Enable Watchtower for all services #123

Merged
valberg merged 19 commits from watchtower into main 2023-01-21 17:17:56 +00:00
45 changed files with 72 additions and 19 deletions
Showing only changes of commit 58f3df7ed0 - Show all commits

View file

@ -37,6 +37,9 @@ else
"base") "base")
$BASE_CMD --tags base_only $BASE_CMD --tags base_only
;; ;;
"users")
$BASE_CMD --tags setup-users
;;
*) *)
usage usage
exit 1 exit 1

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
users: users:
- name: graffen - name: graffen
@ -13,6 +14,7 @@ users:
- sudo - sudo
ssh_keys: ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
- name: reynir - name: reynir
comment: Reynir Björnsson comment: Reynir Björnsson
@ -29,4 +31,4 @@ users:
groups: groups:
- sudo - sudo
ssh_keys: ssh_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- hosts: all - hosts: all
gather_facts: true gather_facts: true

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
volume_root_folder: "/docker-volumes" volume_root_folder: "/docker-volumes"
@ -7,6 +8,7 @@ services:
postfix: postfix:
file: postfix.yml file: postfix.yml
domain: "smtp.{{ base_domain }}" domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
version: "v3.5.1-alpine" version: "v3.5.1-alpine"
nginx_proxy: nginx_proxy:
@ -67,12 +69,13 @@ services:
domain: "cloud.{{ base_domain }}" domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud" volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache version: 25-apache
allowed_sender_domain: true
gitea: gitea:
file: gitea.yml file: gitea.yml
domain: "git.{{ base_domain }}" domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea" volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.17 version: 1.18
allowed_sender_domain: true allowed_sender_domain: true
passit: passit:
@ -87,11 +90,12 @@ services:
domain: "matrix.{{ base_domain }}" domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix" volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1 version: v1.63.1
allowed_sender_domain: true
riot: riot:
domains: domains:
- "riot.{{ base_domain }}" - "riot.{{ base_domain }}"
- "element.{{ base_domain }}" - "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot" volume_folder: "{{ volume_root_folder }}/riot"
version: v1.11.8 version: v1.11.8
@ -172,7 +176,7 @@ services:
file: rallly.yml file: rallly.yml
domain: "when.{{ base_domain }}" domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly" volume_folder: "{{ volume_root_folder }}/rallly"
version: ac55701890cd866ee946deb25e2b2839fb14900e version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
allowed_sender_domain: true allowed_sender_domain: true
pinafore: pinafore:

View file

@ -416,7 +416,7 @@ uploads_path: "/data/uploads"
# The largest allowed upload size in bytes # The largest allowed upload size in bytes
# #
max_upload_size: "50M" max_upload_size: "512M"
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #

View file

@ -1,2 +1,2 @@
listen 8008; listen 8008;
client_max_body_size 50M; # default is 1M client_max_body_size 1G; # default is 1M

View file

@ -1 +1 @@
client_max_body_size 50M; # default is 1M client_max_body_size 1G; # default is 1M

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: "restart nginx" - name: "restart nginx"
community.docker.docker_container: community.docker.docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: add docker gpg key - name: add docker gpg key
apt_key: apt_key:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: setup external services network - name: setup external services network
docker_network: docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: codimd network - name: codimd network
docker_network: docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: copy docker registry nginx configuration - name: copy docker registry nginx configuration
copy: copy:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: set up drone with docker runner - name: set up drone with docker runner
docker_compose: docker_compose:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: gitea network - name: gitea network
docker_network: docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: create hedgedoc volume folders - name: create hedgedoc volume folders
file: file:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup keycloak containers for sso.data.coop - name: setup keycloak containers for sso.data.coop
docker_compose: docker_compose:
project_name: "keycloak" project_name: "keycloak"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: create mailu volume folders - name: create mailu volume folders
file: file:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: create mastodon volume folders - name: create mastodon volume folders
file: file:
name: "{{ services.mastodon.volume_folder }}/{{ volume }}" name: "{{ services.mastodon.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: create matrix volume folders - name: create matrix volume folders
file: file:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: run membersystem containers - name: run membersystem containers
docker_compose: docker_compose:
project_name: "member.data.coop" project_name: "member.data.coop"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: setup netdata docker container for system monitoring - name: setup netdata docker container for system monitoring
docker_container: docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: upload vhost config for cloud.data.coop - name: upload vhost config for cloud.data.coop
template: template:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: create nginx-proxy volume folders - name: create nginx-proxy volume folders
file: file:
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: create ldap volume folders - name: create ldap volume folders
file: file:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: setup passit containers - name: setup passit containers
docker_compose: docker_compose:
project_name: "passit" project_name: "passit"

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: Set up Pinafore - name: Set up Pinafore
docker_container: docker_container:
name: pinafore name: pinafore

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: create portainer volume folder - name: create portainer volume folder
file: file:
name: "{{ services.portainer.volume_folder }}" name: "{{ services.portainer.volume_folder }}"

View file

@ -1,20 +1,28 @@
# vim: ft=yaml.ansible
--- ---
- name: Set up network for postfix
- name: setup network for postfix
docker_network: docker_network:
name: postfix name: postfix
ipam_config: ipam_config:
- subnet: '172.16.0.0/16' - subnet: '172.16.0.0/16'
gateway: 172.16.0.1 gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail - name: Create volume folders for Postfix
file:
name: "{{ services.postfix.volume_folder }}/dkim"
state: directory
- name: Set up Postfix Docker container for outgoing mail from services
docker_container: docker_container:
name: postfix name: postfix
image: boky/postfix:{{ services.postfix.version }} image: boky/postfix:{{ services.postfix.version }}
restart_policy: always restart_policy: always
networks: networks:
- name: postfix - name: postfix
volumes:
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
env: env:
# Get all services which have allowed_sender_domain defined # Get all services which have allowed_sender_domain defined
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
DKIM_AUTOGENERATE: "true"

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: create privatebin volume folders - name: create privatebin volume folders
file: file:
name: "{{ services.privatebin.volume_folder }}/{{ volume }}" name: "{{ services.privatebin.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: Create rallly volume folders - name: Create rallly volume folders
file: file:
name: "{{ services.rallly.volume_folder }}/postgres" name: "{{ services.rallly.volume_folder }}/postgres"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Setup restic backup - name: Setup restic backup
docker_compose: docker_compose:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: watchtower container - name: watchtower container
docker_container: docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: setup 2022.slides.data.coop website using unipi - name: setup 2022.slides.data.coop website using unipi
docker_container: docker_container:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: setup cryptoaarhus.dk website docker container - name: setup cryptoaarhus.dk website docker container
docker_container: docker_container:
name: cryptoaarhus_website name: cryptoaarhus_website

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
--- ---
- name: setup cryptohagen.dk website docker container - name: setup cryptohagen.dk website docker container
docker_container: docker_container:
name: cryptohagen_website name: cryptohagen_website

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Upload vhost config for root domain - name: Upload vhost config for root domain
copy: copy:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: setup new data.coop website using hugo - name: setup new data.coop website using hugo
docker_container: docker_container:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup ulovliglogning.dk website docker container - name: setup ulovliglogning.dk website docker container
docker_container: docker_container:
name: ulovliglogning_website name: ulovliglogning_website

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Install necessary packages via apt - name: Install necessary packages via apt
apt: apt:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Import dell apt signing key - name: Import dell apt signing key
apt_key: apt_key:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Setup firewall with UFW - name: Setup firewall with UFW
community.general.ufw: community.general.ufw:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- import_tasks: ssh-port.yml - import_tasks: ssh-port.yml
tags: [change-ssh-port] tags: [change-ssh-port]

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: Change SSH port on host - name: Change SSH port on host
lineinfile: lineinfile:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: update and upgrade system via apt - name: update and upgrade system via apt
apt: apt:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
--- ---
- name: "Add users" - name: "Add users"
user: user: