25 changed files with 189 additions and 484 deletions
--- a/group_vars/all/secrets.yml
+++ b/group_vars/all/secrets.yml
@ -1,87 +1,54 @@
 $ANSIBLE_VAULT;1.1;AES256
-62393230613162353938306335363361323162356461613234306332653236326632323038663738
+62313439613039363637356330653731356138373839373435306535656137646266633764393537
-3832663036633166373961623738323162363532633638350a636565346534616431343862356534
+3737663637343865303232643632613934313137613536640a633634356338353764366365626266
-62306562623663623438623263636262303938303562343463333365613834623434623232303531
+66323064346539663435646265346665616465353363623732303563303838356364643734393231
-6135343464616438360a383163343838323762626435346564313364376566356638623165363537
+3161633362383363390a376530393463643838303238386139313661366335386439373734333835
-65616337373633613530393361613561333939666131316366303761303964343762306462633038
+63323034303732386430313265306465636630356330303431663761363461623530643933393831
-36303332336633653432613036346332663863376531623561343433383662623861633862363230
+62666438316266396432353663633331343137643265333966636436373730343938623732653030
-65316536626365303764393839626364326539336637643631336439653761633730636562653066
+62383536373139366239363535353463643961313839376436663830613738303262646639396131
-62353637633365336237663935383937633732363830623232376463326132353062336232363539
+66656532616231636537623162373965356537336436613130366464393461343730646664356466
-64376632616631353138376263383162353866316366316562666538383538633038373535663033
+38313439373332306265643039666532363863333364666233333861363832316637383432343464
-32663363383037666663373335306138623032343939313436656531616234303763396630663639
+64366536613364363265333938643438313837643936323536636335613064623639393437303466
-66656538393538666166386635643563633465306662366436383936306233376361663331353630
+31333539373130376230323964636335393166306662626131636462656632623635393036663437
-64333731396134646236653963356435656535613365353635383734346131383066356431663061
+37333735616665383431623266393365613433323335313161316161373637616563626637333861
-37333533623439623164323738363035633664353831363162376331613965613635653663303339
+37326532303638653139383639383166323361363334306361663261366661613038633464323337
-36623035633865633131363061346366643865636433303733613731643863333764313135616433
+31393538653830333865373064383837626261663163623664653938303230616334363861346132
-30396636653734656631323562343330653839346461653037353439636135316134396533383731
+63353036313164313265313134633861633937323335303830336232363939613635303764313063
-62303164366366616163656462346264383633353164333335613034363636373339613538376166
+33666161356366636139633138653736333662303364333838663033633163613136616639376532
-38333238666334656632376465346538323938653661656130313232656137316463346430663134
+31373131326264383666326566303930636166653463313630376235663638663937663765306439
-36636465356661666138616530326436326238383834336635663963363530316335613233396334
+31663039323663633735326266393263633937373339383537623835306431333636316664303864
-36346634656331623039383266303437323239646563326161653831363833653338386533616231
+63653564313339376135303237626366666164623738626439613562616338663539393635396437
-39613939393334353536613262643030323535396634363330396465303230646133356238373865
+30333036353035613131613034666262346233336563343531633033343163326264326563643235
-62316630303366643965363835336563393838373933393435616532636338376265303830376162
+62663538623532333432656435306462663362353630346133373262633630306262626362653733
-64653931343464656532373831666663326532373631376265636338323430396666383736636438
+65363031346339393632396664363362346236373035376632663466343034376566666563353231
-37346535373761663338653035653738396430316261326333313532653638393535386139376266
+36623538303262323265616237326630666662646634383962656533636165326665316366643231
-32333037303831653364336130646462616537383035633338653435633938303638633364336635
+39303465313135616238653664366637356361393165356430636137366236643938316430613838
-33343963666162356534656635316261353930336431323539393066333930323236396566356330
+65353331636564373136393930303537386335653766363632646433353962613033656434313063
-62333162353965616465396365616630313363636135633835353939633662363664343266373562
+35653365366332316434373665316230646665613166656230313832356136346439326232343166
-36636666343765653530653435316466356139323236356638383230623730643637613633633565
+38323934396561386138323739396166303132396234386435633965663139643234396434333163
-32353234656233353734653233323563313764613333653331333232653730396635633438633362
+66346634393330306638383430616433333361623861623864356563366162313830393334616138
-34306337653732646236346361663937616332353765613131393339393766313131633561376430
+32346633396662636633373637363262656165316434333139346530303562356236306637643365
-62386662393864303865303438616637303363646462313634383431373736643230653665636165
+65613361373637383936633431396636356634656333343537353762383537353035616131633732
-39636638656534363862633134663962383138656637386462356261336465386431343036646233
+38303736636136393039613537613831633139363338656239613261383637653332333737323034
-64666166346334333862653035303461626235633830623639643166373238373136343061303837
+61303839636330396139346436336663643531613364383134613061646136646236636364636662
-39633133653761646231653639653262366334373963343236363233373635306638653865653730
+33666564623731343264306638303333326463323363306439333762306434306235643530663931
-34616230343637616232313639333136313231393133346532353761623038656531376337333339
+63623932373737373539393230326538643739653734306131366365303638313263316635633439
-63316364386162616438303263653936643135316661633266613033366232383232356331336133
+34343231663761393266636537353330643361306139653734383466666662623931616665663239
-35313836363361363637383637643831313238613136396637386136633061666430313963633933
+65633136636333316266616433396166326333303033646162656466363931313539343035623666
-37343663666130326139643663313534313835643162363566396430363831343965613363366161
+63346162386533373334633261383237376330643738663761636166653033303933613630653835
-30353165313932623536393734306461616662663763333031623738383437643862623632656161
+66313439663732356539363833616338356337666335316136623231383161656362653561653565
-31323432633962613366306435626339663638633931323161373331353635306536623836376432
+33616437643533386263393733636666373237663132343432636664633535653535316134313266
-37373033306530623162316430613933366331303766386538396666346464363662646639643634
+66363362383662313632633535613635656364323939313466303634646237653061353766373831
-31373064646630343035326336376464663231343239643137353731303761643037313561313039
+62303366366564653231613863633564303637346262336535386366663034663832663762666132
-32613631353862376230316130333936376565373961383838383932396363396533316530383830
+64333630666463653266333430386135386436643939393964303230366538336562333737616639
-37386139396637613131366161376431323565643434333531656330643331653734393038303336
+65646566663363313430396132653832646263393739656564653138353637373362613261366230
-31366538663231623937653730326264633531623333363932656138396637303932333662383935
+62616561303735316230626134353266613938326563326232623361656364623062326365343534
-39323437396361613038376335353732333839383965313262643165363635386231666634653665
+62346433373965336430326632333634306463343934393830393165393933323439393534386665
-63333034663735623438393063333064363133396537646433383861613337313631633634343063
+32373235353037626638343066386563663431356465353039353338643835653166333761386433
-34303065343965343633653331393131613334356162323466656164343730323032396134303763
+64333338306661346436373238646134653233666565653834303935303235653661343366653563
-63393835646361316530643932613531326235313961663937653264656535623932303038616662
+63356566633730303033376230356363326561663232386161333566616334623236663562613234
-39336136346361636132303434373461333466333833313139346531303837306238613664613731
+63646561623565366332313837353461313566653531356662613663323065613035323731323832
-33363766393862663336383930326638346132326138623537656263366262353637626436313736
+31386166623935373139356239353037633363313531396466363735613332653430396161303366
-32643837303761336230353037663235323265313939323436323736366565663533626365376361
+37376238333831306231393433313734303839376132656532616461356662383430303532373937
-62633730373864386438653137326136373866363164616633636137356133643330623035323838
+39303634303762373736626439323830353665343162363531376134616466303762633535343866
-33326137393937383833346537633361383966313230636133363663373638373864393838636161
+3162
 64386631366530653063656634336537396330633763336235393538356139323565336134326337
 61633330333164643166373064623032356135623336393262386461646535326462393638373866
 37626266393962393564306530336462323137386434626363383365366238636235356432323533
 65343262666162643932393061363531346464393363623037366639376536386234646135646330
 36623837356637353132643435633632356266323830653866393636316130306538336334376234
 36303265363037306436346666376337653837373839313732386131306535666639653733353737
 66353531623431663532623865373931656233333234356532363730643234633963653435356237
 61633134333536616235626666333738613637366264613961333663336330653132313234653132
 39383336623736333634633863356366383430306465373932366534626131343236336439343663
 38643133626566366163653164356436313661626432653435616630336563386466383939613038
 30336433663563343532663032633161363535643962646161396531646130343431663863633736
 33656437363432623135313163323064353863303164656661633161616536313165383939663935
 65393164363533663934643034316332643137643861333233303062333138633337323330323865
 63633538626537363739623132336466393835316565633936616562656466316363623432303231
 37383465393034346130616632616539653735323730633035333138373632313662373566373265
 63623761323763616634343966386233306435633965633764363133306531363739613039386231
 39376432656662653165373162623565393964396538653065343164663233313465363537663963
 35326461313761363734306664623265663335333661633732626233323332383335613437633936
 66383031363332353937303165643864666236356133643861373032613366333837356434613437
 63346637316465306330306135343338623238363139633939653730323961353630353365323938
 30373165336337303434316336363737623439306633306363383433383666653661613030393466
 35323762616664393838396365636334626130663839666438633361356164663562303930623664
 39653235646230363031613061383563663761636131623064633265363737633433623130316234
 32643836393530373535353732373730303932313131653465353432353065326566633965656531
 64323462616638646234636662346532663964366538653934646538303237366531613939666338
 64643666626338333036363234663664326439306432353833633637373439616661666434313831
 34383334386538656564653862333565623165316439666235376535396232336263663033396532
 31393866636661303934306536343065366265376131326238616338336161646139393464346534
 34643664646535316133636236356430316434613762313738623066653336616339383366653934
 32663930333366623032663838656632643532303136663664303035346237616630653262346461
 33343066346233313534323831646139636263306132666563333963633664323463333262316664
 65636635333562636333303964666164393533653033336539663162333764376362373165613734
 6366393631666464616334646262316161363136646334356133
--- a/group_vars/all/secrets.yml.contents
+++ b/group_vars/all/secrets.yml.contents
@ -1,37 +0,0 @@
 # These are the variables contained in secrets.yml
 # Secrets are usually 32 characters or more, matching [a-Z0-9]
 postgres_passwords:
  fider: xxx
  nextcloud: xxx
  passit: xxx
  gitea: xxx
  matrix: xxx
  codimd: xxx
  mailu: xxx
  ttrss: xxx
 fider_jwt_secret: xxx
 ldap_admin_password: xxx
 ldap_config_password: xxx
 passit_secret_key: xxx
 docker_password: xxx
 mailu_secret_key: xxx
 drone_secrets:
  oauth_client_id: xxx
  oauth_client_secret: xxx
  rpc_shared_secret: xxx
 restic_secrets:
  user_secret: xxx
  encryption_secret: xxx
 mailman_secrets:
  postgres_password: xxx
  hyperkitty_api_key: xxx
  django_secret_key: xxx
--- a/playbook.yml
+++ b/playbook.yml
@ -23,11 +23,9 @@
      - docker_registry
      - drone
      - websites
      - ulovliglogning-dk
      - ouroboros
      - mailu
      - portainer
 #      - tt-rss
    smtp_host: "postfix"
    smtp_port: "587"
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@ -19,7 +19,6 @@ gitea:
 passit:
  domain: "passit.{{ base_domain }}"
  volume_folder: "{{ volume_root_folder }}/passit"
 fider:
  domain: "feedback.{{ base_domain }}"
@ -29,9 +28,7 @@ matrix:
  volume_folder: "{{ volume_root_folder }}/matrix"
 riot:
-  domains: 
+  domain: "riot.{{ base_domain }}"
  - "riot.{{ base_domain }}"
  - "element.{{ base_domain }}"
  volume_folder: "{{ volume_root_folder }}/riot"
 privatebin:
@ -52,25 +49,10 @@ docker_registry:
  password: "{{ docker_password }}"
 data_coop_website:
-  domains: 
+  domain: "{{ base_domain }}"
  - "{{ base_domain }}"
  - "www.{{ base_domain }}"
 cryptohagen_website:
-  domains: 
+  domain: "cryptohagen.dk"
  - "cryptohagen.dk"
  - "www.cryptohagen.dk"
 ulovliglogning_website:
  domains: 
  - "ulovliglogning.dk"
  - "www.ulovliglogning.dk"
  - "ulovlig-logning.dk"
 cryptoaarhus_website:
  domains: 
  - "cryptoaarhus.dk"
  - "www.cryptoaarhus.dk"
 drone:
  domain: "drone.{{ base_domain }}"
@ -87,6 +69,3 @@ portainer:
  domain: "portainer.{{ base_domain }}"
  volume_folder: "{{ volume_root_folder }}/portainer"
 ttrss:
  domain: rss.{{ base_domain }}
  volume_folder: "{{ volume_root_folder }}/tt-rss"
--- a/roles/docker/files/configs/matrix/homeserver.yaml
+++ b/roles/docker/files/configs/matrix/homeserver.yaml
@ -54,10 +54,6 @@ soft_file_limit: 0
 # Set to false to disable presence tracking on this homeserver.
 use_presence: true
 # If set to 'false', forbids any other homeserver to fetch the server's public
 # rooms directory via federation.
 allow_public_rooms_over_federation: true
 # The GC threshold parameters to pass to `gc.set_threshold`, if defined
 #
 #gc_thresholds: [700, 10, 10]
@ -415,7 +411,7 @@ uploads_path: "/data/uploads"
 # The largest allowed upload size in bytes
 #
-max_upload_size: "50M"
+max_upload_size: "10M"
 # Maximum number of pixels that will be thumbnailed
 #
@ -885,7 +881,7 @@ password_config:
 # Whether to allow non server admins to create groups on this server
 #
-enable_group_creation: true
+enable_group_creation: false
 # If enabled, non server admins can only create groups with local parts
 # starting with this prefix
--- a/roles/docker/files/configs/matrix/vhost-matrix
+++ b/roles/docker/files/configs/matrix/vhost-matrix
@ -1,2 +1 @@
 listen 8008;
 client_max_body_size 50M; # default is 1M
--- a/roles/docker/files/configs/matrix/vhost-riot
+++ b/roles/docker/files/configs/matrix/vhost-riot
@ -1 +0,0 @@
 client_max_body_size 50M; # default is 1M
--- a/roles/docker/files/configs/riot/config.json
+++ b/roles/docker/files/configs/riot/config.json
@ -1,7 +1,7 @@
 {
    "default_hs_url": "https://{{ matrix.domain }}",
    "default_is_url": "https://vector.im",
-    "brand": "element.data.coop",
+    "brand": "riot.data.coop",
    "integrations_ui_url": "https://scalar.vector.im/",
    "integrations_rest_url": "https://scalar.vector.im/api",
    "integrations_widgets_urls": [
--- a/roles/docker/tasks/services.yml
+++ b/roles/docker/tasks/services.yml
@ -3,6 +3,14 @@
  docker_network:
    name: external_services
 - name: setup network for postfix
  docker_network:
    name: postfix
    ipam_options:
      subnet: '172.16.0.0/16'
      gateway: 172.16.0.1
 - name: setup services
  include_tasks: "services/{{ item }}.yml"
  with_items: "{{ services }}"
--- a/roles/docker/tasks/services/drone.yml
+++ b/roles/docker/tasks/services/drone.yml
@ -1,51 +1,21 @@
 ---
- name: set up drone with docker runner
+- name: Drone container
-  docker_compose:
+  docker_container:
-    project_name: drone
+    name: drone
-    pull: yes
+    image: drone/drone:latest
-    definition:
+    restart_policy: unless-stopped
-      version: "3.6"
+    networks:
-      services:
+      - name: external_services
-        drone:
+    volumes:
-          container_name: "drone"
+      - "{{ drone.volume_folder }}:/data"
-          image: drone/drone:1
+      - "/var/run/docker.sock:/var/run/docker.sock"
-          restart: unless-stopped
+    env:
-          networks:
+      DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
-            - external_services
+      DRONE_GITEA_ALWAYS_AUTH: "False"
-            - drone
+      DRONE_RUNNER_CAPACITY: "2"
-          volumes:
+      DRONE_SERVER_HOST: "{{ drone.domain }}"
-            - "{{ drone.volume_folder }}:/data"
+      DRONE_SERVER_PROTO: "https"
-            - "/var/run/docker.sock:/var/run/docker.sock"
+      PLUGIN_CUSTOM_DNS: "91.239.100.100"
-          environment:
+      VIRTUAL_HOST: "{{ drone.domain }}"
-            DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
+      LETSENCRYPT_HOST: "{{ drone.domain }}"
-            DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
            DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
            DRONE_GIT_ALWAYS_AUTH: "true"
            DRONE_SERVER_HOST: "{{ drone.domain }}"
            DRONE_SERVER_PROTO: "https"
            DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
            PLUGIN_CUSTOM_DNS: "91.239.100.100"
            VIRTUAL_HOST: "{{ drone.domain }}"
            LETSENCRYPT_HOST: "{{ drone.domain }}"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
        drone-runner-docker:
          container_name: "drone-runner-docker"
          image: "drone/drone-runner-docker:1"
          restart: unless-stopped
          networks:
            - drone
          volumes:
            - "/var/run/docker.sock:/var/run/docker.sock"
          environment:
            DRONE_RPC_HOST: "{{ drone.domain }}"
            DRONE_RPC_PROTO: "https"
            DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
            DRONE_RUNNER_CAPACITY: 2
            DRONE_RUNNER_NAME: "data.coop_drone_runner"
      networks:
        drone:
        external_services:
          external:
            name: external_services
--- a/roles/docker/tasks/services/gitea.yml
+++ b/roles/docker/tasks/services/gitea.yml
@ -1,13 +1,9 @@
 ---
 - name: gitea network
  docker_network:
    name: gitea
 # old DNS: 138.68.71.153
 - name: gitea container
  docker_container:
    name: gitea
-    image: gitea/gitea:1.12.3
+    image: gitea/gitea:latest
    restart_policy: unless-stopped
    networks:
      - name: gitea
--- a/roles/docker/tasks/services/mailman.yml
+++ b/roles/docker/tasks/services/mailman.yml
@ -1,72 +1,68 @@
 ---
 - name: run mailman server containers
-  docker_compose:
+  docker_service:
    project_name: "mailman"
    definition:
      version: '2'
      services:
        mailman-web:
          image: maxking/mailman-web:0.3.5
          depends_on:
            - database
          links:
            - database:database
          volumes:
            - /opt/mailman/web:/opt/mailman-web-data
          environment:
            DATABASE_TYPE: "postgres"
            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@database/mailmandb"
            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
            SERVE_FROM_DOMAIN: "lists.data.coop"
            MAILMAN_ADMIN_USER: "valberg"
            MAILMAN_ADMIN_EMAIL: "valberg@orn.li"
            SECRET_KEY: "{{ mailman_secrets.django_secret_key }}"
            VIRTUAL_HOST: "lists.data.coop"
            VIRTUAL_PORT: 8000
            LETSENCRYPT_HOST: "lists.data.coop"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
          networks:
            - "mailman"
            - "postfix"
            - "external_services"
        mailman-core:
-          image: maxking/mailman-core:0.3
+          image: maxking/mailman-core:0.2
          container_name: mailman-core
          hostname: mailman-core
          volumes:
            - /opt/mailman/core:/opt/mailman/
          stop_grace_period: 30s
          links:
            - mailman-web:mailmain-web
            - database:database
          depends_on:
            - database
          environment:
-            DATABASE_URL: "postgres://mailman:{{ mailman_secrets.postgres_password }}@database/mailmandb"
+            - DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb
-            DATABASE_TYPE: "postgres"
+            - DATABASE_TYPE=postgres
-            DATABASE_CLASS: "mailman.database.postgresql.PostgreSQLDatabase"
+            - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
-            HYPERKITTY_API_KEY: "{{ mailman_secrets.hyperkitty_api_key }}"
+            - HYPERKITTY_API_KEY={{ hyperkitty_api_key }}
          networks:
-            - "mailman"
+            mailman:
-            - "postfix"
+              ipv4_address: 172.19.199.2
-            - "external_services"
+
        mailman-web:
          image: maxking/mailman-web:0.2
          container_name: mailman-web
          hostname: mailman-web
          depends_on:
            - database
          links:
            - mailman-core:mailman-core
            - database:database
          volumes:
            - /opt/mailman/web:/opt/mailman-web-data
          environment:
            - DATABASE_TYPE=postgres
            - DATABASE_URL=postgres://mailman:{{ postgresql}}@database/mailmandb
            - HYPERKITTY_API_KEY={{ hyperkitty_api_key }}
          networks:
            mailman:
              ipv4_address: 172.19.199.3
        database:
          environment:
            POSTGRES_DB: mailmandb
            POSTGRES_USER: mailman
-            POSTGRES_PASSWORD: "{{ mailman_secrets.postgres_password }}"
+            POSTGRES_PASSWORD: mailmanpass
          restart: always
-          image: postgres:13
+          image: postgres:9.6-alpine
          volumes:
            - /opt/mailman/database:/var/lib/postgresql/data
          networks:
-            - "mailman"
+            mailman:
              ipv4_address: 172.19.199.4
      networks:
-        mailman:
+         mailman:
-        postfix:
+           driver: bridge
-          external: true
+           ipam:
-        external_services:
+             driver: default
-          external: true
+             config:
             -
      subnet: 172.19.199.0/24
--- a/roles/docker/tasks/services/mailu.yml
+++ b/roles/docker/tasks/services/mailu.yml
@ -38,7 +38,7 @@
    force: yes
 - name: run mail server containers
-  docker_compose:
+  docker_service:
    project_name: mail_server
    pull: yes
    definition:
@ -78,7 +78,6 @@
            - "993:993"
            - "25:25"
            - "587:587"
            - "465:465"
          networks:
            - default
            - external_services
--- a/roles/docker/tasks/services/matrix_riot.yml
+++ b/roles/docker/tasks/services/matrix_riot.yml
@ -46,11 +46,6 @@
    src: files/configs/matrix/vhost-matrix
    dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
 - name: upload vhost config for riot domain
  template:
    src: files/configs/matrix/vhost-riot
    dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
 - name: upload homeserver.yaml
  template:
    src: "files/configs/matrix/homeserver.yaml"
@ -62,7 +57,7 @@
    dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
 - name: set up matrix and riot
-  docker_compose:
+  docker_service:
    project_name: matrix
    pull: yes
    definition:
@ -82,7 +77,7 @@
        matrix_app:
          container_name: matrix
-          image: matrixdotorg/synapse:v1.18.0
+          image: matrixdotorg/synapse:v0.99.2
          restart: unless-stopped
          networks:
            - matrix
@ -93,7 +88,6 @@
            - "{{ matrix.volume_folder }}/data:/data"
          environment:
            SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
            SYNAPSE_CACHE_FACTOR: "2"
            SYNAPSE_LOG_LEVEL: "INFO"
            VIRTUAL_HOST: "{{ matrix.domain }}"
            VIRTUAL_PORT: "8008"
@ -102,7 +96,7 @@
        riot:
          container_name: riot_app
-          image: avhost/docker-matrix-riot:v1.7.3
+          image: avhost/docker-matrix-riot:v1.0.3
          restart: unless-stopped
          networks:
            - matrix
@ -112,9 +106,9 @@
          volumes:
            - "{{ riot.volume_folder }}/data:/data"  
          environment:
-            VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
+            VIRTUAL_HOST: "{{ riot.domain }}"
            VIRTUAL_PORT: "8080"
-            LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
+            LETSENCRYPT_HOST: "{{ riot.domain }}"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
      networks:     
--- a/roles/docker/tasks/services/netdata.yml
+++ b/roles/docker/tasks/services/netdata.yml
@ -21,7 +21,5 @@
      LETSENCRYPT_HOST: "{{ netdata.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
      PGID: "999"
    labels:
      com.ouroboros.enable: "true"
--- a/roles/docker/tasks/services/ouroboros.yml
+++ b/roles/docker/tasks/services/ouroboros.yml
@ -14,5 +14,5 @@
      LABELS_ONLY: "true"
      CLEANUP: "true"
      LATEST: "true"
-      CRON: "*/10 * * * *"
+      CRON: "*/1 * * * *"
--- a/roles/docker/tasks/services/passit.yml
+++ b/roles/docker/tasks/services/passit.yml
@ -1,47 +1,45 @@
 ---
- name: setup passit containers
+- name: passit network
-  docker_compose:
+  docker_network:
-    project_name: "passit"
+    name: passit
    pull: "yes"
    definition:
      version: "3.6"
      services:
-        passit_db:
+- name: passit database volume
-          image: "postgres:10"
+  docker_volume:
-          restart: "always"
+    name: passit_db
          networks:
            - "passit"
          volumes:
            - "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
          environment:
            POSTGRES_USER: "passit"
            POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
-        passit_app:
+- name: passit database container
-          image: "passit/passit:stable"
+  docker_container:
-          command: "bin/start.sh"
+    name: passit_db
-          restart: "always"
+    image: postgres:10
-          networks:
+    state: started
-            - "passit"
+    restart_policy: always
-            - "postfix"
+    networks:
-            - "external_services"
+      - name: passit
-          environment:
+    volumes:
-            DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
+      - passit_db:/var/lib/postgresql/data
-            SECRET_KEY: "{{ passit_secret_key }}"
+    env:
-            IS_DEBUG: 'False'
+      POSTGRES_USER: passit
-            EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
+      POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
            DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
            EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
-            VIRTUAL_HOST: "{{ passit.domain }}"
+- name: passit app container
-            LETSENCRYPT_HOST: "{{ passit.domain }}"
+  docker_container:
-            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
+    name: passit
    image: passit/passit:stable
    command: bin/start.sh
    restart_policy: always
    networks:
      - name: passit
      - name: postfix
      - name: external_services
    env:
      DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
      SECRET_KEY: "{{ passit_secret_key }}"
      IS_DEBUG: 'False'
      EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
      DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
      EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
-      networks:
+      VIRTUAL_HOST: "{{ passit.domain }}"
-        passit:
+      LETSENCRYPT_HOST: "{{ passit.domain }}"
-        postfix:
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
          external: true
        external_services:
          external: true
--- a/roles/docker/tasks/services/portainer.yml
+++ b/roles/docker/tasks/services/portainer.yml
@ -8,7 +8,7 @@
 - name: run portainer
  docker_container:
    name: portainer
-    image: portainer/portainer-ce:2.0.1
+    image: portainer/portainer
    restart_policy: always
    networks:
      - name: external_services
@ -19,6 +19,5 @@
      - 9001:9000
    env:
      VIRTUAL_HOST: "{{ portainer.domain }}"
      VIRTUAL_PORT: "9000"
      LETSENCRYPT_HOST: "{{ portainer.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
--- a/roles/docker/tasks/services/postfix.yml
+++ b/roles/docker/tasks/services/postfix.yml
@ -1,21 +1,6 @@
 ---
 - name: setup network for postfix
  docker_network:
    name: postfix
    ipam_config:
      - subnet: '172.16.0.0/16'
        gateway: 172.16.0.1
 - name: setup postfix docker container for outgoing mail
  vars:
    mynetworks:
      - 127.0.0.0/8
      - 10.0.0.0/8
      - 172.16.0.0/12
      - 192.168.0.0/16
      - 172.19.199.2
      - 172.19.199.3
  docker_container:
    name: postfix
    image: boky/postfix
@ -24,4 +9,4 @@
      - name: postfix
    env:
      ALLOWED_SENDER_DOMAINS: "{{ base_domain }}"
-      MYNETWORKS: "{{ mynetworks|join(',') }}"
+
--- a/roles/docker/tasks/services/restic-backup.yml
+++ b/roles/docker/tasks/services/restic-backup.yml
@ -1,38 +0,0 @@
 ---
 - name: setup restic backup
  docker_compose:
    project_name: restic_backup
    pull: yes
    definition:
      version: '3.6'
      services:
        restic-backup:
          image: mazzolino/restic
          restart: always
          environment:
            RUN_ON_STARTUP: "true"
            BACKUP_CRON: "0 30 3 * * *"
            RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen" 
            RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
            RESTIC_BACKUP_SOURCES: "/mnt/volumes"
            RESTIC_BACKUP_ARGS: >-
              --tag datacoop-volumes
              --exclude='*.tmp'
              --verbose
            RESTIC_FORGET_ARGS: >-
              --keep-last 10
              --keep-daily 7
              --keep-weekly 5
              --keep-monthly 12
            TZ: Europe/Copenhagen
          volumes:
            - /docker-volumes:/mnt/volumes:ro
        restic-prune:
          image: "mazzolino/restic"
          environment:
            RUN_ON_STARTUP: "true"
            PRUNE_CRON: "0 0 4 * * *"
            RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
            RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
            TZ: Europe/copenhagen
--- a/roles/docker/tasks/services/tt-rss.yml
+++ b/roles/docker/tasks/services/tt-rss.yml
@ -1,53 +0,0 @@
 ---
 - name: create tt-rss folders
  file:
    name: "{{ ttrss.volume_folder }}/{{ volume }}"
    state: directory
  loop:
    - "config"
    - "db"
  loop_control:
    loop_var: volume
 - name: "set up tt-rss"
  docker_compose:
    project_name: "tt-rss"
    pull: yes
    definition:
      version: "3.6"
      services:
        ttrss_db:
          container_name: "ttrss_db"
          image: "postgres:11"
          restart: "unless-stopped"
          networks:
            - "ttrss"
          volumes:
            - "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
          environment:
            POSTGRES_USER: "ttrss"
            POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
        ttrss_app:
          container_name: ttrss_app
          image: "linuxserver/tt-rss"
          restart: unless-stopped
          networks:
            - ttrss
            - external_services 
          volumes: 
            - "{{ ttrss.volume_folder }}/config:/config"
          environment:
            VIRTUAL_HOST: "{{ ttrss.domain }}"
            LETSENCRYPT_HOST: "{{ ttrss.domain }}"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
            TZ: "Europe/Copenhagen"
          labels:
            com.ouroboros.enable: "true"   
      networks:     
        external_services:
          external:
            name: external_services
        ttrss:
          name: "ttrss"
--- a/roles/docker/tasks/services/ulovliglogning-dk.yml
+++ b/roles/docker/tasks/services/ulovliglogning-dk.yml
@ -1,13 +0,0 @@
 - name: setup ulovliglogning.dk website docker container
  docker_container:
    name: ulovliglogning_website
    restart_policy: unless-stopped
    image: ulovliglogning/ulovliglogning.dk:latest
    networks:
      - name: external_services
    env:
      VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
      LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    labels:
      com.ouroboros.enable: "true"
--- a/roles/docker/tasks/services/websites.yml
+++ b/roles/docker/tasks/services/websites.yml
@ -8,22 +8,8 @@
    networks:
      - name: external_services
    env:
-      VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
+      VIRTUAL_HOST : "{{ data_coop_website.domain }}"
-      LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "{{ data_coop_website.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    labels:
      com.ouroboros.enable: "true"
 - name: setup new data.coop website using hugo
  docker_container:
    name: new.data.coop_website
    image: docker.data.coop/data-coop-website:hugo
    restart_policy: unless-stopped
    networks:
      - name: external_services
    env:
      VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
      LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    labels:
      com.ouroboros.enable: "true"    
@ -36,22 +22,8 @@
    networks:
      - name: external_services
    env:
-      VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
+      VIRTUAL_HOST : "{{ cryptohagen_website.domain }}"
-      LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
+      LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    labels:
      com.ouroboros.enable: "true"  
 - name: setup cryptoaarhus.dk website docker container
  docker_container:
    name: cryptoaarhus_website
    restart_policy: unless-stopped
    image: docker.data.coop/cryptoaarhus-website
    networks:
      - name: external_services
    env:
      VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
      LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    labels:
      com.ouroboros.enable: "true"  
--- a/roles/docker/templates/mailu.env.j2
+++ b/roles/docker/templates/mailu.env.j2
@ -41,7 +41,7 @@ POSTMASTER=admin
 TLS_FLAVOR=mail
 # Authentication rate limit (per source IP address)
-AUTH_RATELIMIT=120/minute;1200/hour
+AUTH_RATELIMIT=10/minute;1000/hour
 # Opt-out of statistics, replace with "True" to opt out
 DISABLE_STATISTICS=False
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/ubuntu_base/tasks/base.yml
@ -1,5 +1,5 @@
 ---
- name: Install necessary packages via apt
+- name: Install necessary packages
  apt:
    name: "{{ packages }}"
  vars:
@ -9,10 +9,3 @@
    - apparmor
    - haveged
 - name: Install necessary packages via pip
  pip:
    name: "{{ packages }}"
  vars:
    packages:
      - docker
      - docker-compose
`@ -1,2 +1 @@`
	`listen 8008;`	`listen 8008;`
	`client_max_body_size 50M; # default is 1M`