data.coop/ansible
8
3
Fork 7
Code Issues 51 Pull requests 8 Projects 1 Releases Wiki Activity

Compare commits

base: data.coop:proxmox
Branches Tags
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password
..
compare: data.coop:main
Branches Tags
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password

15 commits
proxmox ... main

Author SHA1 Message Date
Viðir Valberg Guðmundsson b96cbe4ad9 Upgrade matrix (synapse) to 1.114.0. Close #219 2024-09-13 09:58:48 +02:00
Viðir Valberg Guðmundsson eee176aec6 Update secrets. 2024-08-04 06:58:21 +02:00
Viðir Valberg Guðmundsson 5502870384 Add data.coop to postfix ALLOWED_SENDER_DOMAINS. 2024-08-03 20:39:24 +02:00
Viðir Valberg Guðmundsson 3689eb7687 Add stripe secrets. 2024-08-03 00:56:22 +02:00
valberg 717db9055c Merge pull request 'Update environment variables re: data.coop/membersystem#38' (#216) from benjaoming/ansible:membersystem-envs into main 
Reviewed-on: #216
Reviewed-by: valberg <valberg@orn.li>
 2024-08-02 22:53:04 +00:00
valberg 5ff603393b Update roles/docker/defaults/main.yml 2024-08-02 22:52:37 +00:00
Benjamin Bach c00ab53269
Update environment variables re: data.coop/membersystem#38 2024-08-01 13:46:21 +02:00
Viðir Valberg Guðmundsson 8ae844f2df Bump matrix synapse to v1.110.0. 2024-07-15 10:37:50 +02:00
Viðir Valberg Guðmundsson bd0dc90c44 Bump mastodon to 4.2.10. 2024-07-04 21:04:42 +02:00
Viðir Valberg Guðmundsson abca90c219 Bump forgejo to 7.0.5 2024-07-03 22:09:58 +02:00
Viðir Valberg Guðmundsson 3e24254b57 Bump element to v1.11.69. 2024-06-19 21:17:22 +02:00
Viðir Valberg Guðmundsson bd4f92fd65 Bump matrix synapse to v1.109.0. 2024-06-19 21:12:58 +02:00
Viðir Valberg Guðmundsson 1bba1d066b Add matrix notifications to diun. 2024-06-19 20:57:50 +02:00
Viðir Valberg Guðmundsson aeaa48d7ca Bump forgejo to 7.0.4 2024-06-19 20:12:48 +02:00
Víðir Valberg Guðmundsson ed237c9661 Bump mastodon to 4.2.9 2024-05-30 21:12:56 +02:00
114 changed files with 799 additions and 1121 deletions
Show stats Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,6 +1,6 @@
*.retry *.retry
*.sw* *.sw*
.vagrant/
*.log *.log
.idea/ .idea/
.vscode/
venv/ venv/

39
Vagrantfile vendored Normal file
View file

@ -0,0 +1,39 @@
Vagrant.require_version ">= 2.0.0"
PORT = 19022
def provisioned?(vm="default", provider="virtualbox")
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
end
Vagrant.configure(2) do |config|
config.vm.network :private_network, ip: "192.168.56.10"
config.vm.network :forwarded_port, guest: PORT, host: PORT
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "datacoop"
config.vm.provider :virtualbox do |v|
v.cpus = 8
v.memory = 16384
end
config.vm.provision :ansible do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "playbook.yml"
ansible.ask_vault_pass = true
ansible.verbose = "v"
# If the VM is already provisioned, we need to use the new port
if provisioned?
config.ssh.guest_port = PORT
ansible.extra_vars = {
ansible_port: PORT,
from_vagrant: true
}
else
ansible.extra_vars = {
from_vagrant: true
}
end
end
end

4
ansible.cfg
View file

@ -1,8 +1,8 @@
[defaults] [defaults]
ask_vault_pass = True ask_vault_pass = True
inventory = inventory.ini inventory = datacoop_hosts
interpreter_python = /usr/bin/python3 interpreter_python = /usr/bin/python3
remote_user = ansible remote_user = root
retry_files_enabled = True retry_files_enabled = True
use_persistent_connections = True use_persistent_connections = True
forks = 10 forks = 10

117
cloud-init/cloud.cfg
View file

@ -1,117 +0,0 @@
# cloud-config
# The top level settings are used as module
# and system configuration.
# A set of users which may be applied and/or used by various modules
# when a 'default' entry is found it will reference the 'default_user'
# from the distro configuration specified below
users:
- default
# If this is set, 'root' will not be able to ssh in and they
# will get a message to login instead as the default $user
disable_root: true
# This will cause the set+update hostname module to not operate (if true)
preserve_hostname: false
apt:
# This prevents cloud-init from rewriting apt's sources.list file,
# which has been a source of surprise.
preserve_sources_list: true
# If you use datasource_list array, keep array items in a single line.
# If you use multi line array, ds-identify script won't read array items.
# Example datasource config
# datasource:
# Ec2:
# metadata_urls: [ 'blah.com' ]
# timeout: 5 # (defaults to 50 seconds)
# max_wait: 10 # (defaults to 120 seconds)
# The modules that run in the 'init' stage
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- disk_setup
- mounts
- set_hostname
- update_hostname
- update_etc_hosts
- ca-certs
- rsyslog
- users-groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
- snap
- ssh-import-id
- keyboard
- locale
- set-passwords
- grub-dpkg
- apt-pipelining
- apt-configure
- ntp
- timezone
- disable-ec2-metadata
- runcmd
- byobu
# The modules that run in the 'final' stage
cloud_final_modules:
- package-update-upgrade-install
- fan
- landscape
- lxd
- write-files-deferred
- puppet
- chef
- mcollective
- salt-minion
- reset_rmc
- refresh_rmc_and_interface
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- install-hotplug
- phone-home
- final-message
- power-state-change
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: debian
# Default user name + that default users groups (if added/used)
default_user:
name: ansible
lock_passwd: True
gecos: Ansible User
groups: []
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
# Other config here will be given to the distro class and/or path classes
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
package_mirrors:
- arches: [default]
failsafe:
primary: https://deb.debian.org/debian
security: https://deb.debian.org/debian-security
ssh_svcname: ssh

5
datacoop_hosts Normal file
View file

@ -0,0 +1,5 @@
[production]
hevonen.servers.data.coop ansible_port=19022
[monitoring]
uptime.data.coop

28
deploy.sh
View file

@ -2,15 +2,20 @@
usage () { usage () {
{ {
echo "Usage: $0" echo "Usage: $0 [--vagrant]"
echo "Usage: $0 base" echo "Usage: $0 [--vagrant] base"
echo "Usage: $0 users" echo "Usage: $0 [--vagrant] users"
echo "Usage: $0 services [--deploy] [SERVICE]" echo "Usage: $0 [--vagrant] services [SERVICE]"
} >&2 } >&2
} }
BASE_CMD="ansible-playbook playbook.yml" BASE_CMD="ansible-playbook playbook.yml"
DEPLOY="false"
if [ "$1" = "--vagrant" ]; then
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
VAGRANT_VAR="from_vagrant"
shift
fi
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
echo "Installing community.general modules" echo "Installing community.general modules"
@ -23,24 +28,19 @@ if [ -z "$1" ]; then
else else
case $1 in case $1 in
"services") "services")
if [ -n "$2" && "$2" = "--deploy" ]; then
DEPLOY="true"
shift
fi
if [ -z "$2" ]; then if [ -z "$2" ]; then
echo "Deploying all services!" echo "Deploying all services!"
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
else else
echo "Deploying service: $2" echo "Deploying service: $2"
$BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2" $BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
fi fi
;; ;;
"base") "base")
$BASE_CMD --tags base_only eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
;; ;;
"users") "users")
$BASE_CMD --tags setup-users eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
;; ;;
*) *)
usage usage

353
group_vars/all/secrets.yml
View file

@ -1,170 +1,185 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30613439636234396439623634656338666330643936373563656336323831353464353239353661 31303330643235313132323363306532616164646565636532646131386663633330333335353938
6234316535383838653865643964353033623935313432630a666563316534343733363464396635 6632373337386339323566373163306435663562303663320a666438653936356335653534353464
34396664643137643136633837656432623633383361633336343562333039326538393034616637 37373932623562326430396132316138373930383365313433646536343839636637386232306235
6634613631636433610a663835343739376534356133323163343132323233643135613333313132 6566393031643037340a643463373163663062643932353931646366306566346230336362623561
65373233666535366137343839363938303561653731633038376631386161653038613631396364 30323138333636343165666239393138653462396538386139376432346335373066363366613535
33636131636536306134346336636332393436303063306262333430613137376438626133353963 38623130333434386266393363306139333666393537663161626666323262646364636136393736
66396332363335333436623335613966323730616139353762656662386530356435623831656632 37656438373365353335633237326635636263653534353961396562646535303764613564306133
30333363376132653362323339386437346134323232363336363461323332613962613131386264 39373362343133643536383937386633373437333763636331663761646432663636373738373332
37383435653061653466613834346430656632626338316564656136666266353231363661666461 36383638363539663034303536636264336230636630636331336438333338356431666332313931
32646461313365626232376536376463313531613861363462643062326538326234613332646430 66653738656263613739333835366139633335643661373135396333346361343032303832353562
33383438613961623134343665383638346164653031363435656162306163653232353162343431 61376531343861656532626630623330336362373666343863373738306430616530373565663438
38333239393332613466663231383932316330376535383466643233326134623530306361393639 37373131646233656533633466356162326162616433613964616530393734336438326133373763
63386530643733393033646139613730313239313866343730643337393533366330373363353338 65663266313939363361396231663564663664393363373061646436653535663338336138373961
62313739613531636166663135646262396334373538636634393534616337363337323630666261 66303662323930376564313562376661336162316430316439313565633935323835386561356333
39643164363437653661633666376431303662396431633661663933343666613234326637636231 61393330333965633764633364366336646166353031613438373234333436326330336537643464
38383537333532326636343366343564646630363838323162373339323365666262303836636232 32383732336166303535393837353061353333386363356162323966336138363864663464356430
31343637616261636130656637393633383165353332346239323063646162306235313962363935 62396530393234666339346537616637323334383365663732663365653636383036616263303362
64633639653261363563646664393630666564646165393736363562623231626634326163306630 38623063623035616336346562396263336236376435386264336632336165336463613932383465
37613635306136643334616364303439323332666431386264623265323636623738303364396636 37323634633831363938616137373335653130303465383939303332333131363866303863383965
37626161363466646166633434333265623236633033666562643264303662333363396631646638 62333866333830666361613637333230363566333035366664353034303766633264643365343566
36626636363261313966393235313866353936323064343331626362306162323166323063656433 30326530383562633764643630363963646337363865343431353530353036616434363062313132
63303762346330323031353034356162373433356436663134373930633634366330653233613139 37393661326139613732636236633239653837333063646566653861643635363537386137393434
63363639343833616431633765613938623037323961623663336662666135313466303661316133 64616437363666653664303132666630376665646666323733376164653636623465623964336638
39353664633036323031373862393530653433373062623233313965653735353566306538393439 33623838616330353265333733343261356462613665653530333431343732646136346164626534
30366162663138326535346639393337393362366630343266643035353465663332333539613337 34343463646262623464613832393963633366353835393531653634623234393230343430666161
30666666363134313239306231356663343166363137366636643931313039333732383833313036 62306164616636616461306464333536333265313765326665626331363463363038393935653334
37393064396662623063613462336363386336393839313465323062646535373733326338353766 64646132393835656366643239303063333233303331373961346631633034343136623663666462
31666639303836316266343764336462343765363930326338313635336633323662366238356264 64306262636636346131333662626639323865343435373037306130366566343230656338626537
38613631313434383830333031643938393566633236383861633266326336653033663163336132 62336234373136326330306633306637326239356439326339373839383130623836383338373561
61313132643062666434346333653234393865656463343363313636613364616361353561343739 32646163616336623838373436303464643937333164643639623631393764623064626235303733
38313231333431303664323730626162613264343630356438336636373739653234336666646438 61633063303962343931333437313031653435636432393531393130336234613462343838366363
37636437623336323461613063396137396533353265333034333435306666636261353933613232 35383134303137633833363233376365666538333535306434373139333633386630636161636261
65363632383039666666323030323830333534376362326136313232393732613166303461383933 63373339386364326231366634303962636437353336346461336661396566623034306132326332
62303166396533616538666566356238393265663163343264333664393936613066313665616137 33633434326365353438313362616664393264633937393762336264633061313134656536363062
38613030623937633730646461666233333035323661363835313161613930336237396332623338 37303861663732336238386331363164363436363966393534613332393230666266616364303661
30666166636662613130363430333436613532326437393730376536353963356633393736303065 31323633656332643839616434313066643833616639353562386432663538366563633766393639
31393534646537323037316664313438643836386333613961663031383231663932633934656461 33636534363263633261323533666366366665323437346431653464646233303636366231626535
62313163616635626131663961326438396439383432346337386261313330343330353637376330 33373134333163373633313739626636303830383232616663636639646564643436313331643334
38346532396533326135303264613361663836646163623630323832653032396237353966663661 37663132343030666566333431633136653064626466626362373864613334663737326233313138
36353365313962663832393333336138346335363832396535346336643565366465643565616638 38336261663765633331393766333965613364306136333362626466623235303033396362346365
63616565356663623531323935393334326639626236353338643237343764366464666131393332 36633963333561366265633633303262393832336364333365313336383066363065316133303634
64396665343535323339383434366133613235313866653663313639633930323864646536346232 65363037646566323831363365653937623966323735353439353339616439306534663831653663
65316465643662376264373536393232326666663335316631376433343062646361376165363732 34623537666435313661326631326235313130363938643635666531636165306539663630366265
66326165643163333737313139386461363431353239626236366238343035386663363435366464 65323234613133663337363466336663633464316361656564326136633064373365373239363662
31633738336263633961306436613233303861633263343030336637373165663261316632663537 37323834633163653938633435323763333539396532393664653162643832646535353262336631
31613636663163323365303038373134306264343831326264326261633834393366623061616262 61386237663136336338663165613238663035386361643135333361383666643432396363363132
63393463333833393636666232626662643738653634306364326231343830633834643664353730 66323832643339346534373066326333396232386166383161383764633338373533623236346366
37346131346263356539363630363230626364663161643064323538396131636633623866383939 33373138303864323532363761313762376439343130316432613933353033363536336337363566
66346434323935353632633837363530663438636539616130633532346236343661633766383434 31396133663330323665313033656436396238623630633465313734343063633537323939356337
34343339646662393030323661623665643432376365633435666333316439356631386234303062 62306364633765323834333836316161366531643763333434383062363032653164353037336562
35346631656230346565323130333765663933373638303639363530373431343232393864656639 61653332333062643362386665633665306662356532653031383365356632643861363038383137
33666433366131396464323137393239653531376662646235343962613639343831636261326265 36326666356231396433363538666131353839353366323934343532306532633866623733663138
65663564613766313634653938316339306434663463623563316431633234323330623738646636 33376665333430653533383439373463323661666165333636353434643739386363356536333837
37643535623664323433626561383462393033343232303838333930653366376536353765613036 39313365643039386638623731386635363632376139666638643734303035386564376136656537
35663165623265616630373161336632646435613331373166303632373633313865386134636362 39356162346164313839373931653139386464653232633339616166306235323232336139306538
61636134343839643735636461626663626237613262316564646339323933363864303935353834 32623135666535633462613430646637313030343933653461333230656564396663653364633238
39396637646264633736366336616336643032313237653662646331383963366533373766356539 30336161323431323337636135323539663466323637313366376535666132663662356239366339
35306165306534393463663332336430336635666135643561303935386635393838323865623162 66373830336132336439653637366664656230323834623039306337636433663931373138616466
36323565616232353261303139623465646234313136383436376162376165303664613164356162 30616437376435643535303237313831383534656634353265386565376564623431616263643334
33373237333666616135636231653637396330663930663962636161326664333261343737343735 65613633656533646138663138393831623330363635313662653264646636396461326664633362
37313465396130653138613539376436373237343138636535626632326435383234326466363235 38633765316333373363616563346230393866363365623862333162306263613938373663633963
34646663653038396630353637636166346261346233333632363361326536383634663433613564 31363639613238316334333437326631353830383734393765303037346436343036386437653637
35633864343630333033613133626635313931333031643564396164393135346131343832363861 32636139313464383264376663393730363038343831336565663565383135653139663765303239
61366664363838653438653137383933386233633836323332643531303936353237623734666135 31653036623138316566666461313665663462383662343461353332366634666437363263373864
31356166613664636634336536343032646239643130346564303162356431346539646336323339 30323564343934386666666338373238383333303939626237363131346261386562663566323365
61626236346535336638353134353838333434663838303730613363393365633739383563613434 37316563653231346336343166646661393431363739346237303161363838613237666533353034
64336331306639323061386338656361653636353831346237373134346538623464343562393735 64623435376462613961326333393930346663353737386130346461616638363639386364313266
39333764343139333133393233626564643266373034623764633835383561366265636632633937 34353465326632356233343633636331343638333937303562356133363432323939633865316630
62343635343161363231653138613263313562366439316435633964396161343566316435303465 33353539653162333734653338363764313439376439656435313932626431313930346662633838
39666236316339653839313333396264623636663561653932386638366366663933353761353162 39636463393861396531633833343264393339323133316566356562613932663131633631303065
61343038383939396231346534336361306430373564353633653139306334623630343738636430 31323937663764613563333736313733326639643961653161303237353165343939666461396263
66376631366662313131646130363530323232383535333163363466636262363461633232343532 34323136356632336138643162326163653331616561626263616132393734396237666434326264
63626430336261353861633362396638643937623832386638626334663333363637393637373939 65653837383063306436643466383964386661643336343230393436326139313963633036613065
64303039666432303535636265613564376139333331653336666563663238366639393366363334 31393930386463626131653565393932386462313236623531616235393064656237663837346539
36303635633933333832396562373965653361303034653139643466656534326231383162336366 34333730666337353537613564363531363831323035353532363366363731306335316138366361
31656138656539383539396462326134333331653131306537643962653762373035343235333233 37353438326130366439303136356636653030666464366436366566626464626262663838393462
34373730623663346430303962653061623330653263393633383835663739663961326566323036 34626662396239636536666433636436316535363539636261343131313430613765353836643133
30336365616532303362396230616531386639333636336332366335613935623836616134393033 38653839336663353663313535633231363765636633666363386561303039313438353838643561
62653535396630383436393631396337336163323361663930323532633666663238333366383462 32643131623162386661653464623461623434313733643564343435386636326531633136306139
36393261376262643336643761613731643032626632646332366661626331333233363436613937 38613937336132653238616561356338303264393962306431356463613764613364363738323366
34653731666137313733653863396164323963383037353265373532303137623037343733616537 31326562613764386533353135643737323161616363656362326262653765353764626166363338
66336433343334626536323639636139653931383466633833326234633332613431353432343561 34646231633764383962326135323164326565343034656430326531653231666633666465336231
36626339656536383862623833633634356435393764316633353135326639623534366538313330 62366635356566613766643832386234383766363236306638623133643036643662396430623330
62633333303266613630326330333336353264343937393864393239623664323366373565383334 31396239366338656565346563313430353463366465373534636536393131303166333263613663
37383237376664643065383834633961366632643261343635336335353765353863323131653866 36393864663636333666396566303638646166346665303765343531313661376632623137613131
31326531303461323736303730623638663863353939636437636231636437323730656463633733 32653031343861363831646635356232353836363536613834343663326261623262336336393838
65383934343534383631363162363830386365313935663337366335326131393262353030663765 35623638636538626566353864343362633264366435383633333562366365326432663839613934
30643665383332613030336439346332363135366232303166623534333637366133656437643231 34323466396565303963333531346362363338623537343439666265353332303230356533323834
30306634636430643864363561316334383530613165326663326665613633636237353830393334 61333838356665653138346337336532333931616432353936306261356537663036643064333964
62653333623563626131666166646335663334393662336337333836376631303631666136376332 39643065303032393932323136363264316264386131353035383933386535303632613033633363
37316537356531346464623363653033306537636239633065646533643239653063613835363665 66346437333465653633626235336336353738343036326265376162383163326530373032663335
30383139326465613864316533643033333430326230646334353364633138666532353736313265 66643663666166366165396137383133396635336237343161303666393437303538316661336335
34623733613864646661353730666433613961643261346166303264386435643565373565323864 32396434323532303238303538303864393031303832346161303535386461666161316565646539
61346465336231613865363263303034396439346163393534666439666437353266323565653032 37303261336435323139663962316562346265343064346562393633616666653066623466316634
39386439646438313938356237643831643434666161383632316530356465616632313235643834 61346263366161366232386138666131323162333031623533303739646336623864613333323662
33303865653836303632656663366465333331616634313863656438393838636631313364633637 35363539646433323430313839633363393936356438313037613434663161653964366635363464
38646230643734393733663261326161376536643237626130353831363731306231313864613066 62643539393631386531313966643339383865623065393936666235653035376139656663616336
34623239396362336639363163313161323065653461363563353631613730373830643133336464 65663136326466616161376232316463643834356531336362336163343637326238663836363734
31336439636361363539383539323631303462633833353032373530333539336538363033383363 30363032653962306530633562636161396634363131633065326433363136316666633738343966
32613733623839623938326165356237313165383366646233393933393965613363666532646434 66303939383232373738373965393934653439396666623039353933633935393731653839623737
63316133613130313363303537366230646235663130313538333761633237383262316633366364 35376338363338306332353539313664303962353064306434323530623161323064633766643035
65373664616237316534613831313966623939396331626334313430386638653461386334363939 38363234343036616335393461643964386664616134313831663565633366616633626266393937
35333339643837666264356535643365353331393437313866643034663934336466336534343035 31623435646138646131356164313936656639393532343630663933613066333432666132363338
61313837666662343363613962623462333935353837333336363839623466303534303837396634 30356136303763376465396637613565386661333265633636643435313035313064383936306437
38656330666661356235626130303538666533666563323936633564383164633834353831306634 39626265643862313435343465643063656266373035356538393262363561356433323134333537
36343836353464623962333362353133386563343831336463646635646263383832666232323736 66663233313832326136366163623337373835663961313938636134613933663534333730333761
38613730316634373365343938623237356231643931303333366462373134383137366339613662 39313334346364623431646439386162633961316161393636656139303966626265623035366335
62643832323734363635643634373066303366306366663036623139393761636533326130313336 66666634363036326631376562623039303961663136366461313637343932303338356334383139
30316536396466383463393233363035393335343565323635333665346464366139626165636661 38383133306436303261643535353532383538613764616233363864656665633264623236623537
39363066643437613537653836636363376532643038363063383234353066313737663061363334 31353335343064626465626130356433366531306338623830623139316462316662633665663164
38306563613561663165623630366135303332636133343733343836383865613661393761333031 38363363656237326239633930623862663230623464663031363463356133626166353433633535
62653162626461616564643138613737623632313739393962396439306133646138303936636435 63343231326438383535356235343530393361636465363933356164323565326566303034383466
39393663653865363166316365376562353461633163353734343132343831386434653037323732 63323136643835623563393666333030656534333565316466333266663365346561363937336665
36356162356336616330636630376438636165653439376137313934663939376639396266323962 32323637366138303233373565333932626435306130633064656336623764366130323534333039
37383736333536653438363963316435326632393966383534326337303336386135616636363936 64613934383530343036343334396439373066326264353638353462613266663935343436353130
35393331313938653830646332376631623763383439623633396433633739663038313264323835 38616238313133363732343634663962666435656330396536643836326636373032623734353832
33373664313562366664363630316132643465363964383339363339656237323465626262306364 32313064663164626534336363376131656438623035646263666336633862613833323565656437
