Compare commits
323 commits
Author | SHA1 | Date | |
---|---|---|---|
|
3e24254b57 | ||
|
bd4f92fd65 | ||
|
1bba1d066b | ||
|
aeaa48d7ca | ||
|
ed237c9661 | ||
|
e633ca13b4 | ||
|
92ca044d06 | ||
|
41116063a2 | ||
|
1bfa6bdd1d | ||
|
9a03f71252 | ||
|
00927a19df | ||
|
a0988aa05d | ||
|
4112bb73b6 | ||
|
e30f1d57d5 | ||
|
ebf3608bdc | ||
|
ce030b2dea | ||
|
4f129168c6 | ||
|
d468e49830 | ||
|
ae497f0284 | ||
|
ac64706fcb | ||
|
9fb16d3a69 | ||
|
6982d0feaa | ||
|
1b68766cd6 | ||
|
d90b769640 | ||
|
f792bf3dd1 | ||
|
266f990d1a | ||
|
241d63494f | ||
|
4c65521447 | ||
|
a95c3ea17e | ||
|
590597b137 | ||
|
d05a504e61 | ||
|
a99b39824c | ||
|
7aae344da0 | ||
|
26b98681fc | ||
|
542268ffc6 | ||
|
54a63ca069 | ||
|
46ffcd792c | ||
|
068d3bd444 | ||
|
39fffe71ae | ||
|
0fdfd2e76f | ||
|
9164b39906 | ||
|
88c4d99fc0 | ||
|
7ef64bd132 | ||
|
a3b5f5520d | ||
|
dfcca8a3e9 | ||
|
f627d1cf32 | ||
|
c7289b4c5a | ||
|
bd074929ac | ||
|
e426c3d6c5 | ||
|
3b8c526da1 | ||
|
27321a16a2 | ||
|
0166d2434d | ||
|
6e4b3e4aa4 | ||
|
04d4e38751 | ||
|
4082c6fde3 | ||
|
85e1da3cbf | ||
|
15fa5d6215 | ||
|
2966e6715b | ||
|
5ae78bcd17 | ||
|
3dc4e14c15 | ||
|
af6a130695 | ||
|
98fcc2d634 | ||
|
3ac2d83971 | ||
|
3001317e20 | ||
|
301d1b7719 | ||
|
f8b4e49f7f | ||
|
d0b23d4ef5 | ||
|
6cb06d43f1 | ||
|
62f548d05b | ||
|
f067a1b6c2 | ||
|
52b1d1ccd2 | ||
|
f50831460c | ||
|
728455f42a | ||
|
85aa718480 | ||
|
a47440b6b5 | ||
|
3098e1e320 | ||
|
656fb6baab | ||
|
28992b66af | ||
|
136b675ccd | ||
|
ddb9629dea | ||
|
1449185591 | ||
|
191ba1e011 | ||
|
2629c7c2f9 | ||
|
927d1e31ee | ||
|
d662ae321e | ||
|
0272b93527 | ||
|
a372c1a980 | ||
|
c50bccfada | ||
|
4e6f18311d | ||
|
a741a0c26c | ||
|
bb145efff2 | ||
|
2a74df91f1 | ||
|
085bb1dfe7 | ||
|
4d09c1ec11 | ||
|
f9946e72ca | ||
|
9126fd8d61 | ||
|
fc74fa0a3b | ||
|
1ebaef9f59 | ||
|
e2a6d19a32 | ||
|
ec73fb702c | ||
|
7d8b96cef0 | ||
|
9920676155 | ||
|
8c24a02a43 | ||
|
7d13fc5302 | ||
|
ef7c00b748 | ||
|
863b285b07 | ||
|
c5857d0ba8 | ||
|
f5ffd21dd3 | ||
|
de67592d6e | ||
|
bc4868cd8e | ||
|
1a3ba48c07 | ||
|
96f65c02da | ||
|
604c67e28f | ||
|
30b52c2747 | ||
|
b2b949ee98 | ||
|
d8d0d32838 | ||
|
d2681c27a0 | ||
|
f1df97ca04 | ||
|
493062b00a | ||
|
863cd56001 | ||
|
f7afe5ba00 | ||
|
f9049451e9 | ||
|
b5d980510d | ||
|
b042d555b6 | ||
|
98d57e4cfa | ||
|
b1f1db5b30 | ||
|
9cc70decab | ||
|
04799e4a8f | ||
|
2ca0b8daba | ||
|
77e4d90589 | ||
|
9a255c692c | ||
|
3bddaaa22c | ||
|
5cae83c557 | ||
|
e9410c4f8f | ||
|
ef5ef78ccb | ||
|
9d4c7be801 | ||
|
32f25aeb8f | ||
|
2d11a664b4 | ||
|
9a4912f9b5 | ||
|
2d85dec774 | ||
|
82aa6f67aa | ||
|
31b2bcd35e | ||
|
b7307c3e8e | ||
|
b3c2f36a9d | ||
|
be450fc8b8 | ||
|
593dddd00e | ||
|
16aec98808 | ||
|
a5d59b9336 | ||
|
388e0526ca | ||
|
b445d7db17 | ||
|
7ca168ae03 | ||
|
209ccf9916 | ||
|
f81fab3d11 | ||
|
9733794292 | ||
|
2f1c1887ba | ||
|
34f95f31e4 | ||
|
a246dbf497 | ||
|
58f3df7ed0 | ||
|
1bbf1edf57 | ||
|
035c683f67 | ||
|
99e2d04829 | ||
|
5b2f460cad | ||
|
5bcba6fa59 | ||
|
f02440048c | ||
|
b6f30af8ba | ||
|
a7776ab30a | ||
|
a10b07fa2c | ||
|
231af48a40 | ||
|
d6ce46e2f2 | ||
|
ad9a42f223 | ||
|
44eb59fb86 | ||
|
2485c25dc1 | ||
|
35d0844bd7 | ||
|
a3d5c70c06 | ||
|
7d889b4f02 | ||
|
9c559e3322 | ||
|
a1ac25b56d | ||
|
f1737bb9c8 | ||
|
7851fe3522 | ||
|
3fb8ecb72f | ||
|
8fc0a97d23 | ||
|
64ec448fc0 | ||
|
b1c9113cb7 | ||
|
76df6320a4 | ||
|
99f9615ef2 | ||
|
3b8c475bb1 | ||
|
019b646caa | ||
|
cf756ee881 | ||
|
000216d74d | ||
|
cd03e98f10 | ||
|
cff82acd9f | ||
|
bbd6b6f8da | ||
|
2c9c501562 | ||
|
0dcc0a6d75 | ||
|
51c8acc119 | ||
|
73bf2d41ba | ||
|
c4f3911400 | ||
|
759ea93dd3 | ||
|
97e5f264f9 | ||
|
6cd0eadade | ||
|
09215e117a | ||
|
789caed704 | ||
|
6a29cdc84d | ||
|
bd9c134e07 | ||
|
3f036ac0ea | ||
|
bef767ebd8 | ||
|
3b7732031c | ||
|
93b1ed60ae | ||
|
59dae865c5 | ||
|
e45eb02208 | ||
|
a1e8203d55 | ||
|
ab1f170790 | ||
|
c8d603b6aa | ||
|
f3fd5c7c74 | ||
|
e983499f9b | ||
|
7c7379c42c | ||
|
a89140ef51 | ||
|
bb920407f3 | ||
|
1356aa54c8 | ||
|
7962a75481 | ||
|
4611d890f7 | ||
|
5945d6847f | ||
|
8b1b3e1e3c | ||
|
d15e7e562f | ||
|
e328c558cf | ||
|
62d5a3ccca | ||
|
44b5f91eef | ||
|
fa603b07d9 | ||
|
67a8c3d1a2 | ||
|
439a538c14 | ||
|
814a268965 | ||
|
5a63e8e1a8 | ||
|
124d8660db | ||
|
74dfcfb5e8 | ||
|
221ddd987f | ||
|
687bff35e9 | ||
|
9261cb1952 | ||
|
1f61909605 | ||
|
d9de1efc9a | ||
|
2fa5bf4982 | ||
|
78b15ddcc4 | ||
|
d6766e601a | ||
|
cbc209c381 | ||
|
f040880c26 | ||
|
394e158c51 | ||
|
14d97ee7a6 | ||
|
fc7ca37b07 | ||
|
71cc3e2241 | ||
|
d53c6d41dc | ||
|
9852a42470 | ||
|
efbdcc9a5a | ||
|
e0c0163aae | ||
|
fe4b3ede81 | ||
|
8180a736f7 | ||
|
728cffc453 | ||
|
31a73f48fb | ||
|
d467084fb7 | ||
|
20b977eacb | ||
|
e917636d05 | ||
|
1ebfab5abf | ||
|
12effe5673 | ||
|
c9ab9f0c66 | ||
|
e5dcfea003 | ||
|
27b918b46b | ||
|
5d26e1cdea | ||
|
a4a06d8a58 | ||
|
2c9dce8600 | ||
|
4bc69b49bb | ||
|
bcbe0a8285 | ||
|
a92d840ce0 | ||
|
5a54eb6b1e | ||
|
c802777867 | ||
|
a03263b1f5 | ||
|
52ead4fee5 | ||
|
58dbf9ff22 | ||
|
ba44677cf3 | ||
|
fc0c0c5036 | ||
|
5b2e2c0f60 | ||
|
42e1900715 | ||
|
d597a956ff | ||
|
5f718e1027 | ||
|
536441d24b | ||
|
bf60417904 | ||
|
aecb929dbb | ||
|
f905696264 | ||
|
d4f8fbcebe | ||
|
0e7cc20bce | ||
|
57f05d7d81 | ||
|
cc2fab6ad7 | ||
|
a81862fd8b | ||
|
e85b119bfe | ||
|
dcb2e8be05 | ||
|
f0ca964c5b | ||
|
dc51b62872 | ||
|
dd6b29bccd | ||
|
f71d534afe | ||
|
b043b95353 | ||
|
8f9196ce60 | ||
|
74883a564d | ||
|
f0979ec654 | ||
|
73adef15f9 | ||
|
9f3a6c67ff | ||
|
e68145bc5e | ||
|
326393aadb | ||
|
a6420830e4 | ||
|
e806ffc3ad | ||
|
7b60ae1c28 | ||
|
371237b9f8 | ||
|
09b05bf657 | ||
|
442bb4ad58 | ||
|
a8287a712b | ||
|
ed9c742aed | ||
|
b07cf84dd3 | ||
|
997779d627 | ||
|
c6a3cb5150 | ||
|
964a6c0793 | ||
|
70dff33044 | ||
|
57f6e9ad4f | ||
|
515861c206 | ||
|
2e3cd4c8b0 | ||
|
1417c9dbf6 | ||
|
40afe51998 | ||
|
0aeb0fef96 |
111
.ansible-lint
Normal file
111
.ansible-lint
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
# .ansible-lint
|
||||||
|
|
||||||
|
profile: null # min, basic, moderate,safety, shared, production
|
||||||
|
|
||||||
|
# exclude_paths included in this file are parsed relative to this file's location
|
||||||
|
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||||
|
# option are parsed relative to the CWD of execution.
|
||||||
|
exclude_paths:
|
||||||
|
- .cache/ # implicit unless exclude_paths is defined in config
|
||||||
|
- .github/
|
||||||
|
- test/fixtures/formatting-before/
|
||||||
|
- test/fixtures/formatting-prettier/
|
||||||
|
# parseable: true
|
||||||
|
# quiet: true
|
||||||
|
# strict: true
|
||||||
|
# verbosity: 1
|
||||||
|
|
||||||
|
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||||
|
mock_modules:
|
||||||
|
- zuul_return
|
||||||
|
# note the foo.bar is invalid as being neither a module or a collection
|
||||||
|
- fake_namespace.fake_collection.fake_module
|
||||||
|
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||||
|
mock_roles:
|
||||||
|
- mocked_role
|
||||||
|
- author.role_name # old standalone galaxy role
|
||||||
|
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||||
|
|
||||||
|
# Enable checking of loop variable prefixes in roles
|
||||||
|
loop_var_prefix: "{role}_"
|
||||||
|
|
||||||
|
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||||
|
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||||
|
# to skip_list.
|
||||||
|
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||||
|
|
||||||
|
use_default_rules: true
|
||||||
|
# Load custom rules from this specific folder
|
||||||
|
# rulesdir:
|
||||||
|
# - ./rule/directory/
|
||||||
|
|
||||||
|
# Ansible-lint completely ignores rules or tags listed below
|
||||||
|
skip_list:
|
||||||
|
- skip_this_tag
|
||||||
|
|
||||||
|
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||||
|
# You must enable opt-in rules by listing each rule 'id' below.
|
||||||
|
enable_list:
|
||||||
|
- empty-string-compare # opt-in
|
||||||
|
- no-log-password # opt-in
|
||||||
|
- no-same-owner # opt-in
|
||||||
|
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||||
|
# library is missing. Normally its absence just skips using that rule.
|
||||||
|
- yaml
|
||||||
|
# Report only a subset of tags and fully ignore any others
|
||||||
|
# tags:
|
||||||
|
# - jinja[spacing]
|
||||||
|
|
||||||
|
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||||
|
warn_list:
|
||||||
|
- skip_this_tag
|
||||||
|
- experimental # experimental is included in the implicit list
|
||||||
|
# - role-name
|
||||||
|
# - yaml[document-start] # you can also use sub-rule matches
|
||||||
|
|
||||||
|
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||||
|
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||||
|
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||||
|
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||||
|
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||||
|
# write_list:
|
||||||
|
# - all
|
||||||
|
|
||||||
|
# Offline mode disables installation of requirements.yml
|
||||||
|
offline: false
|
||||||
|
|
||||||
|
# Return success if number of violations compared with previous git
|
||||||
|
# commit has not increased. This feature works only in git
|
||||||
|
# repositories.
|
||||||
|
progressive: false
|
||||||
|
|
||||||
|
# Define required Ansible's variables to satisfy syntax check
|
||||||
|
extra_vars:
|
||||||
|
foo: bar
|
||||||
|
multiline_string_variable: |
|
||||||
|
line1
|
||||||
|
line2
|
||||||
|
complex_variable: ":{;\t$()"
|
||||||
|
|
||||||
|
# Uncomment to enforce action validation with tasks, usually is not
|
||||||
|
# needed as Ansible syntax check also covers it.
|
||||||
|
# skip_action_validation: false
|
||||||
|
|
||||||
|
# List of additional kind:pattern to be added at the top of the default
|
||||||
|
# match list, first match determines the file kind.
|
||||||
|
kinds:
|
||||||
|
# - playbook: "**/examples/*.{yml,yaml}"
|
||||||
|
# - galaxy: "**/folder/galaxy.yml"
|
||||||
|
# - tasks: "**/tasks/*.yml"
|
||||||
|
# - vars: "**/vars/*.yml"
|
||||||
|
# - meta: "**/meta/main.yml"
|
||||||
|
- yaml: "**/*.yaml-too"
|
||||||
|
|
||||||
|
# List of additional collections to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_collections:
|
||||||
|
# - example_ns.example_collection
|
||||||
|
|
||||||
|
# List of additions modules to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_modules:
|
||||||
|
# - example_module
|
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,4 +1,6 @@
|
||||||
playbook.retry
|
*.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
|
.idea/
|
||||||
|
venv/
|
||||||
|
|
14
.pre-commit-config.yaml
Normal file
14
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
repos:
|
||||||
|
|
||||||
|
#- repo: https://github.com/semaphor-dk/dansabel
|
||||||
|
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||||
|
# hooks:
|
||||||
|
# - id: dansabel
|
||||||
|
|
||||||
|
- repo: https://github.com/ansible/ansible-lint
|
||||||
|
rev: v6.9.0
|
||||||
|
hooks:
|
||||||
|
- id: ansible-lint
|
||||||
|
files: \.(yaml|yml)$
|
||||||
|
additional_dependencies:
|
||||||
|
- ansible
|
12
Makefile
Normal file
12
Makefile
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||||
|
|
||||||
|
create_venv:
|
||||||
|
python3 -m venv venv
|
||||||
|
venv/bin/pip install -U pip
|
||||||
|
venv/bin/pip install ansible pre-commit
|
||||||
|
|
||||||
|
install_pre_commit:
|
||||||
|
venv/bin/pre-commit install
|
||||||
|
|
||||||
|
install_ansible_galaxy_modules:
|
||||||
|
venv/bin/ansible-galaxy collection install community.general
|
108
README.md
Normal file
108
README.md
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
# data.coop infrastructure
|
||||||
|
|
||||||
|
This repository contains the code used to deploy data.coop's services
|
||||||
|
and websites. We use Ansible to encode our infrastructure setup. Only
|
||||||
|
the association's administrators have access to deploy the services.
|
||||||
|
|
||||||
|
## Deploying
|
||||||
|
|
||||||
|
To deploy the services, the included `deploy.sh` script can be used. The
|
||||||
|
Ansible playbook uses two custom-made roles (in the `roles/` directory):
|
||||||
|
|
||||||
|
- `ubuntu_base` - used to configure the host itself and install the
|
||||||
|
necessary packages
|
||||||
|
- `docker` - used to deploy our services and websites with Docker
|
||||||
|
containers
|
||||||
|
|
||||||
|
The script has options to deploy only one of the roles. Select services
|
||||||
|
only can also be specified. By default, the script deploys everything.
|
||||||
|
|
||||||
|
Here is a summary of the options that can be used with the script:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# deploy everything
|
||||||
|
./deploy.sh
|
||||||
|
|
||||||
|
# deploy the ubuntu_base role only
|
||||||
|
./deploy.sh base
|
||||||
|
|
||||||
|
# deploy user setup only
|
||||||
|
./deploy.sh users
|
||||||
|
|
||||||
|
# deploy the docker role only
|
||||||
|
./deploy.sh services
|
||||||
|
|
||||||
|
# deploy SINGLE_SERVICE Docker service only
|
||||||
|
./deploy.sh services SINGLE_SERVICE
|
||||||
|
```
|
||||||
|
|
||||||
|
`SINGLE_SERVICE` should match one of the service names in the `services`
|
||||||
|
dictionary in `roles/docker/defaults/main.yml` (e.g. `gitea` or
|
||||||
|
`data_coop_website`).
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
In order for us to be able to test our setup locally, we use Vagrant to
|
||||||
|
deploy the services in a virtual machine. To do this, Vagrant and
|
||||||
|
VirtualBox must both be installed on the development machine. Then, the
|
||||||
|
services can be deployed locally by using the `vagrant` command-line
|
||||||
|
tool. The working directory needs to be the root of the repository for
|
||||||
|
this to work properly.
|
||||||
|
|
||||||
|
> Note: As our secrets are contained in an Ansible Vault file, only the
|
||||||
|
> administrators have the ability to run the deployment in Vagrant.
|
||||||
|
> However, one could replace the vault file for testing purposes.
|
||||||
|
|
||||||
|
Here is a summary of the commands that are available with the `vagrant`
|
||||||
|
command-line tool:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# Create and provision the VM
|
||||||
|
vagrant up
|
||||||
|
|
||||||
|
# Re-provision the VM
|
||||||
|
vagrant provision
|
||||||
|
|
||||||
|
# SSH into the VM
|
||||||
|
vagrant ssh
|
||||||
|
|
||||||
|
# Power down the VM
|
||||||
|
vagrant halt
|
||||||
|
|
||||||
|
# Power down and delete the VM
|
||||||
|
vagrant destroy
|
||||||
|
```
|
||||||
|
|
||||||
|
The `vagrant` command-line tool does not support supplying extra
|
||||||
|
variables to Ansible on runtime, so to be able to deploy only parts of
|
||||||
|
the Ansible playbook to Vagrant, the `deploy.sh` script can be used with
|
||||||
|
the `--vagrant` flag. Here are some examples:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# deploy the ubuntu_base role only in the Vagrant VM
|
||||||
|
./deploy.sh --vagrant base
|
||||||
|
|
||||||
|
# deploy SINGLE_SERVICE Docker service only in the Vagrant VM
|
||||||
|
./deploy.sh --vagrant services SINGLE_SERVICE
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that the `--vagrant` flag should be the first argument when using
|
||||||
|
the script.
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
If you want to contribute, you can fork the repository and submit a pull
|
||||||
|
request. We use a pre-commit hook for linting the YAML files before
|
||||||
|
every commit, so please use that. To initialize pre-commit, you need to
|
||||||
|
have Python and GNU make installed. Then, just run the following shell
|
||||||
|
command:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
make init
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nice tools
|
||||||
|
|
||||||
|
- [J2Live](https://j2live.ttl255.com/): A live Jinja2 parser, nice to
|
||||||
|
test out filters
|
||||||
|
|
48
Vagrantfile
vendored
48
Vagrantfile
vendored
|
@ -1,24 +1,38 @@
|
||||||
Vagrant.require_version ">= 1.7.0"
|
Vagrant.require_version ">= 2.0.0"
|
||||||
|
PORT = 19022
|
||||||
|
|
||||||
|
def provisioned?(vm="default", provider="virtualbox")
|
||||||
|
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
|
||||||
|
end
|
||||||
|
|
||||||
Vagrant.configure(2) do |config|
|
Vagrant.configure(2) do |config|
|
||||||
|
config.vm.network :private_network, ip: "192.168.56.10"
|
||||||
|
config.vm.network :forwarded_port, guest: PORT, host: PORT
|
||||||
|
|
||||||
config.vm.define "datacoop" do |datacoop|
|
config.vm.box = "ubuntu/focal64"
|
||||||
datacoop.vm.box = "ubuntu/bionic64"
|
config.vm.hostname = "datacoop"
|
||||||
datacoop.vm.hostname = "datacoop"
|
|
||||||
datacoop.vm.provider "virtualbox" do |v|
|
config.vm.provider :virtualbox do |v|
|
||||||
v.memory = 4096
|
v.cpus = 8
|
||||||
end
|
v.memory = 16384
|
||||||
datacoop.vm.network "private_network", ip: "192.168.0.42"
|
end
|
||||||
datacoop.vm.provision "ansible" do |ansible|
|
|
||||||
ansible.verbose = "v"
|
config.vm.provision :ansible do |ansible|
|
||||||
ansible.compatibility_mode = "2.0"
|
ansible.compatibility_mode = "2.0"
|
||||||
ansible.playbook = "playbook.yml"
|
ansible.playbook = "playbook.yml"
|
||||||
ansible.ask_vault_pass = true
|
ansible.ask_vault_pass = true
|
||||||
ansible.host_vars = {
|
ansible.verbose = "v"
|
||||||
"datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"}
|
|
||||||
|
# If the VM is already provisioned, we need to use the new port
|
||||||
|
if provisioned?
|
||||||
|
config.ssh.guest_port = PORT
|
||||||
|
ansible.extra_vars = {
|
||||||
|
ansible_port: PORT,
|
||||||
|
from_vagrant: true
|
||||||
}
|
}
|
||||||
ansible.groups = {
|
else
|
||||||
"all" => ["datacoop"]
|
ansible.extra_vars = {
|
||||||
|
from_vagrant: true
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
remote_user = root
|
ask_vault_pass = True
|
||||||
inventory = datacoop_hosts
|
inventory = datacoop_hosts
|
||||||
|
interpreter_python = /usr/bin/python3
|
||||||
|
remote_user = root
|
||||||
|
retry_files_enabled = True
|
||||||
|
use_persistent_connections = True
|
||||||
|
forks = 10
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
######################################
|
[production]
|
||||||
### All hosts
|
hevonen.servers.data.coop ansible_port=19022
|
||||||
85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
|
||||||
|
[monitoring]
|
||||||
|
uptime.data.coop
|
||||||
|
|
39
deploy.sh
39
deploy.sh
|
@ -1,6 +1,26 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
usage () {
|
||||||
|
{
|
||||||
|
echo "Usage: $0 [--vagrant]"
|
||||||
|
echo "Usage: $0 [--vagrant] base"
|
||||||
|
echo "Usage: $0 [--vagrant] users"
|
||||||
|
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
||||||
|
} >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
BASE_CMD="ansible-playbook playbook.yml"
|
||||||
|
|
||||||
|
if [ "$1" = "--vagrant" ]; then
|
||||||
|
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||||
|
VAGRANT_VAR="from_vagrant"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||||
|
echo "Installing community.general modules"
|
||||||
|
ansible-galaxy collection install community.general
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
echo "Deploying all!"
|
echo "Deploying all!"
|
||||||
|
@ -10,10 +30,21 @@ else
|
||||||
"services")
|
"services")
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
echo "Deploying all services!"
|
echo "Deploying all services!"
|
||||||
$BASE_CMD --tags setup_services
|
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
else
|
else
|
||||||
echo "Deploying services: $2"
|
echo "Deploying service: $2"
|
||||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
||||||
fi
|
fi
|
||||||
|
;;
|
||||||
|
"base")
|
||||||
|
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
|
;;
|
||||||
|
"users")
|
||||||
|
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,130 +1,175 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
61323133323862626633633435646431343564633238646365393335366237613031656239333865
|
61613366663339336437363136623339356237313933373030613438663430613938306336323139
|
||||||
3866376365386635616332303537633736643530376631620a646135643565343163316232393437
|
3234343636653638653533656337313138356538376134330a636566313532303362326466663830
|
||||||
61643038326566303362343163633965343164613332396436656663356433336264393133326632
|
36376130386361306535373936353864303464663136363261356130323730663362303537666363
|
||||||
6664376531353534660a313532633464313638623734366364663963613363363933646337396231
|
6437613762336531660a666232663762656162643234663839626663393330646566663933666164
|
||||||
65383065616162353465633132363833393963396463663465383333646336613765663331336163
|
35616164306433613734313132636266646266303464623034323338326534363133393365336334
|
||||||
37656364396362663066373562666538383436616330316164653434623038306238363861646233
|
61376637366435653766316562386337656266366537353863623633356439636331326436313637
|
||||||
32666433643663613463303461666332353765326138393966316462633166356666326365346230
|
61626232626664326163396437353065363735616133393730353936653734323863336263383436
|
||||||
64663334613032623734373661383066623931663533306139333930396635326230353233343737
|
31316339313333356537393266396431393330633161303634653935626562666266326265653761
|
||||||
30383763323566656561333435613362363436636136313264373063316531366531633733373939
|
64613163623137663532623565633434366238373664336330663439373033653861633161613835
|
||||||
36396262393030343939613431653635333738306137616130666234616363313665393132346661
|
31326237396631643836346339326235363663333230326438303334666236363536356237376536
|
||||||
34366463343034653934383532346530376365316164326665643535333639333965376439626230
|
61356163626231366239313065363836393332616537623237333736613161303063313437623564
|
||||||
38343133336331386266643034623238323461353136323463383931323165366331666133363438
|
37316164353436343537316433613763313064636366326130653764346463376330306430316636
|
||||||
64353336653832393664303561303137623830393432653661363633353438646339303930343333
|
32336136333738343361353536623465616339666431343265316564366431623131653435653561
|
||||||
36313935386262353862336363363034363738636234626333303031316338633761623835363662
|
62656662386333613337653831646635323566333131386363313233653861383634623666336430
|
||||||
33623465336236303539393039363431383937363062666262303737393663633133306135383936
|
35636166643063653039656131663664303363343738353662643335356134343336306263313861
|
||||||
36316432396161653037363535653061376561356436333533616339656661313238613964636362
|
35633332346366663932336236636462336662323234316261613333393031353232623435316339
|
||||||
66363162656262333033306262396132383331623032326631383138346361376132303263626138
|
62623063313536333962316463383063376430353163643362393539323830393132343063653963
|
||||||
32643964336332363133316264336365396239353533356666393563313733373939613463373837
|
33363932333532616132343531636434653834366230343238663836643939363931376262323561
|
||||||
61643966666337306266313131393866636532343561336464366239393834306138373436366337
|
64323937616661373434613764396639336366356430373966363266656239666434373635373133
|
||||||
63383030346163626536363433623965333166393562666430623736643635633038663563343633
|
65663530636363356436343765333830633061613337326361303433306231353762373331623463
|
||||||
30313438623036346137623262386636643232366533346239623631326631613662333932663936
|
39323738656335656139633034626432346265353638323539356132663036623965313033326363
|
||||||
31363136363035313238336239303561386239666162333365333864643439376566343062623839
|
34313333636333643465333563336661643536333639373639316439323036333065313662343663
|
||||||
61623163333362666339326337326333373134323836613263343437316439343963663537313832
|
37336532366630383331366338353434383135363162626335643664396262633630636163316330
|
||||||
32376534663166313939393633313936663438333063396239633666326338346239316662646635
|
64656162616236616131396665386136373534343263303933323262373537343339303639663035
|
||||||
65306631396664613765373733636435373135316231363232396662666238376539303564343164
|
37613234666439326333343136663264626465396431613437353564393162333032343538393536
|
||||||
33663264303738393933643231396539376564633930356165613861616162386535626663336131
|
31366564363663313630313033323862336635623862633733333739636461323066663037643131
|
||||||
38666633663765366335336462366630613137616463343432643661376163393061666239623531
|
64393535373364623531356665353833313139626134666230666533666166373265306531336238
|
||||||
35353335313761346432313266356138363231373132343863666165666362663065636163323866
|
63633361373162383665363332626433623861346139393632366366306137396561623437306635
|
||||||
34396662656137626336623465653864393530336237386134373033336563386461373563666238
|
64323462383562643638633437613663656463303064393564626131633161393436336631326131
|
||||||
30363537376565313263363631303638643664633937393938353337386630313533353636393434
|
64343339383030333864373564633766663238626638646438363431623963356464633330636363
|
||||||
38396162386563616166393463666431666265396361663530386462343062643036623064363236
|
36396164303631613137343966323162346135626638623737396635333661623364616335633965
|
||||||
36336163633436373036306539636132333735643131623462383230313430643861653466393434
|
62373733656233646437626236346635396466336438383466393831386539383262653633373531
|
||||||
36383033623235653665666265336239306533363737306466666265323439383966346666346434
|
36343935626338356334666363613137363935343362383265303338366266646233373963656239
|
||||||
61323537366662633064646162333965306161316137333131383362653637343531336262633238
|
65353461323432316366636531353665626534396562343836323563613231393361633162343033
|
||||||
38336533313435303465333732363230623662653662346136343765633066333031323537653961
|
63663436323532396332313735343262653738626664643931386661313136613830373637393632
|
||||||
36353262653334393339653037316135386638653231626564363139373637663336373839623337
|
64366264373838316538663865643166356630323265383139613036323539396136393934353865
|
||||||
63663036356563613430373662336631666163333932343562313261323663333961666638376531
|
32303266303131363836376664343431366633383765383966363365663761653533656265316230
|
||||||
35376238303966636236356566633130666231663139623137336136633537336433393230383165
|
33303466326665633263306562393133303438616538316362336436633963643331613631616130
|
||||||
61393234663832646638316639613637623632316666333537393737306366333863306361376161
|
31616135656231313763336336666632633563636136643062363437323937643834326235653065
|
||||||
65613265656536666539643061386366346230323230623466373233626138643261356465653833
|
63633866663766613234623863643335656333346138386463623565356437356165646538363738
|
||||||
39616265383865313763316339653830313630303861643031386330386239323235373537303663
|
38333366323165353633613365353031653164653435613136663064656330613764386361396236
|
||||||
33323937306538333137343036656164353630373430633231323832633630666133303866356437
|
32346636643462396630303530653364343338393061323336306161646163376464323230326463
|
||||||
37326632326634306630653936323166343361346363653964663866313030646137613564316534
|
35653166326461656539303863333232333166336533613339656234393337383031623065323132
|
||||||
33393937396237336463316164303733306630636564623837383163666166396630613037343337
|
35386233343739663439306134643365373232336539306634623332323939366638383062386361
|
||||||
33336634303639616536373436666666396438643863363564343533373261333135646133373539
|
38303035383462333766393335373731663638316139643231396138326634383839393663323630
|
||||||
63363732393664366566336232663630636239353664666461633138336164363433363534356363
|
38363232303564366462663462383466353664663234313165326539393632343732626166303031
|
||||||
38633034303832376530336462366164613538303136333161313230643138616130376132376337
|
66326662383338376663626166623661613561343035653336376139396633636336313539363639
|
||||||
33643939666430323037373631383064316465396462613765376539613535643330353239333233
|
36333065663737613965383739366561356130396136343337376138393831376234316464336531
|
||||||
32323134353438323834336465373230346666636366363938363339353765313238636464303063
|
35366663616665623732303430346131636437373731386333616162366261336235616134306535
|
||||||
66663661663765366663336435633630613134613661306334356333663430663337663732393832
|
31623130353335326334363334386566346433313166323332303930396465663833393130393131
|
||||||
64613066396539333231353131346137373936383939316566316435303466666133313437313463
|
35333637646335343536626432323539626238636264626563336463386363653834336262303663
|
||||||
61373836643536363835633835313263613533303761623135616365646237336564323334363934
|
34636332656139373231626661663461643336363262326437656531313333333739613363396165
|
||||||
65666631383331393131393363303066396134303964326561396536633562663737326235383938
|
36333532353061616239636235373963653532653838643161633837653733663537633138666233
|
||||||
32323763643162393133363134396564643032353562343831313765653961663131393166616265
|
36343036353866313263633733656634613963643931333838653561623739653639623935663831
|
||||||
62653030363232363938633532393262653834626565336432663437376361613537646432633561
|
35663534653830313236663539356663396165363638613333303366363565666465326339336437
|
||||||
63343133396665636636616137313239653635616564373130366139656337313433303835623563
|
33333936373566383239643663366532666235336533333962333731616366313733643963616161
|
||||||
63373361396363373932386432646562316230313730333230323364653230343666633636323535
|
31323631303566383937303338376332383537313566613761353864326532613933323337306661
|
||||||
63313132303436306263653666396234396566343637383562353435663663356566666264313331
|
61333234333238366437306237366432383066323830373236333431653063613664336433343463
|
||||||
61623632393131303130666437343633666339393562316564333064376631333662373561643261
|
37353033646538343635666564326337656264396163393561303734633739646539396138313464
|
||||||
36343634353732316631396163643135396566653030376332346261656638363864623966326538
|
38333161633938646462383834633662623332333630626531373339373439616138353235363638
|
||||||
32356663636333306163653966323965363863316261313532353362376235353330343532353639
|
39303837313534366338326133323337396339316533663334316330373562643339396665353861
|
||||||
66353439666161666335373437323137366261336530326537393934633139313234656165306662
|
30383433323339306637383731333331383436643531393233353639633238393136626264383664
|
||||||
36383233313436633930363133313531636235333939393363653038336331616163636433353232
|
34333331616330663565376330626535383765613835643964666132303838336165383565303964
|
||||||
32646633373562353138326631333038386464653166313038666335643132653664376139343363
|
38376630623733656361643663393164613766616462623034656631366433326132383033366363
|
||||||
31383666373539316438363661663536653934323466346662626465326434653763393938666563
|
37366232386135356264323936366431356262323664386661356239633836346238613162373937
|
||||||
65663262643935626436343933366464343738633762636637323338356132363739313765663137
|
61376265653865626437303765393662646234343230636538376531313833363136616265346366
|
||||||
62343161373466653166666538306133363039353565353635346366343730643537396466306165
|
34653132333239353865363638366632666133393034623130316566633532326238306532613963
|
||||||
30626638366662383466303137363834393862643435636537346165353935393431356533396464
|
63333534346635643135386139333661326532353435613461636165356339616431346166373632
|
||||||
37636161373030346536333635633935656663376661313566643464376438643834666161363635
|
62376435366238646335323239616666313838643137633632366232366363653234376134363039
|
||||||
64656137356335623533353738396137356361396130353966646337353631346263626635316533
|
33333733343937333366633434313533633463613033636432636265636261396332633162393763
|
||||||
37363066653063616539323430346439333464663766346566323865353235646534303063613433
|
63383263383966663534346330396335663836663132366439376134646138363336323233363339
|
||||||
30323633626263613038383638313438363932613333336130656234353830636463336437313963
|
62626164353832633733326236623865343130643564373830396634306266643637323133633834
|
||||||
34376462323361366463646239626238633639666263663031386263643930653461333437643436
|
66663533376264393835623632313264633464303432333365323365383533666565633831363339
|
||||||
38663136353230653636343966393131313265383962636365633237646537303866646139636130
|
34636533656466373930313461336138313439666634386434383862646563373163613565343136
|
||||||
37346133343630653932326465396363386431313235666365653366343638633539663865333462
|
32646466326461373065306637386631666633633364393630316637636364323966623766633330
|
||||||
66343831363438646438376434353131633666613633346563613732343066646239613730653937
|
34386163633865653734373538336234616161363036333236363735303765376432666632613030
|
||||||
35663035326465613537353566633066336131633765643732386631643732313663363639373462
|
38303532656263613063633865353633646566396661376535623335383931336465306666303963
|
||||||
32333564386338313766656331653761326231636239303031373138376563636166373930613332
|
64613665363662656237366334383632323862346430313030346538643939366362303734636538
|
||||||
37356137343462306133656461363130623937633233356638303530636139643038636163623634
|
63336234383863306633353061653166656231323332313931326637666665396162643930633835
|
||||||
39363735383661346235626662333337343838626463333761303737363464353730356634656138
|
64313233393433653261626364656566313836313634316631646639356438333336376166313161
|
||||||
30623961353964343462623464313363663462366265303139366263663637653236613439393032
|
35316133636635383936616666313764663936653035353333356239313030346339333065343739
|
||||||
65313833666232646465323936343862613638326666383938366139373836316462353435303561
|
66616537383736636234653165333930633239643966326266646365373330313738316131393961
|
||||||
36626366653130613666656662336637313562396236373966613165303834313866383634666637
|
35636161626532323862313261333130653739383062306164633062376566346432663839643831
|
||||||
64623865316335623836336537313036383562306438326263356138613730333337626461623536
|
37363337383761643430323661383039646164323665333765333534663635666262623266313339
|
||||||
32663163386138653966323666346162373834666566663233313665333934653863376336636335
|
64373530646537376136636239333035333461303539386666643366643936303563396132373234
|
||||||
35363862646565623261336634613637323865336437326662666135343763313030336531386537
|
33326130386435346238646430383630656261333630326330376336303638376137646361306630
|
||||||
65626266616562323139326461376363343336376364363061316333643139356130306264383335
|
64303031363435653834393035383135346239663063386239303365373663303764373631316165
|
||||||
31656265353566376464666233336333613036643934376239333331313264306462663730376664
|
62323938323834333763356239386661643136363961373766653930613134313233343166343734
|
||||||
37653937363833313132303164656336653036633961303031306665316634386534393263656337
|
31313664643639316531346333356638666135346231326561666234636539653862366630636134
|
||||||
65363666643331393262336462346663396638346430333966343261323535623339376131643061
|
37326230333237303461326466623764653163393935366361643264366531333630646261333435
|
||||||
35326535663934326563376130306539636262353966363731323135366133623337386235386136
|
33303866383332303730323736353639633533656661643361363537663436656466633664643132
|
||||||
65633935643061336162353436323061336332363535643564326430626664626438393536653639
|
35633263353862376435383031613030303434326135643431396363373933373130343766333765
|
||||||
34616635363666326530616361336433313530653436663838636666323231623236626637366530
|
33646434373961366134323534656264303562313033653930336437376630376135666339306661
|
||||||
30626433346433313762333661306632366162396437316135393137343235383161353637366265
|
65646635346535666538643734313462383631336236393963373631623530383430633438633235
|
||||||
61633538343030636532633239653335653538323962613165353835363538666265646661393330
|
66313062613136326364363434303135363739353464386263303137303534663166326463323732
|
||||||
61626135666535313262643137333935333730623734356637313933353638646232633637643139
|
65323931666331353630643062383061343836383266663035376631613636306564313133343238
|
||||||
63313233333831386335643134393332336261643735336263633864336235303634656530613537
|
38626563663834363739366236323061663165656361626366373366633932386134336665393830
|
||||||
35323962613165313862643033623930393931353932326133373866363734643137386434636533
|
32623733616566336539343039313532643131336439663736343137316264666562636562386364
|
||||||
36646361323866353736646135633261666338303230623338396236383130303238626464346565
|
66343930336531383634663339383931623537313835346566363434343231323565333036333832
|
||||||
38383738316235353837363863366339613862633230636662313437653533363863333763313532
|
30363937393831616537323832393064313330663732393061383437633437366161313131393534
|
||||||
38636130643165383833313563336435646136656333643238646161363966626436393338396632
|
65323663666161363039366663303633663739633832626132306164653266623766313031616230
|
||||||
37376563363632376437323430643361656365653366663339613661343263356438623831383233
|
32653763393636616331313932373935633039313038303762623039303032343738386134346164
|
||||||
33633734623735613530383932653735386639383665303666336631383735653364663761643363
|
64366130336233316330653261333661303839363965663232393233623837633461393239326433
|
||||||
34303633666461633330623263653831376435323934613266653162633732356662636534376464
|
30626235363666623464393935393262666633353337336331393762656333373763633866326664
|
||||||
30353361333634326631353464303034636135306662373439313239653530626463623637323939
|
33313966623438346637643239663535306166383062306332383337613864656664313932623137
|
||||||
63383936343865346561353364636130383438376133643938346139353434373230666639663438
|
30306563386561643435313030393139333063616232363433336431303330643239636663653231
|
||||||
36626630343736363466303364336535353930303562623437653933613233346564373365356661
|
32383762303539633235353464306431653539316630636630626536346235393966366639346563
|
||||||
35303866623764663634613931643831383862393662373935336233646435643635343937356232
|
37333264633832393139663561616633323361316237313863356537336364663666623333633439
|
||||||
35343239353465616363383535646664343035306564663463316638653163303237396239613936
|
33313735613163346562643539393836363566653464363534313637353030613436646432333964
|
||||||
65356466613264626434346262363462653739623630336136306163396333313762333436633136
|
36616137396439333764323634376366366438643337666266323831316139336264336363656364
|
||||||
37636535386566386530616164616332376536323061613562306534656132393763643132626230
|
63646533366562623862383336343633663963363530396532623037646331643435336161656239
|
||||||
65633030666262326433346338663030666662333033343034313864666137383137636435613533
|
36386434326261343462353863653866646265336436613438383835353637626530333932353238
|
||||||
63383365333733366436653735626464613362333162333966366533623961383735316432613965
|
66376632643863616233326235623864616330333730353533326466393434653333333433393664
|
||||||
38393532383763396134633763633063653762626234333933353263303866636137303766393633
|
62313435366537386436306166653932626436323636623430313739656239663662393931316136
|
||||||
33386665613935373132363537376632393132623662633362376135333838656431633835333333
|
38383464326537616230363734643237356333323964376430383364393632313136636333616365
|
||||||
63623933663639376566366131303537666562653730343235386563306336616263336239383037
|
33316139363238303338303165623032623265633461663466363737313362386336393939643066
|
||||||
61326562303761643562653035616531323130393164333538396432306661663630633038623038
|
34303535643261386666666138323938623438643437623933353031633662326562643836353931
|
||||||
32326439653131626539376135616463666166356233323836623261356663613836616433303966
|
61376136356231636164336263653539326134616636356338633835633563373339363964343738
|
||||||
30353562643365646662313366376538646534333839363965313565616532613964366635636530
|
39353864623662303466393132313131666366643266356133336131633862366537353235396366
|
||||||
32343163643531323034346531313639633431643330306437336363333337396638316633343964
|
66306438393963303438353035643866623265376236343636363636316135643466656639396661
|
||||||
39343331366364356430616463636662356432386438386239353733306535376536333933376439
|
38396462353538643466616166383566663431653238376162363764383030373831393336656436
|
||||||
34363931393361633835346236616637376234326239383162633436393863316662633233653333
|
64643635376334363832643063306362313238636431623962376362343365343439343937613564
|
||||||
33333632643033356337643533633038323937663132666564396330363633333566356130383566
|
65613464396433373964373730383833636661303230353238343032323834336435613731656561
|
||||||
66643438346630616634323161623562346661353332353534636236386133653538373966396464
|
66646661363736303430656363323130323130373131346435383137316636333831306164343835
|
||||||
62323631626436633733306131363365623464326139666666636261313137623432353461333963
|
39333730623564383663633664343235333365656366386465316238316535333330363839393465
|
||||||
37333437313338343933306137393063393861643761636462376462623063376161376566356435
|
66383062316366386465383164323462383934646361306136376161316265383564366361343233
|
||||||
30613538643764366161636437383036313962346262633532616463313531366665643637613935
|
30346537313236643665363866313432306233306331366630313862633966613739663964363533
|
||||||
62333239633736333333303566633062333730643666393561363566363562633636353934376533
|
37316634383034366665626130313462663964383962353933633261653066636163333836333064
|
||||||
3636
|
64623133306432353631323931373235373934356531666663383939346132613265323635333935
|
||||||
|
64636131383265303662393133336261326265326562663837383564366433323764363430323731
|
||||||
|
33613333383030663434616665663439326162333832376333613935623139313465303933343239
|
||||||
|
37633539316133376331316538613035383139643362616363326535656635396263343732373038
|
||||||
|
64373435613266646661613961313233383063646335616537366633656165656538626631373032
|
||||||
|
36336463643262343235353533326262653964386662356137366261333566383662366433363436
|
||||||
|
61346630306233363135623437643634326365386265623436623366323739663136653034616437
|
||||||
|
38326331393764303262636438633433363332323263396265303631663737393639393361306532
|
||||||
|
39333664646638333938363130626661656137366637356263376133306363363565353262626564
|
||||||
|
66363863316166373638666465656630346533333635663432616132653365353463636638376639
|
||||||
|
63313163323266323136303730643830613239616262656363643935333566633530376566653435
|
||||||
|
36326431313034303930663534326335663964326263373936373065626634386337353964313162
|
||||||
|
30646561383839336235636632303832366266393736633136343137633331633730343962343433
|
||||||
|
63316337613239633339303366613765333634643636313966313362326262643639363161363131
|
||||||
|
37326130343166323938653265336638643538363031383938313264623539336264303136333031
|
||||||
|
30313130623634333764616439336631353863623962643935616361646434333665326230323765
|
||||||
|
37363637333165373631613561353735613135303939636466313761303764393164356662353032
|
||||||
|
30386662396533653665313337363732623361336638353536636665653437643364353335613035
|
||||||
|
31663730323065343135303839633363333337396537643135373435636434333566356438303761
|
||||||
|
31396366373935663763336661363537663636616564376434363166343964616533386339656365
|
||||||
|
36616364333164396633336366313666663265613436383364306138313335363031613163366330
|
||||||
|
65396133356262316233383665306262343133643136646432326663363531353664643961656232
|
||||||
|
66356265333135633836633164626336363363343765346261636162653438643964646239303261
|
||||||
|
38643238393830346433646338616433373364353864633435646531393562343439373334613138
|
||||||
|
66396139356164333864356466633131313433633261626630343764373334633638626431323739
|
||||||
|
36356562363532336239323063636461643864363566336232306331306138333233666534333538
|
||||||
|
37636232393333316565383263353933363166633930376465613731643630363335376639356336
|
||||||
|
36343262383535653839616234363835376265356639633138636161346262363330343936663064
|
||||||
|
39653235373931656366316335363731303038323366646564343466613836333131396231336163
|
||||||
|
64623038613536303635613963383761313035363261646165336661366238346531363365346562
|
||||||
|
62343036656430663938336365626336633535313036306231353863313563303935333838396361
|
||||||
|
37383131613834343233616163396262343561326138386236313162376262636334656565343266
|
||||||
|
32373230636135626533626433656533353432343461366231313863363034623631333330663238
|
||||||
|
31613566366361636534323662343363373836396134653439343938376131336430626563353333
|
||||||
|
62363037613730316563656234323665383464396237656332663166366634303036313236383831
|
||||||
|
39313164663136663633623336613166633965346632623364383234356630363934366632323434
|
||||||
|
31343261643731656430356634613831643666383934383164396238666162643838306166653664
|
||||||
|
62633963366465303662393930383764626462333832653136636461643130363564353566383233
|
||||||
|
36383331616265383437636430303865323435663939323833643465373836643863346235356266
|
||||||
|
39666664336263313365383034303637396164663366613263613337626465386632333163373366
|
||||||
|
62643335656230316432306235393433323933633836333833336639306636353163363663623736
|
||||||
|
34333165393165633563363762376662326632313766326166353863343937626165393136656436
|
||||||
|
39646163326262396263343030343263643033333630373233616338323939616137303630613336
|
||||||
|
36313266323263366436666230316134643161616638376431356438303932303736336432666535
|
||||||
|
30383963396664306265393031663238346538613038393564363134646237346531383962346638
|
||||||
|
6237396161373638623639343131346633316265333036323161
|
||||||
|
|
|
@ -1,19 +1,17 @@
|
||||||
# These are the variables contained in secrets.yml
|
# These are the variables contained in secrets.yml
|
||||||
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||||
|
---
|
||||||
postgres_passwords:
|
postgres_passwords:
|
||||||
fider: xxx
|
|
||||||
nextcloud: xxx
|
nextcloud: xxx
|
||||||
passit: xxx
|
passit: xxx
|
||||||
gitea: xxx
|
gitea: xxx
|
||||||
matrix: xxx
|
matrix: xxx
|
||||||
codimd: xxx
|
|
||||||
mailu: xxx
|
mailu: xxx
|
||||||
ttrss: xxx
|
|
||||||
keycloak: xxx
|
keycloak: xxx
|
||||||
|
hedgedoc: xxx
|
||||||
mastodon: xxx
|
mastodon: xxx
|
||||||
|
rallly: xxx
|
||||||
fider_jwt_secret: xxx
|
membersystem: xxx
|
||||||
|
|
||||||
ldap_admin_password: xxx
|
ldap_admin_password: xxx
|
||||||
ldap_config_password: xxx
|
ldap_config_password: xxx
|
||||||
|
@ -24,14 +22,18 @@ docker_password: xxx
|
||||||
|
|
||||||
mailu_secret_key: xxx
|
mailu_secret_key: xxx
|
||||||
|
|
||||||
|
nextcloud_secrets:
|
||||||
|
redis_password: xxx
|
||||||
|
|
||||||
drone_secrets:
|
drone_secrets:
|
||||||
oauth_client_id: xxx
|
oauth_client_id: xxx
|
||||||
oauth_client_secret: xxx
|
oauth_client_secret: xxx
|
||||||
rpc_shared_secret: xxx
|
rpc_shared_secret: xxx
|
||||||
|
|
||||||
restic_secrets:
|
restic_secrets:
|
||||||
user_secret: xxx
|
repository_password: xxx
|
||||||
encryption_secret: xxx
|
ssh_privkey: xxx
|
||||||
|
uptime_kuma_url: xxx
|
||||||
|
|
||||||
matrix_secrets:
|
matrix_secrets:
|
||||||
registration_shared_secret: xxx
|
registration_shared_secret: xxx
|
||||||
|
@ -39,7 +41,7 @@ matrix_secrets:
|
||||||
form_secret: xxx
|
form_secret: xxx
|
||||||
|
|
||||||
keycloak_secrets:
|
keycloak_secrets:
|
||||||
admin_user: xxx //used for setting up the initial admin user on first run
|
admin_user: xxx # used for setting up the initial admin user on first run
|
||||||
admin_password: xxx
|
admin_password: xxx
|
||||||
|
|
||||||
mastodon_secrets:
|
mastodon_secrets:
|
||||||
|
@ -47,3 +49,12 @@ mastodon_secrets:
|
||||||
otp_secret: xxx
|
otp_secret: xxx
|
||||||
vapid_private_key: xxx
|
vapid_private_key: xxx
|
||||||
vapid_public_key: xxx
|
vapid_public_key: xxx
|
||||||
|
|
||||||
|
rallly_secrets:
|
||||||
|
secret_password: xxx
|
||||||
|
|
||||||
|
membersystem_secrets:
|
||||||
|
secret_key: xxx
|
||||||
|
|
||||||
|
diun:
|
||||||
|
matrix_password: xxx
|
|
@ -1,28 +1,35 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
users:
|
users:
|
||||||
- name: graffen
|
- name: graffen
|
||||||
comment: Jesper Hess Nielsen
|
comment: Jesper Hess Nielsen
|
||||||
password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30
|
password: '!'
|
||||||
groups:
|
groups: []
|
||||||
- sudo
|
ssh_keys: []
|
||||||
keys:
|
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
|
|
||||||
|
|
||||||
- name: valberg
|
- name: valberg
|
||||||
comment: Vidir Valberg Gudmundsson
|
comment: Vidir Valberg Gudmundsson
|
||||||
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
|
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
|
||||||
groups:
|
groups:
|
||||||
- sudo
|
- sudo
|
||||||
keys:
|
ssh_keys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
|
||||||
|
|
||||||
- name: reynir
|
- name: reynir
|
||||||
comment: Reynir Björnsson
|
comment: Reynir Björnsson
|
||||||
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
|
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
|
||||||
groups:
|
groups:
|
||||||
- sudo
|
- sudo
|
||||||
keys:
|
ssh_keys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
|
||||||
|
|
||||||
volume_root_folder: "/docker-volumes"
|
- name: samsapti
|
||||||
|
comment: Sam Al-Sapti
|
||||||
|
password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60
|
||||||
|
groups:
|
||||||
|
- sudo
|
||||||
|
ssh_keys:
|
||||||
|
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||||
|
|
38
playbook.yml
38
playbook.yml
|
@ -1,39 +1,27 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: production
|
||||||
gather_facts: False
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
base_domain: data.coop
|
|
||||||
letsencrypt_email: bestyrelsen@data.coop
|
|
||||||
ldap_dn: "dc=data,dc=coop"
|
ldap_dn: "dc=data,dc=coop"
|
||||||
|
|
||||||
services:
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
- nginx-proxy
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
- openldap
|
|
||||||
- thelounge
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
- nextcloud
|
letsencrypt_email: "admin@{{ base_domain }}"
|
||||||
- fider
|
|
||||||
- passit
|
|
||||||
- gitea
|
|
||||||
- postfix
|
|
||||||
- matrix_riot
|
|
||||||
- privatebin
|
|
||||||
- codimd
|
|
||||||
- netdata
|
|
||||||
- docker_registry
|
|
||||||
- drone
|
|
||||||
- websites
|
|
||||||
- ulovliglogning-dk
|
|
||||||
- ouroboros
|
|
||||||
- mailu
|
|
||||||
- portainer
|
|
||||||
# - tt-rss
|
|
||||||
|
|
||||||
smtp_host: "postfix"
|
smtp_host: "postfix"
|
||||||
smtp_port: "587"
|
smtp_port: "587"
|
||||||
|
|
||||||
|
services_exclude:
|
||||||
|
- uptime_kuma
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- import_role:
|
||||||
name: ubuntu_base
|
name: ubuntu_base
|
||||||
|
tags:
|
||||||
|
- base_only
|
||||||
- import_role:
|
- import_role:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
|
@ -1,113 +1,229 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
|
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||||
|
|
||||||
nginx:
|
services:
|
||||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
### Internal services ###
|
||||||
|
postfix:
|
||||||
|
domain: "smtp.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "v3.6.1-alpine"
|
||||||
|
|
||||||
ldap:
|
nginx_proxy:
|
||||||
domain: "ldap.{{ base_domain }}"
|
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
pre_deploy_tasks: true
|
||||||
|
version: "1.3-alpine"
|
||||||
|
acme_companion_version: "2.2"
|
||||||
|
|
||||||
thelounge:
|
openldap:
|
||||||
domain: "irc.{{ base_domain }}"
|
domain: "ldap.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "1.5.0"
|
||||||
|
phpldapadmin_version: "0.9.0"
|
||||||
|
|
||||||
nextcloud:
|
netdata:
|
||||||
domain: "cloud.{{ base_domain }}"
|
domain: "netdata.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||||
|
version: "v1"
|
||||||
|
|
||||||
gitea:
|
portainer:
|
||||||
domain: "git.{{ base_domain }}"
|
domain: "portainer.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
|
version: "2.19.0"
|
||||||
|
|
||||||
passit:
|
keycloak:
|
||||||
domain: "passit.{{ base_domain }}"
|
domain: sso.{{ base_domain }}
|
||||||
volume_folder: "{{ volume_root_folder }}/passit"
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
|
version: "22.0"
|
||||||
|
postgres_version: "10"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
fider:
|
restic:
|
||||||
domain: "feedback.{{ base_domain }}"
|
volume_folder: "{{ volume_root_folder }}/restic"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
remote_user: dc-user
|
||||||
|
remote_domain: rynkeby.skovgaard.tel
|
||||||
|
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||||
|
repository: restic
|
||||||
|
version: "1.7.0"
|
||||||
|
disabled_in_vagrant: true
|
||||||
|
# mail dance
|
||||||
|
domain: "noreply.{{ base_domain }}"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
mail_from: "backup@noreply.{{ base_domain }}"
|
||||||
|
|
||||||
matrix:
|
docker_registry:
|
||||||
domain: "matrix.{{ base_domain }}"
|
domain: "docker.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
post_deploy_tasks: true
|
||||||
|
username: "docker"
|
||||||
|
password: "{{ docker_password }}"
|
||||||
|
version: "2"
|
||||||
|
|
||||||
riot:
|
### External services ###
|
||||||
domains:
|
nextcloud:
|
||||||
- "riot.{{ base_domain }}"
|
domain: "cloud.{{ base_domain }}"
|
||||||
- "element.{{ base_domain }}"
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
volume_folder: "{{ volume_root_folder }}/riot"
|
pre_deploy_tasks: true
|
||||||
|
version: 28-apache
|
||||||
|
postgres_version: "10"
|
||||||
|
redis_version: 7-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
privatebin:
|
forgejo:
|
||||||
domain: "paste.{{ base_domain }}"
|
domain: "git.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
volume_folder: "{{ volume_root_folder }}/forgejo"
|
||||||
|
version: "7.0.4"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
codimd:
|
passit:
|
||||||
domain: "oldpad.{{ base_domain }}"
|
domain: "passit.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
|
version: stable
|
||||||
|
postgres_version: 15-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
hedgedoc:
|
matrix:
|
||||||
domain: "pad.{{ base_domain }}"
|
domain: "matrix.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v1.109.0
|
||||||
|
postgres_version: 15-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
netdata:
|
element:
|
||||||
domain: "netdata.{{ base_domain }}"
|
domain: "element.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/element"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v1.11.69
|
||||||
|
|
||||||
docker_registry:
|
privatebin:
|
||||||
domain: "docker.{{ base_domain }}"
|
domain: "paste.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||||
username: "docker"
|
pre_deploy_tasks: true
|
||||||
password: "{{ docker_password }}"
|
version: "20221009"
|
||||||
|
|
||||||
data_coop_website:
|
hedgedoc:
|
||||||
domains:
|
domain: "pad.{{ base_domain }}"
|
||||||
- "{{ base_domain }}"
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
- "www.{{ base_domain }}"
|
pre_deploy_tasks: true
|
||||||
|
version: 1.9.9-alpine
|
||||||
|
postgres_version: 10-alpine
|
||||||
|
|
||||||
cryptohagen_website:
|
data_coop_website:
|
||||||
domains:
|
domain: "{{ base_domain }}"
|
||||||
- "cryptohagen.dk"
|
www_domain: "www.{{ base_domain }}"
|
||||||
- "www.cryptohagen.dk"
|
volume_folder: "{{ volume_website_folder }}/datacoop"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: stable
|
||||||
|
staging_domain: "staging.{{ base_domain }}"
|
||||||
|
staging_version: staging
|
||||||
|
|
||||||
ulovliglogning_website:
|
slides_2022_website:
|
||||||
domains:
|
domain: "2022.slides.{{ base_domain }}"
|
||||||
- "ulovliglogning.dk"
|
volume_folder: "{{ volume_website_folder }}/slides-2022"
|
||||||
- "www.ulovliglogning.dk"
|
version: latest
|
||||||
- "ulovlig-logning.dk"
|
|
||||||
|
|
||||||
cryptoaarhus_website:
|
fedi_dk_website:
|
||||||
domains:
|
domain: fedi.dk
|
||||||
- "cryptoaarhus.dk"
|
volume_folder: "{{ volume_website_folder }}/fedidk"
|
||||||
- "www.cryptoaarhus.dk"
|
version: latest
|
||||||
|
|
||||||
drone:
|
vhs_website:
|
||||||
domain: "drone.{{ base_domain }}"
|
domain: vhs.data.coop
|
||||||
volume_folder: "{{ volume_root_folder }}/drone"
|
volume_folder: "{{ volume_website_folder }}/vhs"
|
||||||
|
version: latest
|
||||||
|
|
||||||
mailu:
|
cryptohagen_website:
|
||||||
version: 1.6
|
domains:
|
||||||
domain: "mail.{{ base_domain }}"
|
- "cryptohagen.dk"
|
||||||
dns: 192.168.203.254
|
- "www.cryptohagen.dk"
|
||||||
subnet: 192.168.203.0/24
|
volume_folder: "{{ volume_website_folder }}/cryptohagen"
|
||||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
|
||||||
|
|
||||||
portainer:
|
ulovliglogning_website:
|
||||||
domain: "portainer.{{ base_domain }}"
|
domains:
|
||||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
- "ulovliglogning.dk"
|
||||||
|
- "www.ulovliglogning.dk"
|
||||||
|
- "ulovlig-logning.dk"
|
||||||
|
- "www.ulovlig-logning.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
|
||||||
|
|
||||||
ttrss:
|
cryptoaarhus_website:
|
||||||
domain: rss.{{ base_domain }}
|
domains:
|
||||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
- "cryptoaarhus.dk"
|
||||||
|
- "www.cryptoaarhus.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
|
||||||
|
|
||||||
keycloak:
|
drone:
|
||||||
domain: sso.{{ base_domain }}
|
domain: "drone.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
volume_folder: "{{ volume_root_folder }}/drone"
|
||||||
|
version: "1"
|
||||||
|
|
||||||
postfix:
|
mailu:
|
||||||
allowed_sender_domains:
|
domain: "mail.{{ base_domain }}"
|
||||||
- "services.{{ base_domain }}"
|
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||||
- "{{ passit.domain }}"
|
pre_deploy_tasks: true
|
||||||
- "{{ fider.domain }}"
|
dns: 192.168.203.254
|
||||||
- "{{ gitea.domain }}"
|
subnet: 192.168.203.0/24
|
||||||
- "{{ mastodon.domain }}"
|
version: "2.0"
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
redis_version: alpine
|
||||||
|
|
||||||
mastodon:
|
mastodon:
|
||||||
domain: "social.{{ base_domain }}"
|
domain: "social.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
post_deploy_tasks: true
|
||||||
|
version: v4.2.9
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
redis_version: 6-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
rallly:
|
||||||
|
domain: "when.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "2"
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
membersystem:
|
||||||
|
domain: "member.{{ base_domain }}"
|
||||||
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/membersystem"
|
||||||
|
version: latest
|
||||||
|
postgres_version: 13-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
writefreely:
|
||||||
|
domain: "write.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/writefreely"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v0.15.0
|
||||||
|
mariadb_version: "11.2"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
watchtower:
|
||||||
|
volume_folder: "{{ volume_root_folder }}/watchtower"
|
||||||
|
version: "1.5.3"
|
||||||
|
|
||||||
|
diun:
|
||||||
|
version: "4.28"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/diun"
|
||||||
|
matrix_user: "@diun:data.coop"
|
||||||
|
matrix_room: "#datacoop-services-update:data.coop"
|
||||||
|
|
||||||
|
### Uptime monitoring ###
|
||||||
|
uptime_kuma:
|
||||||
|
domain: "uptime.{{ base_domain }}"
|
||||||
|
status_domain: "status.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "latest"
|
||||||
|
|
||||||
|
services_exclude: []
|
||||||
|
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
listen 8008;
|
|
||||||
client_max_body_size 50M; # default is 1M
|
|
|
@ -1 +0,0 @@
|
||||||
client_max_body_size 50M; # default is 1M
|
|
|
@ -1,511 +0,0 @@
|
||||||
"use strict";
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
//
|
|
||||||
// Set the server mode.
|
|
||||||
// Public servers does not require authentication.
|
|
||||||
//
|
|
||||||
// Set to 'false' to enable users.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
public: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// IP address or hostname for the web server to listen on.
|
|
||||||
// Setting this to undefined will listen on all interfaces.
|
|
||||||
//
|
|
||||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default undefined
|
|
||||||
//
|
|
||||||
host: undefined,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the port to listen on.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 9000
|
|
||||||
//
|
|
||||||
port: 9000,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
|
||||||
// to let the operating system pick its preferred one.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default undefined
|
|
||||||
//
|
|
||||||
bind: undefined,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Sets whether the server is behind a reverse proxy and should honor the
|
|
||||||
// X-Forwarded-For header or not.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
reverseProxy: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set the default theme.
|
|
||||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "example"
|
|
||||||
//
|
|
||||||
theme: "example",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Prefetch URLs
|
|
||||||
//
|
|
||||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
|
||||||
// URLs posted in channels.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
prefetch: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Store and proxy prefetched images and thumbnails.
|
|
||||||
// This improves security and privacy by not exposing client IP address,
|
|
||||||
// and always loading images from The Lounge instance and making all assets secure,
|
|
||||||
// which in result fixes mixed content warnings.
|
|
||||||
//
|
|
||||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
|
||||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
|
||||||
//
|
|
||||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
|
||||||
// and the folder is cleaned up on every The Lounge restart.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
prefetchStorage: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Prefetch URLs Image Preview size limit
|
|
||||||
//
|
|
||||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
|
||||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 2048
|
|
||||||
//
|
|
||||||
prefetchMaxImageSize: 2048,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Display network
|
|
||||||
//
|
|
||||||
// If set to false network settings will not be shown in the login form.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default true
|
|
||||||
//
|
|
||||||
displayNetwork: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Lock network
|
|
||||||
//
|
|
||||||
// If set to true, users will not be able to modify host, port and tls
|
|
||||||
// settings and will be limited to the configured network.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
lockNetwork: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Hex IP
|
|
||||||
//
|
|
||||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
|
||||||
// This is done to share the real user IP address with the server for host masking purposes.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
useHexIp: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// WEBIRC support
|
|
||||||
//
|
|
||||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
|
||||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
|
||||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
|
||||||
// network you are connecting to.
|
|
||||||
//
|
|
||||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
|
||||||
// Format (function):
|
|
||||||
// {"irc.example.net": function(client, args, trusted) {
|
|
||||||
// // here, we return a webirc object fed directly to `irc-framework`
|
|
||||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
|
||||||
// }}
|
|
||||||
//
|
|
||||||
// @type string | function(client, args):object(webirc)
|
|
||||||
// @default null
|
|
||||||
webirc: null,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Log settings
|
|
||||||
//
|
|
||||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
|
||||||
// the 'logs/<user>/<network>/' folder.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
logs: {
|
|
||||||
//
|
|
||||||
// Timestamp format
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "YYYY-MM-DD HH:mm:ss"
|
|
||||||
//
|
|
||||||
format: "YYYY-MM-DD HH:mm:ss",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Timezone
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "UTC+00:00"
|
|
||||||
//
|
|
||||||
timezone: "UTC+00:00",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Maximum number of history lines per channel
|
|
||||||
//
|
|
||||||
// Defines the maximum number of history lines that will be kept in
|
|
||||||
// memory per channel/query, in order to reduce the memory usage of
|
|
||||||
// the server. Setting this to -1 will keep unlimited amount.
|
|
||||||
//
|
|
||||||
// @type integer
|
|
||||||
// @default 10000
|
|
||||||
maxHistory: 10000,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Default values for the 'Connect' form.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
defaults: {
|
|
||||||
//
|
|
||||||
// Name
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "Freenode"
|
|
||||||
//
|
|
||||||
name: "Freenode",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Host
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "chat.freenode.net"
|
|
||||||
//
|
|
||||||
host: "chat.freenode.net",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Port
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 6697
|
|
||||||
//
|
|
||||||
port: 6697,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Password
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
password: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Enable TLS/SSL
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default true
|
|
||||||
//
|
|
||||||
tls: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Nick
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "lounge-user"
|
|
||||||
//
|
|
||||||
nick: "lounge-user",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Username
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "lounge-user"
|
|
||||||
//
|
|
||||||
username: "lounge-user",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Real Name
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "The Lounge User"
|
|
||||||
//
|
|
||||||
realname: "The Lounge User",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Channels
|
|
||||||
// This is a comma-separated list.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "#thelounge"
|
|
||||||
//
|
|
||||||
join: "#thelounge",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Set socket.io transports
|
|
||||||
//
|
|
||||||
// @type array
|
|
||||||
// @default ["polling", "websocket"]
|
|
||||||
//
|
|
||||||
transports: ["polling", "websocket"],
|
|
||||||
|
|
||||||
//
|
|
||||||
// Run The Lounge using encrypted HTTP/2.
|
|
||||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
https: {
|
|
||||||
//
|
|
||||||
// Enable HTTP/2 / HTTPS support.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the key.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/key.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
key: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the certificate.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/key-cert.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
certificate: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Path to the CA bundle.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @example "sslcert/bundle.pem"
|
|
||||||
// @default ""
|
|
||||||
//
|
|
||||||
ca: "",
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Default quit and part message if none is provided.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "The Lounge - https://thelounge.github.io"
|
|
||||||
//
|
|
||||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Run The Lounge with identd support.
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
identd: {
|
|
||||||
//
|
|
||||||
// Run the identd daemon on server start.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: false,
|
|
||||||
|
|
||||||
//
|
|
||||||
// Port to listen for ident requests.
|
|
||||||
//
|
|
||||||
// @type int
|
|
||||||
// @default 113
|
|
||||||
//
|
|
||||||
port: 113,
|
|
||||||
},
|
|
||||||
|
|
||||||
//
|
|
||||||
// Enable oidentd support using the specified file
|
|
||||||
//
|
|
||||||
// Example: oidentd: "~/.oidentd.conf",
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default null
|
|
||||||
//
|
|
||||||
oidentd: null,
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP authentication settings (only available if public=false)
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
// The authentication process works as follows:
|
|
||||||
//
|
|
||||||
// 1. Lounge connects to the LDAP server with its system credentials
|
|
||||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
|
||||||
// user requesting to log in.
|
|
||||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
|
||||||
// DN and password. Auth is validated iff this connection is successful.
|
|
||||||
//
|
|
||||||
// The search query takes a couple of parameters in `searchDN`:
|
|
||||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
|
||||||
// to be returned;
|
|
||||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
|
||||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
|
||||||
// where <username> is the user name provided in the log in request,
|
|
||||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
|
||||||
// also given in the config, to filter for instance only for nodes of type
|
|
||||||
// inetOrgPerson, or whatever LDAP search allows.
|
|
||||||
//
|
|
||||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
|
||||||
// ignore searchDN options and assume that the user DN is always:
|
|
||||||
// <bindDN>,<primaryKey>=<username>
|
|
||||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
|
||||||
// and <primaryKey> are provided by the config.
|
|
||||||
//
|
|
||||||
ldap: {
|
|
||||||
//
|
|
||||||
// Enable LDAP user authentication
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
enable: true,
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP server URL
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
url: "ldap://{{ ldap.domain }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
|
||||||
//
|
|
||||||
// @type object (see nodejs' tls.connect() options)
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
// Example:
|
|
||||||
// You can use this option in order to force the use of IPv6:
|
|
||||||
// {
|
|
||||||
// host: 'my::ip::v6',
|
|
||||||
// servername: 'example.com'
|
|
||||||
// }
|
|
||||||
tlsOptions: {},
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP base dn, alternative to searchDN
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
// baseDN: "",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP primary key
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "uid"
|
|
||||||
//
|
|
||||||
primaryKey: "uid",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search dn settings. This defines the procedure by which the
|
|
||||||
// lounge first look for user DN before authenticating her.
|
|
||||||
// Ignored if baseDN is specified
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
//
|
|
||||||
searchDN: {
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP searching bind DN
|
|
||||||
// This bind DN is used to query the server for the DN of the user.
|
|
||||||
// This is supposed to be a system user that has access in read only to
|
|
||||||
// the DNs of the people that are allowed to log in.
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
rootDN: "cn=admin,dc=data,dc=coop",
|
|
||||||
|
|
||||||
//
|
|
||||||
// Password of the lounge LDAP system user
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
rootPassword: "{{ ldap_admin_password }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP filter
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "uid"
|
|
||||||
//
|
|
||||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
|
||||||
filter: "(objectClass=inetOrgPerson)",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search base (search only within this node)
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
//
|
|
||||||
base: "{{ ldap_dn }}",
|
|
||||||
|
|
||||||
//
|
|
||||||
// LDAP search scope
|
|
||||||
//
|
|
||||||
// @type string
|
|
||||||
// @default "sub"
|
|
||||||
//
|
|
||||||
scope: "sub",
|
|
||||||
|
|
||||||
},
|
|
||||||
},
|
|
||||||
|
|
||||||
// Extra debugging
|
|
||||||
//
|
|
||||||
// @type object
|
|
||||||
// @default {}
|
|
||||||
//
|
|
||||||
debug: {
|
|
||||||
// Enables extra debugging output provided by irc-framework.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
ircFramework: false,
|
|
||||||
|
|
||||||
// Enables logging raw IRC messages into each server window.
|
|
||||||
//
|
|
||||||
// @type boolean
|
|
||||||
// @default false
|
|
||||||
//
|
|
||||||
raw: false,
|
|
||||||
},
|
|
||||||
};
|
|
20
roles/docker/files/mastodon/postgresql.conf
Normal file
20
roles/docker/files/mastodon/postgresql.conf
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# DB Version: 14
|
||||||
|
# OS Type: linux
|
||||||
|
# DB Type: oltp
|
||||||
|
# Total Memory (RAM): 16 GB
|
||||||
|
# Connections num: 300
|
||||||
|
# Data Storage: hdd
|
||||||
|
|
||||||
|
listen_addresses = '*'
|
||||||
|
max_connections = 300
|
||||||
|
shared_buffers = 4GB
|
||||||
|
effective_cache_size = 12GB
|
||||||
|
maintenance_work_mem = 1GB
|
||||||
|
checkpoint_completion_target = 0.9
|
||||||
|
wal_buffers = 16MB
|
||||||
|
default_statistics_target = 100
|
||||||
|
random_page_cost = 4
|
||||||
|
effective_io_concurrency = 2
|
||||||
|
work_mem = 6990kB
|
||||||
|
min_wal_size = 2GB
|
||||||
|
max_wal_size = 8GB
|
1
roles/docker/files/vhost/element
Normal file
1
roles/docker/files/vhost/element
Normal file
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 1G; # default is 1M
|
2
roles/docker/files/vhost/matrix
Normal file
2
roles/docker/files/vhost/matrix
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
listen 8008;
|
||||||
|
client_max_body_size 1G; # default is 1M
|
1
roles/docker/files/vhost/nextcloud
Normal file
1
roles/docker/files/vhost/nextcloud
Normal file
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 1G; # default is 1M
|
4
roles/docker/files/vhost/uptime_kuma
Normal file
4
roles/docker/files/vhost/uptime_kuma
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
2
roles/docker/files/vhost/www.base_domain
Normal file
2
roles/docker/files/vhost/www.base_domain
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
server_name www.data.coop;
|
||||||
|
return 301 $scheme://data.coop$request_uri;
|
6
roles/docker/handlers/main.yml
Normal file
6
roles/docker/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: restart nginx
|
||||||
|
command: docker compose restart proxy
|
||||||
|
args:
|
||||||
|
chdir: "{{ services.nginx_proxy.volume_folder }}"
|
26
roles/docker/tasks/block.yml
Normal file
26
roles/docker/tasks/block.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create volume folder for service {{ service.name }}
|
||||||
|
file:
|
||||||
|
name: "{{ service.vars.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload Compose file for service {{ service.name }}
|
||||||
|
template:
|
||||||
|
src: compose-files/{{ service.name }}.yml.j2
|
||||||
|
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||||
|
owner: root
|
||||||
|
mode: u=rw,go=
|
||||||
|
|
||||||
|
- name: Run pre-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: pre_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||||
|
|
||||||
|
- name: Deploy Compose stack for service {{ service.name }}
|
||||||
|
command: docker compose up -d --remove-orphans --pull always
|
||||||
|
args:
|
||||||
|
chdir: "{{ service.vars.volume_folder }}"
|
||||||
|
|
||||||
|
- name: Run post-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: post_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
@ -1,33 +1,44 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: add docker gpg key
|
- name: Add Docker PGP key
|
||||||
apt_key:
|
apt_key:
|
||||||
keyserver: pgp.mit.edu
|
keyserver: pgp.mit.edu
|
||||||
id: 8D81803C0EBFCD88
|
id: 8D81803C0EBFCD88
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: add docker apt repository
|
- name: Add Docker apt repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: install docker-ce
|
- name: Install Docker
|
||||||
apt:
|
apt:
|
||||||
name: docker-ce
|
name: "{{ pkgs }}"
|
||||||
|
state: present
|
||||||
|
vars:
|
||||||
|
pkgs:
|
||||||
|
- docker-ce
|
||||||
|
- docker-compose-plugin
|
||||||
|
|
||||||
|
- name: Configure cron job to prune unused Docker data weekly
|
||||||
|
cron:
|
||||||
|
name: Prune unused Docker data
|
||||||
|
cron_file: ansible_docker_prune
|
||||||
|
job: 'docker system prune -fa && docker volume prune -fa'
|
||||||
|
special_time: weekly
|
||||||
|
user: root
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: install docker python bindings
|
- name: Create folder structure for bind mounts
|
||||||
pip:
|
|
||||||
executable: "pip3"
|
|
||||||
name: "docker-compose"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: create folder structure for bind mounts
|
|
||||||
file:
|
file:
|
||||||
name: "{{ volume_root_folder }}"
|
name: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ volume_root_folder }}"
|
||||||
|
- "{{ volume_website_folder }}"
|
||||||
|
|
||||||
- name: setup services
|
- name: Set up services
|
||||||
import_tasks: services.yml
|
import_tasks: services.yml
|
||||||
tags:
|
tags:
|
||||||
- setup_services
|
- setup_services
|
||||||
|
|
13
roles/docker/tasks/post_deploy/docker_registry.yml
Normal file
13
roles/docker/tasks/post_deploy/docker_registry.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Generate htpasswd file
|
||||||
|
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
||||||
|
args:
|
||||||
|
chdir: "{{ services.docker_registry.volume_folder }}"
|
||||||
|
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
|
||||||
|
- name: log in to registry
|
||||||
|
docker_login:
|
||||||
|
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||||
|
username: docker
|
||||||
|
password: "{{ docker_password }}"
|
19
roles/docker/tasks/post_deploy/mastodon.yml
Normal file
19
roles/docker/tasks/post_deploy/mastodon.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Configure cron job to remove old Mastodon media daily
|
||||||
|
cron:
|
||||||
|
name: Clean Mastodon media data older than a week
|
||||||
|
cron_file: ansible_mastodon_clean_media
|
||||||
|
job: docker exec mastodon-web-1 tootctl media remove --days 7
|
||||||
|
special_time: daily
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure cron job to remove old Mastodon preview cards daily
|
||||||
|
cron:
|
||||||
|
name: Clean Mastodon preview card data older than two weeks
|
||||||
|
cron_file: ansible_mastodon_clean_preview_cards
|
||||||
|
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
|
||||||
|
special_time: daily
|
||||||
|
user: root
|
||||||
|
state: present
|
11
roles/docker/tasks/pre_deploy/data_coop_website.yml
Normal file
11
roles/docker/tasks/pre_deploy/data_coop_website.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Upload vhost config for root domain
|
||||||
|
copy:
|
||||||
|
src: vhost/base_domain
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
|
||||||
|
|
||||||
|
- name: Upload vhost config for WWW domain
|
||||||
|
copy:
|
||||||
|
src: vhost/www.base_domain
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"
|
17
roles/docker/tasks/pre_deploy/docker_registry.yml
Normal file
17
roles/docker/tasks/pre_deploy/docker_registry.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- auth
|
||||||
|
- registry
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy docker registry vhost configuration
|
||||||
|
copy:
|
||||||
|
src: vhost/docker_registry
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
||||||
|
mode: "0644"
|
21
roles/docker/tasks/pre_deploy/element.yml
Normal file
21
roles/docker/tasks/pre_deploy/element.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.element.volume_folder }}/data"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload config.json
|
||||||
|
template:
|
||||||
|
src: element/config.json.j2
|
||||||
|
dest: "{{ services.element.volume_folder }}/data/config.json"
|
||||||
|
|
||||||
|
- name: Upload riot.im.conf
|
||||||
|
copy:
|
||||||
|
src: element/riot.im.conf
|
||||||
|
dest: "{{ services.element.volume_folder }}/data/riot.im.conf"
|
||||||
|
|
||||||
|
- name: Upload vhost config for Element domain
|
||||||
|
copy:
|
||||||
|
src: vhost/element
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}"
|
17
roles/docker/tasks/pre_deploy/hedgedoc.yml
Normal file
17
roles/docker/tasks/pre_deploy/hedgedoc.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- db
|
||||||
|
- hedgedoc/uploads
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy SSO certificate
|
||||||
|
copy:
|
||||||
|
src: sso/sso.data.coop.pem
|
||||||
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
|
mode: "0644"
|
45
roles/docker/tasks/pre_deploy/mailu.yml
Normal file
45
roles/docker/tasks/pre_deploy/mailu.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- redis
|
||||||
|
- certs
|
||||||
|
- data
|
||||||
|
- dkim
|
||||||
|
- mail
|
||||||
|
- mailqueue
|
||||||
|
- filter
|
||||||
|
- postgres
|
||||||
|
- webmail
|
||||||
|
- overrides
|
||||||
|
- overrides/nginx
|
||||||
|
- overrides/dovecot
|
||||||
|
- overrides/postfix
|
||||||
|
- overrides/rspamd
|
||||||
|
- overrides/snappymail
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload mailu.env file
|
||||||
|
template:
|
||||||
|
src: mailu/env.j2
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/mailu.env"
|
||||||
|
|
||||||
|
- name: Hard link to Let's Encrypt TLS certificate
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
|
state: hard
|
||||||
|
force: true
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
|
- name: Hard link to Let's Encrypt TLS key
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
|
state: hard
|
||||||
|
force: true
|
||||||
|
when: letsencrypt_enabled
|
45
roles/docker/tasks/pre_deploy/mastodon.yml
Normal file
45
roles/docker/tasks/pre_deploy/mastodon.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder for Mastodon data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Create subfolder for PostgreSQL data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/postgres_data"
|
||||||
|
state: directory
|
||||||
|
owner: "70"
|
||||||
|
mode: u=rwx,go=
|
||||||
|
|
||||||
|
- name: Create subfolder for PostgreSQL config
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/postgres_config"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Create subfolder for Redis data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/redis_data"
|
||||||
|
state: directory
|
||||||
|
owner: "999"
|
||||||
|
group: "1000"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Upload mastodon.env file
|
||||||
|
template:
|
||||||
|
src: mastodon/env.j2
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
|
||||||
|
|
||||||
|
- name: Upload vhost config for Mastodon domain
|
||||||
|
copy:
|
||||||
|
src: vhost/mastodon
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||||
|
|
||||||
|
- name: Upload PostgreSQL config
|
||||||
|
copy:
|
||||||
|
src: mastodon/postgresql.conf
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
34
roles/docker/tasks/pre_deploy/matrix.yml
Normal file
34
roles/docker/tasks/pre_deploy/matrix.yml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
group: "991"
|
||||||
|
loop:
|
||||||
|
- data
|
||||||
|
- data/uploads
|
||||||
|
- data/media
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Create Matrix DB subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/db"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload vhost config for Matrix domain
|
||||||
|
copy:
|
||||||
|
src: vhost/matrix
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||||
|
|
||||||
|
- name: Upload homeserver.yaml
|
||||||
|
template:
|
||||||
|
src: matrix/homeserver.yaml.j2
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||||
|
|
||||||
|
- name: Upload Matrix logging config
|
||||||
|
copy:
|
||||||
|
src: matrix/log.config
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
17
roles/docker/tasks/pre_deploy/nextcloud.yml
Normal file
17
roles/docker/tasks/pre_deploy/nextcloud.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- app
|
||||||
|
- postgres
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload vhost config for Nextcloud domain
|
||||||
|
copy:
|
||||||
|
src: vhost/nextcloud
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||||
|
notify: "restart nginx"
|
14
roles/docker/tasks/pre_deploy/nginx_proxy.yml
Normal file
14
roles/docker/tasks/pre_deploy/nginx_proxy.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- conf
|
||||||
|
- vhost
|
||||||
|
- html
|
||||||
|
- dhparam
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
12
roles/docker/tasks/pre_deploy/openldap.yml
Normal file
12
roles/docker/tasks/pre_deploy/openldap.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- var/lib/ldap
|
||||||
|
- etc/slapd
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
13
roles/docker/tasks/pre_deploy/postfix.yml
Normal file
13
roles/docker/tasks/pre_deploy/postfix.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Set up network for Postfix
|
||||||
|
docker_network:
|
||||||
|
name: postfix
|
||||||
|
ipam_config:
|
||||||
|
- subnet: '172.16.0.0/16'
|
||||||
|
gateway: 172.16.0.1
|
||||||
|
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||||
|
state: directory
|
16
roles/docker/tasks/pre_deploy/privatebin.yml
Normal file
16
roles/docker/tasks/pre_deploy/privatebin.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- cfg
|
||||||
|
- data
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload PrivateBin config
|
||||||
|
copy:
|
||||||
|
src: privatebin/conf.php
|
||||||
|
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
11
roles/docker/tasks/pre_deploy/rallly.yml
Normal file
11
roles/docker/tasks/pre_deploy/rallly.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy rallly.env file
|
||||||
|
template:
|
||||||
|
src: rallly/env.j2
|
||||||
|
dest: "{{ services.rallly.volume_folder }}/rallly.env"
|
72
roles/docker/tasks/pre_deploy/restic.yml
Normal file
72
roles/docker/tasks/pre_deploy/restic.yml
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create SSH directory
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload private SSH key
|
||||||
|
copy:
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
content: "{{ restic_secrets.ssh_privkey }}"
|
||||||
|
|
||||||
|
- name: Derive public SSH key
|
||||||
|
shell: >-
|
||||||
|
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
||||||
|
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
||||||
|
args:
|
||||||
|
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
|
||||||
|
- name: Set file permissions on public SSH key
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: Upload SSH config
|
||||||
|
template:
|
||||||
|
src: restic/ssh.config.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Upload SSH known_hosts file
|
||||||
|
template:
|
||||||
|
src: restic/ssh.known_hosts.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Create scripts directory
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/scripts"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload failure.sh script
|
||||||
|
template:
|
||||||
|
src: restic/failure.sh.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/scripts/failure.sh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Upload success.sh script
|
||||||
|
template:
|
||||||
|
src: restic/success.sh.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/scripts/success.sh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
9
roles/docker/tasks/pre_deploy/uptime_kuma.yml
Normal file
9
roles/docker/tasks/pre_deploy/uptime_kuma.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
- name: Upload vhost config for uptime domain
|
||||||
|
copy:
|
||||||
|
src: vhost/uptime_kuma
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.domain }}_location"
|
||||||
|
|
||||||
|
- name: Upload vhost config for status domain
|
||||||
|
copy:
|
||||||
|
src: vhost/uptime_kuma
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.status_domain }}_location"
|
20
roles/docker/tasks/pre_deploy/writefreely.yml
Normal file
20
roles/docker/tasks/pre_deploy/writefreely.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder for MariaDB data
|
||||||
|
file:
|
||||||
|
name: "{{ services.writefreely.volume_folder }}/db"
|
||||||
|
owner: "999"
|
||||||
|
group: "999"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Create subfolder for encryption keys
|
||||||
|
file:
|
||||||
|
name: "{{ services.writefreely.volume_folder }}/keys"
|
||||||
|
owner: "2"
|
||||||
|
group: "2"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload config.ini
|
||||||
|
template:
|
||||||
|
src: "writefreely/config.ini.j2"
|
||||||
|
dest: "{{ services.writefreely.volume_folder }}/config.ini"
|
|
@ -1,8 +1,28 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup external services network
|
- name: Set up external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup services
|
- name: Deploy all services
|
||||||
include_tasks: "services/{{ item }}.yml"
|
include_tasks:
|
||||||
with_items: "{{ services }}"
|
file: block.yml
|
||||||
|
vars:
|
||||||
|
service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
vars: "{{ services[item] }}"
|
||||||
|
loop: "{{ services_include }}"
|
||||||
|
when: single_service is not defined and
|
||||||
|
(item.vars.disabled_in_vagrant is not defined or
|
||||||
|
not (item.vars.disabled_in_vagrant and vagrant))
|
||||||
|
|
||||||
|
- name: Deploy single service
|
||||||
|
include_tasks:
|
||||||
|
file: block.yml
|
||||||
|
vars:
|
||||||
|
service:
|
||||||
|
name: "{{ single_service }}"
|
||||||
|
vars: "{{ services[single_service] }}"
|
||||||
|
when: single_service is defined and single_service in services and
|
||||||
|
(services[single_service].disabled_in_vagrant is not defined or
|
||||||
|
not (services[single_service].disabled_in_vagrant and vagrant))
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: codimd network
|
|
||||||
docker_network:
|
|
||||||
name: codimd
|
|
||||||
|
|
||||||
- name: create codimd volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ codimd.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "db"
|
|
||||||
- "codimd/uploads"
|
|
||||||
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: codimd database container
|
|
||||||
docker_container:
|
|
||||||
name: codimd_db
|
|
||||||
image: postgres:10
|
|
||||||
state: started
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: codimd
|
|
||||||
volumes:
|
|
||||||
- "{{ codimd.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
env:
|
|
||||||
POSTGRES_USER: "codimd"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.codimd }}"
|
|
||||||
|
|
||||||
- name: codimd app container
|
|
||||||
docker_container:
|
|
||||||
name: codimd_app
|
|
||||||
image: hackmdio/hackmd:1.3.0
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: codimd
|
|
||||||
- name: ldap
|
|
||||||
- name: external_services
|
|
||||||
volumes:
|
|
||||||
- "{{ codimd.volume_folder }}/codimd/uploads:/codimd/public/uploads"
|
|
||||||
|
|
||||||
env:
|
|
||||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.codimd }}@codimd_db:5432/codimd"
|
|
||||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
||||||
CMD_EMAIL: "False"
|
|
||||||
CMD_LDAP_URL: "ldap://openldap"
|
|
||||||
CMD_LDAP_BINDDN: "cn=admin,dc=data,dc=coop"
|
|
||||||
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
|
|
||||||
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
|
|
||||||
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
|
|
||||||
CMD_USECDN: "false"
|
|
||||||
VIRTUAL_HOST: "{{ codimd.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ codimd.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -1,35 +0,0 @@
|
||||||
---
|
|
||||||
- name: copy docker registry nginx configuration
|
|
||||||
copy:
|
|
||||||
src: "files/configs/docker_registry/nginx.conf"
|
|
||||||
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: docker registry container
|
|
||||||
docker_container:
|
|
||||||
name: registry
|
|
||||||
image: registry:2
|
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
|
|
||||||
- "{{ docker_registry.volume_folder }}/auth:/auth"
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
REGISTRY_AUTH: "htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
|
||||||
|
|
||||||
- name: generate htpasswd file
|
|
||||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
|
|
||||||
args:
|
|
||||||
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
|
|
||||||
|
|
||||||
- name: log in to local registry
|
|
||||||
docker_login:
|
|
||||||
registry: "{{ docker_registry.domain }}"
|
|
||||||
username: "docker"
|
|
||||||
password: "{{ docker_password }}"
|
|
|
@ -1,51 +0,0 @@
|
||||||
---
|
|
||||||
- name: set up drone with docker runner
|
|
||||||
docker_compose:
|
|
||||||
project_name: drone
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
drone:
|
|
||||||
container_name: "drone"
|
|
||||||
image: drone/drone:1
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- drone
|
|
||||||
volumes:
|
|
||||||
- "{{ drone.volume_folder }}:/data"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
|
||||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
|
||||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
|
||||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
|
||||||
DRONE_SERVER_PROTO: "https"
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
|
||||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
drone-runner-docker:
|
|
||||||
container_name: "drone-runner-docker"
|
|
||||||
image: "drone/drone-runner-docker:1"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- drone
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
|
||||||
DRONE_RPC_PROTO: "https"
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
DRONE_RUNNER_CAPACITY: 2
|
|
||||||
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
drone:
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: fider network
|
|
||||||
docker_network:
|
|
||||||
name: fider
|
|
||||||
|
|
||||||
- name: fider database volume
|
|
||||||
docker_volume:
|
|
||||||
name: fider_db
|
|
||||||
|
|
||||||
- name: fider database container
|
|
||||||
docker_container:
|
|
||||||
name: fider_db
|
|
||||||
image: postgres:10
|
|
||||||
state: started
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: fider
|
|
||||||
volumes:
|
|
||||||
- fider_db:/var/lib/postgresql/data
|
|
||||||
env:
|
|
||||||
POSTGRES_USER: "fider"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.fider }}"
|
|
||||||
|
|
||||||
- name: fider app container
|
|
||||||
docker_container:
|
|
||||||
name: fider
|
|
||||||
image: getfider/fider:stable
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: fider
|
|
||||||
- name: external_services
|
|
||||||
- name: postfix
|
|
||||||
env:
|
|
||||||
GO_ENV: "production"
|
|
||||||
DATABASE_URL: "postgres://fider:{{ postgres_passwords.fider }}@fider_db:5432/fider?sslmode=disable"
|
|
||||||
JWT_SECRET: "{{ fider_jwt_secret }}"
|
|
||||||
|
|
||||||
EMAIL_NOREPLY: noreply@{{ fider.domain }}
|
|
||||||
EMAIL_SMTP_HOST: "{{ smtp_host }}"
|
|
||||||
EMAIL_SMTP_PORT: "{{ smtp_port }}"
|
|
||||||
EMAIL_SMTP_USERNAME: "noop"
|
|
||||||
EMAIL_SMTP_PASSWORD: "noop"
|
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ fider.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ fider.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email}}"
|
|
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
- name: gitea network
|
|
||||||
docker_network:
|
|
||||||
name: gitea
|
|
||||||
|
|
||||||
# old DNS: 138.68.71.153
|
|
||||||
- name: gitea container
|
|
||||||
docker_container:
|
|
||||||
name: gitea
|
|
||||||
image: gitea/gitea:1.15.7
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: gitea
|
|
||||||
- name: postfix
|
|
||||||
- name: external_services
|
|
||||||
volumes:
|
|
||||||
- "{{ gitea.volume_folder }}:/data"
|
|
||||||
published_ports:
|
|
||||||
- "22:22"
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
|
||||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
|
||||||
GITEA__mailer__ENABLED: "true"
|
|
||||||
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
|
|
||||||
GITEA__mailer__MAILER_TYPE: "smtp"
|
|
||||||
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
|
||||||
GITEA__mailer__USER: "noop"
|
|
||||||
GITEA__mailer__PASSWD: "noop"
|
|
||||||
GITEA__security__LOGIN_REMEMBER_DAYS: "60"
|
|
||||||
GITEA__security__PASSWORD_COMPLEXITY: "off"
|
|
||||||
GITEA__security__MIN_PASSWORD_LENGTH: "8"
|
|
||||||
GITEA__security__PASSWORD_CHECK_PWN: "true"
|
|
||||||
GITEA__service__ENABLE_NOTIFY_MAIL: "true"
|
|
|
@ -1,66 +0,0 @@
|
||||||
---
|
|
||||||
- name: create hedgedoc volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "db"
|
|
||||||
- "hedgedoc/uploads"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: copy sso public certificate
|
|
||||||
copy:
|
|
||||||
src: "files/sso/sso.data.coop.pem"
|
|
||||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: setup hedgedoc
|
|
||||||
docker_compose:
|
|
||||||
project_name: "hedgedoc"
|
|
||||||
pull: "yes"
|
|
||||||
definition:
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
image: "postgres:10-alpine"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "codimd"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
|
||||||
POSTGRES_DB: "codimd"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "hedgedoc"
|
|
||||||
volumes:
|
|
||||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: quay.io/hedgedoc/hedgedoc:1.9.0
|
|
||||||
environment:
|
|
||||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
|
||||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
|
||||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
||||||
CMD_EMAIL: "False"
|
|
||||||
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
|
||||||
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
|
||||||
CMD_SAML_ISSUER: "hedgedoc"
|
|
||||||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
||||||
CMD_USECDN: "false"
|
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
|
||||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
|
||||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "hedgedoc"
|
|
||||||
- "external_services"
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
||||||
networks:
|
|
||||||
hedgedoc:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,45 +0,0 @@
|
||||||
- name: setup keycloak containers for sso.data.coop
|
|
||||||
docker_compose:
|
|
||||||
project_name: "keycloak"
|
|
||||||
pull: "yes"
|
|
||||||
definition:
|
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
|
|
||||||
postgres:
|
|
||||||
image: "postgres:10"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "keycloak"
|
|
||||||
volumes:
|
|
||||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "keycloak"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
|
||||||
POSTGRES_DB: "keycloak"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: "quay.io/keycloak/keycloak:15.0.2"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "keycloak"
|
|
||||||
- "postfix"
|
|
||||||
- "external_services"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
DB_USER: "keycloak"
|
|
||||||
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
|
||||||
DB_ADDR: "keycloak_postgres_1"
|
|
||||||
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
|
|
||||||
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
|
|
||||||
PROXY_ADDRESS_FORWARDING: "true"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
keycloak:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,161 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: create mailu volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ mailu.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- redis
|
|
||||||
- certs
|
|
||||||
- overrides
|
|
||||||
- data
|
|
||||||
- dkim
|
|
||||||
- mail
|
|
||||||
- filter
|
|
||||||
- dav
|
|
||||||
- webmail
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: upload mailu.env file
|
|
||||||
template:
|
|
||||||
src: mailu.env.j2
|
|
||||||
dest: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
|
|
||||||
- name: hard link to Let's Encrypt TLS certificate
|
|
||||||
file:
|
|
||||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
|
|
||||||
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
|
|
||||||
state: hard
|
|
||||||
force: yes
|
|
||||||
|
|
||||||
|
|
||||||
- name: hard link to Let's Encrypt TLS key
|
|
||||||
file:
|
|
||||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
|
|
||||||
dest: "{{ mailu.volume_folder }}/certs/key.pem"
|
|
||||||
state: hard
|
|
||||||
force: yes
|
|
||||||
|
|
||||||
- name: run mail server containers
|
|
||||||
docker_compose:
|
|
||||||
project_name: mail_server
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: '3.6'
|
|
||||||
services:
|
|
||||||
redis:
|
|
||||||
image: redis:alpine
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/redis:/data"
|
|
||||||
|
|
||||||
database:
|
|
||||||
image: mailu/postgresql:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/data/psql_db:/data"
|
|
||||||
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
front:
|
|
||||||
image: mailu/nginx:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ mailu.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ mailu.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/certs:/certs"
|
|
||||||
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
|
|
||||||
expose:
|
|
||||||
- "80"
|
|
||||||
ports:
|
|
||||||
- "993:993"
|
|
||||||
- "25:25"
|
|
||||||
- "587:587"
|
|
||||||
- "465:465"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
image: mailu/unbound:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: "{{ mailu.dns }}"
|
|
||||||
|
|
||||||
admin:
|
|
||||||
image: mailu/admin:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/data:/data"
|
|
||||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
|
||||||
depends_on:
|
|
||||||
- redis
|
|
||||||
|
|
||||||
imap:
|
|
||||||
image: mailu/dovecot:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/mail:/mail"
|
|
||||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
|
|
||||||
smtp:
|
|
||||||
image: mailu/postfix:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ mailu.dns }}"
|
|
||||||
|
|
||||||
antispam:
|
|
||||||
image: mailu/rspamd:{{ mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
|
|
||||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
|
||||||
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ mailu.dns }}"
|
|
||||||
|
|
||||||
webmail:
|
|
||||||
image: mailu/rainloop:1.6
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ mailu.volume_folder }}/webmail:/data"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ mailu.dns }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
driver: bridge
|
|
||||||
ipam:
|
|
||||||
driver: default
|
|
||||||
config:
|
|
||||||
- subnet: "{{ mailu.subnet }}"
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
|
@ -1,118 +0,0 @@
|
||||||
- name: create mastodon volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ mastodon.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
owner: "991"
|
|
||||||
group: "991"
|
|
||||||
loop:
|
|
||||||
- "postgres_data"
|
|
||||||
- "redis_data"
|
|
||||||
- "mastodon_data"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Copy mastodon environment file
|
|
||||||
template:
|
|
||||||
src: files/configs/mastodon/env_file.j2
|
|
||||||
dest: "{{ mastodon.volume_folder }}/env_file"
|
|
||||||
|
|
||||||
- name: upload vhost config for root domain
|
|
||||||
template:
|
|
||||||
src: files/configs/mastodon/vhost-mastodon
|
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
|
|
||||||
|
|
||||||
- name: set up mastodon
|
|
||||||
docker_compose:
|
|
||||||
project_name: mastodon
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: postgres:14-alpine
|
|
||||||
shm_size: 256mb
|
|
||||||
networks:
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
|
||||||
volumes:
|
|
||||||
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
|
||||||
|
|
||||||
redis:
|
|
||||||
restart: always
|
|
||||||
image: redis:6-alpine
|
|
||||||
networks:
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'redis-cli', 'ping']
|
|
||||||
volumes:
|
|
||||||
- "{{ mastodon.volume_folder }}/redis_data:/data"
|
|
||||||
|
|
||||||
web:
|
|
||||||
image: tootsuite/mastodon
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
# prettier-ignore
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
|
||||||
ports:
|
|
||||||
- '127.0.0.1:3000:3000'
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
- redis
|
|
||||||
volumes:
|
|
||||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
streaming:
|
|
||||||
image: tootsuite/mastodon
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
|
||||||
command: node ./streaming
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
# prettier-ignore
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
|
||||||
ports:
|
|
||||||
- '127.0.0.1:4000:4000'
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
- redis
|
|
||||||
|
|
||||||
sidekiq:
|
|
||||||
image: tootsuite/mastodon
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
|
||||||
command: bundle exec sidekiq
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
- redis
|
|
||||||
networks:
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
volumes:
|
|
||||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
internal_network:
|
|
||||||
internal: true
|
|
|
@ -1,125 +0,0 @@
|
||||||
---
|
|
||||||
- name: create matrix volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
owner: "991"
|
|
||||||
group: "991"
|
|
||||||
loop:
|
|
||||||
- "data"
|
|
||||||
- "data/uploads"
|
|
||||||
- "data/media"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: create matrix DB folder
|
|
||||||
file:
|
|
||||||
name: "{{ matrix.volume_folder }}/db"
|
|
||||||
state: "directory"
|
|
||||||
|
|
||||||
- name: create riot volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ riot.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "data"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: upload riot config.json
|
|
||||||
template:
|
|
||||||
src: files/configs/riot/config.json
|
|
||||||
dest: "{{ riot.volume_folder }}/data/config.json"
|
|
||||||
|
|
||||||
- name: upload riot.im.conf
|
|
||||||
template:
|
|
||||||
src: files/configs/riot/riot.im.conf
|
|
||||||
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
|
||||||
|
|
||||||
- name: upload vhost config for root domain
|
|
||||||
template:
|
|
||||||
src: files/configs/matrix/vhost-root
|
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
|
||||||
|
|
||||||
- name: upload vhost config for matrix domain
|
|
||||||
template:
|
|
||||||
src: files/configs/matrix/vhost-matrix
|
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
|
||||||
|
|
||||||
- name: upload vhost config for riot domain
|
|
||||||
template:
|
|
||||||
src: files/configs/matrix/vhost-riot
|
|
||||||
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
|
|
||||||
|
|
||||||
- name: upload homeserver.yaml
|
|
||||||
template:
|
|
||||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
|
||||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
|
||||||
|
|
||||||
- name: upload matrix logging config
|
|
||||||
template:
|
|
||||||
src: "files/configs/matrix/matrix.data.coop.log.config"
|
|
||||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
|
||||||
|
|
||||||
- name: set up matrix and riot
|
|
||||||
docker_compose:
|
|
||||||
project_name: matrix
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
matrix_db:
|
|
||||||
container_name: matrix_db
|
|
||||||
image: postgres:10
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
volumes:
|
|
||||||
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "synapse"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
|
||||||
|
|
||||||
matrix_app:
|
|
||||||
container_name: matrix
|
|
||||||
image: matrixdotorg/synapse:v1.47.1
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
- external_services
|
|
||||||
ports:
|
|
||||||
- 8008
|
|
||||||
volumes:
|
|
||||||
- "{{ matrix.volume_folder }}/data:/data"
|
|
||||||
environment:
|
|
||||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
|
||||||
SYNAPSE_CACHE_FACTOR: "2"
|
|
||||||
SYNAPSE_LOG_LEVEL: "INFO"
|
|
||||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
|
||||||
VIRTUAL_PORT: "8008"
|
|
||||||
LETSENCRYPT_HOST: "{{ matrix.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
riot:
|
|
||||||
container_name: riot_app
|
|
||||||
image: avhost/docker-matrix-riot:v1.9.0
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
- external_services
|
|
||||||
ports:
|
|
||||||
- 8080
|
|
||||||
volumes:
|
|
||||||
- "{{ riot.volume_folder }}/data:/data"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
||||||
matrix:
|
|
||||||
name: "matrix"
|
|
|
@ -1,27 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: setup netdata docker container for system monitoring
|
|
||||||
docker_container:
|
|
||||||
name: netdata
|
|
||||||
image: netdata/netdata
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
hostname: "hevonen.servers.{{ base_domain }}"
|
|
||||||
capabilities:
|
|
||||||
- SYS_PTRACE
|
|
||||||
security_opts:
|
|
||||||
- apparmor:unconfined
|
|
||||||
volumes:
|
|
||||||
- /proc:/host/proc:ro
|
|
||||||
- /sys:/host/sys:ro
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
PGID: "999"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
||||||
|
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
- name: setup nextcloud containers
|
|
||||||
docker_compose:
|
|
||||||
project_name: "nextcloud"
|
|
||||||
pull: "yes"
|
|
||||||
definition:
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: "postgres:10"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
volumes:
|
|
||||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_DB: "nextcloud"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
POSTGRES_USER: "nextcloud"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: "nextcloud:22-apache"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
- "external_services"
|
|
||||||
volumes:
|
|
||||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
POSTGRES_HOST: "nextcloud_postgres_1"
|
|
||||||
POSTGRES_DB: "nextcloud"
|
|
||||||
POSTGRES_USER: "nextcloud"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
nextcloud:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: create nginx-proxy volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ nginx.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- conf
|
|
||||||
- vhost
|
|
||||||
- html
|
|
||||||
- dhparam
|
|
||||||
- certs
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: nginx proxy container
|
|
||||||
docker_container:
|
|
||||||
name: nginx-proxy
|
|
||||||
image: jwilder/nginx-proxy
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
published_ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
|
|
||||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
|
||||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
|
|
||||||
- name: nginx letsencrypt container
|
|
||||||
docker_container:
|
|
||||||
name: nginx-proxy-le
|
|
||||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
|
||||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
env:
|
|
||||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
|
||||||
|
|
|
@ -1,71 +0,0 @@
|
||||||
---
|
|
||||||
- name: create ldap volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "var/lib/ldap"
|
|
||||||
- "etc/slapd"
|
|
||||||
- "certs"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Create a network for ldap
|
|
||||||
docker_network:
|
|
||||||
name: ldap
|
|
||||||
|
|
||||||
- name: openLDAP container
|
|
||||||
docker_container:
|
|
||||||
name: openldap
|
|
||||||
image: osixia/openldap:1.5.0
|
|
||||||
tty: true
|
|
||||||
interactive: true
|
|
||||||
volumes:
|
|
||||||
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
|
||||||
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
|
||||||
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
|
||||||
published_ports:
|
|
||||||
- "389:389"
|
|
||||||
- "636:636"
|
|
||||||
hostname: "{{ ldap.domain }}"
|
|
||||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
|
||||||
networks:
|
|
||||||
- name: ldap
|
|
||||||
env:
|
|
||||||
LDAP_LOG_LEVEL: "256"
|
|
||||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
|
||||||
LDAP_DOMAIN: "{{ base_domain }}"
|
|
||||||
LDAP_BASE_DN: ""
|
|
||||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
|
||||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
|
||||||
LDAP_READONLY_USER: "false"
|
|
||||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
|
||||||
LDAP_BACKEND: "mdb"
|
|
||||||
LDAP_TLS: "true"
|
|
||||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
|
||||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
|
||||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
|
||||||
LDAP_TLS_ENFORCE: "false"
|
|
||||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
|
||||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
|
||||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
|
||||||
LDAP_REPLICATION: "false"
|
|
||||||
KEEP_EXISTING_CONFIG: "false"
|
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
|
||||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
|
||||||
|
|
||||||
- name: phpLDAPadmin container
|
|
||||||
docker_container:
|
|
||||||
name: phpldapadmin
|
|
||||||
image: osixia/phpldapadmin:0.9.0
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
- name: ldap
|
|
||||||
env:
|
|
||||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
|
||||||
PHPLDAPADMIN_HTTPS: "false"
|
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -1,18 +0,0 @@
|
||||||
---
|
|
||||||
- name: ouroboros container
|
|
||||||
docker_container:
|
|
||||||
name: ouroboros
|
|
||||||
image: pyouroboros/ouroboros
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- /root/.docker/config.json:/root/.docker/config.json
|
|
||||||
env:
|
|
||||||
LABEL_ENABLE: "true"
|
|
||||||
LABELS_ONLY: "true"
|
|
||||||
CLEANUP: "true"
|
|
||||||
LATEST: "true"
|
|
||||||
CRON: "*/10 * * * *"
|
|
||||||
|
|
|
@ -1,47 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: setup passit containers
|
|
||||||
docker_compose:
|
|
||||||
project_name: "passit"
|
|
||||||
pull: "yes"
|
|
||||||
definition:
|
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
|
|
||||||
passit_db:
|
|
||||||
image: "postgres:10"
|
|
||||||
restart: "always"
|
|
||||||
networks:
|
|
||||||
- "passit"
|
|
||||||
volumes:
|
|
||||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "passit"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
|
||||||
|
|
||||||
passit_app:
|
|
||||||
image: "passit/passit:stable"
|
|
||||||
command: "bin/start.sh"
|
|
||||||
restart: "always"
|
|
||||||
networks:
|
|
||||||
- "passit"
|
|
||||||
- "postfix"
|
|
||||||
- "external_services"
|
|
||||||
environment:
|
|
||||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
|
||||||
SECRET_KEY: "{{ passit_secret_key }}"
|
|
||||||
IS_DEBUG: 'False'
|
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
|
||||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
passit:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,24 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: create portainer volume folder
|
|
||||||
file:
|
|
||||||
name: "{{ portainer.volume_folder }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: run portainer
|
|
||||||
docker_container:
|
|
||||||
name: portainer
|
|
||||||
image: portainer/portainer-ce:2.9.1
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- "{{ portainer.volume_folder }}:/data"
|
|
||||||
published_ports:
|
|
||||||
- 9001:9000
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
|
||||||
VIRTUAL_PORT: "9000"
|
|
||||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: setup network for postfix
|
|
||||||
docker_network:
|
|
||||||
name: postfix
|
|
||||||
ipam_config:
|
|
||||||
- subnet: '172.16.0.0/16'
|
|
||||||
gateway: 172.16.0.1
|
|
||||||
|
|
||||||
- name: setup postfix docker container for outgoing mail
|
|
||||||
docker_container:
|
|
||||||
name: postfix
|
|
||||||
image: boky/postfix:v3.5.0
|
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: postfix
|
|
||||||
env:
|
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
|
||||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
|
|
@ -1,31 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: create privatebin volume folders
|
|
||||||
file:
|
|
||||||
name: "{{ privatebin.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- cfg
|
|
||||||
- data
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: upload privatebin config
|
|
||||||
template:
|
|
||||||
src: files/configs/privatebin-conf.php
|
|
||||||
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
|
|
||||||
|
|
||||||
- name: privatebin app container
|
|
||||||
docker_container:
|
|
||||||
name: privatebin
|
|
||||||
image: jgeusebroek/privatebin:latest
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
|
||||||
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ privatebin.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -1,38 +0,0 @@
|
||||||
---
|
|
||||||
- name: setup restic backup
|
|
||||||
docker_compose:
|
|
||||||
project_name: restic_backup
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: '3.6'
|
|
||||||
services:
|
|
||||||
restic-backup:
|
|
||||||
image: mazzolino/restic
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
RUN_ON_STARTUP: "true"
|
|
||||||
BACKUP_CRON: "0 30 3 * * *"
|
|
||||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
|
||||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
|
||||||
RESTIC_BACKUP_ARGS: >-
|
|
||||||
--tag datacoop-volumes
|
|
||||||
--exclude='*.tmp'
|
|
||||||
--verbose
|
|
||||||
RESTIC_FORGET_ARGS: >-
|
|
||||||
--keep-last 10
|
|
||||||
--keep-daily 7
|
|
||||||
--keep-weekly 5
|
|
||||||
--keep-monthly 12
|
|
||||||
TZ: Europe/Copenhagen
|
|
||||||
volumes:
|
|
||||||
- /docker-volumes:/mnt/volumes:ro
|
|
||||||
|
|
||||||
restic-prune:
|
|
||||||
image: "mazzolino/restic"
|
|
||||||
environment:
|
|
||||||
RUN_ON_STARTUP: "true"
|
|
||||||
PRUNE_CRON: "0 0 4 * * *"
|
|
||||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
|
||||||
TZ: Europe/copenhagen
|
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: thelounge volume
|
|
||||||
docker_volume:
|
|
||||||
name: thelounge
|
|
||||||
|
|
||||||
- name: upload thelounge config
|
|
||||||
template:
|
|
||||||
src: files/configs/thelounge.js
|
|
||||||
dest: /var/lib/docker/volumes/thelounge/_data/config.js
|
|
||||||
|
|
||||||
- name: thelounge container
|
|
||||||
docker_container:
|
|
||||||
name: thelounge
|
|
||||||
image: thelounge/lounge:latest
|
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- thelounge:/home/lounge/data
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
- name: ldap
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ thelounge.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ thelounge.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
|
@ -1,53 +0,0 @@
|
||||||
---
|
|
||||||
- name: create tt-rss folders
|
|
||||||
file:
|
|
||||||
name: "{{ ttrss.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "config"
|
|
||||||
- "db"
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: "set up tt-rss"
|
|
||||||
docker_compose:
|
|
||||||
project_name: "tt-rss"
|
|
||||||
pull: yes
|
|
||||||
definition:
|
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
ttrss_db:
|
|
||||||
container_name: "ttrss_db"
|
|
||||||
image: "postgres:11"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "ttrss"
|
|
||||||
volumes:
|
|
||||||
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "ttrss"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
|
|
||||||
|
|
||||||
ttrss_app:
|
|
||||||
container_name: ttrss_app
|
|
||||||
image: "linuxserver/tt-rss"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- ttrss
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- "{{ ttrss.volume_folder }}/config:/config"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ ttrss.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
TZ: "Europe/Copenhagen"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
||||||
ttrss:
|
|
||||||
name: "ttrss"
|
|
|
@ -1,13 +0,0 @@
|
||||||
- name: setup ulovliglogning.dk website docker container
|
|
||||||
docker_container:
|
|
||||||
name: ulovliglogning_website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
image: ulovliglogning/ulovliglogning.dk:latest
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
|
@ -1,57 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: setup data.coop website docker container
|
|
||||||
docker_container:
|
|
||||||
name: data.coop_website
|
|
||||||
image: docker.data.coop/data-coop-website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
||||||
|
|
||||||
- name: setup new data.coop website using hugo
|
|
||||||
docker_container:
|
|
||||||
name: new.data.coop_website
|
|
||||||
image: docker.data.coop/data-coop-website:hugo
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
||||||
|
|
||||||
- name: setup cryptohagen.dk website docker container
|
|
||||||
docker_container:
|
|
||||||
name: cryptohagen_website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
image: docker.data.coop/cryptohagen-website
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
||||||
|
|
||||||
- name: setup cryptoaarhus.dk website docker container
|
|
||||||
docker_container:
|
|
||||||
name: cryptoaarhus_website
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
image: docker.data.coop/cryptoaarhus-website
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
labels:
|
|
||||||
com.ouroboros.enable: "true"
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/cryptoaarhus-website
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/cryptohagen-website
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,27 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
prod-web:
|
||||||
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
staging-web:
|
||||||
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
26
roles/docker/templates/compose-files/diun.yml.j2
Normal file
26
roles/docker/templates/compose-files/diun.yml.j2
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
version: "3.5"
|
||||||
|
|
||||||
|
services:
|
||||||
|
diun:
|
||||||
|
image: "ghcr.io/crazy-max/diun:{{ services.diun.version }}"
|
||||||
|
command: serve
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
- "TZ=Europe/Paris"
|
||||||
|
- "DIUN_WATCH_WORKERS=20"
|
||||||
|
- "DIUN_WATCH_SCHEDULE=0 */6 * * *"
|
||||||
|
- "DIUN_WATCH_JITTER=30s"
|
||||||
|
- "DIUN_PROVIDERS_DOCKER=true"
|
||||||
|
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
|
||||||
|
- "DIUN_NOTIF_MATRIX_HOMESERVERURL=https://{{ services.matrix.domain }}"
|
||||||
|
- "DIUN_NOTIF_MATRIX_USER={{ services.diun.matrix_user }}"
|
||||||
|
- "DIUN_NOTIF_MATRIX_ROOMID={{ services.diun.matrix_room }}"
|
||||||
|
- "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_secrets.matrix_password }}"
|
||||||
|
- "DIUN_NOTIF_MATRIX_MSGTYPE=text"
|
||||||
|
labels:
|
||||||
|
- "diun.enable=true"
|
||||||
|
restart: always
|
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: registry:{{ services.docker_registry.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./registry:/var/lib/registry"
|
||||||
|
- "./auth:/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
REGISTRY_AUTH: "htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
40
roles/docker/templates/compose-files/drone.yml.j2
Normal file
40
roles/docker/templates/compose-files/drone.yml.j2
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: drone/drone:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }}
|
||||||
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: true
|
||||||
|
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
runner:
|
||||||
|
image: drone/drone-runner-docker:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_RPC_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
DRONE_RUNNER_NAME: data.coop_drone_runner
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
22
roles/docker/templates/compose-files/element.yml.j2
Normal file
22
roles/docker/templates/compose-files/element.yml.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
expose:
|
||||||
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.element.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.element.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
22
roles/docker/templates/compose-files/fedi_dk_website.yml.j2
Normal file
22
roles/docker/templates/compose-files/fedi_dk_website.yml.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
command: --remote=https://git.data.coop/fedi.dk/website.git#main
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
38
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
38
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
ports:
|
||||||
|
- "22:22"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||||
|
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||||
|
FORGEJO__mailer__ENABLED: true
|
||||||
|
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
||||||
|
FORGEJO__mailer__PROTOCOL: smtp
|
||||||
|
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}"
|
||||||
|
FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}"
|
||||||
|
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||||
|
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
||||||
|
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||||
|
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
||||||
|
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
||||||
|
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
44
roles/docker/templates/compose-files/hedgedoc.yml.j2
Normal file
44
roles/docker/templates/compose-files/hedgedoc.yml.j2
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.hedgedoc.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: codimd
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||||
|
POSTGRES_DB: codimd
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||||
|
volumes:
|
||||||
|
- "./hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
|
- "./sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
|
||||||
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: False
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||||
|
CMD_EMAIL: False
|
||||||
|
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
||||||
|
CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
|
||||||
|
CMD_SAML_ISSUER: hedgedoc
|
||||||
|
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||||
|
CMD_USECDN: false
|
||||||
|
CMD_PROTOCOL_USESSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
42
roles/docker/templates/compose-files/keycloak.yml.j2
Normal file
42
roles/docker/templates/compose-files/keycloak.yml.j2
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.keycloak.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: keycloak
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
POSTGRES_DB: keycloak
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
command:
|
||||||
|
- "start"
|
||||||
|
- "--db=postgres"
|
||||||
|
- "--db-url=jdbc:postgresql://db:5432/keycloak"
|
||||||
|
- "--db-username=keycloak"
|
||||||
|
- "--db-password={{ postgres_passwords.keycloak }}"
|
||||||
|
- "--hostname={{ services.keycloak.domain }}"
|
||||||
|
- "--proxy=edge"
|
||||||
|
- "--https-port=8080"
|
||||||
|
- "--http-relative-path=/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
146
roles/docker/templates/compose-files/mailu.yml.j2
Normal file
146
roles/docker/templates/compose-files/mailu.yml.j2
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.mailu.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: mailu
|
||||||
|
POSTGRES_USER: mailu
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:{{ services.mailu.redis_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./redis:/data"
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
front:
|
||||||
|
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "./certs:/certs"
|
||||||
|
- "./overrides/nginx:/overrides:ro"
|
||||||
|
expose:
|
||||||
|
- "80"
|
||||||
|
ports:
|
||||||
|
- "25:25"
|
||||||
|
- "465:465"
|
||||||
|
- "587:587"
|
||||||
|
- "110:110"
|
||||||
|
- "995:995"
|
||||||
|
- "143:143"
|
||||||
|
- "993:993"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- webmail
|
||||||
|
- external_services
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
resolver:
|
||||||
|
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
- "./dkim:/dkim"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
aliases:
|
||||||
|
- admin.mailu
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
imap:
|
||||||
|
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mail:/mail"
|
||||||
|
- "./overrides/dovecot:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mailqueue:/queue"
|
||||||
|
- "./overrides/postfix:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
|
||||||
|
antispam:
|
||||||
|
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
||||||
|
hostname: antispam
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./filter:/var/lib/rspamd"
|
||||||
|
- "./overrides/rspamd:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
webmail:
|
||||||
|
image: ghcr.io/mailu/webmail:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./webmail:/data"
|
||||||
|
- "./overrides/snappymail:/overrides:ro"
|
||||||
|
networks:
|
||||||
|
- webmail
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: "{{ services.mailu.subnet }}"
|
||||||
|
webmail:
|
||||||
|
driver: bridge
|
||||||
|
external_services:
|
||||||
|
external: true
|
146
roles/docker/templates/compose-files/mastodon.yml.j2
Normal file
146
roles/docker/templates/compose-files/mastodon.yml.j2
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
x-sidekiq: &sidekiq
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: postgres:{{ services.mastodon.postgres_version }}
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres_data:/var/lib/postgresql/data"
|
||||||
|
- "./postgres_config:/config:ro"
|
||||||
|
command: postgres -c config_file=/config/postgresql.conf
|
||||||
|
environment:
|
||||||
|
POSTGRES_HOST_AUTH_METHOD: trust
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
|
||||||
|
redis:
|
||||||
|
restart: always
|
||||||
|
image: redis:{{ services.mastodon.redis_version }}
|
||||||
|
volumes:
|
||||||
|
- "./redis_data:/data"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
|
|
||||||
|
web:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
environment:
|
||||||
|
MAX_THREADS: 10
|
||||||
|
WEB_CONCURRENCY: 3
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
VIRTUAL_PATH: /
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
streaming:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: node ./streaming
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:4000:4000"
|
||||||
|
environment:
|
||||||
|
DB_POOL: 15
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "4000"
|
||||||
|
VIRTUAL_PATH: "/api/v1/streaming"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-push-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-pull-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-pull-default-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-push-default-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-scheduler:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-mailers:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q mailers
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
||||||
|
sidekiq-push-ingress:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 10 -q push -q ingress
|
||||||
|
environment:
|
||||||
|
DB_POOL: 10
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
36
roles/docker/templates/compose-files/matrix.yml.j2
Normal file
36
roles/docker/templates/compose-files/matrix.yml.j2
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.matrix.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: synapse
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
|
||||||
|
synapse:
|
||||||
|
image: ghcr.io/element-hq/synapse:{{ services.matrix.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
environment:
|
||||||
|
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
||||||
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
|
SYNAPSE_LOG_LEVEL: INFO
|
||||||
|
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||||
|
VIRTUAL_PORT: "8008"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
44
roles/docker/templates/compose-files/membersystem.yml.j2
Normal file
44
roles/docker/templates/compose-files/membersystem.yml.j2
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: docker.data.coop/membersystem:{{ services.membersystem.version }}
|
||||||
|
restart: always
|
||||||
|
user: "$UID:$GID"
|
||||||
|
tty: true
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
environment:
|
||||||
|
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
||||||
|
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_PORT: 5432
|
||||||
|
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
VIRTUAL_PORT: "8000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
|
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
||||||
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.membersystem.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./postgres/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
36
roles/docker/templates/compose-files/netdata.yml.j2
Normal file
36
roles/docker/templates/compose-files/netdata.yml.j2
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: netdata/netdata:{{ services.netdata.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
hostname: hevonen.servers.{{ base_domain }}
|
||||||
|
volumes:
|
||||||
|
- "/proc:/host/proc:ro"
|
||||||
|
- "/sys:/host/sys:ro"
|
||||||
|
- "/etc/os-release:/host/etc/os-release:ro"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
PGID: "999"
|
||||||
|
DOCKER_HOST: "socket_proxy:2375"
|
||||||
|
cap_add:
|
||||||
|
- SYS_PTRACE
|
||||||
|
security_opt:
|
||||||
|
- apparmor:unconfined
|
||||||
|
|
||||||
|
socket-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy:latest
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
|
environment:
|
||||||
|
CONTAINERS: 1
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
59
roles/docker/templates/compose-files/nextcloud.yml.j2
Normal file
59
roles/docker/templates/compose-files/nextcloud.yml.j2
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.nextcloud.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:{{ services.nextcloud.redis_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
command: redis-server --requirepass {{ nextcloud_secrets.redis_password }}
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/redis
|
||||||
|
|
||||||
|
cron:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
entrypoint: /cron.sh
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
proxy:
|
||||||
|
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- "./conf:/etc/nginx/conf.d"
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam"
|
||||||
|
- "./certs:/etc/nginx/certs:ro"
|
||||||
|
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||||
|
labels:
|
||||||
|
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
||||||
|
|
||||||
|
{% if letsencrypt_enabled %}
|
||||||
|
acme:
|
||||||
|
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam:ro"
|
||||||
|
- "./certs:/etc/nginx/certs"
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: osixia/openldap:{{ services.openldap.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
tty: true
|
||||||
|
stdin_open: true
|
||||||
|
volumes:
|
||||||
|
- "./var/lib/ldap:/var/lib/ldap"
|
||||||
|
- "./etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
|
- "./certs:/container/service/slapd/assets/certs/"
|
||||||
|
ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
hostname: "{{ services.openldap.domain }}"
|
||||||
|
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||||
|
environment:
|
||||||
|
LDAP_LOG_LEVEL: "256"
|
||||||
|
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||||
|
LDAP_DOMAIN: "{{ base_domain }}"
|
||||||
|
LDAP_BASE_DN: ""
|
||||||
|
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||||
|
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||||
|
LDAP_READONLY_USER: false
|
||||||
|
LDAP_RFC2307BIS_SCHEMA: false
|
||||||
|
LDAP_BACKEND: mdb
|
||||||
|
LDAP_TLS: true
|
||||||
|
LDAP_TLS_CRT_FILENAME: ldap.crt
|
||||||
|
LDAP_TLS_KEY_FILENAME: ldap.key
|
||||||
|
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
||||||
|
LDAP_TLS_ENFORCE: false
|
||||||
|
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
||||||
|
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||||
|
LDAP_TLS_VERIFY_CLIENT: demand
|
||||||
|
LDAP_REPLICATION: false
|
||||||
|
KEEP_EXISTING_CONFIG: false
|
||||||
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
||||||
|
LDAP_SSL_HELPER_PREFIX: ldap
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
PHPLDAPADMIN_LDAP_HOSTS: app
|
||||||
|
PHPLDAPADMIN_HTTPS: false
|
||||||
|
PHPLDAPADMIN_TRUST_PROXY_SSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
38
roles/docker/templates/compose-files/passit.yml.j2
Normal file
38
roles/docker/templates/compose-files/passit.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.passit.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: passit
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: passit/passit:{{ services.passit.version }}
|
||||||
|
command: bin/start.sh
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit
|
||||||
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
|
IS_DEBUG: "False"
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }}
|
||||||
|
EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }}
|
||||||
|
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:rw"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||||
|
VIRTUAL_PORT: "9000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
22
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
22
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
aliases:
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./dkim:/etc/opendkim/keys"
|
||||||
|
environment:
|
||||||
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||||
|
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||||
|
DKIM_AUTOGENERATE: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./cfg:/privatebin/cfg"
|
||||||
|
- "./data:/privatebin/data"
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
41
roles/docker/templates/compose-files/rallly.yml.j2
Normal file
41
roles/docker/templates/compose-files/rallly.yml.j2
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.rallly.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||||
|
POSTGRES_DB: rallly_db
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: lukevella/rallly:{{ services.rallly.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
env_file: rallly.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
50
roles/docker/templates/compose-files/restic.yml.j2
Normal file
50
roles/docker/templates/compose-files/restic.yml.j2
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
backup:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
restart: always
|
||||||
|
hostname: {{ inventory_hostname_short }}
|
||||||
|
domainname: {{ inventory_hostname }}
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
RESTIC_BACKUP_SOURCES: /mnt/volumes
|
||||||
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
--tag datacoop-volumes
|
||||||
|
--exclude '*.tmp'
|
||||||
|
--exclude '/mnt/volumes/mastodon/mastodon_data/cache/'
|
||||||
|
--exclude '/mnt/volumes/restic/'
|
||||||
|
--verbose
|
||||||
|
RESTIC_FORGET_ARGS: >-
|
||||||
|
--keep-last 10
|
||||||
|
--keep-daily 7
|
||||||
|
--keep-weekly 5
|
||||||
|
--keep-monthly 12
|
||||||
|
TZ: Europe/Copenhagen
|
||||||
|
POST_COMMANDS_FAILURE: /run/libexec/failure.sh
|
||||||
|
POST_COMMANDS_SUCCESS: /run/libexec/success.sh
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
||||||
|
- "./scripts:/run/libexec:ro"
|
||||||
|
- "/docker-volumes:/mnt/volumes:ro"
|
||||||
|
networks:
|
||||||
|
- postfix
|
||||||
|
|
||||||
|
prune:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
PRUNE_CRON: "0 30 4 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
TZ: Europe/copenhagen
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue