data.coop/ansible
8
3
Fork 7
Code Issues 49 Pull requests 7 Projects 1 Releases Wiki Activity

Compare commits

base: data.coop:main
Branches Tags
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password
..
compare: data.coop:proxmox
Branches Tags
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password

15 commits
main ... proxmox

Author SHA1 Message Date
Sam A. 72387f3e79
Fix interfaces 2024-03-31 20:41:12 +02:00
Sam A. 200f11dc4d
Add /etc/network/interfaces from Proxmox 2024-03-31 19:59:59 +02:00
Sam A. 7476dba0e6
Refactor vm-common (old ubuntu_base) role 2024-03-31 19:31:27 +02:00
Sam A. 23735ac517
More stuff 2024-03-31 03:58:25 +02:00
Sam A. e6b9159e1b
Stuff 2024-03-31 00:09:35 +01:00
Sam A. fd80dfdba4
Add steps for rootless Docker 2024-03-31 00:08:06 +01:00
Sam A. 27ae28797f
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 20:24:57 +01:00
Sam A. 54249980e9
Stuff 2024-03-30 19:16:29 +01:00
Sam A. b8bca56c76
Add cloud.cfg from template VM to Git 2024-03-30 01:55:41 +01:00
Sam A. b1e3ab1308
Cleanup 2024-03-29 23:06:31 +01:00
Sam A. ef891ced42
Remove Vagrant support and deploy services selectively 2024-03-29 23:03:16 +01:00
Sam A. ec4f107100
Fix comments 2024-03-29 21:54:14 +01:00
Sam A. 7b05d99c58
Merge branch 'main' into proxmox 2024-03-29 21:34:57 +01:00
Sam A. 3a53634dfa
wip 2024-03-01 21:52:27 +01:00
Sam A. a2b6301fad
Add hosts and move vars into var files 2024-03-01 21:30:18 +01:00
114 changed files with 1120 additions and 784 deletions
Show stats Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,6 +1,6 @@
*.retry
*.sw*
.vagrant/
*.log
.idea/
.vscode/
venv/

39
Vagrantfile vendored
View file

@ -1,39 +0,0 @@
Vagrant.require_version ">= 2.0.0"
PORT = 19022
def provisioned?(vm="default", provider="virtualbox")
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
end
Vagrant.configure(2) do |config|
config.vm.network :private_network, ip: "192.168.56.10"
config.vm.network :forwarded_port, guest: PORT, host: PORT
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "datacoop"
config.vm.provider :virtualbox do |v|
v.cpus = 8
v.memory = 16384
end
config.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.verbose = "v"
# If the VM is already provisioned, we need to use the new port
if provisioned?
config.ssh.guest_port = PORT
ansible.extra_vars = {
ansible_port: PORT,
from_vagrant: true
}
else
ansible.extra_vars = {
from_vagrant: true
}
end
end
end

4
ansible.cfg
View file

@ -1,8 +1,8 @@
[defaults]
ask_vault_pass = True
inventory = datacoop_hosts
inventory = inventory.ini
interpreter_python = /usr/bin/python3
remote_user = root
remote_user = ansible
retry_files_enabled = True
use_persistent_connections = True
forks = 10

117
cloud-init/cloud.cfg Normal file
View file

@ -0,0 +1,117 @@
# cloud-config
# The top level settings are used as module
# and system configuration.
# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
- default
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the default $user
disable_root: true
# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false
apt:
# This prevents cloud-init from rewriting apt's sources.list file,
# which has been a source of surprise.
preserve_sources_list: true
# If you use datasource_list array, keep array items in a single line.
# If you use multi line array, ds-identify script won't read array items.
# Example datasource config
# datasource:
# Ec2:
# metadata_urls: [ 'blah.com' ]
# timeout: 5 # (defaults to 50 seconds)
# max_wait: 10 # (defaults to 120 seconds)
# The modules that run in the 'init' stage
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- disk_setup
- mounts
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
- snap
- ssh-import-id
- keyboard
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- ntp
- timezone
- disable-ec2-metadata
- runcmd
- byobu
# The modules that run in the 'final' stage
cloud_final_modules:
- package-update-upgrade-install
- fan
- landscape
- lxd
- write-files-deferred
- puppet
- chef
- mcollective
- salt-minion
- reset_rmc
- refresh_rmc_and_interface
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- install-hotplug
- phone-home
- final-message
- power-state-change
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: debian
# Default user name + that default users groups (if added/used)
default_user:
name: ansible
lock_passwd: True
gecos: Ansible User
groups: []
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
package_mirrors:
- arches: [default]
failsafe:
primary: https://deb.debian.org/debian
security: https://deb.debian.org/debian-security
ssh_svcname: ssh

5
datacoop_hosts
View file

@ -1,5 +0,0 @@
[production]
hevonen.servers.data.coop ansible_port=19022
[monitoring]
uptime.data.coop

28
deploy.sh
View file

@ -2,20 +2,15 @@
usage () {
{
echo "Usage: $0 [--vagrant]"
echo "Usage: $0 [--vagrant] base"
echo "Usage: $0 [--vagrant] users"
echo "Usage: $0 [--vagrant] services [SERVICE]"
echo "Usage: $0"
echo "Usage: $0 base"
echo "Usage: $0 users"
echo "Usage: $0 services [--deploy] [SERVICE]"
} >&2
}
BASE_CMD="ansible-playbook playbook.yml"
if [ "$1" = "--vagrant" ]; then
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
VAGRANT_VAR="from_vagrant"
shift
fi
DEPLOY="false"
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
echo "Installing community.general modules"
@ -28,19 +23,24 @@ if [ -z "$1" ]; then
else
case $1 in
"services")
if [ -n "$2" && "$2" = "--deploy" ]; then
DEPLOY="true"
shift
fi
if [ -z "$2" ]; then
echo "Deploying all services!"
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
else
echo "Deploying service: $2"
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
fi
;;
"base")
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags base_only
;;
"users")
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
$BASE_CMD --tags setup-users
;;
*)
usage

343
group_vars/all/secrets.yml
View file

@ -1,175 +1,170 @@
$ANSIBLE_VAULT;1.1;AES256
61613366663339336437363136623339356237313933373030613438663430613938306336323139
3234343636653638653533656337313138356538376134330a636566313532303362326466663830
36376130386361306535373936353864303464663136363261356130323730663362303537666363
6437613762336531660a666232663762656162643234663839626663393330646566663933666164
35616164306433613734313132636266646266303464623034323338326534363133393365336334
61376637366435653766316562386337656266366537353863623633356439636331326436313637
61626232626664326163396437353065363735616133393730353936653734323863336263383436
31316339313333356537393266396431393330633161303634653935626562666266326265653761
64613163623137663532623565633434366238373664336330663439373033653861633161613835
31326237396631643836346339326235363663333230326438303334666236363536356237376536
61356163626231366239313065363836393332616537623237333736613161303063313437623564
37316164353436343537316433613763313064636366326130653764346463376330306430316636
32336136333738343361353536623465616339666431343265316564366431623131653435653561
62656662386333613337653831646635323566333131386363313233653861383634623666336430
35636166643063653039656131663664303363343738353662643335356134343336306263313861
35633332346366663932336236636462336662323234316261613333393031353232623435316339
62623063313536333962316463383063376430353163643362393539323830393132343063653963
33363932333532616132343531636434653834366230343238663836643939363931376262323561
64323937616661373434613764396639336366356430373966363266656239666434373635373133
65663530636363356436343765333830633061613337326361303433306231353762373331623463
39323738656335656139633034626432346265353638323539356132663036623965313033326363
34313333636333643465333563336661643536333639373639316439323036333065313662343663
37336532366630383331366338353434383135363162626335643664396262633630636163316330
64656162616236616131396665386136373534343263303933323262373537343339303639663035
37613234666439326333343136663264626465396431613437353564393162333032343538393536
31366564363663313630313033323862336635623862633733333739636461323066663037643131
64393535373364623531356665353833313139626134666230666533666166373265306531336238
63633361373162383665363332626433623861346139393632366366306137396561623437306635
64323462383562643638633437613663656463303064393564626131633161393436336631326131
64343339383030333864373564633766663238626638646438363431623963356464633330636363
36396164303631613137343966323162346135626638623737396635333661623364616335633965
62373733656233646437626236346635396466336438383466393831386539383262653633373531
36343935626338356334666363613137363935343362383265303338366266646233373963656239
65353461323432316366636531353665626534396562343836323563613231393361633162343033
63663436323532396332313735343262653738626664643931386661313136613830373637393632
64366264373838316538663865643166356630323265383139613036323539396136393934353865
32303266303131363836376664343431366633383765383966363365663761653533656265316230
33303466326665633263306562393133303438616538316362336436633963643331613631616130
31616135656231313763336336666632633563636136643062363437323937643834326235653065
63633866663766613234623863643335656333346138386463623565356437356165646538363738
38333366323165353633613365353031653164653435613136663064656330613764386361396236
32346636643462396630303530653364343338393061323336306161646163376464323230326463
35653166326461656539303863333232333166336533613339656234393337383031623065323132
35386233343739663439306134643365373232336539306634623332323939366638383062386361
38303035383462333766393335373731663638316139643231396138326634383839393663323630
38363232303564366462663462383466353664663234313165326539393632343732626166303031
66326662383338376663626166623661613561343035653336376139396633636336313539363639
36333065663737613965383739366561356130396136343337376138393831376234316464336531
35366663616665623732303430346131636437373731386333616162366261336235616134306535
31623130353335326334363334386566346433313166323332303930396465663833393130393131
35333637646335343536626432323539626238636264626563336463386363653834336262303663
34636332656139373231626661663461643336363262326437656531313333333739613363396165
36333532353061616239636235373963653532653838643161633837653733663537633138666233
36343036353866313263633733656634613963643931333838653561623739653639623935663831
35663534653830313236663539356663396165363638613333303366363565666465326339336437
33333936373566383239643663366532666235336533333962333731616366313733643963616161
31323631303566383937303338376332383537313566613761353864326532613933323337306661
61333234333238366437306237366432383066323830373236333431653063613664336433343463
37353033646538343635666564326337656264396163393561303734633739646539396138313464
38333161633938646462383834633662623332333630626531373339373439616138353235363638
39303837313534366338326133323337396339316533663334316330373562643339396665353861
30383433323339306637383731333331383436643531393233353639633238393136626264383664
34333331616330663565376330626535383765613835643964666132303838336165383565303964
38376630623733656361643663393164613766616462623034656631366433326132383033366363
37366232386135356264323936366431356262323664386661356239633836346238613162373937
61376265653865626437303765393662646234343230636538376531313833363136616265346366
34653132333239353865363638366632666133393034623130316566633532326238306532613963
63333534346635643135386139333661326532353435613461636165356339616431346166373632
62376435366238646335323239616666313838643137633632366232366363653234376134363039
33333733343937333366633434313533633463613033636432636265636261396332633162393763
63383263383966663534346330396335663836663132366439376134646138363336323233363339
62626164353832633733326236623865343130643564373830396634306266643637323133633834
66663533376264393835623632313264633464303432333365323365383533666565633831363339
34636533656466373930313461336138313439666634386434383862646563373163613565343136
32646466326461373065306637386631666633633364393630316637636364323966623766633330
34386163633865653734373538336234616161363036333236363735303765376432666632613030
38303532656263613063633865353633646566396661376535623335383931336465306666303963
64613665363662656237366334383632323862346430313030346538643939366362303734636538
63336234383863306633353061653166656231323332313931326637666665396162643930633835
64313233393433653261626364656566313836313634316631646639356438333336376166313161
35316133636635383936616666313764663936653035353333356239313030346339333065343739
66616537383736636234653165333930633239643966326266646365373330313738316131393961
35636161626532323862313261333130653739383062306164633062376566346432663839643831
37363337383761643430323661383039646164323665333765333534663635666262623266313339
64373530646537376136636239333035333461303539386666643366643936303563396132373234
33326130386435346238646430383630656261333630326330376336303638376137646361306630
64303031363435653834393035383135346239663063386239303365373663303764373631316165
62323938323834333763356239386661643136363961373766653930613134313233343166343734
31313664643639316531346333356638666135346231326561666234636539653862366630636134
37326230333237303461326466623764653163393935366361643264366531333630646261333435
33303866383332303730323736353639633533656661643361363537663436656466633664643132
35633263353862376435383031613030303434326135643431396363373933373130343766333765
33646434373961366134323534656264303562313033653930336437376630376135666339306661
65646635346535666538643734313462383631336236393963373631623530383430633438633235
66313062613136326364363434303135363739353464386263303137303534663166326463323732
65323931666331353630643062383061343836383266663035376631613636306564313133343238
38626563663834363739366236323061663165656361626366373366633932386134336665393830
32623733616566336539343039313532643131336439663736343137316264666562636562386364
66343930336531383634663339383931623537313835346566363434343231323565333036333832
30363937393831616537323832393064313330663732393061383437633437366161313131393534
65323663666161363039366663303633663739633832626132306164653266623766313031616230
32653763393636616331313932373935633039313038303762623039303032343738386134346164
64366130336233316330653261333661303839363965663232393233623837633461393239326433
30626235363666623464393935393262666633353337336331393762656333373763633866326664
33313966623438346637643239663535306166383062306332383337613864656664313932623137
30306563386561643435313030393139333063616232363433336431303330643239636663653231
32383762303539633235353464306431653539316630636630626536346235393966366639346563
37333264633832393139663561616633323361316237313863356537336364663666623333633439
33313735613163346562643539393836363566653464363534313637353030613436646432333964
36616137396439333764323634376366366438643337666266323831316139336264336363656364
63646533366562623862383336343633663963363530396532623037646331643435336161656239
36386434326261343462353863653866646265336436613438383835353637626530333932353238
66376632643863616233326235623864616330333730353533326466393434653333333433393664
62313435366537386436306166653932626436323636623430313739656239663662393931316136
38383464326537616230363734643237356333323964376430383364393632313136636333616365
33316139363238303338303165623032623265633461663466363737313362386336393939643066
34303535643261386666666138323938623438643437623933353031633662326562643836353931
61376136356231636164336263653539326134616636356338633835633563373339363964343738
39353864623662303466393132313131666366643266356133336131633862366537353235396366
66306438393963303438353035643866623265376236343636363636316135643466656639396661
38396462353538643466616166383566663431653238376162363764383030373831393336656436
64643635376334363832643063306362313238636431623962376362343365343439343937613564
65613464396433373964373730383833636661303230353238343032323834336435613731656561
66646661363736303430656363323130323130373131346435383137316636333831306164343835
39333730623564383663633664343235333365656366386465316238316535333330363839393465
66383062316366386465383164323462383934646361306136376161316265383564366361343233
30346537313236643665363866313432306233306331366630313862633966613739663964363533
37316634383034366665626130313462663964383962353933633261653066636163333836333064
64623133306432353631323931373235373934356531666663383939346132613265323635333935
64636131383265303662393133336261326265326562663837383564366433323764363430323731
33613333383030663434616665663439326162333832376333613935623139313465303933343239
37633539316133376331316538613035383139643362616363326535656635396263343732373038
64373435613266646661613961313233383063646335616537366633656165656538626631373032
36336463643262343235353533326262653964386662356137366261333566383662366433363436
61346630306233363135623437643634326365386265623436623366323739663136653034616437
38326331393764303262636438633433363332323263396265303631663737393639393361306532
39333664646638333938363130626661656137366637356263376133306363363565353262626564
66363863316166373638666465656630346533333635663432616132653365353463636638376639
63313163323266323136303730643830613239616262656363643935333566633530376566653435
36326431313034303930663534326335663964326263373936373065626634386337353964313162
30646561383839336235636632303832366266393736633136343137633331633730343962343433
63316337613239633339303366613765333634643636313966313362326262643639363161363131
37326130343166323938653265336638643538363031383938313264623539336264303136333031
30313130623634333764616439336631353863623962643935616361646434333665326230323765
37363637333165373631613561353735613135303939636466313761303764393164356662353032
30386662396533653665313337363732623361336638353536636665653437643364353335613035
31663730323065343135303839633363333337396537643135373435636434333566356438303761
31396366373935663763336661363537663636616564376434363166343964616533386339656365
36616364333164396633336366313666663265613436383364306138313335363031613163366330
65396133356262316233383665306262343133643136646432326663363531353664643961656232
66356265333135633836633164626336363363343765346261636162653438643964646239303261
38643238393830346433646338616433373364353864633435646531393562343439373334613138
66396139356164333864356466633131313433633261626630343764373334633638626431323739
36356562363532336239323063636461643864363566336232306331306138333233666534333538
37636232393333316565383263353933363166633930376465613731643630363335376639356336
36343262383535653839616234363835376265356639633138636161346262363330343936663064
39653235373931656366316335363731303038323366646564343466613836333131396231336163
64623038613536303635613963383761313035363261646165336661366238346531363365346562
62343036656430663938336365626336633535313036306231353863313563303935333838396361
37383131613834343233616163396262343561326138386236313162376262636334656565343266
32373230636135626533626433656533353432343461366231313863363034623631333330663238
31613566366361636534323662343363373836396134653439343938376131336430626563353333
62363037613730316563656234323665383464396237656332663166366634303036313236383831
39313164663136663633623336613166633965346632623364383234356630363934366632323434
31343261643731656430356634613831643666383934383164396238666162643838306166653664
62633963366465303662393930383764626462333832653136636461643130363564353566383233
36383331616265383437636430303865323435663939323833643465373836643863346235356266
39666664336263313365383034303637396164663366613263613337626465386632333163373366
62643335656230316432306235393433323933633836333833336639306636353163363663623736
34333165393165633563363762376662326632313766326166353863343937626165393136656436
39646163326262396263343030343263643033333630373233616338323939616137303630613336
36313266323263366436666230316134643161616638376431356438303932303736336432666535
30383963396664306265393031663238346538613038393564363134646237346531383962346638
6237396161373638623639343131346633316265333036323161
30613439636234396439623634656338666330643936373563656336323831353464353239353661
6234316535383838653865643964353033623935313432630a666563316534343733363464396635
34396664643137643136633837656432623633383361633336343562333039326538393034616637
6634613631636433610a663835343739376534356133323163343132323233643135613333313132
65373233666535366137343839363938303561653731633038376631386161653038613631396364
33636131636536306134346336636332393436303063306262333430613137376438626133353963
66396332363335333436623335613966323730616139353762656662386530356435623831656632
30333363376132653362323339386437346134323232363336363461323332613962613131386264
37383435653061653466613834346430656632626338316564656136666266353231363661666461
32646461313365626232376536376463313531613861363462643062326538326234613332646430
33383438613961623134343665383638346164653031363435656162306163653232353162343431
38333239393332613466663231383932316330376535383466643233326134623530306361393639
63386530643733393033646139613730313239313866343730643337393533366330373363353338
62313739613531636166663135646262396334373538636634393534616337363337323630666261
39643164363437653661633666376431303662396431633661663933343666613234326637636231
38383537333532326636343366343564646630363838323162373339323365666262303836636232
31343637616261636130656637393633383165353332346239323063646162306235313962363935
64633639653261363563646664393630666564646165393736363562623231626634326163306630
37613635306136643334616364303439323332666431386264623265323636623738303364396636
37626161363466646166633434333265623236633033666562643264303662333363396631646638
36626636363261313966393235313866353936323064343331626362306162323166323063656433
63303762346330323031353034356162373433356436663134373930633634366330653233613139
63363639343833616431633765613938623037323961623663336662666135313466303661316133
39353664633036323031373862393530653433373062623233313965653735353566306538393439
30366162663138326535346639393337393362366630343266643035353465663332333539613337
30666666363134313239306231356663343166363137366636643931313039333732383833313036
37393064396662623063613462336363386336393839313465323062646535373733326338353766
31666639303836316266343764336462343765363930326338313635336633323662366238356264
38613631313434383830333031643938393566633236383861633266326336653033663163336132
61313132643062666434346333653234393865656463343363313636613364616361353561343739
38313231333431303664323730626162613264343630356438336636373739653234336666646438
37636437623336323461613063396137396533353265333034333435306666636261353933613232
65363632383039666666323030323830333534376362326136313232393732613166303461383933
62303166396533616538666566356238393265663163343264333664393936613066313665616137
38613030623937633730646461666233333035323661363835313161613930336237396332623338
30666166636662613130363430333436613532326437393730376536353963356633393736303065
31393534646537323037316664313438643836386333613961663031383231663932633934656461
62313163616635626131663961326438396439383432346337386261313330343330353637376330
38346532396533326135303264613361663836646163623630323832653032396237353966663661
36353365313962663832393333336138346335363832396535346336643565366465643565616638
63616565356663623531323935393334326639626236353338643237343764366464666131393332
64396665343535323339383434366133613235313866653663313639633930323864646536346232
65316465643662376264373536393232326666663335316631376433343062646361376165363732
66326165643163333737313139386461363431353239626236366238343035386663363435366464
31633738336263633961306436613233303861633263343030336637373165663261316632663537
31613636663163323365303038373134306264343831326264326261633834393366623061616262
63393463333833393636666232626662643738653634306364326231343830633834643664353730
37346131346263356539363630363230626364663161643064323538396131636633623866383939
66346434323935353632633837363530663438636539616130633532346236343661633766383434
34343339646662393030323661623665643432376365633435666333316439356631386234303062
35346631656230346565323130333765663933373638303639363530373431343232393864656639
33666433366131396464323137393239653531376662646235343962613639343831636261326265
65663564613766313634653938316339306434663463623563316431633234323330623738646636
37643535623664323433626561383462393033343232303838333930653366376536353765613036
