forked from data.coop/ansible
Merge branch 'main' into watchtower
This commit is contained in:
commit
1356aa54c8
111
.ansible-lint
Normal file
111
.ansible-lint
Normal file
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
# .ansible-lint
|
||||
|
||||
profile: null # min, basic, moderate,safety, shared, production
|
||||
|
||||
# exclude_paths included in this file are parsed relative to this file's location
|
||||
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||
# option are parsed relative to the CWD of execution.
|
||||
exclude_paths:
|
||||
- .cache/ # implicit unless exclude_paths is defined in config
|
||||
- .github/
|
||||
- test/fixtures/formatting-before/
|
||||
- test/fixtures/formatting-prettier/
|
||||
# parseable: true
|
||||
# quiet: true
|
||||
# strict: true
|
||||
# verbosity: 1
|
||||
|
||||
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||
mock_modules:
|
||||
- zuul_return
|
||||
# note the foo.bar is invalid as being neither a module or a collection
|
||||
- fake_namespace.fake_collection.fake_module
|
||||
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||
mock_roles:
|
||||
- mocked_role
|
||||
- author.role_name # old standalone galaxy role
|
||||
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||
|
||||
# Enable checking of loop variable prefixes in roles
|
||||
loop_var_prefix: "{role}_"
|
||||
|
||||
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||
# to skip_list.
|
||||
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||
|
||||
use_default_rules: true
|
||||
# Load custom rules from this specific folder
|
||||
# rulesdir:
|
||||
# - ./rule/directory/
|
||||
|
||||
# Ansible-lint completely ignores rules or tags listed below
|
||||
skip_list:
|
||||
- skip_this_tag
|
||||
|
||||
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||
# You must enable opt-in rules by listing each rule 'id' below.
|
||||
enable_list:
|
||||
- empty-string-compare # opt-in
|
||||
- no-log-password # opt-in
|
||||
- no-same-owner # opt-in
|
||||
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||
# library is missing. Normally its absence just skips using that rule.
|
||||
- yaml
|
||||
# Report only a subset of tags and fully ignore any others
|
||||
# tags:
|
||||
# - jinja[spacing]
|
||||
|
||||
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||
warn_list:
|
||||
- skip_this_tag
|
||||
- experimental # experimental is included in the implicit list
|
||||
# - role-name
|
||||
# - yaml[document-start] # you can also use sub-rule matches
|
||||
|
||||
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||
# write_list:
|
||||
# - all
|
||||
|
||||
# Offline mode disables installation of requirements.yml
|
||||
offline: false
|
||||
|
||||
# Return success if number of violations compared with previous git
|
||||
# commit has not increased. This feature works only in git
|
||||
# repositories.
|
||||
progressive: false
|
||||
|
||||
# Define required Ansible's variables to satisfy syntax check
|
||||
extra_vars:
|
||||
foo: bar
|
||||
multiline_string_variable: |
|
||||
line1
|
||||
line2
|
||||
complex_variable: ":{;\t$()"
|
||||
|
||||
# Uncomment to enforce action validation with tasks, usually is not
|
||||
# needed as Ansible syntax check also covers it.
|
||||
# skip_action_validation: false
|
||||
|
||||
# List of additional kind:pattern to be added at the top of the default
|
||||
# match list, first match determines the file kind.
|
||||
kinds:
|
||||
# - playbook: "**/examples/*.{yml,yaml}"
|
||||
# - galaxy: "**/folder/galaxy.yml"
|
||||
# - tasks: "**/tasks/*.yml"
|
||||
# - vars: "**/vars/*.yml"
|
||||
# - meta: "**/meta/main.yml"
|
||||
- yaml: "**/*.yaml-too"
|
||||
|
||||
# List of additional collections to allow in only-builtins rule.
|
||||
# only_builtins_allow_collections:
|
||||
# - example_ns.example_collection
|
||||
|
||||
# List of additions modules to allow in only-builtins rule.
|
||||
# only_builtins_allow_modules:
|
||||
# - example_module
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@ playbook.retry
|
|||
*.sw*
|
||||
.vagrant/
|
||||
*.log
|
||||
.idea/
|
||||
venv/
|
||||
|
|
14
.pre-commit-config.yaml
Normal file
14
.pre-commit-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
repos:
|
||||
|
||||
#- repo: https://github.com/semaphor-dk/dansabel
|
||||
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||
# hooks:
|
||||
# - id: dansabel
|
||||
|
||||
- repo: https://github.com/ansible/ansible-lint
|
||||
rev: v6.9.0
|
||||
hooks:
|
||||
- id: ansible-lint
|
||||
files: \.(yaml|yml)$
|
||||
additional_dependencies:
|
||||
- ansible
|
12
Makefile
Normal file
12
Makefile
Normal file
|
@ -0,0 +1,12 @@
|
|||
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||
|
||||
create_venv:
|
||||
python3 -m venv venv
|
||||
venv/bin/pip install -U pip
|
||||
venv/bin/pip install ansible pre-commit
|
||||
|
||||
install_pre_commit:
|
||||
venv/bin/pre-commit install
|
||||
|
||||
install_ansible_galaxy_modules:
|
||||
venv/bin/ansible-galaxy collection install community.general
|
13
deploy.sh
13
deploy.sh
|
@ -2,8 +2,13 @@
|
|||
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
|
||||
if [ "$1" = "--vagrant" ]; then
|
||||
BASE_CMD="$BASE_CMD --inventory=vagrant_host"
|
||||
shift
|
||||
fi
|
||||
|
||||
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||
echo "Installing community modules"
|
||||
echo "Installing community.general modules"
|
||||
ansible-galaxy collection install community.general
|
||||
fi
|
||||
|
||||
|
@ -17,12 +22,14 @@ else
|
|||
echo "Deploying all services!"
|
||||
$BASE_CMD --tags setup_services
|
||||
else
|
||||
echo "Deploying services: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
||||
echo "Deploying service: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars "single_service=$2"
|
||||
fi
|
||||
;;
|
||||
"base")
|
||||
$BASE_CMD --tags base_only
|
||||
;;
|
||||
*)
|
||||
echo "Command \"$1\" not found!"
|
||||
esac
|
||||
fi
|
||||
|
|
25
playbook.yml
25
playbook.yml
|
@ -10,31 +10,6 @@
|
|||
vagrant: "{{ ansible_virtualization_role == 'guest' }}"
|
||||
letsencrypt_enabled: "{{ not vagrant }}"
|
||||
|
||||
services:
|
||||
- nginx-proxy
|
||||
- postfix
|
||||
- openldap
|
||||
- keycloak
|
||||
- restic-backup
|
||||
- nextcloud
|
||||
- passit
|
||||
- gitea
|
||||
- matrix_riot
|
||||
- privatebin
|
||||
- codimd
|
||||
- hedgedoc
|
||||
- netdata
|
||||
- docker_registry
|
||||
- drone
|
||||
- websites
|
||||
- ulovliglogning-dk
|
||||
- watchtower
|
||||
- mailu
|
||||
- portainer
|
||||
- mastodon
|
||||
- rallly
|
||||
- membersystem
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
|
|
|
@ -1,122 +1,169 @@
|
|||
---
|
||||
volume_root_folder: "/docker-volumes"
|
||||
|
||||
nginx:
|
||||
services:
|
||||
|
||||
### Internal services ###
|
||||
postfix:
|
||||
file: postfix.yml
|
||||
version: "v3.5.1"
|
||||
|
||||
nginx_proxy:
|
||||
file: nginx_proxy.yml
|
||||
version: "1.0-alpine"
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
|
||||
ldap:
|
||||
nginx_acme_companion:
|
||||
version: "2.2"
|
||||
|
||||
openldap:
|
||||
file: openldap.yml
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
version: "1.5.0"
|
||||
|
||||
nextcloud:
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
phpldapadmin:
|
||||
version: "0.9.0"
|
||||
|
||||
gitea:
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
|
||||
passit:
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
|
||||
matrix:
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
|
||||
riot:
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
|
||||
privatebin:
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
|
||||
codimd:
|
||||
domain: "oldpad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
|
||||
netdata:
|
||||
netdata:
|
||||
file: netdata.yml
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
version: "v1"
|
||||
|
||||
docker_registry:
|
||||
portainer:
|
||||
file: portainer.yml
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
version: "2.16.2"
|
||||
|
||||
keycloak:
|
||||
file: keycloak.yml
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
version: "20.0"
|
||||
|
||||
restic:
|
||||
file: restic_backup.yml
|
||||
user: "datacoop"
|
||||
domain: "restic.cannedtuna.org"
|
||||
repository: "datacoop-hevonen"
|
||||
version: "1.6.0"
|
||||
disabled_in_vagrant: true
|
||||
|
||||
docker_registry:
|
||||
file: docker_registry.yml
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
version: "2"
|
||||
|
||||
data_coop_website:
|
||||
### External services ###
|
||||
|
||||
nextcloud:
|
||||
file: nextcloud.yml
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||
version: 25-apache
|
||||
|
||||
gitea:
|
||||
file: gitea.yml
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
version: 1.17
|
||||
allowed_sender_domain: true
|
||||
|
||||
passit:
|
||||
file: passit.yml
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
version: stable
|
||||
allowed_sender_domain: true
|
||||
|
||||
matrix:
|
||||
file: matrix_riot.yml
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
version: v1.63.1
|
||||
|
||||
riot:
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
version: v1.11.8
|
||||
|
||||
privatebin:
|
||||
file: privatebin.yml
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
version: 20221009
|
||||
|
||||
codimd:
|
||||
domain: "oldpad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
file: hedgedoc.yml
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
version: 1
|
||||
|
||||
data_coop_website:
|
||||
file: websites/data.coop.yml
|
||||
domains:
|
||||
- "{{ base_domain }}"
|
||||
- "www.{{ base_domain }}"
|
||||
|
||||
cryptohagen_website:
|
||||
cryptohagen_website:
|
||||
file: websites/cryptohagen.dk.yml
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
|
||||
ulovliglogning_website:
|
||||
ulovliglogning_website:
|
||||
file: websites/ulovliglogning.dk.yml
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
|
||||
cryptoaarhus_website:
|
||||
cryptoaarhus_website:
|
||||
file: websites/cryptoaarhus.dk.yml
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
|
||||
drone:
|
||||
drone:
|
||||
file: drone.yml
|
||||
domain: "drone.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/drone"
|
||||
version: 1
|
||||
|
||||
mailu:
|
||||
mailu:
|
||||
file: mailu.yml
|
||||
version: 1.6
|
||||
domain: "mail.{{ base_domain }}"
|
||||
dns: 192.168.203.254
|
||||
subnet: 192.168.203.0/24
|
||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||
|
||||
portainer:
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
|
||||
ttrss:
|
||||
domain: rss.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||
|
||||
keycloak:
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
|
||||
postfix:
|
||||
allowed_sender_domains:
|
||||
- "services.{{ base_domain }}"
|
||||
- "{{ passit.domain }}"
|
||||
- "{{ gitea.domain }}"
|
||||
- "{{ mastodon.domain }}"
|
||||
- "{{ rallly.domain }}"
|
||||
- "{{ membersystem.domain }}"
|
||||
|
||||
mastodon:
|
||||
mastodon:
|
||||
file: mastodon.yml
|
||||
domain: "social.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||
version: v4.0.2
|
||||
allowed_sender_domain: true
|
||||
|
||||
rallly:
|
||||
rallly:
|
||||
file: rallly.yml
|
||||
domain: "when.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||
version: a21f92bf74308d66cfcd545d49b81eba0211a222
|
||||
allowed_sender_domain: true
|
||||
|
||||
membersystem:
|
||||
membersystem:
|
||||
file: membersystem.yml
|
||||
domain: "member.{{ base_domain }}"
|
||||
django_admins: "Vidir:valberg@orn.li"
|
||||
|
||||
restic:
|
||||
user: "datacoop"
|
||||
domain: "restic.cannedtuna.org"
|
||||
repository: "datacoop-hevonen"
|
||||
allowed_sender_domain: true
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
# ----------
|
||||
# This identifies your server and cannot be changed safely later
|
||||
# ----------
|
||||
LOCAL_DOMAIN={{ mastodon.domain }}
|
||||
LOCAL_DOMAIN={{ services.mastodon.domain }}
|
||||
|
||||
# Redis
|
||||
# -----
|
||||
|
@ -52,7 +52,7 @@ SMTP_SERVER={{ smtp_host }}
|
|||
SMTP_PORT={{ smtp_port }}
|
||||
SMTP_LOGIN=
|
||||
SMTP_PASSWORD=
|
||||
SMTP_FROM_ADDRESS=notifications@{{ mastodon.domain }}
|
||||
SMTP_FROM_ADDRESS=notifications@{{ services.mastodon.domain }}
|
||||
|
||||
# File storage (optional)
|
||||
# -----------------------
|
||||
|
|
|
@ -44,7 +44,7 @@ pid_file: /data/homeserver.pid
|
|||
# use synapse with a reverse proxy, this should be the URL to reach
|
||||
# synapse via the proxy.
|
||||
#
|
||||
public_baseurl: "https://{{ matrix.domain }}"
|
||||
public_baseurl: "https://{{ services.matrix.domain }}"
|
||||
|
||||
# Set the soft limit on the number of file descriptors synapse can use
|
||||
# Zero is used to indicate synapse should set the soft limit to the
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
NEXT_PUBLIC_BASE_URL="https://{{ rallly.domain }}"
|
||||
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@rallly_db:5432/rallly_db"
|
||||
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||
SUPPORT_EMAIL="noreply@{{ rallly.domain }}"
|
||||
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||
SMTP_HOST="{{ smtp_host }}"
|
||||
SMTP_PORT="{{ smtp_port }}"
|
||||
SMTP_SECURE="false"
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "https://{{ matrix.domain }}"
|
||||
"base_url": "https://{{ services.matrix.domain }}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://vector.im"
|
||||
|
@ -37,7 +37,7 @@
|
|||
]
|
||||
},
|
||||
"enable_presence_by_hs_url": {
|
||||
"https://{{ matrix.domain }}": false
|
||||
"https://{{ services.matrix.domain }}": false
|
||||
},
|
||||
"terms_and_conditions_links": [
|
||||
{
|
||||
|
|
|
@ -1,511 +0,0 @@
|
|||
"use strict";
|
||||
|
||||
module.exports = {
|
||||
//
|
||||
// Set the server mode.
|
||||
// Public servers does not require authentication.
|
||||
//
|
||||
// Set to 'false' to enable users.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
public: false,
|
||||
|
||||
//
|
||||
// IP address or hostname for the web server to listen on.
|
||||
// Setting this to undefined will listen on all interfaces.
|
||||
//
|
||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
host: undefined,
|
||||
|
||||
//
|
||||
// Set the port to listen on.
|
||||
//
|
||||
// @type int
|
||||
// @default 9000
|
||||
//
|
||||
port: 9000,
|
||||
|
||||
//
|
||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||
// to let the operating system pick its preferred one.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
bind: undefined,
|
||||
|
||||
//
|
||||
// Sets whether the server is behind a reverse proxy and should honor the
|
||||
// X-Forwarded-For header or not.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
reverseProxy: false,
|
||||
|
||||
//
|
||||
// Set the default theme.
|
||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||
//
|
||||
// @type string
|
||||
// @default "example"
|
||||
//
|
||||
theme: "example",
|
||||
|
||||
//
|
||||
// Prefetch URLs
|
||||
//
|
||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||
// URLs posted in channels.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetch: false,
|
||||
|
||||
//
|
||||
// Store and proxy prefetched images and thumbnails.
|
||||
// This improves security and privacy by not exposing client IP address,
|
||||
// and always loading images from The Lounge instance and making all assets secure,
|
||||
// which in result fixes mixed content warnings.
|
||||
//
|
||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||
//
|
||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||
// and the folder is cleaned up on every The Lounge restart.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetchStorage: false,
|
||||
|
||||
//
|
||||
// Prefetch URLs Image Preview size limit
|
||||
//
|
||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||
//
|
||||
// @type int
|
||||
// @default 2048
|
||||
//
|
||||
prefetchMaxImageSize: 2048,
|
||||
|
||||
//
|
||||
// Display network
|
||||
//
|
||||
// If set to false network settings will not be shown in the login form.
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
displayNetwork: true,
|
||||
|
||||
//
|
||||
// Lock network
|
||||
//
|
||||
// If set to true, users will not be able to modify host, port and tls
|
||||
// settings and will be limited to the configured network.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
lockNetwork: false,
|
||||
|
||||
//
|
||||
// Hex IP
|
||||
//
|
||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||
// This is done to share the real user IP address with the server for host masking purposes.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
useHexIp: false,
|
||||
|
||||
//
|
||||
// WEBIRC support
|
||||
//
|
||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||
// network you are connecting to.
|
||||
//
|
||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||
// Format (function):
|
||||
// {"irc.example.net": function(client, args, trusted) {
|
||||
// // here, we return a webirc object fed directly to `irc-framework`
|
||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||
// }}
|
||||
//
|
||||
// @type string | function(client, args):object(webirc)
|
||||
// @default null
|
||||
webirc: null,
|
||||
|
||||
//
|
||||
// Log settings
|
||||
//
|
||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||
// the 'logs/<user>/<network>/' folder.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
logs: {
|
||||
//
|
||||
// Timestamp format
|
||||
//
|
||||
// @type string
|
||||
// @default "YYYY-MM-DD HH:mm:ss"
|
||||
//
|
||||
format: "YYYY-MM-DD HH:mm:ss",
|
||||
|
||||
//
|
||||
// Timezone
|
||||
//
|
||||
// @type string
|
||||
// @default "UTC+00:00"
|
||||
//
|
||||
timezone: "UTC+00:00",
|
||||
},
|
||||
|
||||
//
|
||||
// Maximum number of history lines per channel
|
||||
//
|
||||
// Defines the maximum number of history lines that will be kept in
|
||||
// memory per channel/query, in order to reduce the memory usage of
|
||||
// the server. Setting this to -1 will keep unlimited amount.
|
||||
//
|
||||
// @type integer
|
||||
// @default 10000
|
||||
maxHistory: 10000,
|
||||
|
||||
//
|
||||
// Default values for the 'Connect' form.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
defaults: {
|
||||
//
|
||||
// Name
|
||||
//
|
||||
// @type string
|
||||
// @default "Freenode"
|
||||
//
|
||||
name: "Freenode",
|
||||
|
||||
//
|
||||
// Host
|
||||
//
|
||||
// @type string
|
||||
// @default "chat.freenode.net"
|
||||
//
|
||||
host: "chat.freenode.net",
|
||||
|
||||
//
|
||||
// Port
|
||||
//
|
||||
// @type int
|
||||
// @default 6697
|
||||
//
|
||||
port: 6697,
|
||||
|
||||
//
|
||||
// Password
|
||||
//
|
||||
// @type string
|
||||
// @default ""
|
||||
//
|
||||
password: "",
|
||||
|
||||
//
|
||||
// Enable TLS/SSL
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
tls: true,
|
||||
|
||||
//
|
||||
// Nick
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
nick: "lounge-user",
|
||||
|
||||
//
|
||||
// Username
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
username: "lounge-user",
|
||||
|
||||
//
|
||||
// Real Name
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge User"
|
||||
//
|
||||
realname: "The Lounge User",
|
||||
|
||||
//
|
||||
// Channels
|
||||
// This is a comma-separated list.
|
||||
//
|
||||
// @type string
|
||||
// @default "#thelounge"
|
||||
//
|
||||
join: "#thelounge",
|
||||
},
|
||||
|
||||
//
|
||||
// Set socket.io transports
|
||||
//
|
||||
// @type array
|
||||
// @default ["polling", "websocket"]
|
||||
//
|
||||
transports: ["polling", "websocket"],
|
||||
|
||||
//
|
||||
// Run The Lounge using encrypted HTTP/2.
|
||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
https: {
|
||||
//
|
||||
// Enable HTTP/2 / HTTPS support.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Path to the key.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key.pem"
|
||||
// @default ""
|
||||
//
|
||||
key: "",
|
||||
|
||||
//
|
||||
// Path to the certificate.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key-cert.pem"
|
||||
// @default ""
|
||||
//
|
||||
certificate: "",
|
||||
|
||||
//
|
||||
// Path to the CA bundle.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/bundle.pem"
|
||||
// @default ""
|
||||
//
|
||||
ca: "",
|
||||
},
|
||||
|
||||
//
|
||||
// Default quit and part message if none is provided.
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge - https://thelounge.github.io"
|
||||
//
|
||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||
|
||||
//
|
||||
// Run The Lounge with identd support.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
identd: {
|
||||
//
|
||||
// Run the identd daemon on server start.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Port to listen for ident requests.
|
||||
//
|
||||
// @type int
|
||||
// @default 113
|
||||
//
|
||||
port: 113,
|
||||
},
|
||||
|
||||
//
|
||||
// Enable oidentd support using the specified file
|
||||
//
|
||||
// Example: oidentd: "~/.oidentd.conf",
|
||||
//
|
||||
// @type string
|
||||
// @default null
|
||||
//
|
||||
oidentd: null,
|
||||
|
||||
//
|
||||
// LDAP authentication settings (only available if public=false)
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. Lounge connects to the LDAP server with its system credentials
|
||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||
// user requesting to log in.
|
||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||
// DN and password. Auth is validated iff this connection is successful.
|
||||
//
|
||||
// The search query takes a couple of parameters in `searchDN`:
|
||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||
// to be returned;
|
||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||
// where <username> is the user name provided in the log in request,
|
||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||
// also given in the config, to filter for instance only for nodes of type
|
||||
// inetOrgPerson, or whatever LDAP search allows.
|
||||
//
|
||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||
// ignore searchDN options and assume that the user DN is always:
|
||||
// <bindDN>,<primaryKey>=<username>
|
||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||
// and <primaryKey> are provided by the config.
|
||||
//
|
||||
ldap: {
|
||||
//
|
||||
// Enable LDAP user authentication
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: true,
|
||||
|
||||
//
|
||||
// LDAP server URL
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
url: "ldap://{{ ldap.domain }}",
|
||||
|
||||
//
|
||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||
//
|
||||
// @type object (see nodejs' tls.connect() options)
|
||||
// @default {}
|
||||
//
|
||||
// Example:
|
||||
// You can use this option in order to force the use of IPv6:
|
||||
// {
|
||||
// host: 'my::ip::v6',
|
||||
// servername: 'example.com'
|
||||
// }
|
||||
tlsOptions: {},
|
||||
|
||||
//
|
||||
// LDAP base dn, alternative to searchDN
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
// baseDN: "",
|
||||
|
||||
//
|
||||
// LDAP primary key
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
primaryKey: "uid",
|
||||
|
||||
//
|
||||
// LDAP search dn settings. This defines the procedure by which the
|
||||
// lounge first look for user DN before authenticating her.
|
||||
// Ignored if baseDN is specified
|
||||
//
|
||||
// @type object
|
||||
//
|
||||
searchDN: {
|
||||
|
||||
//
|
||||
// LDAP searching bind DN
|
||||
// This bind DN is used to query the server for the DN of the user.
|
||||
// This is supposed to be a system user that has access in read only to
|
||||
// the DNs of the people that are allowed to log in.
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootDN: "cn=admin,dc=data,dc=coop",
|
||||
|
||||
//
|
||||
// Password of the lounge LDAP system user
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootPassword: "{{ ldap_admin_password }}",
|
||||
|
||||
//
|
||||
// LDAP filter
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
||||
filter: "(objectClass=inetOrgPerson)",
|
||||
|
||||
//
|
||||
// LDAP search base (search only within this node)
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
base: "{{ ldap_dn }}",
|
||||
|
||||
//
|
||||
// LDAP search scope
|
||||
//
|
||||
// @type string
|
||||
// @default "sub"
|
||||
//
|
||||
scope: "sub",
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
// Extra debugging
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
debug: {
|
||||
// Enables extra debugging output provided by irc-framework.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
ircFramework: false,
|
||||
|
||||
// Enables logging raw IRC messages into each server window.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
raw: false,
|
||||
},
|
||||
};
|
|
@ -4,5 +4,15 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
include_tasks: "services/{{ item.value.file }}"
|
||||
loop: "{{ services | dict2items }}"
|
||||
when: single_service is not defined and
|
||||
item.value.file is defined and
|
||||
item.value.disabled_in_vagrant is not defined
|
||||
|
||||
- name: setup single service
|
||||
include_tasks: "services/{{ services[single_service].file }}"
|
||||
when: single_service is defined and
|
||||
single_service in services and
|
||||
services[single_service].file is defined and
|
||||
services[single_service].disabled_in_vagrant is not defined
|
||||
|
|
|
@ -2,34 +2,34 @@
|
|||
- name: copy docker registry nginx configuration
|
||||
copy:
|
||||
src: "files/configs/docker_registry/nginx.conf"
|
||||
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
|
||||
dest: "/docker-volumes/nginx/vhost/{{ services.docker_registry.domain }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: docker registry container
|
||||
docker_container:
|
||||
name: registry
|
||||
image: registry:2
|
||||
image: registry:{{ services.docker_registry.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ docker_registry.volume_folder }}/auth:/auth"
|
||||
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
args:
|
||||
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||
|
||||
- name: log in to registry
|
||||
docker_login:
|
||||
registry: "docker.data.coop"
|
||||
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
|
|
|
@ -14,31 +14,31 @@
|
|||
- external_services
|
||||
- drone
|
||||
volumes:
|
||||
- "{{ drone.volume_folder }}:/data"
|
||||
- "{{ services.drone.volume_folder }}:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||
DRONE_GITEA_SERVER: "https://{{ services.gitea.domain }}"
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_SERVER_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
drone-runner-docker:
|
||||
container_name: "drone-runner-docker"
|
||||
image: "drone/drone-runner-docker:1"
|
||||
image: "drone/drone-runner-docker:{{ services.drone.version }}"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- drone
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
||||
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||
DRONE_RPC_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
|
|
|
@ -7,25 +7,25 @@
|
|||
- name: gitea container
|
||||
docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:1.17
|
||||
image: gitea/gitea:{{ services.gitea.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: gitea
|
||||
- name: postfix
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ gitea.volume_folder }}:/data"
|
||||
- "{{ services.gitea.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- "22:22"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.gitea.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.gitea.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Gitea customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||
GITEA__mailer__ENABLED: "true"
|
||||
GITEA__mailer__FROM: "noreply@{{ gitea.domain }}"
|
||||
GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
|
||||
GITEA__mailer__MAILER_TYPE: "smtp"
|
||||
GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
|
||||
GITEA__mailer__USER: "noop"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create hedgedoc volume folders
|
||||
file:
|
||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "db"
|
||||
|
@ -12,7 +12,7 @@
|
|||
- name: copy sso public certificate
|
||||
copy:
|
||||
src: "files/sso/sso.data.coop.pem"
|
||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
mode: "0644"
|
||||
|
||||
- name: setup hedgedoc
|
||||
|
@ -31,13 +31,13 @@
|
|||
networks:
|
||||
- "hedgedoc"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1
|
||||
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||
environment:
|
||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
||||
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_EMAIL: "False"
|
||||
|
@ -47,12 +47,12 @@
|
|||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
CMD_USECDN: "false"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
networks:
|
||||
- "keycloak"
|
||||
volumes:
|
||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
- "{{ services.keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "keycloak"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
POSTGRES_DB: "keycloak"
|
||||
|
||||
app:
|
||||
image: "quay.io/keycloak/keycloak:20.0"
|
||||
image: "quay.io/keycloak/keycloak:{{ services.keycloak.version }}"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
|
@ -36,9 +36,9 @@
|
|||
- "--https-port=8080"
|
||||
- "--http-relative-path=/auth"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
- name: create mailu volume folders
|
||||
file:
|
||||
name: "{{ mailu.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- redis
|
||||
|
@ -20,20 +20,20 @@
|
|||
- name: upload mailu.env file
|
||||
template:
|
||||
src: mailu.env.j2
|
||||
dest: "{{ mailu.volume_folder}}/mailu.env"
|
||||
dest: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
|
||||
- name: hard link to Let's Encrypt TLS certificate
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
when: letsencrypt_enabled
|
||||
|
||||
- name: hard link to Let's Encrypt TLS key
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/key.pem"
|
||||
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
when: letsencrypt_enabled
|
||||
|
@ -49,30 +49,30 @@
|
|||
image: redis:alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/redis:/data"
|
||||
- "{{ services.mailu.volume_folder }}/redis:/data"
|
||||
|
||||
database:
|
||||
image: mailu/postgresql:{{ mailu.version }}
|
||||
image: mailu/postgresql:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data/psql_db:/data"
|
||||
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
|
||||
- "{{ services.mailu.volume_folder }}/data/psql_db:/data"
|
||||
- "{{ services.mailu.volume_folder }}/data/psql_backup:/backup"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
front:
|
||||
image: mailu/nginx:{{ mailu.version }}
|
||||
image: mailu/nginx:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ mailu.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/certs:/certs"
|
||||
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/certs:/certs"
|
||||
- "{{ services.mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||
expose:
|
||||
- "80"
|
||||
ports:
|
||||
|
@ -85,70 +85,70 @@
|
|||
- external_services
|
||||
|
||||
resolver:
|
||||
image: mailu/unbound:{{ mailu.version }}
|
||||
image: mailu/unbound:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: "{{ mailu.dns }}"
|
||||
ipv4_address: "{{ services.mailu.dns }}"
|
||||
|
||||
admin:
|
||||
image: mailu/admin:{{ mailu.version }}
|
||||
image: mailu/admin:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data:/data"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ services.mailu.volume_folder }}/data:/data"
|
||||
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||
depends_on:
|
||||
- redis
|
||||
|
||||
imap:
|
||||
image: mailu/dovecot:{{ mailu.version }}
|
||||
image: mailu/dovecot:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/mail:/mail"
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/mail:/mail"
|
||||
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
|
||||
smtp:
|
||||
image: mailu/postfix:{{ mailu.version }}
|
||||
image: mailu/postfix:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
- "{{ services.mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
antispam:
|
||||
image: mailu/rspamd:{{ mailu.version }}
|
||||
image: mailu/rspamd:{{ services.mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||
- "{{ services.mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||
- "{{ services.mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ services.mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
webmail:
|
||||
image: mailu/rainloop:1.6
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
env_file: "{{ services.mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/webmail:/data"
|
||||
- "{{ services.mailu.volume_folder }}/webmail:/data"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
- "{{ services.mailu.dns }}"
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -156,7 +156,7 @@
|
|||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "{{ mailu.subnet }}"
|
||||
- subnet: "{{ services.mailu.subnet }}"
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- name: create mastodon volume folders
|
||||
file:
|
||||
name: "{{ mastodon.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.mastodon.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
|
@ -14,12 +14,12 @@
|
|||
- name: Copy mastodon environment file
|
||||
template:
|
||||
src: files/configs/mastodon/env_file.j2
|
||||
dest: "{{ mastodon.volume_folder }}/env_file"
|
||||
dest: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
template:
|
||||
src: files/configs/mastodon/vhost-mastodon
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ mastodon.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||
|
||||
- name: set up mastodon
|
||||
docker_compose:
|
||||
|
@ -37,7 +37,7 @@
|
|||
healthcheck:
|
||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||
- "{{ services.mastodon.volume_folder }}/postgres_data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
- 'POSTGRES_HOST_AUTH_METHOD=trust'
|
||||
|
||||
|
@ -49,12 +49,12 @@
|
|||
healthcheck:
|
||||
test: ['CMD', 'redis-cli', 'ping']
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/redis_data:/data"
|
||||
- "{{ services.mastodon.volume_folder }}/redis_data:/data"
|
||||
|
||||
web:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||
networks:
|
||||
- external_services
|
||||
|
@ -66,18 +66,18 @@
|
|||
- db
|
||||
- redis
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
VIRTUAL_PATH: "/"
|
||||
LETSENCRYPT_HOST: "{{ mastodon.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
streaming:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: node ./streaming
|
||||
networks:
|
||||
- external_services
|
||||
|
@ -91,14 +91,14 @@
|
|||
- db
|
||||
- redis
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mastodon.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||
VIRTUAL_PORT: "4000"
|
||||
VIRTUAL_PATH: "/api/v1/streaming"
|
||||
|
||||
sidekiq:
|
||||
image: "tootsuite/mastodon:{{ mastodon_version }}"
|
||||
image: "tootsuite/mastodon:{{ services.mastodon.version }}"
|
||||
restart: always
|
||||
env_file: "{{ mastodon.volume_folder }}/env_file"
|
||||
env_file: "{{ services.mastodon.volume_folder }}/env_file"
|
||||
command: bundle exec sidekiq -c 32
|
||||
environment:
|
||||
DB_POOL: 32
|
||||
|
@ -110,7 +110,7 @@
|
|||
- external_services
|
||||
- internal_network
|
||||
volumes:
|
||||
- "{{ mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
- "{{ services.mastodon.volume_folder }}/mastodon_data:/mastodon/public/system"
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||
|
||||
|
@ -121,5 +121,3 @@
|
|||
external: true
|
||||
internal_network:
|
||||
internal: true
|
||||
vars:
|
||||
mastodon_version: "v4.0.2"
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create matrix volume folders
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
|
@ -14,12 +14,12 @@
|
|||
|
||||
- name: create matrix DB folder
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/db"
|
||||
name: "{{ services.matrix.volume_folder }}/db"
|
||||
state: "directory"
|
||||
|
||||
- name: create riot volume folders
|
||||
file:
|
||||
name: "{{ riot.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.riot.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "data"
|
||||
|
@ -29,38 +29,38 @@
|
|||
- name: upload riot config.json
|
||||
template:
|
||||
src: files/configs/riot/config.json
|
||||
dest: "{{ riot.volume_folder }}/data/config.json"
|
||||
dest: "{{ services.riot.volume_folder }}/data/config.json"
|
||||
|
||||
- name: upload riot.im.conf
|
||||
template:
|
||||
src: files/configs/riot/riot.im.conf
|
||||
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
||||
dest: "{{ services.riot.volume_folder }}/data/riot.im.conf"
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-root
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ base_domain }}"
|
||||
|
||||
- name: upload vhost config for matrix domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-matrix
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||
|
||||
- name: upload vhost config for riot domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ item }}"
|
||||
loop: "{{ riot.domains }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}"
|
||||
loop: "{{ services.riot.domains }}"
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
template:
|
||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
||||
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||
|
||||
- name: upload matrix logging config
|
||||
template:
|
||||
src: "files/configs/matrix/matrix.data.coop.log.config"
|
||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
|
||||
- name: set up matrix and riot
|
||||
docker_compose:
|
||||
|
@ -76,32 +76,32 @@
|
|||
networks:
|
||||
- matrix
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
- "{{ services.matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "synapse"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||
|
||||
matrix_app:
|
||||
container_name: matrix
|
||||
image: matrixdotorg/synapse:v1.63.1
|
||||
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/data:/data"
|
||||
- "{{ services.matrix.volume_folder }}/data:/data"
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||
SYNAPSE_CACHE_FACTOR: "2"
|
||||
SYNAPSE_LOG_LEVEL: "INFO"
|
||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||
VIRTUAL_PORT: "8008"
|
||||
LETSENCRYPT_HOST: "{{ matrix.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
riot:
|
||||
container_name: riot_app
|
||||
image: avhost/docker-matrix-riot:v1.11.8
|
||||
image: avhost/docker-matrix-riot:{{ services.riot.version }}
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
|
@ -109,11 +109,11 @@
|
|||
expose:
|
||||
- 8080
|
||||
volumes:
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
- "{{ services.riot.volume_folder }}/data:/data"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
||||
VIRTUAL_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.riot.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -25,14 +25,14 @@
|
|||
POSTGRES_PORT: 5432
|
||||
EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
VIRTUAL_HOST: "{{ membersystem.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||
VIRTUAL_PORT: "8000"
|
||||
LETSENCRYPT_HOST: "{{ membersystem.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
ALLOWED_HOSTS: "{{ membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: "https://{{ membersystem.domain }}"
|
||||
DJANGO_ADMINS: "{{ membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ membersystem.domain }}"
|
||||
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
|
||||
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
|
||||
|
||||
postgres:
|
||||
image: postgres:13-alpine
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: setup netdata docker container for system monitoring
|
||||
docker_container:
|
||||
name: netdata
|
||||
image: netdata/netdata:v1
|
||||
image: netdata/netdata:{{ services.netdata.version }}
|
||||
restart_policy: unless-stopped
|
||||
hostname: "hevonen.servers.{{ base_domain }}"
|
||||
capabilities:
|
||||
|
@ -16,7 +16,7 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: upload vhost config for cloud.data.coop
|
||||
template:
|
||||
src: files/configs/nextcloud/vhost
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ nextcloud.domain }}"
|
||||
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||
notify: "restart nginx"
|
||||
|
||||
- name: setup nextcloud containers
|
||||
|
@ -17,7 +17,7 @@
|
|||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
- "{{ services.nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
@ -33,29 +33,29 @@
|
|||
- "nextcloud"
|
||||
|
||||
cron:
|
||||
image: "nextcloud:25-apache"
|
||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||
restart: "unless-stopped"
|
||||
entrypoint: "/cron.sh"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||
depends_on:
|
||||
- "postgres"
|
||||
- "redis"
|
||||
|
||||
app:
|
||||
image: "nextcloud:25-apache"
|
||||
image: "nextcloud:{{ services.nextcloud.version }}"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
- "{{ services.nextcloud.volume_folder }}/app:/var/www/html"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: "postgres"
|
||||
POSTGRES_DB: "nextcloud"
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ nginx.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:1.0-alpine
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:2.2
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
||||
|
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
48
roles/docker/tasks/services/nginx_proxy.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
when: letsencrypt_enabled
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: create ldap volume folders
|
||||
file:
|
||||
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "var/lib/ldap"
|
||||
|
@ -17,19 +17,19 @@
|
|||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:1.5.0
|
||||
image: osixia/openldap:{{ services.openldap.version }}
|
||||
tty: true
|
||||
interactive: true
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
published_ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ ldap.domain }}"
|
||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
||||
hostname: "{{ services.openldap.domain }}"
|
||||
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
|
@ -58,7 +58,7 @@
|
|||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:0.9.0
|
||||
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
|
@ -68,6 +68,6 @@
|
|||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
|
||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -13,13 +13,13 @@
|
|||
networks:
|
||||
- "passit"
|
||||
volumes:
|
||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
- "{{ services.passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "passit"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
|
||||
passit_app:
|
||||
image: "passit/passit:stable"
|
||||
image: "passit/passit:{{ services.passit.version }}"
|
||||
command: "bin/start.sh"
|
||||
restart: "always"
|
||||
networks:
|
||||
|
@ -31,11 +31,11 @@
|
|||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
FIDO_SERVER_ID: "{{ passit.domain }}"
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ services.passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ services.passit.domain }}"
|
||||
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -2,21 +2,21 @@
|
|||
|
||||
- name: create portainer volume folder
|
||||
file:
|
||||
name: "{{ portainer.volume_folder }}"
|
||||
name: "{{ services.portainer.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: run portainer
|
||||
docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer-ee:2.16.2
|
||||
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ portainer.volume_folder }}:/data"
|
||||
- "{{ services.portainer.volume_folder }}:/data"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -10,10 +10,11 @@
|
|||
- name: setup postfix docker container for outgoing mail
|
||||
docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix:v3.5.1-alpine
|
||||
image: boky/postfix:{{ services.postfix.version }}
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
||||
# Get all services which have allowed_sender_domain defined
|
||||
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'defined') | map(attribute='value.domain') | list | join(' ') }}"
|
||||
HOSTNAME: "smtp.data.coop" # the name the smtp server will identify itself as
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
- name: create privatebin volume folders
|
||||
file:
|
||||
name: "{{ privatebin.volume_folder }}/{{ volume }}"
|
||||
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- cfg
|
||||
|
@ -13,19 +13,19 @@
|
|||
- name: upload privatebin config
|
||||
template:
|
||||
src: files/configs/privatebin-conf.php
|
||||
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
|
||||
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
||||
|
||||
- name: privatebin app container
|
||||
docker_container:
|
||||
name: privatebin
|
||||
image: jgeusebroek/privatebin:latest
|
||||
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
|
||||
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
- name: Create rallly volume folders
|
||||
file:
|
||||
name: "{{ rallly.volume_folder }}/postgres"
|
||||
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||
state: directory
|
||||
|
||||
- name: Copy Rallly environment file
|
||||
template:
|
||||
src: files/configs/rallly/env_file
|
||||
dest: "{{ rallly.volume_folder }}/env_file"
|
||||
src: files/configs/rallly/env_file.j2
|
||||
dest: "{{ services.rallly.volume_folder }}/env_file"
|
||||
|
||||
- name: Set up Rallly
|
||||
docker_compose:
|
||||
|
@ -22,7 +22,7 @@
|
|||
networks:
|
||||
rallly_internal:
|
||||
volumes:
|
||||
- "{{ rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
- "{{ services.rallly.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||
POSTGRES_DB: "rallly_db"
|
||||
|
@ -33,7 +33,7 @@
|
|||
retries: 5
|
||||
|
||||
rallly:
|
||||
image: "lukevella/rallly:a21f92bf74308d66cfcd545d49b81eba0211a222"
|
||||
image: "lukevella/rallly:{{ services.rallly.version }}"
|
||||
restart: "always"
|
||||
networks:
|
||||
rallly_internal:
|
||||
|
@ -43,11 +43,11 @@
|
|||
rallly_db:
|
||||
condition: "service_healthy"
|
||||
env_file:
|
||||
- "{{ rallly.volume_folder }}/env_file"
|
||||
- "{{ services.rallly.volume_folder }}/env_file"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ rallly.domain }}"
|
||||
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ rallly.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
- name: Setup restic backup
|
||||
when: not vagrant
|
||||
docker_compose:
|
||||
project_name: restic_backup
|
||||
pull: true
|
||||
|
@ -8,12 +7,12 @@
|
|||
version: '3.6'
|
||||
services:
|
||||
restic-backup:
|
||||
image: mazzolino/restic:1.6.0
|
||||
image: mazzolino/restic:{{ services.restic.version }}
|
||||
restart: always
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
BACKUP_CRON: "0 30 3 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
|
@ -30,10 +29,10 @@
|
|||
- /docker-volumes:/mnt/volumes:ro
|
||||
|
||||
restic-prune:
|
||||
image: "mazzolino/restic:1.6.0"
|
||||
image: "mazzolino/restic:{{ services.restic.version }}"
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
PRUNE_CRON: "0 0 4 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ restic.user }}:{{ restic_secrets.user_password }}@{{ restic.domain }}/{{ restic.repository }}"
|
||||
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||
TZ: Europe/copenhagen
|
|
@ -4,6 +4,8 @@
|
|||
name: watchtower
|
||||
image: containrrr/watchtower:amd64-1.5.1
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
WATCHTOWER_POLL_INTERVAL: 60
|
||||
volumes:
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: setup 2022.slides.data.coop website using unipi
|
||||
docker_container:
|
||||
name: 2022.slides.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "2022.slides.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# Temporarily hosting on github
|
||||
command: "--remote=https://github.com/sorbusursina/datacoop-slides.git#slides2022"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
13
roles/docker/tasks/services/websites/cryptohagen.dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
18
roles/docker/tasks/services/websites/new-new.data.coop.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
- name: setup new-new data.coop website using unipi
|
||||
docker_container:
|
||||
name: new-new.data.coop_website
|
||||
image: docker.data.coop/unipi:latest
|
||||
restart_policy: unless-stopped
|
||||
purge_networks: yes
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new-new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
# The ssh-key is for read-only only
|
||||
command: "--remote=git@git.data.coop:halfd/new-website.git#main --ssh-key ed25519:Ag9RekCyC2eow4P/e5crVvSTQ7dTK46WkG0wqEPVJbU= --ssh-authenticator SHA256:l9kdLkb0kJm46pOJ4tCHCtFUaqV1ImbZWMA5oje10fI"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
13
roles/docker/tasks/services/websites/new.data.coop.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ services.data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -6,6 +6,6 @@
|
|||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
@ -26,7 +26,7 @@ SECRET_KEY={{ mailu_secret_key }}
|
|||
# PUBLIC_IPV6= ::1 (default: ::1)
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
SUBNET={{ mailu.subnet }}
|
||||
SUBNET={{ services.mailu.subnet }}
|
||||
|
||||
# Main mail domain
|
||||
DOMAIN=data.coop
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
loop: "{{ users | default([]) }}"
|
||||
|
||||
- name: "Add ssh authorized_keys"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
loop: "{{ users | default([]) }}"
|
||||
|
||||
- name: "Add ssh authorized_keys to root user"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "root"
|
||||
key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
|
||||
exclusive: true
|
||||
|
|
1
vagrant_host
Normal file
1
vagrant_host
Normal file
|
@ -0,0 +1 @@
|
|||
localhost ansible_port=19022
|
Loading…
Reference in a new issue