Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
Sam A. | 5568254ddb | |
Sam A. | 212a2a579e | |
Sam A. | 7df888f633 | |
Víðir Valberg Guðmundsson | c870c2f14e | |
Víðir Valberg Guðmundsson | 62850cfba0 |
|
@ -42,7 +42,7 @@ use_default_rules: true
|
|||
|
||||
# Ansible-lint completely ignores rules or tags listed below
|
||||
skip_list:
|
||||
- skip_this_tag
|
||||
- no-log-password
|
||||
|
||||
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||
# You must enable opt-in rules by listing each rule 'id' below.
|
||||
|
@ -108,4 +108,4 @@ kinds:
|
|||
|
||||
# List of additions modules to allow in only-builtins rule.
|
||||
# only_builtins_allow_modules:
|
||||
# - example_module
|
||||
# - example_module
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
*.retry
|
||||
playbook.retry
|
||||
*.sw*
|
||||
.vagrant/
|
||||
*.log
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
---
|
||||
repos:
|
||||
|
||||
#- repo: https://github.com/semaphor-dk/dansabel
|
||||
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||
# hooks:
|
||||
# - id: dansabel
|
||||
- repo: https://github.com/lyz-code/yamlfix/
|
||||
rev: 1.1.1
|
||||
hooks:
|
||||
- id: yamlfix
|
||||
|
||||
- repo: https://github.com/ansible/ansible-lint
|
||||
rev: v6.9.0
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
files: \.(yaml|yml)$
|
||||
additional_dependencies:
|
||||
- ansible
|
||||
- repo: https://github.com/ansible/ansible-lint
|
||||
rev: v6.9.0
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
files: \.(yaml|yml)$
|
||||
additional_dependencies:
|
||||
- ansible
|
||||
|
|
6
Makefile
6
Makefile
|
@ -1,3 +1,7 @@
|
|||
# Makefile for initializing pre-commit hooks
|
||||
|
||||
all: init
|
||||
|
||||
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||
|
||||
create_venv:
|
||||
|
@ -9,4 +13,4 @@ install_pre_commit:
|
|||
venv/bin/pre-commit install
|
||||
|
||||
install_ansible_galaxy_modules:
|
||||
venv/bin/ansible-galaxy collection install community.general
|
||||
venv/bin/ansible-galaxy collection install community.general
|
||||
|
|
108
README.md
108
README.md
|
@ -1,108 +0,0 @@
|
|||
# data.coop infrastructure
|
||||
|
||||
This repository contains the code used to deploy data.coop's services
|
||||
and websites. We use Ansible to encode our infrastructure setup. Only
|
||||
the association's administrators have access to deploy the services.
|
||||
|
||||
## Deploying
|
||||
|
||||
To deploy the services, the included `deploy.sh` script can be used. The
|
||||
Ansible playbook uses two custom-made roles (in the `roles/` directory):
|
||||
|
||||
- `ubuntu_base` - used to configure the host itself and install the
|
||||
necessary packages
|
||||
- `docker` - used to deploy our services and websites with Docker
|
||||
containers
|
||||
|
||||
The script has options to deploy only one of the roles. Select services
|
||||
only can also be specified. By default, the script deploys everything.
|
||||
|
||||
Here is a summary of the options that can be used with the script:
|
||||
|
||||
```sh
|
||||
# deploy everything
|
||||
./deploy.sh
|
||||
|
||||
# deploy the ubuntu_base role only
|
||||
./deploy.sh base
|
||||
|
||||
# deploy user setup only
|
||||
./deploy.sh users
|
||||
|
||||
# deploy the docker role only
|
||||
./deploy.sh services
|
||||
|
||||
# deploy SINGLE_SERVICE Docker service only
|
||||
./deploy.sh services SINGLE_SERVICE
|
||||
```
|
||||
|
||||
`SINGLE_SERVICE` should match one of the service names in the `services`
|
||||
dictionary in `roles/docker/defaults/main.yml` (e.g. `gitea` or
|
||||
`data_coop_website`).
|
||||
|
||||
## Testing
|
||||
|
||||
In order for us to be able to test our setup locally, we use Vagrant to
|
||||
deploy the services in a virtual machine. To do this, Vagrant and
|
||||
VirtualBox must both be installed on the development machine. Then, the
|
||||
services can be deployed locally by using the `vagrant` command-line
|
||||
tool. The working directory needs to be the root of the repository for
|
||||
this to work properly.
|
||||
|
||||
> Note: As our secrets are contained in an Ansible Vault file, only the
|
||||
> administrators have the ability to run the deployment in Vagrant.
|
||||
> However, one could replace the vault file for testing purposes.
|
||||
|
||||
Here is a summary of the commands that are available with the `vagrant`
|
||||
command-line tool:
|
||||
|
||||
```sh
|
||||
# Create and provision the VM
|
||||
vagrant up
|
||||
|
||||
# Re-provision the VM
|
||||
vagrant provision
|
||||
|
||||
# SSH into the VM
|
||||
vagrant ssh
|
||||
|
||||
# Power down the VM
|
||||
vagrant halt
|
||||
|
||||
# Power down and delete the VM
|
||||
vagrant destroy
|
||||
```
|
||||
|
||||
The `vagrant` command-line tool does not support supplying extra
|
||||
variables to Ansible on runtime, so to be able to deploy only parts of
|
||||
the Ansible playbook to Vagrant, the `deploy.sh` script can be used with
|
||||
the `--vagrant` flag. Here are some examples:
|
||||
|
||||
```sh
|
||||
# deploy the ubuntu_base role only in the Vagrant VM
|
||||
./deploy.sh --vagrant base
|
||||
|
||||
# deploy SINGLE_SERVICE Docker service only in the Vagrant VM
|
||||
./deploy.sh --vagrant services SINGLE_SERVICE
|
||||
```
|
||||
|
||||
Note that the `--vagrant` flag should be the first argument when using
|
||||
the script.
|
||||
|
||||
## Contributing
|
||||
|
||||
If you want to contribute, you can fork the repository and submit a pull
|
||||
request. We use a pre-commit hook for linting the YAML files before
|
||||
every commit, so please use that. To initialize pre-commit, you need to
|
||||
have Python and GNU make installed. Then, just run the following shell
|
||||
command:
|
||||
|
||||
```sh
|
||||
make init
|
||||
```
|
||||
|
||||
## Nice tools
|
||||
|
||||
- [J2Live](https://j2live.ttl255.com/): A live Jinja2 parser, nice to
|
||||
test out filters
|
||||
|
|
@ -13,8 +13,7 @@ Vagrant.configure(2) do |config|
|
|||
config.vm.hostname = "datacoop"
|
||||
|
||||
config.vm.provider :virtualbox do |v|
|
||||
v.cpus = 8
|
||||
v.memory = 16384
|
||||
v.memory = 4096
|
||||
end
|
||||
|
||||
config.vm.provision :ansible do |ansible|
|
||||
|
@ -22,17 +21,15 @@ Vagrant.configure(2) do |config|
|
|||
ansible.playbook = "playbook.yml"
|
||||
ansible.ask_vault_pass = true
|
||||
ansible.verbose = "v"
|
||||
ansible.extra_vars = {
|
||||
base_domain: "datacoop.devel"
|
||||
}
|
||||
|
||||
# If the VM is already provisioned, we need to use the new port
|
||||
if provisioned?
|
||||
config.ssh.guest_port = PORT
|
||||
ansible.extra_vars = {
|
||||
ansible_port: PORT,
|
||||
from_vagrant: true
|
||||
}
|
||||
else
|
||||
ansible.extra_vars = {
|
||||
from_vagrant: true
|
||||
ansible_port: PORT
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
[defaults]
|
||||
ask_vault_pass = True
|
||||
inventory = datacoop_hosts
|
||||
interpreter_python = /usr/bin/python3
|
||||
remote_user = root
|
||||
retry_files_enabled = True
|
||||
use_persistent_connections = True
|
||||
forks = 10
|
||||
inventory = datacoop_hosts
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
[production]
|
||||
hevonen.servers.data.coop ansible_port=19022
|
||||
|
||||
[monitoring]
|
||||
uptime.data.coop
|
||||
######################################
|
||||
### All hosts
|
||||
85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
||||
|
|
31
deploy.sh
31
deploy.sh
|
@ -1,19 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
usage () {
|
||||
{
|
||||
echo "Usage: $0 [--vagrant]"
|
||||
echo "Usage: $0 [--vagrant] base"
|
||||
echo "Usage: $0 [--vagrant] users"
|
||||
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
||||
} >&2
|
||||
}
|
||||
|
||||
BASE_CMD="ansible-playbook playbook.yml"
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
|
||||
if [ "$1" = "--vagrant" ]; then
|
||||
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||
VAGRANT_VAR="from_vagrant"
|
||||
BASE_CMD="$BASE_CMD --inventory=vagrant_host"
|
||||
shift
|
||||
fi
|
||||
|
||||
|
@ -30,21 +20,16 @@ else
|
|||
"services")
|
||||
if [ -z "$2" ]; then
|
||||
echo "Deploying all services!"
|
||||
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
$BASE_CMD --tags setup_services
|
||||
else
|
||||
echo "Deploying service: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
||||
$BASE_CMD --tags setup_services --extra-vars "single_service=$2"
|
||||
fi
|
||||
;;
|
||||
;;
|
||||
"base")
|
||||
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
;;
|
||||
"users")
|
||||
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||
;;
|
||||
$BASE_CMD --tags base_only
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
echo "Command \"$1\" not found!"
|
||||
esac
|
||||
fi
|
||||
|
|
|
@ -1,170 +1,141 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30613439636234396439623634656338666330643936373563656336323831353464353239353661
|
||||
6234316535383838653865643964353033623935313432630a666563316534343733363464396635
|
||||
34396664643137643136633837656432623633383361633336343562333039326538393034616637
|
||||
6634613631636433610a663835343739376534356133323163343132323233643135613333313132
|
||||
65373233666535366137343839363938303561653731633038376631386161653038613631396364
|
||||
33636131636536306134346336636332393436303063306262333430613137376438626133353963
|
||||
66396332363335333436623335613966323730616139353762656662386530356435623831656632
|
||||
30333363376132653362323339386437346134323232363336363461323332613962613131386264
|
||||
37383435653061653466613834346430656632626338316564656136666266353231363661666461
|
||||
32646461313365626232376536376463313531613861363462643062326538326234613332646430
|
||||
33383438613961623134343665383638346164653031363435656162306163653232353162343431
|
||||
38333239393332613466663231383932316330376535383466643233326134623530306361393639
|
||||
63386530643733393033646139613730313239313866343730643337393533366330373363353338
|
||||
62313739613531636166663135646262396334373538636634393534616337363337323630666261
|
||||
39643164363437653661633666376431303662396431633661663933343666613234326637636231
|
||||
38383537333532326636343366343564646630363838323162373339323365666262303836636232
|
||||
31343637616261636130656637393633383165353332346239323063646162306235313962363935
|
||||
64633639653261363563646664393630666564646165393736363562623231626634326163306630
|
||||
37613635306136643334616364303439323332666431386264623265323636623738303364396636
|
||||
37626161363466646166633434333265623236633033666562643264303662333363396631646638
|
||||
36626636363261313966393235313866353936323064343331626362306162323166323063656433
|
||||
63303762346330323031353034356162373433356436663134373930633634366330653233613139
|
||||
63363639343833616431633765613938623037323961623663336662666135313466303661316133
|
||||
39353664633036323031373862393530653433373062623233313965653735353566306538393439
|
||||
30366162663138326535346639393337393362366630343266643035353465663332333539613337
|
||||
30666666363134313239306231356663343166363137366636643931313039333732383833313036
|
||||
37393064396662623063613462336363386336393839313465323062646535373733326338353766
|
||||
31666639303836316266343764336462343765363930326338313635336633323662366238356264
|
||||
38613631313434383830333031643938393566633236383861633266326336653033663163336132
|
||||
61313132643062666434346333653234393865656463343363313636613364616361353561343739
|
||||
38313231333431303664323730626162613264343630356438336636373739653234336666646438
|
||||
37636437623336323461613063396137396533353265333034333435306666636261353933613232
|
||||
65363632383039666666323030323830333534376362326136313232393732613166303461383933
|
||||
62303166396533616538666566356238393265663163343264333664393936613066313665616137
|
||||
38613030623937633730646461666233333035323661363835313161613930336237396332623338
|
||||
30666166636662613130363430333436613532326437393730376536353963356633393736303065
|
||||
31393534646537323037316664313438643836386333613961663031383231663932633934656461
|
||||
62313163616635626131663961326438396439383432346337386261313330343330353637376330
|
||||
38346532396533326135303264613361663836646163623630323832653032396237353966663661
|
||||
36353365313962663832393333336138346335363832396535346336643565366465643565616638
|
||||
63616565356663623531323935393334326639626236353338643237343764366464666131393332
|
||||
64396665343535323339383434366133613235313866653663313639633930323864646536346232
|
||||
65316465643662376264373536393232326666663335316631376433343062646361376165363732
|
||||
66326165643163333737313139386461363431353239626236366238343035386663363435366464
|
||||
31633738336263633961306436613233303861633263343030336637373165663261316632663537
|
||||
31613636663163323365303038373134306264343831326264326261633834393366623061616262
|
||||
63393463333833393636666232626662643738653634306364326231343830633834643664353730
|
||||
37346131346263356539363630363230626364663161643064323538396131636633623866383939
|
||||
66346434323935353632633837363530663438636539616130633532346236343661633766383434
|
||||
34343339646662393030323661623665643432376365633435666333316439356631386234303062
|
||||
35346631656230346565323130333765663933373638303639363530373431343232393864656639
|
||||
33666433366131396464323137393239653531376662646235343962613639343831636261326265
|
||||
65663564613766313634653938316339306434663463623563316431633234323330623738646636
|
||||
37643535623664323433626561383462393033343232303838333930653366376536353765613036
|
||||
35663165623265616630373161336632646435613331373166303632373633313865386134636362
|
||||
61636134343839643735636461626663626237613262316564646339323933363864303935353834
|
||||
39396637646264633736366336616336643032313237653662646331383963366533373766356539
|
||||
35306165306534393463663332336430336635666135643561303935386635393838323865623162
|
||||
36323565616232353261303139623465646234313136383436376162376165303664613164356162
|
||||
33373237333666616135636231653637396330663930663962636161326664333261343737343735
|
||||
37313465396130653138613539376436373237343138636535626632326435383234326466363235
|
||||
34646663653038396630353637636166346261346233333632363361326536383634663433613564
|
||||
35633864343630333033613133626635313931333031643564396164393135346131343832363861
|
||||
61366664363838653438653137383933386233633836323332643531303936353237623734666135
|
||||
31356166613664636634336536343032646239643130346564303162356431346539646336323339
|
||||
61626236346535336638353134353838333434663838303730613363393365633739383563613434
|
||||
64336331306639323061386338656361653636353831346237373134346538623464343562393735
|
||||
39333764343139333133393233626564643266373034623764633835383561366265636632633937
|
||||
62343635343161363231653138613263313562366439316435633964396161343566316435303465
|
||||
39666236316339653839313333396264623636663561653932386638366366663933353761353162
|
||||
61343038383939396231346534336361306430373564353633653139306334623630343738636430
|
||||