35663165623265616630373161336632646435613331373166303632373633313865386134636362
61636134343839643735636461626663626237613262316564646339323933363864303935353834
39396637646264633736366336616336643032313237653662646331383963366533373766356539
35306165306534393463663332336430336635666135643561303935386635393838323865623162
36323565616232353261303139623465646234313136383436376162376165303664613164356162
33373237333666616135636231653637396330663930663962636161326664333261343737343735
37313465396130653138613539376436373237343138636535626632326435383234326466363235
34646663653038396630353637636166346261346233333632363361326536383634663433613564
35633864343630333033613133626635313931333031643564396164393135346131343832363861
61366664363838653438653137383933386233633836323332643531303936353237623734666135
31356166613664636634336536343032646239643130346564303162356431346539646336323339
61626236346535336638353134353838333434663838303730613363393365633739383563613434
64336331306639323061386338656361653636353831346237373134346538623464343562393735
39333764343139333133393233626564643266373034623764633835383561366265636632633937
62343635343161363231653138613263313562366439316435633964396161343566316435303465
39666236316339653839313333396264623636663561653932386638366366663933353761353162
61343038383939396231346534336361306430373564353633653139306334623630343738636430
66376631366662313131646130363530323232383535333163363466636262363461633232343532
63626430336261353861633362396638643937623832386638626334663333363637393637373939
64303039666432303535636265613564376139333331653336666563663238366639393366363334
36303635633933333832396562373965653361303034653139643466656534326231383162336366
31656138656539383539396462326134333331653131306537643962653762373035343235333233
34373730623663346430303962653061623330653263393633383835663739663961326566323036
30336365616532303362396230616531386639333636336332366335613935623836616134393033
62653535396630383436393631396337336163323361663930323532633666663238333366383462
36393261376262643336643761613731643032626632646332366661626331333233363436613937
34653731666137313733653863396164323963383037353265373532303137623037343733616537
66336433343334626536323639636139653931383466633833326234633332613431353432343561
36626339656536383862623833633634356435393764316633353135326639623534366538313330
62633333303266613630326330333336353264343937393864393239623664323366373565383334
37383237376664643065383834633961366632643261343635336335353765353863323131653866
31326531303461323736303730623638663863353939636437636231636437323730656463633733
65383934343534383631363162363830386365313935663337366335326131393262353030663765
30643665383332613030336439346332363135366232303166623534333637366133656437643231
30306634636430643864363561316334383530613165326663326665613633636237353830393334
62653333623563626131666166646335663334393662336337333836376631303631666136376332
37316537356531346464623363653033306537636239633065646533643239653063613835363665
30383139326465613864316533643033333430326230646334353364633138666532353736313265
34623733613864646661353730666433613961643261346166303264386435643565373565323864
61346465336231613865363263303034396439346163393534666439666437353266323565653032
39386439646438313938356237643831643434666161383632316530356465616632313235643834
33303865653836303632656663366465333331616634313863656438393838636631313364633637
38646230643734393733663261326161376536643237626130353831363731306231313864613066
34623239396362336639363163313161323065653461363563353631613730373830643133336464
31336439636361363539383539323631303462633833353032373530333539336538363033383363
32613733623839623938326165356237313165383366646233393933393965613363666532646434
63316133613130313363303537366230646235663130313538333761633237383262316633366364
65373664616237316534613831313966623939396331626334313430386638653461386334363939
35333339643837666264356535643365353331393437313866643034663934336466336534343035
61313837666662343363613962623462333935353837333336363839623466303534303837396634
38656330666661356235626130303538666533666563323936633564383164633834353831306634
36343836353464623962333362353133386563343831336463646635646263383832666232323736
38613730316634373365343938623237356231643931303333366462373134383137366339613662
62643832323734363635643634373066303366306366663036623139393761636533326130313336
30316536396466383463393233363035393335343565323635333665346464366139626165636661
39363066643437613537653836636363376532643038363063383234353066313737663061363334
38306563613561663165623630366135303332636133343733343836383865613661393761333031
62653162626461616564643138613737623632313739393962396439306133646138303936636435
39393663653865363166316365376562353461633163353734343132343831386434653037323732
36356162356336616330636630376438636165653439376137313934663939376639396266323962
37383736333536653438363963316435326632393966383534326337303336386135616636363936
35393331313938653830646332376631623763383439623633396433633739663038313264323835
33373664313562366664363630316132643465363964383339363339656237323465626262306364
33306133373065303135613235623262396365363634316365356364373561363762666235666430
62336362643564313238363933623366396138646237336336623062326161326536323534326364
39316162643966616436343737313434616230346237346237363962653033613930623462386431
38343662356665383763633034393236613733643430313937326335356466376139653533333965
39386138623134666132663837616637376362303561393133656139653438386363613965393661
36343566643931393061373031343331336463643034383065383763663234373438383064303232
64666236313935346237666466333562613935646163653331303661386138313739326538353935
64323737323532663731353136336138633533386464616362333838396332323563353537613430
33633631326238366166346437316638363161386562383630623466386564323266333033313461
63666535363034613232346239636233623130393032353030363334333531646238373262323765
61373739396162643661353031613663353531653836323730326166383463613330333966336233
30386136346466336361303237303534373064353230653238363231633530613866663461643465
30396266356164353063323432663561396564636231346534366661663766613634376235356637
39313839616336666461313431326430333932623262333437386464636264373430653566386631
64653866623662363864376663613136306165393863346533303634623936373835633864313462
61333562646233303232623861366634383466633537383831626334356561353637663038643531
39386635326366646134333231653737653630356135396634326537633232333166616161653136
33393562383233656564356530386465623239386666313964343534343466616134373132636631
39666365393063323838343963366339373434353839383039383238613133636237316365323861
30626330643665626465666338353030653839383234393237623633646566376361646536353233
31393235623561323765633835313139313538343761393064353632316335656231353930656437
31313639313931636633333230653730666638373864326239333561393134356632623138366131
65356462373336383039316131626562633330666363386631383663343838393435663538343934
65386339626362623664393532386131303234633466363437383236616463343831353862323961
39663835313234326137303965663963663761656531653437343234643634316565333762663139
65393830633237623031303234636134633539316131396135616237316266333437633861303831
62656630373763343366636635653033666630613533363365636261323661383364343161343439
35626531346665656263643461306261376238353033343032353731373861333239333862653231
31336562653133623163353230633331346237356534333534613161323462636639636662623435
63633035336662376636623339326433393035646539626231363762643532323463316263393736
62613038333733636362356636373331313661663830633433643039653233626261613739663836
38643030313338383266323134326337323334343230623331386664333937316266623134336362
61373037353664623863393233376264616438656332386130316361663665323135386463383763
33303633356133353439393664363630336133306364363430393232326665393339323265383630
31656463343064383837333630366465396633393465666235626330343937313630623039383465
63326361663238653035613935343932623237396362643833313731323830313962616362613539
32346165303930323739313837643933363863643937346561643930653530393636383036613235
61376166386563643733333233343437623630323632643463353131386461663936313065313562
31393032646262386634353436643466323731366631393136393433616332613036666163336635
37303365633338613630656463663533653336666562653236336264303238383930383132346365
35386662636439653930343738633265363635626132343030653462306431363234633635643537
61666363346430653131623762666564313665653262386332396532646339383136383337353863
38386632316632373338653535323335363265653563376330663239343861346563646366313039
33306364623536346339393566326533633133393866303535326535306435626531346264616138
34356231373561633337653663643566633632393330386564393966666365306565316135646163
63366365383839343134303635376233343865663631633331333230616630366633396231333435
30366137383238393139336433353764633038616238326136663636656132626538393565393130
38653765326137393136386233383636383165613235373437353730306564643033306534386666
61623538663537653166313264303533623162356134393333373732383535386261333535383039
65613166666230336265366335323434636336663835323034373930393430363065376665666337
35363265666130653830333536326433316639613638613730666139623137333736663535633032
33363135376636636536623731323134343237393633333038393364376237386165

3
group_vars/all/secrets.yml.contents
View file

@ -55,6 +55,3 @@ rallly_secrets:
membersystem_secrets:
secret_key: xxx
diun:
matrix_password: xxx

28
group_vars/all/vars.yml
View file

@ -1,24 +1,17 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
users:
- name: graffen
comment: Jesper Hess Nielsen
password: '!'
- name: ansible
comment: Ansible User
password_lock: true
groups: []
ssh_keys: []
- name: valberg
comment: Vidir Valberg Gudmundsson
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
groups:
- sudo
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
- name: reynir
comment: Reynir Björnsson
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
password_lock: false
groups:
- sudo
ssh_keys:
@ -28,8 +21,19 @@ users:
- name: samsapti
comment: Sam Al-Sapti
password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60
password_lock: false
groups:
- sudo
ssh_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
- name: valberg
comment: Vidir Valberg Gudmundsson
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
password_lock: false
groups:
- sudo
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=

10
group_vars/monitoring/vars.yml Normal file
View file

@ -0,0 +1,10 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_include:
- nginx_proxy
- uptime_kuma
- watchtower

13
group_vars/production/vars.yml Normal file
View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=data,dc=coop"

13
group_vars/staging/vars.yml Normal file
View file

@ -0,0 +1,13 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: staging.data.coop
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=staging,dc=data,dc=coop"

8
host_vars/cavall.yml Normal file
View file

@ -0,0 +1,8 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 22

12
host_vars/folald.yml Normal file
View file

@ -0,0 +1,12 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.5
vm_host: cavall
vm_type: control

11
host_vars/hestur.yml Normal file
View file

@ -0,0 +1,11 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 22
vm_host: cloud
vm_type: uptime

12
host_vars/poltre.yml Normal file
View file

@ -0,0 +1,12 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.2
vm_host: cavall
vm_type: app

12
host_vars/varsa.yml Normal file
View file

@ -0,0 +1,12 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.3
vm_host: cavall
vm_type: app

22
inventory.ini Normal file
View file

@ -0,0 +1,22 @@
[proxmox]
cavall
[monitoring]
hestur
[production]
poltre
[staging]
varsa
[control]
folald
[virtual:children]
production
staging
control
[physical:children]
proxmox

34
playbook.yml
View file

@ -1,27 +1,15 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- hosts: production
- hosts: all
gather_facts: true
become: true
vars:
ldap_dn: "dc=data,dc=coop"
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
letsencrypt_enabled: "{{ not vagrant }}"
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
letsencrypt_email: "admin@{{ base_domain }}"
smtp_host: "postfix"
smtp_port: "587"
services_exclude:
- uptime_kuma
tasks:
- import_role:
name: ubuntu_base
tags:
- base_only
- import_role:
name: docker
roles:
- name: vm-common
tags: [base_only]
- name: zfs
tags: [zfs]
- name: docker
tags: [docker]
- name: services
tags: [services]

65
proxmox/etc/network/interfaces Normal file
View file

@ -0,0 +1,65 @@
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto eno2
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
auto bond0
iface bond0 inet manual
bond-slaves eno1 eno2
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3
auto vmbr0
iface vmbr0 inet static
address 85.209.118.134/28
gateway 85.209.118.129
bridge-ports bond0
bridge-stp off
bridge-fd 0
#Main bridge for public VMs
iface vmbr0 inet6 static
address 2a09:94c4:55d1:7680::86/64
gateway 2a09:94c4:55d1:7680::1
auto vmbr1
iface vmbr1 inet manual
address 10.2.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#Internal bridge for VMs
auto vmbr2
iface vmbr2 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#NAT bridge for VMs that need masquerading
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
source /etc/network/interfaces.d/*

231
roles/docker/defaults/main.yml
View file

@ -1,229 +1,6 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
volume_root_folder: "/docker-volumes"
volume_website_folder: "{{ volume_root_folder }}/websites"
services:
### Internal services ###
postfix:
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
pre_deploy_tasks: true
version: "v3.6.1-alpine"
nginx_proxy:
volume_folder: "{{ volume_root_folder }}/nginx"
pre_deploy_tasks: true
version: "1.3-alpine"
acme_companion_version: "2.2"
openldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
pre_deploy_tasks: true
version: "1.5.0"
phpldapadmin_version: "0.9.0"
netdata:
domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1"
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.19.0"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "22.0"
postgres_version: "10"
allowed_sender_domain: true
restic:
volume_folder: "{{ volume_root_folder }}/restic"
pre_deploy_tasks: true
remote_user: dc-user
remote_domain: rynkeby.skovgaard.tel
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic
version: "1.7.0"
disabled_in_vagrant: true
# mail dance
domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true
mail_from: "backup@noreply.{{ base_domain }}"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
pre_deploy_tasks: true
post_deploy_tasks: true
username: "docker"
password: "{{ docker_password }}"
version: "2"
### External services ###
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
pre_deploy_tasks: true
version: 28-apache
postgres_version: "10"
redis_version: 7-alpine
allowed_sender_domain: true
forgejo:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/forgejo"
version: "7.0.4"
allowed_sender_domain: true
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
postgres_version: 15-alpine
allowed_sender_domain: true
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
pre_deploy_tasks: true
version: v1.109.0
postgres_version: 15-alpine
allowed_sender_domain: true
element:
domain: "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/element"
pre_deploy_tasks: true
version: v1.11.69
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
pre_deploy_tasks: true
version: "20221009"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
pre_deploy_tasks: true
version: 1.9.9-alpine
postgres_version: 10-alpine
data_coop_website:
domain: "{{ base_domain }}"
www_domain: "www.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/datacoop"
pre_deploy_tasks: true
version: stable
staging_domain: "staging.{{ base_domain }}"
staging_version: staging
slides_2022_website:
domain: "2022.slides.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/slides-2022"
version: latest
fedi_dk_website:
domain: fedi.dk
volume_folder: "{{ volume_website_folder }}/fedidk"
version: latest
vhs_website:
domain: vhs.data.coop
volume_folder: "{{ volume_website_folder }}/vhs"
version: latest
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
volume_folder: "{{ volume_website_folder }}/cryptohagen"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
- "www.ulovlig-logning.dk"
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: "1"
mailu:
domain: "mail.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailu"
pre_deploy_tasks: true
dns: 192.168.203.254
subnet: 192.168.203.0/24
version: "2.0"
postgres_version: 14-alpine
redis_version: alpine
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
pre_deploy_tasks: true
post_deploy_tasks: true
version: v4.2.9
postgres_version: 14-alpine
redis_version: 6-alpine
allowed_sender_domain: true
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
pre_deploy_tasks: true
version: "2"
postgres_version: 14-alpine
allowed_sender_domain: true
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"
volume_folder: "{{ volume_root_folder }}/membersystem"
version: latest
postgres_version: 13-alpine
allowed_sender_domain: true
writefreely:
domain: "write.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/writefreely"
pre_deploy_tasks: true
version: v0.15.0
mariadb_version: "11.2"
allowed_sender_domain: true
watchtower:
volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3"
diun:
version: "4.28"
volume_folder: "{{ volume_root_folder }}/diun"
matrix_user: "@diun:data.coop"
matrix_room: "#datacoop-services-update:data.coop"
### Uptime monitoring ###
uptime_kuma:
domain: "uptime.{{ base_domain }}"
status_domain: "status.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
pre_deploy_tasks: true
version: "latest"
services_exclude: []
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
docker_rootless: false
docker_rootless_user: rootlessdocker
docker_rootless_user_uid: 1102

26
roles/docker/tasks/block.yml
View file

@ -1,26 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Create volume folder for service {{ service.name }}
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file for service {{ service.name }}
template:
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Run pre-deployment tasks for service {{ service.name }}
include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy Compose stack for service {{ service.name }}
command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service {{ service.name }}
include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

122
roles/docker/tasks/main.yml
View file

@ -1,44 +1,114 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add Docker PGP key
apt_key:
keyserver: pgp.mit.edu
id: 8D81803C0EBFCD88
- name: Add Docker apt PGP key
ansible.builtin.apt_key:
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
url: https://download.docker.com/linux/debian/gpg
state: present
- name: Add Docker apt repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu bionic stable
ansible.builtin.apt_repository:
filename: docker
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
update_cache: true
- name: Install Docker
apt:
name: "{{ pkgs }}"
state: present
vars:
pkgs:
ansible.builtin.apt:
name:
- containerd.io
- docker-ce
- docker-ce-cli
- docker-buildx-plugin
- docker-compose-plugin
state: present
- name: Configure cron job to prune unused Docker data weekly
cron:
- name: Create group for Docker socket
ansible.builtin.group:
name: docker
state: present
- name: Configure rootful Docker
when: not docker_rootless
block:
- name: Make sure Docker is running
ansible.builtin.service:
name: docker
enabled: true
state: started
- name: Configure cron job to prune unused Docker data weekly
ansible.builtin.cron:
name: Prune unused Docker data
cron_file: ansible_docker_prune
job: 'docker system prune -fa && docker volume prune -fa'
job: docker system prune -fa --volumes --filter "until=6h"
special_time: weekly
user: root
state: present
- name: Create folder structure for bind mounts
file:
name: "{{ item }}"
state: directory
loop:
- "{{ volume_root_folder }}"
- "{{ volume_website_folder }}"
- name: Configure rootless Docker
when: docker_rootless
block:
- name: Make sure rootful Docker is stopped and disabled
ansible.builtin.systemd_service:
name: docker
enabled: false
scope: system
state: stopped
- name: Set up services
import_tasks: services.yml
tags:
- setup_services
- name: Install packages needed by rootless Docker
ansible.builtin.apt:
name:
- docker-ce-rootless-extras
- uidmap
- dbus-user-session
- fuse-overlayfs
- slirp4netns
state: present
- name: Create user for rootless Docker
ansible.builtin.user:
name: "{{ docker_rootless_user }}"
uid: "{{ docker_rootless_user_uid }}"
comment: Rootless Docker User
groups:
- docker
state: present
- name: Enable lingering for Docker user
ansible.builtin.command:
cmd: loginctl enable-linger {{ docker_rootless_user }}
creates: /var/lib/systemd/linger/{{ docker_rootless_user }}
- name: Set DOCKER_HOST environment variable globally
ansible.builtin.lineinfile:
path: /etc/profile
regexp: '^export DOCKER_HOST='
line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
state: present
- name: Run rootless Docker setup script
ansible.builtin.command:
cmd: dockerd-rootless-setuptool.sh install
creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
become: true
become_user: "{{ docker_rootless_user }}"
- name: Make sure rootless Docker is running
ansible.builtin.systemd_service:
name: docker.service
enabled: true
scope: user
state: started
become: true
become_user: "{{ docker_rootless_user }}"
- name: Configure cron job to prune unused Docker data weekly
ansible.builtin.cron:
name: Prune unused Docker data
cron_file: ansible_docker_rootless_prune
job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
special_time: weekly
user: "{{ docker_rootless_user }}"
state: present

19
roles/docker/tasks/post_deploy/mastodon.yml
View file

@ -1,19 +0,0 @@
# vim: ft=yaml.ansible
---
- name: Configure cron job to remove old Mastodon media daily
cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker exec mastodon-web-1 tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

226
roles/services/defaults/main.yml Normal file
View file

@ -0,0 +1,226 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
volume_root_folder: "/docker-volumes"
volume_website_folder: "{{ volume_root_folder }}/websites"
services:
### Internal services ###
postfix:
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
pre_deploy_tasks: true
version: "v3.6.1-alpine"
nginx_proxy:
volume_folder: "{{ volume_root_folder }}/nginx"
pre_deploy_tasks: true
version: "1.3-alpine"
acme_companion_version: "2.2"
openldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
pre_deploy_tasks: true
version: "1.5.0"
phpldapadmin_version: "0.9.0"
netdata:
domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1"
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.19.0"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "22.0"
postgres_version: "10"
allowed_sender_domain: true
restic:
volume_folder: "{{ volume_root_folder }}/restic"
pre_deploy_tasks: true
remote_user: dc-user
remote_domain: rynkeby.skovgaard.tel
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic
version: "1.7.0"
# mail dance
domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true
mail_from: "backup@noreply.{{ base_domain }}"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
pre_deploy_tasks: true
post_deploy_tasks: true
username: "docker"
password: "{{ docker_password }}"
version: "2"
### External services ###
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
pre_deploy_tasks: true
version: 28-apache
postgres_version: "10"
redis_version: 7-alpine
allowed_sender_domain: true
forgejo:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/forgejo"
version: "1.21.8-0"
allowed_sender_domain: true
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
postgres_version: 15-alpine
allowed_sender_domain: true
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
pre_deploy_tasks: true
version: v1.98.0
postgres_version: 15-alpine
allowed_sender_domain: true
element:
domain: "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/element"
pre_deploy_tasks: true
version: v1.11.51
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
pre_deploy_tasks: true
version: "20221009"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
pre_deploy_tasks: true
version: 1.9.9-alpine
postgres_version: 10-alpine
data_coop_website:
domain: "{{ base_domain }}"
www_domain: "www.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/datacoop"
pre_deploy_tasks: true
version: stable
staging_domain: "staging.{{ base_domain }}"
staging_version: staging
slides_2022_website:
domain: "2022.slides.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/slides-2022"
version: latest
fedi_dk_website:
domain: fedi.dk
volume_folder: "{{ volume_website_folder }}/fedidk"
version: latest
vhs_website:
domain: vhs.data.coop
volume_folder: "{{ volume_website_folder }}/vhs"
version: latest
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
volume_folder: "{{ volume_website_folder }}/cryptohagen"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
- "www.ulovlig-logning.dk"
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: "1"
mailu:
domain: "mail.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailu"
pre_deploy_tasks: true
dns: 192.168.203.254
subnet: 192.168.203.0/24
version: "2.0"
postgres_version: 14-alpine
redis_version: alpine
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
pre_deploy_tasks: true
version: v4.2.8
postgres_version: 14-alpine
redis_version: 6-alpine
allowed_sender_domain: true
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
pre_deploy_tasks: true
version: "2"
postgres_version: 14-alpine
allowed_sender_domain: true
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"
volume_folder: "{{ volume_root_folder }}/membersystem"
version: latest
postgres_version: 13-alpine
allowed_sender_domain: true
writefreely:
domain: "write.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/writefreely"
pre_deploy_tasks: true
version: v0.15.0
mariadb_version: "11.2"
allowed_sender_domain: true
watchtower:
volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3"
diun:
version: "4.27"
volume_folder: "{{ volume_root_folder }}/diun"
### Uptime monitoring ###
uptime_kuma:
domain: "uptime.{{ base_domain }}"
status_domain: "status.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
pre_deploy_tasks: true
version: "latest"
services_exclude: []
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"

0
roles/docker/files/element/riot.im.conf → roles/services/files/element/riot.im.conf
View file

0
roles/docker/files/mastodon/postgresql.conf → roles/services/files/mastodon/postgresql.conf
View file

0
roles/docker/files/matrix/log.config → roles/services/files/matrix/log.config
View file

0
roles/docker/files/privatebin/conf.php → roles/services/files/privatebin/conf.php
View file

0
roles/docker/files/sso/sso.data.coop.pem → roles/services/files/sso/sso.data.coop.pem
View file

0
roles/docker/files/vhost/base_domain → roles/services/files/vhost/base_domain
View file

0
roles/docker/files/vhost/docker_registry → roles/services/files/vhost/docker_registry
View file

0
roles/docker/files/vhost/element → roles/services/files/vhost/element
View file

0
roles/docker/files/vhost/mastodon → roles/services/files/vhost/mastodon
View file

0
roles/docker/files/vhost/matrix → roles/services/files/vhost/matrix
View file

0
roles/docker/files/vhost/nextcloud → roles/services/files/vhost/nextcloud
View file

0
roles/docker/files/vhost/uptime_kuma → roles/services/files/vhost/uptime_kuma
View file

0
roles/docker/files/vhost/www.base_domain → roles/services/files/vhost/www.base_domain
View file

1
roles/docker/handlers/main.yml → roles/services/handlers/main.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: restart nginx
command: docker compose restart proxy

30
roles/services/tasks/block.yml Normal file
View file

@ -0,0 +1,30 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create volume folder for service '{{ service.name }}'
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file for service '{{ service.name }}'
template:
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Run pre-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy service '{{ service.name }}'
when: deploy_services is defined and deploy_services
block:
- name: Deploy Compose stack for service '{{ service.name }}'
ansible.builtin.command:
cmd: docker compose up -d --remove-orphans
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

15
roles/services/tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create folder structure for bind mounts
file:
name: "{{ item }}"
state: directory
loop:
- "{{ volume_root_folder }}"
- "{{ volume_website_folder }}"
- name: Set up services
import_tasks: services.yml
tags:
- setup_services

3
roles/docker/tasks/post_deploy/docker_registry.yml → roles/services/tasks/post_deploy/docker_registry.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Generate htpasswd file
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
@ -8,6 +9,6 @@
- name: log in to registry
docker_login:
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
registry: docker.data.coop
username: docker
password: "{{ docker_password }}"

1
roles/docker/tasks/pre_deploy/data_coop_website.yml → roles/services/tasks/pre_deploy/data_coop_website.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Upload vhost config for root domain
copy:

1
roles/docker/tasks/pre_deploy/docker_registry.yml → roles/services/tasks/pre_deploy/docker_registry.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/element.yml → roles/services/tasks/pre_deploy/element.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder
file:

1
roles/docker/tasks/pre_deploy/hedgedoc.yml → roles/services/tasks/pre_deploy/hedgedoc.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

3
roles/docker/tasks/pre_deploy/mailu.yml → roles/services/tasks/pre_deploy/mailu.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:
@ -34,7 +35,6 @@
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard
force: true
when: letsencrypt_enabled
- name: Hard link to Let's Encrypt TLS key
file:
@ -42,4 +42,3 @@
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard
force: true
when: letsencrypt_enabled

19
roles/docker/tasks/pre_deploy/mastodon.yml → roles/services/tasks/pre_deploy/mastodon.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder for Mastodon data
file:
@ -43,3 +44,21 @@
copy:
src: mastodon/postgresql.conf
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
- name: Configure cron job to remove old Mastodon media daily
ansible.builtin.cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
ansible.builtin.cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

1
roles/docker/tasks/pre_deploy/matrix.yml → roles/services/tasks/pre_deploy/matrix.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/nextcloud.yml → roles/services/tasks/pre_deploy/nextcloud.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/nginx_proxy.yml → roles/services/tasks/pre_deploy/nginx_proxy.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/openldap.yml → roles/services/tasks/pre_deploy/openldap.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/postfix.yml → roles/services/tasks/pre_deploy/postfix.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set up network for Postfix
docker_network:

1
roles/docker/tasks/pre_deploy/privatebin.yml → roles/services/tasks/pre_deploy/privatebin.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolders
file:

1
roles/docker/tasks/pre_deploy/rallly.yml → roles/services/tasks/pre_deploy/rallly.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder
file:

1
roles/docker/tasks/pre_deploy/restic.yml → roles/services/tasks/pre_deploy/restic.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create SSH directory
file:

0
roles/docker/tasks/pre_deploy/uptime_kuma.yml → roles/services/tasks/pre_deploy/uptime_kuma.yml
View file

1
roles/docker/tasks/pre_deploy/writefreely.yml → roles/services/tasks/pre_deploy/writefreely.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder for MariaDB data
file:

9
roles/docker/tasks/services.yml → roles/services/tasks/services.yml
View file

@ -1,4 +1,5 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set up external services network
docker_network:
@ -12,9 +13,7 @@
name: "{{ item }}"
vars: "{{ services[item] }}"
loop: "{{ services_include }}"
when: single_service is not defined and
(item.vars.disabled_in_vagrant is not defined or
not (item.vars.disabled_in_vagrant and vagrant))
when: single_service is not defined
- name: Deploy single service
include_tasks:
@ -23,6 +22,4 @@
service:
name: "{{ single_service }}"
vars: "{{ services[single_service] }}"
when: single_service is defined and single_service in services and
(services[single_service].disabled_in_vagrant is not defined or
not (services[single_service].disabled_in_vagrant and vagrant))
when: single_service is defined and single_service in services

4
roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 → roles/services/templates/compose-files/cryptoaarhus_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/cryptohagen_website.yml.j2 → roles/services/templates/compose-files/cryptohagen_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/data_coop_website.yml.j2 → roles/services/templates/compose-files/data_coop_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

10
roles/docker/templates/compose-files/diun.yml.j2 → roles/services/templates/compose-files/diun.yml.j2
View file

@ -1,5 +1,6 @@
# vim: ft=yaml.ansible
---
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.5"
services:
@ -16,11 +17,6 @@ services:
- "DIUN_WATCH_JITTER=30s"
- "DIUN_PROVIDERS_DOCKER=true"
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
- "DIUN_NOTIF_MATRIX_HOMESERVERURL=https://{{ services.matrix.domain }}"
- "DIUN_NOTIF_MATRIX_USER={{ services.diun.matrix_user }}"
- "DIUN_NOTIF_MATRIX_ROOMID={{ services.diun.matrix_room }}"
- "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_secrets.matrix_password }}"
- "DIUN_NOTIF_MATRIX_MSGTYPE=text"
labels:
- "diun.enable=true"
restart: always

4
roles/docker/templates/compose-files/docker_registry.yml.j2 → roles/services/templates/compose-files/docker_registry.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/drone.yml.j2 → roles/services/templates/compose-files/drone.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/element.yml.j2 → roles/services/templates/compose-files/element.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/fedi_dk_website.yml.j2 → roles/services/templates/compose-files/fedi_dk_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/forgejo.yml.j2 → roles/services/templates/compose-files/forgejo.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/hedgedoc.yml.j2 → roles/services/templates/compose-files/hedgedoc.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/keycloak.yml.j2 → roles/services/templates/compose-files/keycloak.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/mailu.yml.j2 → roles/services/templates/compose-files/mailu.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/mastodon.yml.j2 → roles/services/templates/compose-files/mastodon.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
x-sidekiq: &sidekiq
image: tootsuite/mastodon:{{ services.mastodon.version }}
restart: always

6
roles/docker/templates/compose-files/matrix.yml.j2 → roles/services/templates/compose-files/matrix.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:
@ -12,7 +14,7 @@ services:
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
synapse:
image: ghcr.io/element-hq/synapse:{{ services.matrix.version }}
image: matrixdotorg/synapse:{{ services.matrix.version }}
restart: unless-stopped
networks:
- default

4
roles/docker/templates/compose-files/membersystem.yml.j2 → roles/services/templates/compose-files/membersystem.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/netdata.yml.j2 → roles/services/templates/compose-files/netdata.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/nextcloud.yml.j2 → roles/services/templates/compose-files/nextcloud.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

5
roles/docker/templates/compose-files/nginx_proxy.yml.j2 → roles/services/templates/compose-files/nginx_proxy.yml.j2
View file

@ -1,3 +1,6 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:
@ -19,7 +22,6 @@ services:
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
{% if letsencrypt_enabled %}
acme:
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
restart: always
@ -31,7 +33,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- proxy
{% endif %}
networks:
external_services:

4
roles/docker/templates/compose-files/openldap.yml.j2 → roles/services/templates/compose-files/openldap.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/passit.yml.j2 → roles/services/templates/compose-files/passit.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/portainer.yml.j2 → roles/services/templates/compose-files/portainer.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/postfix.yml.j2 → roles/services/templates/compose-files/postfix.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/privatebin.yml.j2 → roles/services/templates/compose-files/privatebin.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/rallly.yml.j2 → roles/services/templates/compose-files/rallly.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

8
roles/docker/templates/compose-files/restic.yml.j2 → roles/services/templates/compose-files/restic.yml.j2
View file

@ -1,12 +1,14 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:
backup:
image: mazzolino/restic:{{ services.restic.version }}
restart: always
hostname: {{ inventory_hostname_short }}
domainname: {{ inventory_hostname }}
hostname: {{ hostname }}
domainname: {{ fqdn }}
environment:
RUN_ON_STARTUP: false
BACKUP_CRON: "0 30 3 * * *"

4
roles/docker/templates/compose-files/slides_2022_website.yml.j2 → roles/services/templates/compose-files/slides_2022_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 → roles/services/templates/compose-files/ulovliglogning_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/uptime_kuma.yml.j2 → roles/services/templates/compose-files/uptime_kuma.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: '3.3'
services:

4
roles/docker/templates/compose-files/vhs_website.yml.j2 → roles/services/templates/compose-files/vhs_website.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/watchtower.yml.j2 → roles/services/templates/compose-files/watchtower.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

4
roles/docker/templates/compose-files/writefreely.yml.j2 → roles/services/templates/compose-files/writefreely.yml.j2
View file

@ -1,4 +1,6 @@
# vim: ft=yaml.docker-compose
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8"
services:

0
roles/docker/templates/element/config.json.j2 → roles/services/templates/element/config.json.j2
View file

0
roles/docker/templates/mailu/env.j2 → roles/services/templates/mailu/env.j2
View file

0
roles/docker/templates/mastodon/env.j2 → roles/services/templates/mastodon/env.j2
View file

0
roles/docker/templates/matrix/homeserver.yaml.j2 → roles/services/templates/matrix/homeserver.yaml.j2
View file

0
roles/docker/templates/rallly/env.j2 → roles/services/templates/rallly/env.j2
View file

0
roles/docker/templates/restic/failure.sh.j2 → roles/services/templates/restic/failure.sh.j2
View file

0
roles/docker/templates/restic/ssh.config.j2 → roles/services/templates/restic/ssh.config.j2
View file

0
roles/docker/templates/restic/ssh.known_hosts.j2 → roles/services/templates/restic/ssh.known_hosts.j2
View file

0
roles/docker/templates/restic/success.sh.j2 → roles/services/templates/restic/success.sh.j2
View file

0
roles/docker/templates/writefreely/config.ini.j2 → roles/services/templates/writefreely/config.ini.j2
View file

Some files were not shown because too many files have changed in this diff Show more