Enable Watchtower for all services #123

Merged
valberg merged 19 commits from watchtower into main 2023-01-21 17:17:56 +00:00
45 changed files with 72 additions and 19 deletions
Showing only changes of commit 58f3df7ed0 - Show all commits

View file

@ -37,6 +37,9 @@ else
"base")
$BASE_CMD --tags base_only
;;
"users")
$BASE_CMD --tags setup-users
;;
*)
usage
exit 1

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
users:
- name: graffen
@ -13,6 +14,7 @@ users:
- sudo
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
- name: reynir
comment: Reynir Björnsson
@ -29,4 +31,4 @@ users:
groups:
- sudo
ssh_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- hosts: all
gather_facts: true

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
volume_root_folder: "/docker-volumes"
@ -7,6 +8,7 @@ services:
postfix:
file: postfix.yml
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
version: "v3.5.1-alpine"
nginx_proxy:
@ -67,12 +69,13 @@ services:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache
allowed_sender_domain: true
gitea:
file: gitea.yml
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.17
version: 1.18
allowed_sender_domain: true
passit:
@ -87,11 +90,12 @@ services:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1
allowed_sender_domain: true
riot:
domains:
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
- "riot.{{ base_domain }}"
- "element.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/riot"
version: v1.11.8
@ -172,7 +176,7 @@ services:
file: rallly.yml
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
version: ac55701890cd866ee946deb25e2b2839fb14900e
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
allowed_sender_domain: true
pinafore:

View file

@ -416,7 +416,7 @@ uploads_path: "/data/uploads"
# The largest allowed upload size in bytes
#
max_upload_size: "50M"
max_upload_size: "512M"
# Maximum number of pixels that will be thumbnailed
#

View file

@ -1,2 +1,2 @@
listen 8008;
client_max_body_size 50M; # default is 1M
client_max_body_size 1G; # default is 1M

View file

@ -1 +1 @@
client_max_body_size 50M; # default is 1M
client_max_body_size 1G; # default is 1M

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: "restart nginx"
community.docker.docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: add docker gpg key
apt_key:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: setup external services network
docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: codimd network
docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: copy docker registry nginx configuration
copy:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: set up drone with docker runner
docker_compose:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: gitea network
docker_network:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: create hedgedoc volume folders
file:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup keycloak containers for sso.data.coop
docker_compose:
project_name: "keycloak"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: create mailu volume folders
file:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: create mastodon volume folders
file:
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: create matrix volume folders
file:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: run membersystem containers
docker_compose:
project_name: "member.data.coop"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: setup netdata docker container for system monitoring
docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: upload vhost config for cloud.data.coop
template:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: create nginx-proxy volume folders
file:
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: create ldap volume folders
file:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup passit containers
docker_compose:
project_name: "passit"

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: Set up Pinafore
docker_container:
name: pinafore

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: create portainer volume folder
file:
name: "{{ services.portainer.volume_folder }}"

View file

@ -1,20 +1,28 @@
# vim: ft=yaml.ansible
---
- name: setup network for postfix
- name: Set up network for postfix
docker_network:
name: postfix
ipam_config:
- subnet: '172.16.0.0/16'
gateway: 172.16.0.1
- name: setup postfix docker container for outgoing mail
- name: Create volume folders for Postfix
file:
name: "{{ services.postfix.volume_folder }}/dkim"
state: directory
- name: Set up Postfix Docker container for outgoing mail from services
docker_container:
name: postfix
image: boky/postfix:{{ services.postfix.version }}
restart_policy: always
networks:
- name: postfix
volumes:
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
env:
# Get all services which have allowed_sender_domain defined
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
DKIM_AUTOGENERATE: "true"

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: create privatebin volume folders
file:
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: Create rallly volume folders
file:
name: "{{ services.rallly.volume_folder }}/postgres"

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Setup restic backup
docker_compose:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: watchtower container
docker_container:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: setup 2022.slides.data.coop website using unipi
docker_container:

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup cryptoaarhus.dk website docker container
docker_container:
name: cryptoaarhus_website

View file

@ -1,5 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup cryptohagen.dk website docker container
docker_container:
name: cryptohagen_website

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Upload vhost config for root domain
copy:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: setup new data.coop website using hugo
docker_container:

View file

@ -1,3 +1,5 @@
# vim: ft=yaml.ansible
---
- name: setup ulovliglogning.dk website docker container
docker_container:
name: ulovliglogning_website

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Install necessary packages via apt
apt:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Import dell apt signing key
apt_key:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Setup firewall with UFW
community.general.ufw:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- import_tasks: ssh-port.yml
tags: [change-ssh-port]

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: Change SSH port on host
lineinfile:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: update and upgrade system via apt
apt:

View file

@ -1,3 +1,4 @@
# vim: ft=yaml.ansible
---
- name: "Add users"
user: