Compare commits
3 commits
main
...
woodpecker
Author | SHA1 | Date | |
---|---|---|---|
Sam A. | ae52815876 | ||
Sam A. | abba932693 | ||
Víðir Valberg Guðmundsson | a70306f325 |
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,4 +1,4 @@
|
||||||
*.retry
|
playbook.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
|
|
|
@ -26,9 +26,6 @@ Here is a summary of the options that can be used with the script:
|
||||||
# deploy the ubuntu_base role only
|
# deploy the ubuntu_base role only
|
||||||
./deploy.sh base
|
./deploy.sh base
|
||||||
|
|
||||||
# deploy user setup only
|
|
||||||
./deploy.sh users
|
|
||||||
|
|
||||||
# deploy the docker role only
|
# deploy the docker role only
|
||||||
./deploy.sh services
|
./deploy.sh services
|
||||||
|
|
||||||
|
|
10
Vagrantfile
vendored
10
Vagrantfile
vendored
|
@ -13,8 +13,7 @@ Vagrant.configure(2) do |config|
|
||||||
config.vm.hostname = "datacoop"
|
config.vm.hostname = "datacoop"
|
||||||
|
|
||||||
config.vm.provider :virtualbox do |v|
|
config.vm.provider :virtualbox do |v|
|
||||||
v.cpus = 8
|
v.memory = 8192
|
||||||
v.memory = 16384
|
|
||||||
end
|
end
|
||||||
|
|
||||||
config.vm.provision :ansible do |ansible|
|
config.vm.provision :ansible do |ansible|
|
||||||
|
@ -27,12 +26,7 @@ Vagrant.configure(2) do |config|
|
||||||
if provisioned?
|
if provisioned?
|
||||||
config.ssh.guest_port = PORT
|
config.ssh.guest_port = PORT
|
||||||
ansible.extra_vars = {
|
ansible.extra_vars = {
|
||||||
ansible_port: PORT,
|
ansible_port: PORT
|
||||||
from_vagrant: true
|
|
||||||
}
|
|
||||||
else
|
|
||||||
ansible.extra_vars = {
|
|
||||||
from_vagrant: true
|
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,3 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
ask_vault_pass = True
|
|
||||||
inventory = datacoop_hosts
|
|
||||||
interpreter_python = /usr/bin/python3
|
|
||||||
remote_user = root
|
remote_user = root
|
||||||
retry_files_enabled = True
|
inventory = datacoop_hosts
|
||||||
use_persistent_connections = True
|
|
||||||
forks = 10
|
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
[production]
|
######################################
|
||||||
hevonen.servers.data.coop ansible_port=19022
|
### All hosts
|
||||||
|
85.209.118.131 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
||||||
[monitoring]
|
|
||||||
uptime.data.coop
|
|
||||||
|
|
12
deploy.sh
12
deploy.sh
|
@ -4,16 +4,14 @@ usage () {
|
||||||
{
|
{
|
||||||
echo "Usage: $0 [--vagrant]"
|
echo "Usage: $0 [--vagrant]"
|
||||||
echo "Usage: $0 [--vagrant] base"
|
echo "Usage: $0 [--vagrant] base"
|
||||||
echo "Usage: $0 [--vagrant] users"
|
|
||||||
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
||||||
} >&2
|
} >&2
|
||||||
}
|
}
|
||||||
|
|
||||||
BASE_CMD="ansible-playbook playbook.yml"
|
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||||
|
|
||||||
if [ "$1" = "--vagrant" ]; then
|
if [ "$1" = "--vagrant" ]; then
|
||||||
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||||
VAGRANT_VAR="from_vagrant"
|
|
||||||
shift
|
shift
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -30,17 +28,17 @@ else
|
||||||
"services")
|
"services")
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
echo "Deploying all services!"
|
echo "Deploying all services!"
|
||||||
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags setup_services
|
||||||
else
|
else
|
||||||
echo "Deploying service: $2"
|
echo "Deploying service: $2"
|
||||||
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
$BASE_CMD --tags setup_services --extra-vars "single_service=$2"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
"base")
|
"base")
|
||||||
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags base_only
|
||||||
;;
|
;;
|
||||||
"users")
|
"users")
|
||||||
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
$BASE_CMD --tags setup-users
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
|
|
|
@ -1,185 +1,141 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
31303330643235313132323363306532616164646565636532646131386663633330333335353938
|
66323763353537626539666332316663373864616237386436666239366561366431396430626530
|
||||||
6632373337386339323566373163306435663562303663320a666438653936356335653534353464
|
3132383163653632383133393861373235623931636136390a353132383763626437373065663430
|
||||||
37373932623562326430396132316138373930383365313433646536343839636637386232306235
|
64643662393961303936323265343663656431666563653633646532373563663263616634333764
|
||||||
6566393031643037340a643463373163663062643932353931646366306566346230336362623561
|
3766333631343961370a373237343531383863336632373862663435643239353934626637356365
|
||||||
30323138333636343165666239393138653462396538386139376432346335373066363366613535
|
30666332626666333530656135343866613161643034383634373736636436636166346562666331
|
||||||
38623130333434386266393363306139333666393537663161626666323262646364636136393736
|
30396437306263363564363862303737646232623266653032343230303965366338623238343134
|
||||||
37656438373365353335633237326635636263653534353961396562646535303764613564306133
|
61353835663136383531663765653038323762313932313733646338623931353865363933333338
|
||||||
39373362343133643536383937386633373437333763636331663761646432663636373738373332
|
39336434373137353738316336663038366334663231616263633565613464306439356235656630
|
||||||
36383638363539663034303536636264336230636630636331336438333338356431666332313931
|
33396331313036623661353464626263393962306638353433343535613964353966313462613235
|
||||||
66653738656263613739333835366139633335643661373135396333346361343032303832353562
|
36383563386461353036323164353539616135353761346361313363373266393464363864373633
|
||||||
61376531343861656532626630623330336362373666343863373738306430616530373565663438
|
33636637366235383264353765383438646130373162323730663363303862333564383439633261
|
||||||
37373131646233656533633466356162326162616433613964616530393734336438326133373763
|
64663961363161623037393830616466366632633661393463303732323365353665373435633537
|
||||||
65663266313939363361396231663564663664393363373061646436653535663338336138373961
|
66356166336232366438333533616233363465623034623233363438346139656138336631366231
|
||||||
66303662323930376564313562376661336162316430316439313565633935323835386561356333
|
33383238633532323665306338643562636135396566663537643733393931316131623262373164
|
||||||
61393330333965633764633364366336646166353031613438373234333436326330336537643464
|
66393062376666383734393334646463616162363935343363303165393665613066306431366164
|
||||||
32383732336166303535393837353061353333386363356162323966336138363864663464356430
|
64326564393464646664663839373563353966663063396434313362623664613834626636363233
|
||||||
62396530393234666339346537616637323334383365663732663365653636383036616263303362
|
33343562343539663332346361316330383830623436306362373966366438653534313561366539
|
||||||
38623063623035616336346562396263336236376435386264336632336165336463613932383465
|
34356166623562396361356161303739613230333663613232663861313331663233326633643530
|
||||||
37323634633831363938616137373335653130303465383939303332333131363866303863383965
|
64353933626237636435303736623063373463326265633236653366303039313233623837306132
|
||||||
62333866333830666361613637333230363566333035366664353034303766633264643365343566
|
65366235663666316631623361303634383539396661323232616338386133373330646365303238
|
||||||
30326530383562633764643630363963646337363865343431353530353036616434363062313132
|
39306431366337333764373965623563383061323364396564366435376163663139346164323231
|
||||||
37393661326139613732636236633239653837333063646566653861643635363537386137393434
|
63366435343761303562393933313263303265383237616261663838333430333935626563666162
|
||||||
64616437363666653664303132666630376665646666323733376164653636623465623964336638
|
31363264356333663337313833353239316163643961393131346136633561623037636130353166
|
||||||
33623838616330353265333733343261356462613665653530333431343732646136346164626534
|
38646239623433613031646465326431623461383036356266643534346430363033316230656662
|
||||||
34343463646262623464613832393963633366353835393531653634623234393230343430666161
|
39643636383863336436363134633336613638356635623035313766633335323731343837393536
|
||||||
62306164616636616461306464333536333265313765326665626331363463363038393935653334
|
31343861336237356234633366643932323366653461373636646131393935656162613238343263
|
||||||
64646132393835656366643239303063333233303331373961346631633034343136623663666462
|
32333962333239643733333363303233633333383733336262373463623935663531313830653935
|
||||||
64306262636636346131333662626639323865343435373037306130366566343230656338626537
|
32346334393463636465383738306163326464373961376436663264356165306463353861306361
|
||||||
62336234373136326330306633306637326239356439326339373839383130623836383338373561
|
37356134346135633137643634656432633366643761616433393239363831323335356639343337
|
||||||
32646163616336623838373436303464643937333164643639623631393764623064626235303733
|
37623330363333356466636637336563303465343738363638663837653534303364663935313463
|
||||||
61633063303962343931333437313031653435636432393531393130336234613462343838366363
|
36653333376233343637346365666364393237306531626165333966393663633165356339663765
|
||||||
35383134303137633833363233376365666538333535306434373139333633386630636161636261
|
66663361643533616539653833303562373834663932626539383363653338636362383633623534
|
||||||
63373339386364326231366634303962636437353336346461336661396566623034306132326332
|
36653666343835663530393665383863393133353261616139616362353062623137393565323634
|
||||||
33633434326365353438313362616664393264633937393762336264633061313134656536363062
|
35356163323432303435626336353866303836623064366464336161636162343862333761343030
|
||||||
37303861663732336238386331363164363436363966393534613332393230666266616364303661
|
64613165646362643366373730643665303261323635313632353439353736376565333662653437
|
||||||
31323633656332643839616434313066643833616639353562386432663538366563633766393639
|
38396438366539383765653635326265633535363738323835636563666663386435633331616239
|
||||||
33636534363263633261323533666366366665323437346431653464646233303636366231626535
|
36313166363138653531373061633966633337643530623333646537383231336639343932653634
|
||||||
33373134333163373633313739626636303830383232616663636639646564643436313331643334
|
32393335636534333963663035303236356436393637363030313031353832623432656233376430
|
||||||
37663132343030666566333431633136653064626466626362373864613334663737326233313138
|
64333563333433373334643530366164353765346138303730663561356335613239333136326237
|
||||||
38336261663765633331393766333965613364306136333362626466623235303033396362346365
|
63356566663033313363646664643639386366383765646230343632623061626334623564613338
|
||||||
36633963333561366265633633303262393832336364333365313336383066363065316133303634
|
34313633326565353839396164663536613561643232353736303336613864313330323638356364
|
||||||
65363037646566323831363365653937623966323735353439353339616439306534663831653663
|
30633335323438613636343964323431366364633031643235636330623935363266623939336631
|
||||||
34623537666435313661326631326235313130363938643635666531636165306539663630366265
|
63393733396332636335366539333939383831663039313933343336663539323435373963666131
|
||||||
65323234613133663337363466336663633464316361656564326136633064373365373239363662
|
33343638303537636134666236616566356234393031343461376439363133393834363565313065
|
||||||
37323834633163653938633435323763333539396532393664653162643832646535353262336631
|
63333638393236663538616436386164303732383539393261633135643930643435636637373736
|
||||||
61386237663136336338663165613238663035386361643135333361383666643432396363363132
|
64653333656235656161303166336233393864386263363330643264636263303563636463316364
|
||||||
66323832643339346534373066326333396232386166383161383764633338373533623236346366
|
65396231393531343265663234366530396665333830343434316433303361333539303734383934
|
||||||
33373138303864323532363761313762376439343130316432613933353033363536336337363566
|
35383936363435393231353532613534396231366630366461346235613436373537656335393966
|
||||||
31396133663330323665313033656436396238623630633465313734343063633537323939356337
|
35666661633364326336666238346261616334303936613864633936613130333030343334396235
|
||||||
62306364633765323834333836316161366531643763333434383062363032653164353037336562
|
30623136343934633636613062353230323961376639373033386132316132623932343432356266
|
||||||
61653332333062643362386665633665306662356532653031383365356632643861363038383137
|
31333037656630333761633236303136633235636138653133363430613963393738383032643737
|
||||||
36326666356231396433363538666131353839353366323934343532306532633866623733663138
|
36363037353630643137396661393736383035663963653465613437663865393565626438353264
|
||||||
33376665333430653533383439373463323661666165333636353434643739386363356536333837
|
61646330343730656539373866363666393636373962366131306264313364366530653035373031
|
||||||
39313365643039386638623731386635363632376139666638643734303035386564376136656537
|
61306461323038353261353430323133386135623433306564326237643334326264643932316434
|
||||||
39356162346164313839373931653139386464653232633339616166306235323232336139306538
|
61623066323935373761616463636537666133303863333161393361626661623632656637336639
|
||||||
32623135666535633462613430646637313030343933653461333230656564396663653364633238
|
36383538346633393265323130633037616364613934376337326566656237373363393738386366
|
||||||
30336161323431323337636135323539663466323637313366376535666132663662356239366339
|
36386335646432646234336137623663336637323461663538316232656130633863336330383363
|
||||||
66373830336132336439653637366664656230323834623039306337636433663931373138616466
|
34646530353539336432633165353039663338653139396365373664393030663164666432313265
|
||||||
30616437376435643535303237313831383534656634353265386565376564623431616263643334
|
63396563306138383166396366616638373631616637633330666463343035333633346437393664
|
||||||
65613633656533646138663138393831623330363635313662653264646636396461326664633362
|
64353736626432393632643263616139653131663264313466306664616437323739613936653839
|
||||||
38633765316333373363616563346230393866363365623862333162306263613938373663633963
|
36653366396336376430623962373361343762363465373133663739313536323263633164373230
|
||||||
31363639613238316334333437326631353830383734393765303037346436343036386437653637
|
35613466643839643831623138393137316661386234336131633763303731393663373364616131
|
||||||
32636139313464383264376663393730363038343831336565663565383135653139663765303239
|
36383834633738326234663765383662383832323465383534353834633461333265656539633238
|
||||||
31653036623138316566666461313665663462383662343461353332366634666437363263373864
|
64646665323938613735366165353361356236636163626535376131303464353365366234646438
|
||||||
30323564343934386666666338373238383333303939626237363131346261386562663566323365
|
65316531356239663838323130393061646562653464633230353337316133333036626161336432
|
||||||
37316563653231346336343166646661393431363739346237303161363838613237666533353034
|
66303438633139333964633766366262333235303262653733383934313638343336633566666338
|
||||||
64623435376462613961326333393930346663353737386130346461616638363639386364313266
|
31633132653738326439326439616630323636666361646634663334366566396234633065626162
|
||||||
34353465326632356233343633636331343638333937303562356133363432323939633865316630
|
38643565353738616232666330326365633264646637623836323761343866336635393436336331
|
||||||
33353539653162333734653338363764313439376439656435313932626431313930346662633838
|
33663830643934633163353438343436303030343531666335326236376564333466343163643430
|
||||||
39636463393861396531633833343264393339323133316566356562613932663131633631303065
|
35393031333834366335656431313033643936313839316431396333386135663761633562626163
|
||||||
31323937663764613563333736313733326639643961653161303237353165343939666461396263
|
39366438393532363430326432356135356532646162306333663163613031336136353132656538
|
||||||
34323136356632336138643162326163653331616561626263616132393734396237666434326264
|
31653762386538656663346263663531653063626463326534636337303639303561626334633935
|
||||||
65653837383063306436643466383964386661643336343230393436326139313963633036613065
|
65666139663461343466643861393762316330316431613765653239316537616434626535396139
|
||||||
31393930386463626131653565393932386462313236623531616235393064656237663837346539
|
35376434356533656336623839656138386565303266396532303665346264623034643664656137
|
||||||
34333730666337353537613564363531363831323035353532363366363731306335316138366361
|
62633064356566366438626331633933373630363164373434613233386535633532653130376436
|
||||||
37353438326130366439303136356636653030666464366436366566626464626262663838393462
|
34353336633966313365373439623633353364393838343335306665383361323766353431393662
|
||||||
34626662396239636536666433636436316535363539636261343131313430613765353836643133
|
31356533333834383832333031386365316461376563646561646333313063393532303162393231
|
||||||
38653839336663353663313535633231363765636633666363386561303039313438353838643561
|
61336165663938363437396564626430376362353736623232653430613464626234326234663335
|
||||||
32643131623162386661653464623461623434313733643564343435386636326531633136306139
|
37373633306533363830353662633038306139626136663839383631623230396333313937653733
|
||||||
38613937336132653238616561356338303264393962306431356463613764613364363738323366
|
39313163316161326263306530353465336363626530333966343934373866303664316536363466
|
||||||
31326562613764386533353135643737323161616363656362326262653765353764626166363338
|
33343766393561643864366665353239366336323335656665303735326633323432333938323862
|
||||||
34646231633764383962326135323164326565343034656430326531653231666633666465336231
|
66656230373937396465323731616133336533383966353564663364303538613362313139343865
|
||||||
62366635356566613766643832386234383766363236306638623133643036643662396430623330
|
64383233613038626437613162663232373666363062373531373331343237306135333230303636
|
||||||
31396239366338656565346563313430353463366465373534636536393131303166333263613663
|
31626537633637653961666638393330643932656234316363323339353930303738346336646266
|
||||||
36393864663636333666396566303638646166346665303765343531313661376632623137613131
|
63346234333833376563656264383834363630613932306262376666356663613831393732636532
|
||||||
32653031343861363831646635356232353836363536613834343663326261623262336336393838
|
64333638616364633965383034356232373065333232623961643239326565623063386339303064
|
||||||
35623638636538626566353864343362633264366435383633333562366365326432663839613934
|
64653162663239376335383732383838386631333837323238393366363836373463656639646261
|
||||||
34323466396565303963333531346362363338623537343439666265353332303230356533323834
|
32616238363463333339393138303333326461666663303238343839376632323539396235373766
|
||||||
61333838356665653138346337336532333931616432353936306261356537663036643064333964
|
66356464393739616138346235643564386664393130613336343235633531646530306236616361
|
||||||
39643065303032393932323136363264316264386131353035383933386535303632613033633363
|
61656465666566336132383035393636356134633131666438363661646364323764373961343864
|
||||||
66346437333465653633626235336336353738343036326265376162383163326530373032663335
|
33613963343961626665353733356432346439646638643939626562326364386533366135306433
|
||||||
66643663666166366165396137383133396635336237343161303666393437303538316661336335
|
34343961323537333233383633343635383436363232666166336131323262613135393532616161
|
||||||
32396434323532303238303538303864393031303832346161303535386461666161316565646539
|
38633635646563646563303262383461333439653562383564303261303033376337343831343431
|
||||||
37303261336435323139663962316562346265343064346562393633616666653066623466316634
|
35343632633138626364313433656364613439633531343136316436613231373233326362663736
|
||||||
61346263366161366232386138666131323162333031623533303739646336623864613333323662
|
33323664306430336235666238336631303735626630336139353764643366353931306437653039
|
||||||
35363539646433323430313839633363393936356438313037613434663161653964366635363464
|
34383433323662306164363462333934333463646136386564323764663862366235373632666662
|
||||||
62643539393631386531313966643339383865623065393936666235653035376139656663616336
|
30386266373830636664613332353265366164353035306232353230393838303363613666396539
|
||||||
65663136326466616161376232316463643834356531336362336163343637326238663836363734
|
66386663366439373566396334653335633662323230656132666631306432663836616462346264
|
||||||
30363032653962306530633562636161396634363131633065326433363136316666633738343966
|
63346338666337663062626532353835316135616661323563636662333238653933613530313765
|
||||||
66303939383232373738373965393934653439396666623039353933633935393731653839623737
|
30303864653037393131626631633338326235656632656339326463383061393635346333373730
|
||||||
35376338363338306332353539313664303962353064306434323530623161323064633766643035
|
65386631336462363436346166366130383235396664303631383065666566343461393838633739
|
||||||
38363234343036616335393461643964386664616134313831663565633366616633626266393937
|
63636334333462666131393430663335383466313762666134393062373238653730633864323137
|
||||||
31623435646138646131356164313936656639393532343630663933613066333432666132363338
|
66643639383265656338323063356463626531346561336164656364633733343731373833376261
|
||||||
30356136303763376465396637613565386661333265633636643435313035313064383936306437
|
33616663323837333266646635393564383439613630336566383336313036333933333230666230
|
||||||
39626265643862313435343465643063656266373035356538393262363561356433323134333537
|
34646334306666626138333233343332366237646165636538326264663635373438656431636435
|
||||||
66663233313832326136366163623337373835663961313938636134613933663534333730333761
|
35666334323035663933333764313564393536663335336561343734343662623939336531303235
|
||||||
39313334346364623431646439386162633961316161393636656139303966626265623035366335
|
64393333313962333737616639663234393833633332643430326163323865613632663463346635
|
||||||
66666634363036326631376562623039303961663136366461313637343932303338356334383139
|
35326632626363346536663563616334663366613734616562626165376335613165306531303932
|
||||||
38383133306436303261643535353532383538613764616233363864656665633264623236623537
|
65623031386563326665303536646531306235613034336263393436363536303565656138303931
|
||||||
31353335343064626465626130356433366531306338623830623139316462316662633665663164
|
30663237306161626130653663663365323030613635343563653465386561626361353532643737
|
||||||
38363363656237326239633930623862663230623464663031363463356133626166353433633535
|
36626466626234376462373732653936326363376639613563653361366339363538383431383136
|
||||||
63343231326438383535356235343530393361636465363933356164323565326566303034383466
|
61303134333665393039633263323238623539653233323732363163353762623730306366306134
|
||||||
63323136643835623563393666333030656534333565316466333266663365346561363937336665
|
65663661633331393137396661313530663638383236656333393638356164643537663935343063
|
||||||
32323637366138303233373565333932626435306130633064656336623764366130323534333039
|
34383039363832623663323661663530303534636635653631393536653837333766616161623839
|
||||||
64613934383530343036343334396439373066326264353638353462613266663935343436353130
|
38383830326266353362613232643036393365633261333933363931313830666537363338633337
|
||||||
38616238313133363732343634663962666435656330396536643836326636373032623734353832
|
66303166393430653263646338653539316234613432373763393664636631383737306236643431
|
||||||
32313064663164626534336363376131656438623035646263666336633862613833323565656437
|
33396234386562346165346239343838323133653461646165643538666231323561376166393231
|
||||||
63616463613732663966643039653761633231616462363761336231313335363165646134356137
|
39333534393961656234373235616332306639373764653164393232363535646239383432343963
|
||||||
38633963393264653139356333626534303936326563326433363164623131393562393533383564
|
36343134363631626434323335303136346536393266363735316437333165366538373535333866
|
||||||
62646532643366376333373364646139363635323034613262386265383066303365323134633836
|
36626537636465376533616130363564626238356162623539316133306663333763393033333663
|
||||||
66666536653264393138326436393037373537393561613864343730366135353166633765323938
|
63383462643938373262643435623132653730346564383537633537303034326366616661393062
|
||||||
38306562326238613331343337306239376165636562666433356266313030613136656162646166
|
31316532383035383632633535303564626238613438653265366261663033326463316366656266
|
||||||
36303966373931363463383631386136313262633136383637626562353336306465613435336434
|
65636462323832353565383334646239393636323635623230343537646338613861633532343962
|
||||||
32303136393638396233393232386534643733626539653961366637316135373439386432643264
|
36616432653936356266626533383433376663373838653533366631386262353337383236373166
|
||||||
63663837306461376461306664366538396436386234366638626263303735323661393839343938
|
33373139323765326135356431613235346431623931333362663463646630336332616337333535
|
||||||
36393264306132313130326435636266643363616438613538303530306434636331333033323138
|
34336130366564303136653933303233663538353561396430313937363536663961333431323435
|
||||||
39656337666635363263316363363133616538356336646337373762613666323663656665383733
|
35316537393462316334366163346663623933653861376637336338383837303233623434353238
|
||||||
31623433396466383939306666373562303330373731323864363266323261383736353465633662
|
34383866636361333061393630376431323165353036373435646566326461333737313038656135
|
||||||
38356130353233663161623139653465646238363630643239386634623262303836333232303239
|
31623466316339353463393165626236333763396434396638646461393434353132373030613633
|
||||||
61313930346263643565333534373430653430363965373037646639633638333861346262373433
|
32393032353730656562666431383236653461656566643332363034636134653737343537306136
|
||||||
65346133636162396332373130356238346438626330373163326632323137333862373436363133
|
65316437376265323439326234653363353336343631363630613533303837313535306666313461
|
||||||
37373663396461613062616664336662373432383863333536366465313838333835653966353661
|
63623339383432353739616664396666336638316131653133363066633461646336356636376534
|
||||||
38343336316136316532613661306336636131653236663336396638316136626434303533323365
|
34663730666436613733336439653031306561616263373235346461306335616166303637343462
|
||||||
38356534353530633766646466663266613735396333386263356662613939373030396436363530
|
38663364636536663764383164306436373563346562643038613065336366363939376136646332
|
||||||
38333939623534356266323237623835373038663534616532326665346631616665616665666663
|
65353261346434316534313766633139623937366265316130646138656535303031626230326463
|
||||||
33633266333630646563363637666562336339393138326435373836336566346661646464613730
|
32653530613139313534316132653531613438313339333163376665666539313661663430353336
|
||||||
39616438373062656130393134353535313232376266386262623862383162366662626231373338
|
32663930326561646536393232393730386464643364366130356464633934316261643435303734
|
||||||
37373561376435323361316337636239366263656336303636346436373363663164343333656538
|
39363666333362396266343331633266653539343862386535363736333363623035353866363335
|
||||||
32633835353436623565393538643563646630366633343632633532396433616139303766666435
|
64626339313631306266373338323163393632353433643036353762396162666562653831623235
|
||||||
30373235373262633134383033363137316366316563613662313437663832356165353661666533
|
39373332626536323866
|
||||||
63343138393230333335323938666566623365623762643563633036613339636537366264333138
|
|
||||||
62656265363261663233396266616466333332633266326661373736353135383563313666633765
|
|
||||||
37316430633763326438326263643766396137363333353035623036346662303834376463613162
|
|
||||||
30363938396638336565303535663831326135393061383634646430343931373135636638333866
|
|
||||||
64623032366163386530313563656266376334343835366665633362643339643534643738373839
|
|
||||||
34323134636330383963353439376436323530373066623435376230306435333832633964653639
|
|
||||||
39373235353262383864303430336635393435656430646233613461306135643230666437393361
|
|
||||||
36616134356461616534646535396338656138616636396538373031626136323264323936366633
|
|
||||||
61373631306538363437323934316434663735323533656364393135613761326337303833383934
|
|
||||||
37383162356162373737336666663430343334356532333335363463623238643662333232333336
|
|
||||||
31376639386632626161303232653363626637376630333733343035323539623463626132373763
|
|
||||||
36613535623064636163643236383336653934663739326264653362333237303237393335613339
|
|
||||||
30323030353632613434393636336562363064306332663931393061393964393661363163326632
|
|
||||||
37353434656464333532343263363961613866643338396335656131373134333665353437613837
|
|
||||||
37336533366635616138366566666635366634613633616533373966336637303334613731316436
|
|
||||||
66376565643033383162373166373665633362313164643530356561383630343531346436343663
|
|
||||||
62313836323530623535356532303362333436643434663131653539646331346535666133336162
|
|
||||||
37653036376165333364373661386262633030363165353638386139646266623365306338383963
|
|
||||||
36373732356364333166386566653835663466346630356438323866636564663966363832613862
|
|
||||||
64623831646261333064663939613763323466336431343861386537633337396637383330333633
|
|
||||||
32636436343564633365616331626465613163333465373961656631373736373430396633393733
|
|
||||||
64386534353131666438346362376462636331353761636535663234613731356130666534323735
|
|
||||||
35636162323234386435646132396366326165663234653637363139303162613832346333383665
|
|
||||||
64323737306634613530633636643761346461326130663234373363326230616331336430353261
|
|
||||||
38346630356136333966656562343730356234643537323635653532396337373331363537393662
|
|
||||||
33373862336232623563636436643239623837623862386638353361383830303365333362353665
|
|
||||||
33666236363035616363326462376337363736333234613133383636396464306236386238333863
|
|
||||||
39316237326638663535646361393939393938656335653262633063326132663331343235626364
|
|
||||||
35366532333161343562383763653130306235633934393066356239653565633962343235643036
|
|
||||||
62333363323065663137393736383964613061393131376637363031393335306534626230383139
|
|
||||||
35333437613963386664646336383637323534366635336264333039643861396561373461636439
|
|
||||||
30323831333335393365383834386138626664653531333830363862363330346466646432656663
|
|
||||||
62383534343131636331353763356166386339303564353035383466353636636335653333383431
|
|
||||||
30616133383565623430326534396432376331636161393930366263366539343332666631616530
|
|
||||||
36383937313164663631626163646339623365653937616634656235303039636439646335616561
|
|
||||||
31623135366136333766663833333932383032343438376336366533636466353666633437353338
|
|
||||||
33386166386231353430646665323164363961666538343537313734343465366333383763666666
|
|
||||||
33326363656134613031393033646435333937353865316161626137633939333934316536643830
|
|
||||||
37386364356233353964326661386564656132643937366665353139653533336331323138356633
|
|
||||||
35656562663961343238386132636331636439383236383761306337626262303764656431303964
|
|
||||||
62646133323361643162313231376633663231313833633964613862353265336538633261643834
|
|
||||||
62353230316334363363343133626530643832356631353937353334613538616366396438383338
|
|
||||||
39336366623332363966383535373365666263383231356532346533386262643465306430336462
|
|
||||||
64623764333861663031
|
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
# These are the variables contained in secrets.yml
|
# These are the variables contained in secrets.yml
|
||||||
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||||
---
|
|
||||||
postgres_passwords:
|
postgres_passwords:
|
||||||
nextcloud: xxx
|
nextcloud: xxx
|
||||||
passit: xxx
|
passit: xxx
|
||||||
gitea: xxx
|
gitea: xxx
|
||||||
matrix: xxx
|
matrix: xxx
|
||||||
|
codimd: xxx
|
||||||
mailu: xxx
|
mailu: xxx
|
||||||
keycloak: xxx
|
keycloak: xxx
|
||||||
hedgedoc: xxx
|
|
||||||
mastodon: xxx
|
mastodon: xxx
|
||||||
rallly: xxx
|
rallly: xxx
|
||||||
membersystem: xxx
|
membersystem: xxx
|
||||||
|
@ -31,9 +31,8 @@ drone_secrets:
|
||||||
rpc_shared_secret: xxx
|
rpc_shared_secret: xxx
|
||||||
|
|
||||||
restic_secrets:
|
restic_secrets:
|
||||||
repository_password: xxx
|
user_secret: xxx
|
||||||
ssh_privkey: xxx
|
encryption_secret: xxx
|
||||||
uptime_kuma_url: xxx
|
|
||||||
|
|
||||||
matrix_secrets:
|
matrix_secrets:
|
||||||
registration_shared_secret: xxx
|
registration_shared_secret: xxx
|
||||||
|
@ -55,8 +54,3 @@ rallly_secrets:
|
||||||
|
|
||||||
membersystem_secrets:
|
membersystem_secrets:
|
||||||
secret_key: xxx
|
secret_key: xxx
|
||||||
stripe_api_key: xxx
|
|
||||||
stripe_endpoint_secret: xxx
|
|
||||||
|
|
||||||
diun:
|
|
||||||
matrix_password: xxx
|
|
||||||
|
|
|
@ -31,5 +31,4 @@ users:
|
||||||
groups:
|
groups:
|
||||||
- sudo
|
- sudo
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- hosts: production
|
- hosts: all
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
ldap_dn: "dc=data,dc=coop"
|
ldap_dn: "dc=data,dc=coop"
|
||||||
|
|
||||||
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||||
letsencrypt_enabled: "{{ not vagrant }}"
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
|
|
||||||
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
|
@ -15,9 +15,6 @@
|
||||||
smtp_host: "postfix"
|
smtp_host: "postfix"
|
||||||
smtp_port: "587"
|
smtp_port: "587"
|
||||||
|
|
||||||
services_exclude:
|
|
||||||
- uptime_kuma
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- import_role:
|
||||||
name: ubuntu_base
|
name: ubuntu_base
|
||||||
|
|
|
@ -1,229 +1,212 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
volume_website_folder: "{{ volume_root_folder }}/websites"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
### Internal services ###
|
### Internal services ###
|
||||||
postfix:
|
postfix:
|
||||||
|
file: postfix.yml
|
||||||
domain: "smtp.{{ base_domain }}"
|
domain: "smtp.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/postfix"
|
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||||
pre_deploy_tasks: true
|
version: "v3.5.1-alpine"
|
||||||
version: "v3.6.1-alpine"
|
|
||||||
|
|
||||||
nginx_proxy:
|
nginx_proxy:
|
||||||
|
file: nginx_proxy.yml
|
||||||
|
version: "1.0-alpine"
|
||||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||||
pre_deploy_tasks: true
|
|
||||||
version: "1.3-alpine"
|
nginx_acme_companion:
|
||||||
acme_companion_version: "2.2"
|
version: "2.2"
|
||||||
|
|
||||||
openldap:
|
openldap:
|
||||||
|
file: openldap.yml
|
||||||
domain: "ldap.{{ base_domain }}"
|
domain: "ldap.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
pre_deploy_tasks: true
|
|
||||||
version: "1.5.0"
|
version: "1.5.0"
|
||||||
phpldapadmin_version: "0.9.0"
|
|
||||||
|
phpldapadmin:
|
||||||
|
version: "0.9.0"
|
||||||
|
|
||||||
netdata:
|
netdata:
|
||||||
|
file: netdata.yml
|
||||||
domain: "netdata.{{ base_domain }}"
|
domain: "netdata.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/netdata"
|
|
||||||
version: "v1"
|
version: "v1"
|
||||||
|
|
||||||
portainer:
|
portainer:
|
||||||
|
file: portainer.yml
|
||||||
domain: "portainer.{{ base_domain }}"
|
domain: "portainer.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
version: "2.19.0"
|
version: "2.16.2"
|
||||||
|
|
||||||
keycloak:
|
keycloak:
|
||||||
|
file: keycloak.yml
|
||||||
domain: sso.{{ base_domain }}
|
domain: sso.{{ base_domain }}
|
||||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
version: "22.0"
|
version: "20.0"
|
||||||
postgres_version: "10"
|
postgres_version: "10"
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
restic:
|
restic:
|
||||||
volume_folder: "{{ volume_root_folder }}/restic"
|
file: restic_backup.yml
|
||||||
pre_deploy_tasks: true
|
user: "datacoop"
|
||||||
remote_user: dc-user
|
domain: "restic.cannedtuna.org"
|
||||||
remote_domain: rynkeby.skovgaard.tel
|
repository: "datacoop-hevonen"
|
||||||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
version: "1.6.0"
|
||||||
repository: restic
|
|
||||||
version: "1.7.0"
|
|
||||||
disabled_in_vagrant: true
|
disabled_in_vagrant: true
|
||||||
# mail dance
|
|
||||||
domain: "noreply.{{ base_domain }}"
|
|
||||||
allowed_sender_domain: true
|
|
||||||
mail_from: "backup@noreply.{{ base_domain }}"
|
|
||||||
|
|
||||||
docker_registry:
|
docker_registry:
|
||||||
|
file: docker_registry.yml
|
||||||
domain: "docker.{{ base_domain }}"
|
domain: "docker.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||||
pre_deploy_tasks: true
|
|
||||||
post_deploy_tasks: true
|
|
||||||
username: "docker"
|
username: "docker"
|
||||||
password: "{{ docker_password }}"
|
password: "{{ docker_password }}"
|
||||||
version: "2"
|
version: "2"
|
||||||
|
|
||||||
### External services ###
|
### External services ###
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
|
file: nextcloud.yml
|
||||||
domain: "cloud.{{ base_domain }}"
|
domain: "cloud.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
pre_deploy_tasks: true
|
version: 25-apache
|
||||||
version: 28-apache
|
|
||||||
postgres_version: "10"
|
postgres_version: "10"
|
||||||
redis_version: 7-alpine
|
redis_version: 7-alpine
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
forgejo:
|
gitea:
|
||||||
|
file: gitea.yml
|
||||||
domain: "git.{{ base_domain }}"
|
domain: "git.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/forgejo"
|
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||||
version: "7.0.5"
|
version: 1.18
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
passit:
|
passit:
|
||||||
|
file: passit.yml
|
||||||
domain: "passit.{{ base_domain }}"
|
domain: "passit.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/passit"
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
version: stable
|
version: stable
|
||||||
postgres_version: 15-alpine
|
postgres_version: "10"
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
matrix:
|
matrix:
|
||||||
|
file: matrix_riot.yml
|
||||||
domain: "matrix.{{ base_domain }}"
|
domain: "matrix.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
pre_deploy_tasks: true
|
version: v1.63.1
|
||||||
version: v1.114.0
|
postgres_version: "10"
|
||||||
postgres_version: 15-alpine
|
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
element:
|
riot:
|
||||||
domain: "element.{{ base_domain }}"
|
domains:
|
||||||
volume_folder: "{{ volume_root_folder }}/element"
|
- "riot.{{ base_domain }}"
|
||||||
pre_deploy_tasks: true
|
- "element.{{ base_domain }}"
|
||||||
version: v1.11.80
|
volume_folder: "{{ volume_root_folder }}/riot"
|
||||||
|
version: v1.11.8
|
||||||
|
|
||||||
privatebin:
|
privatebin:
|
||||||
|
file: privatebin.yml
|
||||||
domain: "paste.{{ base_domain }}"
|
domain: "paste.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||||
pre_deploy_tasks: true
|
version: 20221009
|
||||||
version: "20221009"
|
|
||||||
|
codimd:
|
||||||
|
file: codimd.yml
|
||||||
|
domain: "oldpad.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||||
|
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
|
file: hedgedoc.yml
|
||||||
domain: "pad.{{ base_domain }}"
|
domain: "pad.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
pre_deploy_tasks: true
|
version: 1.9.6-alpine
|
||||||
version: 1.9.9-alpine
|
|
||||||
postgres_version: 10-alpine
|
postgres_version: 10-alpine
|
||||||
|
|
||||||
data_coop_website:
|
data_coop_website:
|
||||||
domain: "{{ base_domain }}"
|
file: websites/data.coop.yml
|
||||||
www_domain: "www.{{ base_domain }}"
|
domains:
|
||||||
volume_folder: "{{ volume_website_folder }}/datacoop"
|
- "{{ base_domain }}"
|
||||||
pre_deploy_tasks: true
|
- "www.{{ base_domain }}"
|
||||||
version: stable
|
|
||||||
staging_domain: "staging.{{ base_domain }}"
|
new_data_coop_website:
|
||||||
staging_version: staging
|
file: websites/new.data.coop.yml
|
||||||
|
domain: "new.{{ base_domain }}"
|
||||||
|
version: hugo
|
||||||
|
|
||||||
slides_2022_website:
|
slides_2022_website:
|
||||||
|
file: websites/2022.slides.data.coop.yml
|
||||||
domain: "2022.slides.{{ base_domain }}"
|
domain: "2022.slides.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_website_folder }}/slides-2022"
|
|
||||||
version: latest
|
|
||||||
|
|
||||||
fedi_dk_website:
|
|
||||||
domain: fedi.dk
|
|
||||||
volume_folder: "{{ volume_website_folder }}/fedidk"
|
|
||||||
version: latest
|
|
||||||
|
|
||||||
vhs_website:
|
|
||||||
domain: vhs.data.coop
|
|
||||||
volume_folder: "{{ volume_website_folder }}/vhs"
|
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
cryptohagen_website:
|
cryptohagen_website:
|
||||||
|
file: websites/cryptohagen.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "cryptohagen.dk"
|
- "cryptohagen.dk"
|
||||||
- "www.cryptohagen.dk"
|
- "www.cryptohagen.dk"
|
||||||
volume_folder: "{{ volume_website_folder }}/cryptohagen"
|
|
||||||
|
|
||||||
ulovliglogning_website:
|
ulovliglogning_website:
|
||||||
|
file: websites/ulovliglogning.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "ulovliglogning.dk"
|
- "ulovliglogning.dk"
|
||||||
- "www.ulovliglogning.dk"
|
- "www.ulovliglogning.dk"
|
||||||
- "ulovlig-logning.dk"
|
- "ulovlig-logning.dk"
|
||||||
- "www.ulovlig-logning.dk"
|
|
||||||
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
|
|
||||||
|
|
||||||
cryptoaarhus_website:
|
cryptoaarhus_website:
|
||||||
|
file: websites/cryptoaarhus.dk.yml
|
||||||
domains:
|
domains:
|
||||||
- "cryptoaarhus.dk"
|
- "cryptoaarhus.dk"
|
||||||
- "www.cryptoaarhus.dk"
|
- "www.cryptoaarhus.dk"
|
||||||
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
|
|
||||||
|
|
||||||
drone:
|
drone:
|
||||||
|
file: drone.yml
|
||||||
domain: "drone.{{ base_domain }}"
|
domain: "drone.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/drone"
|
volume_folder: "{{ volume_root_folder }}/drone"
|
||||||
version: "1"
|
version: 1
|
||||||
|
|
||||||
|
woodpecker:
|
||||||
|
file: woodpecker.yml
|
||||||
|
domain: "ci.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/woodpecker"
|
||||||
|
version: v0.15
|
||||||
|
|
||||||
mailu:
|
mailu:
|
||||||
|
file: mailu.yml
|
||||||
|
version: 1.9
|
||||||
domain: "mail.{{ base_domain }}"
|
domain: "mail.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
|
||||||
pre_deploy_tasks: true
|
|
||||||
dns: 192.168.203.254
|
dns: 192.168.203.254
|
||||||
subnet: 192.168.203.0/24
|
subnet: 192.168.203.0/24
|
||||||
version: "2.0"
|
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||||
postgres_version: 14-alpine
|
|
||||||
redis_version: alpine
|
|
||||||
|
|
||||||
mastodon:
|
mastodon:
|
||||||
|
file: mastodon.yml
|
||||||
domain: "social.{{ base_domain }}"
|
domain: "social.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||||
pre_deploy_tasks: true
|
version: v4.0.2
|
||||||
post_deploy_tasks: true
|
|
||||||
version: v4.2.10
|
|
||||||
postgres_version: 14-alpine
|
postgres_version: 14-alpine
|
||||||
redis_version: 6-alpine
|
redis_version: 6-alpine
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
rallly:
|
rallly:
|
||||||
|
file: rallly.yml
|
||||||
domain: "when.{{ base_domain }}"
|
domain: "when.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
pre_deploy_tasks: true
|
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
|
||||||
version: "2"
|
|
||||||
postgres_version: 14-alpine
|
postgres_version: 14-alpine
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
pinafore:
|
||||||
|
file: pinafore.yml
|
||||||
|
domain: "pinafore.{{ base_domain }}"
|
||||||
|
version: v2.5.0
|
||||||
|
|
||||||
membersystem:
|
membersystem:
|
||||||
|
file: membersystem.yml
|
||||||
domain: "member.{{ base_domain }}"
|
domain: "member.{{ base_domain }}"
|
||||||
django_admins: "Vidir:valberg@orn.li,Balder:benjaoming@data.coop"
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
volume_folder: "{{ volume_root_folder }}/membersystem"
|
|
||||||
version: latest
|
version: latest
|
||||||
postgres_version: 13-alpine
|
postgres_version: 13-alpine
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
writefreely:
|
|
||||||
domain: "write.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/writefreely"
|
|
||||||
pre_deploy_tasks: true
|
|
||||||
version: v0.15.0
|
|
||||||
mariadb_version: "11.2"
|
|
||||||
allowed_sender_domain: true
|
|
||||||
|
|
||||||
watchtower:
|
watchtower:
|
||||||
volume_folder: "{{ volume_root_folder }}/watchtower"
|
file: watchtower.yml
|
||||||
version: "1.5.3"
|
version: amd64-1.5.1
|
||||||
|
|
||||||
diun:
|
|
||||||
version: "4.28"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/diun"
|
|
||||||
matrix_user: "@diun:data.coop"
|
|
||||||
matrix_room: "#datacoop-services-update:data.coop"
|
|
||||||
|
|
||||||
### Uptime monitoring ###
|
|
||||||
uptime_kuma:
|
|
||||||
domain: "uptime.{{ base_domain }}"
|
|
||||||
status_domain: "status.{{ base_domain }}"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
|
|
||||||
pre_deploy_tasks: true
|
|
||||||
version: "latest"
|
|
||||||
|
|
||||||
services_exclude: []
|
|
||||||
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
|
|
||||||
|
|
|
@ -339,7 +339,7 @@ database:
|
||||||
user: "synapse"
|
user: "synapse"
|
||||||
password: "{{ postgres_passwords.matrix }}"
|
password: "{{ postgres_passwords.matrix }}"
|
||||||
database: "synapse"
|
database: "synapse"
|
||||||
host: "postgres"
|
host: "matrix_db"
|
||||||
port: "5432"
|
port: "5432"
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
cp_max: 10
|
cp_max: 10
|
||||||
|
@ -676,8 +676,15 @@ report_stats: false
|
||||||
|
|
||||||
## API Configuration ##
|
## API Configuration ##
|
||||||
|
|
||||||
room_prejoin_state:
|
# A list of event types that will be included in the room_invite_state
|
||||||
disable_default_event_types: false
|
#
|
||||||
|
room_invite_state_types:
|
||||||
|
- "m.room.join_rules"
|
||||||
|
- "m.room.canonical_alias"
|
||||||
|
- "m.room.avatar"
|
||||||
|
- "m.room.encryption"
|
||||||
|
- "m.room.name"
|
||||||
|
|
||||||
|
|
||||||
# A list of application service config file to use
|
# A list of application service config file to use
|
||||||
#
|
#
|
||||||
|
@ -820,10 +827,23 @@ password_config:
|
||||||
# If your SMTP server requires authentication, the optional smtp_user &
|
# If your SMTP server requires authentication, the optional smtp_user &
|
||||||
# smtp_pass variables should be used
|
# smtp_pass variables should be used
|
||||||
#
|
#
|
||||||
email:
|
#email:
|
||||||
smtp_host: "{{ smtp_host }}"
|
# enable_notifs: false
|
||||||
smtp_port: {{ smtp_port }}
|
# smtp_host: "localhost"
|
||||||
notif_from: "{{ services.matrix.domain }} <no-reply@{{ services.matrix.domain }}>"
|
# smtp_port: 25
|
||||||
|
# smtp_user: "exampleusername"
|
||||||
|
# smtp_pass: "examplepassword"
|
||||||
|
# require_transport_security: False
|
||||||
|
# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>"
|
||||||
|
# app_name: Matrix
|
||||||
|
# # if template_dir is unset, uses the example templates that are part of
|
||||||
|
# # the Synapse distribution.
|
||||||
|
# #template_dir: res/templates
|
||||||
|
# notif_template_html: notif_mail.html
|
||||||
|
# notif_template_text: notif_mail.txt
|
||||||
|
# notif_for_new_users: True
|
||||||
|
# riot_base_url: "http://localhost/riot"
|
||||||
|
|
||||||
|
|
||||||
#password_providers:
|
#password_providers:
|
||||||
# - module: "ldap_auth_provider.LdapAuthProvider"
|
# - module: "ldap_auth_provider.LdapAuthProvider"
|
|
@ -1,5 +1,5 @@
|
||||||
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@db:5432/rallly_db"
|
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||||
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||||
SMTP_HOST="{{ smtp_host }}"
|
SMTP_HOST="{{ smtp_host }}"
|
|
@ -1,4 +0,0 @@
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
|
@ -1,6 +1,8 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: restart nginx
|
- name: "restart nginx"
|
||||||
command: docker compose restart proxy
|
community.docker.docker_container:
|
||||||
args:
|
name: "nginx-proxy"
|
||||||
chdir: "{{ services.nginx_proxy.volume_folder }}"
|
restart: "yes"
|
||||||
|
state: "started"
|
||||||
|
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create volume folder for service {{ service.name }}
|
|
||||||
file:
|
|
||||||
name: "{{ service.vars.volume_folder }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload Compose file for service {{ service.name }}
|
|
||||||
template:
|
|
||||||
src: compose-files/{{ service.name }}.yml.j2
|
|
||||||
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
|
||||||
owner: root
|
|
||||||
mode: u=rw,go=
|
|
||||||
|
|
||||||
- name: Run pre-deployment tasks for service {{ service.name }}
|
|
||||||
include_tasks: pre_deploy/{{ service.name }}.yml
|
|
||||||
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
|
||||||
|
|
||||||
- name: Deploy Compose stack for service {{ service.name }}
|
|
||||||
command: docker compose up -d --remove-orphans --pull always
|
|
||||||
args:
|
|
||||||
chdir: "{{ service.vars.volume_folder }}"
|
|
||||||
|
|
||||||
- name: Run post-deployment tasks for service {{ service.name }}
|
|
||||||
include_tasks: post_deploy/{{ service.name }}.yml
|
|
||||||
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
|
@ -1,44 +1,38 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Add Docker PGP key
|
- name: add docker gpg key
|
||||||
apt_key:
|
apt_key:
|
||||||
keyserver: pgp.mit.edu
|
keyserver: pgp.mit.edu
|
||||||
id: 8D81803C0EBFCD88
|
id: 8D81803C0EBFCD88
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Add Docker apt repository
|
- name: add docker apt repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Install Docker
|
- name: install docker-ce
|
||||||
apt:
|
apt:
|
||||||
name: "{{ pkgs }}"
|
name: docker-ce
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: install docker python bindings
|
||||||
|
pip:
|
||||||
|
executable: pip3
|
||||||
|
name: "{{ packages }}"
|
||||||
state: present
|
state: present
|
||||||
vars:
|
vars:
|
||||||
pkgs:
|
packages:
|
||||||
- docker-ce
|
- docker
|
||||||
- docker-compose-plugin
|
- docker-compose
|
||||||
|
|
||||||
- name: Configure cron job to prune unused Docker data weekly
|
- name: create folder structure for bind mounts
|
||||||
cron:
|
|
||||||
name: Prune unused Docker data
|
|
||||||
cron_file: ansible_docker_prune
|
|
||||||
job: 'docker system prune -fa && docker volume prune -fa'
|
|
||||||
special_time: weekly
|
|
||||||
user: root
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Create folder structure for bind mounts
|
|
||||||
file:
|
file:
|
||||||
name: "{{ item }}"
|
name: "{{ volume_root_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
|
||||||
- "{{ volume_root_folder }}"
|
|
||||||
- "{{ volume_website_folder }}"
|
|
||||||
|
|
||||||
- name: Set up services
|
- name: setup services
|
||||||
import_tasks: services.yml
|
import_tasks: services.yml
|
||||||
tags:
|
tags:
|
||||||
- setup_services
|
- setup_services
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Generate htpasswd file
|
|
||||||
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
|
||||||
args:
|
|
||||||
chdir: "{{ services.docker_registry.volume_folder }}"
|
|
||||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
|
||||||
|
|
||||||
- name: log in to registry
|
|
||||||
docker_login:
|
|
||||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
|
||||||
username: docker
|
|
||||||
password: "{{ docker_password }}"
|
|
|
@ -1,19 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Configure cron job to remove old Mastodon media daily
|
|
||||||
cron:
|
|
||||||
name: Clean Mastodon media data older than a week
|
|
||||||
cron_file: ansible_mastodon_clean_media
|
|
||||||
job: docker exec mastodon-web-1 tootctl media remove --days 7
|
|
||||||
special_time: daily
|
|
||||||
user: root
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Configure cron job to remove old Mastodon preview cards daily
|
|
||||||
cron:
|
|
||||||
name: Clean Mastodon preview card data older than two weeks
|
|
||||||
cron_file: ansible_mastodon_clean_preview_cards
|
|
||||||
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
|
|
||||||
special_time: daily
|
|
||||||
user: root
|
|
||||||
state: present
|
|
|
@ -1,11 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Upload vhost config for root domain
|
|
||||||
copy:
|
|
||||||
src: vhost/base_domain
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
|
|
||||||
|
|
||||||
- name: Upload vhost config for WWW domain
|
|
||||||
copy:
|
|
||||||
src: vhost/www.base_domain
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"
|
|
|
@ -1,17 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- auth
|
|
||||||
- registry
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Copy docker registry vhost configuration
|
|
||||||
copy:
|
|
||||||
src: vhost/docker_registry
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
|
||||||
mode: "0644"
|
|
|
@ -1,21 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolder
|
|
||||||
file:
|
|
||||||
name: "{{ services.element.volume_folder }}/data"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload config.json
|
|
||||||
template:
|
|
||||||
src: element/config.json.j2
|
|
||||||
dest: "{{ services.element.volume_folder }}/data/config.json"
|
|
||||||
|
|
||||||
- name: Upload riot.im.conf
|
|
||||||
copy:
|
|
||||||
src: element/riot.im.conf
|
|
||||||
dest: "{{ services.element.volume_folder }}/data/riot.im.conf"
|
|
||||||
|
|
||||||
- name: Upload vhost config for Element domain
|
|
||||||
copy:
|
|
||||||
src: vhost/element
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}"
|
|
|
@ -1,17 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- db
|
|
||||||
- hedgedoc/uploads
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Copy SSO certificate
|
|
||||||
copy:
|
|
||||||
src: sso/sso.data.coop.pem
|
|
||||||
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
|
||||||
mode: "0644"
|
|
|
@ -1,45 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- redis
|
|
||||||
- certs
|
|
||||||
- data
|
|
||||||
- dkim
|
|
||||||
- mail
|
|
||||||
- mailqueue
|
|
||||||
- filter
|
|
||||||
- postgres
|
|
||||||
- webmail
|
|
||||||
- overrides
|
|
||||||
- overrides/nginx
|
|
||||||
- overrides/dovecot
|
|
||||||
- overrides/postfix
|
|
||||||
- overrides/rspamd
|
|
||||||
- overrides/snappymail
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Upload mailu.env file
|
|
||||||
template:
|
|
||||||
src: mailu/env.j2
|
|
||||||
dest: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
|
|
||||||
- name: Hard link to Let's Encrypt TLS certificate
|
|
||||||
file:
|
|
||||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
|
||||||
state: hard
|
|
||||||
force: true
|
|
||||||
when: letsencrypt_enabled
|
|
||||||
|
|
||||||
- name: Hard link to Let's Encrypt TLS key
|
|
||||||
file:
|
|
||||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
|
||||||
state: hard
|
|
||||||
force: true
|
|
||||||
when: letsencrypt_enabled
|
|
|
@ -1,45 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolder for Mastodon data
|
|
||||||
file:
|
|
||||||
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
|
|
||||||
state: directory
|
|
||||||
owner: "991"
|
|
||||||
mode: u=rwx,g=rx,o=rx
|
|
||||||
|
|
||||||
- name: Create subfolder for PostgreSQL data
|
|
||||||
file:
|
|
||||||
name: "{{ services.mastodon.volume_folder }}/postgres_data"
|
|
||||||
state: directory
|
|
||||||
owner: "70"
|
|
||||||
mode: u=rwx,go=
|
|
||||||
|
|
||||||
- name: Create subfolder for PostgreSQL config
|
|
||||||
file:
|
|
||||||
name: "{{ services.mastodon.volume_folder }}/postgres_config"
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
mode: u=rwx,g=rx,o=rx
|
|
||||||
|
|
||||||
- name: Create subfolder for Redis data
|
|
||||||
file:
|
|
||||||
name: "{{ services.mastodon.volume_folder }}/redis_data"
|
|
||||||
state: directory
|
|
||||||
owner: "999"
|
|
||||||
group: "1000"
|
|
||||||
mode: u=rwx,g=rx,o=rx
|
|
||||||
|
|
||||||
- name: Upload mastodon.env file
|
|
||||||
template:
|
|
||||||
src: mastodon/env.j2
|
|
||||||
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
|
|
||||||
|
|
||||||
- name: Upload vhost config for Mastodon domain
|
|
||||||
copy:
|
|
||||||
src: vhost/mastodon
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
|
||||||
|
|
||||||
- name: Upload PostgreSQL config
|
|
||||||
copy:
|
|
||||||
src: mastodon/postgresql.conf
|
|
||||||
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
|
|
@ -1,34 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
owner: "991"
|
|
||||||
group: "991"
|
|
||||||
loop:
|
|
||||||
- data
|
|
||||||
- data/uploads
|
|
||||||
- data/media
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Create Matrix DB subfolder
|
|
||||||
file:
|
|
||||||
name: "{{ services.matrix.volume_folder }}/db"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload vhost config for Matrix domain
|
|
||||||
copy:
|
|
||||||
src: vhost/matrix
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
|
||||||
|
|
||||||
- name: Upload homeserver.yaml
|
|
||||||
template:
|
|
||||||
src: matrix/homeserver.yaml.j2
|
|
||||||
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
|
||||||
|
|
||||||
- name: Upload Matrix logging config
|
|
||||||
copy:
|
|
||||||
src: matrix/log.config
|
|
||||||
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
|
|
@ -1,17 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- app
|
|
||||||
- postgres
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Upload vhost config for Nextcloud domain
|
|
||||||
copy:
|
|
||||||
src: vhost/nextcloud
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
|
||||||
notify: "restart nginx"
|
|
|
@ -1,14 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- conf
|
|
||||||
- vhost
|
|
||||||
- html
|
|
||||||
- dhparam
|
|
||||||
- certs
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
|
@ -1,12 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- var/lib/ldap
|
|
||||||
- etc/slapd
|
|
||||||
- certs
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
|
@ -1,13 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Set up network for Postfix
|
|
||||||
docker_network:
|
|
||||||
name: postfix
|
|
||||||
ipam_config:
|
|
||||||
- subnet: '172.16.0.0/16'
|
|
||||||
gateway: 172.16.0.1
|
|
||||||
|
|
||||||
- name: Create subfolder
|
|
||||||
file:
|
|
||||||
name: "{{ services.postfix.volume_folder }}/dkim"
|
|
||||||
state: directory
|
|
|
@ -1,16 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolders
|
|
||||||
file:
|
|
||||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- cfg
|
|
||||||
- data
|
|
||||||
loop_control:
|
|
||||||
loop_var: volume
|
|
||||||
|
|
||||||
- name: Upload PrivateBin config
|
|
||||||
copy:
|
|
||||||
src: privatebin/conf.php
|
|
||||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
|
|
@ -1,11 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolder
|
|
||||||
file:
|
|
||||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Copy rallly.env file
|
|
||||||
template:
|
|
||||||
src: rallly/env.j2
|
|
||||||
dest: "{{ services.rallly.volume_folder }}/rallly.env"
|
|
|
@ -1,72 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create SSH directory
|
|
||||||
file:
|
|
||||||
path: "{{ services.restic.volume_folder }}/ssh"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload private SSH key
|
|
||||||
copy:
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
content: "{{ restic_secrets.ssh_privkey }}"
|
|
||||||
|
|
||||||
- name: Derive public SSH key
|
|
||||||
shell: >-
|
|
||||||
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
|
||||||
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
|
||||||
args:
|
|
||||||
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
||||||
|
|
||||||
- name: Set file permissions on public SSH key
|
|
||||||
file:
|
|
||||||
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
state: touch
|
|
||||||
|
|
||||||
- name: Upload SSH config
|
|
||||||
template:
|
|
||||||
src: restic/ssh.config.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
|
|
||||||
- name: Upload SSH known_hosts file
|
|
||||||
template:
|
|
||||||
src: restic/ssh.known_hosts.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
|
|
||||||
- name: Create scripts directory
|
|
||||||
file:
|
|
||||||
path: "{{ services.restic.volume_folder }}/scripts"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload failure.sh script
|
|
||||||
template:
|
|
||||||
src: restic/failure.sh.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/scripts/failure.sh"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
||||||
|
|
||||||
- name: Upload success.sh script
|
|
||||||
template:
|
|
||||||
src: restic/success.sh.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/scripts/success.sh"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
|
@ -1,9 +0,0 @@
|
||||||
- name: Upload vhost config for uptime domain
|
|
||||||
copy:
|
|
||||||
src: vhost/uptime_kuma
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.domain }}_location"
|
|
||||||
|
|
||||||
- name: Upload vhost config for status domain
|
|
||||||
copy:
|
|
||||||
src: vhost/uptime_kuma
|
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.status_domain }}_location"
|
|
|
@ -1,20 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create subfolder for MariaDB data
|
|
||||||
file:
|
|
||||||
name: "{{ services.writefreely.volume_folder }}/db"
|
|
||||||
owner: "999"
|
|
||||||
group: "999"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Create subfolder for encryption keys
|
|
||||||
file:
|
|
||||||
name: "{{ services.writefreely.volume_folder }}/keys"
|
|
||||||
owner: "2"
|
|
||||||
group: "2"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Upload config.ini
|
|
||||||
template:
|
|
||||||
src: "writefreely/config.ini.j2"
|
|
||||||
dest: "{{ services.writefreely.volume_folder }}/config.ini"
|
|
|
@ -1,28 +1,19 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Set up external services network
|
- name: setup external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: Deploy all services
|
- name: setup services
|
||||||
include_tasks:
|
include_tasks: "services/{{ item.service.file }}"
|
||||||
file: block.yml
|
loop: "{{ services | dict2items(value_name='service') }}"
|
||||||
vars:
|
|
||||||
service:
|
|
||||||
name: "{{ item }}"
|
|
||||||
vars: "{{ services[item] }}"
|
|
||||||
loop: "{{ services_include }}"
|
|
||||||
when: single_service is not defined and
|
when: single_service is not defined and
|
||||||
(item.vars.disabled_in_vagrant is not defined or
|
item.service.file is defined and
|
||||||
not (item.vars.disabled_in_vagrant and vagrant))
|
item.service.disabled_in_vagrant is not defined
|
||||||
|
|
||||||
- name: Deploy single service
|
- name: setup single service
|
||||||
include_tasks:
|
include_tasks: "services/{{ services[single_service].file }}"
|
||||||
file: block.yml
|
when: single_service is defined and
|
||||||
vars:
|
single_service in services and
|
||||||
service:
|
services[single_service].file is defined and
|
||||||
name: "{{ single_service }}"
|
services[single_service].disabled_in_vagrant is not defined
|
||||||
vars: "{{ services[single_service] }}"
|
|
||||||
when: single_service is defined and single_service in services and
|
|
||||||
(services[single_service].disabled_in_vagrant is not defined or
|
|
||||||
not (services[single_service].disabled_in_vagrant and vagrant))
|
|
||||||
|
|
55
roles/docker/tasks/services/codimd.yml
Normal file
55
roles/docker/tasks/services/codimd.yml
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: codimd network
|
||||||
|
docker_network:
|
||||||
|
name: codimd
|
||||||
|
|
||||||
|
- name: create codimd volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.codimd.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "db"
|
||||||
|
- "codimd/uploads"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: codimd database container
|
||||||
|
docker_container:
|
||||||
|
name: codimd_db
|
||||||
|
image: postgres:10
|
||||||
|
state: started
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: codimd
|
||||||
|
volumes:
|
||||||
|
- "{{ services.codimd.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
env:
|
||||||
|
POSTGRES_USER: "codimd"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.codimd }}"
|
||||||
|
|
||||||
|
- name: codimd app container
|
||||||
|
docker_container:
|
||||||
|
name: codimd_app
|
||||||
|
image: hackmdio/hackmd:1.3.0
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: codimd
|
||||||
|
- name: ldap
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ services.codimd.volume_folder }}/codimd/uploads:/codimd/public/uploads"
|
||||||
|
env:
|
||||||
|
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.codimd }}@codimd_db:5432/codimd"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||||
|
CMD_EMAIL: "False"
|
||||||
|
CMD_LDAP_URL: "ldap://openldap"
|
||||||
|
CMD_LDAP_BINDDN: "cn=admin,dc=data,dc=coop"
|
||||||
|
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
|
||||||
|
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
|
||||||
|
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
|
||||||
|
CMD_USECDN: "false"
|
||||||
|
VIRTUAL_HOST: "{{ services.codimd.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.codimd.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
36
roles/docker/tasks/services/docker_registry.yml
Normal file
36
roles/docker/tasks/services/docker_registry.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: copy docker registry nginx configuration
|
||||||
|
copy:
|
||||||
|
src: "files/configs/docker_registry/nginx.conf"
|
||||||
|
dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: docker registry container
|
||||||
|
docker_container:
|
||||||
|
name: registry
|
||||||
|
image: registry:{{ services.docker_registry.version }}
|
||||||
|
restart_policy: always
|
||||||
|
volumes:
|
||||||
|
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||||
|
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
REGISTRY_AUTH: "htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||||
|
|
||||||
|
- name: generate htpasswd file
|
||||||
|
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
args:
|
||||||
|
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
|
||||||
|
- name: log in to registry
|
||||||
|
docker_login:
|
||||||
|
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||||
|
username: "docker"
|
||||||
|
password: "{{ docker_password }}"
|
52
roles/docker/tasks/services/drone.yml
Normal file
52
roles/docker/tasks/services/drone.yml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: set up drone with docker runner
|
||||||
|
docker_compose:
|
||||||
|
project_name: drone
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
drone:
|
||||||
|
container_name: "drone"
|
||||||
|
image: "drone/drone:{{ services.drone.version }}"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- drone
|
||||||
|
volumes:
|
||||||
|
- "{{ services.drone.volume_folder }}:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_GITEA_SERVER: "https://{{ services.gitea.domain }}"
|
||||||
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||||
|
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: "https"
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||||
|
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
drone-runner-docker:
|
||||||
|
container_name: "drone-runner-docker"
|
||||||
|
image: "drone/drone-runner-docker:{{ services.drone.version }}"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- drone
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_RPC_PROTO: "https"
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
drone:
|
||||||
|
external_services:
|
||||||
|
external:
|
||||||
|
name: external_services
|
39
roles/docker/tasks/services/gitea.yml
Normal file
39
roles/docker/tasks/services/gitea.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: gitea network
|
||||||
|
docker_network:
|
||||||
|
name: gitea
|
||||||
|
|
||||||
|
# old DNS: 138.68.71.153
|
||||||
|
- name: gitea container
|
||||||
|
docker_container:
|
||||||
|
name: gitea
|
||||||
|
image: gitea/gitea:{{ services.gitea.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: gitea
|
||||||
|
- name: postfix
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ services.gitea.volume_folder }}:/data"
|
||||||
|
published_ports:
|
||||||
|
- "22:22"
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.gitea.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.gitea.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||||
|
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||||
|
GITEA__mailer__ENABLED: "true"
|
||||||
|
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
|
||||||
|
GITEA__mailer__MAILER_TYPE: "smtp"
|
||||||
|
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
||||||
|
GITEA__mailer__USER: "noop"
|
||||||
|
GITEA__mailer__PASSWD: "noop"
|
||||||
|
GITEA__security__LOGIN_REMEMBER_DAYS: "60"
|
||||||
|
GITEA__security__PASSWORD_COMPLEXITY: "off"
|
||||||
|
GITEA__security__MIN_PASSWORD_LENGTH: "8"
|
||||||
|
GITEA__security__PASSWORD_CHECK_PWN: "true"
|
||||||
|
GITEA__service__ENABLE_NOTIFY_MAIL: "true"
|
||||||
|
GITEA__service__REGISTER_EMAIL_CONFIRM: "true"
|
67
roles/docker/tasks/services/hedgedoc.yml
Normal file
67
roles/docker/tasks/services/hedgedoc.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create hedgedoc volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "db"
|
||||||
|
- "hedgedoc/uploads"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: copy sso public certificate
|
||||||
|
copy:
|
||||||
|
src: "files/sso/sso.data.coop.pem"
|
||||||
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: setup hedgedoc
|
||||||
|
docker_compose:
|
||||||
|
project_name: "hedgedoc"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
services:
|
||||||
|
database:
|
||||||
|
image: "postgres:{{ services.hedgedoc.postgres_version }}"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "codimd"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||||
|
POSTGRES_DB: "codimd"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "hedgedoc"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}"
|
||||||
|
environment:
|
||||||
|
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||||
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||||
|
CMD_EMAIL: "False"
|
||||||
|
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
||||||
|
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
||||||
|
CMD_SAML_ISSUER: "hedgedoc"
|
||||||
|
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||||
|
CMD_USECDN: "false"
|
||||||
|
CMD_PROTOCOL_USESSL: "true"
|
||||||
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
|
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "hedgedoc"
|
||||||
|
- "external_services"
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
|
||||||
|
networks:
|
||||||
|
hedgedoc:
|
||||||
|
external_services:
|
||||||
|
external: true
|
50
roles/docker/tasks/services/keycloak.yml
Normal file
50
roles/docker/tasks/services/keycloak.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup keycloak containers for sso.data.coop
|
||||||
|
docker_compose:
|
||||||
|
project_name: "keycloak"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: "postgres:{{ services.keycloak.postgres_version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "keycloak"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "keycloak"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
POSTGRES_DB: "keycloak"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "keycloak"
|
||||||
|
- "postfix"
|
||||||
|
- "external_services"
|
||||||
|
command:
|
||||||
|
- "start"
|
||||||
|
- "--db=postgres"
|
||||||
|
- "--db-url=jdbc:postgresql://postgres:5432/keycloak"
|
||||||
|
- "--db-username=keycloak"
|
||||||
|
- "--db-password={{ postgres_passwords.keycloak }}"
|
||||||
|
- "--hostname={{ services.keycloak.domain }}"
|
||||||
|
- "--proxy=edge"
|
||||||
|
- "--https-port=8080"
|
||||||
|
- "--http-relative-path=/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
keycloak:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
181
roles/docker/tasks/services/mailu.yml
Normal file
181
roles/docker/tasks/services/mailu.yml
Normal file
|
@ -0,0 +1,181 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create mailu volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- redis
|
||||||
|
- certs
|
||||||
|
- data
|
||||||
|
- dkim
|
||||||
|
- mail
|
||||||
|
- mailqueue
|
||||||
|
- filter
|
||||||
|
- postgres
|
||||||
|
- webmail
|
||||||
|
- overrides
|
||||||
|
- overrides/nginx
|
||||||
|
- overrides/dovecot
|
||||||
|
- overrides/postfix
|
||||||
|
- overrides/rspamd
|
||||||
|
- overrides/rainloop
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: upload mailu.env file
|
||||||
|
template:
|
||||||
|
src: mailu.env.j2
|
||||||
|
dest: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
|
||||||
|
- name: hard link to Let's Encrypt TLS certificate
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
|
state: hard
|
||||||
|
force: yes
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
|
- name: hard link to Let's Encrypt TLS key
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
|
state: hard
|
||||||
|
force: yes
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
|
- name: run mail server containers
|
||||||
|
docker_compose:
|
||||||
|
project_name: mail_server
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: '3.6'
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:14-alpine
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: mailu
|
||||||
|
POSTGRES_USER: mailu
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:alpine
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/redis:/data"
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
front:
|
||||||
|
image: mailu/nginx:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/certs:/certs"
|
||||||
|
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides:ro"
|
||||||
|
expose:
|
||||||
|
- "80"
|
||||||
|
ports:
|
||||||
|
- "993:993"
|
||||||
|
- "25:25"
|
||||||
|
- "587:587"
|
||||||
|
- "465:465"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
|
||||||
|
resolver:
|
||||||
|
image: mailu/unbound:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: mailu/admin:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/data:/data"
|
||||||
|
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
imap:
|
||||||
|
image: mailu/dovecot:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/mail:/mail"
|
||||||
|
- "{{ services.mailu.volume_folder }}/overrides/dovecot:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
image: mailu/postfix:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/mailqueue:/queue"
|
||||||
|
- "{{ services.mailu.volume_folder }}/overrides/postfix:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
antispam:
|
||||||
|
image: mailu/rspamd:{{ services.mailu.version }}
|
||||||
|
hostname: antispam
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||||
|
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
webmail:
|
||||||
|
image: mailu/rainloop:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mailu.volume_folder }}/webmail:/data"
|
||||||
|
- "{{ services.mailu.volume_folder }}/overrides/rainloop:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- imap
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: "{{ services.mailu.subnet }}"
|
||||||
|
external_services:
|
||||||
|
external:
|
||||||
|
name: external_services
|
189
roles/docker/tasks/services/mastodon.yml
Normal file
189
roles/docker/tasks/services/mastodon.yml
Normal file
|
@ -0,0 +1,189 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create mastodon volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
group: "991"
|
||||||
|
loop:
|
||||||
|
- "postgres_data"
|
||||||
|
- "postgres_config"
|
||||||
|
- "redis_data"
|
||||||
|
- "mastodon_data"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy mastodon environment file
|
||||||
|
template:
|
||||||
|
src: files/configs/mastodon/env_file.j2
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
|
|
||||||
|
- name: Upload vhost config for root domain
|
||||||
|
template:
|
||||||
|
src: files/configs/mastodon/vhost-mastodon
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||||
|
|
||||||
|
