forked from data.coop/ansible
Merge branch 'main' into watchtower
This commit is contained in:
commit
58f3df7ed0
|
@ -37,6 +37,9 @@ else
|
|||
"base")
|
||||
$BASE_CMD --tags base_only
|
||||
;;
|
||||
"users")
|
||||
$BASE_CMD --tags setup-users
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
users:
|
||||
- name: graffen
|
||||
|
@ -13,6 +14,7 @@ users:
|
|||
- sudo
|
||||
ssh_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
|
||||
|
||||
- name: reynir
|
||||
comment: Reynir Björnsson
|
||||
|
@ -29,4 +31,4 @@ users:
|
|||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- hosts: all
|
||||
gather_facts: true
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
volume_root_folder: "/docker-volumes"
|
||||
|
||||
|
@ -7,6 +8,7 @@ services:
|
|||
postfix:
|
||||
file: postfix.yml
|
||||
domain: "smtp.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||
version: "v3.5.1-alpine"
|
||||
|
||||
nginx_proxy:
|
||||
|
@ -67,12 +69,13 @@ services:
|
|||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
version: 25-apache
|
||||
allowed_sender_domain: true
|
||||
|
||||
gitea:
|
||||
file: gitea.yml
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
version: 1.17
|
||||
version: 1.18
|
||||
allowed_sender_domain: true
|
||||
|
||||
passit:
|
||||
|
@ -87,11 +90,12 @@ services:
|
|||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
version: v1.63.1
|
||||
allowed_sender_domain: true
|
||||
|
||||
riot:
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
version: v1.11.8
|
||||
|
||||
|
@ -172,7 +176,7 @@ services:
|
|||
file: rallly.yml
|
||||
domain: "when.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||
version: ac55701890cd866ee946deb25e2b2839fb14900e
|
||||
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
|
||||
allowed_sender_domain: true
|
||||
|
||||
pinafore:
|
||||
|
|
|
@ -416,7 +416,7 @@ uploads_path: "/data/uploads"
|
|||
|
||||
# The largest allowed upload size in bytes
|
||||
#
|
||||
max_upload_size: "50M"
|
||||
max_upload_size: "512M"
|
||||
|
||||
# Maximum number of pixels that will be thumbnailed
|
||||
#
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
listen 8008;
|
||||
client_max_body_size 50M; # default is 1M
|
||||
client_max_body_size 1G; # default is 1M
|
||||
|
|
|
@ -1 +1 @@
|
|||
client_max_body_size 50M; # default is 1M
|
||||
client_max_body_size 1G; # default is 1M
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: "restart nginx"
|
||||
community.docker.docker_container:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: add docker gpg key
|
||||
apt_key:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup external services network
|
||||
docker_network:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: codimd network
|
||||
docker_network:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: copy docker registry nginx configuration
|
||||
copy:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: set up drone with docker runner
|
||||
docker_compose:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: gitea network
|
||||
docker_network:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create hedgedoc volume folders
|
||||
file:
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup keycloak containers for sso.data.coop
|
||||
docker_compose:
|
||||
project_name: "keycloak"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create mailu volume folders
|
||||
file:
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create mastodon volume folders
|
||||
file:
|
||||
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create matrix volume folders
|
||||
file:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: run membersystem containers
|
||||
docker_compose:
|
||||
project_name: "member.data.coop"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup netdata docker container for system monitoring
|
||||
docker_container:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: upload vhost config for cloud.data.coop
|
||||
template:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: create ldap volume folders
|
||||
file:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: setup passit containers
|
||||
docker_compose:
|
||||
project_name: "passit"
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Set up Pinafore
|
||||
docker_container:
|
||||
name: pinafore
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: create portainer volume folder
|
||||
file:
|
||||
name: "{{ services.portainer.volume_folder }}"
|
||||
|
|
|
@ -1,20 +1,28 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: setup network for postfix
|
||||
- name: Set up network for postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
- subnet: '172.16.0.0/16'
|
||||
gateway: 172.16.0.1
|
||||
|
||||
- name: setup postfix docker container for outgoing mail
|
||||
- name: Create volume folders for Postfix
|
||||
file:
|
||||
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||
state: directory
|
||||
|
||||
- name: Set up Postfix Docker container for outgoing mail from services
|
||||
docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: postfix
|
||||
volumes:
|
||||
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys"
|
||||
env:
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||
DKIM_AUTOGENERATE: "true"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: create privatebin volume folders
|
||||
file:
|
||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create rallly volume folders
|
||||
file:
|
||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Setup restic backup
|
||||
docker_compose:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: watchtower container
|
||||
docker_container:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Upload vhost config for root domain
|
||||
copy:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: setup ulovliglogning.dk website docker container
|
||||
docker_container:
|
||||
name: ulovliglogning_website
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Install necessary packages via apt
|
||||
apt:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Import dell apt signing key
|
||||
apt_key:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Setup firewall with UFW
|
||||
community.general.ufw:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- import_tasks: ssh-port.yml
|
||||
tags: [change-ssh-port]
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Change SSH port on host
|
||||
lineinfile:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: update and upgrade system via apt
|
||||
apt:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: "Add users"
|
||||
user:
|
||||
|
|
Loading…
Reference in a new issue