Enable Watchtower for all services #123
|
@ -37,6 +37,9 @@ else
|
||||||
"base")
|
"base")
|
||||||
$BASE_CMD --tags base_only
|
$BASE_CMD --tags base_only
|
||||||
;;
|
;;
|
||||||
|
"users")
|
||||||
|
$BASE_CMD --tags setup-users
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
users:
|
users:
|
||||||
- name: graffen
|
- name: graffen
|
||||||
|
@ -13,6 +14,7 @@ users:
|
||||||
- sudo
|
- sudo
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
|
||||||
|
|
||||||
- name: reynir
|
- name: reynir
|
||||||
comment: Reynir Björnsson
|
comment: Reynir Björnsson
|
||||||
|
@ -29,4 +31,4 @@ users:
|
||||||
groups:
|
groups:
|
||||||
- sudo
|
- sudo
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
volume_root_folder: "/docker-volumes"
|
volume_root_folder: "/docker-volumes"
|
||||||
|
|
||||||
|
@ -7,6 +8,7 @@ services:
|
||||||
postfix:
|
postfix:
|
||||||
file: postfix.yml
|
file: postfix.yml
|
||||||
domain: "smtp.{{ base_domain }}"
|
domain: "smtp.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||||
version: "v3.5.1-alpine"
|
version: "v3.5.1-alpine"
|
||||||
|
|
||||||
nginx_proxy:
|
nginx_proxy:
|
||||||
|
@ -67,12 +69,13 @@ services:
|
||||||
domain: "cloud.{{ base_domain }}"
|
domain: "cloud.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
version: 25-apache
|
version: 25-apache
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
gitea:
|
gitea:
|
||||||
file: gitea.yml
|
file: gitea.yml
|
||||||
domain: "git.{{ base_domain }}"
|
domain: "git.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||||
version: 1.17
|
version: 1.18
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
passit:
|
passit:
|
||||||
|
@ -87,11 +90,12 @@ services:
|
||||||
domain: "matrix.{{ base_domain }}"
|
domain: "matrix.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
version: v1.63.1
|
version: v1.63.1
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
riot:
|
riot:
|
||||||
domains:
|
domains:
|
||||||
- "riot.{{ base_domain }}"
|
- "riot.{{ base_domain }}"
|
||||||
- "element.{{ base_domain }}"
|
- "element.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/riot"
|
volume_folder: "{{ volume_root_folder }}/riot"
|
||||||
version: v1.11.8
|
version: v1.11.8
|
||||||
|
|
||||||
|
@ -172,7 +176,7 @@ services:
|
||||||
file: rallly.yml
|
file: rallly.yml
|
||||||
domain: "when.{{ base_domain }}"
|
domain: "when.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
version: ac55701890cd866ee946deb25e2b2839fb14900e
|
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
pinafore:
|
pinafore:
|
||||||
|
|
|
@ -416,7 +416,7 @@ uploads_path: "/data/uploads"
|
||||||
|
|
||||||
# The largest allowed upload size in bytes
|
# The largest allowed upload size in bytes
|
||||||
#
|
#
|
||||||
max_upload_size: "50M"
|
max_upload_size: "512M"
|
||||||
|
|
||||||
# Maximum number of pixels that will be thumbnailed
|
# Maximum number of pixels that will be thumbnailed
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
listen 8008;
|
listen 8008;
|
||||||
client_max_body_size 50M; # default is 1M
|
client_max_body_size 1G; # default is 1M
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
client_max_body_size 50M; # default is 1M
|
client_max_body_size 1G; # default is 1M
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: "restart nginx"
|
- name: "restart nginx"
|
||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: add docker gpg key
|
- name: add docker gpg key
|
||||||
apt_key:
|
apt_key:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup external services network
|
- name: setup external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: codimd network
|
- name: codimd network
|
||||||
docker_network:
|
docker_network:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: copy docker registry nginx configuration
|
- name: copy docker registry nginx configuration
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: set up drone with docker runner
|
- name: set up drone with docker runner
|
||||||
docker_compose:
|
docker_compose:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: gitea network
|
- name: gitea network
|
||||||
docker_network:
|
docker_network:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: create hedgedoc volume folders
|
- name: create hedgedoc volume folders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
- name: setup keycloak containers for sso.data.coop
|
- name: setup keycloak containers for sso.data.coop
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "keycloak"
|
project_name: "keycloak"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: create mailu volume folders
|
- name: create mailu volume folders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
- name: create mastodon volume folders
|
- name: create mastodon volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: create matrix volume folders
|
- name: create matrix volume folders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: run membersystem containers
|
- name: run membersystem containers
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "member.data.coop"
|
project_name: "member.data.coop"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup netdata docker container for system monitoring
|
- name: setup netdata docker container for system monitoring
|
||||||
docker_container:
|
docker_container:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: upload vhost config for cloud.data.coop
|
- name: upload vhost config for cloud.data.coop
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create nginx-proxy volume folders
|
- name: create nginx-proxy volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: create ldap volume folders
|
- name: create ldap volume folders
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: setup passit containers
|
- name: setup passit containers
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "passit"
|
project_name: "passit"
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
- name: Set up Pinafore
|
- name: Set up Pinafore
|
||||||
docker_container:
|
docker_container:
|
||||||
name: pinafore
|
name: pinafore
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create portainer volume folder
|
- name: create portainer volume folder
|
||||||
file:
|
file:
|
||||||
name: "{{ services.portainer.volume_folder }}"
|
name: "{{ services.portainer.volume_folder }}"
|
||||||
|
|
|
@ -1,20 +1,28 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Set up network for postfix
|
||||||
- name: setup network for postfix
|
|
||||||
docker_network:
|
docker_network:
|
||||||
name: postfix
|
name: postfix
|
||||||
ipam_config:
|
ipam_config:
|
||||||
- subnet: '172.16.0.0/16'
|
- subnet: '172.16.0.0/16'
|
||||||
gateway: 172.16.0.1
|
gateway: 172.16.0.1
|
||||||
|
|
||||||
- name: setup postfix docker container for outgoing mail
|
- name: Create volume folders for Postfix
|
||||||
|
file:
|
||||||
|
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Set up Postfix Docker container for outgoing mail from services
|
||||||
docker_container:
|
docker_container:
|
||||||
name: postfix
|
name: postfix
|
||||||
image: boky/postfix:{{ services.postfix.version }}
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
networks:
|
networks:
|
||||||
- name: postfix
|
- name: postfix
|
||||||
|
volumes:
|
||||||
|
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
|
||||||
env:
|
env:
|
||||||
# Get all services which have allowed_sender_domain defined
|
# Get all services which have allowed_sender_domain defined
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||||
|
DKIM_AUTOGENERATE: "true"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create privatebin volume folders
|
- name: create privatebin volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
- name: Create rallly volume folders
|
- name: Create rallly volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Setup restic backup
|
- name: Setup restic backup
|
||||||
docker_compose:
|
docker_compose:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: watchtower container
|
- name: watchtower container
|
||||||
docker_container:
|
docker_container:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup 2022.slides.data.coop website using unipi
|
- name: setup 2022.slides.data.coop website using unipi
|
||||||
docker_container:
|
docker_container:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: setup cryptoaarhus.dk website docker container
|
- name: setup cryptoaarhus.dk website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: cryptoaarhus_website
|
name: cryptoaarhus_website
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: setup cryptohagen.dk website docker container
|
- name: setup cryptohagen.dk website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: cryptohagen_website
|
name: cryptohagen_website
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Upload vhost config for root domain
|
- name: Upload vhost config for root domain
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup new data.coop website using hugo
|
- name: setup new data.coop website using hugo
|
||||||
docker_container:
|
docker_container:
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
- name: setup ulovliglogning.dk website docker container
|
- name: setup ulovliglogning.dk website docker container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: ulovliglogning_website
|
name: ulovliglogning_website
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Install necessary packages via apt
|
- name: Install necessary packages via apt
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Import dell apt signing key
|
- name: Import dell apt signing key
|
||||||
apt_key:
|
apt_key:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Setup firewall with UFW
|
- name: Setup firewall with UFW
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- import_tasks: ssh-port.yml
|
- import_tasks: ssh-port.yml
|
||||||
tags: [change-ssh-port]
|
tags: [change-ssh-port]
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Change SSH port on host
|
- name: Change SSH port on host
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: update and upgrade system via apt
|
- name: update and upgrade system via apt
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: "Add users"
|
- name: "Add users"
|
||||||
user:
|
user:
|
||||||
|
|
Loading…
Reference in a new issue