- name: Copy PostgreSQL config
|
||||||
|
copy:
|
||||||
|
src: files/configs/mastodon/postgresql.conf
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
||||||
|
|
||||||
|
- name: Set up Mastodon
|
||||||
|
docker_compose:
|
||||||
|
project_name: mastodon
|
||||||
|
pull: true
|
||||||
|
restarted: true
|
||||||
|
definition:
|
||||||
|
x-sidekiq: &sidekiq
|
||||||
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: "service_healthy"
|
||||||
|
redis:
|
||||||
|
condition: "service_healthy"
|
||||||
|
networks:
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
- internal_network
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: "postgres:{{ services.mastodon.postgres_version }}"
|
||||||
|
shm_size: 256mb
|
||||||
|
networks:
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||||
|
- "{{ services.mastodon.volume_folder }}/postgres_config:/config:ro"
|
||||||
|
command: postgres -c config_file=/config/postgresql.conf
|
||||||
|
environment:
|
||||||
|
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
||||||
|
|
||||||
|
redis:
|
||||||
|
restart: always
|
||||||
|
image: "redis:{{ services.mastodon.redis_version }}"
|
||||||
|
networks:
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
|
||||||
|
|
||||||
|
web:
|
||||||
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
# prettier-ignore
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: "service_healthy"
|
||||||
|
redis:
|
||||||
|
condition: "service_healthy"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||||
|
environment:
|
||||||
|
MAX_THREADS: 10
|
||||||
|
WEB_CONCURRENCY: 3
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
VIRTUAL_PATH: "/"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
streaming:
|
||||||
|
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||||
|
command: node ./streaming
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- internal_network
|
||||||
|
healthcheck:
|
||||||
|
# prettier-ignore
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
|
ports:
|
||||||
|
- '127.0.0.1:4000:4000'
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: "service_healthy"
|
||||||
|
redis:
|
||||||
|
condition: "service_healthy"
|
||||||
|
environment:
|
||||||
|
DB_POOL: 15
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "4000"
|
||||||
|
VIRTUAL_PATH: "/api/v1/streaming"
|
||||||
|
|
||||||
|
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-push-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-pull-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-pull-default-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-push-default-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-scheduler:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-mailers:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q mailers
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
||||||
|
sidekiq-push-ingress:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 10 -q push -q ingress
|
||||||
|
environment:
|
||||||
|
DB_POOL: 10
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
internal_network:
|
||||||
|
internal: true
|
120
roles/docker/tasks/services/matrix_riot.yml
Normal file
120
roles/docker/tasks/services/matrix_riot.yml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create matrix volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
group: "991"
|
||||||
|
loop:
|
||||||
|
- "data"
|
||||||
|
- "data/uploads"
|
||||||
|
- "data/media"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: create matrix DB folder
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/db"
|
||||||
|
state: "directory"
|
||||||
|
|
||||||
|
- name: create riot volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.riot.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "data"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: upload riot config.json
|
||||||
|
template:
|
||||||
|
src: files/configs/riot/config.json
|
||||||
|
dest: "{{ services.riot.volume_folder }}/data/config.json"
|
||||||
|
|
||||||
|
- name: upload riot.im.conf
|
||||||
|
template:
|
||||||
|
src: files/configs/riot/riot.im.conf
|
||||||
|
dest: "{{ services.riot.volume_folder }}/data/riot.im.conf"
|
||||||
|
|
||||||
|
- name: upload vhost config for matrix domain
|
||||||
|
template:
|
||||||
|
src: files/configs/matrix/vhost-matrix
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||||
|
|
||||||
|
- name: upload vhost config for riot domain
|
||||||
|
template:
|
||||||
|
src: files/configs/matrix/vhost-riot
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}"
|
||||||
|
loop: "{{ services.riot.domains }}"
|
||||||
|
|
||||||
|
- name: upload homeserver.yaml
|
||||||
|
template:
|
||||||
|
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||||
|
|
||||||
|
- name: upload matrix logging config
|
||||||
|
template:
|
||||||
|
src: "files/configs/matrix/matrix.data.coop.log.config"
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||||
|
|
||||||
|
- name: set up matrix and riot
|
||||||
|
docker_compose:
|
||||||
|
project_name: matrix
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
matrix_db:
|
||||||
|
container_name: matrix_db
|
||||||
|
image: "postgres:{{ services.matrix.postgres_version }}"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- matrix
|
||||||
|
volumes:
|
||||||
|
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "synapse"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
|
||||||
|
matrix_app:
|
||||||
|
container_name: matrix
|
||||||
|
image: "matrixdotorg/synapse:{{ services.matrix.version }}"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- matrix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ services.matrix.volume_folder }}/data:/data"
|
||||||
|
environment:
|
||||||
|
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||||
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
|
SYNAPSE_LOG_LEVEL: "INFO"
|
||||||
|
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||||
|
VIRTUAL_PORT: "8008"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
riot:
|
||||||
|
container_name: riot_app
|
||||||
|
image: "avhost/docker-matrix-riot:{{ services.riot.version }}"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- matrix
|
||||||
|
- external_services
|
||||||
|
expose:
|
||||||
|
- 8080
|
||||||
|
volumes:
|
||||||
|
- "{{ services.riot.volume_folder }}/data:/data"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external:
|
||||||
|
name: external_services
|
||||||
|
matrix:
|
||||||
|
name: "matrix"
|
52
roles/docker/tasks/services/membersystem.yml
Normal file
52
roles/docker/tasks/services/membersystem.yml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: run membersystem containers
|
||||||
|
docker_compose:
|
||||||
|
project_name: "member.data.coop"
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
backend:
|
||||||
|
image: "docker.data.coop/membersystem:{{ services.membersystem.version }}"
|
||||||
|
restart: always
|
||||||
|
user: $UID:$GID
|
||||||
|
tty: true
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
networks:
|
||||||
|
- membersystem
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
environment:
|
||||||
|
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
||||||
|
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_PORT: 5432
|
||||||
|
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||||
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
VIRTUAL_PORT: "8000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
|
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
||||||
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
|
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: "postgres:{{ services.membersystem.postgres_version }}"
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
|
||||||
|
networks:
|
||||||
|
- membersystem
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
membersystem:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
23
roles/docker/tasks/services/netdata.yml
Normal file
23
roles/docker/tasks/services/netdata.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup netdata docker container for system monitoring
|
||||||
|
docker_container:
|
||||||
|
name: netdata
|
||||||
|
image: netdata/netdata:{{ services.netdata.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
hostname: "hevonen.servers.{{ base_domain }}"
|
||||||
|
capabilities:
|
||||||
|
- SYS_PTRACE
|
||||||
|
security_opts:
|
||||||
|
- apparmor:unconfined
|
||||||
|
volumes:
|
||||||
|
- /proc:/host/proc:ro
|
||||||
|
- /sys:/host/sys:ro
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
PGID: "999"
|
76
roles/docker/tasks/services/nextcloud.yml
Normal file
76
roles/docker/tasks/services/nextcloud.yml
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: upload vhost config for cloud.data.coop
|
||||||
|
template:
|
||||||
|
src: files/configs/nextcloud/vhost
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||||
|
notify: "restart nginx"
|
||||||
|
|
||||||
|
- name: setup nextcloud containers
|
||||||
|
docker_compose:
|
||||||
|
project_name: "nextcloud"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: "postgres:{{ services.nextcloud.postgres_version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: "nextcloud"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
POSTGRES_USER: "nextcloud"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: "redis:{{ services.nextcloud.redis_version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
command: "redis-server --requirepass {{ nextcloud_secrets.redis_password }}"
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/redis
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
|
||||||
|
cron:
|
||||||
|
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
entrypoint: "/cron.sh"
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
|
depends_on:
|
||||||
|
- "postgres"
|
||||||
|
- "redis"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
- "nextcloud"
|
||||||
|
- "postfix"
|
||||||
|
- "external_services"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: "postgres"
|
||||||
|
POSTGRES_DB: "nextcloud"
|
||||||
|
POSTGRES_USER: "nextcloud"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
REDIS_HOST: "redis"
|
||||||
|
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
||||||
|
depends_on:
|
||||||
|
- "postgres"
|
||||||
|
- "redis"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
nextcloud:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create nginx-proxy volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- conf
|
||||||
|
- vhost
|
||||||
|
- html
|
||||||
|
- dhparam
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: nginx proxy container
|
||||||
|
docker_container:
|
||||||
|
name: nginx-proxy
|
||||||
|
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
published_ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
|
||||||
|
- name: nginx letsencrypt container
|
||||||
|
docker_container:
|
||||||
|
name: nginx-proxy-le
|
||||||
|
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||||
|
restart_policy: always
|
||||||
|
volumes:
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||||
|
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
env:
|
||||||
|
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
74
roles/docker/tasks/services/openldap.yml
Normal file
74
roles/docker/tasks/services/openldap.yml
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create ldap volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "var/lib/ldap"
|
||||||
|
- "etc/slapd"
|
||||||
|
- "certs"
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Create a network for ldap
|
||||||
|
docker_network:
|
||||||
|
name: ldap
|
||||||
|
|
||||||
|
- name: openLDAP container
|
||||||
|
docker_container:
|
||||||
|
name: openldap
|
||||||
|
image: osixia/openldap:{{ services.openldap.version }}
|
||||||
|
tty: true
|
||||||
|
interactive: true
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||||
|
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
|
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||||
|
published_ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
hostname: "{{ services.openldap.domain }}"
|
||||||
|
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||||
|
networks:
|
||||||
|
- name: ldap
|
||||||
|
env:
|
||||||
|
LDAP_LOG_LEVEL: "256"
|
||||||
|
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||||
|
LDAP_DOMAIN: "{{ base_domain }}"
|
||||||
|
LDAP_BASE_DN: ""
|
||||||
|
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||||
|
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||||
|
LDAP_READONLY_USER: "false"
|
||||||
|
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||||
|
LDAP_BACKEND: "mdb"
|
||||||
|
LDAP_TLS: "true"
|
||||||
|
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
||||||
|
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
||||||
|
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
||||||
|
LDAP_TLS_ENFORCE: "false"
|
||||||
|
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
||||||
|
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||||
|
LDAP_TLS_VERIFY_CLIENT: "demand"
|
||||||
|
LDAP_REPLICATION: "false"
|
||||||
|
KEEP_EXISTING_CONFIG: "false"
|
||||||
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||||
|
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||||
|
|
||||||
|
- name: phpLDAPadmin container
|
||||||
|
docker_container:
|
||||||
|
name: phpldapadmin
|
||||||
|
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
- name: ldap
|
||||||
|
env:
|
||||||
|
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||||
|
PHPLDAPADMIN_HTTPS: "false"
|
||||||
|
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||||
|
|
||||||
|
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
46
roles/docker/tasks/services/passit.yml
Normal file
46
roles/docker/tasks/services/passit.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup passit containers
|
||||||
|
docker_compose:
|
||||||
|
project_name: "passit"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
version: "3.6"
|
||||||
|
services:
|
||||||
|
passit_db:
|
||||||
|
image: "postgres:{{ services.passit.postgres_version }}"
|
||||||
|
restart: "always"
|
||||||
|
networks:
|
||||||
|
- "passit"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: "passit"
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
|
passit_app:
|
||||||
|
image: "passit/passit:{{ services.passit.version }}"
|
||||||
|
command: "bin/start.sh"
|
||||||
|
restart: "always"
|
||||||
|
networks:
|
||||||
|
- "passit"
|
||||||
|
- "postfix"
|
||||||
|
- "external_services"
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
||||||
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
|
IS_DEBUG: 'False'
|
||||||
|
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||||
|
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
|
||||||
|
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
|
||||||
|
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
passit:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
14
roles/docker/tasks/services/pinafore.yml
Normal file
14
roles/docker/tasks/services/pinafore.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Set up Pinafore
|
||||||
|
docker_container:
|
||||||
|
name: pinafore
|
||||||
|
image: "docker.data.coop/pinafore:{{ services.pinafore.version }}"
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.pinafore.domain }}"
|
||||||
|
VIRTUAL_PORT: "4002"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.pinafore.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
22
roles/docker/tasks/services/portainer.yml
Normal file
22
roles/docker/tasks/services/portainer.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create portainer volume folder
|
||||||
|
file:
|
||||||
|
name: "{{ services.portainer.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: run portainer
|
||||||
|
docker_container:
|
||||||
|
name: portainer
|
||||||
|
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- "{{ services.portainer.volume_folder }}:/data"
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||||
|
VIRTUAL_PORT: "9000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
28
roles/docker/tasks/services/postfix.yml
Normal file
28
roles/docker/tasks/services/postfix.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Set up network for postfix
|
||||||
|
docker_network:
|
||||||
|
name: postfix
|
||||||
|
ipam_config:
|
||||||
|
- subnet: '172.16.0.0/16'
|
||||||
|
gateway: 172.16.0.1
|
||||||
|
|
||||||
|
- name: Create volume folders for Postfix
|
||||||
|
file:
|
||||||
|
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Set up Postfix Docker container for outgoing mail from services
|
||||||
|
docker_container:
|
||||||
|
name: postfix
|
||||||
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
|
restart_policy: always
|
||||||
|
networks:
|
||||||
|
- name: postfix
|
||||||
|
volumes:
|
||||||
|
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
|
||||||
|
env:
|
||||||
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||||
|
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||||
|
DKIM_AUTOGENERATE: "true"
|
31
roles/docker/tasks/services/privatebin.yml
Normal file
31
roles/docker/tasks/services/privatebin.yml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: create privatebin volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- cfg
|
||||||
|
- data
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: upload privatebin config
|
||||||
|
template:
|
||||||
|
src: files/configs/privatebin-conf.php
|
||||||
|
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||||
|
|
||||||
|
- name: privatebin app container
|
||||||
|
docker_container:
|
||||||
|
name: privatebin
|
||||||
|
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||||
|
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
61
roles/docker/tasks/services/rallly.yml
Normal file
61
roles/docker/tasks/services/rallly.yml
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create rallly volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy Rallly environment file
|
||||||
|
template:
|
||||||
|
src: files/configs/rallly/env_file.j2
|
||||||
|
dest: "{{ services.rallly.volume_folder }}/env_file"
|
||||||
|
|
||||||
|
- name: Set up Rallly
|
||||||
|
docker_compose:
|
||||||
|
project_name: "rallly"
|
||||||
|
pull: "yes"
|
||||||
|
definition:
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
rallly_db:
|
||||||
|
image: "postgres:{{ services.rallly.postgres_version }}"
|
||||||
|
restart: "always"
|
||||||
|
shm_size: "256mb"
|
||||||
|
networks:
|
||||||
|
rallly_internal:
|
||||||
|
volumes:
|
||||||
|
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||||
|
POSTGRES_DB: "rallly_db"
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
rallly:
|
||||||
|
image: "lukevella/rallly:{{ services.rallly.version }}"
|
||||||
|
restart: "always"
|
||||||
|
networks:
|
||||||
|
rallly_internal:
|
||||||
|
external_services:
|
||||||
|
postfix:
|
||||||
|
depends_on:
|
||||||
|
rallly_db:
|
||||||
|
condition: "service_healthy"
|
||||||
|
env_file:
|
||||||
|
- "{{ services.rallly.volume_folder }}/env_file"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
rallly_internal:
|
||||||
|
internal: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
39
roles/docker/tasks/services/restic_backup.yml
Normal file
39
roles/docker/tasks/services/restic_backup.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Setup restic backup
|
||||||
|
docker_compose:
|
||||||
|
project_name: restic_backup
|
||||||
|
pull: true
|
||||||
|
definition:
|
||||||
|
version: '3.6'
|
||||||
|
services:
|
||||||
|
restic-backup:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: "false"
|
||||||
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||||
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
--tag datacoop-volumes
|
||||||
|
--exclude='*.tmp'
|
||||||
|
--verbose
|
||||||
|
RESTIC_FORGET_ARGS: >-
|
||||||
|
--keep-last 10
|
||||||
|
--keep-daily 7
|
||||||
|
--keep-weekly 5
|
||||||
|
--keep-monthly 12
|
||||||
|
TZ: Europe/Copenhagen
|
||||||
|
volumes:
|
||||||
|
- /docker-volumes:/mnt/volumes:ro
|
||||||
|
|
||||||
|
restic-prune:
|
||||||
|
image: "mazzolino/restic:{{ services.restic.version }}"
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: "false"
|
||||||
|
PRUNE_CRON: "0 0 4 * * *"
|
||||||
|
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
TZ: Europe/copenhagen
|
|
@ -1,12 +1,14 @@
|
||||||
# vim: ft=yaml.docker-compose
|
# vim: ft=yaml.ansible
|
||||||
version: "3.8"
|
---
|
||||||
|
- name: watchtower container
|
||||||
services:
|
docker_container:
|
||||||
app:
|
name: watchtower
|
||||||
image: containrrr/watchtower:{{ services.watchtower.version }}
|
image: containrrr/watchtower:{{ services.watchtower.version }}
|
||||||
restart: unless-stopped
|
restart_policy: unless-stopped
|
||||||
environment:
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
WATCHTOWER_POLL_INTERVAL: "60"
|
WATCHTOWER_POLL_INTERVAL: "60"
|
||||||
volumes:
|
volumes:
|
||||||
- "/root/.docker/config.json:/config.json:ro"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
- "/root/.docker/config.json:/config.json:ro"
|
|
@ -0,0 +1,19 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup 2022.slides.data.coop website using unipi
|
||||||
|
docker_container:
|
||||||
|
name: 2022.slides.data.coop_website
|
||||||
|
image: docker.data.coop/unipi:{{ services.slides_2022_website.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
purge_networks: yes
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
command: "--remote=https://git.data.coop/data.coop/slides.git#slides2022"
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup cryptoaarhus.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: cryptoaarhus_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: docker.data.coop/cryptoaarhus-website
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup cryptohagen.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: cryptohagen_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: docker.data.coop/cryptohagen-website
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
23
roles/docker/tasks/services/websites/data.coop.yml
Normal file
23
roles/docker/tasks/services/websites/data.coop.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Upload vhost config for root domain
|
||||||
|
copy:
|
||||||
|
src: files/configs/matrix/vhost-root
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
|
||||||
|
|
||||||
|
- name: Upload vhost config for WWW domain
|
||||||
|
copy:
|
||||||
|
src: files/configs/vhost-www
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/www.{{ base_domain }}"
|
||||||
|
|
||||||
|
- name: setup data.coop website docker container
|
||||||
|
docker_container:
|
||||||
|
name: data.coop_website
|
||||||
|
image: docker.data.coop/data-coop-website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup new data.coop website using hugo
|
||||||
|
docker_container:
|
||||||
|
name: new.data.coop_website
|
||||||
|
image: docker.data.coop/data-coop-website:{{ services.new_data_coop_website.version }}
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST : "{{ services.new_data_coop_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.new_data_coop_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/ulovliglogning.dk.yml
Normal file
13
roles/docker/tasks/services/websites/ulovliglogning.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: setup ulovliglogning.dk website docker container
|
||||||
|
docker_container:
|
||||||
|
name: ulovliglogning_website
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
image: ulovliglogning/ulovliglogning.dk:latest
|
||||||
|
networks:
|
||||||
|
- name: external_services
|
||||||
|
env:
|
||||||
|
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
41
roles/docker/tasks/services/woodpecker.yml
Normal file
41
roles/docker/tasks/services/woodpecker.yml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Set up Woodpecker CI with Docker runner
|
||||||
|
docker_compose:
|
||||||
|
project_name: woodpecker
|
||||||
|
pull: true
|
||||||
|
definition:
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
server:
|
||||||
|
image: "woodpeckerci/woodpecker-server:{{ services.woodpecker.version }}"
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "{{ services.woodpecker.volume_folder }}:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
WOODPECKER_GITEA: "true"
|
||||||
|
WOODPECKER_GITEA_URL: "https://{{ services.gitea.domain }}"
|
||||||
|
WOODPECKER_GITEA_CLIENT: "{{ woodpecker_secrets.oauth_client_id }}"
|
||||||
|
WOODPECKER_GITEA_SECRET: "{{ woodpecker_secrets.oauth_client_secret }}"
|
||||||
|
WOODPECKER_HOST: "https://{{ services.woodpecker.domain }}"
|
||||||
|
WOODPECKER_AGENT_SECRET: "{{ woodpecker_secrets.agent_secret }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.woodpecker.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.woodpecker.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
agent:
|
||||||
|
image: "woodpeckerci/woodpecker-agent:{{ services.woodpecker.version }}"
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
WOODPECKER_SERVER: "server:9000"
|
||||||
|
WOODPECKER_AGENT_SECRET: "{{ woodpecker_secrets.agent_secret }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -1,17 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
web:
|
|
||||||
image: docker.data.coop/cryptoaarhus-website
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,17 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
web:
|
|
||||||
image: docker.data.coop/cryptohagen-website
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,27 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
prod-web:
|
|
||||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
staging-web:
|
|
||||||
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,26 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
version: "3.5"
|
|
||||||
|
|
||||||
services:
|
|
||||||
diun:
|
|
||||||
image: "ghcr.io/crazy-max/diun:{{ services.diun.version }}"
|
|
||||||
command: serve
|
|
||||||
volumes:
|
|
||||||
- "./data:/data"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
- "TZ=Europe/Paris"
|
|
||||||
- "DIUN_WATCH_WORKERS=20"
|
|
||||||
- "DIUN_WATCH_SCHEDULE=0 */6 * * *"
|
|
||||||
- "DIUN_WATCH_JITTER=30s"
|
|
||||||
- "DIUN_PROVIDERS_DOCKER=true"
|
|
||||||
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
|
|
||||||
- "DIUN_NOTIF_MATRIX_HOMESERVERURL=https://{{ services.matrix.domain }}"
|
|
||||||
- "DIUN_NOTIF_MATRIX_USER={{ services.diun.matrix_user }}"
|
|
||||||
- "DIUN_NOTIF_MATRIX_ROOMID={{ services.diun.matrix_room }}"
|
|
||||||
- "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_secrets.matrix_password }}"
|
|
||||||
- "DIUN_NOTIF_MATRIX_MSGTYPE=text"
|
|
||||||
labels:
|
|
||||||
- "diun.enable=true"
|
|
||||||
restart: always
|
|
|
@ -1,23 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: registry:{{ services.docker_registry.version }}
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- "./registry:/var/lib/registry"
|
|
||||||
- "./auth:/auth"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
REGISTRY_AUTH: "htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,40 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: drone/drone:{{ services.drone.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- ".:/data"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }}
|
|
||||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
|
||||||
DRONE_GIT_ALWAYS_AUTH: true
|
|
||||||
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
|
||||||
DRONE_SERVER_PROTO: https
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
runner:
|
|
||||||
image: drone/drone-runner-docker:{{ services.drone.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
|
||||||
DRONE_RPC_PROTO: https
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
DRONE_RUNNER_CAPACITY: 2
|
|
||||||
DRONE_RUNNER_NAME: data.coop_drone_runner
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,22 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: avhost/docker-matrix-element:{{ services.element.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
expose:
|
|
||||||
- "8080"
|
|
||||||
volumes:
|
|
||||||
- "./data:/data"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.element.domain }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.element.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,22 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
web:
|
|
||||||
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
command: --remote=https://git.data.coop/fedi.dk/website.git#main
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
devices:
|
|
||||||
- "/dev/net/tun"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,38 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- postfix
|
|
||||||
volumes:
|
|
||||||
- ".:/data"
|
|
||||||
ports:
|
|
||||||
- "22:22"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
|
||||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
|
||||||
FORGEJO__mailer__ENABLED: true
|
|
||||||
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
|
||||||
FORGEJO__mailer__PROTOCOL: smtp
|
|
||||||
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}"
|
|
||||||
FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}"
|
|
||||||
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
|
||||||
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
|
||||||
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
|
||||||
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
|
||||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
|
||||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
|
@ -1,44 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres:{{ services.hedgedoc.postgres_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "./db:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: codimd
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
|
||||||
POSTGRES_DB: codimd
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
|
||||||
volumes:
|
|
||||||
- "./hedgedoc/uploads:/hedgedoc/public/uploads"
|
|
||||||
- "./sso.data.coop.pem:/sso.data.coop.pem"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
|
|
||||||
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
|
||||||
CMD_ALLOW_EMAIL_REGISTER: False
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
|
||||||
CMD_EMAIL: False
|
|
||||||
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
|
||||||
CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
|
|
||||||
CMD_SAML_ISSUER: hedgedoc
|
|
||||||
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
|
||||||
CMD_USECDN: false
|
|
||||||
CMD_PROTOCOL_USESSL: true
|
|
||||||