66376631366662313131646130363530323232383535333163363466636262363461633232343532
|
||||
63626430336261353861633362396638643937623832386638626334663333363637393637373939
|
||||
64303039666432303535636265613564376139333331653336666563663238366639393366363334
|
||||
36303635633933333832396562373965653361303034653139643466656534326231383162336366
|
||||
31656138656539383539396462326134333331653131306537643962653762373035343235333233
|
||||
34373730623663346430303962653061623330653263393633383835663739663961326566323036
|
||||
30336365616532303362396230616531386639333636336332366335613935623836616134393033
|
||||
62653535396630383436393631396337336163323361663930323532633666663238333366383462
|
||||
36393261376262643336643761613731643032626632646332366661626331333233363436613937
|
||||
34653731666137313733653863396164323963383037353265373532303137623037343733616537
|
||||
66336433343334626536323639636139653931383466633833326234633332613431353432343561
|
||||
36626339656536383862623833633634356435393764316633353135326639623534366538313330
|
||||
62633333303266613630326330333336353264343937393864393239623664323366373565383334
|
||||
37383237376664643065383834633961366632643261343635336335353765353863323131653866
|
||||
31326531303461323736303730623638663863353939636437636231636437323730656463633733
|
||||
65383934343534383631363162363830386365313935663337366335326131393262353030663765
|
||||
30643665383332613030336439346332363135366232303166623534333637366133656437643231
|
||||
30306634636430643864363561316334383530613165326663326665613633636237353830393334
|
||||
62653333623563626131666166646335663334393662336337333836376631303631666136376332
|
||||
37316537356531346464623363653033306537636239633065646533643239653063613835363665
|
||||
30383139326465613864316533643033333430326230646334353364633138666532353736313265
|
||||
34623733613864646661353730666433613961643261346166303264386435643565373565323864
|
||||
61346465336231613865363263303034396439346163393534666439666437353266323565653032
|
||||
39386439646438313938356237643831643434666161383632316530356465616632313235643834
|
||||
33303865653836303632656663366465333331616634313863656438393838636631313364633637
|
||||
38646230643734393733663261326161376536643237626130353831363731306231313864613066
|
||||
34623239396362336639363163313161323065653461363563353631613730373830643133336464
|
||||
31336439636361363539383539323631303462633833353032373530333539336538363033383363
|
||||
32613733623839623938326165356237313165383366646233393933393965613363666532646434
|
||||
63316133613130313363303537366230646235663130313538333761633237383262316633366364
|
||||
65373664616237316534613831313966623939396331626334313430386638653461386334363939
|
||||
35333339643837666264356535643365353331393437313866643034663934336466336534343035
|
||||
61313837666662343363613962623462333935353837333336363839623466303534303837396634
|
||||
38656330666661356235626130303538666533666563323936633564383164633834353831306634
|
||||
36343836353464623962333362353133386563343831336463646635646263383832666232323736
|
||||
38613730316634373365343938623237356231643931303333366462373134383137366339613662
|
||||
62643832323734363635643634373066303366306366663036623139393761636533326130313336
|
||||
30316536396466383463393233363035393335343565323635333665346464366139626165636661
|
||||
39363066643437613537653836636363376532643038363063383234353066313737663061363334
|
||||
38306563613561663165623630366135303332636133343733343836383865613661393761333031
|
||||
62653162626461616564643138613737623632313739393962396439306133646138303936636435
|
||||
39393663653865363166316365376562353461633163353734343132343831386434653037323732
|
||||
36356162356336616330636630376438636165653439376137313934663939376639396266323962
|
||||
37383736333536653438363963316435326632393966383534326337303336386135616636363936
|
||||
35393331313938653830646332376631623763383439623633396433633739663038313264323835
|
||||
33373664313562366664363630316132643465363964383339363339656237323465626262306364
|
||||
33306133373065303135613235623262396365363634316365356364373561363762666235666430
|
||||
62336362643564313238363933623366396138646237336336623062326161326536323534326364
|
||||
39316162643966616436343737313434616230346237346237363962653033613930623462386431
|
||||
38343662356665383763633034393236613733643430313937326335356466376139653533333965
|
||||
39386138623134666132663837616637376362303561393133656139653438386363613965393661
|
||||
36343566643931393061373031343331336463643034383065383763663234373438383064303232
|
||||
64666236313935346237666466333562613935646163653331303661386138313739326538353935
|
||||
64323737323532663731353136336138633533386464616362333838396332323563353537613430
|
||||
33633631326238366166346437316638363161386562383630623466386564323266333033313461
|
||||
63666535363034613232346239636233623130393032353030363334333531646238373262323765
|
||||
61373739396162643661353031613663353531653836323730326166383463613330333966336233
|
||||
30386136346466336361303237303534373064353230653238363231633530613866663461643465
|
||||
30396266356164353063323432663561396564636231346534366661663766613634376235356637
|
||||
39313839616336666461313431326430333932623262333437386464636264373430653566386631
|
||||
64653866623662363864376663613136306165393863346533303634623936373835633864313462
|
||||
61333562646233303232623861366634383466633537383831626334356561353637663038643531
|
||||
39386635326366646134333231653737653630356135396634326537633232333166616161653136
|
||||
33393562383233656564356530386465623239386666313964343534343466616134373132636631
|
||||
39666365393063323838343963366339373434353839383039383238613133636237316365323861
|
||||
30626330643665626465666338353030653839383234393237623633646566376361646536353233
|
||||
31393235623561323765633835313139313538343761393064353632316335656231353930656437
|
||||
31313639313931636633333230653730666638373864326239333561393134356632623138366131
|
||||
65356462373336383039316131626562633330666363386631383663343838393435663538343934
|
||||
65386339626362623664393532386131303234633466363437383236616463343831353862323961
|
||||
39663835313234326137303965663963663761656531653437343234643634316565333762663139
|
||||
65393830633237623031303234636134633539316131396135616237316266333437633861303831
|
||||
62656630373763343366636635653033666630613533363365636261323661383364343161343439
|
||||
35626531346665656263643461306261376238353033343032353731373861333239333862653231
|
||||
31336562653133623163353230633331346237356534333534613161323462636639636662623435
|
||||
63633035336662376636623339326433393035646539626231363762643532323463316263393736
|
||||
62613038333733636362356636373331313661663830633433643039653233626261613739663836
|
||||
38643030313338383266323134326337323334343230623331386664333937316266623134336362
|
||||
61373037353664623863393233376264616438656332386130316361663665323135386463383763
|
||||
33303633356133353439393664363630336133306364363430393232326665393339323265383630
|
||||
31656463343064383837333630366465396633393465666235626330343937313630623039383465
|
||||
63326361663238653035613935343932623237396362643833313731323830313962616362613539
|
||||
32346165303930323739313837643933363863643937346561643930653530393636383036613235
|
||||
61376166386563643733333233343437623630323632643463353131386461663936313065313562
|
||||
31393032646262386634353436643466323731366631393136393433616332613036666163336635
|
||||
37303365633338613630656463663533653336666562653236336264303238383930383132346365
|
||||
35386662636439653930343738633265363635626132343030653462306431363234633635643537
|
||||
61666363346430653131623762666564313665653262386332396532646339383136383337353863
|
||||
38386632316632373338653535323335363265653563376330663239343861346563646366313039
|
||||
33306364623536346339393566326533633133393866303535326535306435626531346264616138
|
||||
34356231373561633337653663643566633632393330386564393966666365306565316135646163
|
||||
63366365383839343134303635376233343865663631633331333230616630366633396231333435
|
||||
30366137383238393139336433353764633038616238326136663636656132626538393565393130
|
||||
38653765326137393136386233383636383165613235373437353730306564643033306534386666
|
||||
61623538663537653166313264303533623162356134393333373732383535386261333535383039
|
||||
65613166666230336265366335323434636336663835323034373930393430363065376665666337
|
||||
35363265666130653830333536326433316639613638613730666139623137333736663535633032
|
||||
33363135376636636536623731323134343237393633333038393364376237386165
|
||||
35343731613336373363633564396639393230633664336338396164303238316564326663643638
|
||||
3365306264343434623836656435653436396636353866620a646336316338373866313362363664
|
||||
65363931633031613362383337643038636435303739376131643564633831316435653937353061
|
||||
6330306330383865640a643937326634393437313864326361373634373930623464613363663831
|
||||
37373230366262323261316134326333663262643764623639306239623066613335616531613662
|
||||
32343331313266363630343465376332303862353834653262306536623538383662366562616635
|
||||
34636561663366323434356337376261373039353931636139656437346165656663653233333266
|
||||
62353961626665636463396566626330383836383030363032303563633466326339626263306165
|
||||
31313266636330653933363630396166333339376564333133623237373962386164616332616438
|
||||
39623132663766633331306636613532333739613938333435393633386166333335393565633963
|
||||
30363165643038623962353762323338306466353031383531623066363632363033383639393537
|
||||
31333037626638353830653538373634666432346166373661313531656466383263323262373565
|
||||
38383766343030643939633830343332666165643661363631633963393632666632643361656139
|
||||
35346131363539613137396465306663363836666662303932646262383231363634373231373333
|
||||
34366636346530383736393532646563643139343764333661663033316432386632393139326439
|
||||
39303661333732376433663539383662363232313135663838616231343863326631353434326337
|
||||
36313335393262663932666365336334396131393362636637653630653965643662626434323736
|
||||
65663966306661646131643962336366643235353863646136613463323337663865323262613461
|
||||
33363636386665646538333334373564396333316665343566653662666331666236303438343962
|
||||
63396164316561363132306237336365313835346663616339666538643033356637633432383331
|
||||
64363964356264643038396139383838616131383466666565383131663331336530663832306635
|
||||
30643630623861633939646665326262393635626265323261653339646263386334353064393534
|
||||
63303464623433333863386136626566336135346561343964323436643739343037383839373332
|
||||
34656439333538653461663764323265303064643165663263316164396633623232626535353863
|
||||
64643766623032653838306134376131623564363735386531383732346438343932353966333062
|
||||
30613166623138333865343735663530346635383162616635326330636161303863626539663166
|
||||
31336333643765303635643862666234643538313033663563663034343632653466626661343639
|
||||
33656436393738326135363166623633366331633065373633313864353333316131346664353532
|
||||
66646239373166376361326664646263616263323632636235353864656438383038663662376164
|
||||
37336431306166366561623836373938366336623866653730353861333431383832313039313739
|
||||
61616435666236373463616162653732373766336365313930383665363661356565613461373165
|
||||
66636537333333633832366234633066366537646138346233313233376135666666336264316435
|
||||
64613030323430343764336465353334633836653133343532386435636136336638313162626462
|
||||
33363830396462616662313030316166646531643238363130613036666631643737306138326234
|
||||
65323763636363393031616633633338653531633639356238316236303264303034623632626261
|
||||
36626639633234396230356236643766306232646230623665633866643434313334303265323465
|
||||
66386461323563343236633864396562306165616338306334353563656461346464353930646161
|
||||
36653064613736346237363362663835656365616334363238376566316137303737316630316363
|
||||
65393139313832353461313634393931633761666531316333373762373265613464303365326338
|
||||
66393165366334636431353836336535636233336332336664613263613465393235363235623037
|
||||
61313037633761366661303663636364346131326334393765646262393863363062333739376466
|
||||
65653434336532323365376233646365323537313131306661306363313864326361646432326632
|
||||
64383533313833333466313231353863656634623135386631363864363834633035636632366164
|
||||
66356539353264633461396132336435353234333132376130616335613136356364643165346537
|
||||
62366630363439336432353066323238363233613032343635663731613134393639656535333736
|
||||
32623733333866393565366661643030376137646437616336386530363230376637316436313763
|
||||
36323532643763363864336634623132343530333531363231383130333064653233363339646136
|
||||
35343165623864646530633731373539356665316164653365303965663862313462313362643637
|
||||
34633163363833626635613634633938656334366366316266636532613065333436663633656530
|
||||
65623561326565643739303931323539643337373736646663363362646139323333346237353731
|
||||
32643739626561396664646537376139326339626235336464343964613761396430343461346639
|
||||
33326631373030653637393865333837386432333634653066353366613334396639626631653737
|
||||
34353831386366636663323761656431663965303561636236366538393261653333396537326461
|
||||
31323332613737646364616565393534306131323234633933636638333637623661343334383561
|
||||
30323464373365626662323062363135333932666163323235633131303566323964343734383238
|
||||
32376435363737373336363363613738366337626162333236643738373266633933363162303833
|
||||
37366631343933313934313463363834643835333766663361303335313539363839663231333963
|
||||
66326261323631386532346637376132646263303466383330373833633034373933616538306330
|
||||
33386334306330346161633131386130636634643531633233376337343637363235356135383366
|
||||
31366463323831636438646262613239663830333531386330326131643032653033336339643561
|
||||
64636439323065343564306163303134623439343963383136633864623633363364646535666565
|
||||
31393564316234343066303664396534386537303364343234303832346331326430386432636332
|
||||
38316565346433663639646330393339303530623636386332633666656363376239383535386134
|
||||
35376135306461333237383562356162326338363435643133653838343535326535326337376130
|
||||
37306462633835666132653466373163613566633863343363653539343239316233616661633532
|
||||
64386538363163653963363331623531313237636431343934643136656536323734636261656333
|
||||
39636132613431653562393238346565323330656539666230643566633663316239353436383566
|
||||
64303535353031636662643062326565313837393932346431326137316337376361363338383533
|
||||
34613632323230393233666437346466626232363636636636393836333832633335393734343565
|
||||
33333461343530333135663436343333623966363230666330323562363136383166666665333861
|
||||
65366436643363383331353361656434336631396437616562303861666263353533313738326138
|
||||
33653735333230636437643038633763343063336262386663313237653661346262653834616665
|
||||
37343834323937623761386639653736313232323166373561643235336261306430393533376139
|
||||
31653132613331626435623333343862393038643364616236626466333338646639663930663436
