forked from data.coop/ansible
Compare commits
168 commits
master
...
6e57f1d0c2
Author | SHA1 | Date | |
---|---|---|---|
Reynir Björnsson | 6e57f1d0c2 | ||
Reynir Björnsson | 68c82a785b | ||
Jesper Hess | 682e205c0b | ||
Jesper Hess | e64c858df8 | ||
Jesper Hess | c0bd431d3c | ||
Jesper Hess | a5a2d38b0c | ||
Jesper Hess | c34d9fcb90 | ||
Jesper Hess | 5294b5f230 | ||
Jesper Hess | 270b7aa0e1 | ||
Jesper Hess | b6c2db6434 | ||
Jesper Hess | 2af5165349 | ||
Jesper Hess | ca6c3a96a1 | ||
Jesper Hess | e6ee76ddde | ||
Jesper Hess | 19e7a397e3 | ||
Jesper Hess | 2c8482a5ab | ||
Jesper Hess | 3999db2eff | ||
Reynir Björnsson | 43f39c981d | ||
Jesper Hess | b39df6003b | ||
Jesper Hess | 0ef4f972ed | ||
Jesper Hess | 9b1dc31163 | ||
Reynir Björnsson | 62cc00bea7 | ||
Víðir Valberg Guðmundsson | 30b9580d3c | ||
Víðir Valberg Guðmundsson | 9e5c18f839 | ||
Víðir Valberg Guðmundsson | 068502773e | ||
valberg | fbebeef57b | ||
Jesper Hess | a692e7d2cb | ||
Jesper Hess | 406e19a95c | ||
Víðir Valberg Guðmundsson | cec959a47e | ||
valberg | c8cc5b7534 | ||
Jesper Hess | 9ae295896f | ||
Jesper Hess | 6d2fbdbbb6 | ||
Jesper Hess | 3fe7d162aa | ||
Jesper Hess | 86de1fd24e | ||
Víðir Valberg Guðmundsson | a4966e74fe | ||
valberg | cf6fe970eb | ||
Jesper Hess | f5293c016d | ||
reynir | e9f1d800a1 | ||
Reynir Björnsson | fe5fa81f44 | ||
Jesper Hess | bb5c77e602 | ||
Jesper Hess | 21e2b743ef | ||
Reynir Björnsson | 8d88016efd | ||
Jesper Hess | 2ac2d8b8da | ||
Reynir Björnsson | a78641674d | ||
Reynir Björnsson | 03cde007bc | ||
reynir | d40b3ad9ab | ||
reynir | 5738a8c40f | ||
Jesper Hess | 5559a2c776 | ||
Carl Bordum Hansen | 653a0603d5 | ||
Reynir Björnsson | 9a0fe69789 | ||
Jesper Hess | 8bec174a46 | ||
Jesper Hess | 3e098546ef | ||
Jesper Hess | e7d69cd6df | ||
Jesper Hess | 7926c861b2 | ||
Reynir Björnsson | d49a57792f | ||
Jesper Hess | 99cb94c94a | ||
Jesper Hess | ad243a5777 | ||
Vidir Valberg Gudmundsson | 4cf48f13c0 | ||
Jesper Hess | 5a5bb50e09 | ||
Rasmus Lundsgaard Christiansen | d49b943fd2 | ||
Jesper Hess | 4f07b8edb2 | ||
Jesper Hess | 09617dd35a | ||
Jesper Hess | 98d4ab69cc | ||
Jesper Hess | b454583e2c | ||
Jesper Hess | f2a6aab2fe | ||
Jesper Hess | e0f01bb78e | ||
Vidir Valberg Gudmundsson | d51edc2922 | ||
Vidir Valberg Gudmundsson | 47d7abe631 | ||
Vidir Valberg Gudmundsson | 6e94ac766b | ||
Jesper Hess | 5f1bbae3de | ||
Jesper Hess | cd2424999f | ||
Jesper Hess | 4e0332cc79 | ||
Jesper Hess | ef3e0993da | ||
valberg | 625e83e0d3 | ||
Jesper Hess | 1adc11e9c4 | ||
Jesper Hess | 447b82326c | ||
Jesper Hess | edfd530afe | ||
Jesper Hess | 67443d23d4 | ||
Denis Smajlović | 9195016a40 | ||
valberg | 2e5dc7158d | ||
Reynir Björnsson | 6331805793 | ||
Jesper Hess | 97fe0e16ef | ||
Jesper Hess | 3f2c7b1547 | ||
Jesper Hess | 71664653b0 | ||
Jesper Hess | 57cf5103c5 | ||
Jesper Hess | 5566be7da9 | ||
Jesper Hess | 70632c26c2 | ||
Jesper Hess | fb67e038a8 | ||
Jesper Hess | 999f266af5 | ||
Jesper Hess | e42937736e | ||
Jesper Hess | ba28b1eb0c | ||
Jesper Hess | 1f69fdc3b4 | ||
Víðir Valberg Guðmundsson | ada37f206a | ||
Víðir Valberg Guðmundsson | 8b10f40edd | ||
Jesper Hess | 59319938b8 | ||
Jesper Hess | be65327ea9 | ||
Jesper Hess | 0775a77979 | ||
Jesper Hess | fff9f1e9da | ||
Jesper Hess | fb0efacf40 | ||
Jesper Hess | 8b5e8a276b | ||
Jesper Hess | 05eb677c3f | ||
Víðir Valberg Guðmundsson | a43c52e71e | ||
Jesper Hess | 02aa4e185f | ||
Reynir Björnsson | 1ad44e19d3 | ||
Víðir Valberg Guðmundsson | 6ffdac0c25 | ||
Víðir Valberg Guðmundsson | d0dd46e4f2 | ||
valberg | 85f60399d9 | ||
Víðir Valberg Guðmundsson | 6488abf0af | ||
Víðir Valberg Guðmundsson | 8a0a2bf0a0 | ||
Víðir Valberg Guðmundsson | ae78c942d7 | ||
Jesper Hess | 0f398cef3f | ||
Jesper Hess | d5602af999 | ||
Jesper Hess | 0c5ed48600 | ||
Jesper Hess | ae2873e4d9 | ||
Jesper Hess | 4db622313d | ||
Jesper Hess | fef1951d57 | ||
Jesper Hess | 1f8b1827ff | ||
Jesper Hess | 55c8e77254 | ||
Jesper Hess | 2f413b3e99 | ||
Jesper Hess | 9ff11808ce | ||
Jesper Hess | 0c1e94323c | ||
Jesper Hess | 787f47d45e | ||
Víðir Valberg Guðmundsson | f5bc79e636 | ||
Víðir Valberg Guðmundsson | f734e7608b | ||
Víðir Valberg Guðmundsson | d25555d107 | ||
Jesper Hess | 1cd9b67b4e | ||
Jesper Hess | 24a3f4ab3d | ||
Jesper Hess | 454fc751d2 | ||
Jesper Hess | e30f05d3e4 | ||
Jesper Hess | ea8804d31c | ||
Jesper Hess | e118b30873 | ||
Jesper Hess | 1400b18930 | ||
Jesper Hess | 3b596c5701 | ||
Jesper Hess | 92baab22a9 | ||
Jesper Hess | eb36b822b3 | ||
Jesper Hess | 53046bb85f | ||
Jesper Hess | df913b2622 | ||
Víðir Valberg Guðmundsson | 14e72b2a5c | ||
Víðir Valberg Guðmundsson | 200304dd17 | ||
Víðir Valberg Guðmundsson | e5427616dc | ||
valberg | 8d1f3a4955 | ||
Víðir Valberg Guðmundsson | 3a2ac5cb6b | ||
Jesper Hess | dcf8fe8087 | ||
Víðir Valberg Guðmundsson | fce600d56c | ||
Víðir Valberg Guðmundsson | 3def4b490b | ||
Jesper Hess | 6a47214cd6 | ||
Jesper Hess | c7fe698bc2 | ||
Jesper Hess | 26792454f4 | ||
Jesper Hess | ca183eaf4d | ||
Jesper Hess | d9921adae0 | ||
Víðir Valberg Guðmundsson | 79149a4cba | ||
Jesper Hess | 7a1e2c4b02 | ||
Jesper Hess | 83935a8649 | ||
Víðir Valberg Guðmundsson | fefbabcc33 | ||
valberg | 0675539530 | ||
Víðir Valberg Guðmundsson | 027c18f070 | ||
Jesper Hess | 76a0b411e9 | ||
Jesper Hess | 6805197c31 | ||
Jesper Hess | ec930a6f0f | ||
Jesper Hess | 8066a0e67d | ||
Jesper Hess | f30f07eacb | ||
Jesper Hess | e371b11e84 | ||
Jesper Hess | 3d09c8592f | ||
Jesper Hess | ac7b6a17cb | ||
Jesper Hess | 5f1e4e02ef | ||
Víðir Valberg Guðmundsson | f97eb0e8ed | ||
Víðir Valberg Guðmundsson | 05f5628de2 | ||
Víðir Valberg Guðmundsson | 69d53c26e9 | ||
Víðir Valberg Guðmundsson | b2a532c258 |
1
Vagrantfile
vendored
1
Vagrantfile
vendored
|
@ -13,6 +13,7 @@ Vagrant.configure(2) do |config|
|
|||
ansible.verbose = "v"
|
||||
ansible.compatibility_mode = "2.0"
|
||||
ansible.playbook = "playbook.yml"
|
||||
ansible.ask_vault_pass = true
|
||||
ansible.host_vars = {
|
||||
"datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"}
|
||||
}
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
[defaults]
|
||||
remote_user = root
|
||||
inventory = datacoop_hosts
|
||||
|
|
|
@ -1,16 +1,3 @@
|
|||
######################################
|
||||
### All hosts
|
||||
10.1.1.198 ansible_python_interpreter=/usr/bin/python3
|
||||
10.1.1.199 ansible_python_interpreter=/usr/bin/python3
|
||||
|
||||
######################################
|
||||
### Application servers
|
||||
[servers]
|
||||
10.1.1.198
|
||||
10.1.1.199
|
||||
|
||||
[datacoop1]
|
||||
10.1.1.198
|
||||
|
||||
[datacoop2]
|
||||
10.1.1.199
|
||||
85.235.225.231 ansible_port=19022 ansible_python_interpreter=/usr/bin/python3
|
||||
|
|
19
deploy.sh
Normal file → Executable file
19
deploy.sh
Normal file → Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Deploying all!"
|
||||
$BASE_CMD
|
||||
else
|
||||
case $1 in
|
||||
"services")
|
||||
if [ -z "$2" ]; then
|
||||
echo "Deploying all services!"
