Refactor service deployment + upload Compose files to the server #178
|
@ -13,24 +13,21 @@ services:
|
||||||
|
|
||||||
nginx_proxy:
|
nginx_proxy:
|
||||||
file: nginx_proxy.yml
|
file: nginx_proxy.yml
|
||||||
version: "1.3-alpine"
|
|
||||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||||
|
version: "1.3-alpine"
|
||||||
nginx_acme_companion:
|
acme_companion_version: "2.2"
|
||||||
version: "2.2"
|
|
||||||
|
|
||||||
openldap:
|
openldap:
|
||||||
file: openldap.yml
|
file: openldap.yml
|
||||||
domain: "ldap.{{ base_domain }}"
|
domain: "ldap.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
version: "1.5.0"
|
version: "1.5.0"
|
||||||
|
phpldapadmin_version: "0.9.0"
|
||||||
phpldapadmin:
|
|
||||||
version: "0.9.0"
|
|
||||||
|
|
||||||
netdata:
|
netdata:
|
||||||
file: netdata.yml
|
file: netdata.yml
|
||||||
domain: "netdata.{{ base_domain }}"
|
domain: "netdata.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||||
version: "v1"
|
version: "v1"
|
||||||
|
|
||||||
portainer:
|
portainer:
|
||||||
|
@ -196,17 +193,12 @@ services:
|
||||||
file: membersystem.yml
|
file: membersystem.yml
|
||||||
domain: "member.{{ base_domain }}"
|
domain: "member.{{ base_domain }}"
|
||||||
django_admins: "Vidir:valberg@orn.li"
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/membersystem"
|
||||||
version: latest
|
version: latest
|
||||||
postgres_version: 13-alpine
|
postgres_version: 13-alpine
|
||||||
allowed_sender_domain: true
|
allowed_sender_domain: true
|
||||||
|
|
||||||
byro:
|
|
||||||
file: byro.yml
|
|
||||||
domain: "byro.{{ base_domain }}"
|
|
||||||
postgres_version: 14-alpine
|
|
||||||
volume_folder: "{{ volume_root_folder }}/byro-data"
|
|
||||||
allowed_sender_domain: true
|
|
||||||
|
|
||||||
watchtower:
|
watchtower:
|
||||||
file: watchtower.yml
|
file: watchtower.yml
|
||||||
|
volume_folder: "{{ volume_root_folder }}/watchtower"
|
||||||
version: "1.5.3"
|
version: "1.5.3"
|
||||||
|
|
|
@ -1,32 +1,36 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: copy docker registry vhost configuration
|
- name: Create Docker registry volume folders
|
||||||
|
file:
|
||||||
|
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- auth
|
||||||
|
- registry
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy docker registry vhost configuration
|
||||||
copy:
|
copy:
|
||||||
src: vhost/docker_registry
|
src: vhost/docker_registry
|
||||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: docker registry container
|
- name: Upload Compose file for Docker registry
|
||||||
docker_container:
|
template:
|
||||||
name: registry
|
src: compose-files/docker_registry.yml.j2
|
||||||
image: registry:{{ services.docker_registry.version }}
|
dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml"
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
|
||||||
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
REGISTRY_AUTH: "htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
|
||||||
|
|
||||||
- name: generate htpasswd file
|
- name: Deploy Docker registry
|
||||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
docker_compose:
|
||||||
|
project_src: "{{ services.docker_registry.volume_folder }}"
|
||||||
|
pull: true
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Generate htpasswd file
|
||||||
|
shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd"
|
||||||
args:
|
args:
|
||||||
|
chdir: "{{ services.docker_registry.volume_folder }}"
|
||||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
|
||||||
- name: log in to registry
|
- name: log in to registry
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Create Drone volume folder
|
||||||
|
file:
|
||||||
|
path: "{{ services.drone.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Upload Compose file for Drone
|
- name: Upload Compose file for Drone
|
||||||
template:
|
template:
|
||||||
src: compose-files/drone.yml.j2
|
src: compose-files/drone.yml.j2
|
||||||
|
|
|
@ -1,37 +1,17 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Create Docker network for Forgejo
|
- name: Create Forgejo volume folder
|
||||||
docker_network:
|
file:
|
||||||
name: forgejo
|
name: "{{ services.portainer.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
# old DNS: 138.68.71.153
|
- name: Upload Compose file for Forgejo
|
||||||
- name: Set up Forgejo container
|
template:
|
||||||
docker_container:
|
src: compose-files/forgejo.yml.j2
|
||||||
name: forgejo
|
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
|
||||||
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
|
||||||
restart_policy: unless-stopped
|
- name: Deploy Forgejo
|
||||||
networks:
|
docker_compose:
|
||||||
- name: forgejo
|
project_src: "{{ services.forgejo.volume_folder }}"
|
||||||
- name: postfix
|
pull: true
|
||||||
- name: external_services
|
state: present
|
||||||
volumes:
|
|
||||||
- "{{ services.forgejo.volume_folder }}:/data"
|
|
||||||
published_ports:
|
|
||||||
- "22:22"
|
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
|
||||||
VIRTUAL_PORT: "3000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
|
||||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
|
||||||
FORGEJO__mailer__ENABLED: "true"
|
|
||||||
FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}"
|
|
||||||
FORGEJO__mailer__PROTOCOL: "smtp"
|
|
||||||
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
|
|
||||||
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
|
||||||
FORGEJO__security__PASSWORD_COMPLEXITY: "off"
|
|
||||||
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
|
||||||
FORGEJO__security__PASSWORD_CHECK_PWN: "true"
|
|
||||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
|
|
||||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
|
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Create Keycloak volume folder
|
||||||
|
file:
|
||||||
|
path: "{{ services.keycloak.volume_folder }}/data"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Upload Compose file for for Keycloak
|
- name: Upload Compose file for for Keycloak
|
||||||
template:
|
template:
|
||||||
src: compose-files/keycloak.yml.j2
|
src: compose-files/keycloak.yml.j2
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Create Membersystem volume folder
|
||||||
|
file:
|
||||||
|
name: "{{ services.membersystem.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Upload Compose file for Membersystem
|
- name: Upload Compose file for Membersystem
|
||||||
template:
|
template:
|
||||||
src: compose-files/membersystem.yml.j2
|
src: compose-files/membersystem.yml.j2
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Create Netdata volume folder
|
||||||
|
file:
|
||||||
|
path: "{{ services.netdata.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Upload Compose file for Netdata
|
- name: Upload Compose file for Netdata
|
||||||
template:
|
template:
|
||||||
src: compose-files/netdata.yml.j2
|
src: compose-files/netdata.yml.j2
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Create Nextcloud volume folders
|
||||||
|
file:
|
||||||
|
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- app
|
||||||
|
- postgres
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
- name: upload vhost config for cloud.data.coop
|
- name: upload vhost config for cloud.data.coop
|
||||||
copy:
|
copy:
|
||||||
src: vhost/nextcloud
|
src: vhost/nextcloud
|
||||||
|
|
|
@ -13,36 +13,13 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: volume
|
loop_var: volume
|
||||||
|
|
||||||
- name: nginx proxy container
|
- name: Upload Compose file for nginx-proxy
|
||||||
docker_container:
|
template:
|
||||||
name: nginx-proxy
|
src: compose-files/nginx_proxy.yml.j2
|
||||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml"
|
||||||
restart_policy: always
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
published_ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
|
|
||||||
- name: nginx letsencrypt container
|
|
||||||
docker_container:
|
|
||||||
name: nginx-proxy-le
|
|
||||||
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
|
||||||
restart_policy: always
|
|
||||||
volumes:
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
|
||||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
env:
|
|
||||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
|
||||||
when: letsencrypt_enabled
|
|
||||||
|
|
||||||
|
- name: Deploy nginx-proxy
|
||||||
|
docker_compose:
|
||||||
|
project_src: "{{ services.nginx_proxy.volume_folder }}"
|
||||||
|
pull: true
|
||||||
|
state: present
|
||||||
|
|
|
@ -1,74 +1,23 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: create ldap volume folders
|
- name: Create OpenLDAP volume folders
|
||||||
file:
|
file:
|
||||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop:
|
loop:
|
||||||
- "var/lib/ldap"
|
- var/lib/ldap
|
||||||
- "etc/slapd"
|
- etc/slapd
|
||||||
- "certs"
|
- certs
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: volume
|
loop_var: volume
|
||||||
|
|
||||||
- name: Create a network for ldap
|
- name: Upload Compose file for OpenLDAP
|
||||||
docker_network:
|
template:
|
||||||
name: ldap
|
src: compose-files/openldap.yml.j2
|
||||||
|
dest: "{{ services.openldap.volume_folder }}/docker-compose.yml"
|
||||||
|
|
||||||
- name: openLDAP container
|
- name: Deploy OpenLDAP
|
||||||
docker_container:
|
docker_compose:
|
||||||
name: openldap
|
project_src: "{{ services.openldap.volume_folder }}"
|
||||||
image: osixia/openldap:{{ services.openldap.version }}
|
pull: true
|
||||||
tty: true
|
state: present
|
||||||
interactive: true
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
|
||||||
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
|
||||||
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
|
||||||
published_ports:
|
|
||||||
- "389:389"
|
|
||||||
- "636:636"
|
|
||||||
hostname: "{{ services.openldap.domain }}"
|
|
||||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
|
||||||
networks:
|
|
||||||
- name: ldap
|
|
||||||
env:
|
|
||||||
LDAP_LOG_LEVEL: "256"
|
|
||||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
|
||||||
LDAP_DOMAIN: "{{ base_domain }}"
|
|
||||||
LDAP_BASE_DN: ""
|
|
||||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
|
||||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
|
||||||
LDAP_READONLY_USER: "false"
|
|
||||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
|
||||||
LDAP_BACKEND: "mdb"
|
|
||||||
LDAP_TLS: "true"
|
|
||||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
|
||||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
|
||||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
|
||||||
LDAP_TLS_ENFORCE: "false"
|
|
||||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
|
||||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
|
||||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
|
||||||
LDAP_REPLICATION: "false"
|
|
||||||
KEEP_EXISTING_CONFIG: "false"
|
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
|
||||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
|
||||||
|
|
||||||
- name: phpLDAPadmin container
|
|
||||||
docker_container:
|
|
||||||
name: phpldapadmin
|
|
||||||
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
|
||||||
- name: external_services
|
|
||||||
- name: ldap
|
|
||||||
env:
|
|
||||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
|
||||||
PHPLDAPADMIN_HTTPS: "false"
|
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
|
||||||
|
|
||||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
|
@ -5,18 +5,13 @@
|
||||||
name: "{{ services.portainer.volume_folder }}"
|
name: "{{ services.portainer.volume_folder }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: run portainer
|
- name: Upload Compose file for Portainer
|
||||||
docker_container:
|
template:
|
||||||
name: portainer
|
src: compose-files/portainer.yml.j2
|
||||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
dest: "{{ services.portainer.volume_folder }}/docker-compose.yml"
|
||||||
restart_policy: always
|
|
||||||
networks:
|
- name: Deploy Portainer
|
||||||
- name: external_services
|
docker_compose:
|
||||||
volumes:
|
project_src: "{{ services.portainer.volume_folder }}"
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
pull: true
|
||||||
- "{{ services.portainer.volume_folder }}:/data"
|
state: present
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
|
||||||
VIRTUAL_PORT: "9000"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Set up network for postfix
|
- name: Set up network for Postfix
|
||||||
docker_network:
|
docker_network:
|
||||||
name: postfix
|
name: postfix
|
||||||
ipam_config:
|
ipam_config:
|
||||||
|
@ -12,17 +12,13 @@
|
||||||
name: "{{ services.postfix.volume_folder }}/dkim"
|
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Set up Postfix Docker container for outgoing mail from services
|
- name: Upload Compose file for Postfix
|
||||||
docker_container:
|
template:
|
||||||
name: postfix
|
src: compose-files/postfix.yml.j2
|
||||||
image: boky/postfix:{{ services.postfix.version }}
|
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
|
||||||
restart_policy: always
|
|
||||||
networks:
|
- name: Deploy Postfix
|
||||||
- name: postfix
|
docker_compose:
|
||||||
volumes:
|
project_src: "{{ services.postfix.volume_folder }}"
|
||||||
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
|
pull: true
|
||||||
env:
|
state: present
|
||||||
# Get all services which have allowed_sender_domain defined
|
|
||||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
|
||||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
|
||||||
DKIM_AUTOGENERATE: "true"
|
|
||||||
|
|
|
@ -15,17 +15,13 @@
|
||||||
src: privatebin/conf.php
|
src: privatebin/conf.php
|
||||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||||
|
|
||||||
- name: privatebin app container
|
- name: Upload Compose file for PrivateBin
|
||||||
docker_container:
|
template:
|
||||||
name: privatebin
|
src: compose-files/privatebin.yml.j2
|
||||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml"
|
||||||
restart_policy: unless-stopped
|
|
||||||
volumes:
|
- name: Deploy PrivateBin
|
||||||
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
docker_compose:
|
||||||
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
project_src: "{{ services.private.volume_folder }}"
|
||||||
networks:
|
pull: true
|
||||||
- name: external_services
|
state: present
|
||||||
env:
|
|
||||||
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
|
||||||
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
|
||||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
||||||
|
|
|
@ -1,14 +1,17 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: watchtower container
|
- name: Create Watchtower volume folder
|
||||||
docker_container:
|
file:
|
||||||
name: watchtower
|
name: "{{ services.watchtower.volume_folder }}"
|
||||||
image: containrrr/watchtower:{{ services.watchtower.version }}
|
state: directory
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks:
|
- name: Upload Compose file for Watchtower
|
||||||
- name: external_services
|
template:
|
||||||
env:
|
src: compose-files/watchtower.yml.j2
|
||||||
WATCHTOWER_POLL_INTERVAL: "60"
|
dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml"
|
||||||
volumes:
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- name: Deploy Watchtower
|
||||||
- "/root/.docker/config.json:/config.json:ro"
|
docker_compose:
|
||||||
|
project_src: "{{ services.watchtower.volume_folder }}"
|
||||||
|
pull: true
|
||||||
|
state: present
|
||||||
|
|
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: registry:{{ services.docker_registry.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./registry:/var/lib/registry"
|
||||||
|
- "./auth:/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
REGISTRY_AUTH: "htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -2,7 +2,7 @@
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
drone:
|
app:
|
||||||
image: drone/drone:{{ services.drone.version }}
|
image: drone/drone:{{ services.drone.version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
element:
|
app:
|
||||||
image: avhost/docker-matrix-element:{{ services.element.version }}
|
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
|
|
37
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
37
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
ports:
|
||||||
|
- "22:22"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||||
|
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||||
|
FORGEJO__mailer__ENABLED: true
|
||||||
|
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
||||||
|
FORGEJO__mailer__PROTOCOL: smtp
|
||||||
|
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
|
||||||
|
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||||
|
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
||||||
|
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||||
|
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
||||||
|
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
||||||
|
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
proxy:
|
||||||
|
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- "./conf:/etc/nginx/conf.d"
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam"
|
||||||
|
- "./certs:/etc/nginx/certs:ro"
|
||||||
|
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||||
|
labels:
|
||||||
|
- com.github.nginx-proxy.nginx
|
||||||
|
|
||||||
|
{% if letsencrypt_enabled %}
|
||||||
|
acme:
|
||||||
|
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam:ro"
|
||||||
|
- "./certs:/etc/nginx/certs"
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: osixia/openldap:{{ services.openldap.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
tty: true
|
||||||
|
stdin_open: true
|
||||||
|
volumes:
|
||||||
|
- "./var/lib/ldap:/var/lib/ldap"
|
||||||
|
- "./etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
|
- "./certs:/container/service/slapd/assets/certs/"
|
||||||
|
ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
hostname: "{{ services.openldap.domain }}"
|
||||||
|
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||||
|
environment:
|
||||||
|
LDAP_LOG_LEVEL: "256"
|
||||||
|
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||||
|
LDAP_DOMAIN: "{{ base_domain }}"
|
||||||
|
LDAP_BASE_DN: ""
|
||||||
|
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||||
|
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||||
|
LDAP_READONLY_USER: false
|
||||||
|
LDAP_RFC2307BIS_SCHEMA: false
|
||||||
|
LDAP_BACKEND: mdb
|
||||||
|
LDAP_TLS: true
|
||||||
|
LDAP_TLS_CRT_FILENAME: ldap.crt
|
||||||
|
LDAP_TLS_KEY_FILENAME: ldap.key
|
||||||
|
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
||||||
|
LDAP_TLS_ENFORCE: false
|
||||||
|
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
||||||
|
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||||
|
LDAP_TLS_VERIFY_CLIENT: demand
|
||||||
|
LDAP_REPLICATION: false
|
||||||
|
KEEP_EXISTING_CONFIG: false
|
||||||
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
||||||
|
LDAP_SSL_HELPER_PREFIX: ldap
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
PHPLDAPADMIN_LDAP_HOSTS: app
|
||||||
|
PHPLDAPADMIN_HTTPS: false
|
||||||
|
PHPLDAPADMIN_TRUST_PROXY_SSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:rw"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||||
|
VIRTUAL_PORT: "9000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
20
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
20
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./dkim:/etc/opendkim/keys"
|
||||||
|
environment:
|
||||||
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||||
|
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||||
|
DKIM_AUTOGENERATE: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./cfg:/privatebin/cfg"
|
||||||
|
- "./data:/privatebin/data"
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -17,7 +17,7 @@ services:
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|
||||||
rallly:
|
app:
|
||||||
image: lukevella/rallly:{{ services.rallly.version }}
|
image: lukevella/rallly:{{ services.rallly.version }}
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
|
|
12
roles/docker/templates/compose-files/watchtower.yml.j2
Normal file
12
roles/docker/templates/compose-files/watchtower.yml.j2
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: containrrr/watchtower:{{ services.watchtower.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
WATCHTOWER_POLL_INTERVAL: "60"
|
||||||
|
volumes:
|
||||||
|
- "/root/.docker/config.json:/config.json:ro"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
Loading…
Reference in a new issue