|
||||
66636462646130653537343739646437363130313766636438663130616665333232396331303531
|
||||
30373762343531383239653132633363386239643666316166363931326563343633653433383538
|
||||
36333733626363626464636435626131653439313862666230393334353938356436376664323961
|
||||
62326566646463396536633265333461306430616437646630363239653333643732366430373133
|
||||
32323636636161623932376235383430366661636439643565366532376239613366303039376434
|
||||
39646437363636633265313838616463383231643030643732306364333161656236303131333533
|
||||
62343539613264383830306639303164643233653032616566646163656564356262323065303134
|
||||
61613563646538316232353833636536633435336663326262663062663030326234316131353835
|
||||
34363564306335356633343438396434363261646665653665633235303932383266393630623238
|
||||
31323037336566633035366464386232616561383566343061343031623630383238643433376231
|
||||
64633634616133386138326138393138353937363332646637663363363064393065336438303932
|
||||
38393139306330396338646233366235316435313838633563353838303832616630633731323535
|
||||
31393039306630613734343433633662343831313336616561656136323039333235383733363364
|
||||
66383836363239376539316362646232356636336665316664653565653439353932663433346438
|
||||
65306365623334656133636332393265643163313939363537323738646664326364343064396337
|
||||
37383637383064643763363135386434316664306231376462653066653063313962316231386162
|
||||
63343533386262616631333233316330666263656532306466623733343764646361666165393863
|
||||
62326435346532623635343535353263626566313061643563613937346562643962386565396439
|
||||
62616661626464613366656462353932323732313062363566316562396134346433376237326664
|
||||
39333238346464393930653435363336333365323537356531313830626437303736333635356534
|
||||
62653766323065373662366162333363343466373135623262663436626438306337333365633633
|
||||
37333931623434666564366430666462343162303030643733623637656337393763393437656335
|
||||
36393162363765383464316562306532336265373130623566646134666337333133363863373964
|
||||
33666437323733396139653436323262383336306561643738366463646461646462333338623662
|
||||
30656135343934633335376634326533313663653761656235626165313834356464636535326439
|
||||
32343834316433393236353739646663393930663635646366623835633363653662626535366361
|
||||
64626561613064646431306634393330333265366530353063653132353735663564326563323961
|
||||
39663535346539326165313263383933653633306330303930376336316632636537363437663063
|
||||
64376465663634363838623230386139636231353665616165323065633661343339373432373732
|
||||
63356130653535303934396335306566646538383938636331333362353534366632663930393732
|
||||
37353365343532646137343631383833616430326631323564666361323934383839303130636333
|
||||
38653139303663356337376261616463303665623431613963643137356439326162386337326161
|
||||
61383434383534353732343733326139313462396432366336653139363466653336626338366365
|
||||
31386438333438633465666337393732343533373363646234383265323132303433316135396232
|
||||
39373764333863626634343636306533393361643135323531383963366137626464353064613065
|
||||
61623063303865646161363432643765323361363364383635646538636232353337636235613861
|
||||
36396631383639633263303131383537326464313433663032346230386432633864613335616533
|
||||
61373238363930653866643933623561613363333139373135633332643563613838346434623033
|
||||
34353161396433663632656633356536323662386332626566393636323463363334613234376137
|
||||
38643465656262656236666332383361616164366230323936346565303961333761613136353435
|
||||
63643839636464323362396235333738626132393030393737373438393032323931643936306239
|
||||
31643537353462626238306563316132663139393635356631373839653462613238323831303537
|
||||
33626362636362383530386333343266383061646436353635396230396231343364323631343037
|
||||
65663363656463393234313465386233663635626333346132353539366464653532333830326661
|
||||
64343136323366346239373737666435366363663237663039636631656266333562376532396661
|
||||
35666430626233333166356139613233306536303365313262363366316135326662636166393031
|
||||
38356661396232366236303732326666353864353735336161326663623030343766633266623236
|
||||
65626237636133626335656663323533386236353164303230313237643130386133613466613933
|
||||
31343261356632643265623866373965326561363538326336656561373631373938343334653662
|
||||
32616366373839373737393262633064666437303538386363616431386138346439353534623631
|
||||
63323063346564646462313034623630396462623565646430363338393239343761396235303863
|
||||
31636531323732303230626437363764306631366363643766633734353336373564393731366238
|
||||
32623563633661646465396136396462663363376333613434666632383637616133626132616362
|
||||
61343032643966323539353033643136616463353563666462313731386261633333623832643439
|
||||
38323666666330356538313730306334336433613364313065313761636261363433356438323136
|
||||
61343233643138646263626333306265366239613266646663323733636162323332643531643331
|
||||
39396433636233366365336166356661623132656261656666386361326164643634366436303737
|
||||
61653832373162356634313163363233323964303738366266376665346365396635343332396166
|
||||
35393263373732313734353332663238326563366534623131386233633365303664616562386231
|
||||
36326138356230663731306339666138343161386331313137313861633039303930623663646333
|
||||
65336461653033333332323162363539663366653762303266656366386665396463626265303264
|
||||
35666437663966663130633663643861326563336466633133646562383230363332646639616436
|
||||
36656137653061303262633736653433343838323666646261386266353735326564386465646334
|
||||
34633339336336613531666132633832363838343333353862333136616532613462343364616539
|
||||
37363437613236323235383936613763383966366265303731303034373430333936366339323437
|
||||
32303537653062663233
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
# These are the variables contained in secrets.yml
|
||||
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||
---
|
||||
|
||||
postgres_passwords:
|
||||
nextcloud: xxx
|
||||
passit: xxx
|
||||
gitea: xxx
|
||||
matrix: xxx
|
||||
codimd: xxx
|
||||
mailu: xxx
|
||||
keycloak: xxx
|
||||
hedgedoc: xxx
|
||||
mastodon: xxx
|
||||
rallly: xxx
|
||||
membersystem: xxx
|
||||
|
@ -31,9 +31,8 @@ drone_secrets:
|
|||
rpc_shared_secret: xxx
|
||||
|
||||
restic_secrets:
|
||||
repository_password: xxx
|
||||
ssh_privkey: xxx
|
||||
uptime_kuma_url: xxx
|
||||
user_secret: xxx
|
||||
encryption_secret: xxx
|
||||
|
||||
matrix_secrets:
|
||||
registration_shared_secret: xxx
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
users:
|
||||
- name: graffen
|
||||
|
@ -13,8 +12,8 @@ users:
|
|||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH
|
||||
valberg
|
||||
|
||||
- name: reynir
|
||||
comment: Reynir Björnsson
|
||||
|
@ -22,8 +21,10 @@ users:
|
|||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw==
|
||||
reynir yubikey
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t
|
||||
reynir@spurv
|
||||
|
||||
- name: samsapti
|
||||
comment: Sam Al-Sapti
|
||||
|
@ -31,5 +32,5 @@ users:
|
|||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
|
||||
samsapti
|
||||
|
|
28
playbook.yml
28
playbook.yml
|
@ -1,27 +1,25 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- hosts: production
|
||||
- name: Deploy data.coop services
|
||||
hosts: all
|
||||
gather_facts: true
|
||||
become: true
|
||||
vars:
|
||||
ldap_dn: "dc=data,dc=coop"
|
||||
base_domain: data.coop
|
||||
letsencrypt_email: admin@data.coop
|
||||
ldap_dn: dc=data,dc=coop
|
||||
|
||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||
letsencrypt_enabled: '{{ not vagrant }}'
|
||||
|
||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||
letsencrypt_email: "admin@{{ base_domain }}"
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
services_exclude:
|
||||
- uptime_kuma
|
||||
smtp_host: postfix
|
||||
smtp_port: '587'
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
- name: Setup host basics
|
||||
ansible.builtin.import_role:
|
||||
name: ubuntu_base
|
||||
tags:
|
||||
- base_only
|
||||
- import_role:
|
||||
- name: Deploy docker containers (services)
|
||||
ansible.builtin.import_role:
|
||||
name: docker
|
||||
|
|
|
@ -1,227 +1,169 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
volume_root_folder: "/docker-volumes"
|
||||
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||
volume_root_folder: /docker-volumes
|
||||
|
||||
services:
|
||||
### Internal services ###
|
||||
|
||||
### Internal services ###
|
||||
postfix:
|
||||
domain: "smtp.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||
pre_deploy_tasks: true
|
||||
version: "v3.6.1-alpine"
|
||||
file: postfix.yml
|
||||
version: v3.5.0
|
||||
|
||||
nginx_proxy:
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
pre_deploy_tasks: true
|
||||
version: "1.3-alpine"
|
||||
acme_companion_version: "2.2"
|
||||
file: nginx_proxy.yml
|
||||
version: 1.0-alpine
|
||||
volume_folder: '{{ volume_root_folder }}/nginx'
|
||||
|
||||
nginx_acme_companion:
|
||||
version: '2.2'
|
||||
|
||||
openldap:
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
pre_deploy_tasks: true
|
||||
version: "1.5.0"
|
||||
phpldapadmin_version: "0.9.0"
|
||||
file: openldap.yml
|
||||
domain: ldap.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/openldap'
|
||||
version: 1.5.0
|
||||
|
||||
phpldapadmin:
|
||||
version: 0.9.0
|
||||
|
||||
netdata:
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||
version: "v1"
|
||||
file: netdata.yml
|
||||
domain: netdata.{{ base_domain }}
|
||||
version: v1
|
||||
|
||||
portainer:
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
version: "2.19.0"
|
||||
file: portainer.yml
|
||||
domain: portainer.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/portainer'
|
||||
version: 2.16.2
|
||||
|
||||
keycloak:
|
||||
file: keycloak.yml
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
version: "22.0"
|
||||
postgres_version: "10"
|
||||
allowed_sender_domain: true
|
||||
volume_folder: '{{ volume_root_folder }}/keycloak'
|
||||
version: '20.0'
|
||||
|
||||
restic:
|
||||
volume_folder: "{{ volume_root_folder }}/restic"
|
||||
pre_deploy_tasks: true
|
||||
remote_user: dc-user
|
||||
remote_domain: rynkeby.skovgaard.tel
|
||||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||
repository: restic
|
||||
version: "1.7.0"
|
||||
file: restic_backup.yml
|
||||
user: datacoop
|
||||
domain: restic.cannedtuna.org
|
||||
repository: datacoop-hevonen
|
||||
version: 1.6.0
|
||||
disabled_in_vagrant: true
|
||||
# mail dance
|
||||
domain: "noreply.{{ base_domain }}"
|
||||
allowed_sender_domain: true
|
||||
mail_from: "backup@noreply.{{ base_domain }}"
|
||||
|
||||
docker_registry:
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
pre_deploy_tasks: true
|
||||
post_deploy_tasks: true
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
version: "2"
|
||||
file: docker_registry.yml
|
||||
domain: docker.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/docker-registry'
|
||||
username: docker
|
||||
password: '{{ docker_password }}'
|
||||
version: '2'
|
||||
|
||||
### External services ###
|
||||
|
||||
### External services ###
|
||||
nextcloud:
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
pre_deploy_tasks: true
|
||||
version: 28-apache
|
||||
postgres_version: "10"
|
||||
redis_version: 7-alpine
|
||||
allowed_sender_domain: true
|
||||
file: nextcloud.yml
|
||||
domain: cloud.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/nextcloud'
|
||||
version: 25-apache
|
||||
|
||||
forgejo:
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/forgejo"
|
||||
version: "1.21.8-0"
|
||||
gitea:
|
||||
file: gitea.yml
|
||||
domain: git.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/gitea'
|
||||
version: 1.17.3
|
||||
allowed_sender_domain: true
|
||||
|
||||
passit:
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
file: passit.yml
|
||||
domain: passit.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/passit'
|
||||
version: stable
|
||||
postgres_version: 15-alpine
|
||||
allowed_sender_domain: true
|
||||
|
||||
matrix:
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
pre_deploy_tasks: true
|
||||
version: v1.98.0
|
||||
postgres_version: 15-alpine
|
||||
allowed_sender_domain: true
|
||||
file: matrix_riot.yml
|
||||
domain: matrix.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/matrix'
|
||||
version: v1.63.1
|
||||
|
||||
element:
|
||||
domain: "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/element"
|
||||
pre_deploy_tasks: true
|
||||
version: v1.11.51
|
||||
riot:
|
||||
domains:
|
||||
- riot.{{ base_domain }}
|
||||
- element.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/riot'
|
||||
version: v1.11.8
|
||||
|
||||
privatebin:
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
pre_deploy_tasks: true
|
||||
version: "20221009"
|
||||
file: privatebin.yml
|
||||
domain: paste.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/privatebin'
|
||||
version: 20221009
|
||||
|
||||
codimd:
|
||||
domain: oldpad.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/codimd'
|
||||
|
||||
hedgedoc:
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
pre_deploy_tasks: true
|
||||
version: 1.9.9-alpine
|
||||
postgres_version: 10-alpine
|
||||
file: hedgedoc.yml
|
||||
domain: pad.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/hedgedoc'
|
||||
version: 1.9.6
|
||||
|
||||
data_coop_website:
|
||||
domain: "{{ base_domain }}"
|
||||
www_domain: "www.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_website_folder }}/datacoop"
|
||||
pre_deploy_tasks: true
|
||||
version: stable
|
||||
staging_domain: "staging.{{ base_domain }}"
|
||||
staging_version: staging
|
||||
|
||||
slides_2022_website:
|
||||
domain: "2022.slides.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_website_folder }}/slides-2022"
|
||||
version: latest
|
||||
|
||||
fedi_dk_website:
|
||||
domain: fedi.dk
|
||||
volume_folder: "{{ volume_website_folder }}/fedidk"
|
||||
version: latest
|
||||
|
||||
vhs_website:
|
||||
domain: vhs.data.coop
|
||||
volume_folder: "{{ volume_website_folder }}/vhs"
|
||||
version: latest
|
||||
file: websites/data.coop.yml
|
||||
domains:
|
||||
- '{{ base_domain }}'
|
||||
- www.{{ base_domain }}
|
||||
|
||||
cryptohagen_website:
|
||||
file: websites/cryptohagen.dk.yml
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
volume_folder: "{{ volume_website_folder }}/cryptohagen"
|
||||
- cryptohagen.dk
|
||||
- www.cryptohagen.dk
|
||||
|
||||
ulovliglogning_website:
|
||||
file: websites/ulovliglogning.dk.yml
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
- "www.ulovlig-logning.dk"
|
||||
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
|
||||
- ulovliglogning.dk
|
||||
- www.ulovliglogning.dk
|
||||
- ulovlig-logning.dk
|
||||
|
||||
cryptoaarhus_website:
|
||||
file: websites/cryptoaarhus.dk.yml
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
|
||||
- cryptoaarhus.dk
|
||||
- www.cryptoaarhus.dk
|
||||
|
||||
drone:
|
||||
domain: "drone.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/drone"
|
||||
version: "1"
|
||||
file: drone.yml
|
||||
domain: drone.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/drone'
|
||||
version: 1
|
||||
|
||||
mailu:
|
||||
domain: "mail.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||
pre_deploy_tasks: true
|
||||
file: mailu.yml
|
||||
version: 1.6
|
||||
domain: mail.{{ base_domain }}
|
||||
dns: 192.168.203.254
|
||||
subnet: 192.168.203.0/24
|
||||
version: "2.0"
|
||||
postgres_version: 14-alpine
|
||||
redis_version: alpine
|
||||
volume_folder: '{{ volume_root_folder }}/mailu'
|
||||
|
||||
mastodon:
|
||||
domain: "social.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||
pre_deploy_tasks: true
|
||||
post_deploy_tasks: true
|
||||
version: v4.2.9
|
||||
postgres_version: 14-alpine
|
||||
redis_version: 6-alpine
|
||||
file: mastodon.yml
|
||||
domain: social.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/mastodon'
|
||||
version: v4.0.2
|
||||
allowed_sender_domain: true
|
||||
|
||||
rallly:
|
||||
domain: "when.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||
pre_deploy_tasks: true
|
||||
version: "2"
|
||||
postgres_version: 14-alpine
|
||||
file: rallly.yml
|
||||
domain: when.{{ base_domain }}
|
||||
volume_folder: '{{ volume_root_folder }}/rallly'
|
||||
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||
allowed_sender_domain: true
|
||||
|
||||
membersystem:
|
||||
domain: "member.{{ base_domain }}"
|
||||
django_admins: "Vidir:valberg@orn.li"
|
||||
volume_folder: "{{ volume_root_folder }}/membersystem"
|
||||
version: latest
|
||||
postgres_version: 13-alpine
|
||||
file: membersystem.yml
|
||||
domain: member.{{ base_domain }}
|
||||
django_admins: Vidir:valberg@orn.li
|
||||
allowed_sender_domain: true
|
||||
|
||||
writefreely:
|
||||
domain: "write.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/writefreely"
|
||||
pre_deploy_tasks: true
|
||||
version: v0.15.0
|
||||
mariadb_version: "11.2"
|
||||
allowed_sender_domain: true
|
||||
|
||||
watchtower:
|
||||
volume_folder: "{{ volume_root_folder }}/watchtower"
|
||||
version: "1.5.3"
|
||||
|
||||
diun:
|
||||
version: "4.27"
|
||||
volume_folder: "{{ volume_root_folder }}/diun"
|
||||
|
||||
### Uptime monitoring ###
|
||||
uptime_kuma:
|
||||
domain: "uptime.{{ base_domain }}"
|
||||
status_domain: "status.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
|
||||
pre_deploy_tasks: true
|
||||
version: "latest"
|
||||
|
||||
services_exclude: []
|
||||
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
|
||||
|
|
|
@ -339,7 +339,7 @@ database:
|
|||
user: "synapse"
|
||||
password: "{{ postgres_passwords.matrix }}"
|
||||
database: "synapse"
|
||||
host: "postgres"
|
||||
host: "matrix_db"
|
||||
port: "5432"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
@ -416,7 +416,7 @@ uploads_path: "/data/uploads"
|
|||
|
||||
# The largest allowed upload size in bytes
|
||||
#
|
||||
max_upload_size: "512M"
|
||||
max_upload_size: "50M"
|
||||
|
||||
# Maximum number of pixels that will be thumbnailed
|
||||
#
|
||||
|
@ -676,8 +676,15 @@ report_stats: false
|
|||
|
||||
## API Configuration ##
|
||||
|
||||
room_prejoin_state:
|
||||
disable_default_event_types: false
|
||||
# A list of event types that will be included in the room_invite_state
|
||||
#
|
||||
room_invite_state_types:
|
||||
- "m.room.join_rules"
|
||||
- "m.room.canonical_alias"
|
||||
- "m.room.avatar"
|
||||
- "m.room.encryption"
|
||||
- "m.room.name"
|
||||
|
||||
|
||||
# A list of application service config file to use
|
||||
#
|
||||
|
@ -820,10 +827,23 @@ password_config:
|
|||
# If your SMTP server requires authentication, the optional smtp_user &
|
||||
# smtp_pass variables should be used
|
||||
#
|
||||
email:
|
||||
smtp_host: "{{ smtp_host }}"
|
||||
smtp_port: {{ smtp_port }}
|
||||
notif_from: "{{ services.matrix.domain }} <no-reply@{{ services.matrix.domain }}>"
|
||||
#email:
|
||||
# enable_notifs: false
|
||||
# smtp_host: "localhost"
|
||||
# smtp_port: 25
|
||||
# smtp_user: "exampleusername"
|
||||
# smtp_pass: "examplepassword"
|
||||
# require_transport_security: False
|
||||
# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>"
|
||||
# app_name: Matrix
|
||||
# # if template_dir is unset, uses the example templates that are part of
|
||||
# # the Synapse distribution.
|
||||
# #template_dir: res/templates
|
||||
# notif_template_html: notif_mail.html
|
||||
# notif_template_text: notif_mail.txt
|
||||
# notif_for_new_users: True
|
||||
# riot_base_url: "http://localhost/riot"
|
||||
|
||||
|
||||
#password_providers:
|
||||
# - module: "ldap_auth_provider.LdapAuthProvider"
|
|
@ -0,0 +1,2 @@
|
|||
listen 8008;
|
||||
client_max_body_size 50M; # default is 1M
|
|
@ -0,0 +1 @@
|
|||
client_max_body_size 50M; # default is 1M
|
|
@ -1,5 +1,5 @@
|
|||
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@db:5432/rallly_db"
|
||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||
SMTP_HOST="{{ smtp_host }}"
|
|
@ -0,0 +1,511 @@
|
|||
"use strict";
|
||||
|
||||
module.exports = {
|
||||
//
|
||||
// Set the server mode.
|
||||
// Public servers does not require authentication.
|
||||
//
|
||||
// Set to 'false' to enable users.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
public: false,
|
||||
|
||||
//
|
||||
// IP address or hostname for the web server to listen on.
|
||||
// Setting this to undefined will listen on all interfaces.
|
||||
//
|
||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
host: undefined,
|
||||
|
||||
//
|
||||
// Set the port to listen on.
|
||||
//
|
||||
// @type int
|
||||
// @default 9000
|
||||
//
|
||||
port: 9000,
|
||||
|
||||
//
|
||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||
// to let the operating system pick its preferred one.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
bind: undefined,
|
||||
|
||||
//
|
||||
// Sets whether the server is behind a reverse proxy and should honor the
|
||||
// X-Forwarded-For header or not.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
reverseProxy: false,
|
||||
|
||||
//
|
||||
// Set the default theme.
|
||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||
//
|
||||
// @type string
|
||||
// @default "example"
|
||||
//
|
||||
theme: "example",
|
||||
|
||||
//
|
||||
// Prefetch URLs
|
||||
//
|
||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||
// URLs posted in channels.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetch: false,
|
||||
|
||||
//
|
||||
// Store and proxy prefetched images and thumbnails.
|
||||
// This improves security and privacy by not exposing client IP address,
|
||||
// and always loading images from The Lounge instance and making all assets secure,
|
||||
// which in result fixes mixed content warnings.
|
||||
//
|
||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||
//
|
||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||
// and the folder is cleaned up on every The Lounge restart.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetchStorage: false,
|
||||
|
||||
//
|
||||
// Prefetch URLs Image Preview size limit
|
||||
//
|
||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||
//
|
||||
// @type int
|
||||
// @default 2048
|
||||
//
|
||||
prefetchMaxImageSize: 2048,
|
||||
|
||||
//
|
||||
// Display network
|
||||
//
|
||||
// If set to false network settings will not be shown in the login form.
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
displayNetwork: true,
|
||||
|
||||
//
|
||||
// Lock network
|
||||
//
|
||||
// If set to true, users will not be able to modify host, port and tls
|
||||
// settings and will be limited to the configured network.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
lockNetwork: false,
|
||||
|
||||
//
|
||||
// Hex IP
|
||||
//
|
||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||
// This is done to share the real user IP address with the server for host masking purposes.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
useHexIp: false,
|
||||
|
||||
//
|
||||
// WEBIRC support
|
||||
//
|
||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||
// network you are connecting to.
|
||||
//
|
||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||
// Format (function):
|
||||
// {"irc.example.net": function(client, args, trusted) {
|
||||
// // here, we return a webirc object fed directly to `irc-framework`
|
||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||
// }}
|
||||
//
|
||||
// @type string | function(client, args):object(webirc)
|
||||
// @default null
|
||||
webirc: null,
|
||||
|
||||
//
|
||||
// Log settings
|
||||
//
|
||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||
// the 'logs/<user>/<network>/' folder.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
logs: {
|
||||
//
|
||||
// Timestamp format
|
||||
//
|
||||
// @type string
|
||||
// @default "YYYY-MM-DD HH:mm:ss"
|
||||
//
|
||||
format: "YYYY-MM-DD HH:mm:ss",
|
||||
|
||||
//
|
||||
// Timezone
|
||||
//
|
||||
// @type string
|
||||
// @default "UTC+00:00"
|
||||
//
|
||||
timezone: "UTC+00:00",
|
||||
},
|
||||
|
||||
//
|
||||
// Maximum number of history lines per channel
|
||||
//
|
||||
// Defines the maximum number of history lines that will be kept in
|
||||
// memory per channel/query, in order to reduce the memory usage of
|
||||
// the server. Setting this to -1 will keep unlimited amount.
|
||||
//
|
||||
// @type integer
|
||||
// @default 10000
|
||||
maxHistory: 10000,
|
||||
|
||||
//
|
||||
// Default values for the 'Connect' form.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
defaults: {
|
||||
//
|
||||
// Name
|
||||
//
|
||||
// @type string
|
||||
// @default "Freenode"
|
||||
//
|
||||
name: "Freenode",
|
||||
|
||||
//
|
||||
// Host
|
||||
//
|
||||
// @type string
|
||||
// @default "chat.freenode.net"
|
||||
//
|
||||
host: "chat.freenode.net",
|
||||
|
||||
//
|
||||
// Port
|
||||
//
|
||||
// @type int
|
||||
// @default 6697
|
||||
//
|
||||
port: 6697,
|
||||
|
||||
//
|
||||
// Password
|
||||
//
|
||||
// @type string
|
||||
// @default ""
|
||||
//
|
||||
password: "",
|
||||
|
||||
//
|
||||
// Enable TLS/SSL
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
tls: true,
|
||||
|
||||
//
|
||||
// Nick
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
nick: "lounge-user",
|
||||
|
||||
//
|
||||
// Username
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
username: "lounge-user",
|
||||
|
||||
//
|
||||
// Real Name
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge User"
|
||||
//
|
||||
realname: "The Lounge User",
|
||||
|
||||
//
|
||||
// Channels
|
||||
// This is a comma-separated list.
|
||||
//
|
||||
// @type string
|
||||
// @default "#thelounge"
|
||||
//
|
||||
join: "#thelounge",
|
||||
},
|
||||
|
||||
//
|
||||
// Set socket.io transports
|
||||
//
|
||||
// @type array
|
||||
// @default ["polling", "websocket"]
|
||||
//
|
||||
transports: ["polling", "websocket"],
|
||||
|
||||
//
|
||||
// Run The Lounge using encrypted HTTP/2.
|
||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
https: {
|
||||
//
|
||||
// Enable HTTP/2 / HTTPS support.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Path to the key.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key.pem"
|
||||
// @default ""
|
||||
//
|
||||
key: "",
|
||||
|
||||
//
|
||||
// Path to the certificate.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key-cert.pem"
|
||||
// @default ""
|
||||
//
|
||||
certificate: "",
|
||||
|
||||
//
|
||||
// Path to the CA bundle.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/bundle.pem"
|
||||
// @default ""
|
||||
//
|
||||
ca: "",
|
||||
},
|
||||
|
||||
//
|
||||
// Default quit and part message if none is provided.
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge - https://thelounge.github.io"
|
||||
//
|
||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||
|
||||
//
|
||||
// Run The Lounge with identd support.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
identd: {
|
||||
//
|
||||
// Run the identd daemon on server start.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Port to listen for ident requests.
|
||||
//
|
||||
// @type int
|
||||
// @default 113
|
||||
//
|
||||
port: 113,
|
||||
},
|
||||
|
||||
//
|
||||
// Enable oidentd support using the specified file
|
||||
//
|
||||
// Example: oidentd: "~/.oidentd.conf",
|
||||
//
|
||||
// @type string
|
||||
// @default null
|
||||
//
|
||||
oidentd: null,
|
||||
|
||||
//
|
||||
// LDAP authentication settings (only available if public=false)
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. Lounge connects to the LDAP server with its system credentials
|
||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||
// user requesting to log in.
|
||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||
// DN and password. Auth is validated iff this connection is successful.
|
||||
//
|
||||
// The search query takes a couple of parameters in `searchDN`:
|
||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||
// to be returned;
|
||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||
// where <username> is the user name provided in the log in request,
|
||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||
// also given in the config, to filter for instance only for nodes of type
|
||||
// inetOrgPerson, or whatever LDAP search allows.
|
||||
//
|
||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||
// ignore searchDN options and assume that the user DN is always:
|
||||
// <bindDN>,<primaryKey>=<username>
|
||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||
// and <primaryKey> are provided by the config.
|
||||
//
|
||||
ldap: {
|
||||
//
|
||||
// Enable LDAP user authentication
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: true,
|
||||
|
||||
//
|
||||
// LDAP server URL
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
url: "ldap://{{ services.openldap.domain }}",
|
||||
|
||||
//
|
||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||
//
|
||||
// @type object (see nodejs' tls.connect() options)
|
||||
// @default {}
|
||||
//
|
||||
// Example:
|
||||
// You can use this option in order to force the use of IPv6:
|
||||
// {
|
||||
// host: 'my::ip::v6',
|
||||
// servername: 'example.com'
|
||||
// }
|
||||
tlsOptions: {},
|
||||
|
||||
//
|
||||
// LDAP base dn, alternative to searchDN
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
// baseDN: "",
|
||||
|
||||
//
|
||||
// LDAP primary key
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
primaryKey: "uid",
|
||||
|
||||
//
|
||||
// LDAP search dn settings. This defines the procedure by which the
|
||||
// lounge first look for user DN before authenticating her.
|
||||
// Ignored if baseDN is specified
|
||||
//
|
||||
// @type object
|
||||
//
|
||||
searchDN: {
|
||||
|
||||
//
|
||||
// LDAP searching bind DN
|
||||
// This bind DN is used to query the server for the DN of the user.
|
||||
// This is supposed to be a system user that has access in read only to
|
||||
// the DNs of the people that are allowed to log in.
