diff --git a/playbook.yml b/playbook.yml index 7c82f5de..c953aa38 100644 --- a/playbook.yml +++ b/playbook.yml @@ -21,7 +21,9 @@ - codimd - netdata - docker_registry + - drone - websites + - ouroboros smtp_host: postfix smtp_port: 587 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index c23d87ed..3441898f 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -3,6 +3,7 @@ nginx: ldap: domain: "ldap.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/openldap" thelounge: domain: "irc.{{ base_domain }}" @@ -22,9 +23,11 @@ fider: matrix: domain: "matrix.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/matrix" riot: domain: "riot.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/riot" privatebin: domain: "paste.{{ base_domain }}" @@ -49,7 +52,13 @@ data_coop_website: cryptohagen_website: domain: "cryptohagen.dk" +drone: + domain: "drone.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/drone" + mailu: domain: "mail.{{ base_domain }}" dns: 192.168.203.254 subnet: 192.168.203.0/24 + volume_folder: "{{ volume_root_folder }}/mailu" + diff --git a/roles/docker/files/configs/matrix/vhost-matrix b/roles/docker/files/configs/matrix/vhost-matrix new file mode 100644 index 00000000..36b8434b --- /dev/null +++ b/roles/docker/files/configs/matrix/vhost-matrix @@ -0,0 +1 @@ +listen 8008; \ No newline at end of file diff --git a/roles/docker/files/configs/matrix/vhost-root b/roles/docker/files/configs/matrix/vhost-root new file mode 100644 index 00000000..5e814d2e --- /dev/null +++ b/roles/docker/files/configs/matrix/vhost-root @@ -0,0 +1,14 @@ +location /_matrix { + proxy_pass http://0.0.0.0:8008; + proxy_set_header X-Forwarded-For $remote_addr; +} + +location /.well-known/matrix/server { + default_type application/json; + return 200 '{"m.server": "matrix.data.coop:443"}'; +} + +location /.well-known/matrix/client { + default_type application/json; + return 200 '{"m.homeserver": {"base_url": "https://matrix.data.coop"}}'; +} diff --git a/roles/docker/files/configs/riot-config.json b/roles/docker/files/configs/riot/config.json similarity index 96% rename from roles/docker/files/configs/riot-config.json rename to roles/docker/files/configs/riot/config.json index c3b5ca7c..a7dbfc96 100644 --- a/roles/docker/files/configs/riot-config.json +++ b/roles/docker/files/configs/riot/config.json @@ -23,7 +23,7 @@ "feature_tabbed_settings": "enable", "feature_sas": "enable" }, - "welcomeUserId": "@riot-bot:matrix.org", + "welcomeUserId": "", "piwik": false, "roomDirectory": { "servers": [ diff --git a/roles/docker/files/configs/riot.im.conf b/roles/docker/files/configs/riot/riot.im.conf similarity index 100% rename from roles/docker/files/configs/riot.im.conf rename to roles/docker/files/configs/riot/riot.im.conf diff --git a/roles/docker/tasks/services/codimd.yml b/roles/docker/tasks/services/codimd.yml index d58a0b96..1e0e950a 100644 --- a/roles/docker/tasks/services/codimd.yml +++ b/roles/docker/tasks/services/codimd.yml @@ -32,7 +32,7 @@ - name: codimd app container docker_container: name: codimd_app - image: hackmdio/hackmd:1.2.1 + image: hackmdio/hackmd:1.3.0 restart_policy: unless-stopped networks: - name: codimd @@ -51,6 +51,7 @@ CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}" CMD_LDAP_SEARCHBASE: "dc=data,dc=coop" CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))" + CMD_USECDN: "false" VIRTUAL_HOST: "{{ codimd.domain }}" LETSENCRYPT_HOST: "{{ codimd.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml new file mode 100644 index 00000000..ad05c460 --- /dev/null +++ b/roles/docker/tasks/services/drone.yml @@ -0,0 +1,21 @@ +--- +- name: Drone container + docker_container: + name: drone + image: drone/drone:latest + restart_policy: unless-stopped + networks: + - name: external_services + volumes: + - "{{ drone.volume_folder }}:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + env: + DRONE_GITEA_SERVER: "https://{{ gitea.domain }}" + DRONE_GITEA_ALWAYS_AUTH: "False" + DRONE_RUNNER_CAPACITY: "2" + DRONE_SERVER_HOST: "{{ drone.domain }}" + DRONE_SERVER_PROTO: "https" + PLUGIN_CUSTOM_DNS: "91.239.100.100" + VIRTUAL_HOST: "{{ drone.domain }}" + LETSENCRYPT_HOST: "{{ drone.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 8579a582..d17768c8 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -1,26 +1,45 @@ --- +- name: create matrix volume folders + file: + name: "{{ matrix.volume_folder }}/{{ volume }}" + state: directory + loop: + - "db" + loop_control: + loop_var: volume + +- name: create riot volume folders + file: + name: "{{ riot.volume_folder }}/{{ volume }}" + state: directory + loop: + - "data" + loop_control: + loop_var: volume - name: matrix network docker_network: name: matrix -- name: matrix database volume - docker_volume: - name: matrix_db - -- name: riot volume - docker_volume: - name: riot_app - - name: upload riot config.json template: - src: files/configs/riot-config.json - dest: /var/lib/docker/volumes/riot_app/_data/config.json + src: files/configs/riot/config.json + dest: "{{ riot.volume_folder }}/data/config.json" - name: upload riot.im.conf template: - src: files/configs/riot.im.conf - dest: /var/lib/docker/volumes/riot_app/_data/riot.im.conf + src: files/configs/riot/riot.im.conf + dest: "{{ riot.volume_folder }}/data/riot.im.conf" + +- name: upload vhost config for root domain + template: + src: files/configs/matrix/vhost-root + dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}" + +- name: upload vhost config for matrix domain + template: + src: files/configs/matrix/vhost-matrix + dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}" - name: matrix database container docker_container: @@ -31,7 +50,7 @@ networks: - name: matrix volumes: - - matrix_db:/var/lib/postgresql/data + - "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data" env: POSTGRES_USER: "synapse" POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" @@ -44,8 +63,7 @@ networks: - name: matrix published_ports: - - 8008:8008 - - 8448:8448 + - "8008" env: SYNAPSE_SERVER_NAME: "{{ base_domain }}" SYNAPSE_REPORT_STATS: "False" @@ -63,19 +81,18 @@ - name: riot container docker_container: name: riot_app - image: avhost/docker-matrix-riot:v1.0.0 + image: avhost/docker-matrix-riot:v1.0.1 state: started restart_policy: always networks: - name: matrix - name: external_services - volumes: - - riot_app:/data published_ports: - - 8080 + - "8080" + volumes: + - "{{ riot.volume_folder }}/data:/data" env: VIRTUAL_HOST: "{{ riot.domain }}" VIRTUAL_PORT: "8080" LETSENCRYPT_HOST: "{{ riot.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index ba08afbc..adfa1abe 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -4,6 +4,7 @@ docker_container: name: netdata image: netdata/netdata + restart_policy: unless-stopped hostname: "hevonen.servers.{{ base_domain }}" capabilities: - SYS_PTRACE diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml index dcdfef56..463ac0b4 100644 --- a/roles/docker/tasks/services/openldap.yml +++ b/roles/docker/tasks/services/openldap.yml @@ -1,4 +1,14 @@ --- +- name: create ldap volume folders + file: + name: "{{ ldap.volume_folder }}/{{ volume }}" + state: directory + loop: + - "var/lib/ldap" + - "etc/slapd" + - "certs" + loop_control: + loop_var: volume - name: Create a network for ldap docker_network: @@ -11,9 +21,9 @@ tty: true interactive: true volumes: - - /var/lib/ldap - - /etc/ldap/slapd.d - - /container/service/slapd/assets/certs/ + - "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap" + - "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d" + - "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/" published_ports: - "389:389" - "636:636" diff --git a/roles/docker/tasks/services/ouroboros.yml b/roles/docker/tasks/services/ouroboros.yml new file mode 100644 index 00000000..c5aae9f8 --- /dev/null +++ b/roles/docker/tasks/services/ouroboros.yml @@ -0,0 +1,18 @@ +--- +- name: ouroboros container + docker_container: + name: ouroboros + image: pyouroboros/ouroboros + restart_policy: unless-stopped + networks: + - name: external_services + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /root/.docker/config.json:/root/.docker/config.json + env: + LABEL_ENABLE: "true" + LABELS_ONLY: "true" + CLEANUP: "true" + LATEST: "true" + CRON: "*/1 * * * *" + \ No newline at end of file diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml index 5d5d6db1..59d5472e 100644 --- a/roles/docker/tasks/services/postfix.yml +++ b/roles/docker/tasks/services/postfix.yml @@ -4,6 +4,7 @@ docker_container: name: postfix image: boky/postfix + restart_policy: unless-stopped networks: - name: postfix env: diff --git a/roles/docker/tasks/services/websites.yml b/roles/docker/tasks/services/websites.yml index 2b956921..2436da2c 100644 --- a/roles/docker/tasks/services/websites.yml +++ b/roles/docker/tasks/services/websites.yml @@ -2,18 +2,22 @@ - name: setup data.coop website docker container docker_container: - name: website + name: data.coop_website image: docker.data.coop/data-coop-website + restart_policy: unless-stopped networks: - name: external_services env: VIRTUAL_HOST : "{{ data_coop_website.domain }}" LETSENCRYPT_HOST: "{{ data_coop_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.ouroboros.enable: "true" - name: setup cryptohagen.dk website docker container docker_container: - name: website + name: cryptohagen_website + restart_policy: unless-stopped image: docker.data.coop/cryptohagen-website networks: - name: external_services @@ -21,3 +25,5 @@ VIRTUAL_HOST : "{{ cryptohagen_website.domain }}" LETSENCRYPT_HOST: "{{ cryptohagen_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + labels: + com.ouroboros.enable: "true" diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 8851eb50..d6a59c83 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -7,4 +7,5 @@ - aptitude - python3-pip - apparmor + - haveged \ No newline at end of file