-09 12:20:18 +00:00
Jesper Hess 270b7aa0e1 Merge branch 'master' into keycloak 2021-10-09 12:19:45 +00:00
Jesper Hess b6c2db6434
Switch NextCloud to docker_compose in Ansible + upgrade to v22 2021-10-09 14:13:18 +02:00
Jesper Hess 2af5165349
Upgrade portainer to 2.9.0 2021-10-07 20:59:38 +02:00
Jesper Hess ca6c3a96a1
Comment out the KEYCLOAK_USER and KEYCLOAK_PASSWORD since they mess up things after first run 2021-10-07 20:58:31 +02:00
Jesper Hess e6ee76ddde Merge branch 'master' into keycloak 2021-10-07 11:31:07 +00:00
Jesper Hess 19e7a397e3 Merge pull request 'Bump element to v1.8.4' (#65) from element.v1.8.4 into master
Reviewed-on: #65
2021-10-07 11:26:56 +00:00
Jesper Hess 2c8482a5ab Merge branch 'master' into element.v1.8.4 2021-10-07 11:26:42 +00:00
Jesper Hess 3999db2eff
Add keycloak service 2021-10-07 13:20:30 +02:00
Reynir Björnsson 43f39c981d Bump element to v1.8.4
See https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
2021-09-14 15:30:08 +02:00
Jesper Hess b39df6003b
Disable Matrix registrations and move Matrix secrets to Ansible vault.
Fixes #46
2021-07-03 09:12:18 +02:00
Jesper Hess 0ef4f972ed
Update Element -> 1.7.29 & Synapse -> 1.34.0 2021-05-28 06:23:46 +02:00
Jesper Hess 9b1dc31163 Merge pull request 'Use inventory in ansible.cfg' (#60) from hosts into master
Reviewed-on: #60
2021-03-05 07:49:59 +00:00
Reynir Björnsson 62cc00bea7 Use inventory in ansible.cfg 2021-03-04 13:52:25 +01:00
23 changed files with 573 additions and 169 deletions

View file

@ -1,2 +1,3 @@
[defaults] [defaults]
remote_user = root remote_user = root
inventory = datacoop_hosts

View file

@ -1,3 +1,3 @@
###################################### ######################################
### All hosts ### All hosts
85.235.225.231 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3 85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
BASE_CMD="ansible-playbook playbook.yml -i datacoop_hosts --vault-password-file ~/.vault_password_file" BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "Deploying all!" echo "Deploying all!"

View file

@ -1,87 +1,144 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62393230613162353938306335363361323162356461613234306332653236326632323038663738 31306164623264616463396230366434306365373135343931323331383866613138316334316538
3832663036633166373961623738323162363532633638350a636565346534616431343862356534 3438343537333866353334646637633731643132323163340a613034626335613934396235666163
62306562623663623438623263636262303938303562343463333365613834623434623232303531 36333730376435393436323937323036366137366231626263376165306137613961383933383436
6135343464616438360a383163343838323762626435346564313364376566356638623165363537 3166393134323736390a383666623161316133313163383036356264353733643562663362616161
65616337373633613530393361613561333939666131316366303761303964343762306462633038 31393930613562613735643438303561346538386461333435393334376133376539643139376435
36303332336633653432613036346332663863376531623561343433383662623861633862363230 31363737343234353234356430663531643861306463663739626666373336663339613361393531
65316536626365303764393839626364326539336637643631336439653761633730636562653066 38663237366566663135393661386334316661303163613837313837316666343065643430363535
62353637633365336237663935383937633732363830623232376463326132353062336232363539 61333633616532613033383366386461386638363466323333306532363232333030616563616561
64376632616631353138376263383162353866316366316562666538383538633038373535663033 63346633333666373861333737383934336562613134376632303761363838346630333364643437
32663363383037666663373335306138623032343939313436656531616234303763396630663639 31386332353830333036326530656530653339316137396538386639396638643231396237653430
66656538393538666166386635643563633465306662366436383936306233376361663331353630 30303733333337663130333239643161666634613231623066323333373865303730326265646666
64333731396134646236653963356435656535613365353635383734346131383066356431663061 30666430656266343530326133633962613764646335313738333232313334633138366237373339
37333533623439623164323738363035633664353831363162376331613965613635653663303339 61396363343131376237656438343138333031306262383635306564343734663037323634616436
36623035633865633131363061346366643865636433303733613731643863333764313135616433 38306633316262393965336332636466643261666133373166366636306161363839616439343831
30396636653734656631323562343330653839346461653037353439636135316134396533383731 33646262616134626564396237663662343761326366666539626135343365396666666631376363
62303164366366616163656462346264383633353164333335613034363636373339613538376166 32616562336533343733613536373038643862623863616463633537303237363839613830323832
38333238666334656632376465346538323938653661656130313232656137316463346430663134 32323038306266363031656134376636316431663962653731613761363666313437313832363565
36636465356661666138616530326436326238383834336635663963363530316335613233396334 65643339626165663864383035376164323834333762656438656462386234623461663034616330
36346634656331623039383266303437323239646563326161653831363833653338386533616231 35373633626239393966333236613536623230326262633835383635633066393132343964633736
39613939393334353536613262643030323535396634363330396465303230646133356238373865 64353161323630313461323565333535613532663137376461333133633564326665356430303536
62316630303366643965363835336563393838373933393435616532636338376265303830376162 63636135393137346135306339373839336438333334306461366330353264613766366564613933
64653931343464656532373831666663326532373631376265636338323430396666383736636438 66383065343134623564333730656362336662326535643330636533666435643364353665653137
37346535373761663338653035653738396430316261326333313532653638393535386139376266 35346365373735663466373832343431646533663231643461343839643235396239326261303333
32333037303831653364336130646462616537383035633338653435633938303638633364336635 62346463646162646566623838613864303535643834383331346532343134663163653038376463
33343963666162356534656635316261353930336431323539393066333930323236396566356330 30626531646364363763613937386235363136326336386636333337656462303032386239613661
62333162353965616465396365616630313363636135633835353939633662363664343266373562 62656661313538663639393132363862316530396532383538326166626662633765353062396438
36636666343765653530653435316466356139323236356638383230623730643637613633633565 37396666333036343964386139313031393835336362316336626135373561396330383135333238
32353234656233353734653233323563313764613333653331333232653730396635633438633362 65643166656533383138353134633565396435333230306432343834643063303035363435633035
34306337653732646236346361663937616332353765613131393339393766313131633561376430 35636163626130363134383663653834646332666232326236633861346166333266306336353465
62386662393864303865303438616637303363646462313634383431373736643230653665636165 63363263376533303531343164303739663737616433346537653638663334343830323363343731
39636638656534363862633134663962383138656637386462356261336465386431343036646233 38373963666466323664396236326663343334313235346436363933656666613530303231653731
64666166346334333862653035303461626235633830623639643166373238373136343061303837 34323465636135383166333533613431333531626163366137393332643765306461333037616161
39633133653761646231653639653262366334373963343236363233373635306638653865653730 37383737653532626237633331306639343339356238393964353335333637353466393463366235
34616230343637616232313639333136313231393133346532353761623038656531376337333339 31633965303433333631313362626263633334326630653461353666356165333933363735323339
63316364386162616438303263653936643135316661633266613033366232383232356331336133 33333465613962363763653838306630626261613266366237663430353332626661396364396336
35313836363361363637383637643831313238613136396637386136633061666430313963633933 66376564616664363764623566323365313833653931343965613532306362373139323038366336
37343663666130326139643663313534313835643162363566396430363831343965613363366161 62653738303037656639636430383734333634666233363736303065396438306636383364383466
30353165313932623536393734306461616662663763333031623738383437643862623632656161 66303438313536666665633537316432313132356434353864383033343666306162626464626334
31323432633962613366306435626339663638633931323161373331353635306536623836376432 36363036376234663665666664316633383861313365363561383538393061353537633030353265
37373033306530623162316430613933366331303766386538396666346464363662646639643634 66303030306562626565626231663037323939386365393365376537633263343935363136366634
31373064646630343035326336376464663231343239643137353731303761643037313561313039 33613036343439386334333639363637313566623733643437363666333066393262373331666336
32613631353862376230316130333936376565373961383838383932396363396533316530383830 39653662303634343561616162386433653365326530386333366664353237356466333063386332
37386139396637613131366161376431323565643434333531656330643331653734393038303336 32623135336131663236383730636363333038356135633337646464396235373866323739326365
31366538663231623937653730326264633531623333363932656138396637303932333662383935 66313739376538356536396561333033623339306331656561643637316439383363346338636463
39323437396361613038376335353732333839383965313262643165363635386231666634653665 32666161323530643535333366313334323532666435633061333934623462666638383837333537
63333034663735623438393063333064363133396537646433383861613337313631633634343063 37363031303661616366616363633361323031346362393664653039323865656433633262386265
34303065343965343633653331393131613334356162323466656164343730323032396134303763 61383233393033623834353965663837646663633133353936373237356636303037656463323264
63393835646361316530643932613531326235313961663937653264656535623932303038616662 36636161326339313666373134633139326365646265643164623430636138666130663934633037
39336136346361636132303434373461333466333833313139346531303837306238613664613731 63653038373965316535633136663031383230393565396339316538656230646366373435363763
33363766393862663336383930326638346132326138623537656263366262353637626436313736 61383364343566663538323234373633393065633866613338363233373532313232356266333464
32643837303761336230353037663235323265313939323436323736366565663533626365376361 35646239373531373465333564343463616633346633393434363231633438386337663438396233
62633730373864386438653137326136373866363164616633636137356133643330623035323838 64323437346662616431383365636430386537316535303130633539303933303664663764333066
33326137393937383833346537633361383966313230636133363663373638373864393838636161 37306662393463363564373836333533616130646364396532363033626131363836353762616565
64386631366530653063656634336537396330633763336235393538356139323565336134326337 37623537346632633739666138616361636364643262613836646162656564373462386564333736
61633330333164643166373064623032356135623336393262386461646535326462393638373866 66613861646666656632396139316361343333373438366664663639336337366530366561626364
37626266393962393564306530336462323137386434626363383365366238636235356432323533 61646663633666393135613530373064313135613636623462616661353565653931643039626134
65343262666162643932393061363531346464393363623037366639376536386234646135646330 64666537303437653838613463653465643737383962643937343632356565333734373634396465
36623837356637353132643435633632356266323830653866393636316130306538336334376234 37383865313031636164626361346365373530626636343735636261343533636235663863346238
36303265363037306436346666376337653837373839313732386131306535666639653733353737 39353035326464383433633833613739616561336631663537323634623661653965326263633966
66353531623431663532623865373931656233333234356532363730643234633963653435356237 64353232363263323564323464353633343232643133323565653366633035646234666130613364
61633134333536616235626666333738613637366264613961333663336330653132313234653132 37643361373430643064386335636237333839653163623631663230613935613563353433366435
39383336623736333634633863356366383430306465373932366534626131343236336439343663 36303739316663363832316663666263663566373063633632303734333066613135633532346265
38643133626566366163653164356436313661626432653435616630336563386466383939613038 32396466626433383037346465653534643738613130616362396630373131653739373636356163
30336433663563343532663032633161363535643962646161396531646130343431663863633736 39333437393364363130313561303736373038343362636137333537316530363039316261313561
33656437363432623135313163323064353863303164656661633161616536313165383939663935 61343238623731623032346664326639353565386230333565373233333362306665663166666161
65393164363533663934643034316332643137643861333233303062333138633337323330323865 65323436303438663861303735643135336361336332643838393865623539633462396131366536
63633538626537363739623132336466393835316565633936616562656466316363623432303231 65363030376534333263323664353536316239363835343063363662613939656437343733306239
37383465393034346130616632616539653735323730633035333138373632313662373566373265 35663331643463336465313137306631613732623864356233303439343930646430643138643064
63623761323763616634343966386233306435633965633764363133306531363739613039386231 33643963643764393466393963613539363137313634333661356437383231636162396365366239
39376432656662653165373162623565393964396538653065343164663233313465363537663963 31313561373137626434323061343064613862376139303031623735383566343462616265313832
35326461313761363734306664623265663335333661633732626233323332383335613437633936 35623365343037643435343638363836373963383934653434333635346430613763613863636630
66383031363332353937303165643864666236356133643861373032613366333837356434613437 61313533303631333564383530653333326464626536646334323761343131373835323261316466
63346637316465306330306135343338623238363139633939653730323961353630353365323938 64663431376632366437663430316138333238313637666634373132643430306635616331656364
30373165336337303434316336363737623439306633306363383433383666653661613030393466 39666461663830666634363938653638663238343837336466383539656162366332626235303332
35323762616664393838396365636334626130663839666438633361356164663562303930623664 32393738376266323330383932666564333337353866313134326634373263346233646238303639
39653235646230363031613061383563663761636131623064633265363737633433623130316234 62393661636431343663393135656439353137396535663131323264636261393436356234393139
32643836393530373535353732373730303932313131653465353432353065326566633965656531 36623830323435653733353066613461626338626438626533363938666139643037373264393735
64323462616638646234636662346532663964366538653934646538303237366531613939666338 33326363303936346362646532626531343039386133643439613239636232636138636161623861
64643666626338333036363234663664326439306432353833633637373439616661666434313831 37373030656336303430656536396332613763313338653337326334303664356136626336383065
34383334386538656564653862333565623165316439666235376535396232336263663033396532 37326332623231353939623763616464663166336163616235663639353863386238363933616234
31393866636661303934306536343065366265376131326238616338336161646139393464346534 30373737653661626464666233363438343566323530613866346261333262316332303437303239
34643664646535316133636236356430316434613762313738623066653336616339383366653934 61616138303432393566356463643730323765323430303065656532353338636533326438653533
32663930333366623032663838656632643532303136663664303035346237616630653262346461 33613332333664366333663735323332386234376137613837643434646539653964303432393864
33343066346233313534323831646139636263306132666563333963633664323463333262316664 38333332343536313865303331623330393039383136643932373331356436373634663737626239
65636635333562636333303964666164393533653033336539663162333764376362373165613734 34626133363236343931383665333634303763323265613931653865636439353362623264323033
6366393631666464616334646262316161363136646334356133 30633133643933393161306233343734646431326538663164616361626266646565663939366261
30623932356433303765343730646166653362626463323564656163613131646466323336643938
64613232666261396232316332386165383465356639663762373138323066643232396266323738
61633938393131366431613966383133356334383830653264383739346333366564666135326431
31306230333933656339626461643365316465616334336133666431616461383632383436356534
39376430616235326337373566383463396131613537643535376230303832333565353737353130
65383365636362393863373334336366356164346637323231643336393336613636376235333437
62336562343132623565303130393562383736303439313235323631343539343836623337646331
65633535373139663231633337626263363936366238633231666533646539343334313964643061
33623739643262333232653335393561353739323433313466393432353665333339653761393635
36383238653936383836396436383861353365373033316434353965656635666338626539643638
36313162376666653933363036666564363563353836613637653266313936333731653563326330
31626366386535376262626565333034396338326163376237366564336430643765613539613236
37313036383631663363663064393365313538313663386563613864626365376330356333356562
37386432393230353666613339343736336236653865353036356536626265636135373431383534
63346436326131346230326564336436616430636664326231663464616334366461623733353734
34646633653030366535373961633663353239373162303431303238366133393066663161616361
62366262626131386163616534383064326466643437366631366464326366306666326637306263
32663637363562336637333230346432353562323233373065303534666239656263356462393465
36626436393232646362643731613636643436323261656566396136376538633930383566396139
66356562613237303533353063616433346231623931656362623733356537663661616361653438
30383937623565306635663235656239303865643933343231366463636331653337316231383763
64643332626339386265633965396239383161366133626538346365316130323561656237353164
33643365353435386632366231343533623964343938336431386462316638333132353231363836
36666666643335353432353638613663613961343163653039393362396361626162633862363233
64313865356562643765303739366338313039643738373134326634613532343832366532656136
34656237376232646565366466336432376264303039333339393538666133313633393761353966
32636430633137663336353839616431646232636436336661643039643566613835373030626465
31313630346562313365376539346164313265653934383662663863376434383363323435383364
32626632333666303232323563613663363063386238303865323935313639623839393331323562
34666661366139633933366164663532653131666162663632396130333737313663383464316431
30366133666437363466316536356232353832356136643036663463316338343435316535353762
31356233633734616134373161316436353938323537663562376230376361653561316139343933
64346336613764366334666162316533363930623735363461663965646566303530313061623662
38643964326135363234343762626164353161323962636530656533353032333264333036396265
39366263643535343731353065336130333430663135323665613638303863343138313033356630
64363430663537306334636435346335653261643339636436383261346461353034633636373337
34343534636234306662616564616134636530363362326639346138393430343562386166663539
65656136373438623436663836646132363530316630393533356539343463616232353938663165
30306135333130643666616161303530626436626463663931346362303530666665646131656462
62643037373138313635643939636230663731386565333165333865383936376438323536383666
64313335653364346664653239633164393133376138333231353032623966393437373064616462
36336639316463623432653861666261346531623264336535616633646335663837383236343031
36303237636234356631663538626535356536333336323964313862353432356533633161306439
61366364643137633839313964383538343763616163346434356633386563323636353138336234
38393438653637386364613734373837366562356266383238663764656263383737353034343232
35386166396163323738666137616564666638616532366564366432326532623833313939646665
64656634336635303235303465396462626565386133623866306532353730323932613361346330
38376362656466343562636539313264643330353139336139653866383935373930636230393161
39396662653637636637333965623763343136623632396535623131303764353539393362663165
64326337663137326432373864643438653836303538653138643534383765653239353633393162
35653465636437393135303238343664386633396239323437396531656332653534383834356438
32373463653863333161326266306135356238343737623735383764313366663136363533663936
64656561646661336261633161633532353766333230306565616638343330643033613366363566
63396463386266346161376535363339653437306664626134303037656663356432333466393332
66613365306536333134643763376166646561326330326335363235393437313632326162333136
35643833376365616337376365343230343437333461356135333338363966666435323831616135
623538643430323665623033623939656232