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,42 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres:{{ services.keycloak.postgres_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "./data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: keycloak
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
|
||||||
POSTGRES_DB: keycloak
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
command:
|
|
||||||
- "start"
|
|
||||||
- "--db=postgres"
|
|
||||||
- "--db-url=jdbc:postgresql://db:5432/keycloak"
|
|
||||||
- "--db-username=keycloak"
|
|
||||||
- "--db-password={{ postgres_passwords.keycloak }}"
|
|
||||||
- "--hostname={{ services.keycloak.domain }}"
|
|
||||||
- "--proxy=edge"
|
|
||||||
- "--https-port=8080"
|
|
||||||
- "--http-relative-path=/auth"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,146 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: postgres:{{ services.mailu.postgres_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
POSTGRES_DB: mailu
|
|
||||||
POSTGRES_USER: mailu
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
|
||||||
volumes:
|
|
||||||
- "./postgres:/var/lib/postgresql/data"
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
redis:
|
|
||||||
image: redis:{{ services.mailu.redis_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "./redis:/data"
|
|
||||||
depends_on:
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
front:
|
|
||||||
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
volumes:
|
|
||||||
- "./certs:/certs"
|
|
||||||
- "./overrides/nginx:/overrides:ro"
|
|
||||||
expose:
|
|
||||||
- "80"
|
|
||||||
ports:
|
|
||||||
- "25:25"
|
|
||||||
- "465:465"
|
|
||||||
- "587:587"
|
|
||||||
- "110:110"
|
|
||||||
- "995:995"
|
|
||||||
- "143:143"
|
|
||||||
- "993:993"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- webmail
|
|
||||||
- external_services
|
|
||||||
depends_on:
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
admin:
|
|
||||||
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
volumes:
|
|
||||||
- "./data:/data"
|
|
||||||
- "./dkim:/dkim"
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
aliases:
|
|
||||||
- admin.mailu
|
|
||||||
depends_on:
|
|
||||||
- redis
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
imap:
|
|
||||||
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
volumes:
|
|
||||||
- "./mail:/mail"
|
|
||||||
- "./overrides/dovecot:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
smtp:
|
|
||||||
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
volumes:
|
|
||||||
- "./mailqueue:/queue"
|
|
||||||
- "./overrides/postfix:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
|
|
||||||
antispam:
|
|
||||||
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
|
||||||
hostname: antispam
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
volumes:
|
|
||||||
- "./filter:/var/lib/rspamd"
|
|
||||||
- "./overrides/rspamd:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- redis
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
webmail:
|
|
||||||
image: ghcr.io/mailu/webmail:{{ services.mailu.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: mailu.env
|
|
||||||
volumes:
|
|
||||||
- "./webmail:/data"
|
|
||||||
- "./overrides/snappymail:/overrides:ro"
|
|
||||||
networks:
|
|
||||||
- webmail
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
driver: bridge
|
|
||||||
ipam:
|
|
||||||
driver: default
|
|
||||||
config:
|
|
||||||
- subnet: "{{ services.mailu.subnet }}"
|
|
||||||
webmail:
|
|
||||||
driver: bridge
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,146 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
x-sidekiq: &sidekiq
|
|
||||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: mastodon.env
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- "./mastodon_data:/mastodon/public/system"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: service_healthy
|
|
||||||
redis:
|
|
||||||
condition: service_healthy
|
|
||||||
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: postgres:{{ services.mastodon.postgres_version }}
|
|
||||||
shm_size: 256mb
|
|
||||||
volumes:
|
|
||||||
- "./postgres_data:/var/lib/postgresql/data"
|
|
||||||
- "./postgres_config:/config:ro"
|
|
||||||
command: postgres -c config_file=/config/postgresql.conf
|
|
||||||
environment:
|
|
||||||
POSTGRES_HOST_AUTH_METHOD: trust
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
|
||||||
|
|
||||||
redis:
|
|
||||||
restart: always
|
|
||||||
image: redis:{{ services.mastodon.redis_version }}
|
|
||||||
volumes:
|
|
||||||
- "./redis_data:/data"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'redis-cli', 'ping']
|
|
||||||
|
|
||||||
web:
|
|
||||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: mastodon.env
|
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- "./mastodon_data:/mastodon/public/system"
|
|
||||||
environment:
|
|
||||||
MAX_THREADS: 10
|
|
||||||
WEB_CONCURRENCY: 3
|
|
||||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
VIRTUAL_PATH: /
|
|
||||||
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: service_healthy
|
|
||||||
redis:
|
|
||||||
condition: service_healthy
|
|
||||||
|
|
||||||
streaming:
|
|
||||||
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: mastodon.env
|
|
||||||
command: node ./streaming
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:4000:4000"
|
|
||||||
environment:
|
|
||||||
DB_POOL: 15
|
|
||||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
VIRTUAL_PORT: "4000"
|
|
||||||
VIRTUAL_PATH: "/api/v1/streaming"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: service_healthy
|
|
||||||
redis:
|
|
||||||
condition: service_healthy
|
|
||||||
|
|
||||||
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-default-push-pull:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-default-pull-push:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-pull-default-push:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-push-default-pull:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
|
||||||
sidekiq-push-scheduler:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
|
||||||
environment:
|
|
||||||
DB_POOL: 5
|
|
||||||
|
|
||||||
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
|
||||||
sidekiq-push-mailers:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 5 -q push -q mailers
|
|
||||||
environment:
|
|
||||||
DB_POOL: 5
|
|
||||||
|
|
||||||
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
|
||||||
sidekiq-push-ingress:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 10 -q push -q ingress
|
|
||||||
environment:
|
|
||||||
DB_POOL: 10
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
|
@ -1,36 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: postgres:{{ services.matrix.postgres_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "./db:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: synapse
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
|
||||||
|
|
||||||
synapse:
|
|
||||||
image: ghcr.io/element-hq/synapse:{{ services.matrix.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
- postfix
|
|
||||||
volumes:
|
|
||||||
- "./data:/data"
|
|
||||||
environment:
|
|
||||||
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
|
||||||
SYNAPSE_CACHE_FACTOR: "2"
|
|
||||||
SYNAPSE_LOG_LEVEL: INFO
|
|
||||||
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
|
||||||
VIRTUAL_PORT: "8008"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
|
@ -1,46 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: docker.data.coop/membersystem:{{ services.membersystem.version }}
|
|
||||||
restart: always
|
|
||||||
user: "$UID:$GID"
|
|
||||||
tty: true
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
- postfix
|
|
||||||
environment:
|
|
||||||
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
|
||||||
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
|
||||||
POSTGRES_HOST: postgres
|
|
||||||
POSTGRES_PORT: 5432
|
|
||||||
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
|
||||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
|
||||||
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
|
||||||
VIRTUAL_PORT: "8000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
|
||||||
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
|
||||||
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
|
||||||
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
|
||||||
STRIPE_API_KEY: "{{ membersystem_secrets.stripe_api_key }}"
|
|
||||||
STRIPE_ENDPOINT_SECRET: "{{ membersystem_secrets.stripe_endpoint_secret }}"
|
|
||||||
depends_on:
|
|
||||||
- postgres
|
|
||||||
|
|
||||||
postgres:
|
|
||||||
image: postgres:{{ services.membersystem.postgres_version }}
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "./postgres/data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
|
@ -1,36 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: netdata/netdata:{{ services.netdata.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
hostname: hevonen.servers.{{ base_domain }}
|
|
||||||
volumes:
|
|
||||||
- "/proc:/host/proc:ro"
|
|
||||||
- "/sys:/host/sys:ro"
|
|
||||||
- "/etc/os-release:/host/etc/os-release:ro"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
PGID: "999"
|
|
||||||
DOCKER_HOST: "socket_proxy:2375"
|
|
||||||
cap_add:
|
|
||||||
- SYS_PTRACE
|
|
||||||
security_opt:
|
|
||||||
- apparmor:unconfined
|
|
||||||
|
|
||||||
socket-proxy:
|
|
||||||
image: tecnativa/docker-socket-proxy:latest
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
||||||
environment:
|
|
||||||
CONTAINERS: 1
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,59 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: postgres:{{ services.nextcloud.postgres_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "./postgres:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_DB: nextcloud
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
POSTGRES_USER: nextcloud
|
|
||||||
|
|
||||||
redis:
|
|
||||||
image: redis:{{ services.nextcloud.redis_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
command: redis-server --requirepass {{ nextcloud_secrets.redis_password }}
|
|
||||||
tmpfs:
|
|
||||||
- /var/lib/redis
|
|
||||||
|
|
||||||
cron:
|
|
||||||
image: nextcloud:{{ services.nextcloud.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
entrypoint: /cron.sh
|
|
||||||
volumes:
|
|
||||||
- "./app:/var/www/html"
|
|
||||||
depends_on:
|
|
||||||
- postgres
|
|
||||||
- redis
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: nextcloud:{{ services.nextcloud.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- "./app:/var/www/html"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
POSTGRES_HOST: postgres
|
|
||||||
POSTGRES_DB: nextcloud
|
|
||||||
POSTGRES_USER: nextcloud
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
REDIS_HOST: redis
|
|
||||||
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
|
||||||
depends_on:
|
|
||||||
- postgres
|
|
||||||
- redis
|
|
||||||
|
|
||||||
networks:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,38 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
proxy:
|
|
||||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- "./conf:/etc/nginx/conf.d"
|
|
||||||
- "./vhost:/etc/nginx/vhost.d"
|
|
||||||
- "./html:/usr/share/nginx/html"
|
|
||||||
- "./dhparam:/etc/nginx/dhparam"
|
|
||||||
- "./certs:/etc/nginx/certs:ro"
|
|
||||||
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
|
||||||
labels:
|
|
||||||
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
|
||||||
|
|
||||||
{% if letsencrypt_enabled %}
|
|
||||||
acme:
|
|
||||||
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "./vhost:/etc/nginx/vhost.d"
|
|
||||||
- "./html:/usr/share/nginx/html"
|
|
||||||
- "./dhparam:/etc/nginx/dhparam:ro"
|
|
||||||
- "./certs:/etc/nginx/certs"
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
depends_on:
|
|
||||||
- proxy
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,58 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: osixia/openldap:{{ services.openldap.version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
tty: true
|
|
||||||
stdin_open: true
|
|
||||||
volumes:
|
|
||||||
- "./var/lib/ldap:/var/lib/ldap"
|
|
||||||
- "./etc/slapd.d:/etc/ldap/slapd.d"
|
|
||||||
- "./certs:/container/service/slapd/assets/certs/"
|
|
||||||
ports:
|
|
||||||
- "389:389"
|
|
||||||
- "636:636"
|
|
||||||
hostname: "{{ services.openldap.domain }}"
|
|
||||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
|
||||||
environment:
|
|
||||||
LDAP_LOG_LEVEL: "256"
|
|
||||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
|
||||||
LDAP_DOMAIN: "{{ base_domain }}"
|
|
||||||
LDAP_BASE_DN: ""
|
|
||||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
|
||||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
|
||||||
LDAP_READONLY_USER: false
|
|
||||||
LDAP_RFC2307BIS_SCHEMA: false
|
|
||||||
LDAP_BACKEND: mdb
|
|
||||||
LDAP_TLS: true
|
|
||||||
LDAP_TLS_CRT_FILENAME: ldap.crt
|
|
||||||
LDAP_TLS_KEY_FILENAME: ldap.key
|
|
||||||
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
|
||||||
LDAP_TLS_ENFORCE: false
|
|
||||||
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
|
||||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
|
||||||
LDAP_TLS_VERIFY_CLIENT: demand
|
|
||||||
LDAP_REPLICATION: false
|
|
||||||
KEEP_EXISTING_CONFIG: false
|
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
|
||||||
LDAP_SSL_HELPER_PREFIX: ldap
|
|
||||||
|
|
||||||
admin:
|
|
||||||
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
PHPLDAPADMIN_LDAP_HOSTS: app
|
|
||||||
PHPLDAPADMIN_HTTPS: false
|
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: true
|
|
||||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,38 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres:{{ services.passit.postgres_version }}
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "./data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: passit
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: passit/passit:{{ services.passit.version }}
|
|
||||||
command: bin/start.sh
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit
|
|
||||||
SECRET_KEY: "{{ passit_secret_key }}"
|
|
||||||
IS_DEBUG: "False"
|
|
||||||
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
|
||||||
DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }}
|
|
||||||
EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }}
|
|
||||||
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
|
||||||
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,21 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- ".:/data"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:rw"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
|
||||||
VIRTUAL_PORT: "9000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,22 +0,0 @@
|
||||||
# vim: ft=yaml.docker-compose
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: boky/postfix:{{ services.postfix.version }}
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
postfix:
|
|
||||||
aliases:
|
|
||||||
- postfix
|
|
||||||
volumes:
|
|
||||||
- "./dkim:/etc/opendkim/keys"
|
|
||||||
environment:
|
|
||||||
# Get all services which have allowed_sender_domain defined
|
|
||||||
ALLOWED_SENDER_DOMAINS: "data.coop {{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
|
||||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
|
||||||
DKIM_AUTOGENERATE: true
|
|
||||||
|
|
||||||
networks:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue