Refactor service deployment + upload Compose files to the server #178
|
@ -13,24 +13,21 @@ services:
|
|||
|
||||
nginx_proxy:
|
||||
file: nginx_proxy.yml
|
||||
version: "1.3-alpine"
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
|
||||
nginx_acme_companion:
|
||||
version: "2.2"
|
||||
version: "1.3-alpine"
|
||||
acme_companion_version: "2.2"
|
||||
|
||||
openldap:
|
||||
file: openldap.yml
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
version: "1.5.0"
|
||||
|
||||
phpldapadmin:
|
||||
version: "0.9.0"
|
||||
phpldapadmin_version: "0.9.0"
|
||||
|
||||
netdata:
|
||||
file: netdata.yml
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||
version: "v1"
|
||||
|
||||
portainer:
|
||||
|
@ -196,17 +193,12 @@ services:
|
|||
file: membersystem.yml
|
||||
domain: "member.{{ base_domain }}"
|
||||
django_admins: "Vidir:valberg@orn.li"
|
||||
volume_folder: "{{ volume_root_folder }}/membersystem"
|
||||
version: latest
|
||||
postgres_version: 13-alpine
|
||||
allowed_sender_domain: true
|
||||
|
||||
byro:
|
||||
file: byro.yml
|
||||
domain: "byro.{{ base_domain }}"
|
||||
postgres_version: 14-alpine
|
||||
volume_folder: "{{ volume_root_folder }}/byro-data"
|
||||
allowed_sender_domain: true
|
||||
|
||||
watchtower:
|
||||
file: watchtower.yml
|
||||
volume_folder: "{{ volume_root_folder }}/watchtower"
|
||||
version: "1.5.3"
|
||||
|
|
|
@ -1,32 +1,36 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: copy docker registry vhost configuration
|
||||
- name: Create Docker registry volume folders
|
||||
file:
|
||||
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- auth
|
||||
- registry
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Copy docker registry vhost configuration
|
||||
copy:
|
||||
src: vhost/docker_registry
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: docker registry container
|
||||
docker_container:
|
||||
name: registry
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
- name: Upload Compose file for Docker registry
|
||||
template:
|
||||
src: compose-files/docker_registry.yml.j2
|
||||
dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
- name: Deploy Docker registry
|
||||
docker_compose:
|
||||
project_src: "{{ services.docker_registry.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
||||
- name: Generate htpasswd file
|
||||
shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd"
|
||||
args:
|
||||
chdir: "{{ services.docker_registry.volume_folder }}"
|
||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
|
||||
- name: log in to registry
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Drone volume folder
|
||||
file:
|
||||
path: "{{ services.drone.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for Drone
|
||||
template:
|
||||
src: compose-files/drone.yml.j2
|
||||
|
|
|
@ -1,37 +1,17 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Docker network for Forgejo
|
||||
docker_network:
|
||||
name: forgejo
|
||||
- name: Create Forgejo volume folder
|
||||
file:
|
||||
name: "{{ services.portainer.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
# old DNS: 138.68.71.153
|
||||
- name: Set up Forgejo container
|
||||
docker_container:
|
||||
name: forgejo
|
||||
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: forgejo
|
||||
- name: postfix
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ services.forgejo.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- "22:22"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
FORGEJO__mailer__ENABLED: "true"
|
||||
FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}"
|
||||
FORGEJO__mailer__PROTOCOL: "smtp"
|
||||
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
|
||||
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||
FORGEJO__security__PASSWORD_COMPLEXITY: "off"
|
||||
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||
FORGEJO__security__PASSWORD_CHECK_PWN: "true"
|
||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
|
||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"
|
||||
- name: Upload Compose file for Forgejo
|
||||
template:
|
||||
src: compose-files/forgejo.yml.j2
|
||||
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy Forgejo
|
||||
docker_compose:
|
||||
project_src: "{{ services.forgejo.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Keycloak volume folder
|
||||
file:
|
||||
path: "{{ services.keycloak.volume_folder }}/data"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for for Keycloak
|
||||
template:
|
||||
src: compose-files/keycloak.yml.j2
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Membersystem volume folder
|
||||
file:
|
||||
name: "{{ services.membersystem.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for Membersystem
|
||||
template:
|
||||
src: compose-files/membersystem.yml.j2
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Netdata volume folder
|
||||
file:
|
||||
path: "{{ services.netdata.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for Netdata
|
||||
template:
|
||||
src: compose-files/netdata.yml.j2
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Nextcloud volume folders
|
||||
file:
|
||||
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- app
|
||||
- postgres
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload vhost config for cloud.data.coop
|
||||
copy:
|
||||
src: vhost/nextcloud
|
||||
|
|
|
@ -13,36 +13,13 @@
|
|||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
||||
- name: Upload Compose file for nginx-proxy
|
||||
template:
|
||||
src: compose-files/nginx_proxy.yml.j2
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy nginx-proxy
|
||||
docker_compose:
|
||||
project_src: "{{ services.nginx_proxy.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -1,74 +1,23 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create ldap volume folders
|
||||
- name: Create OpenLDAP volume folders
|
||||
file:
|
||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "var/lib/ldap"
|
||||
- "etc/slapd"
|
||||
- "certs"
|
||||
- var/lib/ldap
|
||||
- etc/slapd
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Create a network for ldap
|
||||
docker_network:
|
||||
name: ldap
|
||||
- name: Upload Compose file for OpenLDAP
|
||||
template:
|
||||
src: compose-files/openldap.yml.j2
|
||||
dest: "{{ services.openldap.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:{{ services.openldap.version }}
|
||||
tty: true
|
||||
interactive: true
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
published_ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ services.openldap.domain }}"
|
||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
LDAP_LOG_LEVEL: "256"
|
||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||
LDAP_DOMAIN: "{{ base_domain }}"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||
LDAP_READONLY_USER: "false"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
||||
LDAP_TLS_ENFORCE: "false"
|
||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
||||
LDAP_REPLICATION: "false"
|
||||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
|
||||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
|
||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
- name: Deploy OpenLDAP
|
||||
docker_compose:
|
||||
project_src: "{{ services.openldap.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -5,18 +5,13 @@
|
|||
name: "{{ services.portainer.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: run portainer
|
||||
docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ services.portainer.volume_folder }}:/data"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
- name: Upload Compose file for Portainer
|
||||
template:
|
||||
src: compose-files/portainer.yml.j2
|
||||
dest: "{{ services.portainer.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy Portainer
|
||||
docker_compose:
|
||||
project_src: "{{ services.portainer.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Set up network for postfix
|
||||
- name: Set up network for Postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
|
@ -12,17 +12,13 @@
|
|||
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||
state: directory
|
||||
|
||||
- name: Set up Postfix Docker container for outgoing mail from services
|
||||
docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: postfix
|
||||
volumes:
|
||||
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
|
||||
env:
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||
DKIM_AUTOGENERATE: "true"
|
||||
- name: Upload Compose file for Postfix
|
||||
template:
|
||||
src: compose-files/postfix.yml.j2
|
||||
dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy Postfix
|
||||
docker_compose:
|
||||
project_src: "{{ services.postfix.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -15,17 +15,13 @@
|
|||
src: privatebin/conf.php
|
||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||
|
||||
- name: privatebin app container
|
||||
docker_container:
|
||||
name: privatebin
|
||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
- name: Upload Compose file for PrivateBin
|
||||
template:
|
||||
src: compose-files/privatebin.yml.j2
|
||||
dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy PrivateBin
|
||||
docker_compose:
|
||||
project_src: "{{ services.private.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: watchtower container
|
||||
docker_container:
|
||||
name: watchtower
|
||||
image: containrrr/watchtower:{{ services.watchtower.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
WATCHTOWER_POLL_INTERVAL: "60"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "/root/.docker/config.json:/config.json:ro"
|
||||
- name: Create Watchtower volume folder
|
||||
file:
|
||||
name: "{{ services.watchtower.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: Upload Compose file for Watchtower
|
||||
template:
|
||||
src: compose-files/watchtower.yml.j2
|
||||
dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml"
|
||||
|
||||
- name: Deploy Watchtower
|
||||
docker_compose:
|
||||
project_src: "{{ services.watchtower.volume_folder }}"
|
||||
pull: true
|
||||
state: present
|
||||
|
|
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
23
roles/docker/templates/compose-files/docker_registry.yml.j2
Normal file
|
@ -0,0 +1,23 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart: always
|
||||
networks:
|
||||
- external_services
|
||||
volumes:
|
||||
- "./registry:/var/lib/registry"
|
||||
- "./auth:/auth"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
drone:
|
||||
app:
|
||||
image: drone/drone:{{ services.drone.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
element:
|
||||
app:
|
||||
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
|
|
37
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
37
roles/docker/templates/compose-files/forgejo.yml.j2
Normal file
|
@ -0,0 +1,37 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
- postfix
|
||||
volumes:
|
||||
- ".:/data"
|
||||
ports:
|
||||
- "22:22"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
FORGEJO__mailer__ENABLED: true
|
||||
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
||||
FORGEJO__mailer__PROTOCOL: smtp
|
||||
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
|
||||
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
||||
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
||||
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
||||
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
postfix:
|
||||
external: true
|
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
38
roles/docker/templates/compose-files/nginx_proxy.yml.j2
Normal file
|
@ -0,0 +1,38 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
proxy:
|
||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||
restart: always
|
||||
networks:
|
||||
- external_services
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "./conf:/etc/nginx/conf.d"
|
||||
- "./vhost:/etc/nginx/vhost.d"
|
||||
- "./html:/usr/share/nginx/html"
|
||||
- "./dhparam:/etc/nginx/dhparam"
|
||||
- "./certs:/etc/nginx/certs:ro"
|
||||
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||
labels:
|
||||
- com.github.nginx-proxy.nginx
|
||||
|
||||
{% if letsencrypt_enabled %}
|
||||
acme:
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||
restart: always
|
||||
volumes:
|
||||
- "./vhost:/etc/nginx/vhost.d"
|
||||
- "./html:/usr/share/nginx/html"
|
||||
- "./dhparam:/etc/nginx/dhparam:ro"
|
||||
- "./certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
depends_on:
|
||||
- proxy
|
||||
{% endif %}
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
58
roles/docker/templates/compose-files/openldap.yml.j2
Normal file
|
@ -0,0 +1,58 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: osixia/openldap:{{ services.openldap.version }}
|
||||
restart: unless-stopped
|
||||
tty: true
|
||||
stdin_open: true
|
||||
volumes:
|
||||
- "./var/lib/ldap:/var/lib/ldap"
|
||||
- "./etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "./certs:/container/service/slapd/assets/certs/"
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ services.openldap.domain }}"
|
||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||
environment:
|
||||
LDAP_LOG_LEVEL: "256"
|
||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||
LDAP_DOMAIN: "{{ base_domain }}"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||
LDAP_READONLY_USER: false
|
||||
LDAP_RFC2307BIS_SCHEMA: false
|
||||
LDAP_BACKEND: mdb
|
||||
LDAP_TLS: true
|
||||
LDAP_TLS_CRT_FILENAME: ldap.crt
|
||||
LDAP_TLS_KEY_FILENAME: ldap.key
|
||||
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
||||
LDAP_TLS_ENFORCE: false
|
||||
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: demand
|
||||
LDAP_REPLICATION: false
|
||||
KEEP_EXISTING_CONFIG: false
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
||||
LDAP_SSL_HELPER_PREFIX: ldap
|
||||
|
||||
admin:
|
||||
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
environment:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: app
|
||||
PHPLDAPADMIN_HTTPS: false
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: true
|
||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
21
roles/docker/templates/compose-files/portainer.yml.j2
Normal file
|
@ -0,0 +1,21 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||
restart: always
|
||||
networks:
|
||||
- external_services
|
||||
volumes:
|
||||
- ".:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:rw"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
20
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
20
roles/docker/templates/compose-files/postfix.yml.j2
Normal file
|
@ -0,0 +1,20 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart: always
|
||||
networks:
|
||||
- postfix
|
||||
volumes:
|
||||
- "./dkim:/etc/opendkim/keys"
|
||||
environment:
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||
DKIM_AUTOGENERATE: true
|
||||
|
||||
networks:
|
||||
postfix:
|
||||
external: true
|
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
20
roles/docker/templates/compose-files/privatebin.yml.j2
Normal file
|
@ -0,0 +1,20 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./cfg:/privatebin/cfg"
|
||||
- "./data:/privatebin/data"
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -17,7 +17,7 @@ services:
|
|||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
rallly:
|
||||
app:
|
||||
image: lukevella/rallly:{{ services.rallly.version }}
|
||||
restart: always
|
||||
networks:
|
||||
|
|
12
roles/docker/templates/compose-files/watchtower.yml.j2
Normal file
12
roles/docker/templates/compose-files/watchtower.yml.j2
Normal file
|
@ -0,0 +1,12 @@
|
|||
# vim: ft=yaml.docker-compose
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: containrrr/watchtower:{{ services.watchtower.version }}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
WATCHTOWER_POLL_INTERVAL: "60"
|
||||
volumes:
|
||||
- "/root/.docker/config.json:/config.json:ro"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
Loading…
Reference in a new issue