Enable Watchtower for all services #123
111
.ansible-lint
Normal file
111
.ansible-lint
Normal file
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
# .ansible-lint
|
||||
|
||||
profile: null # min, basic, moderate,safety, shared, production
|
||||
|
||||
# exclude_paths included in this file are parsed relative to this file's location
|
||||
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||
# option are parsed relative to the CWD of execution.
|
||||
exclude_paths:
|
||||
- .cache/ # implicit unless exclude_paths is defined in config
|
||||
- .github/
|
||||
- test/fixtures/formatting-before/
|
||||
- test/fixtures/formatting-prettier/
|
||||
# parseable: true
|
||||
# quiet: true
|
||||
# strict: true
|
||||
# verbosity: 1
|
||||
|
||||
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||
mock_modules:
|
||||
- zuul_return
|
||||
# note the foo.bar is invalid as being neither a module or a collection
|
||||
- fake_namespace.fake_collection.fake_module
|
||||
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||
mock_roles:
|
||||
- mocked_role
|
||||
- author.role_name # old standalone galaxy role
|
||||
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||
|
||||
# Enable checking of loop variable prefixes in roles
|
||||
loop_var_prefix: "{role}_"
|
||||
|
||||
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||
# to skip_list.
|
||||
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||
|
||||
use_default_rules: true
|
||||
# Load custom rules from this specific folder
|
||||
# rulesdir:
|
||||
# - ./rule/directory/
|
||||
|
||||
# Ansible-lint completely ignores rules or tags listed below
|
||||
skip_list:
|
||||
- skip_this_tag
|
||||
|
||||
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||
# You must enable opt-in rules by listing each rule 'id' below.
|
||||
enable_list:
|
||||
- empty-string-compare # opt-in
|
||||
- no-log-password # opt-in
|
||||
- no-same-owner # opt-in
|
||||
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||
# library is missing. Normally its absence just skips using that rule.
|
||||
- yaml
|
||||
# Report only a subset of tags and fully ignore any others
|
||||
# tags:
|
||||
# - jinja[spacing]
|
||||
|
||||
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||
warn_list:
|
||||
- skip_this_tag
|
||||
- experimental # experimental is included in the implicit list
|
||||
# - role-name
|
||||
# - yaml[document-start] # you can also use sub-rule matches
|
||||
|
||||
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||
# write_list:
|
||||
# - all
|
||||
|
||||
# Offline mode disables installation of requirements.yml
|
||||
offline: false
|
||||
|
||||
# Return success if number of violations compared with previous git
|
||||
# commit has not increased. This feature works only in git
|
||||
# repositories.
|
||||
progressive: false
|
||||
|
||||
# Define required Ansible's variables to satisfy syntax check
|
||||
extra_vars:
|
||||
foo: bar
|
||||
multiline_string_variable: |
|
||||
line1
|
||||
line2
|
||||
complex_variable: ":{;\t$()"
|
||||
|
||||
# Uncomment to enforce action validation with tasks, usually is not
|
||||
# needed as Ansible syntax check also covers it.
|
||||
# skip_action_validation: false
|
||||
|
||||
# List of additional kind:pattern to be added at the top of the default
|
||||
# match list, first match determines the file kind.
|
||||
kinds:
|
||||
# - playbook: "**/examples/*.{yml,yaml}"
|
||||
# - galaxy: "**/folder/galaxy.yml"
|
||||
# - tasks: "**/tasks/*.yml"
|
||||
# - vars: "**/vars/*.yml"
|
||||
# - meta: "**/meta/main.yml"
|
||||
- yaml: "**/*.yaml-too"
|
||||
|
||||
# List of additional collections to allow in only-builtins rule.
|
||||
# only_builtins_allow_collections:
|
||||
# - example_ns.example_collection
|
||||
|
||||
# List of additions modules to allow in only-builtins rule.
|
||||
# only_builtins_allow_modules:
|
||||
# - example_module
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@ playbook.retry
|
|||
*.sw*
|
||||
.vagrant/
|
||||
*.log
|
||||
.idea/
|
||||
venv/
|
||||
|
|
14
.pre-commit-config.yaml
Normal file
14
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
repos:
|
||||
|
||||
#- repo: https://github.com/semaphor-dk/dansabel
|
||||
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||
# hooks:
|
||||
# - id: dansabel
|
||||
|
||||
- repo: https://github.com/ansible/ansible-lint
|
||||
rev: v6.9.0
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
files: \.(yaml|yml)$
|
||||
additional_dependencies:
|
||||
- ansible
|
12
Makefile
Normal file
12
Makefile
Normal file
|
@ -0,0 +1,12 @@
|
|||
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||
|
||||
create_venv:
|
||||
python3 -m venv venv
|
||||
venv/bin/pip install -U pip
|
||||
venv/bin/pip install ansible pre-commit
|
||||
|
||||
install_pre_commit:
|
||||
venv/bin/pre-commit install
|
||||
|
||||
install_ansible_galaxy_modules:
|
||||
venv/bin/ansible-galaxy collection install community.general
|
13
deploy.sh
13
deploy.sh
|
@ -2,8 +2,13 @@
|
|||
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
|
||||
if [ "$1" = "--vagrant" ]; then
|
||||
BASE_CMD="$BASE_CMD --inventory=vagrant_host"
|
||||
shift
|
||||
fi
|
||||
|
||||
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||
echo "Installing community modules"
|
||||
echo "Installing community.general modules"
|
||||
ansible-galaxy collection install community.general
|
||||
fi
|
||||
|
||||
|
@ -17,12 +22,14 @@ else
|
|||
echo "Deploying all services!"
|
||||
$BASE_CMD --tags setup_services
|
||||
else
|
||||
echo "Deploying services: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
||||
echo "Deploying service: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars "single_service=$2"
|
||||
fi
|
||||
;;
|
||||
"base")
|
||||
$BASE_CMD --tags base_only
|
||||
;;
|
||||
*)
|
||||
echo "Command \"$1\" not found!"
|
||||
esac
|
||||
fi
|
||||
|
|
25
playbook.yml
25
playbook.yml
|
@ -10,31 +10,6 @@
|
|||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
services:
|
||||
- nginx-proxy
|
||||
- postfix
|
||||
- openldap
|
||||
- keycloak
|
||||
- restic-backup
|
||||
- nextcloud
|
||||
- passit
|
||||
- gitea
|
||||
- matrix_riot
|
||||
- privatebin
|
||||
- codimd
|
||||
- hedgedoc
|
||||
- netdata
|
||||
- docker_registry
|
||||
- drone
|
||||
- websites
|
||||
- ulovliglogning-dk
|
||||
- watchtower
|
||||
- mailu
|
||||
- portainer
|
||||
- mastodon
|
||||
- rallly
|
||||
- membersystem
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
|
|
|
@ -1,122 +1,169 @@
|
|||
---
|
||||
volume_root_folder: "/docker-volumes"
|
||||
|
||||
nginx:
|
||||
services:
|
||||
|
||||
### Internal services ###
|
||||
postfix:
|
||||
file: postfix.yml
|
||||
version: "v3.5.1"
|
||||
|
||||
nginx_proxy:
|
||||
file: nginx_proxy.yml
|
||||
version: "1.0-alpine"
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
|
||||
ldap:
|
||||
nginx_acme_companion:
|
||||
version: "2.2"
|
||||
|
||||
openldap:
|
||||
file: openldap.yml
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
version: "1.5.0"
|
||||
|
||||
phpldapadmin:
|
||||
version: "0.9.0"
|
||||
|
||||
netdata:
|
||||
file: netdata.yml
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
version: "v1"
|
||||
|
||||
portainer:
|
||||
file: portainer.yml
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
version: "2.16.2"
|
||||
|
||||
keycloak:
|
||||
file: keycloak.yml
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
version: "20.0"
|
||||
|
||||
restic:
|
||||
file: restic_backup.yml
|
||||
user: "datacoop"
|
||||
domain: "restic.cannedtuna.org"
|
||||
repository: "datacoop-hevonen"
|
||||
version: "1.6.0"
|
||||
disabled_in_vagrant: true
|
||||
|
||||
docker_registry:
|
||||
file: docker_registry.yml
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
version: "2"
|
||||
|
||||
### External services ###
|
||||
|
||||
nextcloud:
|
||||
file: nextcloud.yml
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
version: 25-apache
|
||||
|
||||
gitea:
|
||||
file: gitea.yml
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
version: 1.17
|
||||
allowed_sender_domain: true
|
||||
|
||||
passit:
|
||||
file: passit.yml
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
version: stable
|
||||
allowed_sender_domain: true
|
||||
|
||||
matrix:
|
||||
file: matrix_riot.yml
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
version: v1.63.1
|
||||
|
||||
riot:
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
version: v1.11.8
|
||||
|
||||
privatebin:
|
||||
file: privatebin.yml
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
version: 20221009
|
||||
|
||||
codimd:
|
||||
domain: "oldpad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
file: hedgedoc.yml
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
|
||||
netdata:
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
|
||||
docker_registry:
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
version: 1
|
||||
|
||||
data_coop_website:
|
||||
file: websites/data.coop.yml
|
||||
domains:
|
||||
- "{{ base_domain }}"
|
||||
- "www.{{ base_domain }}"
|
||||
|
||||
samsapti marked this conversation as resolved
Outdated
|
||||
cryptohagen_website:
|
||||
file: websites/cryptohagen.dk.yml
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
|
||||
ulovliglogning_website:
|
||||
file: websites/ulovliglogning.dk.yml
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
|
||||
cryptoaarhus_website:
|
||||
file: websites/cryptoaarhus.dk.yml
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
|
||||
drone:
|
||||
file: drone.yml
|
||||
domain: "drone.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/drone"
|
||||
version: 1
|
||||
|
||||
mailu:
|
||||
file: mailu.yml
|
||||
version: 1.6
|
||||
domain: "mail.{{ base_domain }}"
|
||||
dns: 192.168.203.254
|
||||
subnet: 192.168.203.0/24
|
||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||
|
||||
portainer:
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
|
||||
ttrss:
|
||||
domain: rss.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||
|
||||
keycloak:
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
|
||||
postfix:
|
||||
allowed_sender_domains:
|
||||
- "services.{{ base_domain }}"
|
||||
- "{{ passit.domain }}"
|
||||
- "{{ gitea.domain }}"
|
||||
- "{{ mastodon.domain }}"
|
||||
- "{{ rallly.domain }}"
|
||||
- "{{ membersystem.domain }}"
|
||||
|
||||
mastodon:
|
||||
file: mastodon.yml
|
||||
domain: "social.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||
version: v4.0.2
|
||||
allowed_sender_domain: true
|
||||
|
||||
rallly:
|
||||
file: rallly.yml
|
||||
domain: "when.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||
allowed_sender_domain: true
|
||||
|
||||
membersystem:
|
||||
file: membersystem.yml
|
||||
domain: "member.{{ base_domain }}"
|
||||
django_admins: "Vidir:valberg@orn.li"
|
||||
|
||||
restic:
|
||||
user: "datacoop"
|
||||
domain: "restic.cannedtuna.org"
|
||||
repository: "datacoop-hevonen"
|
||||
allowed_sender_domain: true
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
# ----------
|
||||
# This identifies your server and cannot be changed safely later
|
||||
# ----------
|
||||
LOCAL_DOMAIN={{ mastodon.domain }}
|
||||
LOCAL_DOMAIN={{ services.mastodon.domain }}
|
||||
|
||||
# Redis
|
||||
# -----
|
||||
|
@ -52,7 +52,7 @@ SMTP_SERVER={{ smtp_host }}
|
|||
SMTP_PORT={{ smtp_port }}
|
||||
SMTP_LOGIN=
|
||||
SMTP_PASSWORD=
|
||||
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
|
||||
SMTP_FROM_ADDRESS=notifications@{{ services.mastodon.domain }}
|
||||
|
||||
# File storage (optional)
|
||||
# -----------------------
|
||||
|
|
|
@ -44,7 +44,7 @@ pid_file: /data/homeserver.pid
|
|||
# use synapse with a reverse proxy, this should be the URL to reach
|
||||
# synapse via the proxy.
|
||||
#
|
||||
public_baseurl: "https://{{ matrix.domain }}"
|
||||
public_baseurl: "https://{{ services.matrix.domain }}"
|
||||
|
||||
# Set the soft limit on the number of file descriptors synapse can use
|
||||
# Zero is used to indicate synapse should set the soft limit to the
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
NEXT_PUBLIC_BASE_URL="https://{{ rallly.domain }}"
|
||||
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||
SUPPORT_EMAIL="noreply@{{ rallly.domain }}"
|
||||
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||
SMTP_HOST="{{ smtp_host }}"
|
||||
SMTP_PORT="{{ smtp_port }}"
|
||||
SMTP_SECURE="false"
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "https://{{ matrix.domain }}"
|
||||
"base_url": "https://{{ services.matrix.domain }}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://vector.im"
|
||||
|
@ -37,7 +37,7 @@
|
|||
]
|
||||
},
|
||||
"enable_presence_by_hs_url": {
|
||||
"https://{{ matrix.domain }}": false
|
||||
"https://{{ services.matrix.domain }}": false
|
||||
},
|
||||
"terms_and_conditions_links": [
|
||||
{
|
||||
|
|
|
@ -1,511 +0,0 @@
|
|||
"use strict";
|
||||
|
||||
module.exports = {
|
||||
//
|
||||
// Set the server mode.
|
||||
// Public servers does not require authentication.
|
||||
//
|
||||
// Set to 'false' to enable users.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
public: false,
|
||||
|
||||
//
|
||||
// IP address or hostname for the web server to listen on.
|
||||
// Setting this to undefined will listen on all interfaces.
|
||||
//
|
||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
host: undefined,
|
||||
|
||||
//
|
||||
// Set the port to listen on.
|
||||
//
|
||||
// @type int
|
||||
// @default 9000
|
||||
//
|
||||
port: 9000,
|
||||
|
||||
//
|
||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||
// to let the operating system pick its preferred one.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
bind: undefined,
|
||||
|
||||
//
|
||||
// Sets whether the server is behind a reverse proxy and should honor the
|
||||
// X-Forwarded-For header or not.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
reverseProxy: false,
|
||||
|
||||
//
|
||||
// Set the default theme.
|
||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||
//
|
||||
// @type string
|
||||
// @default "example"
|
||||
//
|
||||
theme: "example",
|
||||
|
||||
//
|
||||
// Prefetch URLs
|
||||
//
|
||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||
// URLs posted in channels.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetch: false,
|
||||
|
||||
//
|
||||
// Store and proxy prefetched images and thumbnails.
|
||||
// This improves security and privacy by not exposing client IP address,
|
||||
// and always loading images from The Lounge instance and making all assets secure,
|
||||
// which in result fixes mixed content warnings.
|
||||
//
|
||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||
//
|
||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||
// and the folder is cleaned up on every The Lounge restart.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetchStorage: false,
|
||||
|
||||
//
|
||||
// Prefetch URLs Image Preview size limit
|
||||
//
|
||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||
//
|
||||
// @type int
|
||||
// @default 2048
|
||||
//
|
||||
prefetchMaxImageSize: 2048,
|
||||
|
||||
//
|
||||
// Display network
|
||||
//
|
||||
// If set to false network settings will not be shown in the login form.
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
displayNetwork: true,
|
||||
|
||||
//
|
||||
// Lock network
|
||||
//
|
||||
// If set to true, users will not be able to modify host, port and tls
|
||||
// settings and will be limited to the configured network.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
lockNetwork: false,
|
||||
|
||||
//
|
||||
// Hex IP
|
||||
//
|
||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||
// This is done to share the real user IP address with the server for host masking purposes.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
useHexIp: false,
|
||||
|
||||
//
|
||||
// WEBIRC support
|
||||
//
|
||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||
// network you are connecting to.
|
||||
//
|
||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||
// Format (function):
|
||||
// {"irc.example.net": function(client, args, trusted) {
|
||||
// // here, we return a webirc object fed directly to `irc-framework`
|
||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||
// }}
|
||||
//
|
||||
// @type string | function(client, args):object(webirc)
|
||||
// @default null
|
||||
webirc: null,
|
||||
|
||||
//
|
||||
// Log settings
|
||||
//
|
||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||
// the 'logs/<user>/<network>/' folder.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
logs: {
|
||||
//
|
||||
// Timestamp format
|
||||
//
|
||||
// @type string
|
||||
// @default "YYYY-MM-DD HH:mm:ss"
|
||||
//
|
||||
format: "YYYY-MM-DD HH:mm:ss",
|
||||
|
||||
//
|
||||
// Timezone
|
||||
//
|
||||
// @type string
|
||||
// @default "UTC+00:00"
|
||||
//
|
||||
timezone: "UTC+00:00",
|
||||
},
|
||||
|
||||
//
|
||||
// Maximum number of history lines per channel
|
||||
//
|
||||
// Defines the maximum number of history lines that will be kept in
|
||||
// memory per channel/query, in order to reduce the memory usage of
|
||||
// the server. Setting this to -1 will keep unlimited amount.
|
||||
//
|
||||
// @type integer
|
||||
// @default 10000
|
||||
maxHistory: 10000,
|
||||
|
||||
//
|
||||
// Default values for the 'Connect' form.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
defaults: {
|
||||
//
|
||||
// Name
|
||||
//
|
||||
// @type string
|
||||
// @default "Freenode"
|
||||
//
|
||||
name: "Freenode",
|
||||
|
||||
//
|
||||
// Host
|
||||
//
|
||||
// @type string
|
||||
// @default "chat.freenode.net"
|
||||
//
|
||||
host: "chat.freenode.net",
|
||||
|
||||
//
|
||||
// Port
|
||||
//
|
||||
// @type int
|
||||
// @default 6697
|
||||
//
|
||||
port: 6697,
|
||||
|
||||
//
|
||||
// Password
|
||||
//
|
||||
// @type string
|
||||
// @default ""
|
||||
//
|
||||
password: "",
|
||||
|
||||
//
|
||||
// Enable TLS/SSL
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
tls: true,
|
||||
|
||||
//
|
||||
// Nick
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
nick: "lounge-user",
|
||||
|
||||
//
|
||||
// Username
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
username: "lounge-user",
|
||||
|
||||
//
|
||||
// Real Name
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge User"
|
||||
//
|
||||
realname: "The Lounge User",
|
||||
|
||||
//
|
||||
// Channels
|
||||
// This is a comma-separated list.
|
||||
//
|
||||
// @type string
|
||||
// @default "#thelounge"
|
||||
//
|
||||
join: "#thelounge",
|
||||
},
|
||||
|
||||
//
|
||||
// Set socket.io transports
|
||||
//
|
||||
// @type array
|
||||
// @default ["polling", "websocket"]
|
||||
//
|
||||
transports: ["polling", "websocket"],
|
||||
|
||||
//
|
||||
// Run The Lounge using encrypted HTTP/2.
|
||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
https: {
|
||||
//
|
||||
// Enable HTTP/2 / HTTPS support.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Path to the key.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key.pem"
|
||||
// @default ""
|
||||
//
|
||||
key: "",
|
||||
|
||||
//
|
||||
// Path to the certificate.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key-cert.pem"
|
||||
// @default ""
|
||||
//
|
||||
certificate: "",
|
||||
|
||||
//
|
||||
// Path to the CA bundle.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/bundle.pem"
|
||||
// @default ""
|
||||
//
|
||||
ca: "",
|
||||
},
|
||||
|
||||
//
|
||||
// Default quit and part message if none is provided.
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge - https://thelounge.github.io"
|
||||
//
|
||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||
|
||||
//
|
||||
// Run The Lounge with identd support.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
identd: {
|
||||
//
|
||||
// Run the identd daemon on server start.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Port to listen for ident requests.
|
||||
//
|
||||
// @type int
|
||||
// @default 113
|
||||
//
|
||||
port: 113,
|
||||
},
|
||||
|
||||
//
|
||||
// Enable oidentd support using the specified file
|
||||
//
|
||||
// Example: oidentd: "~/.oidentd.conf",
|
||||
//
|
||||
// @type string
|
||||
// @default null
|
||||
//
|
||||
oidentd: null,
|
||||
|
||||
//
|
||||
// LDAP authentication settings (only available if public=false)
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. Lounge connects to the LDAP server with its system credentials
|
||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||
// user requesting to log in.
|
||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||
// DN and password. Auth is validated iff this connection is successful.
|
||||
//
|
||||
// The search query takes a couple of parameters in `searchDN`:
|
||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||
// to be returned;
|
||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||
// where <username> is the user name provided in the log in request,
|
||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||
// also given in the config, to filter for instance only for nodes of type
|
||||
// inetOrgPerson, or whatever LDAP search allows.
|
||||
//
|
||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||
// ignore searchDN options and assume that the user DN is always:
|
||||
// <bindDN>,<primaryKey>=<username>
|
||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||
// and <primaryKey> are provided by the config.
|
||||
//
|
||||
ldap: {
|
||||
//
|
||||
// Enable LDAP user authentication
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: true,
|
||||
|
||||
//
|
||||
// LDAP server URL
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
url: "ldap://{{ ldap.domain }}",
|
||||
|
||||
//
|
||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||
//
|
||||
// @type object (see nodejs' tls.connect() options)
|
||||
// @default {}
|
||||
//
|
||||
// Example:
|
||||
// You can use this option in order to force the use of IPv6:
|
||||
// {
|
||||
// host: 'my::ip::v6',
|
||||
// servername: 'example.com'
|
||||
// }
|
||||
tlsOptions: {},
|
||||
|
||||
//
|
||||
// LDAP base dn, alternative to searchDN
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
// baseDN: "",
|
||||
|
||||
//
|
||||
// LDAP primary key
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
primaryKey: "uid",
|
||||
|
||||
//
|
||||
// LDAP search dn settings. This defines the procedure by which the
|
||||
// lounge first look for user DN before authenticating her.
|
||||
// Ignored if baseDN is specified
|
||||
//
|
||||
// @type object
|
||||
//
|
||||
searchDN: {
|
||||
|
||||
//
|
||||
// LDAP searching bind DN
|
||||
// This bind DN is used to query the server for the DN of the user.
|
||||
// This is supposed to be a system user that has access in read only to
|
||||
// the DNs of the people that are allowed to log in.
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootDN: "cn=admin,dc=data,dc=coop",
|
||||
|
||||
//
|
||||
// Password of the lounge LDAP system user
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootPassword: "{{ ldap_admin_password }}",
|
||||
|
||||
//
|
||||
// LDAP filter
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
||||
filter: "(objectClass=inetOrgPerson)",
|
||||
|
||||
//
|
||||
// LDAP search base (search only within this node)
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
base: "{{ ldap_dn }}",
|
||||
|
||||
//
|
||||
// LDAP search scope
|
||||
//
|
||||
// @type string
|
||||
// @default "sub"
|
||||
//
|
||||
scope: "sub",
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
// Extra debugging
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
debug: {
|
||||
// Enables extra debugging output provided by irc-framework.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
ircFramework: false,
|
||||
|
||||
// Enables logging raw IRC messages into each server window.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
raw: false,
|
||||
},
|
||||
};
|
|
@ -4,5 +4,15 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
include_tasks: "services/{{ item.value.file }}"
|
||||
loop: "{{ services | dict2items }}"
|
||||
when: single_service is not defined and
|
||||
item.value.file is defined and
|
||||
item.value.disabled_in_vagrant is not defined
|
||||
|
||||
- name: setup single service
|
||||
include_tasks: "services/{{ services[single_service].file }}"
|
||||
when: single_service is defined and
|
||||
single_service in services and
|
||||
services[single_service].file is defined and
|
||||
services[single_service].disabled_in_vagrant is not defined
|
||||
|
|
|
@ -2,34 +2,34 @@
|
|||
- name: copy docker registry nginx configuration
|
||||
copy:
|
||||
src: "files/configs/docker_registry/nginx.conf"
|
||||
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
|
||||
dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: docker registry container
|
||||
docker_container:
|
||||
name: registry
|
||||
image: registry:2
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ docker_registry.volume_folder }}/auth:/auth"
|
||||
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
args:
|
||||
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
|
||||
- name: log in to registry
|
||||
docker_login:
|
||||
registry: "docker.data.coop"
|
||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
|
|
|
@ -14,31 +14,31 @@
|
|||
- external_services
|
||||
- drone
|
||||
volumes:
|
||||
- "{{ drone.volume_folder }}:/data"
|
||||
- "{{ services.drone.volume_folder }}:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||
DRONE_GITEA_SERVER: "https://{{ services.gitea.domain }}"
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_SERVER_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
drone-runner-docker:
|
||||
container_name: "drone-runner-docker"
|
||||
image: "drone/drone-runner-docker:1"
|
||||
image: "drone/drone-runner-docker:{{ services.drone.version }}"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- drone
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
||||
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_RPC_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
|
|
|
@ -7,25 +7,25 @@
|
|||
- name: gitea container
|
||||
docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:1.17
|
||||
image: gitea/gitea:{{ services.gitea.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: gitea
|
||||
- name: postfix
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ gitea.volume_folder }}:/data"
|
||||
- "{{ services.gitea.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- "22:22"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.gitea.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.gitea.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
GITEA__mailer__ENABLED: "true"
|
||||
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
|
||||
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
|
||||
GITEA__mailer__MAILER_TYPE: "smtp"
|
||||
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
||||
GITEA__mailer__USER: "noop"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create hedgedoc volume folders
|
||||
file:
|
||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "db"
|
||||
|
@ -12,7 +12,7 @@
|
|||
- name: copy sso public certificate
|
||||
copy:
|
||||
src: "files/sso/sso.data.coop.pem"
|
||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
mode: "0644"
|
||||
|
||||
- name: setup hedgedoc
|
||||
|
@ -31,13 +31,13 @@
|
|||
networks:
|
||||
- "hedgedoc"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1
|
||||
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||
environment:
|
||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
||||
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_EMAIL: "False"