33306133373065303135613235623262396365363634316365356364373561363762666235666430 63616463613732663966643039653761633231616462363761336231313335363165646134356137
62336362643564313238363933623366396138646237336336623062326161326536323534326364 38633963393264653139356333626534303936326563326433363164623131393562393533383564
39316162643966616436343737313434616230346237346237363962653033613930623462386431 62646532643366376333373364646139363635323034613262386265383066303365323134633836
38343662356665383763633034393236613733643430313937326335356466376139653533333965 66666536653264393138326436393037373537393561613864343730366135353166633765323938
39386138623134666132663837616637376362303561393133656139653438386363613965393661 38306562326238613331343337306239376165636562666433356266313030613136656162646166
36343566643931393061373031343331336463643034383065383763663234373438383064303232 36303966373931363463383631386136313262633136383637626562353336306465613435336434
64666236313935346237666466333562613935646163653331303661386138313739326538353935 32303136393638396233393232386534643733626539653961366637316135373439386432643264
64323737323532663731353136336138633533386464616362333838396332323563353537613430 63663837306461376461306664366538396436386234366638626263303735323661393839343938
33633631326238366166346437316638363161386562383630623466386564323266333033313461 36393264306132313130326435636266643363616438613538303530306434636331333033323138
63666535363034613232346239636233623130393032353030363334333531646238373262323765 39656337666635363263316363363133616538356336646337373762613666323663656665383733
61373739396162643661353031613663353531653836323730326166383463613330333966336233 31623433396466383939306666373562303330373731323864363266323261383736353465633662
30386136346466336361303237303534373064353230653238363231633530613866663461643465 38356130353233663161623139653465646238363630643239386634623262303836333232303239
30396266356164353063323432663561396564636231346534366661663766613634376235356637 61313930346263643565333534373430653430363965373037646639633638333861346262373433
39313839616336666461313431326430333932623262333437386464636264373430653566386631 65346133636162396332373130356238346438626330373163326632323137333862373436363133
64653866623662363864376663613136306165393863346533303634623936373835633864313462 37373663396461613062616664336662373432383863333536366465313838333835653966353661
61333562646233303232623861366634383466633537383831626334356561353637663038643531 38343336316136316532613661306336636131653236663336396638316136626434303533323365
39386635326366646134333231653737653630356135396634326537633232333166616161653136 38356534353530633766646466663266613735396333386263356662613939373030396436363530
33393562383233656564356530386465623239386666313964343534343466616134373132636631 38333939623534356266323237623835373038663534616532326665346631616665616665666663
39666365393063323838343963366339373434353839383039383238613133636237316365323861 33633266333630646563363637666562336339393138326435373836336566346661646464613730
30626330643665626465666338353030653839383234393237623633646566376361646536353233 39616438373062656130393134353535313232376266386262623862383162366662626231373338
31393235623561323765633835313139313538343761393064353632316335656231353930656437 37373561376435323361316337636239366263656336303636346436373363663164343333656538
31313639313931636633333230653730666638373864326239333561393134356632623138366131 32633835353436623565393538643563646630366633343632633532396433616139303766666435
65356462373336383039316131626562633330666363386631383663343838393435663538343934 30373235373262633134383033363137316366316563613662313437663832356165353661666533
65386339626362623664393532386131303234633466363437383236616463343831353862323961 63343138393230333335323938666566623365623762643563633036613339636537366264333138
39663835313234326137303965663963663761656531653437343234643634316565333762663139 62656265363261663233396266616466333332633266326661373736353135383563313666633765
65393830633237623031303234636134633539316131396135616237316266333437633861303831 37316430633763326438326263643766396137363333353035623036346662303834376463613162
62656630373763343366636635653033666630613533363365636261323661383364343161343439 30363938396638336565303535663831326135393061383634646430343931373135636638333866
35626531346665656263643461306261376238353033343032353731373861333239333862653231 64623032366163386530313563656266376334343835366665633362643339643534643738373839
31336562653133623163353230633331346237356534333534613161323462636639636662623435 34323134636330383963353439376436323530373066623435376230306435333832633964653639
63633035336662376636623339326433393035646539626231363762643532323463316263393736 39373235353262383864303430336635393435656430646233613461306135643230666437393361
62613038333733636362356636373331313661663830633433643039653233626261613739663836 36616134356461616534646535396338656138616636396538373031626136323264323936366633
38643030313338383266323134326337323334343230623331386664333937316266623134336362 61373631306538363437323934316434663735323533656364393135613761326337303833383934
61373037353664623863393233376264616438656332386130316361663665323135386463383763 37383162356162373737336666663430343334356532333335363463623238643662333232333336
33303633356133353439393664363630336133306364363430393232326665393339323265383630 31376639386632626161303232653363626637376630333733343035323539623463626132373763
31656463343064383837333630366465396633393465666235626330343937313630623039383465 36613535623064636163643236383336653934663739326264653362333237303237393335613339
63326361663238653035613935343932623237396362643833313731323830313962616362613539 30323030353632613434393636336562363064306332663931393061393964393661363163326632
32346165303930323739313837643933363863643937346561643930653530393636383036613235 37353434656464333532343263363961613866643338396335656131373134333665353437613837
61376166386563643733333233343437623630323632643463353131386461663936313065313562 37336533366635616138366566666635366634613633616533373966336637303334613731316436
31393032646262386634353436643466323731366631393136393433616332613036666163336635 66376565643033383162373166373665633362313164643530356561383630343531346436343663
37303365633338613630656463663533653336666562653236336264303238383930383132346365 62313836323530623535356532303362333436643434663131653539646331346535666133336162
35386662636439653930343738633265363635626132343030653462306431363234633635643537 37653036376165333364373661386262633030363165353638386139646266623365306338383963
61666363346430653131623762666564313665653262386332396532646339383136383337353863 36373732356364333166386566653835663466346630356438323866636564663966363832613862
38386632316632373338653535323335363265653563376330663239343861346563646366313039 64623831646261333064663939613763323466336431343861386537633337396637383330333633
33306364623536346339393566326533633133393866303535326535306435626531346264616138 32636436343564633365616331626465613163333465373961656631373736373430396633393733
34356231373561633337653663643566633632393330386564393966666365306565316135646163 64386534353131666438346362376462636331353761636535663234613731356130666534323735
63366365383839343134303635376233343865663631633331333230616630366633396231333435 35636162323234386435646132396366326165663234653637363139303162613832346333383665
30366137383238393139336433353764633038616238326136663636656132626538393565393130 64323737306634613530633636643761346461326130663234373363326230616331336430353261
38653765326137393136386233383636383165613235373437353730306564643033306534386666 38346630356136333966656562343730356234643537323635653532396337373331363537393662
61623538663537653166313264303533623162356134393333373732383535386261333535383039 33373862336232623563636436643239623837623862386638353361383830303365333362353665
65613166666230336265366335323434636336663835323034373930393430363065376665666337 33666236363035616363326462376337363736333234613133383636396464306236386238333863
35363265666130653830333536326433316639613638613730666139623137333736663535633032 39316237326638663535646361393939393938656335653262633063326132663331343235626364
33363135376636636536623731323134343237393633333038393364376237386165 35366532333161343562383763653130306235633934393066356239653565633962343235643036
62333363323065663137393736383964613061393131376637363031393335306534626230383139
35333437613963386664646336383637323534366635336264333039643861396561373461636439
30323831333335393365383834386138626664653531333830363862363330346466646432656663
62383534343131636331353763356166386339303564353035383466353636636335653333383431
30616133383565623430326534396432376331636161393930366263366539343332666631616530
36383937313164663631626163646339623365653937616634656235303039636439646335616561
31623135366136333766663833333932383032343438376336366533636466353666633437353338
33386166386231353430646665323164363961666538343537313734343465366333383763666666
33326363656134613031393033646435333937353865316161626137633939333934316536643830
37386364356233353964326661386564656132643937366665353139653533336331323138356633
35656562663961343238386132636331636439383236383761306337626262303764656431303964
62646133323361643162313231376633663231313833633964613862353265336538633261643834
62353230316334363363343133626530643832356631353937353334613538616366396438383338
39336366623332363966383535373365666263383231356532346533386262643465306430336462
64623764333861663031

5
group_vars/all/secrets.yml.contents
View file

@ -55,3 +55,8 @@ rallly_secrets:
membersystem_secrets: membersystem_secrets:
secret_key: xxx secret_key: xxx
stripe_api_key: xxx
stripe_endpoint_secret: xxx
diun:
matrix_password: xxx

28
group_vars/all/vars.yml
View file

@ -1,17 +1,24 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
users: users:
- name: ansible - name: graffen
comment: Ansible User comment: Jesper Hess Nielsen
password_lock: true password: '!'
groups: [] groups: []
ssh_keys: [] ssh_keys: []
- name: valberg
comment: Vidir Valberg Gudmundsson
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
groups:
- sudo
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
- name: reynir - name: reynir
comment: Reynir Björnsson comment: Reynir Björnsson
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0 password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
password_lock: false
groups: groups:
- sudo - sudo
ssh_keys: ssh_keys:
@ -21,19 +28,8 @@ users:
- name: samsapti - name: samsapti
comment: Sam Al-Sapti comment: Sam Al-Sapti
password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60 password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60
password_lock: false
groups: groups:
- sudo - sudo
ssh_keys: ssh_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
- name: valberg
comment: Vidir Valberg Gudmundsson
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
password_lock: false
groups:
- sudo
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=

10
group_vars/monitoring/vars.yml
View file

@ -1,10 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_include:
- nginx_proxy
- uptime_kuma
- watchtower

13
group_vars/production/vars.yml
View file

@ -1,13 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: data.coop
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=data,dc=coop"

13
group_vars/staging/vars.yml
View file

@ -1,13 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
base_domain: staging.data.coop
letsencrypt_email: admin@data.coop
services_exclude:
- uptime_kuma
smtp_host: "postfix"
smtp_port: "587"
ldap_dn: "dc=staging,dc=data,dc=coop"

8
host_vars/cavall.yml
View file

@ -1,8 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 22

12
host_vars/folald.yml
View file

@ -1,12 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.5
vm_host: cavall
vm_type: control

11
host_vars/hestur.yml
View file

@ -1,11 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 22
vm_host: cloud
vm_type: uptime

12
host_vars/poltre.yml
View file

@ -1,12 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.2
vm_host: cavall
vm_type: app

12
host_vars/varsa.yml
View file

@ -1,12 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
hostname: "{{ inventory_hostname }}"
fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
ansible_host: "{{ fqdn }}"
ansible_port: 19022
internal_ipv4: 10.2.1.3
vm_host: cavall
vm_type: app

22
inventory.ini
View file

@ -1,22 +0,0 @@
[proxmox]
cavall
[monitoring]
hestur
[production]
poltre
[staging]
varsa
[control]
folald
[virtual:children]
production
staging
control
[physical:children]
proxmox

34
playbook.yml
View file

@ -1,15 +1,27 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- hosts: all - hosts: production
gather_facts: true gather_facts: true
become: true become: true
roles: vars:
- name: vm-common ldap_dn: "dc=data,dc=coop"
tags: [base_only]
- name: zfs vagrant: "{{ from_vagrant is defined and from_vagrant }}"
tags: [zfs] letsencrypt_enabled: "{{ not vagrant }}"
- name: docker
tags: [docker] base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
- name: services letsencrypt_email: "admin@{{ base_domain }}"
tags: [services]
smtp_host: "postfix"
smtp_port: "587"
services_exclude:
- uptime_kuma
tasks:
- import_role:
name: ubuntu_base
tags:
- base_only
- import_role:
name: docker

65
proxmox/etc/network/interfaces
View file

@ -1,65 +0,0 @@
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto eno2
iface eno2 inet manual
iface eno3 inet manual
iface eno4 inet manual
auto bond0
iface bond0 inet manual
bond-slaves eno1 eno2
bond-miimon 100
bond-mode 802.3ad
bond-xmit-hash-policy layer2+3
auto vmbr0
iface vmbr0 inet static
address 85.209.118.134/28
gateway 85.209.118.129
bridge-ports bond0
bridge-stp off
bridge-fd 0
#Main bridge for public VMs
iface vmbr0 inet6 static
address 2a09:94c4:55d1:7680::86/64
gateway 2a09:94c4:55d1:7680::1
auto vmbr1
iface vmbr1 inet manual
address 10.2.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#Internal bridge for VMs
auto vmbr2
iface vmbr2 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
#NAT bridge for VMs that need masquerading
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
source /etc/network/interfaces.d/*

231
roles/docker/defaults/main.yml
View file

@ -1,6 +1,229 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
docker_rootless: false volume_root_folder: "/docker-volumes"
docker_rootless_user: rootlessdocker volume_website_folder: "{{ volume_root_folder }}/websites"
docker_rootless_user_uid: 1102
services:
### Internal services ###
postfix:
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
pre_deploy_tasks: true
version: "v3.6.1-alpine"
nginx_proxy:
volume_folder: "{{ volume_root_folder }}/nginx"
pre_deploy_tasks: true
version: "1.3-alpine"
acme_companion_version: "2.2"
openldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
pre_deploy_tasks: true
version: "1.5.0"
phpldapadmin_version: "0.9.0"
netdata:
domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1"
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.19.0"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "22.0"
postgres_version: "10"
allowed_sender_domain: true
restic:
volume_folder: "{{ volume_root_folder }}/restic"
pre_deploy_tasks: true
remote_user: dc-user
remote_domain: rynkeby.skovgaard.tel
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic
version: "1.7.0"
disabled_in_vagrant: true
# mail dance
domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true
mail_from: "backup@noreply.{{ base_domain }}"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
pre_deploy_tasks: true
post_deploy_tasks: true
username: "docker"
password: "{{ docker_password }}"
version: "2"
### External services ###
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
pre_deploy_tasks: true
version: 28-apache
postgres_version: "10"
redis_version: 7-alpine
allowed_sender_domain: true
forgejo:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/forgejo"
version: "7.0.5"
allowed_sender_domain: true
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
postgres_version: 15-alpine
allowed_sender_domain: true
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
pre_deploy_tasks: true
version: v1.114.0
postgres_version: 15-alpine
allowed_sender_domain: true
element:
domain: "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/element"
pre_deploy_tasks: true
version: v1.11.69
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
pre_deploy_tasks: true
version: "20221009"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
pre_deploy_tasks: true
version: 1.9.9-alpine
postgres_version: 10-alpine
data_coop_website:
domain: "{{ base_domain }}"
www_domain: "www.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/datacoop"
pre_deploy_tasks: true
version: stable
staging_domain: "staging.{{ base_domain }}"
staging_version: staging
slides_2022_website:
domain: "2022.slides.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/slides-2022"
version: latest
fedi_dk_website:
domain: fedi.dk
volume_folder: "{{ volume_website_folder }}/fedidk"
version: latest
vhs_website:
domain: vhs.data.coop
volume_folder: "{{ volume_website_folder }}/vhs"
version: latest
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
volume_folder: "{{ volume_website_folder }}/cryptohagen"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
- "www.ulovlig-logning.dk"
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: "1"
mailu:
domain: "mail.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailu"
pre_deploy_tasks: true
dns: 192.168.203.254
subnet: 192.168.203.0/24
version: "2.0"
postgres_version: 14-alpine
redis_version: alpine
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
pre_deploy_tasks: true
post_deploy_tasks: true
version: v4.2.10
postgres_version: 14-alpine
redis_version: 6-alpine
allowed_sender_domain: true
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
pre_deploy_tasks: true
version: "2"
postgres_version: 14-alpine
allowed_sender_domain: true
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li,Balder:benjaoming@data.coop"
volume_folder: "{{ volume_root_folder }}/membersystem"
version: latest
postgres_version: 13-alpine
allowed_sender_domain: true
writefreely:
domain: "write.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/writefreely"
pre_deploy_tasks: true
version: v0.15.0
mariadb_version: "11.2"
allowed_sender_domain: true
watchtower:
volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3"
diun:
version: "4.28"
volume_folder: "{{ volume_root_folder }}/diun"
matrix_user: "@diun:data.coop"
matrix_room: "#datacoop-services-update:data.coop"
### Uptime monitoring ###
uptime_kuma:
domain: "uptime.{{ base_domain }}"
status_domain: "status.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
pre_deploy_tasks: true
version: "latest"
services_exclude: []
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"

0
roles/services/files/element/riot.im.conf → roles/docker/files/element/riot.im.conf
View file

0
roles/services/files/mastodon/postgresql.conf → roles/docker/files/mastodon/postgresql.conf
View file

0
roles/services/files/matrix/log.config → roles/docker/files/matrix/log.config
View file

0
roles/services/files/privatebin/conf.php → roles/docker/files/privatebin/conf.php
View file

0
roles/services/files/sso/sso.data.coop.pem → roles/docker/files/sso/sso.data.coop.pem
View file

0
roles/services/files/vhost/base_domain → roles/docker/files/vhost/base_domain
View file

0
roles/services/files/vhost/docker_registry → roles/docker/files/vhost/docker_registry
View file

0
roles/services/files/vhost/element → roles/docker/files/vhost/element
View file

0
roles/services/files/vhost/mastodon → roles/docker/files/vhost/mastodon
View file

0
roles/services/files/vhost/matrix → roles/docker/files/vhost/matrix
View file

0
roles/services/files/vhost/nextcloud → roles/docker/files/vhost/nextcloud
View file

0
roles/services/files/vhost/uptime_kuma → roles/docker/files/vhost/uptime_kuma
View file

0
roles/services/files/vhost/www.base_domain → roles/docker/files/vhost/www.base_domain
View file

1
roles/services/handlers/main.yml → roles/docker/handlers/main.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: restart nginx - name: restart nginx
command: docker compose restart proxy command: docker compose restart proxy

26
roles/docker/tasks/block.yml Normal file
View file

@ -0,0 +1,26 @@
# vim: ft=yaml.ansible
---
- name: Create volume folder for service {{ service.name }}
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file for service {{ service.name }}
template:
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Run pre-deployment tasks for service {{ service.name }}
include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy Compose stack for service {{ service.name }}
command: docker compose up -d --remove-orphans --pull always
args:
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service {{ service.name }}
include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

122
roles/docker/tasks/main.yml
View file

@ -1,114 +1,44 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Add Docker apt PGP key - name: Add Docker PGP key
ansible.builtin.apt_key: apt_key:
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 keyserver: pgp.mit.edu
url: https://download.docker.com/linux/debian/gpg id: 8D81803C0EBFCD88
state: present state: present
- name: Add Docker apt repository - name: Add Docker apt repository
ansible.builtin.apt_repository: apt_repository:
filename: docker repo: deb https://download.docker.com/linux/ubuntu bionic stable
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present state: present
update_cache: true update_cache: yes
- name: Install Docker - name: Install Docker
ansible.builtin.apt: apt:
name: name: "{{ pkgs }}"
- containerd.io state: present
vars:
pkgs:
- docker-ce - docker-ce
- docker-ce-cli
- docker-buildx-plugin
- docker-compose-plugin - docker-compose-plugin
state: present
- name: Create group for Docker socket - name: Configure cron job to prune unused Docker data weekly
ansible.builtin.group: cron:
name: docker
state: present
- name: Configure rootful Docker
when: not docker_rootless
block:
- name: Make sure Docker is running
ansible.builtin.service:
name: docker
enabled: true
state: started
- name: Configure cron job to prune unused Docker data weekly
ansible.builtin.cron:
name: Prune unused Docker data name: Prune unused Docker data
cron_file: ansible_docker_prune cron_file: ansible_docker_prune
job: docker system prune -fa --volumes --filter "until=6h" job: 'docker system prune -fa && docker volume prune -fa'
special_time: weekly special_time: weekly
user: root user: root
state: present state: present
- name: Configure rootless Docker - name: Create folder structure for bind mounts
when: docker_rootless file:
block: name: "{{ item }}"
- name: Make sure rootful Docker is stopped and disabled state: directory
ansible.builtin.systemd_service: loop:
name: docker - "{{ volume_root_folder }}"
enabled: false - "{{ volume_website_folder }}"
scope: system
state: stopped
- name: Install packages needed by rootless Docker - name: Set up services
ansible.builtin.apt: import_tasks: services.yml
name: tags:
- docker-ce-rootless-extras - setup_services
- uidmap
- dbus-user-session
- fuse-overlayfs
- slirp4netns
state: present
- name: Create user for rootless Docker
ansible.builtin.user:
name: "{{ docker_rootless_user }}"
uid: "{{ docker_rootless_user_uid }}"
comment: Rootless Docker User
groups:
- docker
state: present
- name: Enable lingering for Docker user
ansible.builtin.command:
cmd: loginctl enable-linger {{ docker_rootless_user }}
creates: /var/lib/systemd/linger/{{ docker_rootless_user }}
- name: Set DOCKER_HOST environment variable globally
ansible.builtin.lineinfile:
path: /etc/profile
regexp: '^export DOCKER_HOST='
line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
state: present
- name: Run rootless Docker setup script
ansible.builtin.command:
cmd: dockerd-rootless-setuptool.sh install
creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
become: true
become_user: "{{ docker_rootless_user }}"
- name: Make sure rootless Docker is running
ansible.builtin.systemd_service:
name: docker.service
enabled: true
scope: user
state: started
become: true
become_user: "{{ docker_rootless_user }}"
- name: Configure cron job to prune unused Docker data weekly
ansible.builtin.cron:
name: Prune unused Docker data
cron_file: ansible_docker_rootless_prune
job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
special_time: weekly
user: "{{ docker_rootless_user }}"
state: present

3
roles/services/tasks/post_deploy/docker_registry.yml → roles/docker/tasks/post_deploy/docker_registry.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Generate htpasswd file - name: Generate htpasswd file
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
@ -9,6 +8,6 @@
- name: log in to registry - name: log in to registry
docker_login: docker_login:
registry: docker.data.coop registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
username: docker username: docker
password: "{{ docker_password }}" password: "{{ docker_password }}"

19
roles/docker/tasks/post_deploy/mastodon.yml Normal file
View file

@ -0,0 +1,19 @@
# vim: ft=yaml.ansible
---
- name: Configure cron job to remove old Mastodon media daily
cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker exec mastodon-web-1 tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

1
roles/services/tasks/pre_deploy/data_coop_website.yml → roles/docker/tasks/pre_deploy/data_coop_website.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Upload vhost config for root domain - name: Upload vhost config for root domain
copy: copy:

1
roles/services/tasks/pre_deploy/docker_registry.yml → roles/docker/tasks/pre_deploy/docker_registry.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/element.yml → roles/docker/tasks/pre_deploy/element.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolder - name: Create subfolder
file: file:

1
roles/services/tasks/pre_deploy/hedgedoc.yml → roles/docker/tasks/pre_deploy/hedgedoc.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

3
roles/services/tasks/pre_deploy/mailu.yml → roles/docker/tasks/pre_deploy/mailu.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:
@ -35,6 +34,7 @@
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
state: hard state: hard
force: true force: true
when: letsencrypt_enabled
- name: Hard link to Let's Encrypt TLS key - name: Hard link to Let's Encrypt TLS key
file: file:
@ -42,3 +42,4 @@
dest: "{{ services.mailu.volume_folder }}/certs/key.pem" dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
state: hard state: hard
force: true force: true
when: letsencrypt_enabled

19
roles/services/tasks/pre_deploy/mastodon.yml → roles/docker/tasks/pre_deploy/mastodon.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolder for Mastodon data - name: Create subfolder for Mastodon data
file: file:
@ -44,21 +43,3 @@
copy: copy:
src: mastodon/postgresql.conf src: mastodon/postgresql.conf
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf" dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
- name: Configure cron job to remove old Mastodon media daily
ansible.builtin.cron:
name: Clean Mastodon media data older than a week
cron_file: ansible_mastodon_clean_media
job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl media remove --days 7
special_time: daily
user: root
state: present
- name: Configure cron job to remove old Mastodon preview cards daily
ansible.builtin.cron:
name: Clean Mastodon preview card data older than two weeks
cron_file: ansible_mastodon_clean_preview_cards
job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl preview_cards remove --days 14
special_time: daily
user: root
state: present

1
roles/services/tasks/pre_deploy/matrix.yml → roles/docker/tasks/pre_deploy/matrix.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/nextcloud.yml → roles/docker/tasks/pre_deploy/nextcloud.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/nginx_proxy.yml → roles/docker/tasks/pre_deploy/nginx_proxy.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/openldap.yml → roles/docker/tasks/pre_deploy/openldap.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/postfix.yml → roles/docker/tasks/pre_deploy/postfix.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Set up network for Postfix - name: Set up network for Postfix
docker_network: docker_network:

1
roles/services/tasks/pre_deploy/privatebin.yml → roles/docker/tasks/pre_deploy/privatebin.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolders - name: Create subfolders
file: file:

1
roles/services/tasks/pre_deploy/rallly.yml → roles/docker/tasks/pre_deploy/rallly.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolder - name: Create subfolder
file: file:

1
roles/services/tasks/pre_deploy/restic.yml → roles/docker/tasks/pre_deploy/restic.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create SSH directory - name: Create SSH directory
file: file:

0
roles/services/tasks/pre_deploy/uptime_kuma.yml → roles/docker/tasks/pre_deploy/uptime_kuma.yml
View file

1
roles/services/tasks/pre_deploy/writefreely.yml → roles/docker/tasks/pre_deploy/writefreely.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Create subfolder for MariaDB data - name: Create subfolder for MariaDB data
file: file:

9
roles/services/tasks/services.yml → roles/docker/tasks/services.yml
View file

@ -1,5 +1,4 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible
--- ---
- name: Set up external services network - name: Set up external services network
docker_network: docker_network:
@ -13,7 +12,9 @@
name: "{{ item }}" name: "{{ item }}"
vars: "{{ services[item] }}" vars: "{{ services[item] }}"
loop: "{{ services_include }}" loop: "{{ services_include }}"
when: single_service is not defined when: single_service is not defined and
(item.vars.disabled_in_vagrant is not defined or
not (item.vars.disabled_in_vagrant and vagrant))
- name: Deploy single service - name: Deploy single service
include_tasks: include_tasks:
@ -22,4 +23,6 @@
service: service:
name: "{{ single_service }}" name: "{{ single_service }}"
vars: "{{ services[single_service] }}" vars: "{{ services[single_service] }}"
when: single_service is defined and single_service in services when: single_service is defined and single_service in services and
(services[single_service].disabled_in_vagrant is not defined or
not (services[single_service].disabled_in_vagrant and vagrant))

4
roles/services/templates/compose-files/cryptoaarhus_website.yml.j2 → roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/cryptohagen_website.yml.j2 → roles/docker/templates/compose-files/cryptohagen_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/data_coop_website.yml.j2 → roles/docker/templates/compose-files/data_coop_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

10
roles/services/templates/compose-files/diun.yml.j2 → roles/docker/templates/compose-files/diun.yml.j2
View file

@ -1,6 +1,5 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.ansible
# THIS FILE IS MANAGED BY ANSIBLE ---
version: "3.5" version: "3.5"
services: services:
@ -17,6 +16,11 @@ services:
- "DIUN_WATCH_JITTER=30s" - "DIUN_WATCH_JITTER=30s"
- "DIUN_PROVIDERS_DOCKER=true" - "DIUN_PROVIDERS_DOCKER=true"
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true" - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
- "DIUN_NOTIF_MATRIX_HOMESERVERURL=https://{{ services.matrix.domain }}"
- "DIUN_NOTIF_MATRIX_USER={{ services.diun.matrix_user }}"
- "DIUN_NOTIF_MATRIX_ROOMID={{ services.diun.matrix_room }}"
- "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_secrets.matrix_password }}"
- "DIUN_NOTIF_MATRIX_MSGTYPE=text"
labels: labels:
- "diun.enable=true" - "diun.enable=true"
restart: always restart: always

4
roles/services/templates/compose-files/docker_registry.yml.j2 → roles/docker/templates/compose-files/docker_registry.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/drone.yml.j2 → roles/docker/templates/compose-files/drone.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/element.yml.j2 → roles/docker/templates/compose-files/element.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/fedi_dk_website.yml.j2 → roles/docker/templates/compose-files/fedi_dk_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/forgejo.yml.j2 → roles/docker/templates/compose-files/forgejo.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/hedgedoc.yml.j2 → roles/docker/templates/compose-files/hedgedoc.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/keycloak.yml.j2 → roles/docker/templates/compose-files/keycloak.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/mailu.yml.j2 → roles/docker/templates/compose-files/mailu.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/mastodon.yml.j2 → roles/docker/templates/compose-files/mastodon.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
x-sidekiq: &sidekiq x-sidekiq: &sidekiq
image: tootsuite/mastodon:{{ services.mastodon.version }} image: tootsuite/mastodon:{{ services.mastodon.version }}
restart: always restart: always

6
roles/services/templates/compose-files/matrix.yml.j2 → roles/docker/templates/compose-files/matrix.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:
@ -14,7 +12,7 @@ services:
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
synapse: synapse:
image: matrixdotorg/synapse:{{ services.matrix.version }} image: ghcr.io/element-hq/synapse:{{ services.matrix.version }}
restart: unless-stopped restart: unless-stopped
networks: networks:
- default - default

6
roles/services/templates/compose-files/membersystem.yml.j2 → roles/docker/templates/compose-files/membersystem.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:
@ -28,6 +26,8 @@ services:
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }} CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}" DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }} DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
STRIPE_API_KEY: "{{ membersystem_secrets.stripe_api_key }}"
STRIPE_ENDPOINT_SECRET: "{{ membersystem_secrets.stripe_endpoint_secret }}"
depends_on: depends_on:
- postgres - postgres

4
roles/services/templates/compose-files/netdata.yml.j2 → roles/docker/templates/compose-files/netdata.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/nextcloud.yml.j2 → roles/docker/templates/compose-files/nextcloud.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

5
roles/services/templates/compose-files/nginx_proxy.yml.j2 → roles/docker/templates/compose-files/nginx_proxy.yml.j2
View file

@ -1,6 +1,3 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:
@ -22,6 +19,7 @@ services:
labels: labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
{% if letsencrypt_enabled %}
acme: acme:
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }} image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
restart: always restart: always
@ -33,6 +31,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
depends_on: depends_on:
- proxy - proxy
{% endif %}
networks: networks:
external_services: external_services:

4
roles/services/templates/compose-files/openldap.yml.j2 → roles/docker/templates/compose-files/openldap.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/passit.yml.j2 → roles/docker/templates/compose-files/passit.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/portainer.yml.j2 → roles/docker/templates/compose-files/portainer.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

6
roles/services/templates/compose-files/postfix.yml.j2 → roles/docker/templates/compose-files/postfix.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:
@ -15,7 +13,7 @@ services:
- "./dkim:/etc/opendkim/keys" - "./dkim:/etc/opendkim/keys"
environment: environment:
# Get all services which have allowed_sender_domain defined # Get all services which have allowed_sender_domain defined
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" ALLOWED_SENDER_DOMAINS: "data.coop {{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
DKIM_AUTOGENERATE: true DKIM_AUTOGENERATE: true

4
roles/services/templates/compose-files/privatebin.yml.j2 → roles/docker/templates/compose-files/privatebin.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/rallly.yml.j2 → roles/docker/templates/compose-files/rallly.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

8
roles/services/templates/compose-files/restic.yml.j2 → roles/docker/templates/compose-files/restic.yml.j2
View file

@ -1,14 +1,12 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:
backup: backup:
image: mazzolino/restic:{{ services.restic.version }} image: mazzolino/restic:{{ services.restic.version }}
restart: always restart: always
hostname: {{ hostname }} hostname: {{ inventory_hostname_short }}
domainname: {{ fqdn }} domainname: {{ inventory_hostname }}
environment: environment:
RUN_ON_STARTUP: false RUN_ON_STARTUP: false
BACKUP_CRON: "0 30 3 * * *" BACKUP_CRON: "0 30 3 * * *"

4
roles/services/templates/compose-files/slides_2022_website.yml.j2 → roles/docker/templates/compose-files/slides_2022_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/ulovliglogning_website.yml.j2 → roles/docker/templates/compose-files/ulovliglogning_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/uptime_kuma.yml.j2 → roles/docker/templates/compose-files/uptime_kuma.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: '3.3' version: '3.3'
services: services:

4
roles/services/templates/compose-files/vhs_website.yml.j2 → roles/docker/templates/compose-files/vhs_website.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/watchtower.yml.j2 → roles/docker/templates/compose-files/watchtower.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

4
roles/services/templates/compose-files/writefreely.yml.j2 → roles/docker/templates/compose-files/writefreely.yml.j2
View file

@ -1,6 +1,4 @@
{# code: language=ansible-jinja #} # vim: ft=yaml.docker-compose
# THIS FILE IS MANAGED BY ANSIBLE
version: "3.8" version: "3.8"
services: services:

0
roles/services/templates/element/config.json.j2 → roles/docker/templates/element/config.json.j2
View file

0
roles/services/templates/mailu/env.j2 → roles/docker/templates/mailu/env.j2
View file

0
roles/services/templates/mastodon/env.j2 → roles/docker/templates/mastodon/env.j2
View file

0
roles/services/templates/matrix/homeserver.yaml.j2 → roles/docker/templates/matrix/homeserver.yaml.j2
View file

0
roles/services/templates/rallly/env.j2 → roles/docker/templates/rallly/env.j2
View file

0
roles/services/templates/restic/failure.sh.j2 → roles/docker/templates/restic/failure.sh.j2
View file

0
roles/services/templates/restic/ssh.config.j2 → roles/docker/templates/restic/ssh.config.j2
View file

0
roles/services/templates/restic/ssh.known_hosts.j2 → roles/docker/templates/restic/ssh.known_hosts.j2
View file

0
roles/services/templates/restic/success.sh.j2 → roles/docker/templates/restic/success.sh.j2
View file

0
roles/services/templates/writefreely/config.ini.j2 → roles/docker/templates/writefreely/config.ini.j2
View file

226
roles/services/defaults/main.yml
View file

@ -1,226 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
volume_root_folder: "/docker-volumes"
volume_website_folder: "{{ volume_root_folder }}/websites"
services:
### Internal services ###
postfix:
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
pre_deploy_tasks: true
version: "v3.6.1-alpine"
nginx_proxy:
volume_folder: "{{ volume_root_folder }}/nginx"
pre_deploy_tasks: true
version: "1.3-alpine"
acme_companion_version: "2.2"
openldap:
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
pre_deploy_tasks: true
version: "1.5.0"
phpldapadmin_version: "0.9.0"
netdata:
domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1"
portainer:
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.19.0"
keycloak:
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "22.0"
postgres_version: "10"
allowed_sender_domain: true
restic:
volume_folder: "{{ volume_root_folder }}/restic"
pre_deploy_tasks: true
remote_user: dc-user
remote_domain: rynkeby.skovgaard.tel
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
repository: restic
version: "1.7.0"
# mail dance
domain: "noreply.{{ base_domain }}"
allowed_sender_domain: true
mail_from: "backup@noreply.{{ base_domain }}"
docker_registry:
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
pre_deploy_tasks: true
post_deploy_tasks: true
username: "docker"
password: "{{ docker_password }}"
version: "2"
### External services ###
nextcloud:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
pre_deploy_tasks: true
version: 28-apache
postgres_version: "10"
redis_version: 7-alpine
allowed_sender_domain: true
forgejo:
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/forgejo"
version: "1.21.8-0"
allowed_sender_domain: true
passit:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
postgres_version: 15-alpine
allowed_sender_domain: true
matrix:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
pre_deploy_tasks: true
version: v1.98.0
postgres_version: 15-alpine
allowed_sender_domain: true
element:
domain: "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/element"
pre_deploy_tasks: true
version: v1.11.51
privatebin:
domain: "paste.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/privatebin"
pre_deploy_tasks: true
version: "20221009"
hedgedoc:
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
pre_deploy_tasks: true
version: 1.9.9-alpine
postgres_version: 10-alpine
data_coop_website:
domain: "{{ base_domain }}"
www_domain: "www.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/datacoop"
pre_deploy_tasks: true
version: stable
staging_domain: "staging.{{ base_domain }}"
staging_version: staging
slides_2022_website:
domain: "2022.slides.{{ base_domain }}"
volume_folder: "{{ volume_website_folder }}/slides-2022"
version: latest
fedi_dk_website:
domain: fedi.dk
volume_folder: "{{ volume_website_folder }}/fedidk"
version: latest
vhs_website:
domain: vhs.data.coop
volume_folder: "{{ volume_website_folder }}/vhs"
version: latest
cryptohagen_website:
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
volume_folder: "{{ volume_website_folder }}/cryptohagen"
ulovliglogning_website:
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
- "www.ulovlig-logning.dk"
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
cryptoaarhus_website:
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
drone:
domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone"
version: "1"
mailu:
domain: "mail.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mailu"
pre_deploy_tasks: true
dns: 192.168.203.254
subnet: 192.168.203.0/24
version: "2.0"
postgres_version: 14-alpine
redis_version: alpine
mastodon:
domain: "social.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/mastodon"
pre_deploy_tasks: true
version: v4.2.8
postgres_version: 14-alpine
redis_version: 6-alpine
allowed_sender_domain: true
rallly:
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
pre_deploy_tasks: true
version: "2"
postgres_version: 14-alpine
allowed_sender_domain: true
membersystem:
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"
volume_folder: "{{ volume_root_folder }}/membersystem"
version: latest
postgres_version: 13-alpine
allowed_sender_domain: true
writefreely:
domain: "write.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/writefreely"
pre_deploy_tasks: true
version: v0.15.0
mariadb_version: "11.2"
allowed_sender_domain: true
watchtower:
volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3"
diun:
version: "4.27"
volume_folder: "{{ volume_root_folder }}/diun"
### Uptime monitoring ###
uptime_kuma:
domain: "uptime.{{ base_domain }}"
status_domain: "status.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
pre_deploy_tasks: true
version: "latest"
services_exclude: []
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"

30
roles/services/tasks/block.yml
View file

@ -1,30 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create volume folder for service '{{ service.name }}'
file:
name: "{{ service.vars.volume_folder }}"
state: directory
- name: Upload Compose file for service '{{ service.name }}'
template:
src: compose-files/{{ service.name }}.yml.j2
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
owner: root
mode: u=rw,go=
- name: Run pre-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
- name: Deploy service '{{ service.name }}'
when: deploy_services is defined and deploy_services
block:
- name: Deploy Compose stack for service '{{ service.name }}'
ansible.builtin.command:
cmd: docker compose up -d --remove-orphans
chdir: "{{ service.vars.volume_folder }}"
- name: Run post-deployment tasks for service '{{ service.name }}'
ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

15
roles/services/tasks/main.yml
View file

@ -1,15 +0,0 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create folder structure for bind mounts
file:
name: "{{ item }}"
state: directory
loop:
- "{{ volume_root_folder }}"
- "{{ volume_website_folder }}"
- name: Set up services
import_tasks: services.yml
tags:
- setup_services

Some files were not shown because too many files have changed in this diff Show more