View file

@ -10,6 +10,8 @@ postgres_passwords:
codimd: xxx codimd: xxx
mailu: xxx mailu: xxx
ttrss: xxx ttrss: xxx
keycloak: xxx
mastodon: xxx
fider_jwt_secret: xxx fider_jwt_secret: xxx
@ -31,6 +33,21 @@ restic_secrets:
user_secret: xxx user_secret: xxx
encryption_secret: xxx encryption_secret: xxx
matrix_secrets:
registration_shared_secret: xxx
macaroon_secret_key: xxx
form_secret: xxx
keycloak_secrets:
admin_user: xxx //used for setting up the initial admin user on first run
admin_password: xxx
mastodon_secrets:
secret_key_base: xxx
otp_secret: xxx
vapid_private_key: xxx
vapid_public_key: xxx
mailman_secrets: mailman_secrets:
postgres_password: xxx postgres_password: xxx
hyperkitty_api_key: xxx hyperkitty_api_key: xxx

View file

@ -1,24 +1,28 @@
--- ---
users: users:
graffen: - name: graffen
comment: Jesper Hess Nielsen comment: Jesper Hess Nielsen
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30 password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
valberg: - name: valberg
comment: Vidir Valberg Gudmundsson comment: Vidir Valberg Gudmundsson
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/ password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
reynir: - name: reynir
comment: Reynir Björnsson comment: Reynir Björnsson
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0 password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
groups: groups:
- sudo - sudo
keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
volume_root_folder: "/docker-volumes" volume_root_folder: "/docker-volumes"

View file

@ -12,6 +12,7 @@ thelounge:
nextcloud: nextcloud:
domain: "cloud.{{ base_domain }}" domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
gitea: gitea:
domain: "git.{{ base_domain }}" domain: "git.{{ base_domain }}"
@ -39,9 +40,13 @@ privatebin:
volume_folder: "{{ volume_root_folder }}/privatebin" volume_folder: "{{ volume_root_folder }}/privatebin"
codimd: codimd:
domain: "pad.{{ base_domain }}" domain: "oldpad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/codimd" volume_folder: "{{ volume_root_folder }}/codimd"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
netdata: netdata:
domain: "netdata.{{ base_domain }}" domain: "netdata.{{ base_domain }}"
@ -99,3 +104,19 @@ portainer:
ttrss: ttrss:
domain: rss.{{ base_domain }} domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss" volume_folder: "{{ volume_root_folder }}/tt-rss"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
postfix:
allowed_sender_domains:
- "services.{{ base_domain }}"
- "{{ passit.domain }}"
- "{{ fider.domain }}"
- "{{ gitea.domain }}"
- "{{ mastodon.domain }}"
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"

View file

@ -0,0 +1,59 @@
# This is a sample configuration file. You can generate your configuration
# with the `rake mastodon:setup` interactive setup wizard, but to customize
# your setup even further, you'll need to edit it manually. This sample does
# not demonstrate all available configuration options. Please look at
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
# Note that this file accepts slightly different syntax depending on whether
# you are using `docker-compose` or not. In particular, if you use
# `docker-compose`, the value of each declared variable will be taken verbatim,
# including surrounding quotes.
# See: https://github.com/mastodon/mastodon/issues/16895
# Federation
# ----------
# This identifies your server and cannot be changed safely later
# ----------
LOCAL_DOMAIN={{ mastodon.domain }}
# Redis
# -----
REDIS_HOST=redis
REDIS_PORT=6379
# PostgreSQL
# ----------
DB_HOST=db
DB_USER=postgres
DB_NAME=mastodon
DB_PASS={{ postgres_passwords.mastodon }}
DB_PORT=5432
# ------------------------
ES_ENABLED=false
# Secrets
# -------
# Make sure to use `rake secret` to generate secrets
# -------
SECRET_KEY_BASE={{ mastodon_secrets.secret_key_base }}
OTP_SECRET={{ mastodon_secrets.otp_secret }}
# Web Push
# --------
# Generate with `rake mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY={{ mastodon_secrets.vapid_private_key }}
VAPID_PUBLIC_KEY={{ mastodon_secrets.vapid_public_key }}
# Sending mail
# ------------
SMTP_SERVER={{ smtp_host }}
SMTP_PORT={{ smtp_port }}
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
# File storage (optional)
# -----------------------
S3_ENABLED=false

View file

@ -0,0 +1,2 @@
listen 3000;
client_max_body_size 50M; # default is 1M

View file

@ -577,7 +577,7 @@ turn_allow_guests: True
## Registration ## ## Registration ##
# Enable registration for new users. # Enable registration for new users.
enable_registration: True enable_registration: False
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
@ -604,7 +604,7 @@ enable_registration: True
# If set, allows registration by anyone who also has the shared # If set, allows registration by anyone who also has the shared
# secret, even if registration is otherwise disabled. # secret, even if registration is otherwise disabled.
# #
registration_shared_secret: "jnJ5gfTj_qi#H0:vnPZx7OH*Qz.9u4cxpq.wHcHEAfuhcMgpxG" registration_shared_secret: "{{ matrix_secrets.registration_shared_secret }}"
# Set the number of bcrypt rounds used to generate password hash. # Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash. # Larger numbers increase the work factor needed to generate the hash.
@ -699,7 +699,7 @@ track_appservice_user_ips: False
# the registration_shared_secret is used, if one is given; otherwise, # the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key. # a secret key is derived from the signing key.
# #
macaroon_secret_key: "PLawJ8o.Q_.pR3Rr.vJO3=F&eAe=b~g6hVOKbrRrSl#w5Eqr8X" macaroon_secret_key: "{{ matrix_secrets.macaroon_secret_key }}"
# Used to enable access token expiration. # Used to enable access token expiration.
# #
@ -709,7 +709,7 @@ expire_access_token: False
# falsification of values. Must be specified for the User Consent # falsification of values. Must be specified for the User Consent
# forms to work. # forms to work.
# #
form_secret: "ssHGS0,URi,oQ8~Upfi53meultXQ-Vo-r5XgKjP.u42qL;WGc-" form_secret: "{{ matrix_secrets.form_secret }}"
## Signing Keys ## ## Signing Keys ##

View file

@ -0,0 +1 @@
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=

View file

@ -7,10 +7,11 @@
- name: gitea container - name: gitea container
docker_container: docker_container:
name: gitea name: gitea
image: gitea/gitea:1.12.3 image: gitea/gitea:1.15.7
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: gitea - name: gitea
- name: postfix
- name: external_services - name: external_services
volumes: volumes:
- "{{ gitea.volume_folder }}:/data" - "{{ gitea.volume_folder }}:/data"
@ -21,3 +22,16 @@
VIRTUAL_PORT: "3000" VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ gitea.domain }}" LETSENCRYPT_HOST: "{{ gitea.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
GITEA__mailer__MAILER_TYPE: "smtp"
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
GITEA__mailer__USER: "noop"
GITEA__mailer__PASSWD: "noop"
GITEA__security__LOGIN_REMEMBER_DAYS: "60"
GITEA__security__PASSWORD_COMPLEXITY: "off"
GITEA__security__MIN_PASSWORD_LENGTH: "8"
GITEA__security__PASSWORD_CHECK_PWN: "true"
GITEA__service__ENABLE_NOTIFY_MAIL: "true"

View file

@ -0,0 +1,66 @@
---
- name: create hedgedoc volume folders
file:
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
state: directory
loop:
- "db"
- "hedgedoc/uploads"
loop_control:
loop_var: volume
- name: copy sso public certificate
copy:
src: "files/sso/sso.data.coop.pem"
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
mode: "0644"
- name: setup hedgedoc
docker_compose:
project_name: "hedgedoc"
pull: "yes"
definition:
services:
database:
image: "postgres:10-alpine"
environment:
POSTGRES_USER: "codimd"
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
POSTGRES_DB: "codimd"
restart: "unless-stopped"
networks:
- "hedgedoc"
volumes:
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
app:
image: quay.io/hedgedoc/hedgedoc:1.9.0
environment:
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
CMD_DOMAIN: "{{ hedgedoc.domain }}"
CMD_ALLOW_EMAIL_REGISTER: "False"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_EMAIL: "False"
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
CMD_SAML_ISSUER: "hedgedoc"
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
CMD_USECDN: "false"
CMD_PROTOCOL_USESSL: "true"
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
volumes:
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
restart: "unless-stopped"
networks:
- "hedgedoc"
- "external_services"
depends_on:
- database
networks:
hedgedoc:
external_services:
external: true

View file

@ -0,0 +1,45 @@
- name: setup keycloak containers for sso.data.coop
docker_compose:
project_name: "keycloak"
pull: "yes"
definition:
version: "3.6"
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "keycloak"
volumes:
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "keycloak"
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
POSTGRES_DB: "keycloak"
app:
image: "quay.io/keycloak/keycloak:15.0.2"
restart: "unless-stopped"
networks:
- "keycloak"
- "postfix"
- "external_services"
environment:
VIRTUAL_HOST: "{{ keycloak.domain }}"
VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
DB_USER: "keycloak"
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
DB_ADDR: "keycloak_postgres_1"
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
PROXY_ADDRESS_FORWARDING: "true"
networks:
keycloak:
postfix:
external: true
external_services:
external: true

View file

@ -172,7 +172,7 @@
### Mailman containers ### ### Mailman containers ###
mailman-core: mailman-core:
image: maxking/mailman-core:0.3.11 image: maxking/mailman-core:0.4
volumes: volumes:
- "{{ mailman.volume_folder }}/core:/opt/mailman" - "{{ mailman.volume_folder }}/core:/opt/mailman"
stop_grace_period: 30s stop_grace_period: 30s
@ -196,7 +196,7 @@
external_services: external_services:
mailman-web: mailman-web:
image: maxking/mailman-web:0.3.11 image: maxking/mailman-web:0.4
depends_on: depends_on:
- database - database
links: links:

View file

@ -0,0 +1,118 @@
- name: create mastodon volume folders
file:
name: "{{ mastodon.volume_folder }}/{{ volume }}"
state: directory
owner: "991"
group: "991"
loop:
- "postgres_data"
- "redis_data"
- "mastodon_data"
loop_control:
loop_var: volume
- name: Copy mastodon environment file
template:
src: files/configs/mastodon/env_file.j2
dest: "{{ mastodon.volume_folder }}/env_file"
- name: upload vhost config for root domain
template:
src: files/configs/mastodon/vhost-mastodon
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
- name: set up mastodon
docker_compose:
project_name: mastodon
pull: yes
definition:
version: '3'
services:
db:
restart: always
image: postgres:14-alpine
shm_size: 256mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
redis:
restart: always
image: redis:6-alpine
networks:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- "{{ mastodon.volume_folder }}/redis_data:/data"
web:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- external_services
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- '127.0.0.1:3000:3000'
depends_on:
- db
- redis
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
environment:
VIRTUAL_HOST: "{{ mastodon.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
streaming:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: node ./streaming
networks:
- external_services
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
ports:
- '127.0.0.1:4000:4000'
depends_on:
- db
- redis
sidekiq:
image: tootsuite/mastodon
restart: always
env_file: "{{ mastodon.volume_folder }}/env_file"
command: bundle exec sidekiq
depends_on:
- db
- redis
networks:
- postfix
- external_services
- internal_network
volumes:
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
networks:
external_services:
external: true
postfix:
external: true
internal_network:
internal: true

View file

@ -53,7 +53,7 @@
- name: upload homeserver.yaml - name: upload homeserver.yaml
template: template:
src: "files/configs/matrix/homeserver.yaml" src: "files/configs/matrix/homeserver.yaml.j2"
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml" dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
- name: upload matrix logging config - name: upload matrix logging config
@ -82,7 +82,7 @@
matrix_app: matrix_app:
container_name: matrix container_name: matrix
image: matrixdotorg/synapse:v1.18.0 image: matrixdotorg/synapse:v1.47.1
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -102,7 +102,7 @@
riot: riot:
container_name: riot_app container_name: riot_app
image: avhost/docker-matrix-riot:v1.7.3 image: avhost/docker-matrix-riot:v1.9.0
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix

View file

@ -1,48 +1,42 @@
--- ---
- name: setup nextcloud containers
docker_compose:
project_name: "nextcloud"
pull: "yes"
definition:
services:
postgres:
image: "postgres:10"
restart: "unless-stopped"
networks:
- "nextcloud"
volumes:
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
environment:
POSTGRES_DB: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
POSTGRES_USER: "nextcloud"
app:
image: "nextcloud:22-apache"
restart: "unless-stopped"
networks:
- "nextcloud"
- "external_services"
volumes:
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
environment:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: "nextcloud_postgres_1"
POSTGRES_DB: "nextcloud"
POSTGRES_USER: "nextcloud"
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
- name: nextcloud network networks:
docker_network: nextcloud:
name: nextcloud postfix:
external: true
- name: nextcloud database volume external_services:
docker_volume: external: true
name: nextcloud_db
- name: nextcloud database container
docker_container:
name: nextcloud_db
image: postgres:10
state: started
restart_policy: always
networks:
- name: nextcloud
volumes:
- nextcloud_db:/var/lib/postgresql/data
env:
POSTGRES_DB: somethingelse
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
- name: nextcloud app volume
docker_volume:
name: nextcloud_app
- name: nextcloud app container
docker_container:
name: nextcloud_app
image: nextcloud:apache
state: started
restart_policy: always
networks:
- name: nextcloud
- name: external_services
volumes:
- nextcloud_app:/var/www/html
env:
VIRTUAL_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"

View file

@ -17,7 +17,7 @@
- name: openLDAP container - name: openLDAP container
docker_container: docker_container:
name: openldap name: openldap
image: osixia/openldap:1.2.2 image: osixia/openldap:1.5.0
tty: true tty: true
interactive: true interactive: true
volumes: volumes:
@ -57,7 +57,7 @@
- name: phpLDAPadmin container - name: phpLDAPadmin container
docker_container: docker_container:
name: phpldapadmin name: phpldapadmin
image: osixia/phpldapadmin:latest image: osixia/phpldapadmin:0.9.0
networks: networks:
- name: external_services - name: external_services
- name: ldap - name: ldap

View file

@ -8,7 +8,7 @@
- name: run portainer - name: run portainer
docker_container: docker_container:
name: portainer name: portainer
image: portainer/portainer-ce:2.0.1 image: portainer/portainer-ce:2.9.1
restart_policy: always restart_policy: always
networks: networks:
- name: external_services - name: external_services

View file

@ -21,10 +21,10 @@
- "lists.data.coop" - "lists.data.coop"
docker_container: docker_container:
name: postfix name: postfix
image: boky/postfix image: boky/postfix:v3.5.0
restart_policy: unless-stopped restart_policy: always
networks: networks:
- name: postfix - name: postfix
env: env:
ALLOWED_SENDER_DOMAINS: "{{ allowed_sender_domains|join(' ') }}" ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
MYNETWORKS: "{{ mynetworks|join(',') }}" HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as

View file

@ -8,6 +8,7 @@
- python3-pip - python3-pip
- apparmor - apparmor
- haveged - haveged
- mosh
- name: Install necessary packages via pip - name: Install necessary packages via pip
pip: pip:
@ -15,4 +16,4 @@
vars: vars:
packages: packages:
- docker - docker
- docker-compose - docker-compose

View file

@ -1,21 +1,25 @@
--- ---
- name: "Add users" - name: "Add users"
user: user:
name: "{{ item.key }}" name: "{{ item.name }}"
comment: "{{ item.value.comment }}" comment: "{{ item.comment }}"
password: "{{ item.value.password }}" password: "{{ item.password }}"
update_password: "on_create" update_password: "on_create"
groups: "{{ item.value.groups }}" groups: "{{ item.groups }}"
with_dict: "{{ users | default({}) }}" loop: "{{ users | default([]) }}"
- name: "Add ssh authorized_keys" - name: "Add ssh authorized_keys"
authorized_key: authorized_key:
user: "{{ item.key }}" user: "{{ item.0.name }}"
key: "{{ item.value.key }}" key: "{{ item.1 }}"
with_dict: "{{ users | default({}) }}" with_subelements:
- "{{ users | default([]) }}"
- keys
- name: "Add ssh authorized_keys to root user" - name: "Add ssh authorized_keys to root user"
authorized_key: authorized_key:
user: "root" user: "root"
key: "{{ item.value.key }}" key: "{{ item.1 }}"
with_dict: "{{ users | default({}) }}" with_subelements:
- "{{ users | default([]) }}"
- keys