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootDN: "cn=admin,dc=data,dc=coop",
|
||||
|
||||
//
|
||||
// Password of the lounge LDAP system user
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootPassword: "{{ ldap_admin_password }}",
|
||||
|
||||
//
|
||||
// LDAP filter
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
||||
filter: "(objectClass=inetOrgPerson)",
|
||||
|
||||
//
|
||||
// LDAP search base (search only within this node)
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
base: "{{ ldap_dn }}",
|
||||
|
||||
//
|
||||
// LDAP search scope
|
||||
//
|
||||
// @type string
|
||||
// @default "sub"
|
||||
//
|
||||
scope: "sub",
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
// Extra debugging
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
debug: {
|
||||
// Enables extra debugging output provided by irc-framework.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
ircFramework: false,
|
||||
|
||||
// Enables logging raw IRC messages into each server window.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
raw: false,
|
||||
},
|
||||
};
|
|
@ -1,20 +0,0 @@
|
|||
# DB Version: 14
|
||||
# OS Type: linux
|
||||
# DB Type: oltp
|
||||
# Total Memory (RAM): 16 GB
|
||||
# Connections num: 300
|
||||
# Data Storage: hdd
|
||||
|
||||
listen_addresses = '*'
|
||||
max_connections = 300
|
||||
shared_buffers = 4GB
|
||||
effective_cache_size = 12GB
|
||||
maintenance_work_mem = 1GB
|
||||
checkpoint_completion_target = 0.9
|
||||
wal_buffers = 16MB
|
||||
default_statistics_target = 100
|
||||
random_page_cost = 4
|
||||
effective_io_concurrency = 2
|
||||
work_mem = 6990kB
|
||||
min_wal_size = 2GB
|
||||
max_wal_size = 8GB
|
|
@ -1,2 +0,0 @@
|
|||
listen 8008;
|
||||
client_max_body_size 1G; # default is 1M
|
|
@ -1 +0,0 @@
|
|||
client_max_body_size 1G; # default is 1M
|
|
@ -1,4 +0,0 @@
|
|||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
|
@ -1,2 +0,0 @@
|
|||
server_name www.data.coop;
|
||||
return 301 $scheme://data.coop$request_uri;
|
|
@ -1,6 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: restart nginx
|
||||
command: docker compose restart proxy
|
||||
args:
|
||||
chdir: "{{ services.nginx_proxy.volume_folder }}"
|
||||
- name: Restart nginx
|
||||
community.docker.docker_container:
|
||||
name: nginx-proxy
|
||||
restart: 'yes'
|
||||
state: started
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create volume folder for service {{ service.name }}
|
||||
file:
|
||||
name: "{{ service.vars.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for service {{ service.name }}
|
||||
template:
|
||||
src: compose-files/{{ service.name }}.yml.j2
|
||||
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||
owner: root
|
||||
mode: u=rw,go=
|
||||
|
||||
- name: Run pre-deployment tasks for service {{ service.name }}
|
||||
include_tasks: pre_deploy/{{ service.name }}.yml
|
||||
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||
|
||||
- name: Deploy Compose stack for service {{ service.name }}
|
||||
command: docker compose up -d --remove-orphans --pull always
|
||||
args:
|
||||
chdir: "{{ service.vars.volume_folder }}"
|
||||
|
||||
- name: Run post-deployment tasks for service {{ service.name }}
|
||||
include_tasks: post_deploy/{{ service.name }}.yml
|
||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
@ -1,44 +1,33 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Add Docker PGP key
|
||||
apt_key:
|
||||
- name: Add docker gpg key
|
||||
ansible.builtin.apt_key:
|
||||
keyserver: pgp.mit.edu
|
||||
id: 8D81803C0EBFCD88
|
||||
state: present
|
||||
|
||||
- name: Add Docker apt repository
|
||||
apt_repository:
|
||||
- name: Add docker apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name: "{{ pkgs }}"
|
||||
- name: Install docker-ce
|
||||
ansible.builtin.apt:
|
||||
name: docker-ce
|
||||
state: present
|
||||
vars:
|
||||
pkgs:
|
||||
- docker-ce
|
||||
- docker-compose-plugin
|
||||
|
||||
- name: Configure cron job to prune unused Docker data weekly
|
||||
cron:
|
||||
name: Prune unused Docker data
|
||||
cron_file: ansible_docker_prune
|
||||
job: 'docker system prune -fa && docker volume prune -fa'
|
||||
special_time: weekly
|
||||
user: root
|
||||
- name: Install docker python bindings
|
||||
ansible.builtin.pip:
|
||||
executable: pip3
|
||||
name: docker-compose
|
||||
state: present
|
||||
|
||||
- name: Create folder structure for bind mounts
|
||||
file:
|
||||
name: "{{ item }}"
|
||||
ansible.builtin.file:
|
||||
name: '{{ volume_root_folder }}'
|
||||
state: directory
|
||||
loop:
|
||||
- "{{ volume_root_folder }}"
|
||||
- "{{ volume_website_folder }}"
|
||||
|
||||
- name: Set up services
|
||||
import_tasks: services.yml
|
||||
- name: Setup services
|
||||
ansible.builtin.import_tasks: services.yml
|
||||
tags:
|
||||
- setup_services
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Generate htpasswd file
|
||||
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
||||
args:
|
||||
chdir: "{{ services.docker_registry.volume_folder }}"
|
||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
|
||||
- name: log in to registry
|
||||
docker_login:
|
||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||
username: docker
|
||||
password: "{{ docker_password }}"
|
|
@ -1,19 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Configure cron job to remove old Mastodon media daily
|
||||
cron:
|
||||
name: Clean Mastodon media data older than a week
|
||||
cron_file: ansible_mastodon_clean_media
|
||||
job: docker exec mastodon-web-1 tootctl media remove --days 7
|
||||
special_time: daily
|
||||
user: root
|
||||
state: present
|
||||
|
||||
- name: Configure cron job to remove old Mastodon preview cards daily
|
||||
cron:
|
||||
name: Clean Mastodon preview card data older than two weeks
|
||||
cron_file: ansible_mastodon_clean_preview_cards
|
||||
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
|
||||
special_time: daily
|
||||
user: root
|
||||
state: present
|
|
@ -1,11 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Upload vhost config for root domain
|
||||
copy:
|
||||
src: vhost/base_domain
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
|
||||
|
||||
- name: Upload vhost config for WWW domain
|
||||
copy:
|
||||
src: vhost/www.base_domain
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"
|
|
@ -1,17 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- auth
|
||||
- registry
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Copy docker registry vhost configuration
|
||||
copy:
|
||||
src: vhost/docker_registry
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
||||
mode: "0644"
|
|
@ -1,21 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolder
|
||||
file:
|
||||
name: "{{ services.element.volume_folder }}/data"
|
||||
state: directory
|
||||
|
||||
- name: Upload config.json
|
||||
template:
|
||||
src: element/config.json.j2
|
||||
dest: "{{ services.element.volume_folder }}/data/config.json"
|
||||
|
||||
- name: Upload riot.im.conf
|
||||
copy:
|
||||
src: element/riot.im.conf
|
||||
dest: "{{ services.element.volume_folder }}/data/riot.im.conf"
|
||||
|
||||
- name: Upload vhost config for Element domain
|
||||
copy:
|
||||
src: vhost/element
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}"
|
|
@ -1,17 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- db
|
||||
- hedgedoc/uploads
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Copy SSO certificate
|
||||
copy:
|
||||
src: sso/sso.data.coop.pem
|
||||
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
mode: "0644"
|
|
@ -1,45 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- redis
|
||||
- certs
|
||||
- data
|
||||
- dkim
|
||||
- mail
|
||||
- mailqueue
|
||||
- filter
|
||||
- postgres
|
||||
- webmail
|
||||
- overrides
|
||||
- overrides/nginx
|
||||
- overrides/dovecot
|
||||
- overrides/postfix
|
||||
- overrides/rspamd
|
||||
- overrides/snappymail
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Upload mailu.env file
|
||||
template:
|
||||
src: mailu/env.j2
|
||||
dest: "{{ services.mailu.volume_folder }}/mailu.env"
|
||||
|
||||
- name: Hard link to Let's Encrypt TLS certificate
|
||||
file:
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: Hard link to Let's Encrypt TLS key
|
||||
file:
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
|
@ -1,45 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolder for Mastodon data
|
||||
file:
|
||||
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
|
||||
state: directory
|
||||
owner: "991"
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Create subfolder for PostgreSQL data
|
||||
file:
|
||||
name: "{{ services.mastodon.volume_folder }}/postgres_data"
|
||||
state: directory
|
||||
owner: "70"
|
||||
mode: u=rwx,go=
|
||||
|
||||
- name: Create subfolder for PostgreSQL config
|
||||
file:
|
||||
name: "{{ services.mastodon.volume_folder }}/postgres_config"
|
||||
state: directory
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Create subfolder for Redis data
|
||||
file:
|
||||
name: "{{ services.mastodon.volume_folder }}/redis_data"
|
||||
state: directory
|
||||
owner: "999"
|
||||
group: "1000"
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Upload mastodon.env file
|
||||
template:
|
||||
src: mastodon/env.j2
|
||||
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
|
||||
|
||||
- name: Upload vhost config for Mastodon domain
|
||||
copy:
|
||||
src: vhost/mastodon
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||
|
||||
- name: Upload PostgreSQL config
|
||||
copy:
|
||||
src: mastodon/postgresql.conf
|
||||
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
|
@ -1,34 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
loop:
|
||||
- data
|
||||
- data/uploads
|
||||
- data/media
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Create Matrix DB subfolder
|
||||
file:
|
||||
name: "{{ services.matrix.volume_folder }}/db"
|
||||
state: directory
|
||||
|
||||
- name: Upload vhost config for Matrix domain
|
||||
copy:
|
||||
src: vhost/matrix
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||
|
||||
- name: Upload homeserver.yaml
|
||||
template:
|
||||
src: matrix/homeserver.yaml.j2
|
||||
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||
|
||||
- name: Upload Matrix logging config
|
||||
copy:
|
||||
src: matrix/log.config
|
||||
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
|
@ -1,17 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- app
|
||||
- postgres
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Upload vhost config for Nextcloud domain
|
||||
copy:
|
||||
src: vhost/nextcloud
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||
notify: "restart nginx"
|
|
@ -1,14 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
|
@ -1,12 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- var/lib/ldap
|
||||
- etc/slapd
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
|
@ -1,13 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Set up network for Postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
- subnet: '172.16.0.0/16'
|
||||
gateway: 172.16.0.1
|
||||
|
||||
- name: Create subfolder
|
||||
file:
|
||||
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||
state: directory
|
|
@ -1,16 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolders
|
||||
file:
|
||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- cfg
|
||||
- data
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Upload PrivateBin config
|
||||
copy:
|
||||
src: privatebin/conf.php
|
||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
|
@ -1,11 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolder
|
||||
file:
|
||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||
state: directory
|
||||
|
||||
- name: Copy rallly.env file
|
||||
template:
|
||||
src: rallly/env.j2
|
||||
dest: "{{ services.rallly.volume_folder }}/rallly.env"
|
|
@ -1,72 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create SSH directory
|
||||
file:
|
||||
path: "{{ services.restic.volume_folder }}/ssh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
state: directory
|
||||
|
||||
- name: Upload private SSH key
|
||||
copy:
|
||||
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
content: "{{ restic_secrets.ssh_privkey }}"
|
||||
|
||||
- name: Derive public SSH key
|
||||
shell: >-
|
||||
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
||||
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
||||
args:
|
||||
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||
|
||||
- name: Set file permissions on public SSH key
|
||||
file:
|
||||
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
state: touch
|
||||
|
||||
- name: Upload SSH config
|
||||
template:
|
||||
src: restic/ssh.config.j2
|
||||
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
|
||||
- name: Upload SSH known_hosts file
|
||||
template:
|
||||
src: restic/ssh.known_hosts.j2
|
||||
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
|
||||
- name: Create scripts directory
|
||||
file:
|
||||
path: "{{ services.restic.volume_folder }}/scripts"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
state: directory
|
||||
|
||||
- name: Upload failure.sh script
|
||||
template:
|
||||
src: restic/failure.sh.j2
|
||||
dest: "{{ services.restic.volume_folder }}/scripts/failure.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Upload success.sh script
|
||||
template:
|
||||
src: restic/success.sh.j2
|
||||
dest: "{{ services.restic.volume_folder }}/scripts/success.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
|
@ -1,9 +0,0 @@
|
|||
- name: Upload vhost config for uptime domain
|
||||
copy:
|
||||
src: vhost/uptime_kuma
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.domain }}_location"
|
||||
|
||||
- name: Upload vhost config for status domain
|
||||
copy:
|
||||
src: vhost/uptime_kuma
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.status_domain }}_location"
|
|
@ -1,20 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create subfolder for MariaDB data
|
||||
file:
|
||||
name: "{{ services.writefreely.volume_folder }}/db"
|
||||
owner: "999"
|
||||
group: "999"
|
||||
state: directory
|
||||
|
||||
- name: Create subfolder for encryption keys
|
||||
file:
|
||||
name: "{{ services.writefreely.volume_folder }}/keys"
|
||||
owner: "2"
|
||||
group: "2"
|
||||
state: directory
|
||||
|
||||
- name: Upload config.ini
|
||||
template:
|
||||
src: "writefreely/config.ini.j2"
|
||||
dest: "{{ services.writefreely.volume_folder }}/config.ini"
|
|
@ -1,28 +1,17 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Set up external services network
|
||||
docker_network:
|
||||
- name: setup external services network
|
||||
community.docker.docker_network:
|
||||
name: external_services
|
||||
|
||||
- name: Deploy all services
|
||||
include_tasks:
|
||||
file: block.yml
|
||||
vars:
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
vars: "{{ services[item] }}"
|
||||
loop: "{{ services_include }}"
|
||||
when: single_service is not defined and
|
||||
(item.vars.disabled_in_vagrant is not defined or
|
||||
not (item.vars.disabled_in_vagrant and vagrant))
|
||||
- name: setup services
|
||||
include_tasks: services/{{ docker_service.value.file }}
|
||||
loop: '{{ services | dict2items }}'
|
||||
loop_control:
|
||||
loop_var: docker_service
|
||||
when: single_service is not defined and docker_service.value.file is defined and
|
||||
docker_service.value.disabled_in_vagrant is not defined
|
||||
|
||||
- name: Deploy single service
|
||||
include_tasks:
|
||||
file: block.yml
|
||||
vars:
|
||||
service:
|
||||
name: "{{ single_service }}"
|
||||
vars: "{{ services[single_service] }}"
|
||||
when: single_service is defined and single_service in services and
|
||||
(services[single_service].disabled_in_vagrant is not defined or
|
||||
not (services[single_service].disabled_in_vagrant and vagrant))
|
||||
- name: setup single service
|
||||
include_tasks: services/{{ services[single_service].file }}
|
||||
when: single_service is defined and single_service in services and services[single_service].file
|
||||
is defined and services[single_service].disabled_in_vagrant is not defined