|
||||
|
@ -47,12 +47,12 @@
|
|||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
CMD_USECDN: "false"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
networks:
|
||||
- "keycloak"
|
||||
volumes:
|
||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "keycloak"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
POSTGRES_DB: "keycloak"
|
||||
|
||||
app:
|
||||
image: "quay.io/keycloak/keycloak:20.0"
|
||||
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
|
@ -36,9 +36,9 @@
|
|||
- "--https-port=8080"
|
||||
- "--http-relative-path=/auth"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
- name: create mailu volume folders
|
||||
file:
|
||||
name: "{{ mailu.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- redis
|
||||
|
@ -20,20 +20,20 @@
|
|||
- name: upload mailu.env file
|
||||
template:
|
||||
src: mailu.env.j2
|
||||
dest: "{{ mailu.volume_folder}}/mailu.env"
|
||||
dest: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
|
||||
- name: hard link to Let's Encrypt TLS certificate
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: hard link to Let's Encrypt TLS key
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/key.pem"
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
when: letsencrypt_enabled
|
||||
|
@ -49,30 +49,30 @@
|
|||
image: redis:alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/redis:/data"
|
||||
- "{{ services.mailu.volume_folder }}/redis:/data"
|
||||
|
||||
database:
|
||||
image: mailu/postgresql:{{ mailu.version }}
|
||||
image: mailu/postgresql:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data/psql_db:/data"
|
||||
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
|
||||
- "{{ services.mailu.volume_folder }}/data/psql_db:/data"
|
||||
- "{{ services.mailu.volume_folder }}/data/psql_backup:/backup"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
front:
|
||||
image: mailu/nginx:{{ mailu.version }}
|
||||
image: mailu/nginx:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ mailu.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/certs:/certs"
|
||||
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/certs:/certs"
|
||||
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||
expose:
|
||||
- "80"
|
||||
ports:
|
||||
|
@ -85,70 +85,70 @@
|
|||
- external_services
|
||||
|
||||
resolver:
|
||||
image: mailu/unbound:{{ mailu.version }}
|
||||
image: mailu/unbound:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: "{{ mailu.dns }}"
|
||||
ipv4_address: "{{ services.mailu.dns }}"
|
||||
|
||||
admin:
|
||||
image: mailu/admin:{{ mailu.version }}
|
||||
image: mailu/admin:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data:/data"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ services.mailu.volume_folder }}/data:/data"
|
||||
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||
depends_on:
|
||||
- redis
|
||||
|
||||
imap:
|
||||
image: mailu/dovecot:{{ mailu.version }}
|
||||
image: mailu/dovecot:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/mail:/mail"
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/mail:/mail"
|
||||
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
|
||||
smtp:
|
||||
image: mailu/postfix:{{ mailu.version }}
|
||||
image: mailu/postfix:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
antispam:
|
||||
image: mailu/rspamd:{{ mailu.version }}
|
||||
image: mailu/rspamd:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
webmail:
|
||||
image: mailu/rainloop:1.6
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/webmail:/data"
|
||||
- "{{ services.mailu.volume_folder }}/webmail:/data"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -156,7 +156,7 @@
|
|||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "{{ mailu.subnet }}"
|
||||
- subnet: "{{ services.mailu.subnet }}"
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- name: create mastodon volume folders
|
||||
file:
|
||||
name: "{{ mastodon.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
|
@ -14,12 +14,12 @@
|
|||
- name: Copy mastodon environment file
|
||||
template:
|
||||
src: files/configs/mastodon/env_file.j2
|
||||
dest: "{{ mastodon.volume_folder }}/env_file"
|
||||
dest: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
template:
|
||||
src: files/configs/mastodon/vhost-mastodon
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||
|
||||
- name: set up mastodon
|
||||
docker_compose:
|
||||
|
@ -37,7 +37,7 @@
|
|||
healthcheck:
|
||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
||||
|
||||
|
@ -49,12 +49,12 @@
|
|||
healthcheck:
|
||||
test: ['CMD', 'redis-cli', 'ping']
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/redis_data:/data"
|
||||
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
|
||||
|
||||
web:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
networks:
|
||||
- external_services
|
||||
|
@ -66,18 +66,18 @@
|
|||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
VIRTUAL_PATH: "/"
|
||||
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
streaming:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: node ./streaming
|
||||
networks:
|
||||
- external_services
|
||||
|
@ -91,14 +91,14 @@
|
|||
- db
|
||||
- redis
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "4000"
|
||||
VIRTUAL_PATH: "/api/v1/streaming"
|
||||
|
||||
sidekiq:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: bundle exec sidekiq -c 32
|
||||
environment:
|
||||
DB_POOL: 32
|
||||
|
@ -110,7 +110,7 @@
|
|||
- external_services
|
||||
- internal_network
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||
|
||||
|
@ -121,5 +121,3 @@
|
|||
external: true
|
||||
internal_network:
|
||||
internal: true
|
||||
vars:
|
||||
mastodon_version: "v4.0.2"
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create matrix volume folders
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
|
@ -14,12 +14,12 @@
|
|||
|
||||
- name: create matrix DB folder
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/db"
|
||||
name: "{{ services.matrix.volume_folder }}/db"
|
||||
state: "directory"
|
||||
|
||||
- name: create riot volume folders
|
||||
file:
|
||||
name: "{{ riot.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.riot.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "data"
|
||||
|
@ -29,38 +29,38 @@
|
|||
- name: upload riot config.json
|
||||
template:
|
||||
src: files/configs/riot/config.json
|
||||
dest: "{{ riot.volume_folder }}/data/config.json"
|
||||
dest: "{{ services.riot.volume_folder }}/data/config.json"
|
||||
|
||||
- name: upload riot.im.conf
|
||||
template:
|
||||
src: files/configs/riot/riot.im.conf
|
||||
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
||||
dest: "{{ services.riot.volume_folder }}/data/riot.im.conf"
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-root
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
|
||||
|
||||
- name: upload vhost config for matrix domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-matrix
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||
|
||||
- name: upload vhost config for riot domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ item }}"
|
||||
loop: "{{ riot.domains }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}"
|
||||
loop: "{{ services.riot.domains }}"
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
template:
|
||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
||||
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||
|
||||
- name: upload matrix logging config
|
||||
template:
|
||||
src: "files/configs/matrix/matrix.data.coop.log.config"
|
||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
|
||||
- name: set up matrix and riot
|
||||
docker_compose:
|
||||
|
@ -76,32 +76,32 @@
|
|||
networks:
|
||||
- matrix
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "synapse"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||
|
||||
matrix_app:
|
||||
container_name: matrix
|
||||
image: matrixdotorg/synapse:v1.63.1
|
||||
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/data:/data"
|
||||
- "{{ services.matrix.volume_folder }}/data:/data"
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||
SYNAPSE_CACHE_FACTOR: "2"
|
||||
SYNAPSE_LOG_LEVEL: "INFO"
|
||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||
VIRTUAL_PORT: "8008"
|
||||
LETSENCRYPT_HOST: "{{ matrix.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
riot:
|
||||
container_name: riot_app
|
||||
image: avhost/docker-matrix-riot:v1.11.8
|
||||
image: avhost/docker-matrix-riot:{{ services.riot.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
|
@ -109,11 +109,11 @@
|
|||
expose:
|
||||
- 8080
|
||||
volumes:
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
- "{{ services.riot.volume_folder }}/data:/data"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
||||
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -25,14 +25,14 @@
|
|||
POSTGRES_PORT: 5432
|
||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||
VIRTUAL_PORT: "8000"
|
||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
||||
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
||||
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
||||
|
||||
postgres:
|
||||
samsapti marked this conversation as resolved
Outdated
valberg
commented
Den her skal blive - deploy af membersystem afhænger af watchtower :) Den her skal blive - deploy af membersystem afhænger af watchtower :)
|
||||
image: postgres:13-alpine
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: setup netdata docker container for system monitoring
|
||||
docker_container:
|
||||
name: netdata
|
||||
image: netdata/netdata:v1
|
||||
image: netdata/netdata:{{ services.netdata.version }}
|
||||
restart_policy: unless-stopped
|
||||
hostname: "hevonen.servers.{{ base_domain }}"
|
||||
capabilities:
|
||||
|
@ -16,7 +16,7 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: upload vhost config for cloud.data.coop
|
||||
template:
|
||||
src: files/configs/nextcloud/vhost
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ nextcloud.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||
notify: "restart nginx"
|
||||
|
||||
- name: setup nextcloud containers
|
||||
|
@ -17,7 +17,7 @@
|
|||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
@ -33,29 +33,29 @@
|
|||
- "nextcloud"
|
||||
|
||||
cron:
|
||||
image: "nextcloud:25-apache"
|
||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||
restart: "unless-stopped"
|
||||
entrypoint: "/cron.sh"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||
depends_on:
|
||||
- "postgres"
|
||||
- "redis"
|
||||
|
||||
app:
|
||||
image: "nextcloud:25-apache"
|
||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: "postgres"
|
||||
POSTGRES_DB: "nextcloud"
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ nginx.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:1.0-alpine
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:2.2
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
||||
|
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create ldap volume folders
|
||||
file:
|
||||
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "var/lib/ldap"
|
||||
|
@ -17,19 +17,19 @@
|
|||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:1.5.0
|
||||
image: osixia/openldap:{{ services.openldap.version }}
|
||||
tty: true
|
||||
interactive: true
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
published_ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ ldap.domain }}"
|
||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
||||
hostname: "{{ services.openldap.domain }}"
|
||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
|
@ -58,7 +58,7 @@
|
|||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:0.9.0
|
||||
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
|
@ -68,6 +68,6 @@
|
|||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
|
||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -13,13 +13,13 @@
|
|||
networks:
|
||||
- "passit"
|
||||
volumes:
|
||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "passit"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
|
||||
passit_app:
|
||||
image: "passit/passit:stable"
|
||||
image: "passit/passit:{{ services.passit.version }}"
|
||||
command: "bin/start.sh"
|
||||
restart: "always"
|
||||
networks:
|
||||
|
@ -31,11 +31,11 @@
|
|||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
FIDO_SERVER_ID: "{{ passit.domain }}"
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
|
||||
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -2,21 +2,21 @@
|
|||
|
||||
- name: create portainer volume folder
|
||||
file:
|
||||
name: "{{ portainer.volume_folder }}"
|
||||
name: "{{ services.portainer.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: run portainer
|
||||
docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer-ee:2.16.2
|
||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ portainer.volume_folder }}:/data"
|
||||
- "{{ services.portainer.volume_folder }}:/data"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -10,10 +10,11 @@
|
|||
- name: setup postfix docker container for outgoing mail
|
||||
docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix:v3.5.1-alpine
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'defined') | map(attribute='value.domain') | list | join(' ') }}"
|
||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
- name: create privatebin volume folders
|
||||
file:
|
||||
name: "{{ privatebin.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- cfg
|
||||
|
@ -13,19 +13,19 @@
|
|||
- name: upload privatebin config
|
||||
template:
|
||||
src: files/configs/privatebin-conf.php
|
||||
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
|
||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||
|
||||
- name: privatebin app container
|
||||
docker_container:
|
||||
name: privatebin
|
||||
image: jgeusebroek/privatebin:latest
|
||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
|
||||
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
- name: Create rallly volume folders
|
||||
file:
|
||||
name: "{{ rallly.volume_folder }}/postgres"
|
||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||
state: directory
|
||||
|
||||
- name: Copy Rallly environment file
|
||||
template:
|
||||
src: files/configs/rallly/env_file
|
||||
dest: "{{ rallly.volume_folder }}/env_file"
|
||||
src: files/configs/rallly/env_file.j2
|
||||
dest: "{{ services.rallly.volume_folder }}/env_file"
|
||||
|
||||
- name: Set up Rallly
|
||||
docker_compose:
|
||||
|
@ -22,7 +22,7 @@
|
|||
networks:
|
||||
rallly_internal:
|
||||
volumes:
|
||||
- "{{ rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||
POSTGRES_DB: "rallly_db"
|
||||
|
@ -33,7 +33,7 @@
|
|||
retries: 5
|
||||
|
||||
rallly:
|
||||
image: "lukevella/rallly:a21f92bf74308d66cfcd545d49b81eba0211a222"
|
||||
image: "lukevella/rallly:{{ services.rallly.version }}"
|
||||
restart: "always"
|
||||
networks:
|
||||
rallly_internal:
|
||||
|
@ -43,11 +43,11 @@
|
|||
rallly_db:
|
||||
condition: "service_healthy"
|
||||
env_file:
|
||||
- "{{ rallly.volume_folder }}/env_file"
|
||||
- "{{ services.rallly.volume_folder }}/env_file"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ rallly.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
- name: Setup restic backup
|
||||
when: not vagrant
|
||||
docker_compose:
|
||||
project_name: restic_backup
|
||||
pull: true
|
||||
|
@ -8,12 +7,12 @@
|
|||
version: '3.6'
|
||||
services:
|
||||
restic-backup:
|
||||
image: mazzolino/restic:1.6.0
|
||||
image: mazzolino/restic:{{ services.restic.version }}
|
||||
restart: always
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
BACKUP_CRON: "0 30 3 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
|
@ -30,10 +29,10 @@
|
|||
- /docker-volumes:/mnt/volumes:ro
|
||||
|
||||
restic-prune:
|
||||
image: "mazzolino/restic:1.6.0"
|
||||
image: "mazzolino/restic:{{ services.restic.version }}"
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
PRUNE_CRON: "0 0 4 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||
TZ: Europe/copenhagen
|
|
@ -4,6 +4,8 @@
|
|||
name: watchtower
|
||||
image: containrrr/watchtower:amd64-1.5.1
|
||||
samsapti marked this conversation as resolved
Outdated
valberg
commented
Let's pin this to a version instead of latest. Let's pin this to a version instead of latest.
samsapti
commented
Why not latest? Why not latest?
valberg
commented
Because I want to avoid confusion due to an unintended upgrade. Because I want to avoid confusion due to an unintended upgrade.
samsapti
commented
I don't fully agree. I think it's better to always use the latest version security-wise, especially when it has access to the Docker socket. I don't fully agree. I think it's better to always use the latest version security-wise, especially when it has access to the Docker socket.
valberg
commented
I agree, and we should strive to upgrade whenever a new version is available. But I don't want stuff to suddenly break behaviour without us knowing why. I agree, and we should strive to upgrade whenever a new version is available. But I don't want stuff to suddenly break behaviour without us knowing why.
samsapti
commented
I'll pin it then. GitHub supports RSS feeds for releases, maybe we could use that to be notified about new releases? We could set up notifications in our Matrix channel somehow. I'll pin it then. GitHub supports RSS feeds for releases, maybe we could use that to be notified about new releases? We could set up notifications in our Matrix channel somehow.
https://github.com/containrrr/watchtower/releases.atom
valberg
commented
Sounds like a great idea! Sounds like a great idea!
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
WATCHTOWER_POLL_INTERVAL: 60
|
||||
volumes:
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -6,6 +6,6 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -26,7 +26,7 @@ SECRET_KEY={{ mailu_secret_key }}
|
|||
# PUBLIC_IPV6= ::1 (default: ::1)
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
SUBNET={{ mailu.subnet }}
|
||||
SUBNET={{ services.mailu.subnet }}
|
||||
|
||||
# Main mail domain
|
||||
DOMAIN=data.coop
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
loop: "{{ users | default([]) }}"
|
||||
|
||||
- name: "Add ssh authorized_keys"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
loop: "{{ users | default([]) }}"
|
||||
|
||||
- name: "Add ssh authorized_keys to root user"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "root"
|
||||
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
||||
exclusive: true
|
||||
|
|
1
vagrant_host
Normal file
1
vagrant_host
Normal file
|
@ -0,0 +1 @@
|
|||
localhost ansible_port=19022
|
Loading…
Reference in a new issue
Hvorfor ikke 1.9?
Fordi den kører SemVer, så minor opgraderinger har ikke breaking changes.