|
||||
$BASE_CMD --tags setup_services
|
||||
else
|
||||
echo "Deploying services: $2"
|
||||
$BASE_CMD --tags setup_services --extra-vars "services=$2"
|
||||
fi
|
||||
esac
|
||||
fi
|
102
group_vars/all/secrets.yml
Normal file
102
group_vars/all/secrets.yml
Normal file
|
@ -0,0 +1,102 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
32336562633266653862666430393834306131343538636136643866306639313132383063393335
|
||||
3437383263343337323637616330383761346661383065390a396466663135313433643830316439
|
||||
65626336303339653730643435353366633839366165393463663031333030356464373338353765
|
||||
3662646137623936650a633038376161633737376432306466663938333838333339626235663362
|
||||
34303237306533343435346361346461613339323931666461313261623936653936656439663139
|
||||
39666639616234653565303235313866636463656237363861636366666433393631366364623534
|
||||
39313638363231646539383133383938353439356335313263656362376538623531636166383233
|
||||
32653461653965303835613833383736396563306436623762613138343665343461623964666464
|
||||
31363836343534616235323238663262343963376133636337333937353732623938616434333666
|
||||
37386231356633653034656130383463643065373935633334653766396539326262646465376338
|
||||
31346134356162613266393132313839363166623562316230313338373062393535363236363133
|
||||
62653261663865323933323061353864643435323538633733363030356636653162616237323839
|
||||
33636235396166326336303133613431326231356434383431623366386437303162396234626563
|
||||
66333232343234613661363339653234343333323965353537353337303964653066356664303265
|
||||
62333237343334333836623566643633656134353034623630323361376562353464636538623664
|
||||
65313435316533633834303734636233333164616230393664646261663133323536356338323430
|
||||
38623734366530313461653062376136336634386132333138666439326636373536636134333432
|
||||
61396432353962366333373961323263633036656362653330393236333737306664633335313438
|
||||
34383335313933613930376436323236343539363035323461333366646462623961633933313432
|
||||
38656530653336306130313932393162626437383736393162656364333162623831356163303365
|
||||
66343433316131313332346537343863343966323765373035306661366633336261306661363966
|
||||
39326131336561633463613731396663336639613634636631373435623263353961323539623162
|
||||
30383831393164373632336265373662663936336131306563323833643236616338653835633832
|
||||
33383530623733386564373935663437613366633536386131363465363466306632373535646661
|
||||
62616531363737336536616132343034663038623665666636613232663666303164663661366232
|
||||
33626536336435323031663662383836326331633262386634393333373630343431333461393234
|
||||
33656664666466623262353533363833616663303637393164633633336438393131366261326230
|
||||
63623266353432613832633163663363663964303461386366373236386131376336623138366134
|
||||
33626234383661646637323062363265623630663061353630313466626632623062386638643433
|
||||
36333262666562396433393866393362303134616664616531386637336233306334383434616238
|
||||
62353237396432353335316631336265326135616430383735353638346339623539393064373365
|
||||
66336463653139323962333065666363363733376161613434363830663161303735306264396339
|
||||
35643535326130313033636135656634303731323030623131613866653932346665343365343537
|
||||
30393534346438343833336262646161643665613639373835336438663664643763323735646566
|
||||
30303339386131353863643463383333616432333262633962656434343563323165366533643730
|
||||
36646431336361316234393731373563656164646437636536353530343731373531373932313633
|
||||
61363462386663333465333465363864643039346238303635323362646335363037323437633462
|
||||
62373839666639326465383766333462356635636163376366373764373462386430616566386564
|
||||
39353662346632623661326238306136373364343231303664626630663761643433393033633335
|
||||
62336232376134656537383632643730303330353533626634633138383163356533646461656230
|
||||
31373733326436323937373537363839653034356137343864656364313831336235396530373265
|
||||
31663035326365373033313030363032343030346635343333656637343961303861393336316134
|
||||
35383635393737643935646334373865386637373636303162363562326239326433396466396435
|
||||
66336235373238326662323763333733636635313862653233353165346233313663353164383937
|
||||
37373934343261373462373832363633323438663536356133343464316563316362343932396234
|
||||
30343335396562336433353233306132656239663036663064653235376264653933363636326132
|
||||
33353064663930626330386562396564323965393432353430326362616235353464623861313336
|
||||
37363333623736306632643931356138373031363938363966616632666236346265323562306538
|
||||
39303365613463393964376536383431326661323237616538353333373930616438633630633961
|
||||
35303436353231373133666165306534346137396662653736343135303431613438363864616237
|
||||
65643338633065663266303232643264316564373066663038306632653962626336346639393061
|
||||
33326638323066323264353338636535336363376639646233336234643137646262666238363865
|
||||
34623236396437623539653466653331326434643036663930333065393836383265613036393233
|
||||
64333530636138356361643635613933313335636662646666656131613834376632313734373261
|
||||
66626262373630386337303539323332343831373731643830323661656435626266386633366666
|
||||
38626330663635623262336435373432383066393335633261383633343633616564353135613334
|
||||
34616663333562643232333133626433313265316561633638633236343334323337643066386363
|
||||
33316637303533393165656665373931313666616330316465643531303730333036613965383161
|
||||
65346133303835643134643030373966636632663937343434633263633161366236613039313866
|
||||
63343362303866313732326438393262643630633461316534313638343230653462636330363437
|
||||
36613561366235646465326163343165633764333466643766316235396534363366366238626161
|
||||
32656566386130623962643865643562623338353939306463663034653939383864356164316332
|
||||
34396661303364323430323764346438393165313430623464373436323337303966613437626136
|
||||
34303166396636666237383138636230306161323161343738353062383262373631643637366139
|
||||
36313033623162366530366130376338623634363661623965643364666330313066646233303963
|
||||
65353137616236396266336238346562343331363964356237356132303734326138646164663961
|
||||
62383761663837326431343939666432663132396464646439626364373833653164313931353631
|
||||
34633737333961646137663764363763356138396264353534303236633135643936313039303565
|
||||
37663937613961643563346130653536653236346165633333383666623961303138363961646138
|
||||
36613062346562326537656236343835383663386235353638653861613865333635333161326337
|
||||
66343664373262383164313838393261663566393838633364363931653164613663643966643063
|
||||
39656261643733663763383339653433616231653737623865353038646331373334666232346334
|
||||
39653730613439393532326430623239666239616361313738343738376536303839623938396439
|
||||
37393134343333383430303963356563633862336134373962306634613261653131636631626638
|
||||
35613635643336306435643832383761353465633537666563333763646338656164333661666462
|
||||
38643765313865626535326136343365643362373234326262366332653264363863646539366630
|
||||
36623635396635363636373139383530633332386263656339396433653936333834656631373637
|
||||
65663564353938623737303332373261623862646566386230313865643835323231373933303165
|
||||
39356561656534326661346636633933613532373137393737623737383134333132363436373630
|
||||
63653139356565356566663532313736613437623634313236663537376462383465613332656233
|
||||
65306131356165366131633432383730356163326561326332346535373738636333333165666365
|
||||
31636564303838333061323063653135623162636464656263613538306561303361633864383634
|
||||
35613164386334646338613661356134303766393239366530666137376362646263333530623565
|
||||
34643166313038376136643032393630303435376631336366343632383735626335333232303463
|
||||
33643363313434363633393964323064653966353161636135633264333766386266646366316132
|
||||
63303935356138356566306234356435343961356166646430633335386435366666333234636465
|
||||
36336439663731643663353732353261313037363231306430373962613838616238313662343761
|
||||
33316335316236626631636636386137376263323862306262316366663039396334326564303762
|
||||
34623562363839386439366639323662393831653530663463396230663133396466326363303065
|
||||
35646635323439323062333864336332333938663536373834663535643832316532313262326265
|
||||
63376436356662663165616532613963303030613166663865376531613031383865363864333238
|
||||
33616230336263306434643933356530303163653232323331643731353134353939363762303933
|
||||
32363061346537666637663733346431643164323364363133316265306336626466353366313635
|
||||
66653162643533316162363035373532656239356434623761666663626366663336376539656537
|
||||
31323561356363393038323762646633323461666263633937313264346364356439343761623337
|
||||
34643731393763323339653636656565663665646431313531616337616363373764626334656264
|
||||
66633366346137613032313865666363613530643663373834313731353437373239653332656134
|
||||
62376164313138303233623964663234643661336232366165616163313866336230353565393365
|
||||
36613361346437336431376164663930393530626339626361323764623635396137396634316364
|
||||
31393030323539376233383965366433623562646161643866346138316536613437383035656139
|
||||
6533
|
42
group_vars/all/secrets.yml.contents
Normal file
42
group_vars/all/secrets.yml.contents
Normal file
|
@ -0,0 +1,42 @@
|
|||
# These are the variables contained in secrets.yml
|
||||
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||
|
||||
postgres_passwords:
|
||||
fider: xxx
|
||||
nextcloud: xxx
|
||||
passit: xxx
|
||||
gitea: xxx
|
||||
matrix: xxx
|
||||
codimd: xxx
|
||||
mailu: xxx
|
||||
ttrss: xxx
|
||||
keycloak: xxx
|
||||
|
||||
fider_jwt_secret: xxx
|
||||
|
||||
ldap_admin_password: xxx
|
||||
ldap_config_password: xxx
|
||||
|
||||
passit_secret_key: xxx
|
||||
|
||||
docker_password: xxx
|
||||
|
||||
mailu_secret_key: xxx
|
||||
|
||||
drone_secrets:
|
||||
oauth_client_id: xxx
|
||||
oauth_client_secret: xxx
|
||||
rpc_shared_secret: xxx
|
||||
|
||||
restic_secrets:
|
||||
user_secret: xxx
|
||||
encryption_secret: xxx
|
||||
|
||||
matrix_secrets:
|
||||
registration_shared_secret: xxx
|
||||
macaroon_secret_key: xxx
|
||||
form_secret: xxx
|
||||
|
||||
keycloak_secrets:
|
||||
admin_user: xxx //used for setting up the initial admin user on first run
|
||||
admin_password: xxx
|
|
@ -13,3 +13,12 @@ users:
|
|||
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
|
||||
groups:
|
||||
- sudo
|
||||
|
||||
reynir:
|
||||
comment: Reynir Björnsson
|
||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
|
||||
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
|
||||
groups:
|
||||
- sudo
|
||||
|
||||
volume_root_folder: "/docker-volumes"
|
26
playbook.yml
26
playbook.yml
|
@ -3,12 +3,34 @@
|
|||
gather_facts: False
|
||||
become: true
|
||||
vars:
|
||||
# Services are the names of the compose files in docker/files/composefiles
|
||||
base_domain: data.coop
|
||||
letsencrypt_email: bestyrelsen@data.coop
|
||||
ldap_dn: "dc=data,dc=coop"
|
||||
|
||||
services:
|
||||
- nginx-proxy
|
||||
- openldap
|
||||
- thelounge
|
||||
- gitea
|
||||
- nextcloud
|
||||
- fider
|
||||
- passit
|
||||
- gitea
|
||||
- postfix
|
||||
- matrix_riot
|
||||
- privatebin
|
||||
- codimd
|
||||
- netdata
|
||||
- docker_registry
|
||||
- drone
|
||||
- websites
|
||||
- ulovliglogning-dk
|
||||
- ouroboros
|
||||
- mailu
|
||||
- portainer
|
||||
# - tt-rss
|
||||
|
||||
smtp_host: "postfix"
|
||||
smtp_port: "587"
|
||||
|
||||
tasks:
|
||||
- import_role:
|
||||
|
|
106
roles/docker/defaults/main.yml
Normal file
106
roles/docker/defaults/main.yml
Normal file
|
@ -0,0 +1,106 @@
|
|||
volume_root_folder: "/docker-volumes"
|
||||
|
||||
nginx:
|
||||
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||
|
||||
ldap:
|
||||
domain: "ldap.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||
|
||||
thelounge:
|
||||
domain: "irc.{{ base_domain }}"
|
||||
|
||||
nextcloud:
|
||||
domain: "cloud.{{ base_domain }}"
|
||||
|
||||
gitea:
|
||||
domain: "git.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gitea"
|
||||
|
||||
passit:
|
||||
domain: "passit.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/passit"
|
||||
|
||||
fider:
|
||||
domain: "feedback.{{ base_domain }}"
|
||||
|
||||
matrix:
|
||||
domain: "matrix.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||
|
||||
riot:
|
||||
domains:
|
||||
- "riot.{{ base_domain }}"
|
||||
- "element.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/riot"
|
||||
|
||||
privatebin:
|
||||
domain: "paste.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||
|
||||
codimd:
|
||||
domain: "oldpad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/codimd"
|
||||
|
||||
hedgedoc:
|
||||
domain: "pad.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||
|
||||
netdata:
|
||||
domain: "netdata.{{ base_domain }}"
|
||||
|
||||
docker_registry:
|
||||
domain: "docker.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
||||
|
||||
data_coop_website:
|
||||
domains:
|
||||
- "{{ base_domain }}"
|
||||
- "www.{{ base_domain }}"
|
||||
|
||||
cryptohagen_website:
|
||||
domains:
|
||||
- "cryptohagen.dk"
|
||||
- "www.cryptohagen.dk"
|
||||
|
||||
ulovliglogning_website:
|
||||
domains:
|
||||
- "ulovliglogning.dk"
|
||||
- "www.ulovliglogning.dk"
|
||||
- "ulovlig-logning.dk"
|
||||
|
||||
cryptoaarhus_website:
|
||||
domains:
|
||||
- "cryptoaarhus.dk"
|
||||
- "www.cryptoaarhus.dk"
|
||||
|
||||
drone:
|
||||
domain: "drone.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/drone"
|
||||
|
||||
mailu:
|
||||
version: 1.6
|
||||
domain: "mail.{{ base_domain }}"
|
||||
dns: 192.168.203.254
|
||||
subnet: 192.168.203.0/24
|
||||
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||
|
||||
portainer:
|
||||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
|
||||
ttrss:
|
||||
domain: rss.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/tt-rss"
|
||||
|
||||
keycloak:
|
||||
domain: sso.{{ base_domain }}
|
||||
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||
|
||||
postfix:
|
||||
allowed_sender_domains:
|
||||
- "services.{{ base_domain }}"
|
||||
- "{{ passit.domain }}"
|
||||
- "{{ fider.domain }}"
|
|
@ -1,43 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
db:
|
||||
restart: always
|
||||
image: postgres
|
||||
networks:
|
||||
- fider
|
||||
volumes:
|
||||
- /var/fider/pg_data:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_USER: fider
|
||||
POSTGRES_PASSWORD: "SOMESTRONGPASSWORD"
|
||||
|
||||
app:
|
||||
restart: always
|
||||
image: getfider/fider:stable
|
||||
ports:
|
||||
- "9999:3000"
|
||||
networks:
|
||||
- fider
|
||||
- external_services
|
||||
environment:
|
||||
GO_ENV: production
|
||||
DATABASE_URL: postgres://fider:SOMESTRONGPASSWORD@db:5432/fider?sslmode=disable
|
||||
JWT_SECRET: LONGRANDOMSTRING
|
||||
|
||||
EMAIL_NOREPLY: noreply@data.coop
|
||||
EMAIL_SMTP_HOST: smtp.fastmail.com
|
||||
EMAIL_SMTP_PORT: 587
|
||||
EMAIL_SMTP_USERNAME: a_smtp_user
|
||||
EMAIL_SMTP_PASSWORD: password_for_smtp_user
|
||||
|
||||
VIRTUAL_HOST: feedback.data.coop
|
||||
LETSENCRYPT_HOST: feedback.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
networks:
|
||||
fider:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,42 +0,0 @@
|
|||
version: "2.3"
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
external_services:
|
||||
external: true
|
||||
|
||||
services:
|
||||
server:
|
||||
image: gitea/gitea:latest
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- VIRTUAL_HOST=gitea.local
|
||||
- VIRTUAL_PORT=3000
|
||||
restart: always
|
||||
networks:
|
||||
- gitea
|
||||
- external_services
|
||||
volumes:
|
||||
- gitea:/data
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "222:22"
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
db:
|
||||
image: postgres:9.6
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_USER=gitea
|
||||
- POSTGRES_PASSWORD=gitea
|
||||
- POSTGRES_DB=gitea
|
||||
networks:
|
||||
- gitea
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
|
||||
volumes:
|
||||
gitea:
|
||||
postgres:
|
|
@ -1,38 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
db:
|
||||
image: postgres
|
||||
restart: always
|
||||
volumes:
|
||||
- db:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
networks:
|
||||
- nextcloud
|
||||
app:
|
||||
image: nextcloud
|
||||
volumes:
|
||||
- nextcloud:/var/www/html
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_PASSWORD=hest
|
||||
- POSTGRES_DB=nextcloud
|
||||
- POSTGRES_USER=nextcloud
|
||||
- VIRTUAL_HOST=nextcloud.local
|
||||
depends_on:
|
||||
- db
|
||||
ports:
|
||||
- "80"
|
||||
networks:
|
||||
- nextcloud
|
||||
- external_services
|
||||
volumes:
|
||||
nextcloud:
|
||||
db:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
nextcloud:
|
|
@ -1,49 +0,0 @@
|
|||
---
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
nginx-proxy:
|
||||
image: jwilder/nginx-proxy
|
||||
container_name: nginx-proxy
|
||||
networks:
|
||||
- external_services
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- conf:/etc/nginx/conf.d
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- dhparam:/etc/nginx/dhparam
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
restart: always
|
||||
|
||||
|
||||
letsencrypt:
|
||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||
container_name: nginx-proxy-le
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
volumes:
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- html:/usr/share/nginx/html
|
||||
- dhparam:/etc/nginx/dhparam:ro
|
||||
- certs:/etc/nginx/certs
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- NGINX_PROXY_CONTAINER=nginx-proxy
|
||||
restart: always
|
||||
|
||||
volumes:
|
||||
conf:
|
||||
vhost:
|
||||
html:
|
||||
dhparam:
|
||||
certs:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
openldap:
|
||||
image: osixia/openldap:1.2.2
|
||||
container_name: openldap
|
||||
environment:
|
||||
LDAP_LOG_LEVEL: "256"
|
||||
LDAP_ORGANISATION: "data.coop"
|
||||
LDAP_DOMAIN: "data.coop"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "admin"
|
||||
LDAP_CONFIG_PASSWORD: "config"
|
||||
LDAP_READONLY_USER: "true"
|
||||
LDAP_READONLY_USER_USERNAME: "readonly"
|
||||
LDAP_READONLY_USER_PASSWORD: "readonly"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
||||
LDAP_TLS_ENFORCE: "false"
|
||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
||||
LDAP_REPLICATION: "false"
|
||||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
tty: true
|
||||
stdin_open: true
|
||||
volumes:
|
||||
- /var/lib/ldap
|
||||
- /etc/ldap/slapd.d
|
||||
- /container/service/slapd/assets/certs/
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
domainname: "ldap.data.coop" # important: same as hostname
|
||||
hostname: "ldap.data.coop"
|
||||
networks:
|
||||
- external_services
|
||||
|
||||
phpldapadmin:
|
||||
image: osixia/phpldapadmin:latest
|
||||
container_name: phpldapadmin
|
||||
environment:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
VIRTUAL_HOST: ldap.data.coop
|
||||
LETSENCRYPT_HOST: ldap.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
depends_on:
|
||||
- openldap
|
||||
networks:
|
||||
- external_services
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
|
@ -1,23 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
thelounge:
|
||||
image: thelounge/lounge:latest
|
||||
container_name: thelounge
|
||||
restart: always
|
||||
ports:
|
||||
- "9000:9000"
|
||||
volumes:
|
||||
- thelounge:/home/lounge/data # bind lounge config from the host's file system
|
||||
networks:
|
||||
- external_services
|
||||
environment:
|
||||
VIRTUAL_HOST: irc.data.coop
|
||||
LETSENCRYPT_HOST: irc.data.coop
|
||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
||||
|
||||
volumes:
|
||||
thelounge:
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external: true
|
1
roles/docker/files/configs/docker_registry/nginx.conf
Normal file
1
roles/docker/files/configs/docker_registry/nginx.conf
Normal file
|
@ -0,0 +1 @@
|
|||
client_max_body_size 10G;
|
1036
roles/docker/files/configs/matrix/homeserver.yaml.j2
Normal file
1036
roles/docker/files/configs/matrix/homeserver.yaml.j2
Normal file
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,37 @@
|
|||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.RotatingFileHandler
|
||||
formatter: precise
|
||||
filename: /data/homeserver.log
|
||||
maxBytes: 104857600
|
||||
backupCount: 10
|
||||
filters: [context]
|
||||
encoding: utf8
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
filters: [context]
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: WARN
|
||||
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
handlers: [file, console]
|
2
roles/docker/files/configs/matrix/vhost-matrix
Normal file
2
roles/docker/files/configs/matrix/vhost-matrix
Normal file
|
@ -0,0 +1,2 @@
|
|||
listen 8008;
|
||||
client_max_body_size 50M; # default is 1M
|
1
roles/docker/files/configs/matrix/vhost-riot
Normal file
1
roles/docker/files/configs/matrix/vhost-riot
Normal file
|
@ -0,0 +1 @@
|
|||
client_max_body_size 50M; # default is 1M
|
14
roles/docker/files/configs/matrix/vhost-root
Normal file
14
roles/docker/files/configs/matrix/vhost-root
Normal file
|
@ -0,0 +1,14 @@
|
|||
location /_matrix {
|
||||
proxy_pass http://0.0.0.0:8008;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/server {
|
||||
default_type application/json;
|
||||
return 200 '{"m.server": "matrix.data.coop:443"}';
|
||||
}
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.data.coop"}}';
|
||||
}
|
154
roles/docker/files/configs/privatebin-conf.php
Normal file
154
roles/docker/files/configs/privatebin-conf.php
Normal file
|
@ -0,0 +1,154 @@
|
|||
;<?php http_response_code(403); /*
|
||||
; config file for PrivateBin
|
||||
;
|
||||
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
||||
|
||||
[main]
|
||||
; (optional) set a project name to be displayed on the website
|
||||
name = "paste.data.coop"
|
||||
|
||||
; enable or disable the discussion feature, defaults to true
|
||||
discussion = true
|
||||
|
||||
; preselect the discussion feature, defaults to false
|
||||
opendiscussion = false
|
||||
|
||||
; enable or disable the password feature, defaults to true
|
||||
password = true
|
||||
|
||||
; enable or disable the file upload feature, defaults to false
|
||||
fileupload = true
|
||||
|
||||
; preselect the burn-after-reading feature, defaults to false
|
||||
burnafterreadingselected = false
|
||||
|
||||
; which display mode to preselect by default, defaults to "plaintext"
|
||||
; make sure the value exists in [formatter_options]
|
||||
defaultformatter = "plaintext"
|
||||
|
||||
; (optional) set a syntax highlighting theme, as found in css/prettify/
|
||||
; syntaxhighlightingtheme = "sons-of-obsidian"
|
||||
|
||||
; size limit per paste or comment in bytes, defaults to 2 Mebibytes
|
||||
sizelimit = 2097152
|
||||
|
||||
; template to include, default is "bootstrap" (tpl/bootstrap.php)
|
||||
template = "bootstrap"
|
||||
|
||||
; (optional) notice to display
|
||||
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
|
||||
|
||||
; by default PrivateBin will guess the visitors language based on the browsers
|
||||
; settings. Optionally you can enable the language selection menu, which uses
|
||||
; a session cookie to store the choice until the browser is closed.
|
||||
languageselection = false
|
||||
|
||||
; set the language your installs defaults to, defaults to English
|
||||
; if this is set and language selection is disabled, this will be the only language
|
||||
; languagedefault = "en"
|
||||
|
||||
; (optional) URL shortener address to offer after a new paste is created
|
||||
; it is suggested to only use this with self-hosted shorteners as this will leak
|
||||
; the pastes encryption key
|
||||
; urlshortener = "https://shortener.example.com/api?link="
|
||||
|
||||
; (optional) Let users create a QR code for sharing the paste URL with one click.
|
||||
; It works both when a new paste is created and when you view a paste.
|
||||
; qrcode = true
|
||||
|
||||
; (optional) IP based icons are a weak mechanism to detect if a comment was from
|
||||
; a different user when the same username was used in a comment. It might be
|
||||
; used to get the IP of a non anonymous comment poster if the server salt is
|
||||
; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs.
|
||||
; Can be set to one these values: none / vizhash / identicon (default).
|
||||
; icon = none
|
||||
|
||||
; Content Security Policy headers allow a website to restrict what sources are
|
||||
; allowed to be accessed in its context. You need to change this if you added
|
||||
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||
; scripts or run your site behind certain DDoS-protection services.
|
||||
; Check the documentation at https://content-security-policy.com/
|
||||
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
|
||||
; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details.
|
||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||
|
||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||
; sha256 in HMAC for the deletion token
|
||||
zerobincompatibility = false
|
||||
|
||||
[expire]
|
||||
; expire value that is selected per default
|
||||
; make sure the value exists in [expire_options]
|
||||
default = "1day"
|
||||
|
||||
[expire_options]
|
||||
; Set each one of these to the number of seconds in the expiration period,
|
||||
; or 0 if it should never expire
|
||||
5min = 300
|
||||
10min = 600
|
||||
1hour = 3600
|
||||
1day = 86400
|
||||
1week = 604800
|
||||
; Well this is not *exactly* one month, it's 30 days:
|
||||
1month = 2592000
|
||||
1year = 31536000
|
||||
never = 0
|
||||
|
||||
[formatter_options]
|
||||
; Set available formatters, their order and their labels
|
||||
plaintext = "Plain Text"
|
||||
syntaxhighlighting = "Source Code"
|
||||
markdown = "Markdown"
|
||||
|
||||
[traffic]
|
||||
; time limit between calls from the same IP address in seconds
|
||||
; Set this to 0 to disable rate limiting.
|
||||
limit = 10
|
||||
|
||||
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||
header = "X_FORWARDED_FOR"
|
||||
|
||||
; directory to store the traffic limits in
|
||||
dir = PATH "data"
|
||||
|
||||
[purge]
|
||||
; minimum time limit between two purgings of expired pastes, it is only
|
||||
; triggered when pastes are created
|
||||
; Set this to 0 to run a purge every time a paste is created.
|
||||
limit = 300
|
||||
|
||||
; maximum amount of expired pastes to delete in one purge
|
||||
; Set this to 0 to disable purging. Set it higher, if you are running a large
|
||||
; site
|
||||
batchsize = 10
|
||||
|
||||
; directory to store the purge limit in
|
||||
dir = PATH "data"
|
||||
|
||||
[model]
|
||||
; name of data model class to load and directory for storage
|
||||
; the default model "Filesystem" stores everything in the filesystem
|
||||
class = Filesystem
|
||||
[model_options]
|
||||
dir = PATH "data"
|
||||
|
||||
;[model]
|
||||
; example of DB configuration for MySQL
|
||||
;class = Database
|
||||
;[model_options]
|
||||
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
|
||||
;tbl = "privatebin_" ; table prefix
|
||||
;usr = "privatebin"
|
||||
;pwd = "Z3r0P4ss"
|
||||
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
||||
|
||||
;[model]
|
||||
; example of DB configuration for SQLite
|
||||
;class = Database
|
||||
;[model_options]
|
||||
;dsn = "sqlite:" PATH "data/db.sq3"
|
||||
;usr = null
|
||||
;pwd = null
|
||||
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
46
roles/docker/files/configs/riot/config.json
Normal file
46
roles/docker/files/configs/riot/config.json
Normal file
|
@ -0,0 +1,46 @@
|
|||
{
|
||||
"default_hs_url": "https://{{ matrix.domain }}",
|
||||
"default_is_url": "https://vector.im",
|
||||
"brand": "element.data.coop",
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
"https://scalar-staging.riot.im/scalar/api",
|
||||
"https://scalar.vector.im/api"
|
||||
],
|
||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||
"features": {
|
||||
"feature_rich_quoting": "enable",
|
||||
"feature_pinning": "enable",
|
||||
"feature_presence_management": "enable",
|
||||
"feature_sticker_messages": "enable",
|
||||
"feature_jitsi": "enable",
|
||||
"feature_tag_panel": "enable",
|
||||
"feature_keybackup": "enable",
|
||||
"feature_custom_status": "enable",
|
||||
"feature_custom_tags": "enable",
|
||||
"feature_lazyloading": "enable",
|
||||
"feature_tabbed_settings": "enable",
|
||||
"feature_sas": "enable"
|
||||
},
|
||||
"welcomeUserId": "",
|
||||
"piwik": false,
|
||||
"roomDirectory": {
|
||||
"servers": [
|
||||
"{{ base_domain }}"
|
||||
]
|
||||
},
|
||||
"enable_presence_by_hs_url": {
|
||||
"https://{{ matrix.domain }}": false
|
||||
},
|
||||
"terms_and_conditions_links": [
|
||||
{
|
||||
"url": "https://riot.im/privacy",
|
||||
"text": "Privacy Policy"
|
||||
},
|
||||
{
|
||||
"url": "https://matrix.org/docs/guides/riot_im_cookie_policy",
|
||||
"text": "Cookie Policy"
|
||||
}
|
||||
]
|
||||
}
|
1
roles/docker/files/configs/riot/riot.im.conf
Normal file
1
roles/docker/files/configs/riot/riot.im.conf
Normal file
|
@ -0,0 +1 @@
|
|||
-c 3500
|
511
roles/docker/files/configs/thelounge.js
Normal file
511
roles/docker/files/configs/thelounge.js
Normal file
|
@ -0,0 +1,511 @@
|
|||
"use strict";
|
||||
|
||||
module.exports = {
|
||||
//
|
||||
// Set the server mode.
|
||||
// Public servers does not require authentication.
|
||||
//
|
||||
// Set to 'false' to enable users.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
public: false,
|
||||
|
||||
//
|
||||
// IP address or hostname for the web server to listen on.
|
||||
// Setting this to undefined will listen on all interfaces.
|
||||
//
|
||||
// For UNIX domain sockets, use unix:/absolute/path/to/file.sock.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
host: undefined,
|
||||
|
||||
//
|
||||
// Set the port to listen on.
|
||||
//
|
||||
// @type int
|
||||
// @default 9000
|
||||
//
|
||||
port: 9000,
|
||||
|
||||
//
|
||||
// Set the local IP to bind to for outgoing connections. Leave to undefined
|
||||
// to let the operating system pick its preferred one.
|
||||
//
|
||||
// @type string
|
||||
// @default undefined
|
||||
//
|
||||
bind: undefined,
|
||||
|
||||
//
|
||||
// Sets whether the server is behind a reverse proxy and should honor the
|
||||
// X-Forwarded-For header or not.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
reverseProxy: false,
|
||||
|
||||
//
|
||||
// Set the default theme.
|
||||
// Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html
|
||||
//
|
||||
// @type string
|
||||
// @default "example"
|
||||
//
|
||||
theme: "example",
|
||||
|
||||
//
|
||||
// Prefetch URLs
|
||||
//
|
||||
// If enabled, The Lounge will try to load thumbnails and site descriptions from
|
||||
// URLs posted in channels.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetch: false,
|
||||
|
||||
//
|
||||
// Store and proxy prefetched images and thumbnails.
|
||||
// This improves security and privacy by not exposing client IP address,
|
||||
// and always loading images from The Lounge instance and making all assets secure,
|
||||
// which in result fixes mixed content warnings.
|
||||
//
|
||||
// If storage is enabled, The Lounge will fetch and store images and thumbnails
|
||||
// in the `${THELOUNGE_HOME}/storage` folder.
|
||||
//
|
||||
// Images are deleted when they are no longer referenced by any message (controlled by maxHistory),
|
||||
// and the folder is cleaned up on every The Lounge restart.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
prefetchStorage: false,
|
||||
|
||||
//
|
||||
// Prefetch URLs Image Preview size limit
|
||||
//
|
||||
// If prefetch is enabled, The Lounge will only display content under the maximum size.
|
||||
// Specified value is in kilobytes. Default value is 2048 kilobytes.
|
||||
//
|
||||
// @type int
|
||||
// @default 2048
|
||||
//
|
||||
prefetchMaxImageSize: 2048,
|
||||
|
||||
//
|
||||
// Display network
|
||||
//
|
||||
// If set to false network settings will not be shown in the login form.
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
displayNetwork: true,
|
||||
|
||||
//
|
||||
// Lock network
|
||||
//
|
||||
// If set to true, users will not be able to modify host, port and tls
|
||||
// settings and will be limited to the configured network.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
lockNetwork: false,
|
||||
|
||||
//
|
||||
// Hex IP
|
||||
//
|
||||
// If enabled, clients' username will be set to their IP encoded has hex.
|
||||
// This is done to share the real user IP address with the server for host masking purposes.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
useHexIp: false,
|
||||
|
||||
//
|
||||
// WEBIRC support
|
||||
//
|
||||
// If enabled, The Lounge will pass the connecting user's host and IP to the
|
||||
// IRC server. Note that this requires to obtain a password from the IRC network
|
||||
// The Lounge will be connecting to and generally involves a lot of trust from the
|
||||
// network you are connecting to.
|
||||
//
|
||||
// Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"}
|
||||
// Format (function):
|
||||
// {"irc.example.net": function(client, args, trusted) {
|
||||
// // here, we return a webirc object fed directly to `irc-framework`
|
||||
// return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname};
|
||||
// }}
|
||||
//
|
||||
// @type string | function(client, args):object(webirc)
|
||||
// @default null
|
||||
webirc: null,
|
||||
|
||||
//
|
||||
// Log settings
|
||||
//
|
||||
// Logging has to be enabled per user. If enabled, logs will be stored in
|
||||
// the 'logs/<user>/<network>/' folder.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
logs: {
|
||||
//
|
||||
// Timestamp format
|
||||
//
|
||||
// @type string
|
||||
// @default "YYYY-MM-DD HH:mm:ss"
|
||||
//
|
||||
format: "YYYY-MM-DD HH:mm:ss",
|
||||
|
||||
//
|
||||
// Timezone
|
||||
//
|
||||
// @type string
|
||||
// @default "UTC+00:00"
|
||||
//
|
||||
timezone: "UTC+00:00",
|
||||
},
|
||||
|
||||
//
|
||||
// Maximum number of history lines per channel
|
||||
//
|
||||
// Defines the maximum number of history lines that will be kept in
|
||||
// memory per channel/query, in order to reduce the memory usage of
|
||||
// the server. Setting this to -1 will keep unlimited amount.
|
||||
//
|
||||
// @type integer
|
||||
// @default 10000
|
||||
maxHistory: 10000,
|
||||
|
||||
//
|
||||
// Default values for the 'Connect' form.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
defaults: {
|
||||
//
|
||||
// Name
|
||||
//
|
||||
// @type string
|
||||
// @default "Freenode"
|
||||
//
|
||||
name: "Freenode",
|
||||
|
||||
//
|
||||
// Host
|
||||
//
|
||||
// @type string
|
||||
// @default "chat.freenode.net"
|
||||
//
|
||||
host: "chat.freenode.net",
|
||||
|
||||
//
|
||||
// Port
|
||||
//
|
||||
// @type int
|
||||
// @default 6697
|
||||
//
|
||||
port: 6697,
|
||||
|
||||
//
|
||||
// Password
|
||||
//
|
||||
// @type string
|
||||
// @default ""
|
||||
//
|
||||
password: "",
|
||||
|
||||
//
|
||||
// Enable TLS/SSL
|
||||
//
|
||||
// @type boolean
|
||||
// @default true
|
||||
//
|
||||
tls: true,
|
||||
|
||||
//
|
||||
// Nick
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
nick: "lounge-user",
|
||||
|
||||
//
|
||||
// Username
|
||||
//
|
||||
// @type string
|
||||
// @default "lounge-user"
|
||||
//
|
||||
username: "lounge-user",
|
||||
|
||||
//
|
||||
// Real Name
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge User"
|
||||
//
|
||||
realname: "The Lounge User",
|
||||
|
||||
//
|
||||
// Channels
|
||||
// This is a comma-separated list.
|
||||
//
|
||||
// @type string
|
||||
// @default "#thelounge"
|
||||
//
|
||||
join: "#thelounge",
|
||||
},
|
||||
|
||||
//
|
||||
// Set socket.io transports
|
||||
//
|
||||
// @type array
|
||||
// @default ["polling", "websocket"]
|
||||
//
|
||||
transports: ["polling", "websocket"],
|
||||
|
||||
//
|
||||
// Run The Lounge using encrypted HTTP/2.
|
||||
// This will fallback to regular HTTPS if HTTP/2 is not supported.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
https: {
|
||||
//
|
||||
// Enable HTTP/2 / HTTPS support.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Path to the key.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key.pem"
|
||||
// @default ""
|
||||
//
|
||||
key: "",
|
||||
|
||||
//
|
||||
// Path to the certificate.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/key-cert.pem"
|
||||
// @default ""
|
||||
//
|
||||
certificate: "",
|
||||
|
||||
//
|
||||
// Path to the CA bundle.
|
||||
//
|
||||
// @type string
|
||||
// @example "sslcert/bundle.pem"
|
||||
// @default ""
|
||||
//
|
||||
ca: "",
|
||||
},
|
||||
|
||||
//
|
||||
// Default quit and part message if none is provided.
|
||||
//
|
||||
// @type string
|
||||
// @default "The Lounge - https://thelounge.github.io"
|
||||
//
|
||||
leaveMessage: "The Lounge - https://thelounge.github.io",
|
||||
|
||||
//
|
||||
// Run The Lounge with identd support.
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
identd: {
|
||||
//
|
||||
// Run the identd daemon on server start.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: false,
|
||||
|
||||
//
|
||||
// Port to listen for ident requests.
|
||||
//
|
||||
// @type int
|
||||
// @default 113
|
||||
//
|
||||
port: 113,
|
||||
},
|
||||
|
||||
//
|
||||
// Enable oidentd support using the specified file
|
||||
//
|
||||
// Example: oidentd: "~/.oidentd.conf",
|
||||
//
|
||||
// @type string
|
||||
// @default null
|
||||
//
|
||||
oidentd: null,
|
||||
|
||||
//
|
||||
// LDAP authentication settings (only available if public=false)
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. Lounge connects to the LDAP server with its system credentials
|
||||
// 2. It performs a LDAP search query to find the full DN associated to the
|
||||
// user requesting to log in.
|
||||
// 3. Lounge tries to connect a second time, but this time using the user's
|
||||
// DN and password. Auth is validated iff this connection is successful.
|
||||
//
|
||||
// The search query takes a couple of parameters in `searchDN`:
|
||||
// - a base DN `searchDN/base`. Only children nodes of this DN will be likely
|
||||
// to be returned;
|
||||
// - a search scope `searchDN/scope` (see LDAP documentation);
|
||||
// - the query itself, build as (&(<primaryKey>=<username>) <filter>)
|
||||
// where <username> is the user name provided in the log in request,
|
||||
// <primaryKey> is provided by the config and <fitler> is a filtering complement
|
||||
// also given in the config, to filter for instance only for nodes of type
|
||||
// inetOrgPerson, or whatever LDAP search allows.
|
||||
//
|
||||
// Alternatively, you can specify the `bindDN` parameter. This will make the lounge
|
||||
// ignore searchDN options and assume that the user DN is always:
|
||||
// <bindDN>,<primaryKey>=<username>
|
||||
// where <username> is the user name provided in the log in request, and <bindDN>
|
||||
// and <primaryKey> are provided by the config.
|
||||
//
|
||||
ldap: {
|
||||
//
|
||||
// Enable LDAP user authentication
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
enable: true,
|
||||
|
||||
//
|
||||
// LDAP server URL
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
url: "ldap://{{ ldap.domain }}",
|
||||
|
||||
//
|
||||
// LDAP connection tls options (only used if scheme is ldaps://)
|
||||
//
|
||||
// @type object (see nodejs' tls.connect() options)
|
||||
// @default {}
|
||||
//
|
||||
// Example:
|
||||
// You can use this option in order to force the use of IPv6:
|
||||
// {
|
||||
// host: 'my::ip::v6',
|
||||
// servername: 'example.com'
|
||||
// }
|
||||
tlsOptions: {},
|
||||
|
||||
//
|
||||
// LDAP base dn, alternative to searchDN
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
// baseDN: "",
|
||||
|
||||
//
|
||||
// LDAP primary key
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
primaryKey: "uid",
|
||||
|
||||
//
|
||||
// LDAP search dn settings. This defines the procedure by which the
|
||||
// lounge first look for user DN before authenticating her.
|
||||
// Ignored if baseDN is specified
|
||||
//
|
||||
// @type object
|
||||
//
|
||||
searchDN: {
|
||||
|
||||
//
|
||||
// LDAP searching bind DN
|
||||
// This bind DN is used to query the server for the DN of the user.
|
||||
// This is supposed to be a system user that has access in read only to
|
||||
// the DNs of the people that are allowed to log in.
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootDN: "cn=admin,dc=data,dc=coop",
|
||||
|
||||
//
|
||||
// Password of the lounge LDAP system user
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
rootPassword: "{{ ldap_admin_password }}",
|
||||
|
||||
//
|
||||
// LDAP filter
|
||||
//
|
||||
// @type string
|
||||
// @default "uid"
|
||||
//
|
||||
//filter: "(objectClass=inetOrgPerson)(memberOf=ou=members,dc=data,dc=coop)",
|
||||
filter: "(objectClass=inetOrgPerson)",
|
||||
|
||||
//
|
||||
// LDAP search base (search only within this node)
|
||||
//
|
||||
// @type string
|
||||
//
|
||||
base: "{{ ldap_dn }}",
|
||||
|
||||
//
|
||||
// LDAP search scope
|
||||
//
|
||||
// @type string
|
||||
// @default "sub"
|
||||
//
|
||||
scope: "sub",
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
// Extra debugging
|
||||
//
|
||||
// @type object
|
||||
// @default {}
|
||||
//
|
||||
debug: {
|
||||
// Enables extra debugging output provided by irc-framework.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
ircFramework: false,
|
||||
|
||||
// Enables logging raw IRC messages into each server window.
|
||||
//
|
||||
// @type boolean
|
||||
// @default false
|
||||
//
|
||||
raw: false,
|
||||
},
|
||||
};
|
1
roles/docker/files/sso/sso.data.coop.pem
Normal file
1
roles/docker/files/sso/sso.data.coop.pem
Normal file
|
@ -0,0 +1 @@
|
|||
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
- name: add docker gpg key
|
||||
apt_key:
|
||||
keyserver: pgp.key-server.io
|
||||
keyserver: pgp.mit.edu
|
||||
id: 8D81803C0EBFCD88
|
||||
state: present
|
||||
|
||||
- name: add docker apt repository
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu artful stable
|
||||
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
|
@ -22,6 +22,11 @@
|
|||
name: "docker-compose"
|
||||
state: present
|
||||
|
||||
- name: create folder structure for bind mounts
|
||||
file:
|
||||
name: "{{ volume_root_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: setup services
|
||||
import_tasks: services.yml
|
||||
tags:
|
||||
|
|
|
@ -4,8 +4,5 @@
|
|||
name: external_services
|
||||
|
||||
- name: setup services
|
||||
docker_service:
|
||||
project_name: "{{ item }}"
|
||||
definition:
|
||||
"{{ lookup('file', 'composefiles/{{ item }}.yml') | from_yaml }}"
|
||||
include_tasks: "services/{{ item }}.yml"
|
||||
with_items: "{{ services }}"
|
||||
|
|
57
roles/docker/tasks/services/codimd.yml
Normal file
57
roles/docker/tasks/services/codimd.yml
Normal file
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
|
||||
- name: codimd network
|
||||
docker_network:
|
||||
name: codimd
|
||||
|
||||
- name: create codimd volume folders
|
||||
file:
|
||||
name: "{{ codimd.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "db"
|
||||
- "codimd/uploads"
|
||||
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: codimd database container
|
||||
docker_container:
|
||||
name: codimd_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: codimd
|
||||
volumes:
|
||||
- "{{ codimd.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
env:
|
||||
POSTGRES_USER: "codimd"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.codimd }}"
|
||||
|
||||
- name: codimd app container
|
||||
docker_container:
|
||||
name: codimd_app
|
||||
image: hackmdio/hackmd:1.3.0
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: codimd
|
||||
- name: ldap
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ codimd.volume_folder }}/codimd/uploads:/codimd/public/uploads"
|
||||
|
||||
env:
|
||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.codimd }}@codimd_db:5432/codimd"
|
||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_EMAIL: "False"
|
||||
CMD_LDAP_URL: "ldap://openldap"
|
||||
CMD_LDAP_BINDDN: "cn=admin,dc=data,dc=coop"
|
||||
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_admin_password }}"
|
||||
CMD_LDAP_SEARCHBASE: "dc=data,dc=coop"
|
||||
CMD_LDAP_SEARCHFILTER: "(&(uid={{ '{{username}}' }})(objectClass=inetOrgPerson))"
|
||||
CMD_USECDN: "false"
|
||||
VIRTUAL_HOST: "{{ codimd.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ codimd.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
35
roles/docker/tasks/services/docker_registry.yml
Normal file
35
roles/docker/tasks/services/docker_registry.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- name: copy docker registry nginx configuration
|
||||
copy:
|
||||
src: "files/configs/docker_registry/nginx.conf"
|
||||
dest: "/docker-volumes/nginx/vhost/{{ docker_registry.domain }}"
|
||||
mode: "0644"
|
||||
|
||||
- name: docker registry container
|
||||
docker_container:
|
||||
name: registry
|
||||
image: registry:2
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ docker_registry.volume_folder }}/registry:/var/lib/registry"
|
||||
- "{{ docker_registry.volume_folder }}/auth:/auth"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ docker_registry.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ docker_registry.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
REGISTRY_AUTH: "htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||
|
||||
- name: generate htpasswd file
|
||||
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
args:
|
||||
creates: "{{ docker_registry.volume_folder }}/auth/htpasswd"
|
||||
|
||||
- name: log in to local registry
|
||||
docker_login:
|
||||
registry: "{{ docker_registry.domain }}"
|
||||
username: "docker"
|
||||
password: "{{ docker_password }}"
|
51
roles/docker/tasks/services/drone.yml
Normal file
51
roles/docker/tasks/services/drone.yml
Normal file
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
- name: set up drone with docker runner
|
||||
docker_compose:
|
||||
project_name: drone
|
||||
pull: yes
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
drone:
|
||||
container_name: "drone"
|
||||
image: drone/drone:1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- external_services
|
||||
- drone
|
||||
volumes:
|
||||
- "{{ drone.volume_folder }}:/data"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea.domain }}"
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||
DRONE_GIT_ALWAYS_AUTH: "true"
|
||||
DRONE_SERVER_HOST: "{{ drone.domain }}"
|
||||
DRONE_SERVER_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
PLUGIN_CUSTOM_DNS: "91.239.100.100"
|
||||
VIRTUAL_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ drone.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
drone-runner-docker:
|
||||
container_name: "drone-runner-docker"
|
||||
image: "drone/drone-runner-docker:1"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- drone
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
environment:
|
||||
DRONE_RPC_HOST: "{{ drone.domain }}"
|
||||
DRONE_RPC_PROTO: "https"
|
||||
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||
DRONE_RUNNER_CAPACITY: 2
|
||||
DRONE_RUNNER_NAME: "data.coop_drone_runner"
|
||||
|
||||
networks:
|
||||
drone:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
47
roles/docker/tasks/services/fider.yml
Normal file
47
roles/docker/tasks/services/fider.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
|
||||
- name: fider network
|
||||
docker_network:
|
||||
name: fider
|
||||
|
||||
- name: fider database volume
|
||||
docker_volume:
|
||||
name: fider_db
|
||||
|
||||
- name: fider database container
|
||||
docker_container:
|
||||
name: fider_db
|
||||
image: postgres:10
|
||||
state: started
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: fider
|
||||
volumes:
|
||||
- fider_db:/var/lib/postgresql/data
|
||||
env:
|
||||
POSTGRES_USER: "fider"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.fider }}"
|
||||
|
||||
- name: fider app container
|
||||
docker_container:
|
||||
name: fider
|
||||
image: getfider/fider:stable
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: fider
|
||||
- name: external_services
|
||||
- name: postfix
|
||||
env:
|
||||
GO_ENV: "production"
|
||||
DATABASE_URL: "postgres://fider:{{ postgres_passwords.fider }}@fider_db:5432/fider?sslmode=disable"
|
||||
JWT_SECRET: "{{ fider_jwt_secret }}"
|
||||
|
||||
EMAIL_NOREPLY: noreply@{{ fider.domain }}
|
||||
EMAIL_SMTP_HOST: "{{ smtp_host }}"
|
||||
EMAIL_SMTP_PORT: "{{ smtp_port }}"
|
||||
EMAIL_SMTP_USERNAME: "noop"
|
||||
EMAIL_SMTP_PASSWORD: "noop"
|
||||
|
||||
VIRTUAL_HOST: "{{ fider.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ fider.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email}}"
|
23
roles/docker/tasks/services/gitea.yml
Normal file
23
roles/docker/tasks/services/gitea.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
- name: gitea network
|
||||
docker_network:
|
||||
name: gitea
|
||||
|
||||
# old DNS: 138.68.71.153
|
||||
- name: gitea container
|
||||
docker_container:
|
||||
name: gitea
|
||||
image: gitea/gitea:1.12.3
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: gitea
|
||||
- name: external_services
|
||||
volumes:
|
||||
- "{{ gitea.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- "22:22"
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ gitea.domain }}"
|
||||
VIRTUAL_PORT: "3000"
|
||||
LETSENCRYPT_HOST: "{{ gitea.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
66
roles/docker/tasks/services/hedgedoc.yml
Normal file
66
roles/docker/tasks/services/hedgedoc.yml
Normal file
|
@ -0,0 +1,66 @@
|
|||
---
|
||||
- name: create hedgedoc volume folders
|
||||
file:
|
||||
name: "{{ hedgedoc.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "db"
|
||||
- "hedgedoc/uploads"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: copy sso public certificate
|
||||
copy:
|
||||
src: "files/sso/sso.data.coop.pem"
|
||||
dest: "{{ hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||
mode: "0644"
|
||||
|
||||
- name: setup hedgedoc
|
||||
docker_compose:
|
||||
project_name: "hedgedoc"
|
||||
pull: "yes"
|
||||
definition:
|
||||
services:
|
||||
database:
|
||||
image: "postgres:10-alpine"
|
||||
environment:
|
||||
POSTGRES_USER: "codimd"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||
POSTGRES_DB: "codimd"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.0
|
||||
environment:
|
||||
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
||||
CMD_DOMAIN: "{{ hedgedoc.domain }}"
|
||||
CMD_ALLOW_EMAIL_REGISTER: "False"
|
||||
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
||||
CMD_EMAIL: "False"
|
||||
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
||||
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
||||
CMD_SAML_ISSUER: "hedgedoc"
|
||||
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
CMD_USECDN: "false"
|
||||
CMD_PROTOCOL_USESSL: "true"
|
||||
VIRTUAL_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ hedgedoc.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||
- "{{ hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "hedgedoc"
|
||||
- "external_services"
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
networks:
|
||||
hedgedoc:
|
||||
external_services:
|
||||
external: true
|
45
roles/docker/tasks/services/keycloak.yml
Normal file
45
roles/docker/tasks/services/keycloak.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
- name: setup keycloak containers for sso.data.coop
|
||||
docker_compose:
|
||||
project_name: "keycloak"
|
||||
pull: "yes"
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
|
||||
postgres:
|
||||
image: "postgres:10"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
volumes:
|
||||
- "{{ keycloak.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "keycloak"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
POSTGRES_DB: "keycloak"
|
||||
|
||||
app:
|
||||
image: "quay.io/keycloak/keycloak:15.0.2"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "keycloak"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ keycloak.domain }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ keycloak.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
DB_USER: "keycloak"
|
||||
DB_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||
DB_ADDR: "keycloak_postgres_1"
|
||||
#KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user
|
||||
#KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}"
|
||||
PROXY_ADDRESS_FORWARDING: "true"
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
161
roles/docker/tasks/services/mailu.yml
Normal file
161
roles/docker/tasks/services/mailu.yml
Normal file
|
@ -0,0 +1,161 @@
|
|||
---
|
||||
|
||||
- name: create mailu volume folders
|
||||
file:
|
||||
name: "{{ mailu.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- redis
|
||||
- certs
|
||||
- overrides
|
||||
- data
|
||||
- dkim
|
||||
- mail
|
||||
- filter
|
||||
- dav
|
||||
- webmail
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload mailu.env file
|
||||
template:
|
||||
src: mailu.env.j2
|
||||
dest: "{{ mailu.volume_folder}}/mailu.env"
|
||||
|
||||
- name: hard link to Let's Encrypt TLS certificate
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/fullchain.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/cert.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
|
||||
|
||||
- name: hard link to Let's Encrypt TLS key
|
||||
file:
|
||||
src: "{{ nginx.volume_folder }}/certs/{{ mailu.domain }}/key.pem"
|
||||
dest: "{{ mailu.volume_folder }}/certs/key.pem"
|
||||
state: hard
|
||||
force: yes
|
||||
|
||||
- name: run mail server containers
|
||||
docker_compose:
|
||||
project_name: mail_server
|
||||
pull: yes
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
redis:
|
||||
image: redis:alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/redis:/data"
|
||||
|
||||
database:
|
||||
image: mailu/postgresql:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data/psql_db:/data"
|
||||
- "{{ mailu.volume_folder }}/data/psql_backup:/backup"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
front:
|
||||
image: mailu/nginx:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ mailu.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ mailu.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/certs:/certs"
|
||||
- "{{ mailu.volume_folder }}/overrides/nginx:/overrides"
|
||||
expose:
|
||||
- "80"
|
||||
ports:
|
||||
- "993:993"
|
||||
- "25:25"
|
||||
- "587:587"
|
||||
- "465:465"
|
||||
networks:
|
||||
- default
|
||||
- external_services
|
||||
|
||||
resolver:
|
||||
image: mailu/unbound:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: "{{ mailu.dns }}"
|
||||
|
||||
admin:
|
||||
image: mailu/admin:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/data:/data"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
depends_on:
|
||||
- redis
|
||||
|
||||
imap:
|
||||
image: mailu/dovecot:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/mail:/mail"
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
|
||||
smtp:
|
||||
image: mailu/postfix:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/overrides:/overrides"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
|
||||
antispam:
|
||||
image: mailu/rspamd:{{ mailu.version }}
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/filter:/var/lib/rspamd"
|
||||
- "{{ mailu.volume_folder }}/dkim:/dkim"
|
||||
- "{{ mailu.volume_folder }}/overrides/rspamd:/etc/rspamd/override.d"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
|
||||
webmail:
|
||||
image: mailu/rainloop:1.6
|
||||
restart: always
|
||||
env_file: "{{ mailu.volume_folder}}/mailu.env"
|
||||
volumes:
|
||||
- "{{ mailu.volume_folder }}/webmail:/data"
|
||||
depends_on:
|
||||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- "{{ mailu.dns }}"
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: "{{ mailu.subnet }}"
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
125
roles/docker/tasks/services/matrix_riot.yml
Normal file
125
roles/docker/tasks/services/matrix_riot.yml
Normal file
|
@ -0,0 +1,125 @@
|
|||
---
|
||||
- name: create matrix volume folders
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
owner: "991"
|
||||
group: "991"
|
||||
loop:
|
||||
- "data"
|
||||
- "data/uploads"
|
||||
- "data/media"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: create matrix DB folder
|
||||
file:
|
||||
name: "{{ matrix.volume_folder }}/db"
|
||||
state: "directory"
|
||||
|
||||
- name: create riot volume folders
|
||||
file:
|
||||
name: "{{ riot.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "data"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload riot config.json
|
||||
template:
|
||||
src: files/configs/riot/config.json
|
||||
dest: "{{ riot.volume_folder }}/data/config.json"
|
||||
|
||||
- name: upload riot.im.conf
|
||||
template:
|
||||
src: files/configs/riot/riot.im.conf
|
||||
dest: "{{ riot.volume_folder }}/data/riot.im.conf"
|
||||
|
||||
- name: upload vhost config for root domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-root
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ base_domain }}"
|
||||
|
||||
- name: upload vhost config for matrix domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-matrix
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ matrix.domain }}"
|
||||
|
||||
- name: upload vhost config for riot domain
|
||||
template:
|
||||
src: files/configs/matrix/vhost-riot
|
||||
dest: "{{ nginx.volume_folder }}/vhost/{{ riot.domains[0] }}"
|
||||
|
||||
- name: upload homeserver.yaml
|
||||
template:
|
||||
src: "files/configs/matrix/homeserver.yaml.j2"
|
||||
dest: "{{ matrix.volume_folder }}/data/homeserver.yaml"
|
||||
|
||||
- name: upload matrix logging config
|
||||
template:
|
||||
src: "files/configs/matrix/matrix.data.coop.log.config"
|
||||
dest: "{{ matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
||||
|
||||
- name: set up matrix and riot
|
||||
docker_compose:
|
||||
project_name: matrix
|
||||
pull: yes
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
matrix_db:
|
||||
container_name: matrix_db
|
||||
image: postgres:10
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "synapse"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||
|
||||
matrix_app:
|
||||
container_name: matrix
|
||||
image: matrixdotorg/synapse:v1.47.1
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
ports:
|
||||
- 8008
|
||||
volumes:
|
||||
- "{{ matrix.volume_folder }}/data:/data"
|
||||
environment:
|
||||
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
|
||||
SYNAPSE_CACHE_FACTOR: "2"
|
||||
SYNAPSE_LOG_LEVEL: "INFO"
|
||||
VIRTUAL_HOST: "{{ matrix.domain }}"
|
||||
VIRTUAL_PORT: "8008"
|
||||
LETSENCRYPT_HOST: "{{ matrix.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
riot:
|
||||
container_name: riot_app
|
||||
image: avhost/docker-matrix-riot:v1.9.0
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- matrix
|
||||
- external_services
|
||||
ports:
|
||||
- 8080
|
||||
volumes:
|
||||
- "{{ riot.volume_folder }}/data:/data"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ riot.domains|join(',') }}"
|
||||
VIRTUAL_PORT: "8080"
|
||||
LETSENCRYPT_HOST: "{{ riot.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
matrix:
|
||||
name: "matrix"
|
27
roles/docker/tasks/services/netdata.yml
Normal file
27
roles/docker/tasks/services/netdata.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
|
||||
- name: setup netdata docker container for system monitoring
|
||||
docker_container:
|
||||
name: netdata
|
||||
image: netdata/netdata
|
||||
restart_policy: unless-stopped
|
||||
hostname: "hevonen.servers.{{ base_domain }}"
|
||||
capabilities:
|
||||
- SYS_PTRACE
|
||||
security_opts:
|
||||
- apparmor:unconfined
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ netdata.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ netdata.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
PGID: "999"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
|
42
roles/docker/tasks/services/nextcloud.yml
Normal file
42
roles/docker/tasks/services/nextcloud.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: setup nextcloud containers
|
||||
docker_compose:
|
||||
project_name: "nextcloud"
|
||||
pull: "yes"
|
||||
definition:
|
||||
services:
|
||||
postgres:
|
||||
image: "postgres:10"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/postgres:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
POSTGRES_USER: "nextcloud"
|
||||
|
||||
app:
|
||||
image: "nextcloud:22-apache"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "nextcloud"
|
||||
- "external_services"
|
||||
volumes:
|
||||
- "{{ nextcloud.volume_folder }}/app:/var/www/html"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ nextcloud.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
POSTGRES_HOST: "nextcloud_postgres_1"
|
||||
POSTGRES_DB: "nextcloud"
|
||||
POSTGRES_USER: "nextcloud"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||
|
||||
networks:
|
||||
nextcloud:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
47
roles/docker/tasks/services/nginx-proxy.yml
Normal file
47
roles/docker/tasks/services/nginx-proxy.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
|
||||
- name: create nginx-proxy volume folders
|
||||
file:
|
||||
name: "{{ nginx.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- conf
|
||||
- vhost
|
||||
- html
|
||||
- dhparam
|
||||
- certs
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: nginx proxy container
|
||||
docker_container:
|
||||
name: nginx-proxy
|
||||
image: jwilder/nginx-proxy
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
published_ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/conf:/etc/nginx/conf.d"
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs:ro"
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
|
||||
- name: nginx letsencrypt container
|
||||
docker_container:
|
||||
name: nginx-proxy-le
|
||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d"
|
||||
- "{{ nginx.volume_folder }}/html:/usr/share/nginx/html"
|
||||
- "{{ nginx.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
|
||||
- "{{ nginx.volume_folder }}/certs:/etc/nginx/certs"
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
env:
|
||||
NGINX_PROXY_CONTAINER: nginx-proxy
|
||||
|
71
roles/docker/tasks/services/openldap.yml
Normal file
71
roles/docker/tasks/services/openldap.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
- name: create ldap volume folders
|
||||
file:
|
||||
name: "{{ ldap.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "var/lib/ldap"
|
||||
- "etc/slapd"
|
||||
- "certs"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: Create a network for ldap
|
||||
docker_network:
|
||||
name: ldap
|
||||
|
||||
- name: openLDAP container
|
||||
docker_container:
|
||||
name: openldap
|
||||
image: osixia/openldap:1.5.0
|
||||
tty: true
|
||||
interactive: true
|
||||
volumes:
|
||||
- "{{ ldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
|
||||
- "{{ ldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
|
||||
- "{{ ldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
|
||||
published_ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
hostname: "{{ ldap.domain }}"
|
||||
domainname: "{{ ldap.domain }}" # important: same as hostname
|
||||
networks:
|
||||
- name: ldap
|
||||
env:
|
||||
LDAP_LOG_LEVEL: "256"
|
||||
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||
LDAP_DOMAIN: "{{ base_domain }}"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||
LDAP_READONLY_USER: "false"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
||||
LDAP_TLS_ENFORCE: "false"
|
||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
||||
LDAP_REPLICATION: "false"
|
||||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
|
||||
- name: phpLDAPadmin container
|
||||
docker_container:
|
||||
name: phpldapadmin
|
||||
image: osixia/phpldapadmin:0.9.0
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
||||
PHPLDAPADMIN_HTTPS: "false"
|
||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
||||
|
||||
VIRTUAL_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ldap.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
18
roles/docker/tasks/services/ouroboros.yml
Normal file
18
roles/docker/tasks/services/ouroboros.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: ouroboros container
|
||||
docker_container:
|
||||
name: ouroboros
|
||||
image: pyouroboros/ouroboros
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /root/.docker/config.json:/root/.docker/config.json
|
||||
env:
|
||||
LABEL_ENABLE: "true"
|
||||
LABELS_ONLY: "true"
|
||||
CLEANUP: "true"
|
||||
LATEST: "true"
|
||||
CRON: "*/10 * * * *"
|
||||
|
47
roles/docker/tasks/services/passit.yml
Normal file
47
roles/docker/tasks/services/passit.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
|
||||
- name: setup passit containers
|
||||
docker_compose:
|
||||
project_name: "passit"
|
||||
pull: "yes"
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
|
||||
passit_db:
|
||||
image: "postgres:10"
|
||||
restart: "always"
|
||||
networks:
|
||||
- "passit"
|
||||
volumes:
|
||||
- "{{ passit.volume_folder }}/data:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "passit"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||
|
||||
passit_app:
|
||||
image: "passit/passit:stable"
|
||||
command: "bin/start.sh"
|
||||
restart: "always"
|
||||
networks:
|
||||
- "passit"
|
||||
- "postfix"
|
||||
- "external_services"
|
||||
environment:
|
||||
DATABASE_URL: "postgres://passit:{{ postgres_passwords.passit }}@passit_db:5432/passit"
|
||||
SECRET_KEY: "{{ passit_secret_key }}"
|
||||
IS_DEBUG: 'False'
|
||||
EMAIL_URL: "smtp://noop@{{ smtp_host }}:{{ smtp_port }}"
|
||||
DEFAULT_FROM_EMAIL: "noreply@{{ passit.domain }}"
|
||||
EMAIL_CONFIRMATION_HOST: "https://{{ passit.domain }}"
|
||||
|
||||
VIRTUAL_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ passit.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
|
||||
networks:
|
||||
passit:
|
||||
postfix:
|
||||
external: true
|
||||
external_services:
|
||||
external: true
|
24
roles/docker/tasks/services/portainer.yml
Normal file
24
roles/docker/tasks/services/portainer.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: create portainer volume folder
|
||||
file:
|
||||
name: "{{ portainer.volume_folder }}"
|
||||
state: directory
|
||||
|
||||
- name: run portainer
|
||||
docker_container:
|
||||
name: portainer
|
||||
image: portainer/portainer-ce:2.9.1
|
||||
restart_policy: always
|
||||
networks:
|
||||
- name: external_services
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- "{{ portainer.volume_folder }}:/data"
|
||||
published_ports:
|
||||
- 9001:9000
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ portainer.domain }}"
|
||||
VIRTUAL_PORT: "9000"
|
||||
LETSENCRYPT_HOST: "{{ portainer.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
20
roles/docker/tasks/services/postfix.yml
Normal file
20
roles/docker/tasks/services/postfix.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: setup network for postfix
|
||||
docker_network:
|
||||
name: postfix
|
||||
ipam_config:
|
||||
- subnet: '172.16.0.0/16'
|
||||
gateway: 172.16.0.1
|
||||
|
||||
- name: setup postfix docker container for outgoing mail
|
||||
docker_container:
|
||||
name: postfix
|
||||
image: boky/postfix
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: postfix
|
||||
env:
|
||||
ALLOWED_SENDER_DOMAINS: "{{ postfix.allowed_sender_domains|join(' ') }}"
|
||||
HOSTNAME: "mail.data.coop" # the name the smtp server will identify itself as
|
||||
|
31
roles/docker/tasks/services/privatebin.yml
Normal file
31
roles/docker/tasks/services/privatebin.yml
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
|
||||
- name: create privatebin volume folders
|
||||
file:
|
||||
name: "{{ privatebin.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- cfg
|
||||
- data
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: upload privatebin config
|
||||
template:
|
||||
src: files/configs/privatebin-conf.php
|
||||
dest: "{{ privatebin.volume_folder }}/cfg/conf.php"
|
||||
|
||||
- name: privatebin app container
|
||||
docker_container:
|
||||
name: privatebin
|
||||
image: jgeusebroek/privatebin:latest
|
||||
restart_policy: unless-stopped
|
||||
volumes:
|
||||
- "{{ privatebin.volume_folder }}/cfg:/privatebin/cfg"
|
||||
- "{{ privatebin.volume_folder }}/data:/privatebin/data"
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ privatebin.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ privatebin.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
38
roles/docker/tasks/services/restic-backup.yml
Normal file
38
roles/docker/tasks/services/restic-backup.yml
Normal file
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: setup restic backup
|
||||
docker_compose:
|
||||
project_name: restic_backup
|
||||
pull: yes
|
||||
definition:
|
||||
version: '3.6'
|
||||
services:
|
||||
restic-backup:
|
||||
image: mazzolino/restic
|
||||
restart: always
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
BACKUP_CRON: "0 30 3 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||
RESTIC_BACKUP_SOURCES: "/mnt/volumes"
|
||||
RESTIC_BACKUP_ARGS: >-
|
||||
--tag datacoop-volumes
|
||||
--exclude='*.tmp'
|
||||
--verbose
|
||||
RESTIC_FORGET_ARGS: >-
|
||||
--keep-last 10
|
||||
--keep-daily 7
|
||||
--keep-weekly 5
|
||||
--keep-monthly 12
|
||||
TZ: Europe/Copenhagen
|
||||
volumes:
|
||||
- /docker-volumes:/mnt/volumes:ro
|
||||
|
||||
restic-prune:
|
||||
image: "mazzolino/restic"
|
||||
environment:
|
||||
RUN_ON_STARTUP: "true"
|
||||
PRUNE_CRON: "0 0 4 * * *"
|
||||
RESTIC_REPOSITORY: "rest:https://datacoop:{{ restic_secrets.user_secret }}@restic.graffen.io/datacoop-hevonen"
|
||||
RESTIC_PASSWORD: "{{ restic_secrets.encryption_secret }}"
|
||||
TZ: Europe/copenhagen
|
25
roles/docker/tasks/services/thelounge.yml
Normal file
25
roles/docker/tasks/services/thelounge.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
|
||||
- name: thelounge volume
|
||||
docker_volume:
|
||||
name: thelounge
|
||||
|
||||
- name: upload thelounge config
|
||||
template:
|
||||
src: files/configs/thelounge.js
|
||||
dest: /var/lib/docker/volumes/thelounge/_data/config.js
|
||||
|
||||
- name: thelounge container
|
||||
docker_container:
|
||||
name: thelounge
|
||||
image: thelounge/lounge:latest
|
||||
restart_policy: always
|
||||
volumes:
|
||||
- thelounge:/home/lounge/data
|
||||
networks:
|
||||
- name: external_services
|
||||
- name: ldap
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ thelounge.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ thelounge.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
53
roles/docker/tasks/services/tt-rss.yml
Normal file
53
roles/docker/tasks/services/tt-rss.yml
Normal file
|
@ -0,0 +1,53 @@
|
|||
---
|
||||
- name: create tt-rss folders
|
||||
file:
|
||||
name: "{{ ttrss.volume_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "config"
|
||||
- "db"
|
||||
loop_control:
|
||||
loop_var: volume
|
||||
|
||||
- name: "set up tt-rss"
|
||||
docker_compose:
|
||||
project_name: "tt-rss"
|
||||
pull: yes
|
||||
definition:
|
||||
version: "3.6"
|
||||
services:
|
||||
ttrss_db:
|
||||
container_name: "ttrss_db"
|
||||
image: "postgres:11"
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- "ttrss"
|
||||
volumes:
|
||||
- "{{ ttrss.volume_folder }}/db:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: "ttrss"
|
||||
POSTGRES_PASSWORD: "{{ postgres_passwords.ttrss }}"
|
||||
|
||||
ttrss_app:
|
||||
container_name: ttrss_app
|
||||
image: "linuxserver/tt-rss"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- ttrss
|
||||
- external_services
|
||||
volumes:
|
||||
- "{{ ttrss.volume_folder }}/config:/config"
|
||||
environment:
|
||||
VIRTUAL_HOST: "{{ ttrss.domain }}"
|
||||
LETSENCRYPT_HOST: "{{ ttrss.domain }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
TZ: "Europe/Copenhagen"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
networks:
|
||||
external_services:
|
||||
external:
|
||||
name: external_services
|
||||
ttrss:
|
||||
name: "ttrss"
|
13
roles/docker/tasks/services/ulovliglogning-dk.yml
Normal file
13
roles/docker/tasks/services/ulovliglogning-dk.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
- name: setup ulovliglogning.dk website docker container
|
||||
docker_container:
|
||||
name: ulovliglogning_website
|
||||
restart_policy: unless-stopped
|
||||
image: ulovliglogning/ulovliglogning.dk:latest
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ ulovliglogning_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
57
roles/docker/tasks/services/websites.yml
Normal file
57
roles/docker/tasks/services/websites.yml
Normal file
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
|
||||
- name: setup data.coop website docker container
|
||||
docker_container:
|
||||
name: data.coop_website
|
||||
image: docker.data.coop/data-coop-website
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup new data.coop website using hugo
|
||||
docker_container:
|
||||
name: new.data.coop_website
|
||||
image: docker.data.coop/data-coop-website:hugo
|
||||
restart_policy: unless-stopped
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "new.{{ data_coop_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup cryptohagen.dk website docker container
|
||||
docker_container:
|
||||
name: cryptohagen_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptohagen-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptohagen_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
||||
|
||||
- name: setup cryptoaarhus.dk website docker container
|
||||
docker_container:
|
||||
name: cryptoaarhus_website
|
||||
restart_policy: unless-stopped
|
||||
image: docker.data.coop/cryptoaarhus-website
|
||||
networks:
|
||||
- name: external_services
|
||||
env:
|
||||
VIRTUAL_HOST : "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_HOST: "{{ cryptoaarhus_website.domains|join(',') }}"
|
||||
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||
labels:
|
||||
com.ouroboros.enable: "true"
|
160
roles/docker/templates/mailu.env.j2
Normal file
160
roles/docker/templates/mailu.env.j2
Normal file
|
@ -0,0 +1,160 @@
|
|||
# Mailu main configuration file
|
||||
#
|
||||
# Generated for compose flavor
|
||||
#
|
||||
# This file is autogenerated by the configuration management wizard.
|
||||
# For a detailed list of configuration variables, see the documentation at
|
||||
# https://mailu.io
|
||||
|
||||
###################################
|
||||
# Common configuration variables
|
||||
###################################
|
||||
|
||||
# Set this to the path where Mailu data and configuration is stored
|
||||
# This variable is now set directly in `docker-compose.yml by the setup utility
|
||||
# ROOT=/mailu
|
||||
|
||||
# Mailu version to run (1.0, 1.1, etc. or master)
|
||||
#VERSION=1.6
|
||||
|
||||
# Set to a randomly generated 16 bytes string
|
||||
SECRET_KEY={{ mailu_secret_key }}
|
||||
|
||||
# Address where listening ports should bind
|
||||
# This variables are now set directly in `docker-compose.yml by the setup utility
|
||||
# PUBLIC_IPV4= 127.0.0.1 (default: 127.0.0.1)
|
||||
# PUBLIC_IPV6= ::1 (default: ::1)
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
SUBNET={{ mailu.subnet }}
|
||||
|
||||
# Main mail domain
|
||||
DOMAIN=data.coop
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
HOSTNAMES=mail.data.coop
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
POSTMASTER=admin
|
||||
|
||||
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||
TLS_FLAVOR=mail
|
||||
|
||||
# Authentication rate limit (per source IP address)
|
||||
AUTH_RATELIMIT=120/minute;1200/hour
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
DISABLE_STATISTICS=False
|
||||
|
||||
###################################
|
||||
# Optional features
|
||||
###################################
|
||||
|
||||
# Expose the admin interface (value: true, false)
|
||||
ADMIN=true
|
||||
|
||||
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||
WEBMAIL=rainloop
|
||||
|
||||
# Dav server implementation (value: radicale, none)
|
||||
WEBDAV=radicale
|
||||
|
||||
# Antivirus solution (value: clamav, none)
|
||||
#ANTIVIRUS=clamav
|
||||
|
||||
#Antispam solution
|
||||
ANTISPAM=none
|
||||
|
||||
###################################
|
||||
# Mail settings
|
||||
###################################
|
||||
|
||||
# Message size limit in bytes
|
||||
# Default: accept messages up to 50MB
|
||||
# Max attachment size will be 33% smaller
|
||||
MESSAGE_SIZE_LIMIT=50000000
|
||||
|
||||
# Networks granted relay permissions
|
||||
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
||||
RELAYNETS=
|
||||
|
||||
# Will relay all outgoing mails if configured
|
||||
RELAYHOST=
|
||||
|
||||
# Fetchmail delay
|
||||
FETCHMAIL_DELAY=600
|
||||
|
||||
# Recipient delimiter, character used to delimiter localpart from custom address part
|
||||
RECIPIENT_DELIMITER=+
|
||||
|
||||
# DMARC rua and ruf email
|
||||
DMARC_RUA=admin
|
||||
DMARC_RUF=admin
|
||||
|
||||
# Welcome email, enable and set a topic and body if you wish to send welcome
|
||||
# emails to all users.
|
||||
WELCOME=false
|
||||
WELCOME_SUBJECT=Welcome to your new email account
|
||||
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
|
||||
|
||||
# Maildir Compression
|
||||
# choose compression-method, default: none (value: bz2, gz)
|
||||
COMPRESSION=
|
||||
# change compression-level, default: 6 (value: 1-9)
|
||||
COMPRESSION_LEVEL=
|
||||
|
||||
###################################
|
||||
# Web settings
|
||||
###################################
|
||||
|
||||
# Path to redirect / to
|
||||
WEBROOT_REDIRECT=/webmail
|
||||
|
||||
# Path to the admin interface if enabled
|
||||
WEB_ADMIN=/admin
|
||||
|
||||
# Path to the webmail if enabled
|
||||
WEB_WEBMAIL=/webmail
|
||||
|
||||
# Website name
|
||||
SITENAME=data.coop
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE=https://mail.data.coop
|
||||
|
||||
|
||||
|
||||
###################################
|
||||
# Advanced settings
|
||||
###################################
|
||||
|
||||
# Log driver for front service. Possible values:
|
||||
# json-file (default)
|
||||
# journald (On systemd platforms, useful for Fail2Ban integration)
|
||||
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
||||
# LOG_DRIVER=json-file
|
||||
|
||||
# Docker-compose project name, this will prepended to containers names.
|
||||
COMPOSE_PROJECT_NAME=mailu
|
||||
|
||||
# Default password scheme used for newly created accounts and changed passwords
|
||||
# (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
|
||||
PASSWORD_SCHEME=BLF-CRYPT
|
||||
|
||||
# Header to take the real ip from
|
||||
REAL_IP_HEADER=
|
||||
|
||||
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
||||
REAL_IP_FROM=
|
||||
|
||||
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
||||
REJECT_UNLISTED_RECIPIENT=
|
||||
|
||||
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
||||
LOG_LEVEL=WARNING
|
||||
|
||||
###################################
|
||||
# Database settings
|
||||
###################################
|
||||
DB_FLAVOR=postgresql
|
||||
DB_PW={{ postgres_passwords.mailu }}
|
|
@ -1,8 +1,18 @@
|
|||
---
|
||||
- name: Install necessary packages
|
||||
- name: Install necessary packages via apt
|
||||
apt:
|
||||
name: "{{ packages }}"
|
||||
vars:
|
||||
packages:
|
||||
- aptitude
|
||||
- python3-pip
|
||||
- apparmor
|
||||
- haveged
|
||||
|
||||
- name: Install necessary packages via pip
|
||||
pip:
|
||||
name: "{{ packages }}"
|
||||
vars:
|
||||
packages:
|
||||
- docker
|
||||
- docker-compose
|
Loading…
Reference in a new issue