Refactor service deployment + upload Compose files to the server #178
|
@ -48,7 +48,7 @@ services:
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
restic:
|
restic:
|
||||||
file: restic_backup.yml
|
file: restic.yml
|
||||||
user: dc-user
|
user: dc-user
|
||||||
domain: rynkeby.skovgaard.tel
|
domain: rynkeby.skovgaard.tel
|
||||||
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||||
|
|
|
@ -1,52 +1,12 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: set up drone with docker runner
|
- name: Upload Compose file for Drone
|
||||||
|
template:
|
||||||
|
src: compose-files/drone.yml.j2
|
||||||
|
dest: "{{ services.drone.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Drone
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: drone
|
project_src: "{{ services.drone.volume_folder }}"
|
||||||
pull: yes
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
drone:
|
|
||||||
container_name: "drone"
|
|
||||||
image: "drone/drone:{{ services.drone.version }}"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- drone
|
|
||||||
volumes:
|
|
||||||
- "{{ services.drone.volume_folder }}:/data"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_GITEA_SERVER: "https://{{ services.forgejo.domain }}"
|
|
||||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
|
||||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
|
||||||
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
|
||||||
DRONE_SERVER_PROTO: "https"
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
|
||||||
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
drone-runner-docker:
|
|
||||||
container_name: "drone-runner-docker"
|
|
||||||
image: "drone/drone-runner-docker:{{ services.drone.version }}"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- drone
|
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
||||||
environment:
|
|
||||||
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
|
||||||
DRONE_RPC_PROTO: "https"
|
|
||||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
|
||||||
DRONE_RUNNER_CAPACITY: 2
|
|
||||||
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
drone:
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
||||||
|
|
|
@ -16,52 +16,13 @@
|
||||||
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Upload Compose file for for HedgeDoc
|
||||||
|
template:
|
||||||
|
src: compose-files/hedgedoc.yml.j2
|
||||||
|
dest: "{{ services.hedgedoc.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
- name: setup hedgedoc
|
- name: setup hedgedoc
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "hedgedoc"
|
project_src: "{{ services.hedgedoc.volume_folder }}"
|
||||||
pull: "yes"
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
services:
|
|
||||||
database:
|
|
||||||
image: "postgres:{{ services.hedgedoc.postgres_version }}"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "codimd"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
|
||||||
POSTGRES_DB: "codimd"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "hedgedoc"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}"
|
|
||||||
environment:
|
|
||||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
|
||||||
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
|
||||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
|
||||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
||||||
CMD_EMAIL: "False"
|
|
||||||
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
|
||||||
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
|
||||||
CMD_SAML_ISSUER: "hedgedoc"
|
|
||||||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
||||||
CMD_USECDN: "false"
|
|
||||||
CMD_PROTOCOL_USESSL: "true"
|
|
||||||
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
|
||||||
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "hedgedoc"
|
|
||||||
- "external_services"
|
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
|
|
||||||
networks:
|
|
||||||
hedgedoc:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -1,50 +1,12 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup keycloak containers for sso.data.coop
|
- name: Upload Compose file for for Keycloak
|
||||||
|
template:
|
||||||
|
src: compose-files/keycloak.yml.j2
|
||||||
|
dest: "{{ services.keycloak.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Keycloak
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "keycloak"
|
project_src: "{{ services.keycloak.volume_folder }}"
|
||||||
pull: "yes"
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: "postgres:{{ services.keycloak.postgres_version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "keycloak"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "keycloak"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
|
||||||
POSTGRES_DB: "keycloak"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "keycloak"
|
|
||||||
- "postfix"
|
|
||||||
- "external_services"
|
|
||||||
command:
|
|
||||||
- "start"
|
|
||||||
- "--db=postgres"
|
|
||||||
- "--db-url=jdbc:postgresql://postgres:5432/keycloak"
|
|
||||||
- "--db-username=keycloak"
|
|
||||||
- "--db-password={{ postgres_passwords.keycloak }}"
|
|
||||||
- "--hostname={{ services.keycloak.domain }}"
|
|
||||||
- "--proxy=edge"
|
|
||||||
- "--https-port=8080"
|
|
||||||
- "--http-relative-path=/auth"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
keycloak:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: yes
|
force: true
|
||||||
when: letsencrypt_enabled
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
- name: hard link to Let's Encrypt TLS key
|
- name: hard link to Let's Encrypt TLS key
|
||||||
|
@ -41,141 +41,16 @@
|
||||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
state: hard
|
state: hard
|
||||||
force: yes
|
force: true
|
||||||
when: letsencrypt_enabled
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
- name: run mail server containers
|
- name: Upload Compose file for for Mailu
|
||||||
|
template:
|
||||||
|
src: compose-files/mailu.yml.j2
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Mailu
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: mail_server
|
project_src: "{{ services.mailu.volume_folder }}"
|
||||||
pull: yes
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: '3.6'
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: postgres:14-alpine
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
POSTGRES_DB: mailu
|
|
||||||
POSTGRES_USER: mailu
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/postgres:/var/lib/postgresql/data"
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
redis:
|
|
||||||
image: redis:alpine
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/redis:/data"
|
|
||||||
depends_on:
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
front:
|
|
||||||
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/certs:/certs"
|
|
||||||
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides:ro"
|
|
||||||
expose:
|
|
||||||
- "80"
|
|
||||||
ports:
|
|
||||||
- "993:993"
|
|
||||||
- "25:25"
|
|
||||||
- "587:587"
|
|
||||||
- "465:465"
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
resolver:
|
|
||||||
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
admin:
|
|
||||||
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/data:/data"
|
|
||||||
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
|
||||||
depends_on:
|
|
||||||
- redis
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
imap:
|
|
||||||
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/mail:/mail"
|
|
||||||
- "{{ services.mailu.volume_folder }}/overrides/dovecot:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
smtp:
|
|
||||||
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/mailqueue:/queue"
|
|
||||||
- "{{ services.mailu.volume_folder }}/overrides/postfix:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
antispam:
|
|
||||||
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
|
||||||
hostname: antispam
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
|
|
||||||
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d:ro"
|
|
||||||
depends_on:
|
|
||||||
- front
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
webmail:
|
|
||||||
image: ghcr.io/mailu/rainloop:{{ services.mailu.version }}
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mailu.volume_folder }}/webmail:/data"
|
|
||||||
- "{{ services.mailu.volume_folder }}/overrides/rainloop:/overrides:ro"
|
|
||||||
depends_on:
|
|
||||||
- imap
|
|
||||||
- resolver
|
|
||||||
dns:
|
|
||||||
- "{{ services.mailu.dns }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
driver: bridge
|
|
||||||
ipam:
|
|
||||||
driver: default
|
|
||||||
config:
|
|
||||||
- subnet: "{{ services.mailu.subnet }}"
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
||||||
|
|
|
@ -32,9 +32,9 @@
|
||||||
- name: Copy mastodon environment file
|
- name: Copy mastodon environment file
|
||||||
template:
|
template:
|
||||||
src: mastodon/env.j2
|
src: mastodon/env.j2
|
||||||
dest: "{{ services.mastodon.volume_folder }}/env_file"
|
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
|
||||||
|
|
||||||
- name: Upload vhost config for root domain
|
- name: Upload vhost config for Mastodon domain
|
||||||
copy:
|
copy:
|
||||||
src: vhost/mastodon
|
src: vhost/mastodon
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||||
|
@ -44,164 +44,17 @@
|
||||||
src: mastodon/postgresql.conf
|
src: mastodon/postgresql.conf
|
||||||
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
||||||
|
|
||||||
- name: Set up Mastodon
|
- name: Upload Compose file for Mastodon
|
||||||
|
template:
|
||||||
|
src: compose-files/mastodon.yml.j2
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Mastodon
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: mastodon
|
project_src: "{{ services.mastodon.volume_folder }}"
|
||||||
pull: true
|
pull: true
|
||||||
restarted: true
|
restarted: true
|
||||||
definition:
|
state: present
|
||||||
x-sidekiq: &sidekiq
|
|
||||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: "service_healthy"
|
|
||||||
redis:
|
|
||||||
condition: "service_healthy"
|
|
||||||
networks:
|
|
||||||
- postfix
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
|
||||||
|
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: "postgres:{{ services.mastodon.postgres_version }}"
|
|
||||||
shm_size: 256mb
|
|
||||||
networks:
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
|
||||||
- "{{ services.mastodon.volume_folder }}/postgres_config:/config:ro"
|
|
||||||
command: postgres -c config_file=/config/postgresql.conf
|
|
||||||
environment:
|
|
||||||
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
|
||||||
|
|
||||||
redis:
|
|
||||||
restart: always
|
|
||||||
image: "redis:{{ services.mastodon.redis_version }}"
|
|
||||||
networks:
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
test: ['CMD', 'redis-cli', 'ping']
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
|
|
||||||
|
|
||||||
web:
|
|
||||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
# prettier-ignore
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: "service_healthy"
|
|
||||||
redis:
|
|
||||||
condition: "service_healthy"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
|
||||||
environment:
|
|
||||||
MAX_THREADS: 10
|
|
||||||
WEB_CONCURRENCY: 3
|
|
||||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
VIRTUAL_PATH: "/"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
streaming:
|
|
||||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
|
||||||
restart: always
|
|
||||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
|
||||||
command: node ./streaming
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
- internal_network
|
|
||||||
healthcheck:
|
|
||||||
# prettier-ignore
|
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
|
||||||
ports:
|
|
||||||
- '127.0.0.1:4000:4000'
|
|
||||||
depends_on:
|
|
||||||
db:
|
|
||||||
condition: "service_healthy"
|
|
||||||
redis:
|
|
||||||
condition: "service_healthy"
|
|
||||||
environment:
|
|
||||||
DB_POOL: 15
|
|
||||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
|
||||||
VIRTUAL_PORT: "4000"
|
|
||||||
VIRTUAL_PATH: "/api/v1/streaming"
|
|
||||||
|
|
||||||
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-default-push-pull:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-default-pull-push:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-pull-default-push:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
|
||||||
sidekiq-push-default-pull:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
|
||||||
environment:
|
|
||||||
DB_POOL: 25
|
|
||||||
|
|
||||||
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
|
||||||
sidekiq-push-scheduler:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
|
||||||
environment:
|
|
||||||
DB_POOL: 5
|
|
||||||
|
|
||||||
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
|
||||||
sidekiq-push-mailers:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 5 -q push -q mailers
|
|
||||||
environment:
|
|
||||||
DB_POOL: 5
|
|
||||||
|
|
||||||
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
|
||||||
sidekiq-push-ingress:
|
|
||||||
<<: *sidekiq
|
|
||||||
command: bundle exec sidekiq -c 10 -q push -q ingress
|
|
||||||
environment:
|
|
||||||
DB_POOL: 10
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
internal_network:
|
|
||||||
internal: true
|
|
||||||
|
|
||||||
- name: Configure cron job to remove old Mastodon media daily
|
- name: Configure cron job to remove old Mastodon media daily
|
||||||
cron:
|
cron:
|
||||||
|
|
|
@ -58,63 +58,13 @@
|
||||||
src: matrix/log.config
|
src: matrix/log.config
|
||||||
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||||
|
|
||||||
- name: Set up Matrix and Element
|
- name: Upload Compose file for Matrix and Element
|
||||||
|
template:
|
||||||
|
src: compose-files/matrix_element.yml.j2
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Matrix and Element
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: matrix
|
project_src: "{{ services.matrix.volume_folder }}"
|
||||||
pull: true
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: "postgres:{{ services.matrix.postgres_version }}"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
volumes:
|
|
||||||
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "synapse"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
|
||||||
|
|
||||||
synapse:
|
|
||||||
image: "matrixdotorg/synapse:{{ services.matrix.version }}"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
- external_services
|
|
||||||
- postfix
|
|
||||||
volumes:
|
|
||||||
- "{{ services.matrix.volume_folder }}/data:/data"
|
|
||||||
environment:
|
|
||||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
|
||||||
SYNAPSE_CACHE_FACTOR: "2"
|
|
||||||
SYNAPSE_LOG_LEVEL: "INFO"
|
|
||||||
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
|
||||||
VIRTUAL_PORT: "8008"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
element:
|
|
||||||
image: "avhost/docker-matrix-element:{{ services.element.version }}"
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- matrix
|
|
||||||
- external_services
|
|
||||||
expose:
|
|
||||||
- 8080
|
|
||||||
volumes:
|
|
||||||
- "{{ services.element.volume_folder }}/data:/data"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.element.domains | join(',') }}"
|
|
||||||
VIRTUAL_PORT: "8080"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.element.domains | join(',') }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external:
|
|
||||||
name: external_services
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
matrix:
|
|
||||||
name: "matrix"
|
|
||||||
|
|
|
@ -1,52 +1,12 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: run membersystem containers
|
- name: Upload Compose file for Membersystem
|
||||||
|
template:
|
||||||
|
src: compose-files/membersystem.yml.j2
|
||||||
|
dest: "{{ services.membersystem.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Membersystem
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "member.data.coop"
|
project_src: "{{ services.membersystem.volume_folder }}"
|
||||||
pull: yes
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3"
|
|
||||||
services:
|
|
||||||
backend:
|
|
||||||
image: "docker.data.coop/membersystem:{{ services.membersystem.version }}"
|
|
||||||
restart: always
|
|
||||||
user: $UID:$GID
|
|
||||||
tty: true
|
|
||||||
depends_on:
|
|
||||||
- postgres
|
|
||||||
networks:
|
|
||||||
- membersystem
|
|
||||||
- external_services
|
|
||||||
- postfix
|
|
||||||
environment:
|
|
||||||
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
|
||||||
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
|
||||||
POSTGRES_HOST: postgres
|
|
||||||
POSTGRES_PORT: 5432
|
|
||||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
|
||||||
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
|
||||||
VIRTUAL_PORT: "8000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
|
||||||
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
|
||||||
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
|
||||||
|
|
||||||
postgres:
|
|
||||||
image: "postgres:{{ services.membersystem.postgres_version }}"
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data"
|
|
||||||
networks:
|
|
||||||
- membersystem
|
|
||||||
environment:
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
membersystem:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -6,71 +6,13 @@
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||||
notify: "restart nginx"
|
notify: "restart nginx"
|
||||||
|
|
||||||
- name: setup nextcloud containers
|
- name: Upload Compose file for Nextcloud
|
||||||
|
template:
|
||||||
|
src: compose-files/nextcloud.yml.j2
|
||||||
|
dest: "{{ services.nextcloud.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Nextcloud
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "nextcloud"
|
project_src: "{{ services.nextcloud.volume_folder }}"
|
||||||
pull: "yes"
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
services:
|
|
||||||
postgres:
|
|
||||||
image: "postgres:{{ services.nextcloud.postgres_version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_DB: "nextcloud"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
POSTGRES_USER: "nextcloud"
|
|
||||||
|
|
||||||
redis:
|
|
||||||
image: "redis:{{ services.nextcloud.redis_version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
command: "redis-server --requirepass {{ nextcloud_secrets.redis_password }}"
|
|
||||||
tmpfs:
|
|
||||||
- /var/lib/redis
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
|
|
||||||
cron:
|
|
||||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
entrypoint: "/cron.sh"
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
|
||||||
depends_on:
|
|
||||||
- "postgres"
|
|
||||||
- "redis"
|
|
||||||
|
|
||||||
app:
|
|
||||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
|
||||||
restart: "unless-stopped"
|
|
||||||
networks:
|
|
||||||
- "nextcloud"
|
|
||||||
- "postfix"
|
|
||||||
- "external_services"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
POSTGRES_HOST: "postgres"
|
|
||||||
POSTGRES_DB: "nextcloud"
|
|
||||||
POSTGRES_USER: "nextcloud"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
||||||
REDIS_HOST: "redis"
|
|
||||||
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
|
||||||
depends_on:
|
|
||||||
- "postgres"
|
|
||||||
- "redis"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
nextcloud:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -7,47 +7,13 @@
|
||||||
group: root
|
group: root
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: setup passit containers
|
- name: Upload Compose file for Passit
|
||||||
|
template:
|
||||||
|
src: compose-files/passit.yml.j2
|
||||||
|
dest: "{{ services.passit.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Passit
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "passit"
|
project_src: "{{ services.passit.volume_folder }}"
|
||||||
pull: "yes"
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3.6"
|
|
||||||
services:
|
|
||||||
passit_db:
|
|
||||||
image: "postgres:{{ services.passit.postgres_version }}"
|
|
||||||
restart: "always"
|
|
||||||
networks:
|
|
||||||
- "passit"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: "passit"
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
|
||||||
|
|
||||||
passit_app:
|
|
||||||
image: "passit/passit:{{ services.passit.version }}"
|
|
||||||
command: "bin/start.sh"
|
|
||||||
restart: "always"
|
|
||||||
networks:
|
|
||||||
- "passit"
|
|
||||||
- "postfix"
|
|
||||||
- "external_services"
|
|
||||||
environment:
|
|
||||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
|
||||||
SECRET_KEY: "{{ passit_secret_key }}"
|
|
||||||
IS_DEBUG: 'False'
|
|
||||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
|
||||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
|
|
||||||
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
|
|
||||||
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
|
||||||
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
passit:
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -8,54 +8,15 @@
|
||||||
- name: Copy Rallly environment file
|
- name: Copy Rallly environment file
|
||||||
template:
|
template:
|
||||||
src: rallly/env.j2
|
src: rallly/env.j2
|
||||||
dest: "{{ services.rallly.volume_folder }}/env_file"
|
dest: "{{ services.rallly.volume_folder }}/rallly.env"
|
||||||
|
|
||||||
- name: Set up Rallly
|
- name: Upload Compose file for Rallly
|
||||||
|
template:
|
||||||
|
src: compose-files/rallly.yml.j2
|
||||||
|
dest: "{{ services.rallly.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Rallly
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_name: "rallly"
|
project_src: "{{ services.rallly.volume_folder }}"
|
||||||
pull: "yes"
|
pull: true
|
||||||
definition:
|
state: present
|
||||||
version: "3.8"
|
|
||||||
services:
|
|
||||||
rallly_db:
|
|
||||||
image: "postgres:{{ services.rallly.postgres_version }}"
|
|
||||||
restart: "always"
|
|
||||||
shm_size: "256mb"
|
|
||||||
networks:
|
|
||||||
rallly_internal:
|
|
||||||
volumes:
|
|
||||||
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
|
||||||
environment:
|
|
||||||
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
|
||||||
POSTGRES_DB: "rallly_db"
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
||||||
interval: 5s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
|
|
||||||
rallly:
|
|
||||||
image: "lukevella/rallly:{{ services.rallly.version }}"
|
|
||||||
restart: "always"
|
|
||||||
networks:
|
|
||||||
rallly_internal:
|
|
||||||
external_services:
|
|
||||||
postfix:
|
|
||||||
depends_on:
|
|
||||||
rallly_db:
|
|
||||||
condition: "service_healthy"
|
|
||||||
env_file:
|
|
||||||
- "{{ services.rallly.volume_folder }}/env_file"
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
rallly_internal:
|
|
||||||
internal: true
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
postfix:
|
|
||||||
external: true
|
|
||||||
|
|
59
roles/docker/tasks/services/restic.yml
Normal file
59
roles/docker/tasks/services/restic.yml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create SSH directory
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy private SSH key
|
||||||
|
copy:
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
content: "{{ restic_secrets.ssh_privkey }}"
|
||||||
|
|
||||||
|
- name: Derive public SSH key
|
||||||
|
shell: >-
|
||||||
|
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
||||||
|
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
||||||
|
args:
|
||||||
|
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
|
||||||
|
- name: Set file permissions on public SSH key
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: Create SSH config
|
||||||
|
template:
|
||||||
|
src: restic/ssh.config.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Create SSH known_hosts file
|
||||||
|
template:
|
||||||
|
src: restic/ssh.known_hosts.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Upload Compose file for Restic
|
||||||
|
template:
|
||||||
|
src: compose-files/restic.yml.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
|
- name: Deploy Restic
|
||||||
|
docker_compose:
|
||||||
|
project_src: "{{ services.restic.volume_folder }}"
|
||||||
|
pull: true
|
||||||
|
state: present
|
|
@ -1,89 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
---
|
|
||||||
- name: Create SSH directory
|
|
||||||
file:
|
|
||||||
path: "{{ services.restic.volume_folder }}/ssh"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0755'
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Copy private SSH key
|
|
||||||
copy:
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
content: "{{ restic_secrets.ssh_privkey }}"
|
|
||||||
|
|
||||||
- name: Derive public SSH key
|
|
||||||
shell: >-
|
|
||||||
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
|
||||||
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
|
||||||
args:
|
|
||||||
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
||||||
|
|
||||||
- name: Set file permissions on public SSH key
|
|
||||||
file:
|
|
||||||
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
state: touch
|
|
||||||
|
|
||||||
- name: Create SSH config
|
|
||||||
template:
|
|
||||||
src: restic/ssh.config.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
|
|
||||||
- name: Create SSH known_hosts file
|
|
||||||
template:
|
|
||||||
src: restic/ssh.known_hosts.j2
|
|
||||||
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0600'
|
|
||||||
|
|
||||||
- name: Setup restic backup
|
|
||||||
docker_compose:
|
|
||||||
project_name: restic
|
|
||||||
pull: true
|
|
||||||
definition:
|
|
||||||
version: '3.6'
|
|
||||||
services:
|
|
||||||
backup:
|
|
||||||
image: mazzolino/restic:{{ services.restic.version }}
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
RUN_ON_STARTUP: "false"
|
|
||||||
BACKUP_CRON: "0 30 3 * * *"
|
|
||||||
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
|
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
|
||||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
|
||||||
RESTIC_BACKUP_ARGS: >-
|
|
||||||
--tag datacoop-volumes
|
|
||||||
--exclude '*.tmp'
|
|
||||||
--verbose
|
|
||||||
RESTIC_FORGET_ARGS: >-
|
|
||||||
--keep-last 10
|
|
||||||
--keep-daily 7
|
|
||||||
--keep-weekly 5
|
|
||||||
--keep-monthly 12
|
|
||||||
TZ: Europe/Copenhagen
|
|
||||||
volumes:
|
|
||||||
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"
|
|
||||||
- /docker-volumes:/mnt/volumes:ro
|
|
||||||
|
|
||||||
prune:
|
|
||||||
image: "mazzolino/restic:{{ services.restic.version }}"
|
|
||||||
environment:
|
|
||||||
RUN_ON_STARTUP: "false"
|
|
||||||
PRUNE_CRON: "0 0 4 * * *"
|
|
||||||
RESTIC_REPOSITORY: "sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}"
|
|
||||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
|
||||||
TZ: Europe/copenhagen
|
|
||||||
volumes:
|
|
||||||
- "{{ services.restic.volume_folder }}/ssh:/run/secrets/.ssh:ro"
|
|
40
roles/docker/templates/compose-files/drone.yml.j2
Normal file
40
roles/docker/templates/compose-files/drone.yml.j2
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
drone:
|
||||||
|
image: drone/drone:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }}
|
||||||
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: true
|
||||||
|
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
runner:
|
||||||
|
image: drone/drone-runner-docker:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_RPC_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
DRONE_RUNNER_NAME: data.coop_drone_runner
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
44
roles/docker/templates/compose-files/hedgedoc.yml.j2
Normal file
44
roles/docker/templates/compose-files/hedgedoc.yml.j2
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.hedgedoc.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: codimd
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||||
|
POSTGRES_DB: codimd
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||||
|
volumes:
|
||||||
|
- "./hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
|
- "./sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
|
||||||
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: False
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||||
|
CMD_EMAIL: False
|
||||||
|
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
||||||
|
CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
|
||||||
|
CMD_SAML_ISSUER: hedgedoc
|
||||||
|
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||||
|
CMD_USECDN: false
|
||||||
|
CMD_PROTOCOL_USESSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
42
roles/docker/templates/compose-files/keycloak.yml.j2
Normal file
42
roles/docker/templates/compose-files/keycloak.yml.j2
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.keycloak.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: keycloak
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
POSTGRES_DB: keycloak
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
command:
|
||||||
|
- "start"
|
||||||
|
- "--db=postgres"
|
||||||
|
- "--db-url=jdbc:postgresql://db:5432/keycloak"
|
||||||
|
- "--db-username=keycloak"
|
||||||
|
- "--db-password={{ postgres_passwords.keycloak }}"
|
||||||
|
- "--hostname={{ services.keycloak.domain }}"
|
||||||
|
- "--proxy=edge"
|
||||||
|
- "--https-port=8080"
|
||||||
|
- "--http-relative-path=/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
131
roles/docker/templates/compose-files/mailu.yml.j2
Normal file
131
roles/docker/templates/compose-files/mailu.yml.j2
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: '3.6'
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:14-alpine
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: mailu
|
||||||
|
POSTGRES_USER: mailu
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:alpine
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./redis:/data"
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
front:
|
||||||
|
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "./certs:/certs"
|
||||||
|
- "./overrides/nginx:/overrides:ro"
|
||||||
|
expose:
|
||||||
|
- "80"
|
||||||
|
ports:
|
||||||
|
- "993:993"
|
||||||
|
- "25:25"
|
||||||
|
- "587:587"
|
||||||
|
- "465:465"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
|
||||||
|
resolver:
|
||||||
|
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: "{{ services.mailu.volume_folder }}/mailu.env"
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
- "./dkim:/dkim"
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
imap:
|
||||||
|
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mail:/mail"
|
||||||
|
- "./overrides/dovecot:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mailqueue:/queue"
|
||||||
|
- "./overrides/postfix:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
antispam:
|
||||||
|
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
||||||
|
hostname: antispam
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./filter:/var/lib/rspamd"
|
||||||
|
- "./overrides/rspamd:/etc/rspamd/override.d:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
webmail:
|
||||||
|
image: ghcr.io/mailu/rainloop:{{ services.mailu.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./webmail:/data"
|
||||||
|
- "./overrides/rainloop:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- imap
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: "{{ services.mailu.subnet }}"
|
||||||
|
external_services:
|
||||||
|
external: true
|
146
roles/docker/templates/compose-files/mastodon.yml.j2
Normal file
146
roles/docker/templates/compose-files/mastodon.yml.j2
Normal file
|
@ -0,0 +1,146 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
x-sidekiq: &sidekiq
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: postgres:{{ services.mastodon.postgres_version }}
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres_data:/var/lib/postgresql/data"
|
||||||
|
- "./postgres_config:/config:ro"
|
||||||
|
command: postgres -c config_file=/config/postgresql.conf
|
||||||
|
environment:
|
||||||
|
POSTGRES_HOST_AUTH_METHOD: trust
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
|
||||||
|
redis:
|
||||||
|
restart: always
|
||||||
|
image: redis:{{ services.mastodon.redis_version }}
|
||||||
|
volumes:
|
||||||
|
- "./redis_data:/data"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
|
|
||||||
|
web:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
environment:
|
||||||
|
MAX_THREADS: 10
|
||||||
|
WEB_CONCURRENCY: 3
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
VIRTUAL_PATH: /
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
streaming:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: node ./streaming
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:4000:4000"
|
||||||
|
environment:
|
||||||
|
DB_POOL: 15
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "4000"
|
||||||
|
VIRTUAL_PATH: "/api/v1/streaming"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-push-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-pull-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-pull-default-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-push-default-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-scheduler:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-mailers:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q mailers
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
||||||
|
sidekiq-push-ingress:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 10 -q push -q ingress
|
||||||
|
environment:
|
||||||
|
DB_POOL: 10
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
52
roles/docker/templates/compose-files/matrix_element.yml.j2
Normal file
52
roles/docker/templates/compose-files/matrix_element.yml.j2
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.matrix.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: synapse
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
|
||||||
|
synapse:
|
||||||
|
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
environment:
|
||||||
|
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
||||||
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
|
SYNAPSE_LOG_LEVEL: INFO
|
||||||
|
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||||
|
VIRTUAL_PORT: "8008"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
element:
|
||||||
|
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
expose:
|
||||||
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- "{{ services.element.volume_folder }}/data:/data"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.element.domains | join(',') }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.element.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
44
roles/docker/templates/compose-files/membersystem.yml.j2
Normal file
44
roles/docker/templates/compose-files/membersystem.yml.j2
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: docker.data.coop/membersystem:{{ services.membersystem.version }}
|
||||||
|
restart: always
|
||||||
|
user: "$UID:$GID"
|
||||||
|
tty: true
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
environment:
|
||||||
|
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
||||||
|
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_PORT: 5432
|
||||||
|
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
VIRTUAL_PORT: "8000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
|
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
||||||
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.membersystem.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./postgres/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
59
roles/docker/templates/compose-files/nextcloud.yml.j2
Normal file
59
roles/docker/templates/compose-files/nextcloud.yml.j2
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.nextcloud.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:{{ services.nextcloud.redis_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
command: redis-server --requirepass {{ nextcloud_secrets.redis_password }}
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/redis
|
||||||
|
|
||||||
|
cron:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
entrypoint: /cron.sh
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
38
roles/docker/templates/compose-files/passit.yml.j2
Normal file
38
roles/docker/templates/compose-files/passit.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.passit.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: passit
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: passit/passit:{{ services.passit.version }}
|
||||||
|
command: bin/start.sh
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit
|
||||||
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
|
IS_DEBUG: "False"
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }}
|
||||||
|
EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }}
|
||||||
|
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
41
roles/docker/templates/compose-files/rallly.yml.j2
Normal file
41
roles/docker/templates/compose-files/rallly.yml.j2
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.rallly.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||||
|
POSTGRES_DB: rallly_db
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
rallly:
|
||||||
|
image: lukevella/rallly:{{ services.rallly.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
env_file: rallly.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
37
roles/docker/templates/compose-files/restic.yml.j2
Normal file
37
roles/docker/templates/compose-files/restic.yml.j2
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
backup:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
RESTIC_BACKUP_SOURCES: /mnt/volumes
|
||||||
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
--tag datacoop-volumes
|
||||||
|
--exclude '*.tmp'
|
||||||
|
--verbose
|
||||||
|
RESTIC_FORGET_ARGS: >-
|
||||||
|
--keep-last 10
|
||||||
|
--keep-daily 7
|
||||||
|
--keep-weekly 5
|
||||||
|
--keep-monthly 12
|
||||||
|
TZ: Europe/Copenhagen
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
||||||
|
- "/docker-volumes:/mnt/volumes:ro"
|
||||||
|
|
||||||
|
prune:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
PRUNE_CRON: "0 30 4 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.user }}@{{ services.restic.domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
TZ: Europe/copenhagen
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
|
@ -1,5 +1,5 @@
|
||||||
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@db:5432/rallly_db"
|
||||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||||
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||||
SMTP_HOST="{{ smtp_host }}"
|
SMTP_HOST="{{ smtp_host }}"
|
||||||
|
|
Loading…
Reference in a new issue