Compare commits

..

71 commits

Author SHA1 Message Date
Víðir Valberg Guðmundsson d678b15085 Upgrade mailman containers. Add some actual secrets. Add (probably wrong) ips to postfix mynetworks variable. 2021-02-15 21:59:20 +01:00
Víðir Valberg Guðmundsson 92f8d4b0c4 Merge branch 'master' into mailman 2021-02-01 21:11:10 +01:00
Víðir Valberg Guðmundsson 30b9580d3c Add required pip packages. 2021-02-01 21:06:39 +01:00
Víðir Valberg Guðmundsson 9e5c18f839 Rename docker_service tasks to docker_compose. 2021-02-01 21:06:23 +01:00
Víðir Valberg Guðmundsson 068502773e Fix matrix_riot service. 2021-02-01 20:51:28 +01:00
valberg fbebeef57b Merge pull request 'Migrate Passit to docker_service & set correct volume folder path' (#54) from passit-cleanup into master
Reviewed-on: #54
2021-01-31 10:30:23 +00:00
Jesper Hess a692e7d2cb
Migrate Passit to docker_service & set correct volume folder path 2021-01-28 14:01:19 +01:00
Jesper Hess 406e19a95c
Document new secrets needed in secrets.yml 2021-01-27 13:17:48 +01:00
Víðir Valberg Guðmundsson cec959a47e Upgrade portainer to 2.0.1. 2021-01-26 21:59:26 +01:00
valberg c8cc5b7534 Merge pull request 'Backup of /docker-volumes folder' (#53) from restic_backup into master
Reviewed-on: #53
2021-01-26 19:45:13 +00:00
Jesper Hess 9ae295896f
Use docker_service ansible command 2021-01-26 20:40:22 +01:00
Jesper Hess 6d2fbdbbb6
Fix secret for restic repo 2021-01-26 20:19:34 +01:00
Jesper Hess 3fe7d162aa
Use correct volume folder 2021-01-26 20:01:05 +01:00
Jesper Hess 86de1fd24e
Initial work on restic container for backup 2021-01-26 19:57:06 +01:00
Víðir Valberg Guðmundsson a4966e74fe Remove deni key. 2021-01-19 23:08:56 +01:00
valberg cf6fe970eb Merge pull request 'Change YAML to use lists instead of comma-separated strings for domains because it looks nicer' (#51) from domain_lists into master
Reviewed-on: #51
2020-12-17 08:20:50 +00:00
Jesper Hess f5293c016d
Change YAML to use lists instead of comma-separated strings for domains because it looks nicer 2020-12-17 08:43:24 +01:00
reynir e9f1d800a1 Merge pull request 'Update cryptoaarhus.dk domains' (#49) from cryptoaarhus.dk into master
Reviewed-on: #49
2020-12-11 08:57:32 +00:00
Reynir Björnsson fe5fa81f44 Update cryptoaarhus.dk domains 2020-12-10 16:25:26 +01:00
Jesper Hess bb5c77e602
Fix typo 2020-11-27 10:48:02 +01:00
Jesper Hess 21e2b743ef Merge pull request 'Bump Matrix max upload size to a whopping 50 MB' (#45) from matrix-max-upload-size into master
Reviewed-on: #45

All good, thanks!
2020-11-27 09:37:58 +00:00
Reynir Björnsson 8d88016efd Matrix: up nginx client_max_body_size to 50MB
Then it's consistent with max_upload_size (sort of - modulo overhead in
http)
2020-11-27 10:36:51 +01:00
Jesper Hess 2ac2d8b8da
Change ouroboros interval to 10min to hopefully fly under the new docker hub rate limit. 2020-11-23 08:25:35 +01:00
Reynir Björnsson a78641674d cryptoaarhus_website: Add cryptoaarhus.dk domain 2020-11-05 08:47:58 +01:00
Reynir Björnsson 03cde007bc Bump Matrix max upload size to a whopping 50 MB 2020-10-19 10:01:00 +02:00
reynir d40b3ad9ab Merge pull request 'Add cryptoaarhus website' (#36) from reynir/ansible:cryptoaarhus.dk into master
Reviewed-on: #36
2020-09-28 13:54:15 +00:00
reynir 5738a8c40f Merge branch 'master' into cryptoaarhus.dk 2020-09-28 12:29:11 +00:00
Jesper Hess 5559a2c776 Merge pull request 'Allow fetching data.coop's public rooms over federation' (#44) from carl/ansible:synapse-room-list into master
Reviewed-on: #44
2020-09-23 19:31:15 +00:00
Carl Bordum Hansen 653a0603d5 Allow fetching data.coop's public rooms over federation 2020-09-23 20:47:31 +02:00
Reynir Björnsson 9a0fe69789 Add cryptoaarhus website 2020-09-11 18:44:15 +02:00
Jesper Hess 8bec174a46
Switch riot.data.coop->element.data.coop in riot's config.json 2020-08-31 18:57:49 +02:00
Jesper Hess 3e098546ef
Update gitea to v 1.12.3 2020-08-31 18:24:47 +02:00
Jesper Hess e7d69cd6df Merge pull request 'Gitea network werent autocreated' (#40) from rluch/ansible:rluch/fix-initially-missing-gitea-network into master 2020-08-31 05:50:05 +00:00
Jesper Hess 7926c861b2 Merge pull request 'Add element.data.coop for riot' (#42) from reynir/ansible:element into master 2020-08-31 05:49:20 +00:00
Reynir Björnsson d49a57792f Add element.data.coop for riot
Riot was renamed to element recently.
2020-08-23 11:33:45 +02:00
Jesper Hess 99cb94c94a
Update Riot and Synapse to latest 2020-08-15 17:21:12 +02:00
Jesper Hess ad243a5777
Fix problem with new.data.coop overwriting the old site 2020-06-10 20:15:13 +02:00
Vidir Valberg Gudmundsson 4cf48f13c0 Add new data.coop website. Fix postfix container for newest ansible. Comment out tt-rss. 2020-05-29 23:36:07 +02:00
Jesper Hess 5a5bb50e09
Upgrade synapse and riot to latest 2020-05-08 15:43:58 +02:00
Rasmus Lundsgaard Christiansen d49b943fd2 Gitea network werent autocreated 2020-04-12 16:34:52 +02:00
Jesper Hess 4f07b8edb2
Add file showing the variables contained in secrets.yml 2020-04-11 16:28:38 +02:00
Jesper Hess 09617dd35a
Move postfix network config to postfix.yml file instead of base services.yml file 2020-03-04 18:05:48 +01:00
Jesper Hess 98d4ab69cc Add ulovlig-logning.dk 2020-03-04 09:39:36 +00:00
Jesper Hess b454583e2c Merge pull request 'Upgrade Drone' (#39) from drone-upgrade into master 2020-03-02 09:43:50 +00:00
Jesper Hess f2a6aab2fe
Drone is working now 2020-03-01 13:47:09 +01:00
Jesper Hess e0f01bb78e
Upgrade Drone initial steps 2020-03-01 08:03:05 +01:00
Vidir Valberg Gudmundsson d51edc2922 Upgrade gitea. 2020-02-27 09:44:33 +01:00
Vidir Valberg Gudmundsson 47d7abe631 Upgrade synapse and riot. 2020-02-26 20:55:21 +01:00
Vidir Valberg Gudmundsson 6e94ac766b Upgrade portainer. 2020-02-26 20:27:05 +01:00
Jesper Hess 5f1bbae3de
Increase rate limiting for outgoing mails to support the needs of ulovliglogning 2020-02-06 21:47:43 +01:00
Jesper Hess cd2424999f
Add www.[domain] to hosted websites 2020-01-14 08:11:19 +01:00
Jesper Hess 4e0332cc79
Add www.[domain] to hosted websites 2020-01-14 08:10:03 +01:00
Jesper Hess ef3e0993da
Add www.[domain] to hosted websites 2020-01-14 07:58:32 +01:00
valberg 625e83e0d3 Merge branch 'add-ulovliglogning-website' of data.coop/ansible into master 2020-01-13 18:25:21 +00:00
Jesper Hess 1adc11e9c4 Add ulovliglogning.dk website to the stack 2020-01-13 19:24:54 +01:00
Jesper Hess 447b82326c
Add ulovliglogning.dk website to the stack 2020-01-13 17:29:09 +01:00
Jesper Hess edfd530afe
Upgrade Synapse to v1.7.1 and Riot v1.5.6 2019-12-19 11:18:41 +01:00
Jesper Hess 67443d23d4 Merge branch 'master' of deni/ansible into master 2019-11-28 10:26:50 +00:00
Denis Smajlović 9195016a40 Add user deni 2019-11-24 17:49:06 +00:00
valberg 2e5dc7158d Merge branch 'mailu-smtps' of reynir/ansible into master 2019-11-21 18:39:40 +00:00
Reynir Björnsson 6331805793 Add smtps port 2019-11-19 11:10:05 +01:00
Jesper Hess 97fe0e16ef Merge branch 'upgrade-matrix-riot' of data.coop/ansible into master
As above. Just forgot to merge :)
2019-11-11 09:03:31 +00:00
Jesper Hess 3f2c7b1547
Upgrade Synapse to v1.5.1 and Riot to v1.5.3 2019-11-11 09:56:02 +01:00
Jesper Hess 71664653b0
Upgrade to Synapse 1.0.0 and Riot-Web 1.2.1 2019-06-12 14:33:35 +02:00
Jesper Hess 57cf5103c5
Upgrade to Matrix 0.99.5 and Riot 1.2.0 2019-05-30 19:59:37 +02:00
Jesper Hess 5566be7da9
Make netdata update via ouroboros 2019-05-30 18:53:26 +02:00
Jesper Hess 70632c26c2
Add tt-rss service 2019-04-25 12:05:28 +02:00
Jesper Hess fb67e038a8
Upgrade riot to 1.0.7 2019-04-10 18:01:58 +02:00
Jesper Hess 999f266af5
Update synapse to v0.99.3 2019-04-10 17:53:46 +02:00
Jesper Hess e42937736e
Enable group/community creation for all matrix users 2019-04-10 17:46:39 +02:00
Jesper Hess ba28b1eb0c
Add SYNAPSE_CACHE_FACTOR env var 2019-03-30 09:35:04 +01:00
25 changed files with 485 additions and 190 deletions

View file

@ -1,54 +1,87 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62313439613039363637356330653731356138373839373435306535656137646266633764393537 62393230613162353938306335363361323162356461613234306332653236326632323038663738
3737663637343865303232643632613934313137613536640a633634356338353764366365626266 3832663036633166373961623738323162363532633638350a636565346534616431343862356534
66323064346539663435646265346665616465353363623732303563303838356364643734393231 62306562623663623438623263636262303938303562343463333365613834623434623232303531
3161633362383363390a376530393463643838303238386139313661366335386439373734333835 6135343464616438360a383163343838323762626435346564313364376566356638623165363537
63323034303732386430313265306465636630356330303431663761363461623530643933393831 65616337373633613530393361613561333939666131316366303761303964343762306462633038
62666438316266396432353663633331343137643265333966636436373730343938623732653030 36303332336633653432613036346332663863376531623561343433383662623861633862363230
62383536373139366239363535353463643961313839376436663830613738303262646639396131 65316536626365303764393839626364326539336637643631336439653761633730636562653066
66656532616231636537623162373965356537336436613130366464393461343730646664356466 62353637633365336237663935383937633732363830623232376463326132353062336232363539
38313439373332306265643039666532363863333364666233333861363832316637383432343464 64376632616631353138376263383162353866316366316562666538383538633038373535663033
64366536613364363265333938643438313837643936323536636335613064623639393437303466 32663363383037666663373335306138623032343939313436656531616234303763396630663639
31333539373130376230323964636335393166306662626131636462656632623635393036663437 66656538393538666166386635643563633465306662366436383936306233376361663331353630
37333735616665383431623266393365613433323335313161316161373637616563626637333861 64333731396134646236653963356435656535613365353635383734346131383066356431663061
37326532303638653139383639383166323361363334306361663261366661613038633464323337 37333533623439623164323738363035633664353831363162376331613965613635653663303339
31393538653830333865373064383837626261663163623664653938303230616334363861346132 36623035633865633131363061346366643865636433303733613731643863333764313135616433
63353036313164313265313134633861633937323335303830336232363939613635303764313063 30396636653734656631323562343330653839346461653037353439636135316134396533383731
33666161356366636139633138653736333662303364333838663033633163613136616639376532 62303164366366616163656462346264383633353164333335613034363636373339613538376166
31373131326264383666326566303930636166653463313630376235663638663937663765306439 38333238666334656632376465346538323938653661656130313232656137316463346430663134
31663039323663633735326266393263633937373339383537623835306431333636316664303864 36636465356661666138616530326436326238383834336635663963363530316335613233396334
63653564313339376135303237626366666164623738626439613562616338663539393635396437 36346634656331623039383266303437323239646563326161653831363833653338386533616231
30333036353035613131613034666262346233336563343531633033343163326264326563643235 39613939393334353536613262643030323535396634363330396465303230646133356238373865
62663538623532333432656435306462663362353630346133373262633630306262626362653733 62316630303366643965363835336563393838373933393435616532636338376265303830376162
65363031346339393632396664363362346236373035376632663466343034376566666563353231 64653931343464656532373831666663326532373631376265636338323430396666383736636438
36623538303262323265616237326630666662646634383962656533636165326665316366643231 37346535373761663338653035653738396430316261326333313532653638393535386139376266
39303465313135616238653664366637356361393165356430636137366236643938316430613838 32333037303831653364336130646462616537383035633338653435633938303638633364336635
65353331636564373136393930303537386335653766363632646433353962613033656434313063 33343963666162356534656635316261353930336431323539393066333930323236396566356330
35653365366332316434373665316230646665613166656230313832356136346439326232343166 62333162353965616465396365616630313363636135633835353939633662363664343266373562
38323934396561386138323739396166303132396234386435633965663139643234396434333163 36636666343765653530653435316466356139323236356638383230623730643637613633633565
66346634393330306638383430616433333361623861623864356563366162313830393334616138 32353234656233353734653233323563313764613333653331333232653730396635633438633362
32346633396662636633373637363262656165316434333139346530303562356236306637643365 34306337653732646236346361663937616332353765613131393339393766313131633561376430
65613361373637383936633431396636356634656333343537353762383537353035616131633732 62386662393864303865303438616637303363646462313634383431373736643230653665636165
38303736636136393039613537613831633139363338656239613261383637653332333737323034 39636638656534363862633134663962383138656637386462356261336465386431343036646233
61303839636330396139346436336663643531613364383134613061646136646236636364636662 64666166346334333862653035303461626235633830623639643166373238373136343061303837
33666564623731343264306638303333326463323363306439333762306434306235643530663931 39633133653761646231653639653262366334373963343236363233373635306638653865653730
63623932373737373539393230326538643739653734306131366365303638313263316635633439 34616230343637616232313639333136313231393133346532353761623038656531376337333339
34343231663761393266636537353330643361306139653734383466666662623931616665663239 63316364386162616438303263653936643135316661633266613033366232383232356331336133
65633136636333316266616433396166326333303033646162656466363931313539343035623666 35313836363361363637383637643831313238613136396637386136633061666430313963633933
63346162386533373334633261383237376330643738663761636166653033303933613630653835 37343663666130326139643663313534313835643162363566396430363831343965613363366161
66313439663732356539363833616338356337666335316136623231383161656362653561653565 30353165313932623536393734306461616662663763333031623738383437643862623632656161
33616437643533386263393733636666373237663132343432636664633535653535316134313266 31323432633962613366306435626339663638633931323161373331353635306536623836376432
66363362383662313632633535613635656364323939313466303634646237653061353766373831 37373033306530623162316430613933366331303766386538396666346464363662646639643634
62303366366564653231613863633564303637346262336535386366663034663832663762666132 31373064646630343035326336376464663231343239643137353731303761643037313561313039
64333630666463653266333430386135386436643939393964303230366538336562333737616639 32613631353862376230316130333936376565373961383838383932396363396533316530383830
65646566663363313430396132653832646263393739656564653138353637373362613261366230 37386139396637613131366161376431323565643434333531656330643331653734393038303336
62616561303735316230626134353266613938326563326232623361656364623062326365343534 31366538663231623937653730326264633531623333363932656138396637303932333662383935
62346433373965336430326632333634306463343934393830393165393933323439393534386665 39323437396361613038376335353732333839383965313262643165363635386231666634653665
32373235353037626638343066386563663431356465353039353338643835653166333761386433 63333034663735623438393063333064363133396537646433383861613337313631633634343063
64333338306661346436373238646134653233666565653834303935303235653661343366653563 34303065343965343633653331393131613334356162323466656164343730323032396134303763
63356566633730303033376230356363326561663232386161333566616334623236663562613234 63393835646361316530643932613531326235313961663937653264656535623932303038616662
63646561623565366332313837353461313566653531356662613663323065613035323731323832 39336136346361636132303434373461333466333833313139346531303837306238613664613731
31386166623935373139356239353037633363313531396466363735613332653430396161303366 33363766393862663336383930326638346132326138623537656263366262353637626436313736
37376238333831306231393433313734303839376132656532616461356662383430303532373937 32643837303761336230353037663235323265313939323436323736366565663533626365376361
39303634303762373736626439323830353665343162363531376134616466303762633535343866 62633730373864386438653137326136373866363164616633636137356133643330623035323838
3162 33326137393937383833346537633361383966313230636133363663373638373864393838636161
64386631366530653063656634336537396330633763336235393538356139323565336134326337
61633330333164643166373064623032356135623336393262386461646535326462393638373866
37626266393962393564306530336462323137386434626363383365366238636235356432323533
65343262666162643932393061363531346464393363623037366639376536386234646135646330
36623837356637353132643435633632356266323830653866393636316130306538336334376234
36303265363037306436346666376337653837373839313732386131306535666639653733353737
66353531623431663532623865373931656233333234356532363730643234633963653435356237
61633134333536616235626666333738613637366264613961333663336330653132313234653132
39383336623736333634633863356366383430306465373932366534626131343236336439343663
38643133626566366163653164356436313661626432653435616630336563386466383939613038
30336433663563343532663032633161363535643962646161396531646130343431663863633736
33656437363432623135313163323064353863303164656661633161616536313165383939663935
65393164363533663934643034316332643137643861333233303062333138633337323330323865
63633538626537363739623132336466393835316565633936616562656466316363623432303231
37383465393034346130616632616539653735323730633035333138373632313662373566373265
63623761323763616634343966386233306435633965633764363133306531363739613039386231
39376432656662653165373162623565393964396538653065343164663233313465363537663963
35326461313761363734306664623265663335333661633732626233323332383335613437633936
66383031363332353937303165643864666236356133643861373032613366333837356434613437
63346637316465306330306135343338623238363139633939653730323961353630353365323938
30373165336337303434316336363737623439306633306363383433383666653661613030393466
35323762616664393838396365636334626130663839666438633361356164663562303930623664
39653235646230363031613061383563663761636131623064633265363737633433623130316234
32643836393530373535353732373730303932313131653465353432353065326566633965656531
64323462616638646234636662346532663964366538653934646538303237366531613939666338
64643666626338333036363234663664326439306432353833633637373439616661666434313831
34383334386538656564653862333565623165316439666235376535396232336263663033396532
31393866636661303934306536343065366265376131326238616338336161646139393464346534
34643664646535316133636236356430316434613762313738623066653336616339383366653934
32663930333366623032663838656632643532303136663664303035346237616630653262346461
33343066346233313534323831646139636263306132666563333963633664323463333262316664
65636635333562636333303964666164393533653033336539663162333764376362373165613734
6366393631666464616334646262316161363136646334356133

View file

@ -0,0 +1,37 @@
# These are the variables contained in secrets.yml
# Secrets are usually 32 characters or more, matching [a-Z0-9]
postgres_passwords:
fider: xxx
nextcloud: xxx
passit: xxx
gitea: xxx
matrix: xxx
codimd: xxx
mailu: xxx
ttrss: xxx
fider_jwt_secret: xxx
ldap_admin_password: xxx
ldap_config_password: xxx
passit_secret_key: xxx
docker_password: xxx
mailu_secret_key: xxx
drone_secrets:
oauth_client_id: xxx
oauth_client_secret: xxx
rpc_shared_secret: xxx
restic_secrets:
user_secret: xxx
encryption_secret: xxx
mailman_secrets:
postgres_password: xxx
hyperkitty_api_key: xxx
django_secret_key: xxx

View file

@ -23,9 +23,11 @@
- docker_registry - docker_registry
- drone - drone
- websites - websites
- ulovliglogning-dk
- ouroboros - ouroboros
- mailu - mailu
- portainer - portainer
# - tt-rss
smtp_host: "postfix" smtp_host: "postfix"
smtp_port: "587" smtp_port: "587"

View file

@ -19,6 +19,7 @@ gitea:
passit: passit:
domain: "passit.{{ base_domain }}" domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
fider: fider:
domain: "feedback.{{ base_domain }}" domain: "feedback.{{ base_domain }}"
@ -28,7 +29,9 @@ matrix:
volume_folder: "{{ volume_root_folder }}/matrix" volume_folder: "{{ volume_root_folder }}/matrix"
riot: riot:
domain: "riot.{{ base_domain }}" domains:
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot" volume_folder: "{{ volume_root_folder }}/riot"
privatebin: privatebin:
@ -49,10 +52,25 @@ docker_registry:
password: "{{ docker_password }}" password: "{{ docker_password }}"
data_coop_website: data_coop_website:
domain: "{{ base_domain }}" domains:
- "{{ base_domain }}"
- "www.{{ base_domain }}"
cryptohagen_website: cryptohagen_website:
domain: "cryptohagen.dk" domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
drone: drone:
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
@ -69,3 +87,6 @@ portainer:
domain: "portainer.{{ base_domain }}" domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer" volume_folder: "{{ volume_root_folder }}/portainer"
ttrss:
domain: rss.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/tt-rss"

View file

@ -54,6 +54,10 @@ soft_file_limit: 0
# Set to false to disable presence tracking on this homeserver. # Set to false to disable presence tracking on this homeserver.
use_presence: true use_presence: true
# If set to 'false', forbids any other homeserver to fetch the server's public
# rooms directory via federation.
allow_public_rooms_over_federation: true
# The GC threshold parameters to pass to `gc.set_threshold`, if defined # The GC threshold parameters to pass to `gc.set_threshold`, if defined
# #
#gc_thresholds: [700, 10, 10] #gc_thresholds: [700, 10, 10]
@ -411,7 +415,7 @@ uploads_path: "/data/uploads"
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
# #
max_upload_size: "10M" max_upload_size: "50M"
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #
@ -881,7 +885,7 @@ password_config:
# Whether to allow non server admins to create groups on this server # Whether to allow non server admins to create groups on this server
# #
enable_group_creation: false enable_group_creation: true
# If enabled, non server admins can only create groups with local parts # If enabled, non server admins can only create groups with local parts
# starting with this prefix # starting with this prefix

View file

@ -1 +1,2 @@
listen 8008; listen 8008;
client_max_body_size 50M; # default is 1M

View file

@ -0,0 +1 @@
client_max_body_size 50M; # default is 1M

View file

@ -1,7 +1,7 @@
{ {
"default_hs_url": "https://{{ matrix.domain }}", "default_hs_url": "https://{{ matrix.domain }}",
"default_is_url": "https://vector.im", "default_is_url": "https://vector.im",
"brand": "riot.data.coop", "brand": "element.data.coop",
"integrations_ui_url": "https://scalar.vector.im/", "integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api", "integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [ "integrations_widgets_urls": [

View file

@ -3,14 +3,6 @@
docker_network: docker_network:
name: external_services name: external_services
- name: setup network for postfix
docker_network:
name: postfix
ipam_options:
subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup services - name: setup services
include_tasks: "services/{{ item }}.yml" include_tasks: "services/{{ item }}.yml"
with_items: "{{ services }}" with_items: "{{ services }}"

View file

@ -1,21 +1,51 @@
--- ---
- name: Drone container - name: set up drone with docker runner
docker_container: docker_compose:
name: drone project_name: drone
image: drone/drone:latest pull: yes
restart_policy: unless-stopped definition:
networks: version: "3.6"
- name: external_services services:
volumes: drone:
- "{{ drone.volume_folder }}:/data" container_name: "drone"
- "/var/run/docker.sock:/var/run/docker.sock" image: drone/drone:1
env: restart: unless-stopped
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}" networks:
DRONE_GITEA_ALWAYS_AUTH: "False" - external_services
DRONE_RUNNER_CAPACITY: "2" - drone
DRONE_SERVER_HOST: "{{ drone.domain }}" volumes:
DRONE_SERVER_PROTO: "https" - "{{ drone.volume_folder }}:/data"
PLUGIN_CUSTOM_DNS: "91.239.100.100" - "/var/run/docker.sock:/var/run/docker.sock"
VIRTUAL_HOST: "{{ drone.domain }}" environment:
LETSENCRYPT_HOST: "{{ drone.domain }}" DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_SERVER_HOST: "{{ drone.domain }}"
DRONE_SERVER_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
PLUGIN_CUSTOM_DNS: "91.239.100.100"
VIRTUAL_HOST: "{{ drone.domain }}"
LETSENCRYPT_HOST: "{{ drone.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
drone-runner-docker:
container_name: "drone-runner-docker"
image: "drone/drone-runner-docker:1"
restart: unless-stopped
networks:
- drone
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
DRONE_RPC_HOST: "{{ drone.domain }}"
DRONE_RPC_PROTO: "https"
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
DRONE_RUNNER_CAPACITY: 2
DRONE_RUNNER_NAME: "data.coop_drone_runner"
networks:
drone:
external_services:
external:
name: external_services

View file

@ -1,9 +1,13 @@
--- ---
- name: gitea network
docker_network:
name: gitea
# old DNS: 138.68.71.153 # old DNS: 138.68.71.153
- name: gitea container - name: gitea container
docker_container: docker_container:
name: gitea name: gitea
image: gitea/gitea:latest image: gitea/gitea:1.12.3
restart_policy: unless-stopped restart_policy: unless-stopped
networks: networks:
- name: gitea - name: gitea

View file

@ -1,68 +1,72 @@
--- ---
- name: run mailman server containers - name: run mailman server containers
docker_service: docker_compose:
project_name: "mailman"
definition: definition:
version: '2' version: '2'
services: services:
mailman-core:
image: maxking/mailman-core:0.2
container_name: mailman-core
hostname: mailman-core
volumes:
- /opt/mailman/core:/opt/mailman/
stop_grace_period: 30s
links:
- database:database
depends_on:
- database
environment:
- DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb
- DATABASE_TYPE=postgres
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
- HYPERKITTY_API_KEY={{ hyperkitty_api_key }}
networks:
mailman:
ipv4_address: 172.19.199.2
mailman-web: mailman-web:
image: maxking/mailman-web:0.2 image: maxking/mailman-web:0.3.5
container_name: mailman-web
hostname: mailman-web
depends_on: depends_on:
- database - database
links: links:
- mailman-core:mailman-core
- database:database - database:database
volumes: volumes:
- /opt/mailman/web:/opt/mailman-web-data - /opt/mailman/web:/opt/mailman-web-data
environment: environment:
- DATABASE_TYPE=postgres DATABASE_TYPE: "postgres"
- DATABASE_URL=postgres://mailman:{{ postgresql}}@database/mailmandb DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@database/mailmandb"
- HYPERKITTY_API_KEY={{ hyperkitty_api_key }} HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
SERVE_FROM_DOMAIN: "lists.data.coop"
MAILMAN_ADMIN_USER: "valberg"
MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
VIRTUAL_HOST: "lists.data.coop"
VIRTUAL_PORT: 8000
LETSENCRYPT_HOST: "lists.data.coop"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks: networks:
mailman: - "mailman"
ipv4_address: 172.19.199.3 - "postfix"
- "external_services"
mailman-core:
image: maxking/mailman-core:0.3
volumes:
- /opt/mailman/core:/opt/mailman/
stop_grace_period: 30s
links:
- mailman-web:mailmain-web
- database:database
depends_on:
- database
environment:
DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@database/mailmandb"
DATABASE_TYPE: "postgres"
DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
networks:
- "mailman"
- "postfix"
- "external_services"
database: database:
environment: environment:
POSTGRES_DB: mailmandb POSTGRES_DB: mailmandb
POSTGRES_USER: mailman POSTGRES_USER: mailman
POSTGRES_PASSWORD: mailmanpass POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
restart: always restart: always
image: postgres:9.6-alpine image: postgres:13
volumes: volumes:
- /opt/mailman/database:/var/lib/postgresql/data - /opt/mailman/database:/var/lib/postgresql/data
networks: networks:
mailman: - "mailman"
ipv4_address: 172.19.199.4
networks: networks:
mailman: mailman:
driver: bridge postfix:
ipam: external: true
driver: default external_services:
config: external: true
-
subnet: 172.19.199.0/24

View file

@ -38,7 +38,7 @@
force: yes force: yes
- name: run mail server containers - name: run mail server containers
docker_service: docker_compose:
project_name: mail_server project_name: mail_server
pull: yes pull: yes
definition: definition:
@ -78,6 +78,7 @@
- "993:993" - "993:993"
- "25:25" - "25:25"
- "587:587" - "587:587"
- "465:465"
networks: networks:
- default - default
- external_services - external_services

View file

@ -46,6 +46,11 @@
src: files/configs/matrix/vhost-matrix src: files/configs/matrix/vhost-matrix
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}" dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
- name: upload vhost config for riot domain
template:
src: files/configs/matrix/vhost-riot
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
- name: upload homeserver.yaml - name: upload homeserver.yaml
template: template:
src: "files/configs/matrix/homeserver.yaml" src: "files/configs/matrix/homeserver.yaml"
@ -57,7 +62,7 @@
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config" dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
- name: set up matrix and riot - name: set up matrix and riot
docker_service: docker_compose:
project_name: matrix project_name: matrix
pull: yes pull: yes
definition: definition:
@ -77,17 +82,18 @@
matrix_app: matrix_app:
container_name: matrix container_name: matrix
image: matrixdotorg/synapse:v0.99.2 image: matrixdotorg/synapse:v1.18.0
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
- external_services - external_services
ports: ports:
- 8008 - 8008
volumes: volumes:
- "{{ matrix.volume_folder }}/data:/data" - "{{ matrix.volume_folder }}/data:/data"
environment: environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml" SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
SYNAPSE_CACHE_FACTOR: "2"
SYNAPSE_LOG_LEVEL: "INFO" SYNAPSE_LOG_LEVEL: "INFO"
VIRTUAL_HOST: "{{ matrix.domain }}" VIRTUAL_HOST: "{{ matrix.domain }}"
VIRTUAL_PORT: "8008" VIRTUAL_PORT: "8008"
@ -96,7 +102,7 @@
riot: riot:
container_name: riot_app container_name: riot_app
image: avhost/docker-matrix-riot:v1.0.3 image: avhost/docker-matrix-riot:v1.7.3
restart: unless-stopped restart: unless-stopped
networks: networks:
- matrix - matrix
@ -104,14 +110,14 @@
ports: ports:
- 8080 - 8080
volumes: volumes:
- "{{ riot.volume_folder }}/data:/data" - "{{ riot.volume_folder }}/data:/data"
environment: environment:
VIRTUAL_HOST: "{{ riot.domain }}" VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
VIRTUAL_PORT: "8080" VIRTUAL_PORT: "8080"
LETSENCRYPT_HOST: "{{ riot.domain }}" LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks: networks:
external_services: external_services:
external: external:
name: external_services name: external_services

View file

@ -21,5 +21,7 @@
LETSENCRYPT_HOST: "{{ netdata.domain }}" LETSENCRYPT_HOST: "{{ netdata.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
PGID: "999" PGID: "999"
labels:
com.ouroboros.enable: "true"

View file

@ -14,5 +14,5 @@
LABELS_ONLY: "true" LABELS_ONLY: "true"
CLEANUP: "true" CLEANUP: "true"
LATEST: "true" LATEST: "true"
CRON: "*/1 * * * *" CRON: "*/10 * * * *"

View file

@ -1,45 +1,47 @@
--- ---
- name: passit network - name: setup passit containers
docker_network: docker_compose:
name: passit project_name: "passit"
pull: "yes"
definition:
version: "3.6"
services:
- name: passit database volume passit_db:
docker_volume: image: "postgres:10"
name: passit_db restart: "always"
networks:
- "passit"
volumes:
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "passit"
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
- name: passit database container passit_app:
docker_container: image: "passit/passit:stable"
name: passit_db command: "bin/start.sh"
image: postgres:10 restart: "always"
state: started networks:
restart_policy: always - "passit"
networks: - "postfix"
- name: passit - "external_services"
volumes: environment:
- passit_db:/var/lib/postgresql/data DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
env: SECRET_KEY: "{{ passit_secret_key }}"
POSTGRES_USER: passit IS_DEBUG: 'False'
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}" EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
- name: passit app container VIRTUAL_HOST: "{{ passit.domain }}"
docker_container: LETSENCRYPT_HOST: "{{ passit.domain }}"
name: passit LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
image: passit/passit:stable
command: bin/start.sh
restart_policy: always
networks:
- name: passit
- name: postfix
- name: external_services
env:
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
SECRET_KEY: "{{ passit_secret_key }}"
IS_DEBUG: 'False'
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
VIRTUAL_HOST: "{{ passit.domain }}" networks:
LETSENCRYPT_HOST: "{{ passit.domain }}" passit:
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" postfix:
external: true
external_services:
external: true

View file

@ -8,7 +8,7 @@
- name: run portainer - name: run portainer
docker_container: docker_container:
name: portainer name: portainer
image: portainer/portainer image: portainer/portainer-ce:2.0.1
restart_policy: always restart_policy: always
networks: networks:
- name: external_services - name: external_services
@ -19,5 +19,6 @@
- 9001:9000 - 9001:9000
env: env:
VIRTUAL_HOST: "{{ portainer.domain }}" VIRTUAL_HOST: "{{ portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ portainer.domain }}" LETSENCRYPT_HOST: "{{ portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,6 +1,21 @@
--- ---
- name: setup network for postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail - name: setup postfix docker container for outgoing mail
vars:
mynetworks:
- 127.0.0.0/8
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 172.19.199.2
- 172.19.199.3
docker_container: docker_container:
name: postfix name: postfix
image: boky/postfix image: boky/postfix
@ -9,4 +24,4 @@
- name: postfix - name: postfix
env: env:
ALLOWED_SENDER_DOMAINS: "{{ base_domain }}" ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"
MYNETWORKS: "{{ mynetworks|join(',') }}"

View file

@ -0,0 +1,38 @@
---
- name: setup restic backup
docker_compose:
project_name: restic_backup
pull: yes
definition:
version: '3.6'
services:
restic-backup:
image: mazzolino/restic
restart: always
environment:
RUN_ON_STARTUP: "true"
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
RESTIC_BACKUP_ARGS: >-
--tag datacoop-volumes
--exclude='*.tmp'
--verbose
RESTIC_FORGET_ARGS: >-
--keep-last 10
--keep-daily 7
--keep-weekly 5
--keep-monthly 12
TZ: Europe/Copenhagen
volumes:
- /docker-volumes:/mnt/volumes:ro
restic-prune:
image: "mazzolino/restic"
environment:
RUN_ON_STARTUP: "true"
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
TZ: Europe/copenhagen

View file

@ -0,0 +1,53 @@
---
- name: create tt-rss folders
file:
name: "{{ ttrss.volume_folder }}/{{ volume }}"
state: directory
loop:
- "config"
- "db"
loop_control:
loop_var: volume
- name: "set up tt-rss"
docker_compose:
project_name: "tt-rss"
pull: yes
definition:
version: "3.6"
services:
ttrss_db:
container_name: "ttrss_db"
image: "postgres:11"
restart: "unless-stopped"
networks:
- "ttrss"
volumes:
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
environment:
POSTGRES_USER: "ttrss"
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
ttrss_app:
container_name: ttrss_app
image: "linuxserver/tt-rss"
restart: unless-stopped
networks:
- ttrss
- external_services
volumes:
- "{{ ttrss.volume_folder }}/config:/config"
environment:
VIRTUAL_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
TZ: "Europe/Copenhagen"
labels:
com.ouroboros.enable: "true"
networks:
external_services:
external:
name: external_services
ttrss:
name: "ttrss"

View file

@ -0,0 +1,13 @@
- name: setup ulovliglogning.dk website docker container
docker_container:
name: ulovliglogning_website
restart_policy: unless-stopped
image: ulovliglogning/ulovliglogning.dk:latest
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

View file

@ -8,11 +8,25 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ data_coop_website.domain }}" VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ data_coop_website.domain }}" LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
- name: setup new data.coop website using hugo
docker_container:
name: new.data.coop_website
image: docker.data.coop/data-coop-website:hugo
restart_policy: unless-stopped
networks:
- name: external_services
env:
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"
- name: setup cryptohagen.dk website docker container - name: setup cryptohagen.dk website docker container
docker_container: docker_container:
@ -22,8 +36,22 @@
networks: networks:
- name: external_services - name: external_services
env: env:
VIRTUAL_HOST : "{{ cryptohagen_website.domain }}" VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}" LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels: labels:
com.ouroboros.enable: "true" com.ouroboros.enable: "true"
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website
restart_policy: unless-stopped
image: docker.data.coop/cryptoaarhus-website
networks:
- name: external_services
env:
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.ouroboros.enable: "true"

View file

@ -41,7 +41,7 @@ POSTMASTER=admin
TLS_FLAVOR=mail TLS_FLAVOR=mail
# Authentication rate limit (per source IP address) # Authentication rate limit (per source IP address)
AUTH_RATELIMIT=10/minute;1000/hour AUTH_RATELIMIT=120/minute;1200/hour
# Opt-out of statistics, replace with "True" to opt out # Opt-out of statistics, replace with "True" to opt out
DISABLE_STATISTICS=False DISABLE_STATISTICS=False

View file

@ -1,5 +1,5 @@
--- ---
- name: Install necessary packages - name: Install necessary packages via apt
apt: apt:
name: "{{ packages }}" name: "{{ packages }}"
vars: vars:
@ -8,4 +8,11 @@
- python3-pip - python3-pip
- apparmor - apparmor
- haveged - haveged
- name: Install necessary packages via pip
pip:
name: "{{ packages }}"
vars:
packages:
- docker
- docker-compose