forked from data.coop/ansible
Get rid of all docker compose files and use ansible modules to create resources.
This commit is contained in:
parent
3fa26a3f29
commit
b2a532c258
|
@ -1,2 +1,2 @@
|
|||
[defaults]
|
||||
remote_user = root
|
||||
remote_user = root
|
||||
|
|
38
group_vars/all/secrets.yml
Normal file
38
group_vars/all/secrets.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63323530623531666436636366633932313030663465316462623730383562623961373734303630
|
||||
3961356564343865353430353539626531396462376164360a383662633337353765356364366464
|
||||
38363066303165666562393735663435393130396463333131396232386236363566653737323937
|
||||
3562643633636633310a353731626562616230363536646538303636633262643366653566393538
|
||||
39393639313933666330326235333661356335343031353935623737616432333633356533383266
|
||||
64346438333630306634396534613534303038396662653035623832393339613232333465376436
|
||||
35623037616532353061373635356536336437303666343239643236323530333534343331346639
|
||||
34663335383962656534613739626538303663316437613338336562393866313862326336313464
|
||||
64316438653233663063623938663864623235623463626666653366393062303639653733656534
|
||||
35333161633638363564386338623739643366346462326434626336323766646462306535616534
|
||||
31313063343032373732333762626233326233376137656164646666303962633034386437376131
|
||||
61353235333164333632393964343962323930383861353434336236663437373333373065626635
|
||||
35396261393031363339656665373235383134383930383238323363323961366162313161653731
|
||||
33333635303638356338633166646463356533653065663035316563636139303137333733343138
|
||||
37346164613235373965376131623732376463323265346234376565343364393262306362633933
|
||||
36633563373932653663353063636238643665363666663536613562626632643235643934663465
|
||||
63316162316234633561623965353166613939386136333261383830653431616662626366393838
|
||||
31373861653962633065636637616631623832326565396533386331633034636666336234353662
|
||||
62356631383334373631306163643161623333363264626436396437666234313637356666663334
|
||||
34623039376632663839363539386661356666663030663239653634373237313066333337313837
|
||||
34373530313834303038303839393566643538383138363035613066393239666165303162303932
|
||||
33653462353638353033303364316433333564303565646165643065626163306365383836333665
|
||||
30636234373636316265633965356232343762643362613966303063636439396439616130633835
|
||||
36353062383032333431616434373133633038386530646531363439306263343464313762383866
|
||||
66313237323336666162393439333737663434353466643631353039343433306264393030356362
|
||||
63643030666433633631613733376330383034313632303263646439316635656334346439636334
|
||||
31343235353366646566626431313734666232633539316363396665383434663532356330613462
|
||||
35653037336532643236326534303335623265633633363462653638316637356230356236383365
|
||||
66346361653236346366306462383364323662616664393365313238323936303062316136386664
|
||||
30306366663235353630646537623237623631646139396533633439353839356637386437396132
|
||||
36626139316335653333313037666231353734623436316563633763396637313233333938376130
|
||||
30326364383833376161326563633166373631643762663063353764313665616335663233316336
|
||||
61393735343734653136613539613262343331343938363364343530656234393839313830303133
|
||||
38363630343262646230366234313538306430646161626534353030396661626336326230376261
|
||||
65303231616238393430643533366630613361653431336432383331376533616665326537626336
|
||||
34313439623232326166373636633135303766636133303465656332653633356339363761623833
|
||||
63313762346233623338356466623638316466646436323238663434666232343765
|
10
playbook.yml
10
playbook.yml
|
@ -3,12 +3,18 @@
|
|||
gather_facts: False
|
||||
become: true
|
||||
vars:
|
||||
# Services are the names of the compose files in docker/files/composefiles
|
||||
base_domain: data.coop
|
||||
letsencrypt_email: bestyrelsen@data.coop
|
||||
ldap_dn: "dc=data,dc=coop"
|
||||
|
||||
services:
|
||||
- nginx-proxy
|
||||
- openldap
|
||||
- thelounge
|
||||
- gitea
|
||||
- nextcloud
|
||||
- fider
|
||||
- passit
|
||||
- gitea
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
|
|
14
roles/docker/defaults/main.yml
Normal file
14
roles/docker/defaults/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
ldap:
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
|
||||
thelounge:
|
||||
domain: "irc.{{ base_domain }}"
|
||||
|
||||
nextcloud:
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
|
||||
passit:
|
||||
domain: "passit.{{ base_domain }}"
|
||||
|
||||
fider:
|
||||
domain: "feedback.{{ base_domain }}"
|
|
@ -1,43 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
db:
|
||||
restart: always
|
||||
image: postgres
|
||||
networks:
|
||||
- fider
|
||||
volumes:
|
||||
- /var/fider/pg_data:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_USER: fider
|
||||
POSTGRES_PASSWORD: "SOMESTRONGPASSWORD"
|
||||
|
||||
app:
|
||||
restart: always
|
||||
image: getfider/fider:stable
|
||||
ports:
|
||||
- "9999:3000"
|
||||
networks:
|
||||
- fider
|
||||
- external_services
|
||||
environment:
|
||||
GO_ENV: production
|
||||
DATABASE_URL: postgres://fider:SOMESTRONGPASSWORD@db:5432/fider?sslmode=disable
|
||||
JWT_SECRET: LONGRANDOMSTRING
|
||||
|
||||
EMAIL_NOREPLY: noreply@data.coop
|
||||
EMAIL_SMTP_HOST: smtp.fastmail.com
|
||||
EMAIL_SMTP_PORT: 587
|
||||
EMAIL_SMTP_USERNAME: a_smtp_user
|
||||
EMAIL_SMTP_PASSWORD: password_for_smtp_user
|
||||
|
||||
VIRTUAL_HOST: feedback.data.coop
|
||||
LETSENCRYPT_HOST: feedback.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
networks:
|
||||
fider:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,42 +0,0 @@
|
|||
version: "2.3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external_services:
|
||||
external: true
|
||||
|
||||
services:
|
||||
server:
|
||||
image: gitea/gitea:latest
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- VIRTUAL_HOST=gitea.local
|
||||
- VIRTUAL_PORT=3000
|
||||
restart: always
|
||||
networks:
|
||||
- gitea
|
||||
- external_services
|
||||
volumes:
|
||||
- gitea:/data
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "222:22"
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
db:
|
||||
image: postgres:9.6
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_USER=gitea
|
||||
- POSTGRES_PASSWORD=gitea
|
||||
- POSTGRES_DB=gitea
|
||||
networks:
|
||||
- gitea
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
|
||||
volumes:
|
||||
gitea:
|
||||
postgres:
|
|
@ -1,38 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
db:
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
networks:
|
||||
- nextcloud
|
||||
app:
|
||||
image: nextcloud
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_PASSWORD=hest
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- VIRTUAL_HOST=nextcloud.local
|
||||
depends_on:
|
||||
- db
|
||||
ports:
|
||||
- "80"
|
||||
networks:
|
||||
- nextcloud
|
||||
- external_services
|
||||
volumes:
|
||||
nextcloud:
|
||||
db:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
nextcloud:
|
|
@ -1,23 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
thelounge:
|
||||
image: thelounge/lounge:latest
|
||||
container_name: thelounge
|
||||
restart: always
|
||||
ports:
|
||||
- "9000:9000"
|
||||
volumes:
|
||||
- thelounge:/home/lounge/data # bind lounge config from the host's file system
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: irc.data.coop
|
||||
LETSENCRYPT_HOST: irc.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
|
||||
volumes:
|
||||
thelounge:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
510
roles/docker/files/configs/thelounge.js
Normal file
510
roles/docker/files/configs/thelounge.js
Normal file
|
@ -0,0 +1,510 @@
|
|||
"use strict";
|
||||
|
||||
module.exports = {
|
||||
//
|
||||
// Set the server mode.
|
||||
// Public servers does not require authentication.
|
||||
//
|
||||
// Set to 'false' to enable users.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
public: false,
|
||||
|
||||
//
|
||||
// IP address or hostname for the web server to listen on.
|
||||
// Setting this to undefined will listen on all interfaces.
|
||||
//
|
||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
host: undefined,
|
||||
|
||||
//
|
||||
// Set the port to listen on.
|
||||
//
|
||||
// @type int
|
||||
// @default 9000
|
||||
//
|
||||
port: 9000,
|
||||
|
||||
//
|
||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||
// to let the operating system pick its preferred one.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
bind: undefined,
|
||||
|
||||
//
|
||||
// Sets whether the server is behind a reverse proxy and should honor the
|
||||
// X-Forwarded-For header or not.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
reverseProxy: false,
|
||||
|
||||
//
|
||||
// Set the default theme.
|
||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||
//
|
||||
// @type string
|
||||
// @default "example"
|
||||
//
|
||||
theme: "example",
|
||||
|
||||
//
|
||||
// Prefetch URLs
|
||||
//
|
||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||
// URLs posted in channels.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetch: false,
|
||||
|
||||
//
|
||||
// Store and proxy prefetched images and thumbnails.
|
||||
// This improves security and privacy by not exposing client IP address,
|
||||
// and always loading images from The Lounge instance and making all assets secure,
|
||||
// which in result fixes mixed content warnings.
|
||||
//
|
||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||
//
|
||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||
// and the folder is cleaned up on every The Lounge restart.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetchStorage: false,
|
||||
|
||||
//
|
||||
// Prefetch URLs Image Preview size limit
|
||||
//
|
||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||
//
|
||||
// @type int
|
||||
// @default 2048
|
||||
//
|
||||
prefetchMaxImageSize: 2048,
|
||||
|
||||
//
|
||||
// Display network
|
||||
//
|
||||
// If set to false network settings will not be shown in the login form.
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
displayNetwork: true,
|
||||
|
||||
//
|
||||
// Lock network
|
||||
//
|
||||
// If set to true, users will not be able to modify host, port and tls
|
||||
// settings and will be limited to the configured network.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
lockNetwork: false,
|
||||
|
||||
//
|
||||
// Hex IP
|
||||
//
|
||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||
// This is done to share the real user IP address with the server for host masking purposes.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
useHexIp: false,
|
||||
|
||||
//
|
||||
// WEBIRC support
|
||||
//
|
||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||
// network you are connecting to.
|
||||
//
|
||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||
// Format (function):
|
||||
// {"irc.example.net": function(client, args, trusted) {
|
||||
// // here, we return a webirc object fed directly to `irc-framework`
|
||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||
// }}
|
||||
//
|
||||
// @type string | function(client, args):object(webirc)
|
||||
// @default null
|
||||
webirc: null,
|
||||
|
||||
//
|
||||
// Log settings
|
||||
//
|
||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||
// the 'logs/<user>/<network>/' folder.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
logs: {
|
||||
//
|
||||
// Timestamp format
|
||||
//
|
||||
// @type string
|
||||
// @default "YYYY-MM-DD HH:mm:ss"
|
||||
//
|
||||
format: "YYYY-MM-DD HH:mm:ss",
|
||||
|
||||
//
|
||||
// Timezone
|
||||
//
|
||||
// @type string
|
||||
// @default "UTC+00:00"
|
||||
//
|
||||
timezone: "UTC+00:00",
|
||||
},
|
||||
|
||||
//
|
||||
// Maximum number of history lines per channel
|
||||
//
|
||||
// Defines the maximum number of history lines that will be kept in
|
||||
// memory per channel/query, in order to reduce the memory usage of
|
||||
// the server. Setting this to -1 will keep unlimited amount.
|
||||
//
|
||||
// @type integer
|
||||
// @default 10000
|
||||
maxHistory: 10000,
|
||||
|
||||
//
|
||||
// Default values for the 'Connect' form.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
defaults: {
|
||||
//
|
||||
// Name
|
||||
//
|
||||
// @type string
|
||||
// @default "Freenode"
|
||||
//
|
||||
name: "Freenode",
|
||||
|
||||
//
|
||||
// Host
|
||||
//
|
||||
// @type string
|
||||
// @default "chat.freenode.net"
|
||||
//
|
||||
host: "chat.freenode.net",
|
||||
|
||||
//
|
||||
// Port
|
||||
//
|
||||
// @type int
|
||||
// @default 6697
|
||||
//
|
||||
port: 6697,
|
||||
|
||||
//
|
||||
// Password
|
||||
//
|
||||
// @type string
|
||||
// @default ""
|
||||
//
|
||||
password: "",
|
||||
|
||||
//
|
||||
// Enable TLS/SSL
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
tls: true,
|
||||
|
||||
//
|
||||
// Nick
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
nick: "lounge-user",
|
||||
|
||||
//
|
||||
// Username
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
username: "lounge-user",
|
||||
|
||||
//
|
||||
// Real Name
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge User"
|
||||
//
|
||||
realname: "The Lounge User",
|
||||
|
||||
//
|
||||
// Channels
|
||||
// This is a comma-separated list.
|
||||
//
|
||||
// @type string
|
||||
// @default "#thelounge"
|
||||
//
|
||||
join: "#thelounge",
|
||||
},
|
||||
|
||||
//
|
||||
// Set socket.io transports
|
||||
//
|
||||
// @type array
|
||||
// @default ["polling", "websocket"]
|
||||
//
|
||||
transports: ["polling", "websocket"],
|
||||
|
||||
//
|
||||
// Run The Lounge using encrypted HTTP/2.
|
||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
https: {
|
||||
//
|
||||
// Enable HTTP/2 / HTTPS support.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Path to the key.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key.pem"
|
||||
// @default ""
|
||||
//
|
||||
key: "",
|
||||
|
||||
//
|
||||
// Path to the certificate.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key-cert.pem"
|
||||
// @default ""
|
||||
//
|
||||
certificate: "",
|
||||
|
||||
//
|
||||
// Path to the CA bundle.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/bundle.pem"
|
||||
// @default ""
|
||||
//
|
||||
ca: "",
|
||||
},
|
||||
|
||||
//
|
||||
// Default quit and part message if none is provided.
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge - https://thelounge.github.io"
|
||||
//
|
||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||
|
||||
//
|
||||
// Run The Lounge with identd support.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
identd: {
|
||||
//
|
||||
// Run the identd daemon on server start.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Port to listen for ident requests.
|
||||
//
|
||||
// @type int
|
||||
// @default 113
|
||||
//
|
||||
port: 113,
|
||||
},
|
||||
|
||||
//
|
||||
// Enable oidentd support using the specified file
|
||||
//
|
||||
// Example: oidentd: "~/.oidentd.conf",
|
||||
//
|
||||
// @type string
|
||||
// @default null
|
||||
//
|
||||
oidentd: null,
|
||||
|
||||
//
|
||||
// LDAP authentication settings (only available if public=false)
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. Lounge connects to the LDAP server with its system credentials
|
||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||
// user requesting to log in.
|
||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||
// DN and password. Auth is validated iff this connection is successful.
|
||||
//
|
||||
// The search query takes a couple of parameters in `searchDN`:
|
||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||
// to be returned;
|
||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||
// where <username> is the user name provided in the log in request,
|
||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||
// also given in the config, to filter for instance only for nodes of type
|
||||
// inetOrgPerson, or whatever LDAP search allows.
|
||||
//
|
||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||
// ignore searchDN options and assume that the user DN is always:
|
||||
// <bindDN>,<primaryKey>=<username>
|
||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||
// and <primaryKey> are provided by the config.
|
||||
//
|
||||
ldap: {
|
||||
//
|
||||
// Enable LDAP user authentication
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: true,
|
||||
|
||||
//
|
||||
// LDAP server URL
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
url: "ldap://{{ ldap.domain }}",
|
||||
|
||||
//
|
||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||
//
|
||||
// @type object (see nodejs' tls.connect() options)
|
||||
// @default {}
|
||||
//
|
||||
// Example:
|
||||
// You can use this option in order to force the use of IPv6:
|
||||
// {
|
||||
// host: 'my::ip::v6',
|
||||
// servername: 'example.com'
|
||||
// }
|
||||
tlsOptions: {},
|
||||
|
||||
//
|
||||
// LDAP base dn, alternative to searchDN
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
baseDN: "{{ ldap_dn }}",
|
||||
|
||||
//
|
||||
// LDAP primary key
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
primaryKey: "uid",
|
||||
|
||||
//
|
||||
// LDAP search dn settings. This defines the procedure by which the
|
||||
// lounge first look for user DN before authenticating her.
|
||||
// Ignored if baseDN is specified
|
||||
//
|
||||
// @type object
|
||||
//
|
||||
searchDN: {
|
||||
|
||||
//
|
||||
// LDAP searching bind DN
|
||||
// This bind DN is used to query the server for the DN of the user.
|
||||
// This is supposed to be a system user that has access in read only to
|
||||
// the DNs of the people that are allowed to log in.
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootDN: "",
|
||||
|
||||
//
|
||||
// Password of the lounge LDAP system user
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootPassword: "",
|
||||
|
||||
//
|
||||
// LDAP filter
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
filter: "uid",
|
||||
|
||||
//
|
||||
// LDAP search base (search only within this node)
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
base: "",
|
||||
|
||||
//
|
||||
// LDAP search scope
|
||||
//
|
||||
// @type string
|
||||
// @default "sub"
|
||||
//
|
||||
scope: "sub",
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
// Extra debugging
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
debug: {
|
||||
// Enables extra debugging output provided by irc-framework.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
ircFramework: false,
|
||||
|
||||
// Enables logging raw IRC messages into each server window.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
raw: false,
|
||||
},
|
||||
};
|
|
@ -4,8 +4,5 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
docker_service:
|
||||
project_name: "{{ item }}"
|
||||
definition:
|
||||
"{{ lookup('file', 'composefiles/{{ item }}.yml') | from_yaml }}"
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
|
|
48
roles/docker/tasks/services/fider.yml
Normal file
48
roles/docker/tasks/services/fider.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
|
||||
- name: fider network
|
||||
docker_network:
|
||||
name: fider
|
||||
|
||||
- name: fider database volume
|
||||
docker_volume:
|
||||
name: fider_db
|
||||
|
||||
- name: fider database container
|
||||
docker_container:
|
||||
name: fider_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: fider
|
||||
volumes:
|
||||
- fider_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_DB: somethingelse
|
||||
POSTGRES_USER: fider
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.fider }}"
|
||||
|
||||
- name: fider app container
|
||||
docker_container:
|
||||
image: getfider/fider:stable
|
||||
restart_policy: always
|
||||
published_ports:
|
||||
- "9999:3000"
|
||||
networks:
|
||||
- name: fider
|
||||
- name: external_services
|
||||
env:
|
||||
GO_ENV: production
|
||||
DATABASE_URL: postgres://fider:{{ postgres_passwords.fider }}@fider_db:5432/fider?sslmode=disable
|
||||
JWT_SECRET: "{{ fider_jwt_secret }}"
|
||||
|
||||
EMAIL_NOREPLY: noreply@{{ fider.domain }}
|
||||
EMAIL_SMTP_HOST: "{{ smtp_host }}"
|
||||
EMAIL_SMTP_PORT: "{{ smtp_port }}"
|
||||
EMAIL_SMTP_USERNAME: "{{ smtp_username }}"
|
||||
EMAIL_SMTP_PASSWORD: "{{ smtp_password }}"
|
||||
|
||||
VIRTUAL_HOST: "{{ fider.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ fider.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email}}"
|
50
roles/docker/tasks/services/gitea.yml
Normal file
50
roles/docker/tasks/services/gitea.yml
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
|
||||
- name: gitea network
|
||||
docker_network:
|
||||
name: gitea
|
||||
|
||||
- name: gitea app volume
|
||||
docker_volume:
|
||||
name: gitea
|
||||
|
||||
- name: gitea database volume
|
||||
docker_volume:
|
||||
name: gitea_db
|
||||
|
||||
- name: gitea database container
|
||||
docker_container:
|
||||
name: gitea_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: gitea
|
||||
volumes:
|
||||
- gitea_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_DB: somethingelse
|
||||
POSTGRES_USER: gitea
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"
|
||||
|
||||
- name: gitea container
|
||||
docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:latest
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: gitea
|
||||
- name: external_services
|
||||
volumes:
|
||||
- gitea:/data
|
||||
published_ports:
|
||||
- "3000:3000"
|
||||
- "222:22"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: gitea_db
|
||||
POSTGRES_DB: gitea
|
||||
POSTGRES_USER: gitea
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.gitea }}"
|
50
roles/docker/tasks/services/nextcloud.yml
Normal file
50
roles/docker/tasks/services/nextcloud.yml
Normal file
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
|
||||
- name: nextcloud network
|
||||
docker_network:
|
||||
name: nextcloud
|
||||
|
||||
- name: nextcloud database volume
|
||||
docker_volume:
|
||||
name: nextcloud_db
|
||||
|
||||
- name: nextcloud database container
|
||||
docker_container:
|
||||
name: nextcloud_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: nextcloud
|
||||
volumes:
|
||||
- nextcloud_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_DB: somethingelse
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
||||
- name: nextcloud app volume
|
||||
docker_volume:
|
||||
name: nextcloud_app
|
||||
|
||||
- name: nextcloud app container
|
||||
docker_container:
|
||||
name: nextcloud_app
|
||||
image: nextcloud:apache
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: nextcloud
|
||||
- name: external_services
|
||||
volumes:
|
||||
- nextcloud_app:/var/www/html
|
||||
published_ports:
|
||||
- "80"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: nextcloud_db
|
||||
POSTGRES_DB: nextcloud
|
||||
POSTGRES_USER: nextcloud
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
|
@ -1,14 +1,24 @@
|
|||
---
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
- docker_volume:
|
||||
name: "{{ volume }}"
|
||||
with_items:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
nginx-proxy:
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: jwilder/nginx-proxy
|
||||
container_name: nginx-proxy
|
||||
restart_policy: always
|
||||
networks:
|
||||
- external_services
|
||||
ports:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
|
@ -18,32 +28,17 @@ services:
|
|||
- dhparam:/etc/nginx/dhparam
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
restart: always
|
||||
|
||||
|
||||
letsencrypt:
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||
container_name: nginx-proxy-le
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- dhparam:/etc/nginx/dhparam:ro
|
||||
- certs:/etc/nginx/certs
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- NGINX_PROXY_CONTAINER=nginx-proxy
|
||||
restart: always
|
||||
|
||||
volumes:
|
||||
conf:
|
||||
vhost:
|
||||
html:
|
||||
dhparam:
|
||||
certs:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
|
@ -1,18 +1,34 @@
|
|||
version: '3'
|
||||
services:
|
||||
openldap:
|
||||
---
|
||||
|
||||
- name: Create a network for ldap
|
||||
docker_network:
|
||||
name: ldap
|
||||
|
||||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:1.2.2
|
||||
container_name: openldap
|
||||
environment:
|
||||
tty: true
|
||||
interactive: true
|
||||
volumes:
|
||||
- /var/lib/ldap
|
||||
- /etc/ldap/slapd.d
|
||||
- /container/service/slapd/assets/certs/
|
||||
published_ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ ldap.domain }}"
|
||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
LDAP_LOG_LEVEL: "256"
|
||||
LDAP_ORGANISATION: "data.coop"
|
||||
LDAP_DOMAIN: "data.coop"
|
||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||
LDAP_DOMAIN: "{{ base_domain }}"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "admin"
|
||||
LDAP_CONFIG_PASSWORD: "config"
|
||||
LDAP_READONLY_USER: "true"
|
||||
LDAP_READONLY_USER_USERNAME: "readonly"
|
||||
LDAP_READONLY_USER_PASSWORD: "readonly"
|
||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||
LDAP_READONLY_USER: "false"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
|
@ -27,35 +43,19 @@ services:
|
|||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
tty: true
|
||||
stdin_open: true
|
||||
volumes:
|
||||
- /var/lib/ldap
|
||||
- /etc/ldap/slapd.d
|
||||
- /container/service/slapd/assets/certs/
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
domainname: "ldap.data.coop" # important: same as hostname
|
||||
hostname: "ldap.data.coop"
|
||||
networks:
|
||||
- external_services
|
||||
|
||||
phpldapadmin:
|
||||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:latest
|
||||
container_name: phpldapadmin
|
||||
environment:
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
VIRTUAL_HOST: ldap.data.coop
|
||||
LETSENCRYPT_HOST: ldap.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
depends_on:
|
||||
- openldap
|
||||
networks:
|
||||
- external_services
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
46
roles/docker/tasks/services/passit.yml
Normal file
46
roles/docker/tasks/services/passit.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
|
||||
- name: passit network
|
||||
docker_network:
|
||||
name: passit
|
||||
|
||||
- name: passit database volume
|
||||
docker_volume:
|
||||
name: passit_db
|
||||
|
||||
- name: passit database container
|
||||
docker_container:
|
||||
name: passit_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: passit
|
||||
volumes:
|
||||
- passit_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_DB: somethingelse
|
||||
POSTGRES_USER: passit
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
|
||||
- name: passit app container
|
||||
docker_container:
|
||||
image: passit/passit:stable
|
||||
command: bin/start.sh
|
||||
restart_policy: always
|
||||
published_ports:
|
||||
- "8000:8080"
|
||||
networks:
|
||||
- name: passit
|
||||
- name: external_services
|
||||
env:
|
||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit"
|
||||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: smtp://{{ smtp_user }}:{{ smtp_password }}@{{ smtp_host }}:{{ smtp_port}}
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
27
roles/docker/tasks/services/thelounge.yml
Normal file
27
roles/docker/tasks/services/thelounge.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
|
||||
- name: thelounge volume
|
||||
docker_volume:
|
||||
name: thelounge
|
||||
|
||||
- name: upload thelounge config
|
||||
template:
|
||||
src: files/configs/thelounge.js
|
||||
dest: /var/lib/docker/volumes/thelounge/_data/config.js
|
||||
|
||||
- name: thelounge container
|
||||
docker_container:
|
||||
name: thelounge
|
||||
image: thelounge/lounge:latest
|
||||
restart_policy: always
|
||||
published_ports:
|
||||
- "9000:9000"
|
||||
volumes:
|
||||
- thelounge:/home/lounge/data
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ thelounge.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ thelounge.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
Loading…
Reference in a new issue