reynir
/
ansible
forked from data.coop/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: reynir:82aa6f67aa16b67e4080a5905bb6da1889b6145b
Branches Tags
reynir:master
reynir:phanpy
reynir:gitea-enhancements
reynir:postfix-allowed_sender_domains
reynir:cryptoaarhus.dk
reynir:no-root-keys
reynir:reynir
reynir:add_vagrant_file
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password
..
compare: reynir:2f1c1887baf80b1f9dc7bfb23bb11b067318af10
Branches Tags
reynir:phanpy
reynir:gitea-enhancements
reynir:postfix-allowed_sender_domains
reynir:cryptoaarhus.dk
reynir:no-root-keys
reynir:reynir
reynir:master
reynir:add_vagrant_file
data.coop:main
data.coop:proxmox
data.coop:diun
data.coop:use_sudo
data.coop:woodpeckerci
data.coop:linting
data.coop:mailman
data.coop:listmonk
data.coop:sshd-password

No commits in common. "82aa6f67aa16b67e4080a5905bb6da1889b6145b" and "2f1c1887baf80b1f9dc7bfb23bb11b067318af10" have entirely different histories.
82aa6f67aa ... 2f1c1887ba

16 changed files with 67 additions and 77 deletions
Show Stats Expand all files Collapse all files

67
roles/docker/defaults/main.yml
View File

@ -9,59 +9,59 @@ services:
file: postfix.yml
domain: "smtp.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/postfix"
version: "v3.5.1-alpine"
version: v3.5.1-alpine
nginx_proxy:
file: nginx_proxy.yml
version: "1.0-alpine"
version: 1.0-alpine
volume_folder: "{{ volume_root_folder }}/nginx"
nginx_acme_companion:
version: "2.2"
version: 2.2
openldap:
file: openldap.yml
domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap"
version: "1.5.0"
version: 1.5.0
phpldapadmin:
version: "0.9.0"
version: 0.9.0
netdata:
file: netdata.yml
domain: "netdata.{{ base_domain }}"
version: "v1"
version: v1
portainer:
file: portainer.yml
domain: "portainer.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/portainer"
version: "2.16.2"
version: 2.16.2
keycloak:
file: keycloak.yml
domain: sso.{{ base_domain }}
volume_folder: "{{ volume_root_folder }}/keycloak"
version: "20.0"
postgres_version: "10"
version: 20.0
postgres_version: 10
allowed_sender_domain: true
restic:
file: restic_backup.yml
user: "datacoop"
domain: "restic.cannedtuna.org"
repository: "datacoop-hevonen"
version: "1.6.0"
user: datacoop
domain: restic.cannedtuna.org
repository: datacoop-hevonen
version: 1.6.0
disabled_in_vagrant: true
docker_registry:
file: docker_registry.yml
domain: "docker.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/docker-registry"
username: "docker"
username: docker
password: "{{ docker_password }}"
version: "2"
version: 2
### External services ###
@ -70,7 +70,7 @@ services:
domain: "cloud.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/nextcloud"
version: 25-apache
postgres_version: "10"
postgres_version: 10
redis_version: 7-alpine
allowed_sender_domain: true
@ -78,7 +78,7 @@ services:
file: gitea.yml
domain: "git.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/gitea"
version: 1.18
version: 1.18.0
allowed_sender_domain: true
passit:
@ -86,7 +86,7 @@ services:
domain: "passit.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/passit"
version: stable
postgres_version: 15-alpine
postgres_version: 10
allowed_sender_domain: true
matrix:
@ -94,7 +94,7 @@ services:
domain: "matrix.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/matrix"
version: v1.63.1
postgres_version: "10"
postgres_version: 10
allowed_sender_domain: true
riot:
@ -119,7 +119,7 @@ services:
file: hedgedoc.yml
domain: "pad.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/hedgedoc"
version: 1.9.6-alpine
version: 1.9.6
postgres_version: 10-alpine
data_coop_website:
@ -138,29 +138,24 @@ services:
domain: "2022.slides.{{ base_domain }}"
version: latest
fedi_dk_website:
file: websites/fedi.dk.yaml
domain: fedi.dk
version: latest
cryptohagen_website:
file: websites/cryptohagen.dk.yml
domains:
- "cryptohagen.dk"
- "www.cryptohagen.dk"
- cryptohagen.dk
- www.cryptohagen.dk
ulovliglogning_website:
file: websites/ulovliglogning.dk.yml
domains:
- "ulovliglogning.dk"
- "www.ulovliglogning.dk"
- "ulovlig-logning.dk"
- ulovliglogning.dk
- www.ulovliglogning.dk
- ulovlig-logning.dk
cryptoaarhus_website:
file: websites/cryptoaarhus.dk.yml
domains:
- "cryptoaarhus.dk"
- "www.cryptoaarhus.dk"
- cryptoaarhus.dk
- www.cryptoaarhus.dk
drone:
file: drone.yml
@ -189,8 +184,12 @@ services:
file: rallly.yml
domain: "when.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/rallly"
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
<<<<<<< HEAD
version: ac55701890cd866ee946deb25e2b2839fb14900e
postgres_version: 14-alpine
=======
version: e4482a1edb2fb56292d07ee8811a24f2a0d6b114
>>>>>>> main
allowed_sender_domain: true
pinafore:
@ -201,7 +200,7 @@ services:
membersystem:
file: membersystem.yml
domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li"
django_admins: Vidir:valberg@orn.li
version: latest
postgres_version: 13-alpine
allowed_sender_domain: true

11
roles/docker/tasks/services/keycloak.yml
View File

@ -26,16 +26,7 @@
- "keycloak"
- "postfix"
- "external_services"
command:
- "start"
- "--db=postgres"
- "--db-url=jdbc:postgresql://postgres:5432/keycloak"
- "--db-username=keycloak"
- "--db-password={{ postgres_passwords.keycloak }}"
- "--hostname={{ services.keycloak.domain }}"
- "--proxy=edge"
- "--https-port=8080"
- "--http-relative-path=/auth"
command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ services.keycloak.domain }} --proxy=edge --https-port=8080 --http-relative-path=/auth"
environment:
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
VIRTUAL_PORT: "8080"

2
roles/docker/tasks/services/membersystem.yml
View File

@ -33,6 +33,8 @@
CSRF_TRUSTED_ORIGINS: "https://{{ services.membersystem.domain }}"
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
DEFAULT_FROM_EMAIL: "noreply@{{ services.membersystem.domain }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
postgres:
image: "postgres:{{ services.membersystem.postgres_version }}"

4
roles/docker/tasks/services/netdata.yml
View File

@ -21,3 +21,7 @@
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
PGID: "999"
labels:
com.centurylinklabs.watchtower.enable: "true"

9
roles/docker/tasks/services/passit.yml
View File

@ -1,12 +1,5 @@
# vim: ft=yaml.ansible
---
- name: Create directory for Passit data
file:
name: "{{ services.passit.volume_folder }}/data"
owner: '70'
group: root
state: directory
- name: setup passit containers
docker_compose:
project_name: "passit"
@ -26,7 +19,7 @@
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
passit_app:
image: "passit/passit@sha256:c4b96bc67222936f58f344d5dd1020227ad8e11ad5f82ed3cbf0bcfa8fe9b2e7" #:{{ services.passit.version }}"
image: "passit/passit:{{ services.passit.version }}"
command: "bin/start.sh"
restart: "always"
networks:

2
roles/docker/tasks/services/pinafore.yml
View File

@ -12,3 +12,5 @@
VIRTUAL_PORT: "4002"
LETSENCRYPT_HOST: "{{ services.pinafore.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

4
roles/docker/tasks/services/rallly.yml
View File

@ -33,6 +33,8 @@
interval: 5s
timeout: 5s
retries: 5
labels:
com.centurylinklabs.watchtower.enable: "true"
rallly:
image: "lukevella/rallly:{{ services.rallly.version }}"
@ -51,6 +53,8 @@
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"
networks:
rallly_internal:

4
roles/docker/tasks/services/restic_backup.yml
View File

@ -11,7 +11,7 @@
image: mazzolino/restic:{{ services.restic.version }}
restart: always
environment:
RUN_ON_STARTUP: "false"
RUN_ON_STARTUP: "true"
BACKUP_CRON: "0 30 3 * * *"
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
@ -32,7 +32,7 @@
restic-prune:
image: "mazzolino/restic:{{ services.restic.version }}"
environment:
RUN_ON_STARTUP: "false"
RUN_ON_STARTUP: "true"
PRUNE_CRON: "0 0 4 * * *"
RESTIC_REPOSITORY: "rest:https://{{ services.restic.user }}:{{ restic_secrets.user_password }}@{{ services.restic.domain }}/{{ services.restic.repository }}"
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"

9
roles/docker/tasks/services/watchtower.yml
View File

@ -7,8 +7,9 @@
restart_policy: unless-stopped
networks:
- name: external_services
env:
WATCHTOWER_POLL_INTERVAL: "60"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/root/.docker/config.json:/config.json:ro"
- /var/run/docker.sock:/var/run/docker.sock
- "{{ services.docker_registry.volume_folder }}/auth/config.json:/config.json"
env:
WATCHTOWER_LABEL_ENABLE: "true"
WATCHTOWER_POLL_INTERVAL: "60"

3
roles/docker/tasks/services/websites/2022.slides.data.coop.yml
View File

@ -17,3 +17,6 @@
- NET_ADMIN
devices:
- "/dev/net/tun"
labels:
com.centurylinklabs.watchtower.enable: "true"

2
roles/docker/tasks/services/websites/cryptoaarhus.dk.yml
View File

@ -11,3 +11,5 @@
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

2
roles/docker/tasks/services/websites/cryptohagen.dk.yml
View File

@ -11,3 +11,5 @@
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

2
roles/docker/tasks/services/websites/data.coop.yml
View File

@ -21,3 +21,5 @@
VIRTUAL_HOST : "{{ services.data_coop_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.data_coop_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

19
roles/docker/tasks/services/websites/fedi.dk.yaml
View File

@ -1,19 +0,0 @@
# vim: ft=yaml.ansible
---
- name: setup fedi.dk website with unipi
docker_container:
name: fedi.dk_website
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
restart_policy: unless-stopped
purge_networks: yes
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: "--remote=https://git.data.coop/fedi.dk/website.git#main"
capabilities:
- NET_ADMIN
devices:
- "/dev/net/tun"

2
roles/docker/tasks/services/websites/new.data.coop.yml
View File

@ -11,3 +11,5 @@
VIRTUAL_HOST : "{{ services.new_data_coop_website.domain }}"
LETSENCRYPT_HOST: "{{ services.new_data_coop_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"

2
roles/docker/tasks/services/websites/ulovliglogning.dk.yml
View File

@ -11,3 +11,5 @@
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains|join(',') }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
labels:
com.centurylinklabs.watchtower.enable: "true"