diff --git a/deploy.sh b/deploy.sh index d66caa2..5777829 100755 --- a/deploy.sh +++ b/deploy.sh @@ -37,6 +37,9 @@ else "base") $BASE_CMD --tags base_only ;; + "users") + $BASE_CMD --tags setup-users + ;; *) usage exit 1 diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index b665dc0..b811cfb 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- users: - name: graffen @@ -13,6 +14,7 @@ users: - sudo ssh_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0= - name: reynir comment: Reynir Björnsson @@ -29,4 +31,4 @@ users: groups: - sudo ssh_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf samsapti + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf diff --git a/playbook.yml b/playbook.yml index f2c5a1d..d2ce5af 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - hosts: all gather_facts: true diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index cc8dd42..a6adfea 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- volume_root_folder: "/docker-volumes" @@ -7,6 +8,7 @@ services: postfix: file: postfix.yml domain: "smtp.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/postfix" version: "v3.5.1-alpine" nginx_proxy: @@ -67,12 +69,13 @@ services: domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" version: 25-apache + allowed_sender_domain: true gitea: file: gitea.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/gitea" - version: 1.17 + version: 1.18 allowed_sender_domain: true passit: @@ -87,11 +90,12 @@ services: domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" version: v1.63.1 + allowed_sender_domain: true riot: domains: - - "riot.{{ base_domain }}" - - "element.{{ base_domain }}" + - "riot.{{ base_domain }}" + - "element.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/riot" version: v1.11.8 @@ -172,7 +176,7 @@ services: file: rallly.yml domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" - version: ac55701890cd866ee946deb25e2b2839fb14900e + version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114 allowed_sender_domain: true pinafore: diff --git a/roles/docker/files/configs/matrix/homeserver.yaml.j2 b/roles/docker/files/configs/matrix/homeserver.yaml.j2 index 4b8c3aa..73ba3f3 100644 --- a/roles/docker/files/configs/matrix/homeserver.yaml.j2 +++ b/roles/docker/files/configs/matrix/homeserver.yaml.j2 @@ -416,7 +416,7 @@ uploads_path: "/data/uploads" # The largest allowed upload size in bytes # -max_upload_size: "50M" +max_upload_size: "512M" # Maximum number of pixels that will be thumbnailed # diff --git a/roles/docker/files/configs/matrix/vhost-matrix b/roles/docker/files/configs/matrix/vhost-matrix index a597770..b65c59c 100644 --- a/roles/docker/files/configs/matrix/vhost-matrix +++ b/roles/docker/files/configs/matrix/vhost-matrix @@ -1,2 +1,2 @@ listen 8008; -client_max_body_size 50M; # default is 1M +client_max_body_size 1G; # default is 1M diff --git a/roles/docker/files/configs/matrix/vhost-riot b/roles/docker/files/configs/matrix/vhost-riot index 66b77ed..dec55e8 100644 --- a/roles/docker/files/configs/matrix/vhost-riot +++ b/roles/docker/files/configs/matrix/vhost-riot @@ -1 +1 @@ -client_max_body_size 50M; # default is 1M +client_max_body_size 1G; # default is 1M diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 8958588..e37a19f 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,7 +1,8 @@ +# vim: ft=yaml.ansible --- - name: "restart nginx" community.docker.docker_container: name: "nginx-proxy" restart: "yes" state: "started" - \ No newline at end of file + diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 148ff67..6b1b29b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: add docker gpg key apt_key: diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index c41f5e4..c05c6b6 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup external services network docker_network: diff --git a/roles/docker/tasks/services/codimd.yml b/roles/docker/tasks/services/codimd.yml index 6e13c21..55fb18a 100644 --- a/roles/docker/tasks/services/codimd.yml +++ b/roles/docker/tasks/services/codimd.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: codimd network docker_network: diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index 660e684..79c03b7 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: copy docker registry nginx configuration copy: diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml index 874ce03..157b2a0 100644 --- a/roles/docker/tasks/services/drone.yml +++ b/roles/docker/tasks/services/drone.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: set up drone with docker runner docker_compose: diff --git a/roles/docker/tasks/services/gitea.yml b/roles/docker/tasks/services/gitea.yml index 514cc9e..e0234b8 100644 --- a/roles/docker/tasks/services/gitea.yml +++ b/roles/docker/tasks/services/gitea.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: gitea network docker_network: diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml index 7508535..7e0826c 100644 --- a/roles/docker/tasks/services/hedgedoc.yml +++ b/roles/docker/tasks/services/hedgedoc.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create hedgedoc volume folders file: diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index ea4520e..685c8c0 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: setup keycloak containers for sso.data.coop docker_compose: project_name: "keycloak" diff --git a/roles/docker/tasks/services/mailu.yml b/roles/docker/tasks/services/mailu.yml index 745f040..9cc449a 100644 --- a/roles/docker/tasks/services/mailu.yml +++ b/roles/docker/tasks/services/mailu.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create mailu volume folders file: diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index eae1546..18d8133 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: create mastodon volume folders file: name: "{{ services.mastodon.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 34f302d..7571adc 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create matrix volume folders file: diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index b9c892e..7a05d30 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: run membersystem containers docker_compose: project_name: "member.data.coop" diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index a3a1d9b..7cf01e6 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup netdata docker container for system monitoring docker_container: diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index d36f8de..1e06a26 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: upload vhost config for cloud.data.coop template: diff --git a/roles/docker/tasks/services/nginx_proxy.yml b/roles/docker/tasks/services/nginx_proxy.yml index 8081ab6..2f92611 100644 --- a/roles/docker/tasks/services/nginx_proxy.yml +++ b/roles/docker/tasks/services/nginx_proxy.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create nginx-proxy volume folders file: name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/openldap.yml b/roles/docker/tasks/services/openldap.yml index a768235..4aace81 100644 --- a/roles/docker/tasks/services/openldap.yml +++ b/roles/docker/tasks/services/openldap.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: create ldap volume folders file: diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml index 300c099..c04f266 100644 --- a/roles/docker/tasks/services/passit.yml +++ b/roles/docker/tasks/services/passit.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup passit containers docker_compose: project_name: "passit" diff --git a/roles/docker/tasks/services/pinafore.yml b/roles/docker/tasks/services/pinafore.yml index eadb99b..ff57e7d 100644 --- a/roles/docker/tasks/services/pinafore.yml +++ b/roles/docker/tasks/services/pinafore.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: Set up Pinafore docker_container: name: pinafore diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml index 005da7f..dae0e87 100644 --- a/roles/docker/tasks/services/portainer.yml +++ b/roles/docker/tasks/services/portainer.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create portainer volume folder file: name: "{{ services.portainer.volume_folder }}" diff --git a/roles/docker/tasks/services/postfix.yml b/roles/docker/tasks/services/postfix.yml index 1fb67df..ece525e 100644 --- a/roles/docker/tasks/services/postfix.yml +++ b/roles/docker/tasks/services/postfix.yml @@ -1,20 +1,28 @@ +# vim: ft=yaml.ansible --- - -- name: setup network for postfix +- name: Set up network for postfix docker_network: name: postfix ipam_config: - subnet: '172.16.0.0/16' gateway: 172.16.0.1 -- name: setup postfix docker container for outgoing mail +- name: Create volume folders for Postfix + file: + name: "{{ services.postfix.volume_folder }}/dkim" + state: directory + +- name: Set up Postfix Docker container for outgoing mail from services docker_container: name: postfix image: boky/postfix:{{ services.postfix.version }} restart_policy: always networks: - name: postfix + volumes: + - "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys" env: # Get all services which have allowed_sender_domain defined ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}" HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as + DKIM_AUTOGENERATE: "true" diff --git a/roles/docker/tasks/services/privatebin.yml b/roles/docker/tasks/services/privatebin.yml index bede175..fbbad29 100644 --- a/roles/docker/tasks/services/privatebin.yml +++ b/roles/docker/tasks/services/privatebin.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: create privatebin volume folders file: name: "{{ services.privatebin.volume_folder }}/{{ volume }}" diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index b85207d..833e748 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: Create rallly volume folders file: name: "{{ services.rallly.volume_folder }}/postgres" diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml index 9dddb49..655ddb6 100644 --- a/roles/docker/tasks/services/restic_backup.yml +++ b/roles/docker/tasks/services/restic_backup.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Setup restic backup docker_compose: diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml index 0fe285d..c64c7f2 100644 --- a/roles/docker/tasks/services/watchtower.yml +++ b/roles/docker/tasks/services/watchtower.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: watchtower container docker_container: diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml index b4a51e1..352b14a 100644 --- a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml +++ b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup 2022.slides.data.coop website using unipi docker_container: diff --git a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml index 41d3510..648e882 100644 --- a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml +++ b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup cryptoaarhus.dk website docker container docker_container: name: cryptoaarhus_website diff --git a/roles/docker/tasks/services/websites/cryptohagen.dk.yml b/roles/docker/tasks/services/websites/cryptohagen.dk.yml index aed5e0c..655a06e 100644 --- a/roles/docker/tasks/services/websites/cryptohagen.dk.yml +++ b/roles/docker/tasks/services/websites/cryptohagen.dk.yml @@ -1,5 +1,5 @@ +# vim: ft=yaml.ansible --- - - name: setup cryptohagen.dk website docker container docker_container: name: cryptohagen_website diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index ba1c091..25028e1 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Upload vhost config for root domain copy: diff --git a/roles/docker/tasks/services/websites/new.data.coop.yml b/roles/docker/tasks/services/websites/new.data.coop.yml index 153f465..30836e1 100644 --- a/roles/docker/tasks/services/websites/new.data.coop.yml +++ b/roles/docker/tasks/services/websites/new.data.coop.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: setup new data.coop website using hugo docker_container: diff --git a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml index ac8b56b..cc41789 100644 --- a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml +++ b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml @@ -1,3 +1,5 @@ +# vim: ft=yaml.ansible +--- - name: setup ulovliglogning.dk website docker container docker_container: name: ulovliglogning_website diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 3289b2c..f53f924 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Install necessary packages via apt apt: diff --git a/roles/ubuntu_base/tasks/dell-apt-repo.yml b/roles/ubuntu_base/tasks/dell-apt-repo.yml index b7d9d48..2472e91 100644 --- a/roles/ubuntu_base/tasks/dell-apt-repo.yml +++ b/roles/ubuntu_base/tasks/dell-apt-repo.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Import dell apt signing key apt_key: diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index 17860a8..85c359a 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Setup firewall with UFW community.general.ufw: diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index a34d5b0..e6a1f15 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - import_tasks: ssh-port.yml tags: [change-ssh-port] diff --git a/roles/ubuntu_base/tasks/ssh-port.yml b/roles/ubuntu_base/tasks/ssh-port.yml index 1935168..e02302b 100644 --- a/roles/ubuntu_base/tasks/ssh-port.yml +++ b/roles/ubuntu_base/tasks/ssh-port.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: Change SSH port on host lineinfile: diff --git a/roles/ubuntu_base/tasks/upgrade.yml b/roles/ubuntu_base/tasks/upgrade.yml index c4cd33b..0ccc7d6 100644 --- a/roles/ubuntu_base/tasks/upgrade.yml +++ b/roles/ubuntu_base/tasks/upgrade.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: update and upgrade system via apt apt: diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml index deea339..8ef07b6 100644 --- a/roles/ubuntu_base/tasks/users.yml +++ b/roles/ubuntu_base/tasks/users.yml @@ -1,3 +1,4 @@ +# vim: ft=yaml.ansible --- - name: "Add users" user: