Upgrade matrix (synapse) to 1.114.0. Close #219

Reviewed-on: #216
Reviewed-by: valberg <valberg@orn.li>

.gitignore

@@ -1,6 +1,6 @@
 *.retry
 *.sw*
+.vagrant/
 *.log
 .idea/
-.vscode/
 venv/

Vagrantfile

@@ -0,0 +1,39 @@
+Vagrant.require_version ">= 2.0.0"
+PORT = 19022
+
+def provisioned?(vm="default", provider="virtualbox")
+  File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
+end
+
+Vagrant.configure(2) do |config|
+  config.vm.network :private_network, ip: "192.168.56.10"
+  config.vm.network :forwarded_port, guest: PORT, host: PORT
+
+  config.vm.box = "ubuntu/focal64"
+  config.vm.hostname = "datacoop"
+
+  config.vm.provider :virtualbox do |v|
+    v.cpus = 8
+    v.memory = 16384
+  end
+
+  config.vm.provision :ansible do |ansible|
+    ansible.compatibility_mode = "2.0"
+    ansible.playbook = "playbook.yml"
+    ansible.ask_vault_pass = true
+    ansible.verbose = "v"
+
+    # If the VM is already provisioned, we need to use the new port
+    if provisioned?
+      config.ssh.guest_port = PORT
+      ansible.extra_vars = {
+        ansible_port: PORT,
+        from_vagrant: true
+      }
+    else
+      ansible.extra_vars = {
+        from_vagrant: true
+      }
+    end
+  end
+end

ansible.cfg

@@ -1,8 +1,8 @@
 [defaults]
 ask_vault_pass = True
-inventory = inventory.ini
+inventory = datacoop_hosts
 interpreter_python = /usr/bin/python3
-remote_user = ansible
+remote_user = root
 retry_files_enabled = True
 use_persistent_connections = True
 forks = 10

cloud-init/cloud.cfg

@@ -1,117 +0,0 @@
-# cloud-config
-# The top level settings are used as module
-# and system configuration.
-# A set of users which may be applied and/or used by various modules
-# when a 'default' entry is found it will reference the 'default_user'
-# from the distro configuration specified below
-users:
-  - default
-
-
-# If this is set, 'root' will not be able to ssh in and they
-# will get a message to login instead as the default $user
-disable_root: true
-
-# This will cause the set+update hostname module to not operate (if true)
-preserve_hostname: false
-
-apt:
-  # This prevents cloud-init from rewriting apt's sources.list file,
-  # which has been a source of surprise.
-  preserve_sources_list: true
-
-# If you use datasource_list array, keep array items in a single line.
-# If you use multi line array, ds-identify script won't read array items.
-# Example datasource config
-# datasource:
-#    Ec2:
-#      metadata_urls: [ 'blah.com' ]
-#      timeout: 5 # (defaults to 50 seconds)
-#      max_wait: 10 # (defaults to 120 seconds)
-
-
-
-
-# The modules that run in the 'init' stage
-cloud_init_modules:
- - migrator
- - seed_random
- - bootcmd
- - write-files
- - growpart
- - resizefs
- - disk_setup
- - mounts
- - set_hostname
- - update_hostname
- - update_etc_hosts
- - ca-certs
- - rsyslog
- - users-groups
- - ssh
-
-# The modules that run in the 'config' stage
-cloud_config_modules:
- - snap
- - ssh-import-id
- - keyboard
- - locale
- - set-passwords
- - grub-dpkg
- - apt-pipelining
- - apt-configure
- - ntp
- - timezone
- - disable-ec2-metadata
- - runcmd
- - byobu
-
-# The modules that run in the 'final' stage
-cloud_final_modules:
- - package-update-upgrade-install
- - fan
- - landscape
- - lxd
- - write-files-deferred
- - puppet
- - chef
- - mcollective
- - salt-minion
- - reset_rmc
- - refresh_rmc_and_interface
- - rightscale_userdata
- - scripts-vendor
- - scripts-per-once
- - scripts-per-boot
- - scripts-per-instance
- - scripts-user
- - ssh-authkey-fingerprints
- - keys-to-console
- - install-hotplug
- - phone-home
- - final-message
- - power-state-change
-
-# System and/or distro specific settings
-# (not accessible to handlers/transforms)
-system_info:
-   # This will affect which distro class gets used
-   distro: debian
-   # Default user name + that default users groups (if added/used)
-   default_user:
-     name: ansible
-     lock_passwd: True
-     gecos: Ansible User
-     groups: []
-     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
-     shell: /bin/bash
-   # Other config here will be given to the distro class and/or path classes
-   paths:
-      cloud_dir: /var/lib/cloud/
-      templates_dir: /etc/cloud/templates/
-   package_mirrors:
-     - arches: [default]
-       failsafe:
-         primary: https://deb.debian.org/debian
-         security: https://deb.debian.org/debian-security
-   ssh_svcname: ssh

datacoop_hosts

@@ -0,0 +1,5 @@
+[production]
+hevonen.servers.data.coop ansible_port=19022
+
+[monitoring]
+uptime.data.coop

deploy.sh

@@ -2,15 +2,20 @@
 
 usage () {
     {
-        echo "Usage: $0"
-        echo "Usage: $0 base"
-        echo "Usage: $0 users"
-        echo "Usage: $0 services [--deploy] [SERVICE]"
+        echo "Usage: $0 [--vagrant]"
+        echo "Usage: $0 [--vagrant] base"
+        echo "Usage: $0 [--vagrant] users"
+        echo "Usage: $0 [--vagrant] services [SERVICE]"
     } >&2
 }
 
 BASE_CMD="ansible-playbook playbook.yml"
-DEPLOY="false"
+
+if [ "$1" = "--vagrant" ]; then
+    BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
+    VAGRANT_VAR="from_vagrant"
+    shift
+fi
 
 if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
     echo "Installing community.general modules"
@@ -23,24 +28,19 @@ if [ -z "$1" ]; then
 else
     case $1 in
         "services")
-            if [ -n "$2" && "$2" = "--deploy" ]; then
-                DEPLOY="true"
-                shift
-            fi
-
             if [ -z "$2" ]; then
                 echo "Deploying all services!"
-                $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY"
+                eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
             else
                 echo "Deploying service: $2"
-                $BASE_CMD --tags setup_services --extra-vars "deploy_services=$DEPLOY" --extra-vars "single_service=$2"
+                $BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
             fi
         ;;
         "base")
-            $BASE_CMD --tags base_only
+            eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
         ;;
         "users")
-            $BASE_CMD --tags setup-users
+            eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
         ;;
         *)
             usage

group_vars/all/secrets.yml

@@ -1,170 +1,185 @@
 $ANSIBLE_VAULT;1.1;AES256
-30613439636234396439623634656338666330643936373563656336323831353464353239353661
-6234316535383838653865643964353033623935313432630a666563316534343733363464396635
-34396664643137643136633837656432623633383361633336343562333039326538393034616637
-6634613631636433610a663835343739376534356133323163343132323233643135613333313132
-65373233666535366137343839363938303561653731633038376631386161653038613631396364
-33636131636536306134346336636332393436303063306262333430613137376438626133353963
-66396332363335333436623335613966323730616139353762656662386530356435623831656632
-30333363376132653362323339386437346134323232363336363461323332613962613131386264
-37383435653061653466613834346430656632626338316564656136666266353231363661666461
-32646461313365626232376536376463313531613861363462643062326538326234613332646430
-33383438613961623134343665383638346164653031363435656162306163653232353162343431
-38333239393332613466663231383932316330376535383466643233326134623530306361393639
-63386530643733393033646139613730313239313866343730643337393533366330373363353338
-62313739613531636166663135646262396334373538636634393534616337363337323630666261
-39643164363437653661633666376431303662396431633661663933343666613234326637636231
-38383537333532326636343366343564646630363838323162373339323365666262303836636232
-31343637616261636130656637393633383165353332346239323063646162306235313962363935
-64633639653261363563646664393630666564646165393736363562623231626634326163306630
-37613635306136643334616364303439323332666431386264623265323636623738303364396636
-37626161363466646166633434333265623236633033666562643264303662333363396631646638
-36626636363261313966393235313866353936323064343331626362306162323166323063656433
-63303762346330323031353034356162373433356436663134373930633634366330653233613139
-63363639343833616431633765613938623037323961623663336662666135313466303661316133
-39353664633036323031373862393530653433373062623233313965653735353566306538393439
-30366162663138326535346639393337393362366630343266643035353465663332333539613337
-30666666363134313239306231356663343166363137366636643931313039333732383833313036
-37393064396662623063613462336363386336393839313465323062646535373733326338353766
-31666639303836316266343764336462343765363930326338313635336633323662366238356264
-38613631313434383830333031643938393566633236383861633266326336653033663163336132
-61313132643062666434346333653234393865656463343363313636613364616361353561343739
-38313231333431303664323730626162613264343630356438336636373739653234336666646438
-37636437623336323461613063396137396533353265333034333435306666636261353933613232
-65363632383039666666323030323830333534376362326136313232393732613166303461383933
-62303166396533616538666566356238393265663163343264333664393936613066313665616137
-38613030623937633730646461666233333035323661363835313161613930336237396332623338
-30666166636662613130363430333436613532326437393730376536353963356633393736303065
-31393534646537323037316664313438643836386333613961663031383231663932633934656461
-62313163616635626131663961326438396439383432346337386261313330343330353637376330
-38346532396533326135303264613361663836646163623630323832653032396237353966663661
-36353365313962663832393333336138346335363832396535346336643565366465643565616638
-63616565356663623531323935393334326639626236353338643237343764366464666131393332
-64396665343535323339383434366133613235313866653663313639633930323864646536346232
-65316465643662376264373536393232326666663335316631376433343062646361376165363732
-66326165643163333737313139386461363431353239626236366238343035386663363435366464
-31633738336263633961306436613233303861633263343030336637373165663261316632663537
-31613636663163323365303038373134306264343831326264326261633834393366623061616262
-63393463333833393636666232626662643738653634306364326231343830633834643664353730
-37346131346263356539363630363230626364663161643064323538396131636633623866383939
-66346434323935353632633837363530663438636539616130633532346236343661633766383434
-34343339646662393030323661623665643432376365633435666333316439356631386234303062
-35346631656230346565323130333765663933373638303639363530373431343232393864656639
-33666433366131396464323137393239653531376662646235343962613639343831636261326265
-65663564613766313634653938316339306434663463623563316431633234323330623738646636
-37643535623664323433626561383462393033343232303838333930653366376536353765613036
-35663165623265616630373161336632646435613331373166303632373633313865386134636362
-61636134343839643735636461626663626237613262316564646339323933363864303935353834
-39396637646264633736366336616336643032313237653662646331383963366533373766356539
-35306165306534393463663332336430336635666135643561303935386635393838323865623162
-36323565616232353261303139623465646234313136383436376162376165303664613164356162
-33373237333666616135636231653637396330663930663962636161326664333261343737343735
-37313465396130653138613539376436373237343138636535626632326435383234326466363235
-34646663653038396630353637636166346261346233333632363361326536383634663433613564
-35633864343630333033613133626635313931333031643564396164393135346131343832363861
-61366664363838653438653137383933386233633836323332643531303936353237623734666135
-31356166613664636634336536343032646239643130346564303162356431346539646336323339
-61626236346535336638353134353838333434663838303730613363393365633739383563613434
-64336331306639323061386338656361653636353831346237373134346538623464343562393735
-39333764343139333133393233626564643266373034623764633835383561366265636632633937
-62343635343161363231653138613263313562366439316435633964396161343566316435303465
-39666236316339653839313333396264623636663561653932386638366366663933353761353162
-61343038383939396231346534336361306430373564353633653139306334623630343738636430
-66376631366662313131646130363530323232383535333163363466636262363461633232343532
-63626430336261353861633362396638643937623832386638626334663333363637393637373939
-64303039666432303535636265613564376139333331653336666563663238366639393366363334
-36303635633933333832396562373965653361303034653139643466656534326231383162336366
-31656138656539383539396462326134333331653131306537643962653762373035343235333233
-34373730623663346430303962653061623330653263393633383835663739663961326566323036
-30336365616532303362396230616531386639333636336332366335613935623836616134393033
-62653535396630383436393631396337336163323361663930323532633666663238333366383462
-36393261376262643336643761613731643032626632646332366661626331333233363436613937
-34653731666137313733653863396164323963383037353265373532303137623037343733616537
-66336433343334626536323639636139653931383466633833326234633332613431353432343561
-36626339656536383862623833633634356435393764316633353135326639623534366538313330
-62633333303266613630326330333336353264343937393864393239623664323366373565383334
-37383237376664643065383834633961366632643261343635336335353765353863323131653866
-31326531303461323736303730623638663863353939636437636231636437323730656463633733
-65383934343534383631363162363830386365313935663337366335326131393262353030663765
-30643665383332613030336439346332363135366232303166623534333637366133656437643231
-30306634636430643864363561316334383530613165326663326665613633636237353830393334
-62653333623563626131666166646335663334393662336337333836376631303631666136376332
-37316537356531346464623363653033306537636239633065646533643239653063613835363665
-30383139326465613864316533643033333430326230646334353364633138666532353736313265
-34623733613864646661353730666433613961643261346166303264386435643565373565323864
-61346465336231613865363263303034396439346163393534666439666437353266323565653032
-39386439646438313938356237643831643434666161383632316530356465616632313235643834
-33303865653836303632656663366465333331616634313863656438393838636631313364633637
-38646230643734393733663261326161376536643237626130353831363731306231313864613066
-34623239396362336639363163313161323065653461363563353631613730373830643133336464
-31336439636361363539383539323631303462633833353032373530333539336538363033383363
-32613733623839623938326165356237313165383366646233393933393965613363666532646434
-63316133613130313363303537366230646235663130313538333761633237383262316633366364
-65373664616237316534613831313966623939396331626334313430386638653461386334363939
-35333339643837666264356535643365353331393437313866643034663934336466336534343035
-61313837666662343363613962623462333935353837333336363839623466303534303837396634
-38656330666661356235626130303538666533666563323936633564383164633834353831306634
-36343836353464623962333362353133386563343831336463646635646263383832666232323736
-38613730316634373365343938623237356231643931303333366462373134383137366339613662
-62643832323734363635643634373066303366306366663036623139393761636533326130313336
-30316536396466383463393233363035393335343565323635333665346464366139626165636661
-39363066643437613537653836636363376532643038363063383234353066313737663061363334
-38306563613561663165623630366135303332636133343733343836383865613661393761333031
-62653162626461616564643138613737623632313739393962396439306133646138303936636435
-39393663653865363166316365376562353461633163353734343132343831386434653037323732
-36356162356336616330636630376438636165653439376137313934663939376639396266323962
-37383736333536653438363963316435326632393966383534326337303336386135616636363936
-35393331313938653830646332376631623763383439623633396433633739663038313264323835
-33373664313562366664363630316132643465363964383339363339656237323465626262306364
-33306133373065303135613235623262396365363634316365356364373561363762666235666430
-62336362643564313238363933623366396138646237336336623062326161326536323534326364
-39316162643966616436343737313434616230346237346237363962653033613930623462386431
-38343662356665383763633034393236613733643430313937326335356466376139653533333965
-39386138623134666132663837616637376362303561393133656139653438386363613965393661
-36343566643931393061373031343331336463643034383065383763663234373438383064303232
-64666236313935346237666466333562613935646163653331303661386138313739326538353935
-64323737323532663731353136336138633533386464616362333838396332323563353537613430
-33633631326238366166346437316638363161386562383630623466386564323266333033313461
-63666535363034613232346239636233623130393032353030363334333531646238373262323765
-61373739396162643661353031613663353531653836323730326166383463613330333966336233
-30386136346466336361303237303534373064353230653238363231633530613866663461643465
-30396266356164353063323432663561396564636231346534366661663766613634376235356637
-39313839616336666461313431326430333932623262333437386464636264373430653566386631
-64653866623662363864376663613136306165393863346533303634623936373835633864313462
-61333562646233303232623861366634383466633537383831626334356561353637663038643531
-39386635326366646134333231653737653630356135396634326537633232333166616161653136
-33393562383233656564356530386465623239386666313964343534343466616134373132636631
-39666365393063323838343963366339373434353839383039383238613133636237316365323861
-30626330643665626465666338353030653839383234393237623633646566376361646536353233
-31393235623561323765633835313139313538343761393064353632316335656231353930656437
-31313639313931636633333230653730666638373864326239333561393134356632623138366131
-65356462373336383039316131626562633330666363386631383663343838393435663538343934
-65386339626362623664393532386131303234633466363437383236616463343831353862323961
-39663835313234326137303965663963663761656531653437343234643634316565333762663139
-65393830633237623031303234636134633539316131396135616237316266333437633861303831
-62656630373763343366636635653033666630613533363365636261323661383364343161343439
-35626531346665656263643461306261376238353033343032353731373861333239333862653231
-31336562653133623163353230633331346237356534333534613161323462636639636662623435
-63633035336662376636623339326433393035646539626231363762643532323463316263393736
-62613038333733636362356636373331313661663830633433643039653233626261613739663836
-38643030313338383266323134326337323334343230623331386664333937316266623134336362
-61373037353664623863393233376264616438656332386130316361663665323135386463383763
-33303633356133353439393664363630336133306364363430393232326665393339323265383630
-31656463343064383837333630366465396633393465666235626330343937313630623039383465
-63326361663238653035613935343932623237396362643833313731323830313962616362613539
-32346165303930323739313837643933363863643937346561643930653530393636383036613235
-61376166386563643733333233343437623630323632643463353131386461663936313065313562
-31393032646262386634353436643466323731366631393136393433616332613036666163336635
-37303365633338613630656463663533653336666562653236336264303238383930383132346365
-35386662636439653930343738633265363635626132343030653462306431363234633635643537
-61666363346430653131623762666564313665653262386332396532646339383136383337353863
-38386632316632373338653535323335363265653563376330663239343861346563646366313039
-33306364623536346339393566326533633133393866303535326535306435626531346264616138
-34356231373561633337653663643566633632393330386564393966666365306565316135646163
-63366365383839343134303635376233343865663631633331333230616630366633396231333435
-30366137383238393139336433353764633038616238326136663636656132626538393565393130
-38653765326137393136386233383636383165613235373437353730306564643033306534386666
-61623538663537653166313264303533623162356134393333373732383535386261333535383039
-65613166666230336265366335323434636336663835323034373930393430363065376665666337
-35363265666130653830333536326433316639613638613730666139623137333736663535633032
-33363135376636636536623731323134343237393633333038393364376237386165
+31303330643235313132323363306532616164646565636532646131386663633330333335353938
+6632373337386339323566373163306435663562303663320a666438653936356335653534353464
+37373932623562326430396132316138373930383365313433646536343839636637386232306235
+6566393031643037340a643463373163663062643932353931646366306566346230336362623561
+30323138333636343165666239393138653462396538386139376432346335373066363366613535
+38623130333434386266393363306139333666393537663161626666323262646364636136393736
+37656438373365353335633237326635636263653534353961396562646535303764613564306133
+39373362343133643536383937386633373437333763636331663761646432663636373738373332
+36383638363539663034303536636264336230636630636331336438333338356431666332313931
+66653738656263613739333835366139633335643661373135396333346361343032303832353562
+61376531343861656532626630623330336362373666343863373738306430616530373565663438
+37373131646233656533633466356162326162616433613964616530393734336438326133373763
+65663266313939363361396231663564663664393363373061646436653535663338336138373961
+66303662323930376564313562376661336162316430316439313565633935323835386561356333
+61393330333965633764633364366336646166353031613438373234333436326330336537643464
+32383732336166303535393837353061353333386363356162323966336138363864663464356430
+62396530393234666339346537616637323334383365663732663365653636383036616263303362
+38623063623035616336346562396263336236376435386264336632336165336463613932383465
+37323634633831363938616137373335653130303465383939303332333131363866303863383965
+62333866333830666361613637333230363566333035366664353034303766633264643365343566
+30326530383562633764643630363963646337363865343431353530353036616434363062313132
+37393661326139613732636236633239653837333063646566653861643635363537386137393434
+64616437363666653664303132666630376665646666323733376164653636623465623964336638
+33623838616330353265333733343261356462613665653530333431343732646136346164626534
+34343463646262623464613832393963633366353835393531653634623234393230343430666161
+62306164616636616461306464333536333265313765326665626331363463363038393935653334
+64646132393835656366643239303063333233303331373961346631633034343136623663666462
+64306262636636346131333662626639323865343435373037306130366566343230656338626537
+62336234373136326330306633306637326239356439326339373839383130623836383338373561
+32646163616336623838373436303464643937333164643639623631393764623064626235303733
+61633063303962343931333437313031653435636432393531393130336234613462343838366363
+35383134303137633833363233376365666538333535306434373139333633386630636161636261
+63373339386364326231366634303962636437353336346461336661396566623034306132326332
+33633434326365353438313362616664393264633937393762336264633061313134656536363062
+37303861663732336238386331363164363436363966393534613332393230666266616364303661
+31323633656332643839616434313066643833616639353562386432663538366563633766393639
+33636534363263633261323533666366366665323437346431653464646233303636366231626535
+33373134333163373633313739626636303830383232616663636639646564643436313331643334
+37663132343030666566333431633136653064626466626362373864613334663737326233313138
+38336261663765633331393766333965613364306136333362626466623235303033396362346365
+36633963333561366265633633303262393832336364333365313336383066363065316133303634
+65363037646566323831363365653937623966323735353439353339616439306534663831653663
+34623537666435313661326631326235313130363938643635666531636165306539663630366265
+65323234613133663337363466336663633464316361656564326136633064373365373239363662
+37323834633163653938633435323763333539396532393664653162643832646535353262336631
+61386237663136336338663165613238663035386361643135333361383666643432396363363132
+66323832643339346534373066326333396232386166383161383764633338373533623236346366
+33373138303864323532363761313762376439343130316432613933353033363536336337363566
+31396133663330323665313033656436396238623630633465313734343063633537323939356337
+62306364633765323834333836316161366531643763333434383062363032653164353037336562
+61653332333062643362386665633665306662356532653031383365356632643861363038383137
+36326666356231396433363538666131353839353366323934343532306532633866623733663138
+33376665333430653533383439373463323661666165333636353434643739386363356536333837
+39313365643039386638623731386635363632376139666638643734303035386564376136656537
+39356162346164313839373931653139386464653232633339616166306235323232336139306538
+32623135666535633462613430646637313030343933653461333230656564396663653364633238
+30336161323431323337636135323539663466323637313366376535666132663662356239366339
+66373830336132336439653637366664656230323834623039306337636433663931373138616466
+30616437376435643535303237313831383534656634353265386565376564623431616263643334
+65613633656533646138663138393831623330363635313662653264646636396461326664633362
+38633765316333373363616563346230393866363365623862333162306263613938373663633963
+31363639613238316334333437326631353830383734393765303037346436343036386437653637
+32636139313464383264376663393730363038343831336565663565383135653139663765303239
+31653036623138316566666461313665663462383662343461353332366634666437363263373864
+30323564343934386666666338373238383333303939626237363131346261386562663566323365
+37316563653231346336343166646661393431363739346237303161363838613237666533353034
+64623435376462613961326333393930346663353737386130346461616638363639386364313266
+34353465326632356233343633636331343638333937303562356133363432323939633865316630
+33353539653162333734653338363764313439376439656435313932626431313930346662633838
+39636463393861396531633833343264393339323133316566356562613932663131633631303065
+31323937663764613563333736313733326639643961653161303237353165343939666461396263
+34323136356632336138643162326163653331616561626263616132393734396237666434326264
+65653837383063306436643466383964386661643336343230393436326139313963633036613065
+31393930386463626131653565393932386462313236623531616235393064656237663837346539
+34333730666337353537613564363531363831323035353532363366363731306335316138366361
+37353438326130366439303136356636653030666464366436366566626464626262663838393462
+34626662396239636536666433636436316535363539636261343131313430613765353836643133
+38653839336663353663313535633231363765636633666363386561303039313438353838643561
+32643131623162386661653464623461623434313733643564343435386636326531633136306139
+38613937336132653238616561356338303264393962306431356463613764613364363738323366
+31326562613764386533353135643737323161616363656362326262653765353764626166363338
+34646231633764383962326135323164326565343034656430326531653231666633666465336231
+62366635356566613766643832386234383766363236306638623133643036643662396430623330
+31396239366338656565346563313430353463366465373534636536393131303166333263613663
+36393864663636333666396566303638646166346665303765343531313661376632623137613131
+32653031343861363831646635356232353836363536613834343663326261623262336336393838
+35623638636538626566353864343362633264366435383633333562366365326432663839613934
+34323466396565303963333531346362363338623537343439666265353332303230356533323834
+61333838356665653138346337336532333931616432353936306261356537663036643064333964
+39643065303032393932323136363264316264386131353035383933386535303632613033633363
+66346437333465653633626235336336353738343036326265376162383163326530373032663335
+66643663666166366165396137383133396635336237343161303666393437303538316661336335
+32396434323532303238303538303864393031303832346161303535386461666161316565646539
+37303261336435323139663962316562346265343064346562393633616666653066623466316634
+61346263366161366232386138666131323162333031623533303739646336623864613333323662
+35363539646433323430313839633363393936356438313037613434663161653964366635363464
+62643539393631386531313966643339383865623065393936666235653035376139656663616336
+65663136326466616161376232316463643834356531336362336163343637326238663836363734
+30363032653962306530633562636161396634363131633065326433363136316666633738343966
+66303939383232373738373965393934653439396666623039353933633935393731653839623737
+35376338363338306332353539313664303962353064306434323530623161323064633766643035
+38363234343036616335393461643964386664616134313831663565633366616633626266393937
+31623435646138646131356164313936656639393532343630663933613066333432666132363338
+30356136303763376465396637613565386661333265633636643435313035313064383936306437
+39626265643862313435343465643063656266373035356538393262363561356433323134333537
+66663233313832326136366163623337373835663961313938636134613933663534333730333761
+39313334346364623431646439386162633961316161393636656139303966626265623035366335
+66666634363036326631376562623039303961663136366461313637343932303338356334383139
+38383133306436303261643535353532383538613764616233363864656665633264623236623537
+31353335343064626465626130356433366531306338623830623139316462316662633665663164
+38363363656237326239633930623862663230623464663031363463356133626166353433633535
+63343231326438383535356235343530393361636465363933356164323565326566303034383466
+63323136643835623563393666333030656534333565316466333266663365346561363937336665
+32323637366138303233373565333932626435306130633064656336623764366130323534333039
+64613934383530343036343334396439373066326264353638353462613266663935343436353130
+38616238313133363732343634663962666435656330396536643836326636373032623734353832
+32313064663164626534336363376131656438623035646263666336633862613833323565656437
+63616463613732663966643039653761633231616462363761336231313335363165646134356137
+38633963393264653139356333626534303936326563326433363164623131393562393533383564
+62646532643366376333373364646139363635323034613262386265383066303365323134633836
+66666536653264393138326436393037373537393561613864343730366135353166633765323938
+38306562326238613331343337306239376165636562666433356266313030613136656162646166
+36303966373931363463383631386136313262633136383637626562353336306465613435336434
+32303136393638396233393232386534643733626539653961366637316135373439386432643264
+63663837306461376461306664366538396436386234366638626263303735323661393839343938
+36393264306132313130326435636266643363616438613538303530306434636331333033323138
+39656337666635363263316363363133616538356336646337373762613666323663656665383733
+31623433396466383939306666373562303330373731323864363266323261383736353465633662
+38356130353233663161623139653465646238363630643239386634623262303836333232303239
+61313930346263643565333534373430653430363965373037646639633638333861346262373433
+65346133636162396332373130356238346438626330373163326632323137333862373436363133
+37373663396461613062616664336662373432383863333536366465313838333835653966353661
+38343336316136316532613661306336636131653236663336396638316136626434303533323365
+38356534353530633766646466663266613735396333386263356662613939373030396436363530
+38333939623534356266323237623835373038663534616532326665346631616665616665666663
+33633266333630646563363637666562336339393138326435373836336566346661646464613730
+39616438373062656130393134353535313232376266386262623862383162366662626231373338
+37373561376435323361316337636239366263656336303636346436373363663164343333656538
+32633835353436623565393538643563646630366633343632633532396433616139303766666435
+30373235373262633134383033363137316366316563613662313437663832356165353661666533
+63343138393230333335323938666566623365623762643563633036613339636537366264333138
+62656265363261663233396266616466333332633266326661373736353135383563313666633765
+37316430633763326438326263643766396137363333353035623036346662303834376463613162
+30363938396638336565303535663831326135393061383634646430343931373135636638333866
+64623032366163386530313563656266376334343835366665633362643339643534643738373839
+34323134636330383963353439376436323530373066623435376230306435333832633964653639
+39373235353262383864303430336635393435656430646233613461306135643230666437393361
+36616134356461616534646535396338656138616636396538373031626136323264323936366633
+61373631306538363437323934316434663735323533656364393135613761326337303833383934
+37383162356162373737336666663430343334356532333335363463623238643662333232333336
+31376639386632626161303232653363626637376630333733343035323539623463626132373763
+36613535623064636163643236383336653934663739326264653362333237303237393335613339
+30323030353632613434393636336562363064306332663931393061393964393661363163326632
+37353434656464333532343263363961613866643338396335656131373134333665353437613837
+37336533366635616138366566666635366634613633616533373966336637303334613731316436
+66376565643033383162373166373665633362313164643530356561383630343531346436343663
+62313836323530623535356532303362333436643434663131653539646331346535666133336162
+37653036376165333364373661386262633030363165353638386139646266623365306338383963
+36373732356364333166386566653835663466346630356438323866636564663966363832613862
+64623831646261333064663939613763323466336431343861386537633337396637383330333633
+32636436343564633365616331626465613163333465373961656631373736373430396633393733
+64386534353131666438346362376462636331353761636535663234613731356130666534323735
+35636162323234386435646132396366326165663234653637363139303162613832346333383665
+64323737306634613530633636643761346461326130663234373363326230616331336430353261
+38346630356136333966656562343730356234643537323635653532396337373331363537393662
+33373862336232623563636436643239623837623862386638353361383830303365333362353665
+33666236363035616363326462376337363736333234613133383636396464306236386238333863
+39316237326638663535646361393939393938656335653262633063326132663331343235626364
+35366532333161343562383763653130306235633934393066356239653565633962343235643036
+62333363323065663137393736383964613061393131376637363031393335306534626230383139
+35333437613963386664646336383637323534366635336264333039643861396561373461636439
+30323831333335393365383834386138626664653531333830363862363330346466646432656663
+62383534343131636331353763356166386339303564353035383466353636636335653333383431
+30616133383565623430326534396432376331636161393930366263366539343332666631616530
+36383937313164663631626163646339623365653937616634656235303039636439646335616561
+31623135366136333766663833333932383032343438376336366533636466353666633437353338
+33386166386231353430646665323164363961666538343537313734343465366333383763666666
+33326363656134613031393033646435333937353865316161626137633939333934316536643830
+37386364356233353964326661386564656132643937366665353139653533336331323138356633
+35656562663961343238386132636331636439383236383761306337626262303764656431303964
+62646133323361643162313231376633663231313833633964613862353265336538633261643834
+62353230316334363363343133626530643832356631353937353334613538616366396438383338
+39336366623332363966383535373365666263383231356532346533386262643465306430336462
+64623764333861663031

group_vars/all/secrets.yml.contents

@@ -55,3 +55,8 @@ rallly_secrets:
 
 membersystem_secrets:
   secret_key: xxx
+  stripe_api_key: xxx
+  stripe_endpoint_secret: xxx
+
+diun:
+  matrix_password: xxx

group_vars/all/vars.yml

@@ -1,17 +1,24 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 users:
-  - name: ansible
-    comment: Ansible User
-    password_lock: true
+  - name: graffen
+    comment: Jesper Hess Nielsen
+    password: '!'
     groups: []
     ssh_keys: []
 
+  - name: valberg
+    comment: Vidir Valberg Gudmundsson
+    password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
+    groups:
+      - sudo
+    ssh_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
+
   - name: reynir
     comment: Reynir Björnsson
     password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
-    password_lock: false
     groups:
       - sudo
     ssh_keys:
@@ -21,19 +28,8 @@ users:
   - name: samsapti
     comment: Sam Al-Sapti
     password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60
-    password_lock: false
     groups:
       - sudo
     ssh_keys:
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
-
-  - name: valberg
-    comment: Vidir Valberg Gudmundsson
-    password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
-    password_lock: false
-    groups:
-      - sudo
-    ssh_keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=

group_vars/monitoring/vars.yml

@@ -1,10 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-base_domain: data.coop
-letsencrypt_email: admin@data.coop
-
-services_include:
-  - nginx_proxy
-  - uptime_kuma
-  - watchtower

group_vars/production/vars.yml

@@ -1,13 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-base_domain: data.coop
-letsencrypt_email: admin@data.coop
-
-services_exclude:
-  - uptime_kuma
-
-smtp_host: "postfix"
-smtp_port: "587"
-
-ldap_dn: "dc=data,dc=coop"

group_vars/staging/vars.yml

@@ -1,13 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-base_domain: staging.data.coop
-letsencrypt_email: admin@data.coop
-
-services_exclude:
-  - uptime_kuma
-
-smtp_host: "postfix"
-smtp_port: "587"
-
-ldap_dn: "dc=staging,dc=data,dc=coop"

host_vars/cavall.yml

@@ -1,8 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-hostname: "{{ inventory_hostname }}"
-fqdn: "{{ hostname }}.servers.data.coop"
-
-ansible_host: "{{ fqdn }}"
-ansible_port: 22

host_vars/folald.yml

@@ -1,12 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-hostname: "{{ inventory_hostname }}"
-fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
-
-ansible_host: "{{ fqdn }}"
-ansible_port: 19022
-internal_ipv4: 10.2.1.5
-
-vm_host: cavall
-vm_type: control

host_vars/hestur.yml

@@ -1,11 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-hostname: "{{ inventory_hostname }}"
-fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
-
-ansible_host: "{{ fqdn }}"
-ansible_port: 22
-
-vm_host: cloud
-vm_type: uptime

host_vars/poltre.yml

@@ -1,12 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-hostname: "{{ inventory_hostname }}"
-fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
-
-ansible_host: "{{ fqdn }}"
-ansible_port: 19022
-internal_ipv4: 10.2.1.2
-
-vm_host: cavall
-vm_type: app

host_vars/varsa.yml

@@ -1,12 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-hostname: "{{ inventory_hostname }}"
-fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
-
-ansible_host: "{{ fqdn }}"
-ansible_port: 19022
-internal_ipv4: 10.2.1.3
-
-vm_host: cavall
-vm_type: app

inventory.ini

@@ -1,22 +0,0 @@
-[proxmox]
-cavall
-
-[monitoring]
-hestur
-
-[production]
-poltre
-
-[staging]
-varsa
-
-[control]
-folald
-
-[virtual:children]
-production
-staging
-control
-
-[physical:children]
-proxmox

playbook.yml

@@ -1,15 +1,27 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
-- hosts: all
+- hosts: production
   gather_facts: true
   become: true
-  roles:
-    - name: vm-common
-      tags: [base_only]
-    - name: zfs
-      tags: [zfs]
-    - name: docker
-      tags: [docker]
-    - name: services
-      tags: [services]
+  vars:
+    ldap_dn: "dc=data,dc=coop"
+
+    vagrant: "{{ from_vagrant is defined and from_vagrant }}"
+    letsencrypt_enabled: "{{ not vagrant }}"
+
+    base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
+    letsencrypt_email: "admin@{{ base_domain }}"
+
+    smtp_host: "postfix"
+    smtp_port: "587"
+
+    services_exclude:
+      - uptime_kuma
+
+  tasks:
+    - import_role:
+        name: ubuntu_base
+      tags:
+        - base_only
+    - import_role:
+        name: docker

proxmox/etc/network/interfaces

@@ -1,65 +0,0 @@
-# network interface settings; autogenerated
-# Please do NOT modify this file directly, unless you know what
-# you're doing.
-#
-# If you want to manage parts of the network configuration manually,
-# please utilize the 'source' or 'source-directory' directives to do
-# so.
-# PVE will preserve these directives, but will NOT read its network
-# configuration from sourced files, so do not attempt to move any of
-# the PVE managed interfaces into external files!
-
-auto lo
-iface lo inet loopback
-
-auto eno1
-iface eno1 inet manual
-
-auto eno2
-iface eno2 inet manual
-
-iface eno3 inet manual
-
-iface eno4 inet manual
-
-auto bond0
-iface bond0 inet manual
-	bond-slaves eno1 eno2
-	bond-miimon 100
-	bond-mode 802.3ad
-	bond-xmit-hash-policy layer2+3
-
-auto vmbr0
-iface vmbr0 inet static
-	address 85.209.118.134/28
-	gateway 85.209.118.129
-	bridge-ports bond0
-	bridge-stp off
-	bridge-fd 0
-#Main bridge for public VMs
-
-iface vmbr0 inet6 static
-	address 2a09:94c4:55d1:7680::86/64
-	gateway 2a09:94c4:55d1:7680::1
-
-auto vmbr1
-iface vmbr1 inet manual
-	address 10.2.1.1/24
-	bridge-ports none
-	bridge-stp off
-	bridge-fd 0
-#Internal bridge for VMs
-
-auto vmbr2
-iface vmbr2 inet static
-	address 192.168.1.1/24
-	bridge-ports none
-	bridge-stp off
-	bridge-fd 0
-#NAT bridge for VMs that need masquerading
-
-	post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
-	post-up   iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
-	post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
-
-source /etc/network/interfaces.d/*

roles/docker/defaults/main.yml

@@ -1,6 +1,229 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
-docker_rootless: false
-docker_rootless_user: rootlessdocker
-docker_rootless_user_uid: 1102
+volume_root_folder: "/docker-volumes"
+volume_website_folder: "{{ volume_root_folder }}/websites"
+
+services:
+  ### Internal services ###
+  postfix:
+    domain: "smtp.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/postfix"
+    pre_deploy_tasks: true
+    version: "v3.6.1-alpine"
+
+  nginx_proxy:
+    volume_folder: "{{ volume_root_folder }}/nginx"
+    pre_deploy_tasks: true
+    version: "1.3-alpine"
+    acme_companion_version: "2.2"
+
+  openldap:
+    domain: "ldap.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/openldap"
+    pre_deploy_tasks: true
+    version: "1.5.0"
+    phpldapadmin_version: "0.9.0"
+
+  netdata:
+    domain: "netdata.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/netdata"
+    version: "v1"
+
+  portainer:
+    domain: "portainer.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/portainer"
+    version: "2.19.0"
+
+  keycloak:
+    domain: sso.{{ base_domain }}
+    volume_folder: "{{ volume_root_folder }}/keycloak"
+    version: "22.0"
+    postgres_version: "10"
+    allowed_sender_domain: true
+
+  restic:
+    volume_folder: "{{ volume_root_folder }}/restic"
+    pre_deploy_tasks: true
+    remote_user: dc-user
+    remote_domain: rynkeby.skovgaard.tel
+    host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
+    repository: restic
+    version: "1.7.0"
+    disabled_in_vagrant: true
+    # mail dance
+    domain: "noreply.{{ base_domain }}"
+    allowed_sender_domain: true
+    mail_from: "backup@noreply.{{ base_domain }}"
+
+  docker_registry:
+    domain: "docker.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/docker-registry"
+    pre_deploy_tasks: true
+    post_deploy_tasks: true
+    username: "docker"
+    password: "{{ docker_password }}"
+    version: "2"
+
+  ### External services ###
+  nextcloud:
+    domain: "cloud.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/nextcloud"
+    pre_deploy_tasks: true
+    version: 28-apache
+    postgres_version: "10"
+    redis_version: 7-alpine
+    allowed_sender_domain: true
+
+  forgejo:
+    domain: "git.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/forgejo"
+    version: "7.0.5"
+    allowed_sender_domain: true
+
+  passit:
+    domain: "passit.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/passit"
+    version: stable
+    postgres_version: 15-alpine
+    allowed_sender_domain: true
+
+  matrix:
+    domain: "matrix.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/matrix"
+    pre_deploy_tasks: true
+    version: v1.114.0
+    postgres_version: 15-alpine
+    allowed_sender_domain: true
+
+  element:
+    domain: "element.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/element"
+    pre_deploy_tasks: true
+    version: v1.11.69
+
+  privatebin:
+    domain: "paste.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/privatebin"
+    pre_deploy_tasks: true
+    version: "20221009"
+
+  hedgedoc:
+    domain: "pad.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/hedgedoc"
+    pre_deploy_tasks: true
+    version: 1.9.9-alpine
+    postgres_version: 10-alpine
+
+  data_coop_website:
+    domain: "{{ base_domain }}"
+    www_domain: "www.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/datacoop"
+    pre_deploy_tasks: true
+    version: stable
+    staging_domain: "staging.{{ base_domain }}"
+    staging_version: staging
+
+  slides_2022_website:
+    domain: "2022.slides.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/slides-2022"
+    version: latest
+
+  fedi_dk_website:
+    domain: fedi.dk
+    volume_folder: "{{ volume_website_folder }}/fedidk"
+    version: latest
+
+  vhs_website:
+    domain: vhs.data.coop
+    volume_folder: "{{ volume_website_folder }}/vhs"
+    version: latest
+
+  cryptohagen_website:
+    domains:
+      - "cryptohagen.dk"
+      - "www.cryptohagen.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptohagen"
+
+  ulovliglogning_website:
+    domains:
+      - "ulovliglogning.dk"
+      - "www.ulovliglogning.dk"
+      - "ulovlig-logning.dk"
+      - "www.ulovlig-logning.dk"
+    volume_folder: "{{ volume_website_folder }}/ulovliglogning"
+
+  cryptoaarhus_website:
+    domains:
+      - "cryptoaarhus.dk"
+      - "www.cryptoaarhus.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
+
+  drone:
+    domain: "drone.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/drone"
+    version: "1"
+
+  mailu:
+    domain: "mail.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/mailu"
+    pre_deploy_tasks: true
+    dns: 192.168.203.254
+    subnet: 192.168.203.0/24
+    version: "2.0"
+    postgres_version: 14-alpine
+    redis_version: alpine
+
+  mastodon:
+    domain: "social.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/mastodon"
+    pre_deploy_tasks: true
+    post_deploy_tasks: true
+    version: v4.2.10
+    postgres_version: 14-alpine
+    redis_version: 6-alpine
+    allowed_sender_domain: true
+
+  rallly:
+    domain: "when.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/rallly"
+    pre_deploy_tasks: true
+    version: "2"
+    postgres_version: 14-alpine
+    allowed_sender_domain: true
+
+  membersystem:
+    domain: "member.{{ base_domain }}"
+    django_admins: "Vidir:valberg@orn.li,Balder:benjaoming@data.coop"
+    volume_folder: "{{ volume_root_folder }}/membersystem"
+    version: latest
+    postgres_version: 13-alpine
+    allowed_sender_domain: true
+
+  writefreely:
+    domain: "write.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/writefreely"
+    pre_deploy_tasks: true
+    version: v0.15.0
+    mariadb_version: "11.2"
+    allowed_sender_domain: true
+
+  watchtower:
+    volume_folder: "{{ volume_root_folder }}/watchtower"
+    version: "1.5.3"
+
+  diun:
+    version: "4.28"
+    volume_folder: "{{ volume_root_folder }}/diun"
+    matrix_user: "@diun:data.coop"
+    matrix_room: "#datacoop-services-update:data.coop"
+
+  ### Uptime monitoring ###
+  uptime_kuma:
+    domain: "uptime.{{ base_domain }}"
+    status_domain: "status.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/uptime_kuma"
+    pre_deploy_tasks: true
+    version: "latest"
+
+services_exclude: []
+services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"

roles/docker/handlers/main.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: restart nginx
   command: docker compose restart proxy

roles/docker/tasks/block.yml

@@ -0,0 +1,26 @@
+# vim: ft=yaml.ansible
+---
+- name: Create volume folder for service {{ service.name }}
+  file:
+    name: "{{ service.vars.volume_folder }}"
+    state: directory
+
+- name: Upload Compose file for service {{ service.name }}
+  template:
+    src: compose-files/{{ service.name }}.yml.j2
+    dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
+    owner: root
+    mode: u=rw,go=
+
+- name: Run pre-deployment tasks for service {{ service.name }}
+  include_tasks: pre_deploy/{{ service.name }}.yml
+  when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
+
+- name: Deploy Compose stack for service {{ service.name }}
+  command: docker compose up -d --remove-orphans --pull always
+  args:
+    chdir: "{{ service.vars.volume_folder }}"
+
+- name: Run post-deployment tasks for service {{ service.name }}
+  include_tasks: post_deploy/{{ service.name }}.yml
+  when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

roles/docker/tasks/main.yml

@@ -1,114 +1,44 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
-- name: Add Docker apt PGP key
-  ansible.builtin.apt_key:
-    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-    url: https://download.docker.com/linux/debian/gpg
+- name: Add Docker PGP key
+  apt_key:
+    keyserver: pgp.mit.edu
+    id: 8D81803C0EBFCD88
     state: present
 
 - name: Add Docker apt repository
-  ansible.builtin.apt_repository:
-    filename: docker
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu bionic stable
     state: present
-    update_cache: true
+    update_cache: yes
 
 - name: Install Docker
-  ansible.builtin.apt:
-    name:
-      - containerd.io
+  apt:
+    name: "{{ pkgs }}"
+    state: present
+  vars:
+    pkgs:
       - docker-ce
-      - docker-ce-cli
-      - docker-buildx-plugin
       - docker-compose-plugin
+
+- name: Configure cron job to prune unused Docker data weekly
+  cron:
+    name: Prune unused Docker data
+    cron_file: ansible_docker_prune
+    job: 'docker system prune -fa && docker volume prune -fa'
+    special_time: weekly
+    user: root
     state: present
 
-- name: Create group for Docker socket
-  ansible.builtin.group:
-    name: docker
-    state: present
+- name: Create folder structure for bind mounts
+  file:
+    name: "{{ item }}"
+    state: directory
+  loop:
+    - "{{ volume_root_folder }}"
+    - "{{ volume_website_folder }}"
 
-- name: Configure rootful Docker
-  when: not docker_rootless
-  block:
-    - name: Make sure Docker is running
-      ansible.builtin.service:
-        name: docker
-        enabled: true
-        state: started
-
-    - name: Configure cron job to prune unused Docker data weekly
-      ansible.builtin.cron:
-        name: Prune unused Docker data
-        cron_file: ansible_docker_prune
-        job: docker system prune -fa --volumes --filter "until=6h"
-        special_time: weekly
-        user: root
-        state: present
-
-- name: Configure rootless Docker
-  when: docker_rootless
-  block:
-    - name: Make sure rootful Docker is stopped and disabled
-      ansible.builtin.systemd_service:
-        name: docker
-        enabled: false
-        scope: system
-        state: stopped
-
-    - name: Install packages needed by rootless Docker
-      ansible.builtin.apt:
-        name:
-          - docker-ce-rootless-extras
-          - uidmap
-          - dbus-user-session
-          - fuse-overlayfs
-          - slirp4netns
-        state: present
-
-    - name: Create user for rootless Docker
-      ansible.builtin.user:
-        name: "{{ docker_rootless_user }}"
-        uid: "{{ docker_rootless_user_uid }}"
-        comment: Rootless Docker User
-        groups:
-          - docker
-        state: present
-
-    - name: Enable lingering for Docker user
-      ansible.builtin.command:
-        cmd: loginctl enable-linger {{ docker_rootless_user }}
-        creates: /var/lib/systemd/linger/{{ docker_rootless_user }}
-
-    - name: Set DOCKER_HOST environment variable globally
-      ansible.builtin.lineinfile:
-        path: /etc/profile
-        regexp: '^export DOCKER_HOST='
-        line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
-        state: present
-
-    - name: Run rootless Docker setup script
-      ansible.builtin.command:
-        cmd: dockerd-rootless-setuptool.sh install
-        creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
-      become: true
-      become_user: "{{ docker_rootless_user }}"
-
-    - name: Make sure rootless Docker is running
-      ansible.builtin.systemd_service:
-        name: docker.service
-        enabled: true
-        scope: user
-        state: started
-      become: true
-      become_user: "{{ docker_rootless_user }}"
-
-    - name: Configure cron job to prune unused Docker data weekly
-      ansible.builtin.cron:
-        name: Prune unused Docker data
-        cron_file: ansible_docker_rootless_prune
-        job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
-        special_time: weekly
-        user: "{{ docker_rootless_user }}"
-        state: present
+- name: Set up services
+  import_tasks: services.yml
+  tags:
+    - setup_services

roles/docker/tasks/post_deploy/docker_registry.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Generate htpasswd file
   shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
@@ -9,6 +8,6 @@
 
 - name: log in to registry
   docker_login:
-    registry: docker.data.coop
+    registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
     username: docker
     password: "{{ docker_password }}"

roles/docker/tasks/post_deploy/mastodon.yml

@@ -0,0 +1,19 @@
+# vim: ft=yaml.ansible
+---
+- name: Configure cron job to remove old Mastodon media daily
+  cron:
+    name: Clean Mastodon media data older than a week
+    cron_file: ansible_mastodon_clean_media
+    job: docker exec mastodon-web-1 tootctl media remove --days 7
+    special_time: daily
+    user: root
+    state: present
+
+- name: Configure cron job to remove old Mastodon preview cards daily
+  cron:
+    name: Clean Mastodon preview card data older than two weeks
+    cron_file: ansible_mastodon_clean_preview_cards
+    job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
+    special_time: daily
+    user: root
+    state: present

roles/docker/tasks/pre_deploy/data_coop_website.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Upload vhost config for root domain
   copy:

roles/docker/tasks/pre_deploy/docker_registry.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/element.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolder
   file:

roles/docker/tasks/pre_deploy/hedgedoc.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/mailu.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:
@@ -35,6 +34,7 @@
     dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
     state: hard
     force: true
+  when: letsencrypt_enabled
 
 - name: Hard link to Let's Encrypt TLS key
   file:
@@ -42,3 +42,4 @@
     dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
     state: hard
     force: true
+  when: letsencrypt_enabled

roles/docker/tasks/pre_deploy/mastodon.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolder for Mastodon data
   file:
@@ -44,21 +43,3 @@
   copy:
     src: mastodon/postgresql.conf
     dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
-
-- name: Configure cron job to remove old Mastodon media daily
-  ansible.builtin.cron:
-    name: Clean Mastodon media data older than a week
-    cron_file: ansible_mastodon_clean_media
-    job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl media remove --days 7
-    special_time: daily
-    user: root
-    state: present
-
-- name: Configure cron job to remove old Mastodon preview cards daily
-  ansible.builtin.cron:
-    name: Clean Mastodon preview card data older than two weeks
-    cron_file: ansible_mastodon_clean_preview_cards
-    job: docker compose -f {{ services.mastodon.volume_folder }}/docker-compose.yml exec web tootctl preview_cards remove --days 14
-    special_time: daily
-    user: root
-    state: present

roles/docker/tasks/pre_deploy/matrix.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/nextcloud.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/nginx_proxy.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/openldap.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/postfix.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Set up network for Postfix
   docker_network:

roles/docker/tasks/pre_deploy/privatebin.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolders
   file:

roles/docker/tasks/pre_deploy/rallly.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolder
   file:

roles/docker/tasks/pre_deploy/restic.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create SSH directory
   file:

roles/docker/tasks/pre_deploy/writefreely.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Create subfolder for MariaDB data
   file:

roles/docker/tasks/services.yml

@@ -1,5 +1,4 @@
 # vim: ft=yaml.ansible
-# code: language=ansible
 ---
 - name: Set up external services network
   docker_network:
@@ -13,7 +12,9 @@
       name: "{{ item }}"
       vars: "{{ services[item] }}"
   loop: "{{ services_include }}"
-  when: single_service is not defined
+  when: single_service is not defined and
+        (item.vars.disabled_in_vagrant is not defined or
+        not (item.vars.disabled_in_vagrant and vagrant))
 
 - name: Deploy single service
   include_tasks:
@@ -22,4 +23,6 @@
     service:
       name: "{{ single_service }}"
       vars: "{{ services[single_service] }}"
-  when: single_service is defined and single_service in services
+  when: single_service is defined and single_service in services and
+        (services[single_service].disabled_in_vagrant is not defined or
+        not (services[single_service].disabled_in_vagrant and vagrant))

roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/cryptohagen_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/data_coop_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/diun.yml.j2

@@ -1,6 +1,5 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.ansible
+---
 version: "3.5"
 
 services:
@@ -17,6 +16,11 @@ services:
       - "DIUN_WATCH_JITTER=30s"
       - "DIUN_PROVIDERS_DOCKER=true"
       - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
+      - "DIUN_NOTIF_MATRIX_HOMESERVERURL=https://{{ services.matrix.domain }}"
+      - "DIUN_NOTIF_MATRIX_USER={{ services.diun.matrix_user }}"
+      - "DIUN_NOTIF_MATRIX_ROOMID={{ services.diun.matrix_room }}"
+      - "DIUN_NOTIF_MATRIX_PASSWORD={{ diun_secrets.matrix_password }}"
+      - "DIUN_NOTIF_MATRIX_MSGTYPE=text"
     labels:
       - "diun.enable=true"
     restart: always

roles/docker/templates/compose-files/docker_registry.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/drone.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/element.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/fedi_dk_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/forgejo.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/hedgedoc.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/keycloak.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/mailu.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/mastodon.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 x-sidekiq: &sidekiq
   image: tootsuite/mastodon:{{ services.mastodon.version }}
   restart: always

roles/docker/templates/compose-files/matrix.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:
@@ -14,7 +12,7 @@ services:
       POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
 
   synapse:
-    image: matrixdotorg/synapse:{{ services.matrix.version }}
+    image: ghcr.io/element-hq/synapse:{{ services.matrix.version }}
     restart: unless-stopped
     networks:
       - default

roles/docker/templates/compose-files/membersystem.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:
@@ -28,6 +26,8 @@ services:
       CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
       DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
       DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
+      STRIPE_API_KEY: "{{ membersystem_secrets.stripe_api_key }}"
+      STRIPE_ENDPOINT_SECRET: "{{ membersystem_secrets.stripe_endpoint_secret }}"
     depends_on:
       - postgres
 

roles/docker/templates/compose-files/netdata.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services: 

roles/docker/templates/compose-files/nextcloud.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/nginx_proxy.yml.j2

@@ -1,6 +1,3 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
 version: "3.8"
 
 services:
@@ -22,6 +19,7 @@ services:
     labels:
       - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
 
+{% if letsencrypt_enabled %}
   acme:
     image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
     restart: always
@@ -33,6 +31,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     depends_on:
       - proxy
+{% endif %}
 
 networks:
   external_services:

roles/docker/templates/compose-files/openldap.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/passit.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/portainer.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/postfix.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:
@@ -15,7 +13,7 @@ services:
       - "./dkim:/etc/opendkim/keys"
     environment:
       # Get all services which have allowed_sender_domain defined
-      ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
+      ALLOWED_SENDER_DOMAINS: "data.coop {{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
       HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
       DKIM_AUTOGENERATE: true
 

roles/docker/templates/compose-files/privatebin.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/rallly.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/restic.yml.j2

@@ -1,14 +1,12 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:
   backup:
     image: mazzolino/restic:{{ services.restic.version }}
     restart: always
-    hostname: {{ hostname }}
-    domainname: {{ fqdn }}
+    hostname: {{ inventory_hostname_short }}
+    domainname: {{ inventory_hostname }}
     environment:
       RUN_ON_STARTUP: false
       BACKUP_CRON: "0 30 3 * * *"

roles/docker/templates/compose-files/slides_2022_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/ulovliglogning_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/uptime_kuma.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: '3.3'
 
 services:

roles/docker/templates/compose-files/vhs_website.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/watchtower.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/docker/templates/compose-files/writefreely.yml.j2

@@ -1,6 +1,4 @@
-{# code: language=ansible-jinja #}
-# THIS FILE IS MANAGED BY ANSIBLE
-
+# vim: ft=yaml.docker-compose
 version: "3.8"
 
 services:

roles/services/defaults/main.yml

@@ -1,226 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-volume_root_folder: "/docker-volumes"
-volume_website_folder: "{{ volume_root_folder }}/websites"
-
-services:
-  ### Internal services ###
-  postfix:
-    domain: "smtp.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/postfix"
-    pre_deploy_tasks: true
-    version: "v3.6.1-alpine"
-
-  nginx_proxy:
-    volume_folder: "{{ volume_root_folder }}/nginx"
-    pre_deploy_tasks: true
-    version: "1.3-alpine"
-    acme_companion_version: "2.2"
-
-  openldap:
-    domain: "ldap.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/openldap"
-    pre_deploy_tasks: true
-    version: "1.5.0"
-    phpldapadmin_version: "0.9.0"
-
-  netdata:
-    domain: "netdata.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/netdata"
-    version: "v1"
-
-  portainer:
-    domain: "portainer.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/portainer"
-    version: "2.19.0"
-
-  keycloak:
-    domain: sso.{{ base_domain }}
-    volume_folder: "{{ volume_root_folder }}/keycloak"
-    version: "22.0"
-    postgres_version: "10"
-    allowed_sender_domain: true
-
-  restic:
-    volume_folder: "{{ volume_root_folder }}/restic"
-    pre_deploy_tasks: true
-    remote_user: dc-user
-    remote_domain: rynkeby.skovgaard.tel
-    host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
-    repository: restic
-    version: "1.7.0"
-    # mail dance
-    domain: "noreply.{{ base_domain }}"
-    allowed_sender_domain: true
-    mail_from: "backup@noreply.{{ base_domain }}"
-
-  docker_registry:
-    domain: "docker.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/docker-registry"
-    pre_deploy_tasks: true
-    post_deploy_tasks: true
-    username: "docker"
-    password: "{{ docker_password }}"
-    version: "2"
-
-  ### External services ###
-  nextcloud:
-    domain: "cloud.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/nextcloud"
-    pre_deploy_tasks: true
-    version: 28-apache
-    postgres_version: "10"
-    redis_version: 7-alpine
-    allowed_sender_domain: true
-
-  forgejo:
-    domain: "git.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/forgejo"
-    version: "1.21.8-0"
-    allowed_sender_domain: true
-
-  passit:
-    domain: "passit.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/passit"
-    version: stable
-    postgres_version: 15-alpine
-    allowed_sender_domain: true
-
-  matrix:
-    domain: "matrix.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/matrix"
-    pre_deploy_tasks: true
-    version: v1.98.0
-    postgres_version: 15-alpine
-    allowed_sender_domain: true
-
-  element:
-    domain: "element.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/element"
-    pre_deploy_tasks: true
-    version: v1.11.51
-
-  privatebin:
-    domain: "paste.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/privatebin"
-    pre_deploy_tasks: true
-    version: "20221009"
-
-  hedgedoc:
-    domain: "pad.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/hedgedoc"
-    pre_deploy_tasks: true
-    version: 1.9.9-alpine
-    postgres_version: 10-alpine
-
-  data_coop_website:
-    domain: "{{ base_domain }}"
-    www_domain: "www.{{ base_domain }}"
-    volume_folder: "{{ volume_website_folder }}/datacoop"
-    pre_deploy_tasks: true
-    version: stable
-    staging_domain: "staging.{{ base_domain }}"
-    staging_version: staging
-
-  slides_2022_website:
-    domain: "2022.slides.{{ base_domain }}"
-    volume_folder: "{{ volume_website_folder }}/slides-2022"
-    version: latest
-
-  fedi_dk_website:
-    domain: fedi.dk
-    volume_folder: "{{ volume_website_folder }}/fedidk"
-    version: latest
-
-  vhs_website:
-    domain: vhs.data.coop
-    volume_folder: "{{ volume_website_folder }}/vhs"
-    version: latest
-
-  cryptohagen_website:
-    domains:
-      - "cryptohagen.dk"
-      - "www.cryptohagen.dk"
-    volume_folder: "{{ volume_website_folder }}/cryptohagen"
-
-  ulovliglogning_website:
-    domains:
-      - "ulovliglogning.dk"
-      - "www.ulovliglogning.dk"
-      - "ulovlig-logning.dk"
-      - "www.ulovlig-logning.dk"
-    volume_folder: "{{ volume_website_folder }}/ulovliglogning"
-
-  cryptoaarhus_website:
-    domains:
-      - "cryptoaarhus.dk"
-      - "www.cryptoaarhus.dk"
-    volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
-
-  drone:
-    domain: "drone.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/drone"
-    version: "1"
-
-  mailu:
-    domain: "mail.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/mailu"
-    pre_deploy_tasks: true
-    dns: 192.168.203.254
-    subnet: 192.168.203.0/24
-    version: "2.0"
-    postgres_version: 14-alpine
-    redis_version: alpine
-
-  mastodon:
-    domain: "social.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/mastodon"
-    pre_deploy_tasks: true
-    version: v4.2.8
-    postgres_version: 14-alpine
-    redis_version: 6-alpine
-    allowed_sender_domain: true
-
-  rallly:
-    domain: "when.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/rallly"
-    pre_deploy_tasks: true
-    version: "2"
-    postgres_version: 14-alpine
-    allowed_sender_domain: true
-
-  membersystem:
-    domain: "member.{{ base_domain }}"
-    django_admins: "Vidir:valberg@orn.li"
-    volume_folder: "{{ volume_root_folder }}/membersystem"
-    version: latest
-    postgres_version: 13-alpine
-    allowed_sender_domain: true
-
-  writefreely:
-    domain: "write.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/writefreely"
-    pre_deploy_tasks: true
-    version: v0.15.0
-    mariadb_version: "11.2"
-    allowed_sender_domain: true
-
-  watchtower:
-    volume_folder: "{{ volume_root_folder }}/watchtower"
-    version: "1.5.3"
-
-  diun:
-    version: "4.27"
-    volume_folder: "{{ volume_root_folder }}/diun"
-
-  ### Uptime monitoring ###
-  uptime_kuma:
-    domain: "uptime.{{ base_domain }}"
-    status_domain: "status.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/uptime_kuma"
-    pre_deploy_tasks: true
-    version: "latest"
-
-services_exclude: []
-services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"

roles/services/tasks/block.yml

@@ -1,30 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- name: Create volume folder for service '{{ service.name }}'
-  file:
-    name: "{{ service.vars.volume_folder }}"
-    state: directory
-
-- name: Upload Compose file for service '{{ service.name }}'
-  template:
-    src: compose-files/{{ service.name }}.yml.j2
-    dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
-    owner: root
-    mode: u=rw,go=
-
-- name: Run pre-deployment tasks for service '{{ service.name }}'
-  ansible.builtin.include_tasks: pre_deploy/{{ service.name }}.yml
-  when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
-
-- name: Deploy service '{{ service.name }}'
-  when: deploy_services is defined and deploy_services
-  block:
-    - name: Deploy Compose stack for service '{{ service.name }}'
-      ansible.builtin.command:
-        cmd: docker compose up -d --remove-orphans
-        chdir: "{{ service.vars.volume_folder }}"
-
-    - name: Run post-deployment tasks for service '{{ service.name }}'
-      ansible.builtin.include_tasks: post_deploy/{{ service.name }}.yml
-      when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks

roles/services/tasks/main.yml

@@ -1,15 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- name: Create folder structure for bind mounts
-  file:
-    name: "{{ item }}"
-    state: directory
-  loop:
-    - "{{ volume_root_folder }}"
-    - "{{ volume_website_folder }}"
-
-- name: Set up services
-  import_tasks: services.yml
-  tags:
-    - setup_services