diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index aabe07a..edee2d2 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -44,6 +44,7 @@ services: domain: sso.{{ base_domain }} volume_folder: "{{ volume_root_folder }}/keycloak" version: "20.0" + postgres_version: "10" allowed_sender_domain: true restic: @@ -69,13 +70,15 @@ services: domain: "cloud.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/nextcloud" version: 25-apache + postgres_version: "10" + redis_version: 7-alpine allowed_sender_domain: true gitea: file: gitea.yml domain: "git.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/gitea" - version: 1.18.0 + version: 1.18 allowed_sender_domain: true passit: @@ -83,6 +86,7 @@ services: domain: "passit.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/passit" version: stable + postgres_version: 15-alpine allowed_sender_domain: true matrix: @@ -90,6 +94,7 @@ services: domain: "matrix.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/matrix" version: v1.63.1 + postgres_version: "10" allowed_sender_domain: true riot: @@ -114,13 +119,14 @@ services: file: hedgedoc.yml domain: "pad.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/hedgedoc" - version: 1.9.6 + version: 1.9.6-alpine + postgres_version: 10-alpine data_coop_website: file: websites/data.coop.yml domains: - - "{{ base_domain }}" - - "www.{{ base_domain }}" + - "{{ base_domain }}" + - "www.{{ base_domain }}" new_data_coop_website: file: websites/new.data.coop.yml @@ -135,21 +141,21 @@ services: cryptohagen_website: file: websites/cryptohagen.dk.yml domains: - - "cryptohagen.dk" - - "www.cryptohagen.dk" + - "cryptohagen.dk" + - "www.cryptohagen.dk" ulovliglogning_website: file: websites/ulovliglogning.dk.yml domains: - - "ulovliglogning.dk" - - "www.ulovliglogning.dk" - - "ulovlig-logning.dk" + - "ulovliglogning.dk" + - "www.ulovliglogning.dk" + - "ulovlig-logning.dk" cryptoaarhus_website: file: websites/cryptoaarhus.dk.yml domains: - - "cryptoaarhus.dk" - - "www.cryptoaarhus.dk" + - "cryptoaarhus.dk" + - "www.cryptoaarhus.dk" drone: file: drone.yml @@ -170,6 +176,8 @@ services: domain: "social.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/mastodon" version: v4.0.2 + postgres_version: 14-alpine + redis_version: 6-alpine allowed_sender_domain: true rallly: @@ -177,12 +185,15 @@ services: domain: "when.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/rallly" version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114 + postgres_version: 14-alpine allowed_sender_domain: true membersystem: file: membersystem.yml domain: "member.{{ base_domain }}" django_admins: "Vidir:valberg@orn.li" + version: latest + postgres_version: 13-alpine allowed_sender_domain: true watchtower: diff --git a/roles/docker/tasks/services/drone.yml b/roles/docker/tasks/services/drone.yml index 157b2a0..f89d389 100644 --- a/roles/docker/tasks/services/drone.yml +++ b/roles/docker/tasks/services/drone.yml @@ -9,7 +9,7 @@ services: drone: container_name: "drone" - image: drone/drone:1 + image: "drone/drone:{{ services.drone.version }}" restart: unless-stopped networks: - external_services @@ -49,4 +49,4 @@ drone: external_services: external: - name: external_services \ No newline at end of file + name: external_services diff --git a/roles/docker/tasks/services/hedgedoc.yml b/roles/docker/tasks/services/hedgedoc.yml index 7e0826c..9450d6e 100644 --- a/roles/docker/tasks/services/hedgedoc.yml +++ b/roles/docker/tasks/services/hedgedoc.yml @@ -23,7 +23,7 @@ definition: services: database: - image: "postgres:10-alpine" + image: "postgres:{{ services.hedgedoc.postgres_version }}" environment: POSTGRES_USER: "codimd" POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}" @@ -35,7 +35,7 @@ - "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data" app: - image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }} + image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}" environment: CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd" CMD_DOMAIN: "{{ services.hedgedoc.domain }}" diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 2cb4784..7c23cfd 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -7,9 +7,8 @@ definition: version: "3.6" services: - postgres: - image: "postgres:10" + image: "postgres:{{ services.keycloak.postgres_version }}" restart: "unless-stopped" networks: - "keycloak" @@ -27,7 +26,16 @@ - "keycloak" - "postfix" - "external_services" - command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ services.keycloak.domain }} --proxy=edge --https-port=8080 --http-relative-path=/auth" + command: + - "start" + - "--db=postgres" + - "--db-url=jdbc:postgresql://postgres:5432/keycloak" + - "--db-username=keycloak" + - "--db-password={{ postgres_passwords.keycloak }}" + - "--hostname={{ services.keycloak.domain }}" + - "--proxy=edge" + - "--https-port=8080" + - "--http-relative-path=/auth" environment: VIRTUAL_HOST: "{{ services.keycloak.domain }}" VIRTUAL_PORT: "8080" diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 18d8133..654a32b 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -57,7 +57,7 @@ services: db: restart: always - image: postgres:14-alpine + image: "postgres:{{ services.mastodon.postgres_version }}" shm_size: 256mb networks: - internal_network @@ -72,7 +72,7 @@ redis: restart: always - image: redis:6-alpine + image: "redis:{{ services.mastodon.redis_version }}" networks: - internal_network healthcheck: diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 7571adc..600d81c 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -67,7 +67,7 @@ services: matrix_db: container_name: matrix_db - image: postgres:10 + image: "postgres:{{ services.matrix.postgres_version }}" restart: unless-stopped networks: - matrix @@ -79,7 +79,7 @@ matrix_app: container_name: matrix - image: matrixdotorg/synapse:{{ services.matrix.version }} + image: "matrixdotorg/synapse:{{ services.matrix.version }}" restart: unless-stopped networks: - matrix @@ -97,7 +97,7 @@ riot: container_name: riot_app - image: avhost/docker-matrix-riot:{{ services.riot.version }} + image: "avhost/docker-matrix-riot:{{ services.riot.version }}" restart: unless-stopped networks: - matrix diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index bf084fe..d310554 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -8,7 +8,7 @@ version: "3" services: backend: - image: docker.data.coop/membersystem:latest + image: "docker.data.coop/membersystem:{{ services.membersystem.version }}" restart: always user: $UID:$GID tty: true @@ -33,11 +33,9 @@ CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}" DJANGO_ADMINS: "{{ services.membersystem.django_admins }}" DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}" - labels: - com.centurylinklabs.watchtower.enable: "true" postgres: - image: postgres:13-alpine + image: "postgres:{{ services.membersystem.postgres_version }}" restart: always volumes: - "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data" diff --git a/roles/docker/tasks/services/netdata.yml b/roles/docker/tasks/services/netdata.yml index 3b45b65..7cf01e6 100644 --- a/roles/docker/tasks/services/netdata.yml +++ b/roles/docker/tasks/services/netdata.yml @@ -21,7 +21,3 @@ LETSENCRYPT_HOST: "{{ services.netdata.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" PGID: "999" - labels: - com.centurylinklabs.watchtower.enable: "true" - - diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 1e06a26..819b22d 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -13,7 +13,7 @@ definition: services: postgres: - image: "postgres:10" + image: "postgres:{{ services.nextcloud.postgres_version }}" restart: "unless-stopped" networks: - "nextcloud" @@ -25,7 +25,7 @@ POSTGRES_USER: "nextcloud" redis: - image: "redis:7-alpine" + image: "redis:{{ services.nextcloud.redis_version }}" restart: "unless-stopped" command: "redis-server --requirepass {{ nextcloud_secrets.redis_password }}" tmpfs: diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml index c04f266..375808f 100644 --- a/roles/docker/tasks/services/passit.yml +++ b/roles/docker/tasks/services/passit.yml @@ -1,5 +1,12 @@ # vim: ft=yaml.ansible --- +- name: Create directory for Passit data + file: + name: "{{ services.passit.volume_folder }}/data" + owner: '70' + group: root + state: directory + - name: setup passit containers docker_compose: project_name: "passit" @@ -8,7 +15,7 @@ version: "3.6" services: passit_db: - image: "postgres:10" + image: "postgres:{{ services.passit.postgres_version }}" restart: "always" networks: - "passit" @@ -19,7 +26,7 @@ POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}" passit_app: - image: "passit/passit:{{ services.passit.version }}" + image: "passit/passit@sha256:c4b96bc67222936f58f344d5dd1020227ad8e11ad5f82ed3cbf0bcfa8fe9b2e7" #:{{ services.passit.version }}" command: "bin/start.sh" restart: "always" networks: diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index 13ce7b9..1d092c5 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -18,7 +18,7 @@ version: "3.8" services: rallly_db: - image: "postgres:14-alpine" + image: "postgres:{{ services.rallly.postgres_version }}" restart: "always" shm_size: "256mb" networks: @@ -33,8 +33,6 @@ interval: 5s timeout: 5s retries: 5 - labels: - com.centurylinklabs.watchtower.enable: "true" rallly: image: "lukevella/rallly:{{ services.rallly.version }}" @@ -53,8 +51,6 @@ VIRTUAL_PORT: "3000" LETSENCRYPT_HOST: "{{ services.rallly.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" networks: rallly_internal: diff --git a/roles/docker/tasks/services/restic_backup.yml b/roles/docker/tasks/services/restic_backup.yml index 655ddb6..20ed075 100644 --- a/roles/docker/tasks/services/restic_backup.yml +++ b/roles/docker/tasks/services/restic_backup.yml @@ -11,7 +11,7 @@ image: mazzolino/restic:{{ services.restic.version }} restart: always environment: - RUN_ON_STARTUP: "true" + RUN_ON_STARTUP: "false" BACKUP_CRON: "0 30 3 * * *" RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}" RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" @@ -32,7 +32,7 @@ restic-prune: image: "mazzolino/restic:{{ services.restic.version }}" environment: - RUN_ON_STARTUP: "true" + RUN_ON_STARTUP: "false" PRUNE_CRON: "0 0 4 * * *" RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}" RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}" diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml index 1a65656..c64c7f2 100644 --- a/roles/docker/tasks/services/watchtower.yml +++ b/roles/docker/tasks/services/watchtower.yml @@ -7,9 +7,8 @@ restart_policy: unless-stopped networks: - name: external_services - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - "{{ services.docker_registry.volume_folder }}/auth/config.json:/config.json" env: - WATCHTOWER_LABEL_ENABLE: "true" WATCHTOWER_POLL_INTERVAL: "60" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "/root/.docker/config.json:/config.json:ro" diff --git a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml index 09e0690..352b14a 100644 --- a/roles/docker/tasks/services/websites/2022.slides.data.coop.yml +++ b/roles/docker/tasks/services/websites/2022.slides.data.coop.yml @@ -17,6 +17,3 @@ - NET_ADMIN devices: - "/dev/net/tun" - labels: - com.centurylinklabs.watchtower.enable: "true" - diff --git a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml index d059c3c..648e882 100644 --- a/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml +++ b/roles/docker/tasks/services/websites/cryptoaarhus.dk.yml @@ -11,5 +11,3 @@ VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/cryptohagen.dk.yml b/roles/docker/tasks/services/websites/cryptohagen.dk.yml index b65794f..655a06e 100644 --- a/roles/docker/tasks/services/websites/cryptohagen.dk.yml +++ b/roles/docker/tasks/services/websites/cryptohagen.dk.yml @@ -11,5 +11,3 @@ VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/data.coop.yml b/roles/docker/tasks/services/websites/data.coop.yml index 475240f..25028e1 100644 --- a/roles/docker/tasks/services/websites/data.coop.yml +++ b/roles/docker/tasks/services/websites/data.coop.yml @@ -21,5 +21,3 @@ VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/new.data.coop.yml b/roles/docker/tasks/services/websites/new.data.coop.yml index aa89969..30836e1 100644 --- a/roles/docker/tasks/services/websites/new.data.coop.yml +++ b/roles/docker/tasks/services/websites/new.data.coop.yml @@ -11,5 +11,3 @@ VIRTUAL_HOST : "{{ services.new_data_coop_website.domain }}" LETSENCRYPT_HOST: "{{ services.new_data_coop_website.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true" diff --git a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml index 4f4c8ca..cc41789 100644 --- a/roles/docker/tasks/services/websites/ulovliglogning.dk.yml +++ b/roles/docker/tasks/services/websites/ulovliglogning.dk.yml @@ -11,5 +11,3 @@ VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}" LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - labels: - com.centurylinklabs.watchtower.enable: "true"