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
|
||||
- name: codimd network
|
||||
community.docker.docker_network:
|
||||
name: codimd
|
||||
|
||||
- name: create codimd volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ codimd.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- db
|
||||
- codimd/uploads
|
||||
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: codimd database container
|
||||
community.docker.docker_container:
|
||||
name: codimd_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: codimd
|
||||
volumes:
|
||||
- '{{ codimd.volume_folder }}/db:/var/lib/postgresql/data'
|
||||
env:
|
||||
POSTGRES_USER: codimd
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.codimd }}'
|
||||
|
||||
- name: codimd app container
|
||||
community.docker.docker_container:
|
||||
name: codimd_app
|
||||
image: hackmdio/hackmd:1.3.0
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: codimd
|
||||
- name: ldap
|
||||
- name: external_services
|
||||
volumes:
|
||||
- '{{ codimd.volume_folder }}/codimd/uploads:/codimd/public/uploads'
|
||||
|
||||
env:
|
||||
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.codimd }}@codimd_db:5432/codimd
|
||||
CMD_ALLOW_EMAIL_REGISTER: 'False'
|
||||
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||
CMD_EMAIL: 'False'
|
||||
CMD_LDAP_URL: ldap://openldap
|
||||
CMD_LDAP_BINDDN: cn=admin,dc=data,dc=coop
|
||||
CMD_LDAP_BINDCREDENTIALS: '{{ ldap_admin_password }}'
|
||||
CMD_LDAP_SEARCHBASE: dc=data,dc=coop
|
||||
CMD_LDAP_SEARCHFILTER: (&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))
|
||||
CMD_USECDN: 'false'
|
||||
VIRTUAL_HOST: '{{ codimd.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ codimd.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- name: copy docker registry nginx configuration
|
||||
ansible.builtin.copy:
|
||||
src: files/configs/docker_registry/nginx.conf
|
||||
dest: /docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}
|
||||
mode: '0644'
|
||||
|
||||
- name: docker registry container
|
||||
community.docker.docker_container:
|
||||
name: registry
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- '{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry'
|
||||
- '{{ services.docker_registry.volume_folder }}/auth:/auth'
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: '{{ services.docker_registry.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.docker_registry.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
REGISTRY_AUTH: htpasswd
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > services.docker_registry.volume_folder
|
||||
}}/auth/htpasswd
|
||||
args:
|
||||
creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd'
|
||||
|
||||
- name: log in to registry
|
||||
docker_login:
|
||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain\
|
||||
\ }}"
|
||||
username: docker
|
||||
password: '{{ docker_password }}'
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
- name: set up drone with docker runner
|
||||
community.docker.docker_compose:
|
||||
project_name: drone
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
drone:
|
||||
container_name: drone
|
||||
image: drone/drone:1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
- drone
|
||||
volumes:
|
||||
- '{{ services.drone.volume_folder }}:/data'
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: https://{{ services.gitea.domain }}
|
||||
DRONE_GITEA_CLIENT_ID: '{{ drone_secrets.oauth_client_id }}'
|
||||
DRONE_GITEA_CLIENT_SECRET: '{{ drone_secrets.oauth_client_secret }}'
|
||||
DRONE_GIT_ALWAYS_AUTH: 'true'
|
||||
DRONE_SERVER_HOST: '{{ services.drone.domain }}'
|
||||
DRONE_SERVER_PROTO: https
|
||||
DRONE_RPC_SECRET: '{{ drone_secrets.rpc_shared_secret }}'
|
||||
PLUGIN_CUSTOM_DNS: 91.239.100.100
|
||||
VIRTUAL_HOST: '{{ services.drone.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.drone.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
drone-runner-docker:
|
||||
container_name: drone-runner-docker
|
||||
image: drone/drone-runner-docker:{{ services.drone.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- drone
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
DRONE_RPC_HOST: '{{ services.drone.domain }}'
|
||||
DRONE_RPC_PROTO: https
|
||||
DRONE_RPC_SECRET: '{{ drone_secrets.rpc_shared_secret }}'
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
DRONE_RUNNER_NAME: data.coop_drone_runner
|
||||
|
||||
networks:
|
||||
drone:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: gitea network
|
||||
community.docker.docker_network:
|
||||
name: gitea
|
||||
|
||||
# old DNS: 138.68.71.153
|
||||
- name: gitea container
|
||||
community.docker.docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:{{ services.gitea.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: gitea
|
||||
- name: postfix
|
||||
- name: external_services
|
||||
volumes:
|
||||
- '{{ services.gitea.volume_folder }}:/data'
|
||||
published_ports:
|
||||
- 22:22
|
||||
env:
|
||||
VIRTUAL_HOST: '{{ services.gitea.domain }}'
|
||||
VIRTUAL_PORT: '3000'
|
||||
LETSENCRYPT_HOST: '{{ services.gitea.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
GITEA__mailer__ENABLED: 'true'
|
||||
GITEA__mailer__FROM: noreply@{{ services.gitea.domain }}
|
||||
GITEA__mailer__MAILER_TYPE: smtp
|
||||
GITEA__mailer__HOST: '{{ smtp_host }}:{{ smtp_port }}'
|
||||
GITEA__mailer__USER: noop
|
||||
GITEA__mailer__PASSWD: noop
|
||||
GITEA__security__LOGIN_REMEMBER_DAYS: '60'
|
||||
GITEA__security__PASSWORD_COMPLEXITY: 'off'
|
||||
GITEA__security__MIN_PASSWORD_LENGTH: '8'
|
||||
GITEA__security__PASSWORD_CHECK_PWN: 'true'
|
||||
GITEA__service__ENABLE_NOTIFY_MAIL: 'true'
|
||||
GITEA__service__REGISTER_EMAIL_CONFIRM: 'true'
|
|
@ -0,0 +1,65 @@
|
|||
---
|
||||
- name: create hedgedoc volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.hedgedoc.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- db
|
||||
- hedgedoc/uploads
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: copy sso public certificate
|
||||
ansible.builtin.copy:
|
||||
src: files/sso/sso.data.coop.pem
|
||||
dest: '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem'
|
||||
mode: '0644'
|
||||
|
||||
- name: setup hedgedoc
|
||||
community.docker.docker_compose:
|
||||
project_name: hedgedoc
|
||||
pull: true
|
||||
definition:
|
||||
services:
|
||||
database:
|
||||
image: postgres:10-alpine
|
||||
environment:
|
||||
POSTGRES_USER: codimd
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.hedgedoc }}'
|
||||
POSTGRES_DB: codimd
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- hedgedoc
|
||||
volumes:
|
||||
- '{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data'
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||
environment:
|
||||
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd
|
||||
CMD_DOMAIN: '{{ services.hedgedoc.domain }}'
|
||||
CMD_ALLOW_EMAIL_REGISTER: 'False'
|
||||
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||
CMD_EMAIL: 'False'
|
||||
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
||||
CMD_SAML_IDPSSOURL: https://sso.data.coop/auth/realms/datacoop/protocol/saml
|
||||
CMD_SAML_ISSUER: hedgedoc
|
||||
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||
CMD_USECDN: 'false'
|
||||
CMD_PROTOCOL_USESSL: 'true'
|
||||
VIRTUAL_HOST: '{{ services.hedgedoc.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.hedgedoc.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
volumes:
|
||||
- '{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads'
|
||||
- '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem'
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- hedgedoc
|
||||
- external_services
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
networks:
|
||||
hedgedoc:
|
||||
external_services:
|
||||
external: true
|
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
- name: setup keycloak containers for sso.data.coop
|
||||
community.docker.docker_compose:
|
||||
project_name: keycloak
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
|
||||
postgres:
|
||||
image: postgres:10
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
volumes:
|
||||
- '{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data'
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.keycloak }}'
|
||||
POSTGRES_DB: keycloak
|
||||
|
||||
app:
|
||||
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
- postfix
|
||||
- external_services
|
||||
command: start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak
|
||||
--db-username=keycloak --db-password={{ postgres_passwords.keycloak
|
||||
}} --hostname={{ services.keycloak.domain }} --proxy=edge --https-port=8080
|
||||
--http-relative-path=/auth
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.keycloak.domain }}'
|
||||
VIRTUAL_PORT: '8080'
|
||||
LETSENCRYPT_HOST: '{{ services.keycloak.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -0,0 +1,164 @@
|
|||
---
|
||||
|
||||
- name: create mailu volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.mailu.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- redis
|
||||
- certs
|
||||
- overrides
|
||||
- data
|
||||
- dkim
|
||||
- mail
|
||||
- filter
|
||||
- dav
|
||||
- webmail
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload mailu.env file
|
||||
ansible.builtin.template:
|
||||
src: mailu.env.j2
|
||||
dest: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
|
||||
- name: hard link to Let's Encrypt TLS certificate
|
||||
ansible.builtin.file:
|
||||
src: '{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain
|
||||
}}/fullchain.pem'
|
||||
dest: '{{ services.mailu.volume_folder }}/certs/cert.pem'
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: hard link to Let's Encrypt TLS key
|
||||
ansible.builtin.file:
|
||||
src: '{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain
|
||||
}}/key.pem'
|
||||
dest: '{{ services.mailu.volume_folder }}/certs/key.pem'
|
||||
state: hard
|
||||
force: true
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: run mail server containers
|
||||
community.docker.docker_compose:
|
||||
project_name: mail_server
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
redis:
|
||||
image: redis:alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/redis:/data'
|
||||
|
||||
database:
|
||||
image: mailu/postgresql:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/data/psql_db:/data'
|
||||
- '{{ services.mailu.volume_folder }}/data/psql_backup:/backup'
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
front:
|
||||
image: mailu/nginx:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.mailu.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.mailu.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/certs:/certs'
|
||||
- '{{ services.mailu.volume_folder }}/overrides/nginx:/overrides'
|
||||
expose:
|
||||
- '80'
|
||||
ports:
|
||||
- 993:993
|
||||
- 25:25
|
||||
- 587:587
|
||||
- 465:465
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
resolver:
|
||||
image: mailu/unbound:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: '{{ services.mailu.dns }}'
|
||||
|
||||
admin:
|
||||
image: mailu/admin:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/data:/data'
|
||||
- '{{ services.mailu.volume_folder }}/dkim:/dkim'
|
||||
depends_on:
|
||||
- redis
|
||||
|
||||
imap:
|
||||
image: mailu/dovecot:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/mail:/mail'
|
||||
- '{{ services.mailu.volume_folder }}/overrides:/overrides'
|
||||
depends_on:
|
||||
- front
|
||||
|
||||
smtp:
|
||||
image: mailu/postfix:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/overrides:/overrides'
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- '{{ services.mailu.dns }}'
|
||||
|
||||
antispam:
|
||||
image: mailu/rspamd:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd'
|
||||
- '{{ services.mailu.volume_folder }}/dkim:/dkim'
|
||||
- '{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d'
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- '{{ services.mailu.dns }}'
|
||||
|
||||
webmail:
|
||||
image: mailu/rainloop:1.6
|
||||
restart: always
|
||||
env_file: '{{ services.mailu.volume_folder}}/mailu.env'
|
||||
volumes:
|
||||
- '{{ services.mailu.volume_folder }}/webmail:/data'
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- '{{ services.mailu.dns }}'
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: '{{ services.mailu.subnet }}'
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
|
@ -0,0 +1,126 @@
|
|||
---
|
||||
- name: create mastodon volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.mastodon.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
owner: '991'
|
||||
group: '991'
|
||||
loop:
|
||||
- postgres_data
|
||||
- redis_data
|
||||
- mastodon_data
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Copy mastodon environment file
|
||||
ansible.builtin.template:
|
||||
src: files/configs/mastodon/env_file.j2
|
||||
dest: '{{ services.mastodon.volume_folder }}/env_file'
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
ansible.builtin.template:
|
||||
src: files/configs/mastodon/vhost-mastodon
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain
|
||||
}}'
|
||||
|
||||
- name: set up mastodon
|
||||
community.docker.docker_compose:
|
||||
project_name: mastodon
|
||||
pull: true
|
||||
definition:
|
||||
version: '3'
|
||||
services:
|
||||
db:
|
||||
restart: always
|
||||
image: postgres:14-alpine
|
||||
shm_size: 256mb
|
||||
networks:
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: [CMD, pg_isready, -U, postgres]
|
||||
volumes:
|
||||
- '{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data'
|
||||
environment:
|
||||
- POSTGRES_HOST_AUTH_METHOD=trust
|
||||
|
||||
redis:
|
||||
restart: always
|
||||
image: redis:6-alpine
|
||||
networks:
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: [CMD, redis-cli, ping]
|
||||
volumes:
|
||||
- '{{ services.mastodon.volume_folder }}/redis_data:/data'
|
||||
|
||||
web:
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mastodon.volume_folder }}/env_file'
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails
|
||||
s -p 3000"
|
||||
networks:
|
||||
- external_services
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: |
|
||||
[CMD-SHELL, wget -q --spider --proxy=off localhost:3000/health || exit 1]
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- '{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system'
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.mastodon.domain }}'
|
||||
VIRTUAL_PORT: '3000'
|
||||
VIRTUAL_PATH: /
|
||||
LETSENCRYPT_HOST: '{{ services.mastodon.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
streaming:
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mastodon.volume_folder }}/env_file'
|
||||
command: node ./streaming
|
||||
networks:
|
||||
- external_services
|
||||
- internal_network
|
||||
healthcheck:
|
||||
test: |
|
||||
[CMD-SHELL, wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1]
|
||||
ports:
|
||||
- 127.0.0.1:4000:4000
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.mastodon.domain }}'
|
||||
VIRTUAL_PORT: '4000'
|
||||
VIRTUAL_PATH: /api/v1/streaming
|
||||
|
||||
sidekiq:
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: '{{ services.mastodon.volume_folder }}/env_file'
|
||||
command: bundle exec sidekiq -c 32
|
||||
environment:
|
||||
DB_POOL: 32
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
networks:
|
||||
- postfix
|
||||
- external_services
|
||||
- internal_network
|
||||
volumes:
|
||||
- '{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system'
|
||||
healthcheck:
|
||||
test: [CMD-SHELL, "ps aux | grep '[s]idekiq 6' || false"]
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
||||
internal_network:
|
||||
internal: true
|
|
@ -0,0 +1,127 @@
|
|||
---
|
||||
- name: create matrix volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.matrix.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
owner: '991'
|
||||
group: '991'
|
||||
loop:
|
||||
- data
|
||||
- data/uploads
|
||||
- data/media
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: create matrix DB folder
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.matrix.volume_folder }}/db'
|
||||
state: directory
|
||||
|
||||
- name: create riot volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.riot.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- data
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload riot config.json
|
||||
ansible.builtin.template:
|
||||
src: files/configs/riot/config.json
|
||||
dest: '{{ services.riot.volume_folder }}/data/config.json'
|
||||
|
||||
- name: upload riot.im.conf
|
||||
ansible.builtin.template:
|
||||
src: files/configs/riot/riot.im.conf
|
||||
dest: '{{ services.riot.volume_folder }}/data/riot.im.conf'
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/vhost-root
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}'
|
||||
|
||||
- name: upload vhost config for matrix domain
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/vhost-matrix
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain
|
||||
}}'
|
||||
|
||||
- name: upload vhost config for riot domain
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ domain }}'
|
||||
loop: '{{ services.riot.domains }}'
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/homeserver.yaml.j2
|
||||
dest: '{{ services.matrix.volume_folder }}/data/homeserver.yaml'
|
||||
|
||||
- name: upload matrix logging config
|
||||
ansible.builtin.template:
|
||||
src: files/configs/matrix/matrix.data.coop.log.config
|
||||
dest: '{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config'
|
||||
|
||||
- name: set up matrix and riot
|
||||
community.docker.docker_compose:
|
||||
project_name: matrix
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
matrix_db:
|
||||
container_name: matrix_db
|
||||
image: postgres:10
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
volumes:
|
||||
- '{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data'
|
||||
environment:
|
||||
POSTGRES_USER: synapse
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.matrix }}'
|
||||
|
||||
matrix_app:
|
||||
container_name: matrix
|
||||
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
volumes:
|
||||
- '{{ services.matrix.volume_folder }}/data:/data'
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
||||
SYNAPSE_CACHE_FACTOR: '2'
|
||||
SYNAPSE_LOG_LEVEL: INFO
|
||||
VIRTUAL_HOST: '{{ services.matrix.domain }}'
|
||||
VIRTUAL_PORT: '8008'
|
||||
LETSENCRYPT_HOST: '{{ services.matrix.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
riot:
|
||||
container_name: riot_app
|
||||
image: avhost/docker-matrix-riot:{{ services.riot.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
expose:
|
||||
- 8080
|
||||
volumes:
|
||||
- '{{ services.riot.volume_folder }}/data:/data'
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
VIRTUAL_PORT: '8080'
|
||||
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
matrix:
|
||||
name: matrix
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
|
||||
- name: run membersystem containers
|
||||
community.docker.docker_compose:
|
||||
project_name: member.data.coop
|
||||
pull: true
|
||||
definition:
|
||||
version: '3'
|
||||
services:
|
||||
backend:
|
||||
image: docker.data.coop/membersystem:latest
|
||||
restart: always
|
||||
user: $UID:$GID
|
||||
tty: true
|
||||
depends_on:
|
||||
- postgres
|
||||
networks:
|
||||
- membersystem
|
||||
- external_services
|
||||
- postfix
|
||||
environment:
|
||||
SECRET_KEY: '{{ membersystem_secrets.secret_key }}'
|
||||
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem
|
||||
}}@postgres:5432/postgres
|
||||
POSTGRES_HOST: postgres
|
||||
POSTGRES_PORT: 5432
|
||||
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||
VIRTUAL_HOST: '{{ services.membersystem.domain }}'
|
||||
VIRTUAL_PORT: '8000'
|
||||
LETSENCRYPT_HOST: '{{ services.membersystem.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
ALLOWED_HOSTS: '{{ services.membersystem.domain }}'
|
||||
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
||||
DJANGO_ADMINS: '{{ services.membersystem.django_admins }}'
|
||||
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
||||
|
||||
postgres:
|
||||
image: postgres:13-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- '{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data'
|
||||
networks:
|
||||
- membersystem
|
||||
environment:
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.membersystem }}'
|
||||
|
||||
networks:
|
||||
membersystem:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
|
||||
- name: setup netdata docker container for system monitoring
|
||||
community.docker.docker_container:
|
||||
name: netdata
|
||||
image: netdata/netdata:{{ services.netdata.version }}
|
||||
restart_policy: unless-stopped
|
||||
hostname: hevonen.servers.{{ base_domain }}
|
||||
capabilities:
|
||||
- SYS_PTRACE
|
||||
security_opts:
|
||||
- apparmor:unconfined
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: '{{ services.netdata.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.netdata.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
PGID: '999'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,76 @@
|
|||
---
|
||||
- name: upload vhost config for cloud.data.coop
|
||||
ansible.builtin.template:
|
||||
src: files/configs/nextcloud/vhost
|
||||
dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain
|
||||
}}'
|
||||
notify: restart nginx
|
||||
|
||||
- name: setup nextcloud containers
|
||||
community.docker.docker_compose:
|
||||
project_name: nextcloud
|
||||
pull: true
|
||||
definition:
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:10
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- nextcloud
|
||||
volumes:
|
||||
- '{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data'
|
||||
environment:
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.nextcloud }}'
|
||||
POSTGRES_USER: nextcloud
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
restart: unless-stopped
|
||||
command: redis-server --requirepass {{ nextcloud_secrets.redis_password
|
||||
}}
|
||||
tmpfs:
|
||||
- /var/lib/redis
|
||||
networks:
|
||||
- nextcloud
|
||||
|
||||
cron:
|
||||
image: nextcloud:{{ services.nextcloud.version }}
|
||||
restart: unless-stopped
|
||||
entrypoint: /cron.sh
|
||||
networks:
|
||||
- nextcloud
|
||||
volumes:
|
||||
- '{{ services.nextcloud.volume_folder }}/app:/var/www/html'
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
app:
|
||||
image: nextcloud:{{ services.nextcloud.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- nextcloud
|
||||
- postfix
|
||||
- external_services
|
||||
volumes:
|
||||
- '{{ services.nextcloud.volume_folder }}/app:/var/www/html'
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.nextcloud.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.nextcloud.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
POSTGRES_HOST: postgres
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.nextcloud }}'
|
||||
REDIS_HOST: redis
|
||||
REDIS_HOST_PASSWORD: '{{ nextcloud_secrets.redis_password }}'
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
|
||||
networks:
|
||||
nextcloud:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.nginx_proxy.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
community.docker.docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- '{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro'
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
community.docker.docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- '{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro'
|
||||
- '{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs'
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
- name: create ldap volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.openldap.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- var/lib/ldap
|
||||
- etc/slapd
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Create a network for ldap
|
||||
community.docker.docker_network:
|
||||
name: ldap
|
||||
|
||||
- name: openLDAP container
|
||||
community.docker.docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:{{ services.openldap.version }}
|
||||
tty: true
|
||||
interactive: true
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- '{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap'
|
||||
- '{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d'
|
||||
- '{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/'
|
||||
published_ports:
|
||||
- 389:389
|
||||
- 636:636
|
||||
hostname: '{{ services.openldap.domain }}'
|
||||
domainname: '{{ services.openldap.domain }}' # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
LDAP_LOG_LEVEL: '256'
|
||||
LDAP_ORGANISATION: '{{ base_domain }}'
|
||||
LDAP_DOMAIN: '{{ base_domain }}'
|
||||
LDAP_BASE_DN: ''
|
||||
LDAP_ADMIN_PASSWORD: '{{ ldap_admin_password }}'
|
||||
LDAP_CONFIG_PASSWORD: '{{ ldap_config_password }}'
|
||||
LDAP_READONLY_USER: 'false'
|
||||
LDAP_RFC2307BIS_SCHEMA: 'false'
|
||||
LDAP_BACKEND: mdb
|
||||
LDAP_TLS: 'true'
|
||||
LDAP_TLS_CRT_FILENAME: ldap.crt
|
||||
LDAP_TLS_KEY_FILENAME: ldap.key
|
||||
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
||||
LDAP_TLS_ENFORCE: 'false'
|
||||
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
||||
LDAP_TLS_PROTOCOL_MIN: '3.1'
|
||||
LDAP_TLS_VERIFY_CLIENT: demand
|
||||
LDAP_REPLICATION: 'false'
|
||||
KEEP_EXISTING_CONFIG: 'false'
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: 'true'
|
||||
LDAP_SSL_HELPER_PREFIX: ldap
|
||||
|
||||
- name: phpLDAPadmin container
|
||||
community.docker.docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: openldap
|
||||
PHPLDAPADMIN_HTTPS: 'false'
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: 'true'
|
||||
|
||||
VIRTUAL_HOST: '{{ services.openldap.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.openldap.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
|
||||
- name: setup passit containers
|
||||
community.docker.docker_compose:
|
||||
project_name: passit
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
passit_db:
|
||||
image: postgres:10
|
||||
restart: always
|
||||
networks:
|
||||
- passit
|
||||
volumes:
|
||||
- '{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data'
|
||||
environment:
|
||||
POSTGRES_USER: passit
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.passit }}'
|
||||
|
||||
passit_app:
|
||||
image: passit/passit:{{ services.passit.version }}
|
||||
command: bin/start.sh
|
||||
restart: always
|
||||
networks:
|
||||
- passit
|
||||
- postfix
|
||||
- external_services
|
||||
environment:
|
||||
DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit
|
||||
SECRET_KEY: '{{ passit_secret_key }}'
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||
DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }}
|
||||
EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }}
|
||||
FIDO_SERVER_ID: '{{ services.passit.domain }}'
|
||||
VIRTUAL_HOST: '{{ services.passit.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.passit.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
|
||||
networks:
|
||||
passit:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
|
||||
- name: create portainer volume folder
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.portainer.volume_folder }}'
|
||||
state: directory
|
||||
|
||||
- name: run portainer
|
||||
community.docker.docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- '{{ services.portainer.volume_folder }}:/data'
|
||||
env:
|
||||
VIRTUAL_HOST: '{{ services.portainer.domain }}'
|
||||
VIRTUAL_PORT: '9000'
|
||||
LETSENCRYPT_HOST: '{{ services.portainer.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
- name: setup network for postfix
|
||||
community.docker.docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
- subnet: 172.16.0.0/16
|
||||
gateway: 172.16.0.1
|
||||
|
||||
- name: setup postfix docker container for outgoing mail
|
||||
community.docker.docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain',\
|
||||
\ 'defined') | map(attribute='value.domain') | list | join(' ') }}"
|
||||
HOSTNAME: smtp.data.coop # the name the smtp server will identify itself as
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
|
||||
- name: create privatebin volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.privatebin.volume_folder }}/{{ volume }}'
|
||||
state: directory
|
||||
loop:
|
||||
- cfg
|
||||
- data
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload privatebin config
|
||||
ansible.builtin.template:
|
||||
src: files/configs/privatebin-conf.php
|
||||
dest: '{{ services.privatebin.volume_folder }}/cfg/conf.php'
|
||||
|
||||
- name: privatebin app container
|
||||
community.docker.docker_container:
|
||||
name: privatebin
|
||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- '{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg'
|
||||
- '{{ services.privatebin.volume_folder }}/data:/privatebin/data'
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: '{{ services.privatebin.domain }}'
|
||||
LETSENCRYPT_HOST: '{{ services.privatebin.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
- name: Create rallly volume folders
|
||||
ansible.builtin.file:
|
||||
name: '{{ services.rallly.volume_folder }}/postgres'
|
||||
state: directory
|
||||
|
||||
- name: Copy Rallly environment file
|
||||
ansible.builtin.template:
|
||||
src: files/configs/rallly/env_file.j2
|
||||
dest: '{{ services.rallly.volume_folder }}/env_file'
|
||||
|
||||
- name: Set up Rallly
|
||||
community.docker.docker_compose:
|
||||
project_name: rallly
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.8'
|
||||
services:
|
||||
rallly_db:
|
||||
image: postgres:14-alpine
|
||||
restart: always
|
||||
shm_size: 256mb
|
||||
networks:
|
||||
rallly_internal:
|
||||
volumes:
|
||||
- '{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data'
|
||||
environment:
|
||||
POSTGRES_PASSWORD: '{{ postgres_passwords.rallly }}'
|
||||
POSTGRES_DB: rallly_db
|
||||
healthcheck:
|
||||
test: [CMD-SHELL, pg_isready -U postgres]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
||||
|
||||
rallly:
|
||||
image: lukevella/rallly:{{ services.rallly.version }}
|
||||
restart: always
|
||||
networks:
|
||||
rallly_internal:
|
||||
external_services:
|
||||
postfix:
|
||||
depends_on:
|
||||
rallly_db:
|
||||
condition: service_healthy
|
||||
env_file:
|
||||
- '{{ services.rallly.volume_folder }}/env_file'
|
||||
environment:
|
||||
VIRTUAL_HOST: '{{ services.rallly.domain }}'
|
||||
VIRTUAL_PORT: '3000'
|
||||
LETSENCRYPT_HOST: '{{ services.rallly.domain }}'
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
||||
|
||||
networks:
|
||||
rallly_internal:
|
||||
internal: true
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- name: Setup restic backup
|
||||
community.docker.docker_compose:
|
||||
project_name: restic_backup
|
||||
pull: true
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
restic-backup:
|
||||
image: mazzolino/restic:{{ services.restic.version }}
|
||||
restart: always
|
||||
environment:
|
||||
RUN_ON_STARTUP: 'true'
|
||||
BACKUP_CRON: 0 30 3 * * *
|
||||
RESTIC_REPOSITORY: rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password
|
||||
}}@{{ services.restic.domain }}/{{ services.restic.repository }}
|
||||
RESTIC_PASSWORD: '{{ restic_secrets.repository_password }}'
|
||||
RESTIC_BACKUP_SOURCES: /mnt/volumes
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
--tag datacoop-volumes
|
||||
--exclude='*.tmp'
|
||||
--verbose
|
||||
RESTIC_FORGET_ARGS: >-
|
||||
--keep-last 10
|
||||
--keep-daily 7
|
||||
--keep-weekly 5
|
||||
--keep-monthly 12
|
||||
TZ: Europe/Copenhagen
|
||||
volumes:
|
||||
- /docker-volumes:/mnt/volumes:ro
|
||||
|
||||
restic-prune:
|
||||
image: mazzolino/restic:{{ services.restic.version }}
|
||||
environment:
|
||||
RUN_ON_STARTUP: 'true'
|
||||
PRUNE_CRON: 0 0 4 * * *
|
||||
RESTIC_REPOSITORY: rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password
|
||||
}}@{{ services.restic.domain }}/{{ services.restic.repository }}
|
||||
RESTIC_PASSWORD: '{{ restic_secrets.repository_password }}'
|
||||
TZ: Europe/copenhagen
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: watchtower container
|
||||
community.docker.docker_container:
|
||||
name: watchtower
|
||||
image: containrrr/watchtower:1.4.0
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- '{{ services.docker_registry.volume_folder }}/auth/config.json:/config.json'
|
||||
env:
|
||||
WATCHTOWER_LABEL_ENABLE: 'true'
|
||||
WATCHTOWER_POLL_INTERVAL: '60'
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
community.docker.docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: true
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: 2022.slides.{{ services.data_coop_website.domains|join(',')
|
||||
}}
|
||||
LETSENCRYPT_HOST: 2022.slides.{{ services.data_coop_website.domains|join(',')
|
||||
}}
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
# Temporarily hosting on github
|
||||
command: --remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- /dev/net/tun
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
community.docker.docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
community.docker.docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
community.docker.docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
- name: setup new-new data.coop website using unipi
|
||||
community.docker.docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: true
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: new-new.{{ services.data_coop_website.domains | join(',') }}
|
||||
LETSENCRYPT_HOST: new-new.{{ services.data_coop_website.domains | join(',')
|
||||
}}
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
# The ssh-key is for read-only only
|
||||
command: --remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU=
|
||||
--ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- /dev/net/tun
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
community.docker.docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: new.{{ services.data_coop_website.domains|join(',') }}
|
||||
LETSENCRYPT_HOST: new.{{ services.data_coop_website.domains|join(',') }}
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: setup ulovliglogning.dk website docker container
|
||||
community.docker.docker_container:
|
||||
name: ulovliglogning_website
|
||||
restart_policy: unless-stopped
|
||||
image: ulovliglogning/ulovliglogning.dk:latest
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: 'true'
|
|
@ -1,17 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
web:
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,17 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
web:
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,27 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
prod-web:
|
||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
staging-web:
|
||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,21 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
version: "3.5"
|
||||
|
||||
services:
|
||||
diun:
|
||||
image: "ghcr.io/crazy-max/diun:{{ services.diun.version }}"
|
||||
command: serve
|
||||
volumes:
|
||||
- "./data:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
- "TZ=Europe/Paris"
|
||||
- "DIUN_WATCH_WORKERS=20"
|
||||
- "DIUN_WATCH_SCHEDULE=0 */6 * * *"
|
||||
- "DIUN_WATCH_JITTER=30s"
|
||||
- "DIUN_PROVIDERS_DOCKER=true"
|
||||
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
|
||||
labels:
|
||||
- "diun.enable=true"
|
||||
restart: always
|
|
@ -1,23 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart: always
|
||||
networks:
|
||||
- external_services
|
||||
volumes:
|
||||
- "./registry:/var/lib/registry"
|
||||
- "./auth:/auth"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,40 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: drone/drone:{{ services.drone.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
volumes:
|
||||
- ".:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }}
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||
DRONE_GIT_ALWAYS_AUTH: true
|
||||
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_SERVER_PROTO: https
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
runner:
|
||||
image: drone/drone-runner-docker:{{ services.drone.version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_RPC_PROTO: https
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
DRONE_RUNNER_NAME: data.coop_drone_runner
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,22 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
expose:
|
||||
- "8080"
|
||||
volumes:
|
||||
- "./data:/data"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.element.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ services.element.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,22 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
web:
|
||||
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
command: --remote=https://git.data.coop/fedi.dk/website.git#main
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,38 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
- postfix
|
||||
volumes:
|
||||
- ".:/data"
|
||||
ports:
|
||||
- "22:22"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
FORGEJO__mailer__ENABLED: true
|
||||
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
||||
FORGEJO__mailer__PROTOCOL: smtp
|
||||
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}"
|
||||
FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}"
|
||||
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
||||
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -1,44 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:{{ services.hedgedoc.postgres_version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: codimd
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||
POSTGRES_DB: codimd
|
||||
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||
volumes:
|
||||
- "./hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "./sso.data.coop.pem:/sso.data.coop.pem"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
environment:
|
||||
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
|
||||
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||
CMD_ALLOW_EMAIL_REGISTER: False
|
||||
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||
CMD_EMAIL: False
|
||||
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
||||
CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
|
||||
CMD_SAML_ISSUER: hedgedoc
|
||||
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||
CMD_USECDN: false
|
||||
CMD_PROTOCOL_USESSL: true
|
||||
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,42 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:{{ services.keycloak.postgres_version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
POSTGRES_DB: keycloak
|
||||
|
||||
app:
|
||||
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- postfix
|
||||
- external_services
|
||||
command:
|
||||
- "start"
|
||||
- "--db=postgres"
|
||||
- "--db-url=jdbc:postgresql://db:5432/keycloak"
|
||||
- "--db-username=keycloak"
|
||||
- "--db-password={{ postgres_passwords.keycloak }}"
|
||||
- "--hostname={{ services.keycloak.domain }}"
|
||||
- "--proxy=edge"
|
||||
- "--https-port=8080"
|
||||
- "--http-relative-path=/auth"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
|
@ -1,146 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:{{ services.mailu.postgres_version }}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: mailu
|
||||
POSTGRES_USER: mailu
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
||||
volumes:
|
||||
- "./postgres:/var/lib/postgresql/data"
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
redis:
|
||||
image: redis:{{ services.mailu.redis_version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./redis:/data"
|
||||
depends_on:
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
front:
|
||||
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "./certs:/certs"
|
||||
- "./overrides/nginx:/overrides:ro"
|
||||
expose:
|
||||
- "80"
|
||||
ports:
|
||||
- "25:25"
|
||||
- "465:465"
|
||||
- "587:587"
|
||||
- "110:110"
|
||||
- "995:995"
|
||||
- "143:143"
|
||||
- "993:993"
|
||||
networks:
|
||||
- default
|
||||
- webmail
|
||||
- external_services
|
||||
depends_on:
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
resolver:
|
||||
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: "{{ services.mailu.dns }}"
|
||||
|
||||
admin:
|
||||
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
- "./data:/data"
|
||||
- "./dkim:/dkim"
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- admin.mailu
|
||||
depends_on:
|
||||
- redis
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
imap:
|
||||
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
- "./mail:/mail"
|
||||
- "./overrides/dovecot:/overrides:ro"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
smtp:
|
||||
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
- "./mailqueue:/queue"
|
||||
- "./overrides/postfix:/overrides:ro"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
|
||||
antispam:
|
||||
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
||||
hostname: antispam
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
- "./filter:/var/lib/rspamd"
|
||||
- "./overrides/rspamd:/overrides:ro"
|
||||
depends_on:
|
||||
- front
|
||||
- redis
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
webmail:
|
||||
image: ghcr.io/mailu/webmail:{{ services.mailu.version }}
|
||||
restart: unless-stopped
|
||||
env_file: mailu.env
|
||||
volumes:
|
||||
- "./webmail:/data"
|
||||
- "./overrides/snappymail:/overrides:ro"
|
||||
networks:
|
||||
- webmail
|
||||
depends_on:
|
||||
- front
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "{{ services.mailu.subnet }}"
|
||||
webmail:
|
||||
driver: bridge
|
||||
external_services:
|
||||
external: true
|
|
@ -1,146 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
x-sidekiq: &sidekiq
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: mastodon.env
|
||||
networks:
|
||||
- default
|
||||
- postfix
|
||||
- external_services
|
||||
volumes:
|
||||
- "./mastodon_data:/mastodon/public/system"
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
restart: always
|
||||
image: postgres:{{ services.mastodon.postgres_version }}
|
||||
shm_size: 256mb
|
||||
volumes:
|
||||
- "./postgres_data:/var/lib/postgresql/data"
|
||||
- "./postgres_config:/config:ro"
|
||||
command: postgres -c config_file=/config/postgresql.conf
|
||||
environment:
|
||||
POSTGRES_HOST_AUTH_METHOD: trust
|
||||
healthcheck:
|
||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||
|
||||
redis:
|
||||
restart: always
|
||||
image: redis:{{ services.mastodon.redis_version }}
|
||||
volumes:
|
||||
- "./redis_data:/data"
|
||||
healthcheck:
|
||||
test: ['CMD', 'redis-cli', 'ping']
|
||||
|
||||
web:
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: mastodon.env
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
volumes:
|
||||
- "./mastodon_data:/mastodon/public/system"
|
||||
environment:
|
||||
MAX_THREADS: 10
|
||||
WEB_CONCURRENCY: 3
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
VIRTUAL_PATH: /
|
||||
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
|
||||
streaming:
|
||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||
restart: always
|
||||
env_file: mastodon.env
|
||||
command: node ./streaming
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
ports:
|
||||
- "127.0.0.1:4000:4000"
|
||||
environment:
|
||||
DB_POOL: 15
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "4000"
|
||||
VIRTUAL_PATH: "/api/v1/streaming"
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||
depends_on:
|
||||
db:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
|
||||
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||
sidekiq-default-push-pull:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
||||
environment:
|
||||
DB_POOL: 25
|
||||
|
||||
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
||||
sidekiq-default-pull-push:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
||||
environment:
|
||||
DB_POOL: 25
|
||||
|
||||
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
||||
sidekiq-pull-default-push:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
||||
environment:
|
||||
DB_POOL: 25
|
||||
|
||||
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||
sidekiq-push-default-pull:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
||||
environment:
|
||||
DB_POOL: 25
|
||||
|
||||
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
||||
sidekiq-push-scheduler:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
||||
environment:
|
||||
DB_POOL: 5
|
||||
|
||||
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
||||
sidekiq-push-mailers:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 5 -q push -q mailers
|
||||
environment:
|
||||
DB_POOL: 5
|
||||
|
||||
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
||||
sidekiq-push-ingress:
|
||||
<<: *sidekiq
|
||||
command: bundle exec sidekiq -c 10 -q push -q ingress
|
||||
environment:
|
||||
DB_POOL: 10
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -1,36 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:{{ services.matrix.postgres_version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: synapse
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||
|
||||
synapse:
|
||||
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
- postfix
|
||||
volumes:
|
||||
- "./data:/data"
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
||||
SYNAPSE_CACHE_FACTOR: "2"
|
||||
SYNAPSE_LOG_LEVEL: INFO
|
||||
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||
VIRTUAL_PORT: "8008"
|
||||
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -1,44 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: docker.data.coop/membersystem:{{ services.membersystem.version }}
|
||||
restart: always
|
||||
user: "$UID:$GID"
|
||||
tty: true
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
- postfix
|
||||
environment:
|
||||
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
||||
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
||||
POSTGRES_HOST: postgres
|
||||
POSTGRES_PORT: 5432
|
||||
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||
VIRTUAL_PORT: "8000"
|
||||
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
||||
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
||||
depends_on:
|
||||
- postgres
|
||||
|
||||
postgres:
|
||||
image: postgres:{{ services.membersystem.postgres_version }}
|
||||
restart: always
|
||||
volumes:
|
||||
- "./postgres/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
|
@ -1,36 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: netdata/netdata:{{ services.netdata.version }}
|
||||
restart: unless-stopped
|
||||
hostname: hevonen.servers.{{ base_domain }}
|
||||
volumes:
|
||||
- "/proc:/host/proc:ro"
|
||||
- "/sys:/host/sys:ro"
|
||||
- "/etc/os-release:/host/etc/os-release:ro"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
DOCKER_HOST: "socket_proxy:2375"
|
||||
cap_add:
|
||||
- SYS_PTRACE
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
|
||||
socket-proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
environment:
|
||||
CONTAINERS: 1
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,59 +0,0 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:{{ services.nextcloud.postgres_version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
POSTGRES_USER: nextcloud
|
||||
|
||||
redis:
|
||||
image: redis:{{ services.nextcloud.redis_version }}
|
||||
restart: unless-stopped
|
||||
command: redis-server --requirepass {{ nextcloud_secrets.redis_password }}
|
||||
tmpfs:
|
||||
- /var/lib/redis
|
||||
|
||||
cron:
|
||||
image: nextcloud:{{ services.nextcloud.version }}
|
||||
restart: unless-stopped
|
||||
entrypoint: /cron.sh
|
||||
volumes:
|
||||
- "./app:/var/www/html"
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
|
||||
app:
|
||||
image: nextcloud:{{ services.nextcloud.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- postfix
|
||||
- external_services
|
||||
volumes:
|
||||
- "./app:/var/www/html"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: postgres
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
REDIS_HOST: redis
|
||||
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
|
||||
networks:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue