forked from data.coop/ansible
Compare commits
504 Commits
Author | SHA1 | Date |
---|---|---|
Sam A. | e633ca13b4 | |
Víðir Valberg Guðmundsson | 92ca044d06 | |
Víðir Valberg Guðmundsson | 41116063a2 | |
valberg | 1bfa6bdd1d | |
Reynir Björnsson | 9a03f71252 | |
reynir | 00927a19df | |
Reynir Björnsson | a0988aa05d | |
Víðir Valberg Guðmundsson | 4112bb73b6 | |
Víðir Valberg Guðmundsson | e30f1d57d5 | |
reynir | ebf3608bdc | |
Reynir Björnsson | ce030b2dea | |
Reynir Björnsson | 4f129168c6 | |
Reynir Björnsson | d468e49830 | |
Reynir Björnsson | ae497f0284 | |
Reynir Björnsson | ac64706fcb | |
Reynir Björnsson | 9fb16d3a69 | |
Reynir Björnsson | 6982d0feaa | |
Sam A. | 1b68766cd6 | |
Sam A. | d90b769640 | |
Sam A. | f792bf3dd1 | |
Víðir Valberg Guðmundsson | 266f990d1a | |
Víðir Valberg Guðmundsson | 241d63494f | |
Víðir Valberg Guðmundsson | 4c65521447 | |
valberg | a95c3ea17e | |
Reynir Björnsson | 590597b137 | |
Sam A. | d05a504e61 | |
Sam A. | a99b39824c | |
Sam A. | 7aae344da0 | |
Víðir Valberg Guðmundsson | 26b98681fc | |
Víðir Valberg Guðmundsson | 542268ffc6 | |
Víðir Valberg Guðmundsson | 54a63ca069 | |
Sam A. | 46ffcd792c | |
Víðir Valberg Guðmundsson | 068d3bd444 | |
Sam A. | 39fffe71ae | |
Sam A. | 0fdfd2e76f | |
Sam A. | 9164b39906 | |
Sam A. | 88c4d99fc0 | |
Sam A. | 7ef64bd132 | |
Sam A. | a3b5f5520d | |
Sam A. | dfcca8a3e9 | |
Sam A. | f627d1cf32 | |
Sam A. | c7289b4c5a | |
Sam A. | bd074929ac | |
Sam A. | e426c3d6c5 | |
Sam A. | 3b8c526da1 | |
Víðir Valberg Guðmundsson | 27321a16a2 | |
valberg | 0166d2434d | |
Víðir Valberg Guðmundsson | 6e4b3e4aa4 | |
Víðir Valberg Guðmundsson | 04d4e38751 | |
Sam A. | 4082c6fde3 | |
Sam A. | 85e1da3cbf | |
Sam A. | 15fa5d6215 | |
Sam A. | 2966e6715b | |
Sam A. | 5ae78bcd17 | |
Sam A. | 3dc4e14c15 | |
Sam A. | af6a130695 | |
Sam A. | 98fcc2d634 | |
Sam A. | 3ac2d83971 | |
Sam A. | 3001317e20 | |
Sam A. | 301d1b7719 | |
Sam A. | f8b4e49f7f | |
Sam A. | d0b23d4ef5 | |
Sam A. | 6cb06d43f1 | |
Sam A. | 62f548d05b | |
Sam A. | f067a1b6c2 | |
Sam A. | 52b1d1ccd2 | |
Sam A. | f50831460c | |
Sam A. | 728455f42a | |
Sam A. | 85aa718480 | |
Sam A. | a47440b6b5 | |
Sam A. | 3098e1e320 | |
Sam A. | 656fb6baab | |
Sam A. | 28992b66af | |
Sam A. | 136b675ccd | |
Sam A. | ddb9629dea | |
Víðir Valberg Guðmundsson | 1449185591 | |
Víðir Valberg Guðmundsson | 191ba1e011 | |
Sam A. | 2629c7c2f9 | |
Sam A. | 927d1e31ee | |
Sam A. | d662ae321e | |
Sam A. | 0272b93527 | |
Sam A. | a372c1a980 | |
Víðir Valberg Guðmundsson | c50bccfada | |
Sam A. | 4e6f18311d | |
Sam A. | a741a0c26c | |
Sam A. | bb145efff2 | |
Sam A. | 2a74df91f1 | |
Sam A. | 085bb1dfe7 | |
Benjamin Bach | 4d09c1ec11 | |
Sam A. | f9946e72ca | |
Sam A. | 9126fd8d61 | |
Sam A. | fc74fa0a3b | |
Sam A. | 1ebaef9f59 | |
Sam A. | e2a6d19a32 | |
Sam A. | ec73fb702c | |
Sam A. | 7d8b96cef0 | |
Sam A. | 9920676155 | |
Víðir Valberg Guðmundsson | 8c24a02a43 | |
Sam A. | 7d13fc5302 | |
Sam A. | ef7c00b748 | |
Sam A. | 863b285b07 | |
Sam A. | c5857d0ba8 | |
Sam A. | f5ffd21dd3 | |
Sam A. | de67592d6e | |
Víðir Valberg Guðmundsson | bc4868cd8e | |
Víðir Valberg Guðmundsson | 1a3ba48c07 | |
Sam A. | 96f65c02da | |
Víðir Valberg Guðmundsson | 604c67e28f | |
Víðir Valberg Guðmundsson | 30b52c2747 | |
Víðir Valberg Guðmundsson | b2b949ee98 | |
Sam A. | d8d0d32838 | |
Sam A. | d2681c27a0 | |
Sam A. | f1df97ca04 | |
Sam A. | 493062b00a | |
Sam A. | 863cd56001 | |
Sam A. | f7afe5ba00 | |
Sam A. | f9049451e9 | |
Sam A. | b5d980510d | |
Sam A. | b042d555b6 | |
Sam A. | 98d57e4cfa | |
Sam A. | b1f1db5b30 | |
Sam A. | 9cc70decab | |
Sam A. | 04799e4a8f | |
reynir | 2ca0b8daba | |
Reynir Björnsson | 77e4d90589 | |
Sam A. | 9a255c692c | |
Reynir Björnsson | 3bddaaa22c | |
Sam A. | 5cae83c557 | |
Sam A. | e9410c4f8f | |
Reynir Björnsson | ef5ef78ccb | |
Sam A. | 9d4c7be801 | |
Reynir Björnsson | 32f25aeb8f | |
Sam A. | 2d11a664b4 | |
Sam A. | 9a4912f9b5 | |
Sam A. | 2d85dec774 | |
Reynir Björnsson | 82aa6f67aa | |
Sam A. | 31b2bcd35e | |
Sam A. | b7307c3e8e | |
Sam A. | b3c2f36a9d | |
Sam A. | be450fc8b8 | |
Sam A. | 593dddd00e | |
Sam A. | 16aec98808 | |
Sam A. | a5d59b9336 | |
Sam A. | 388e0526ca | |
valberg | b445d7db17 | |
Sam A. | 7ca168ae03 | |
Sam A. | 209ccf9916 | |
Sam A. | f81fab3d11 | |
Sam A. | 9733794292 | |
Sam A. | 2f1c1887ba | |
Sam A. | 34f95f31e4 | |
Sam A. | a246dbf497 | |
Sam A. | 58f3df7ed0 | |
Sam A. | 1bbf1edf57 | |
Sam A. | 035c683f67 | |
Sam A. | 99e2d04829 | |
Víðir Valberg Guðmundsson | 5b2f460cad | |
Sam A. | 5bcba6fa59 | |
Sam A. | f02440048c | |
Sam A. | b6f30af8ba | |
Víðir Valberg Guðmundsson | a7776ab30a | |
Sam A. | a10b07fa2c | |
Sam A. | 231af48a40 | |
Sam A. | d6ce46e2f2 | |
Sam A. | ad9a42f223 | |
Sam A. | 44eb59fb86 | |
Sam A. | 2485c25dc1 | |
Sam A. | 35d0844bd7 | |
Sam A. | a3d5c70c06 | |
Sam A. | 7d889b4f02 | |
Sam A. | 9c559e3322 | |
Sam A. | a1ac25b56d | |
Sam A. | f1737bb9c8 | |
Reynir Björnsson | 7851fe3522 | |
Reynir Björnsson | 3fb8ecb72f | |
Sam A. | 8fc0a97d23 | |
Sam A. | 64ec448fc0 | |
Sam A. | b1c9113cb7 | |
Sam A. | 76df6320a4 | |
reynir | 99f9615ef2 | |
Sam A. | 3b8c475bb1 | |
Sam A. | 019b646caa | |
Sam A. | cf756ee881 | |
Sam A. | 000216d74d | |
Sam A. | cd03e98f10 | |
Sam A. | cff82acd9f | |
Sam A. | bbd6b6f8da | |
Sam A. | 2c9c501562 | |
Sam A. | 0dcc0a6d75 | |
reynir | 51c8acc119 | |
Víðir Valberg Guðmundsson | 73bf2d41ba | |
Sam A. | c4f3911400 | |
Víðir Valberg Guðmundsson | 759ea93dd3 | |
benjaoming | 97e5f264f9 | |
Sam A. | 6cd0eadade | |
Sam A. | 09215e117a | |
Sam A. | 789caed704 | |
Sam A. | 6a29cdc84d | |
reynir | bd9c134e07 | |
Sam A. | 3f036ac0ea | |
Sam A. | bef767ebd8 | |
Sam A. | 3b7732031c | |
Sam A. | 93b1ed60ae | |
Sam A. | 59dae865c5 | |
reynir | e45eb02208 | |
Sam A. | a1e8203d55 | |
Sam A. | ab1f170790 | |
Sam A. | c8d603b6aa | |
Sam A. | f3fd5c7c74 | |
Sam A. | e983499f9b | |
Sam A. | 7c7379c42c | |
Sam A. | a89140ef51 | |
Sam A. | bb920407f3 | |
Sam A. | 1356aa54c8 | |
Sam A. | 7962a75481 | |
Sam A. | 4611d890f7 | |
Sam A. | 5945d6847f | |
Víðir Valberg Guðmundsson | 8b1b3e1e3c | |
valberg | d15e7e562f | |
Sam A. | e328c558cf | |
Sam A. | 62d5a3ccca | |
Sam A. | 44b5f91eef | |
Sam A. | fa603b07d9 | |
Sam A. | 67a8c3d1a2 | |
Sam A. | 439a538c14 | |
Sam A. | 814a268965 | |
Sam A. | 5a63e8e1a8 | |
Víðir Valberg Guðmundsson | 124d8660db | |
Sam A. | 74dfcfb5e8 | |
Sam A. | 221ddd987f | |
Sam A. | 687bff35e9 | |
Sam A. | 9261cb1952 | |
Sam A. | 1f61909605 | |
Sam A. | d9de1efc9a | |
Sam A. | 2fa5bf4982 | |
Víðir Valberg Guðmundsson | 78b15ddcc4 | |
Víðir Valberg Guðmundsson | d6766e601a | |
Víðir Valberg Guðmundsson | cbc209c381 | |
Víðir Valberg Guðmundsson | f040880c26 | |
Víðir Valberg Guðmundsson | 394e158c51 | |
Víðir Valberg Guðmundsson | 14d97ee7a6 | |
Sam A. | fc7ca37b07 | |
Sam A. | 71cc3e2241 | |
Sam A. | d53c6d41dc | |
Sam A. | 9852a42470 | |
Sam A. | efbdcc9a5a | |
Sam A. | e0c0163aae | |
Sam A. | fe4b3ede81 | |
Sam A. | 8180a736f7 | |
reynir | 728cffc453 | |
Víðir Valberg Guðmundsson | 31a73f48fb | |
Víðir Valberg Guðmundsson | d467084fb7 | |
Sam A. | 20b977eacb | |
Sam A. | e917636d05 | |
Sam A. | 1ebfab5abf | |
Sam A. | 12effe5673 | |
Sam A. | c9ab9f0c66 | |
Sam A. | e5dcfea003 | |
Sam A. | 27b918b46b | |
Sam A. | 5d26e1cdea | |
Sam A. | a4a06d8a58 | |
Víðir Valberg Guðmundsson | 2c9dce8600 | |
Víðir Valberg Guðmundsson | 4bc69b49bb | |
reynir | bcbe0a8285 | |
reynir | a92d840ce0 | |
Reynir Björnsson | 5a54eb6b1e | |
Reynir Björnsson | c802777867 | |
Reynir Björnsson | a03263b1f5 | |
Sam A. | 52ead4fee5 | |
Sam A. | 58dbf9ff22 | |
Sam A. | ba44677cf3 | |
Sam A. | fc0c0c5036 | |
valberg | 5b2e2c0f60 | |
Sam A. | 42e1900715 | |
Sam A. | d597a956ff | |
Sam A. | 5f718e1027 | |
Reynir Björnsson | 536441d24b | |
Sam A. | bf60417904 | |
Víðir Valberg Guðmundsson | aecb929dbb | |
valberg | f905696264 | |
Sam A. | d4f8fbcebe | |
Víðir Valberg Guðmundsson | 0e7cc20bce | |
valberg | 57f05d7d81 | |
Sam A. | cc2fab6ad7 | |
Víðir Valberg Guðmundsson | a81862fd8b | |
Víðir Valberg Guðmundsson | e85b119bfe | |
Víðir Valberg Guðmundsson | dcb2e8be05 | |
valberg | f0ca964c5b | |
Sam A. | dc51b62872 | |
Sam A. | dd6b29bccd | |
Sam A. | f71d534afe | |
Víðir Valberg Guðmundsson | b043b95353 | |
Reynir Björnsson | 8f9196ce60 | |
Jesper Hess | 74883a564d | |
Reynir Björnsson | f0979ec654 | |
Víðir Valberg Guðmundsson | 73adef15f9 | |
Víðir Valberg Guðmundsson | 9f3a6c67ff | |
Víðir Valberg Guðmundsson | e68145bc5e | |
Reynir Björnsson | 326393aadb | |
Víðir Valberg Guðmundsson | a6420830e4 | |
Víðir Valberg Guðmundsson | e806ffc3ad | |
Víðir Valberg Guðmundsson | 7b60ae1c28 | |
Víðir Valberg Guðmundsson | 371237b9f8 | |
reynir | 09b05bf657 | |
Reynir Björnsson | 442bb4ad58 | |
Jesper Hess | a8287a712b | |
Jesper Hess | ed9c742aed | |
Jesper Hess | b07cf84dd3 | |
Jesper Hess | 997779d627 | |
Jesper Hess | c6a3cb5150 | |
Jesper Hess | 964a6c0793 | |
Jesper Hess | 70dff33044 | |
Jesper Hess | 57f6e9ad4f | |
Jesper Hess | 515861c206 | |
Sam A. | 2e3cd4c8b0 | |
Víðir Valberg Guðmundsson | 1417c9dbf6 | |
valberg | 40afe51998 | |
Víðir Valberg Guðmundsson | 29971520d5 | |
Víðir Valberg Guðmundsson | e74753cab4 | |
Reynir Björnsson | 0aeb0fef96 | |
Reynir Björnsson | c0ec5c3853 | |
Reynir Björnsson | 3791e1351a | |
Reynir Björnsson | 25eab11d12 | |
Reynir Björnsson | 5d745e0cde | |
Reynir Björnsson | 54a38114d6 | |
benjaoming | 17d4513b97 | |
Reynir Björnsson | 36534604c1 | |
Reynir Björnsson | d73cc9e28f | |
Reynir Björnsson | 554024f2b2 | |
Reynir Björnsson | ac455beac0 | |
valberg | 1680ab0fc9 | |
valberg | 499bd20ad1 | |
Reynir Björnsson | e3156c7c01 | |
Reynir Björnsson | 6e57f1d0c2 | |
Jesper Hess | 04b3fb4baa | |
Jesper Hess | c2f1f10e0d | |
Reynir Björnsson | 9e0fcfc4a7 | |
Reynir Björnsson | 68c82a785b | |
Jesper Hess | 682e205c0b | |
Jesper Hess | e64c858df8 | |
Jesper Hess | c0bd431d3c | |
Jesper Hess | a5a2d38b0c | |
Jesper Hess | c34d9fcb90 | |
Jesper Hess | 5294b5f230 | |
Jesper Hess | 270b7aa0e1 | |
Jesper Hess | b6c2db6434 | |
Jesper Hess | 2af5165349 | |
Jesper Hess | ca6c3a96a1 | |
Jesper Hess | e6ee76ddde | |
Jesper Hess | 19e7a397e3 | |
Jesper Hess | 2c8482a5ab | |
Jesper Hess | 3999db2eff | |
Reynir Björnsson | 43f39c981d | |
Jesper Hess | b39df6003b | |
Jesper Hess | 0ef4f972ed | |
Jesper Hess | 9b1dc31163 | |
Reynir Björnsson | 62cc00bea7 | |
Víðir Valberg Guðmundsson | 30b9580d3c | |
Víðir Valberg Guðmundsson | 9e5c18f839 | |
Víðir Valberg Guðmundsson | 068502773e | |
valberg | fbebeef57b | |
Jesper Hess | a692e7d2cb | |
Jesper Hess | 406e19a95c | |
Víðir Valberg Guðmundsson | cec959a47e | |
valberg | c8cc5b7534 | |
Jesper Hess | 9ae295896f | |
Jesper Hess | 6d2fbdbbb6 | |
Jesper Hess | 3fe7d162aa | |
Jesper Hess | 86de1fd24e | |
Víðir Valberg Guðmundsson | a4966e74fe | |
valberg | cf6fe970eb | |
Jesper Hess | f5293c016d | |
reynir | e9f1d800a1 | |
Reynir Björnsson | fe5fa81f44 | |
Jesper Hess | bb5c77e602 | |
Jesper Hess | 21e2b743ef | |
Reynir Björnsson | 8d88016efd | |
Jesper Hess | 2ac2d8b8da | |
Reynir Björnsson | a78641674d | |
Reynir Björnsson | 03cde007bc | |
reynir | d40b3ad9ab | |
reynir | 5738a8c40f | |
Jesper Hess | 5559a2c776 | |
Carl Bordum Hansen | 653a0603d5 | |
Reynir Björnsson | 9a0fe69789 | |
Jesper Hess | 8bec174a46 | |
Jesper Hess | 3e098546ef | |
Jesper Hess | e7d69cd6df | |
Jesper Hess | 7926c861b2 | |
Reynir Björnsson | d49a57792f | |
Jesper Hess | 99cb94c94a | |
Jesper Hess | ad243a5777 | |
Vidir Valberg Gudmundsson | 4cf48f13c0 | |
Jesper Hess | 5a5bb50e09 | |
Rasmus Lundsgaard Christiansen | d49b943fd2 | |
Jesper Hess | 4f07b8edb2 | |
Jesper Hess | 09617dd35a | |
Jesper Hess | 98d4ab69cc | |
Jesper Hess | b454583e2c | |
Jesper Hess | f2a6aab2fe | |
Jesper Hess | e0f01bb78e | |
Vidir Valberg Gudmundsson | d51edc2922 | |
Vidir Valberg Gudmundsson | 47d7abe631 | |
Vidir Valberg Gudmundsson | 6e94ac766b | |
Jesper Hess | 5f1bbae3de | |
Jesper Hess | cd2424999f | |
Jesper Hess | 4e0332cc79 | |
Jesper Hess | ef3e0993da | |
valberg | 625e83e0d3 | |
Jesper Hess | 1adc11e9c4 | |
Jesper Hess | 447b82326c | |
Jesper Hess | edfd530afe | |
Jesper Hess | 67443d23d4 | |
Denis Smajlović | 9195016a40 | |
valberg | 2e5dc7158d | |
Reynir Björnsson | 6331805793 | |
Jesper Hess | 97fe0e16ef | |
Jesper Hess | 3f2c7b1547 | |
Jesper Hess | 71664653b0 | |
Jesper Hess | 57cf5103c5 | |
Jesper Hess | 5566be7da9 | |
Jesper Hess | 70632c26c2 | |
Jesper Hess | fb67e038a8 | |
Jesper Hess | 999f266af5 | |
Jesper Hess | e42937736e | |
Jesper Hess | ba28b1eb0c | |
Jesper Hess | 1f69fdc3b4 | |
Víðir Valberg Guðmundsson | ada37f206a | |
Víðir Valberg Guðmundsson | 8b10f40edd | |
Jesper Hess | 59319938b8 | |
Jesper Hess | be65327ea9 | |
Jesper Hess | 0775a77979 | |
Jesper Hess | fff9f1e9da | |
Jesper Hess | fb0efacf40 | |
Jesper Hess | 8b5e8a276b | |
Jesper Hess | 05eb677c3f | |
Víðir Valberg Guðmundsson | a43c52e71e | |
Jesper Hess | 02aa4e185f | |
Reynir Björnsson | 1ad44e19d3 | |
Víðir Valberg Guðmundsson | 6ffdac0c25 | |
Víðir Valberg Guðmundsson | d0dd46e4f2 | |
valberg | 85f60399d9 | |
Víðir Valberg Guðmundsson | 6488abf0af | |
Víðir Valberg Guðmundsson | 8a0a2bf0a0 | |
Víðir Valberg Guðmundsson | ae78c942d7 | |
Jesper Hess | 0f398cef3f | |
Jesper Hess | d5602af999 | |
Jesper Hess | 0c5ed48600 | |
Jesper Hess | ae2873e4d9 | |
Jesper Hess | 4db622313d | |
Jesper Hess | fef1951d57 | |
Jesper Hess | 1f8b1827ff | |
Jesper Hess | 55c8e77254 | |
Jesper Hess | 2f413b3e99 | |
Jesper Hess | 9ff11808ce | |
Jesper Hess | 0c1e94323c | |
Jesper Hess | 787f47d45e | |
Víðir Valberg Guðmundsson | f5bc79e636 | |
Víðir Valberg Guðmundsson | f734e7608b | |
Víðir Valberg Guðmundsson | d25555d107 | |
Jesper Hess | 1cd9b67b4e | |
Jesper Hess | 24a3f4ab3d | |
Jesper Hess | 454fc751d2 | |
Jesper Hess | e30f05d3e4 | |
Jesper Hess | ea8804d31c | |
Jesper Hess | e118b30873 | |
Jesper Hess | 1400b18930 | |
Jesper Hess | 3b596c5701 | |
Jesper Hess | 92baab22a9 | |
Jesper Hess | eb36b822b3 | |
Jesper Hess | 53046bb85f | |
Jesper Hess | df913b2622 | |
Víðir Valberg Guðmundsson | 14e72b2a5c | |
Víðir Valberg Guðmundsson | 200304dd17 | |
Víðir Valberg Guðmundsson | e5427616dc | |
valberg | 8d1f3a4955 | |
Víðir Valberg Guðmundsson | 3a2ac5cb6b | |
Jesper Hess | dcf8fe8087 | |
Víðir Valberg Guðmundsson | fce600d56c | |
Víðir Valberg Guðmundsson | 3def4b490b | |
Jesper Hess | 6a47214cd6 | |
Jesper Hess | c7fe698bc2 | |
Jesper Hess | 26792454f4 | |
Jesper Hess | ca183eaf4d | |
Jesper Hess | d9921adae0 | |
Víðir Valberg Guðmundsson | 79149a4cba | |
Jesper Hess | 7a1e2c4b02 | |
Jesper Hess | 83935a8649 | |
Víðir Valberg Guðmundsson | fefbabcc33 | |
valberg | 0675539530 | |
Víðir Valberg Guðmundsson | 027c18f070 | |
Jesper Hess | 76a0b411e9 | |
Jesper Hess | 6805197c31 | |
Jesper Hess | ec930a6f0f | |
Jesper Hess | 8066a0e67d | |
Jesper Hess | f30f07eacb | |
Jesper Hess | e371b11e84 | |
Jesper Hess | 3d09c8592f | |
Jesper Hess | ac7b6a17cb | |
Jesper Hess | 5f1e4e02ef | |
Víðir Valberg Guðmundsson | f97eb0e8ed | |
Víðir Valberg Guðmundsson | 05f5628de2 | |
Víðir Valberg Guðmundsson | 69d53c26e9 | |
Víðir Valberg Guðmundsson | b2a532c258 |
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
# .ansible-lint
|
||||||
|
|
||||||
|
profile: null # min, basic, moderate,safety, shared, production
|
||||||
|
|
||||||
|
# exclude_paths included in this file are parsed relative to this file's location
|
||||||
|
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
|
||||||
|
# option are parsed relative to the CWD of execution.
|
||||||
|
exclude_paths:
|
||||||
|
- .cache/ # implicit unless exclude_paths is defined in config
|
||||||
|
- .github/
|
||||||
|
- test/fixtures/formatting-before/
|
||||||
|
- test/fixtures/formatting-prettier/
|
||||||
|
# parseable: true
|
||||||
|
# quiet: true
|
||||||
|
# strict: true
|
||||||
|
# verbosity: 1
|
||||||
|
|
||||||
|
# Mock modules or roles in order to pass ansible-playbook --syntax-check
|
||||||
|
mock_modules:
|
||||||
|
- zuul_return
|
||||||
|
# note the foo.bar is invalid as being neither a module or a collection
|
||||||
|
- fake_namespace.fake_collection.fake_module
|
||||||
|
- fake_namespace.fake_collection.fake_module.fake_submodule
|
||||||
|
mock_roles:
|
||||||
|
- mocked_role
|
||||||
|
- author.role_name # old standalone galaxy role
|
||||||
|
- fake_namespace.fake_collection.fake_role # role within a collection
|
||||||
|
|
||||||
|
# Enable checking of loop variable prefixes in roles
|
||||||
|
loop_var_prefix: "{role}_"
|
||||||
|
|
||||||
|
# Enforce variable names to follow pattern below, in addition to Ansible own
|
||||||
|
# requirements, like avoiding python identifiers. To disable add `var-naming`
|
||||||
|
# to skip_list.
|
||||||
|
# var_naming_pattern: "^[a-z_][a-z0-9_]*$"
|
||||||
|
|
||||||
|
use_default_rules: true
|
||||||
|
# Load custom rules from this specific folder
|
||||||
|
# rulesdir:
|
||||||
|
# - ./rule/directory/
|
||||||
|
|
||||||
|
# Ansible-lint completely ignores rules or tags listed below
|
||||||
|
skip_list:
|
||||||
|
- skip_this_tag
|
||||||
|
|
||||||
|
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
|
||||||
|
# You must enable opt-in rules by listing each rule 'id' below.
|
||||||
|
enable_list:
|
||||||
|
- empty-string-compare # opt-in
|
||||||
|
- no-log-password # opt-in
|
||||||
|
- no-same-owner # opt-in
|
||||||
|
# add yaml here if you want to avoid ignoring yaml checks when yamllint
|
||||||
|
# library is missing. Normally its absence just skips using that rule.
|
||||||
|
- yaml
|
||||||
|
# Report only a subset of tags and fully ignore any others
|
||||||
|
# tags:
|
||||||
|
# - jinja[spacing]
|
||||||
|
|
||||||
|
# Ansible-lint does not fail on warnings from the rules or tags listed below
|
||||||
|
warn_list:
|
||||||
|
- skip_this_tag
|
||||||
|
- experimental # experimental is included in the implicit list
|
||||||
|
# - role-name
|
||||||
|
# - yaml[document-start] # you can also use sub-rule matches
|
||||||
|
|
||||||
|
# Some rules can transform files to fix (or make it easier to fix) identified
|
||||||
|
# errors. `ansible-lint --write` will reformat YAML files and run these transforms.
|
||||||
|
# By default it will run all transforms (effectively `write_list: ["all"]`).
|
||||||
|
# You can disable running transforms by setting `write_list: ["none"]`.
|
||||||
|
# Or only enable a subset of rule transforms by listing rules/tags here.
|
||||||
|
# write_list:
|
||||||
|
# - all
|
||||||
|
|
||||||
|
# Offline mode disables installation of requirements.yml
|
||||||
|
offline: false
|
||||||
|
|
||||||
|
# Return success if number of violations compared with previous git
|
||||||
|
# commit has not increased. This feature works only in git
|
||||||
|
# repositories.
|
||||||
|
progressive: false
|
||||||
|
|
||||||
|
# Define required Ansible's variables to satisfy syntax check
|
||||||
|
extra_vars:
|
||||||
|
foo: bar
|
||||||
|
multiline_string_variable: |
|
||||||
|
line1
|
||||||
|
line2
|
||||||
|
complex_variable: ":{;\t$()"
|
||||||
|
|
||||||
|
# Uncomment to enforce action validation with tasks, usually is not
|
||||||
|
# needed as Ansible syntax check also covers it.
|
||||||
|
# skip_action_validation: false
|
||||||
|
|
||||||
|
# List of additional kind:pattern to be added at the top of the default
|
||||||
|
# match list, first match determines the file kind.
|
||||||
|
kinds:
|
||||||
|
# - playbook: "**/examples/*.{yml,yaml}"
|
||||||
|
# - galaxy: "**/folder/galaxy.yml"
|
||||||
|
# - tasks: "**/tasks/*.yml"
|
||||||
|
# - vars: "**/vars/*.yml"
|
||||||
|
# - meta: "**/meta/main.yml"
|
||||||
|
- yaml: "**/*.yaml-too"
|
||||||
|
|
||||||
|
# List of additional collections to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_collections:
|
||||||
|
# - example_ns.example_collection
|
||||||
|
|
||||||
|
# List of additions modules to allow in only-builtins rule.
|
||||||
|
# only_builtins_allow_modules:
|
||||||
|
# - example_module
|
|
@ -1,4 +1,6 @@
|
||||||
playbook.retry
|
*.retry
|
||||||
*.sw*
|
*.sw*
|
||||||
.vagrant/
|
.vagrant/
|
||||||
*.log
|
*.log
|
||||||
|
.idea/
|
||||||
|
venv/
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
repos:
|
||||||
|
|
||||||
|
#- repo: https://github.com/semaphor-dk/dansabel
|
||||||
|
# rev: b72c70351d1a9e32a75db505fcb3aa414f3282f8
|
||||||
|
# hooks:
|
||||||
|
# - id: dansabel
|
||||||
|
|
||||||
|
- repo: https://github.com/ansible/ansible-lint
|
||||||
|
rev: v6.9.0
|
||||||
|
hooks:
|
||||||
|
- id: ansible-lint
|
||||||
|
files: \.(yaml|yml)$
|
||||||
|
additional_dependencies:
|
||||||
|
- ansible
|
|
@ -0,0 +1,12 @@
|
||||||
|
init: create_venv install_pre_commit install_ansible_galaxy_modules
|
||||||
|
|
||||||
|
create_venv:
|
||||||
|
python3 -m venv venv
|
||||||
|
venv/bin/pip install -U pip
|
||||||
|
venv/bin/pip install ansible pre-commit
|
||||||
|
|
||||||
|
install_pre_commit:
|
||||||
|
venv/bin/pre-commit install
|
||||||
|
|
||||||
|
install_ansible_galaxy_modules:
|
||||||
|
venv/bin/ansible-galaxy collection install community.general
|
|
@ -0,0 +1,108 @@
|
||||||
|
# data.coop infrastructure
|
||||||
|
|
||||||
|
This repository contains the code used to deploy data.coop's services
|
||||||
|
and websites. We use Ansible to encode our infrastructure setup. Only
|
||||||
|
the association's administrators have access to deploy the services.
|
||||||
|
|
||||||
|
## Deploying
|
||||||
|
|
||||||
|
To deploy the services, the included `deploy.sh` script can be used. The
|
||||||
|
Ansible playbook uses two custom-made roles (in the `roles/` directory):
|
||||||
|
|
||||||
|
- `ubuntu_base` - used to configure the host itself and install the
|
||||||
|
necessary packages
|
||||||
|
- `docker` - used to deploy our services and websites with Docker
|
||||||
|
containers
|
||||||
|
|
||||||
|
The script has options to deploy only one of the roles. Select services
|
||||||
|
only can also be specified. By default, the script deploys everything.
|
||||||
|
|
||||||
|
Here is a summary of the options that can be used with the script:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# deploy everything
|
||||||
|
./deploy.sh
|
||||||
|
|
||||||
|
# deploy the ubuntu_base role only
|
||||||
|
./deploy.sh base
|
||||||
|
|
||||||
|
# deploy user setup only
|
||||||
|
./deploy.sh users
|
||||||
|
|
||||||
|
# deploy the docker role only
|
||||||
|
./deploy.sh services
|
||||||
|
|
||||||
|
# deploy SINGLE_SERVICE Docker service only
|
||||||
|
./deploy.sh services SINGLE_SERVICE
|
||||||
|
```
|
||||||
|
|
||||||
|
`SINGLE_SERVICE` should match one of the service names in the `services`
|
||||||
|
dictionary in `roles/docker/defaults/main.yml` (e.g. `gitea` or
|
||||||
|
`data_coop_website`).
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
In order for us to be able to test our setup locally, we use Vagrant to
|
||||||
|
deploy the services in a virtual machine. To do this, Vagrant and
|
||||||
|
VirtualBox must both be installed on the development machine. Then, the
|
||||||
|
services can be deployed locally by using the `vagrant` command-line
|
||||||
|
tool. The working directory needs to be the root of the repository for
|
||||||
|
this to work properly.
|
||||||
|
|
||||||
|
> Note: As our secrets are contained in an Ansible Vault file, only the
|
||||||
|
> administrators have the ability to run the deployment in Vagrant.
|
||||||
|
> However, one could replace the vault file for testing purposes.
|
||||||
|
|
||||||
|
Here is a summary of the commands that are available with the `vagrant`
|
||||||
|
command-line tool:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# Create and provision the VM
|
||||||
|
vagrant up
|
||||||
|
|
||||||
|
# Re-provision the VM
|
||||||
|
vagrant provision
|
||||||
|
|
||||||
|
# SSH into the VM
|
||||||
|
vagrant ssh
|
||||||
|
|
||||||
|
# Power down the VM
|
||||||
|
vagrant halt
|
||||||
|
|
||||||
|
# Power down and delete the VM
|
||||||
|
vagrant destroy
|
||||||
|
```
|
||||||
|
|
||||||
|
The `vagrant` command-line tool does not support supplying extra
|
||||||
|
variables to Ansible on runtime, so to be able to deploy only parts of
|
||||||
|
the Ansible playbook to Vagrant, the `deploy.sh` script can be used with
|
||||||
|
the `--vagrant` flag. Here are some examples:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# deploy the ubuntu_base role only in the Vagrant VM
|
||||||
|
./deploy.sh --vagrant base
|
||||||
|
|
||||||
|
# deploy SINGLE_SERVICE Docker service only in the Vagrant VM
|
||||||
|
./deploy.sh --vagrant services SINGLE_SERVICE
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that the `--vagrant` flag should be the first argument when using
|
||||||
|
the script.
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
If you want to contribute, you can fork the repository and submit a pull
|
||||||
|
request. We use a pre-commit hook for linting the YAML files before
|
||||||
|
every commit, so please use that. To initialize pre-commit, you need to
|
||||||
|
have Python and GNU make installed. Then, just run the following shell
|
||||||
|
command:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
make init
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nice tools
|
||||||
|
|
||||||
|
- [J2Live](https://j2live.ttl255.com/): A live Jinja2 parser, nice to
|
||||||
|
test out filters
|
||||||
|
|
|
@ -1,23 +1,38 @@
|
||||||
Vagrant.require_version ">= 1.7.0"
|
Vagrant.require_version ">= 2.0.0"
|
||||||
|
PORT = 19022
|
||||||
|
|
||||||
|
def provisioned?(vm="default", provider="virtualbox")
|
||||||
|
File.exist?(".vagrant/machines/#{vm}/#{provider}/action_provision")
|
||||||
|
end
|
||||||
|
|
||||||
Vagrant.configure(2) do |config|
|
Vagrant.configure(2) do |config|
|
||||||
|
config.vm.network :private_network, ip: "192.168.56.10"
|
||||||
|
config.vm.network :forwarded_port, guest: PORT, host: PORT
|
||||||
|
|
||||||
config.vm.define "datacoop" do |datacoop|
|
config.vm.box = "ubuntu/focal64"
|
||||||
datacoop.vm.box = "ubuntu/bionic64"
|
config.vm.hostname = "datacoop"
|
||||||
datacoop.vm.hostname = "datacoop"
|
|
||||||
datacoop.vm.provider "virtualbox" do |v|
|
config.vm.provider :virtualbox do |v|
|
||||||
v.memory = 4096
|
v.cpus = 8
|
||||||
end
|
v.memory = 16384
|
||||||
datacoop.vm.network "private_network", ip: "192.168.0.42"
|
end
|
||||||
datacoop.vm.provision "ansible" do |ansible|
|
|
||||||
ansible.verbose = "v"
|
config.vm.provision :ansible do |ansible|
|
||||||
ansible.compatibility_mode = "2.0"
|
ansible.compatibility_mode = "2.0"
|
||||||
ansible.playbook = "playbook.yml"
|
ansible.playbook = "playbook.yml"
|
||||||
ansible.host_vars = {
|
ansible.ask_vault_pass = true
|
||||||
"datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"}
|
ansible.verbose = "v"
|
||||||
|
|
||||||
|
# If the VM is already provisioned, we need to use the new port
|
||||||
|
if provisioned?
|
||||||
|
config.ssh.guest_port = PORT
|
||||||
|
ansible.extra_vars = {
|
||||||
|
ansible_port: PORT,
|
||||||
|
from_vagrant: true
|
||||||
}
|
}
|
||||||
ansible.groups = {
|
else
|
||||||
"all" => ["datacoop"]
|
ansible.extra_vars = {
|
||||||
|
from_vagrant: true
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,2 +1,8 @@
|
||||||
[defaults]
|
[defaults]
|
||||||
remote_user = root
|
ask_vault_pass = True
|
||||||
|
inventory = datacoop_hosts
|
||||||
|
interpreter_python = /usr/bin/python3
|
||||||
|
remote_user = root
|
||||||
|
retry_files_enabled = True
|
||||||
|
use_persistent_connections = True
|
||||||
|
forks = 10
|
||||||
|
|
|
@ -1,16 +1,5 @@
|
||||||
######################################
|
[production]
|
||||||
### All hosts
|
hevonen.servers.data.coop ansible_port=19022
|
||||||
10.1.1.198 ansible_python_interpreter=/usr/bin/python3
|
|
||||||
10.1.1.199 ansible_python_interpreter=/usr/bin/python3
|
|
||||||
|
|
||||||
######################################
|
[monitoring]
|
||||||
### Application servers
|
uptime.data.coop
|
||||||
[servers]
|
|
||||||
10.1.1.198
|
|
||||||
10.1.1.199
|
|
||||||
|
|
||||||
[datacoop1]
|
|
||||||
10.1.1.198
|
|
||||||
|
|
||||||
[datacoop2]
|
|
||||||
10.1.1.199
|
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
usage () {
|
||||||
|
{
|
||||||
|
echo "Usage: $0 [--vagrant]"
|
||||||
|
echo "Usage: $0 [--vagrant] base"
|
||||||
|
echo "Usage: $0 [--vagrant] users"
|
||||||
|
echo "Usage: $0 [--vagrant] services [SERVICE]"
|
||||||
|
} >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
BASE_CMD="ansible-playbook playbook.yml"
|
||||||
|
|
||||||
|
if [ "$1" = "--vagrant" ]; then
|
||||||
|
BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
|
||||||
|
VAGRANT_VAR="from_vagrant"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then
|
||||||
|
echo "Installing community.general modules"
|
||||||
|
ansible-galaxy collection install community.general
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "Deploying all!"
|
||||||
|
$BASE_CMD
|
||||||
|
else
|
||||||
|
case $1 in
|
||||||
|
"services")
|
||||||
|
if [ -z "$2" ]; then
|
||||||
|
echo "Deploying all services!"
|
||||||
|
eval "$BASE_CMD --tags setup_services $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
|
else
|
||||||
|
echo "Deploying service: $2"
|
||||||
|
$BASE_CMD --tags setup_services --extra-vars '{"single_service": "'"$2"'"'"$(test -z "$VAGRANT_VAR" || printf '%s' ', "'"$VAGRANT_VAR"'": true')"'}'
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
"base")
|
||||||
|
eval "$BASE_CMD --tags base_only $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
|
;;
|
||||||
|
"users")
|
||||||
|
eval "$BASE_CMD --tags setup-users $(test -z "$VAGRANT_VAR" || printf '%s' "$VAGRANT_VAR=true")"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
users:
|
|
||||||
graffen:
|
|
||||||
comment: Jesper Hess Nielsen
|
|
||||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbxFVukt5TIzoB0HX2q8b8lHJmXD1juzsWOu5XkexVDlCsvupa1cZ/OVkrIEAbDKk6RmJQj0TJ2O5+v9hbf0TDi0Pi+V8ADZIgO+OW5a4EeXsU72a4CN0nEocQhUPfQuC4IU+F7icoG2/I9jXg7U6p1LhBr8vlC3cNHnrH3yqrakrUR51/iRVIwo4FKvQg7jutaKTyOjlYa1uTdaczvAzNHWEdytCQgFnkzpR9fHvzkA79qHUD9n32rIpJicRJsHY3NnyDGfBcDv+4sLq15sM9jN83duGnSuMMtZgfSriwMUd/UwVReU2ZKxjMLe3WHB7+ZE/p39OJk/gjVfWJVh/za1/teTAwaLLmxh/HFt+AVYWkCj22fUxscl0dh2zy6Ki1Ua3ApChn6v6Gvng6khobFlxawSJZ49+0KoAl1qqFMR1o9EGWvqgDPuITAqJFN+ik0jxcxfmKrG3mbOYM1ikhJd0ER8wbS8e6NowHUBV7PUyDqxP5VM2gum58IYrDqaP2RYYi9vWWnXJJA8J1t+Wp3bF7fdktyVgkd7HQk02uVkxdMQQ802GCrQQuvJhWTCzrgkgrjPY8p0KcbCNt6jYQOUKV0T2vp6PbTJ5XWKb5u7gVXW1xiP9dYzgAr0DroiTK4xIuF80mv1Rfst0ceHAIQVcQ3GcGbh000QUYzbHT2Q== openpgp:0x265EE03C (Graffen)
|
|
||||||
password: $6$6bgPWZ76LvB$DZ3ipFsFtL2b1nSC0AQ63k8ibJidyIE9iIsWWzY0fux0ynz9L/o7b2sR2XYSaDuG.jewFV36IGStTF3NCZRC30
|
|
||||||
groups:
|
|
||||||
- sudo
|
|
||||||
|
|
||||||
valberg:
|
|
||||||
comment: Vidir Valberg Gudmundsson
|
|
||||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
|
||||||
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
|
|
||||||
groups:
|
|
||||||
- sudo
|
|
|
@ -0,0 +1,170 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
30613439636234396439623634656338666330643936373563656336323831353464353239353661
|
||||||
|
6234316535383838653865643964353033623935313432630a666563316534343733363464396635
|
||||||
|
34396664643137643136633837656432623633383361633336343562333039326538393034616637
|
||||||
|
6634613631636433610a663835343739376534356133323163343132323233643135613333313132
|
||||||
|
65373233666535366137343839363938303561653731633038376631386161653038613631396364
|
||||||
|
33636131636536306134346336636332393436303063306262333430613137376438626133353963
|
||||||
|
66396332363335333436623335613966323730616139353762656662386530356435623831656632
|
||||||
|
30333363376132653362323339386437346134323232363336363461323332613962613131386264
|
||||||
|
37383435653061653466613834346430656632626338316564656136666266353231363661666461
|
||||||
|
32646461313365626232376536376463313531613861363462643062326538326234613332646430
|
||||||
|
33383438613961623134343665383638346164653031363435656162306163653232353162343431
|
||||||
|
38333239393332613466663231383932316330376535383466643233326134623530306361393639
|
||||||
|
63386530643733393033646139613730313239313866343730643337393533366330373363353338
|
||||||
|
62313739613531636166663135646262396334373538636634393534616337363337323630666261
|
||||||
|
39643164363437653661633666376431303662396431633661663933343666613234326637636231
|
||||||
|
38383537333532326636343366343564646630363838323162373339323365666262303836636232
|
||||||
|
31343637616261636130656637393633383165353332346239323063646162306235313962363935
|
||||||
|
64633639653261363563646664393630666564646165393736363562623231626634326163306630
|
||||||
|
37613635306136643334616364303439323332666431386264623265323636623738303364396636
|
||||||
|
37626161363466646166633434333265623236633033666562643264303662333363396631646638
|
||||||
|
36626636363261313966393235313866353936323064343331626362306162323166323063656433
|
||||||
|
63303762346330323031353034356162373433356436663134373930633634366330653233613139
|
||||||
|
63363639343833616431633765613938623037323961623663336662666135313466303661316133
|
||||||
|
39353664633036323031373862393530653433373062623233313965653735353566306538393439
|
||||||
|
30366162663138326535346639393337393362366630343266643035353465663332333539613337
|
||||||
|
30666666363134313239306231356663343166363137366636643931313039333732383833313036
|
||||||
|
37393064396662623063613462336363386336393839313465323062646535373733326338353766
|
||||||
|
31666639303836316266343764336462343765363930326338313635336633323662366238356264
|
||||||
|
38613631313434383830333031643938393566633236383861633266326336653033663163336132
|
||||||
|
61313132643062666434346333653234393865656463343363313636613364616361353561343739
|
||||||
|
38313231333431303664323730626162613264343630356438336636373739653234336666646438
|
||||||
|
37636437623336323461613063396137396533353265333034333435306666636261353933613232
|
||||||
|
65363632383039666666323030323830333534376362326136313232393732613166303461383933
|
||||||
|
62303166396533616538666566356238393265663163343264333664393936613066313665616137
|
||||||
|
38613030623937633730646461666233333035323661363835313161613930336237396332623338
|
||||||
|
30666166636662613130363430333436613532326437393730376536353963356633393736303065
|
||||||
|
31393534646537323037316664313438643836386333613961663031383231663932633934656461
|
||||||
|
62313163616635626131663961326438396439383432346337386261313330343330353637376330
|
||||||
|
38346532396533326135303264613361663836646163623630323832653032396237353966663661
|
||||||
|
36353365313962663832393333336138346335363832396535346336643565366465643565616638
|
||||||
|
63616565356663623531323935393334326639626236353338643237343764366464666131393332
|
||||||
|
64396665343535323339383434366133613235313866653663313639633930323864646536346232
|
||||||
|
65316465643662376264373536393232326666663335316631376433343062646361376165363732
|
||||||
|
66326165643163333737313139386461363431353239626236366238343035386663363435366464
|
||||||
|
31633738336263633961306436613233303861633263343030336637373165663261316632663537
|
||||||
|
31613636663163323365303038373134306264343831326264326261633834393366623061616262
|
||||||
|
63393463333833393636666232626662643738653634306364326231343830633834643664353730
|
||||||
|
37346131346263356539363630363230626364663161643064323538396131636633623866383939
|
||||||
|
66346434323935353632633837363530663438636539616130633532346236343661633766383434
|
||||||
|
34343339646662393030323661623665643432376365633435666333316439356631386234303062
|
||||||
|
35346631656230346565323130333765663933373638303639363530373431343232393864656639
|
||||||
|
33666433366131396464323137393239653531376662646235343962613639343831636261326265
|
||||||
|
65663564613766313634653938316339306434663463623563316431633234323330623738646636
|
||||||
|
37643535623664323433626561383462393033343232303838333930653366376536353765613036
|
||||||
|
35663165623265616630373161336632646435613331373166303632373633313865386134636362
|
||||||
|
61636134343839643735636461626663626237613262316564646339323933363864303935353834
|
||||||
|
39396637646264633736366336616336643032313237653662646331383963366533373766356539
|
||||||
|
35306165306534393463663332336430336635666135643561303935386635393838323865623162
|
||||||
|
36323565616232353261303139623465646234313136383436376162376165303664613164356162
|
||||||
|
33373237333666616135636231653637396330663930663962636161326664333261343737343735
|
||||||
|
37313465396130653138613539376436373237343138636535626632326435383234326466363235
|
||||||
|
34646663653038396630353637636166346261346233333632363361326536383634663433613564
|
||||||
|
35633864343630333033613133626635313931333031643564396164393135346131343832363861
|
||||||
|
61366664363838653438653137383933386233633836323332643531303936353237623734666135
|
||||||
|
31356166613664636634336536343032646239643130346564303162356431346539646336323339
|
||||||
|
61626236346535336638353134353838333434663838303730613363393365633739383563613434
|
||||||
|
64336331306639323061386338656361653636353831346237373134346538623464343562393735
|
||||||
|
39333764343139333133393233626564643266373034623764633835383561366265636632633937
|
||||||
|
62343635343161363231653138613263313562366439316435633964396161343566316435303465
|
||||||
|
39666236316339653839313333396264623636663561653932386638366366663933353761353162
|
||||||
|
61343038383939396231346534336361306430373564353633653139306334623630343738636430
|
||||||
|
66376631366662313131646130363530323232383535333163363466636262363461633232343532
|
||||||
|
63626430336261353861633362396638643937623832386638626334663333363637393637373939
|
||||||
|
64303039666432303535636265613564376139333331653336666563663238366639393366363334
|
||||||
|
36303635633933333832396562373965653361303034653139643466656534326231383162336366
|
||||||
|
31656138656539383539396462326134333331653131306537643962653762373035343235333233
|
||||||
|
34373730623663346430303962653061623330653263393633383835663739663961326566323036
|
||||||
|
30336365616532303362396230616531386639333636336332366335613935623836616134393033
|
||||||
|
62653535396630383436393631396337336163323361663930323532633666663238333366383462
|
||||||
|
36393261376262643336643761613731643032626632646332366661626331333233363436613937
|
||||||
|
34653731666137313733653863396164323963383037353265373532303137623037343733616537
|
||||||
|
66336433343334626536323639636139653931383466633833326234633332613431353432343561
|
||||||
|
36626339656536383862623833633634356435393764316633353135326639623534366538313330
|
||||||
|
62633333303266613630326330333336353264343937393864393239623664323366373565383334
|
||||||
|
37383237376664643065383834633961366632643261343635336335353765353863323131653866
|
||||||
|
31326531303461323736303730623638663863353939636437636231636437323730656463633733
|
||||||
|
65383934343534383631363162363830386365313935663337366335326131393262353030663765
|
||||||
|
30643665383332613030336439346332363135366232303166623534333637366133656437643231
|
||||||
|
30306634636430643864363561316334383530613165326663326665613633636237353830393334
|
||||||
|
62653333623563626131666166646335663334393662336337333836376631303631666136376332
|
||||||
|
37316537356531346464623363653033306537636239633065646533643239653063613835363665
|
||||||
|
30383139326465613864316533643033333430326230646334353364633138666532353736313265
|
||||||
|
34623733613864646661353730666433613961643261346166303264386435643565373565323864
|
||||||
|
61346465336231613865363263303034396439346163393534666439666437353266323565653032
|
||||||
|
39386439646438313938356237643831643434666161383632316530356465616632313235643834
|
||||||
|
33303865653836303632656663366465333331616634313863656438393838636631313364633637
|
||||||
|
38646230643734393733663261326161376536643237626130353831363731306231313864613066
|
||||||
|
34623239396362336639363163313161323065653461363563353631613730373830643133336464
|
||||||
|
31336439636361363539383539323631303462633833353032373530333539336538363033383363
|
||||||
|
32613733623839623938326165356237313165383366646233393933393965613363666532646434
|
||||||
|
63316133613130313363303537366230646235663130313538333761633237383262316633366364
|
||||||
|
65373664616237316534613831313966623939396331626334313430386638653461386334363939
|
||||||
|
35333339643837666264356535643365353331393437313866643034663934336466336534343035
|
||||||
|
61313837666662343363613962623462333935353837333336363839623466303534303837396634
|
||||||
|
38656330666661356235626130303538666533666563323936633564383164633834353831306634
|
||||||
|
36343836353464623962333362353133386563343831336463646635646263383832666232323736
|
||||||
|
38613730316634373365343938623237356231643931303333366462373134383137366339613662
|
||||||
|
62643832323734363635643634373066303366306366663036623139393761636533326130313336
|
||||||
|
30316536396466383463393233363035393335343565323635333665346464366139626165636661
|
||||||
|
39363066643437613537653836636363376532643038363063383234353066313737663061363334
|
||||||
|
38306563613561663165623630366135303332636133343733343836383865613661393761333031
|
||||||
|
62653162626461616564643138613737623632313739393962396439306133646138303936636435
|
||||||
|
39393663653865363166316365376562353461633163353734343132343831386434653037323732
|
||||||
|
36356162356336616330636630376438636165653439376137313934663939376639396266323962
|
||||||
|
37383736333536653438363963316435326632393966383534326337303336386135616636363936
|
||||||
|
35393331313938653830646332376631623763383439623633396433633739663038313264323835
|
||||||
|
33373664313562366664363630316132643465363964383339363339656237323465626262306364
|
||||||
|
33306133373065303135613235623262396365363634316365356364373561363762666235666430
|
||||||
|
62336362643564313238363933623366396138646237336336623062326161326536323534326364
|
||||||
|
39316162643966616436343737313434616230346237346237363962653033613930623462386431
|
||||||
|
38343662356665383763633034393236613733643430313937326335356466376139653533333965
|
||||||
|
39386138623134666132663837616637376362303561393133656139653438386363613965393661
|
||||||
|
36343566643931393061373031343331336463643034383065383763663234373438383064303232
|
||||||
|
64666236313935346237666466333562613935646163653331303661386138313739326538353935
|
||||||
|
64323737323532663731353136336138633533386464616362333838396332323563353537613430
|
||||||
|
33633631326238366166346437316638363161386562383630623466386564323266333033313461
|
||||||
|
63666535363034613232346239636233623130393032353030363334333531646238373262323765
|
||||||
|
61373739396162643661353031613663353531653836323730326166383463613330333966336233
|
||||||
|
30386136346466336361303237303534373064353230653238363231633530613866663461643465
|
||||||
|
30396266356164353063323432663561396564636231346534366661663766613634376235356637
|
||||||
|
39313839616336666461313431326430333932623262333437386464636264373430653566386631
|
||||||
|
64653866623662363864376663613136306165393863346533303634623936373835633864313462
|
||||||
|
61333562646233303232623861366634383466633537383831626334356561353637663038643531
|
||||||
|
39386635326366646134333231653737653630356135396634326537633232333166616161653136
|
||||||
|
33393562383233656564356530386465623239386666313964343534343466616134373132636631
|
||||||
|
39666365393063323838343963366339373434353839383039383238613133636237316365323861
|
||||||
|
30626330643665626465666338353030653839383234393237623633646566376361646536353233
|
||||||
|
31393235623561323765633835313139313538343761393064353632316335656231353930656437
|
||||||
|
31313639313931636633333230653730666638373864326239333561393134356632623138366131
|
||||||
|
65356462373336383039316131626562633330666363386631383663343838393435663538343934
|
||||||
|
65386339626362623664393532386131303234633466363437383236616463343831353862323961
|
||||||
|
39663835313234326137303965663963663761656531653437343234643634316565333762663139
|
||||||
|
65393830633237623031303234636134633539316131396135616237316266333437633861303831
|
||||||
|
62656630373763343366636635653033666630613533363365636261323661383364343161343439
|
||||||
|
35626531346665656263643461306261376238353033343032353731373861333239333862653231
|
||||||
|
31336562653133623163353230633331346237356534333534613161323462636639636662623435
|
||||||
|
63633035336662376636623339326433393035646539626231363762643532323463316263393736
|
||||||
|
62613038333733636362356636373331313661663830633433643039653233626261613739663836
|
||||||
|
38643030313338383266323134326337323334343230623331386664333937316266623134336362
|
||||||
|
61373037353664623863393233376264616438656332386130316361663665323135386463383763
|
||||||
|
33303633356133353439393664363630336133306364363430393232326665393339323265383630
|
||||||
|
31656463343064383837333630366465396633393465666235626330343937313630623039383465
|
||||||
|
63326361663238653035613935343932623237396362643833313731323830313962616362613539
|
||||||
|
32346165303930323739313837643933363863643937346561643930653530393636383036613235
|
||||||
|
61376166386563643733333233343437623630323632643463353131386461663936313065313562
|
||||||
|
31393032646262386634353436643466323731366631393136393433616332613036666163336635
|
||||||
|
37303365633338613630656463663533653336666562653236336264303238383930383132346365
|
||||||
|
35386662636439653930343738633265363635626132343030653462306431363234633635643537
|
||||||
|
61666363346430653131623762666564313665653262386332396532646339383136383337353863
|
||||||
|
38386632316632373338653535323335363265653563376330663239343861346563646366313039
|
||||||
|
33306364623536346339393566326533633133393866303535326535306435626531346264616138
|
||||||
|
34356231373561633337653663643566633632393330386564393966666365306565316135646163
|
||||||
|
63366365383839343134303635376233343865663631633331333230616630366633396231333435
|
||||||
|
30366137383238393139336433353764633038616238326136663636656132626538393565393130
|
||||||
|
38653765326137393136386233383636383165613235373437353730306564643033306534386666
|
||||||
|
61623538663537653166313264303533623162356134393333373732383535386261333535383039
|
||||||
|
65613166666230336265366335323434636336663835323034373930393430363065376665666337
|
||||||
|
35363265666130653830333536326433316639613638613730666139623137333736663535633032
|
||||||
|
33363135376636636536623731323134343237393633333038393364376237386165
|
|
@ -0,0 +1,57 @@
|
||||||
|
# These are the variables contained in secrets.yml
|
||||||
|
# Secrets are usually 32 characters or more, matching [a-Z0-9]
|
||||||
|
---
|
||||||
|
postgres_passwords:
|
||||||
|
nextcloud: xxx
|
||||||
|
passit: xxx
|
||||||
|
gitea: xxx
|
||||||
|
matrix: xxx
|
||||||
|
mailu: xxx
|
||||||
|
keycloak: xxx
|
||||||
|
hedgedoc: xxx
|
||||||
|
mastodon: xxx
|
||||||
|
rallly: xxx
|
||||||
|
membersystem: xxx
|
||||||
|
|
||||||
|
ldap_admin_password: xxx
|
||||||
|
ldap_config_password: xxx
|
||||||
|
|
||||||
|
passit_secret_key: xxx
|
||||||
|
|
||||||
|
docker_password: xxx
|
||||||
|
|
||||||
|
mailu_secret_key: xxx
|
||||||
|
|
||||||
|
nextcloud_secrets:
|
||||||
|
redis_password: xxx
|
||||||
|
|
||||||
|
drone_secrets:
|
||||||
|
oauth_client_id: xxx
|
||||||
|
oauth_client_secret: xxx
|
||||||
|
rpc_shared_secret: xxx
|
||||||
|
|
||||||
|
restic_secrets:
|
||||||
|
repository_password: xxx
|
||||||
|
ssh_privkey: xxx
|
||||||
|
uptime_kuma_url: xxx
|
||||||
|
|
||||||
|
matrix_secrets:
|
||||||
|
registration_shared_secret: xxx
|
||||||
|
macaroon_secret_key: xxx
|
||||||
|
form_secret: xxx
|
||||||
|
|
||||||
|
keycloak_secrets:
|
||||||
|
admin_user: xxx # used for setting up the initial admin user on first run
|
||||||
|
admin_password: xxx
|
||||||
|
|
||||||
|
mastodon_secrets:
|
||||||
|
secret_key_base: xxx
|
||||||
|
otp_secret: xxx
|
||||||
|
vapid_private_key: xxx
|
||||||
|
vapid_public_key: xxx
|
||||||
|
|
||||||
|
rallly_secrets:
|
||||||
|
secret_password: xxx
|
||||||
|
|
||||||
|
membersystem_secrets:
|
||||||
|
secret_key: xxx
|
|
@ -0,0 +1,35 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
users:
|
||||||
|
- name: graffen
|
||||||
|
comment: Jesper Hess Nielsen
|
||||||
|
password: '!'
|
||||||
|
groups: []
|
||||||
|
ssh_keys: []
|
||||||
|
|
||||||
|
- name: valberg
|
||||||
|
comment: Vidir Valberg Gudmundsson
|
||||||
|
password: $6$qt3G.E.CxhC$OwBDn4rZUbCz06HLEMBHjgvKjxiv/eeerbklTHi.gpHIn1OejzX3k2.0NM0Dforaw6Yn5Y8Cgn8kL2FdbQLZ3/
|
||||||
|
groups:
|
||||||
|
- sudo
|
||||||
|
ssh_keys:
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUmGeHc6QXDcJHkmVxbTUv04Q3vs20avquoGr6eOkkvYbcgjuFnBOOtvs2Nul1odcvvnHa1nN7DfL8XJamiwsB1B/xe2seaNS1axgwk9XowlVN9pgga8gsC+4gZWBtSObG2GR8n4NtPENzPmW5deNn8dRpTvULPMxZ0VRE9yNQOx8v8w85yYh+vxbbkWGVDYJU23yuJI50U9y6bXxNHinsACDFBeR/giXDlw29TaOaSxz0R6zrRPBoX+V68RyWwBL+KWQKtX2ULtJI40S98Ohd6p41bIxYHCBS/zroqNne8PjYOLcHHsjHUGfTvhcS5a3zdz/iHsvsaOOjFjsydAXH valberg
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4FRrbTpxwGdlF6RVi/thJaMlaEE0Z9YCQA4Y+KnHbBoVWMjzgbIkSWw3MM+E/iiVnix8SFh4tjDSdFjb8lCvHt/PqhMFhZJ02vhVgSwyU+Ji5ur23i202LB9ua54NLN4kNG8K47U0tKi2/EV6LWl2QdRviAcOUctz6u9XDkkMLUgPEYH384XSTRRj4GJ8+0LRzB2rXqetH3gBe9v1vlv0ETYWvzTnpfZUxcrrqEGtXV9Wa0BZoWLos2oKOsYVjNdLZMoFpmyBxPnqzAi1hr7beblFZKqBkvD7XA9RnERbZn1nxkWufVahppPjKQ+se3esWJCp6ri/vNP4WNKY3hiIoekBLbpvGcP1Te7cAIQXiZOilN92NKKYrzN2gAtsxgqGZw7lI1PE71luGdPir2Evl6hPj6/nnNdEHZWgcmBSPy17uCpVvZYBcDDzj8L3hbkLVQ3kcLZTz6I8BXvuGqoeLvRQpBtn5EaLpCCOmXuKqm+dzHzsOIwh+SA5NA8M3P0=
|
||||||
|
|
||||||
|
- name: reynir
|
||||||
|
comment: Reynir Björnsson
|
||||||
|
password: $6$MiPv.ZFlWnLHGNOb$jdQD9NaPMRUGaP2YHRJNwrMPBGl9qwK0HFhI6x51Xpn7hdzuC4GIwvOw1DJK33sNs/gGP5bWB0izviXkDcq7B0
|
||||||
|
groups:
|
||||||
|
- sudo
|
||||||
|
ssh_keys:
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJl8/rikIUnqr9fPF3rE0rjWHCNzte10LvkjGmpdO9ka/NubQ7O25fp08rC+n0d1pUooYwHBAgiv9Hsql6HF9QfNKNUp7IKp7CXWcjb4ga02kuzWGSXjm40Vf0jSadIrJ33M4SeJHTByDGoeYPQBQ7n+qHdwcqJADBQygBuc5sRzxm8i0sbmzF3DJDDVeTJjEY5pfR4vnJlpmU8SC2d1ZkhCjmKCsL0PShntTIt1ztCt0yO71KoHKaNPu1jutGxcU9u7J1pEqcPT6EzU/cQJ4DMVzrGp26nIV0msRl3NeGNjukwXOzAh6KmsmXG7yWFyQmLRqgc/bjUeyhuWJ10vwUbaYVeIef7YrgEOgnkYLIFeWRMhdnwtL/W8g1D66SFx7+iYJj180eTi8Lc8rZm2NaiGynvWlFcJ4PGdTYZsWcFzQ+SaDziNMw1H3IixxdlD8Shw9mxpijJ+A4dH2kkUXyGVsc13zRIU7hq9ax8nrw6HVLGFLn09rEPig+SkyWrqRpRGMBWyqTRJywIV6jk0ll+i8rJZA2McY0rABbACrzXT5VBj5dLKnnRITLDicAYgt7YuEiQ0ffErQrPXXHUVeI0QKnJgplSHxH5QsX9a1Y+NoaoditdMT2bjvEqROi+/JYRycLR/BQV/d2nFPhqwq1x1AFvL4f8UvVH/hxp3PXWw== reynir yubikey
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR8t/wNRp7Dt3wr9uZKVTofTDVYrcoQNru5ETxL+37t reynir@spurv
|
||||||
|
|
||||||
|
- name: samsapti
|
||||||
|
comment: Sam Al-Sapti
|
||||||
|
password: $6$18dN367fG162hQ9A$Aqkf3O24Ve1btzh1PPOPg3uyydv/AQYUxethcoB4klotebJq3/XsydYT7XBuarxfDccVwyPTMlsP3U8VfQpG60
|
||||||
|
groups:
|
||||||
|
- sudo
|
||||||
|
ssh_keys:
|
||||||
|
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
26
playbook.yml
26
playbook.yml
|
@ -1,17 +1,27 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: production
|
||||||
gather_facts: False
|
gather_facts: true
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
# Services are the names of the compose files in docker/files/composefiles
|
ldap_dn: "dc=data,dc=coop"
|
||||||
services:
|
|
||||||
- nginx-proxy
|
vagrant: "{{ from_vagrant is defined and from_vagrant }}"
|
||||||
- thelounge
|
letsencrypt_enabled: "{{ not vagrant }}"
|
||||||
- gitea
|
|
||||||
- nextcloud
|
base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
|
||||||
|
letsencrypt_email: "admin@{{ base_domain }}"
|
||||||
|
|
||||||
|
smtp_host: "postfix"
|
||||||
|
smtp_port: "587"
|
||||||
|
|
||||||
|
services_exclude:
|
||||||
|
- uptime_kuma
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_role:
|
- import_role:
|
||||||
name: ubuntu_base
|
name: ubuntu_base
|
||||||
|
tags:
|
||||||
|
- base_only
|
||||||
- import_role:
|
- import_role:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
|
@ -0,0 +1,227 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
volume_root_folder: "/docker-volumes"
|
||||||
|
volume_website_folder: "{{ volume_root_folder }}/websites"
|
||||||
|
|
||||||
|
services:
|
||||||
|
### Internal services ###
|
||||||
|
postfix:
|
||||||
|
domain: "smtp.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/postfix"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "v3.6.1-alpine"
|
||||||
|
|
||||||
|
nginx_proxy:
|
||||||
|
volume_folder: "{{ volume_root_folder }}/nginx"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "1.3-alpine"
|
||||||
|
acme_companion_version: "2.2"
|
||||||
|
|
||||||
|
openldap:
|
||||||
|
domain: "ldap.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/openldap"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "1.5.0"
|
||||||
|
phpldapadmin_version: "0.9.0"
|
||||||
|
|
||||||
|
netdata:
|
||||||
|
domain: "netdata.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/netdata"
|
||||||
|
version: "v1"
|
||||||
|
|
||||||
|
portainer:
|
||||||
|
domain: "portainer.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
|
version: "2.19.0"
|
||||||
|
|
||||||
|
keycloak:
|
||||||
|
domain: sso.{{ base_domain }}
|
||||||
|
volume_folder: "{{ volume_root_folder }}/keycloak"
|
||||||
|
version: "22.0"
|
||||||
|
postgres_version: "10"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
restic:
|
||||||
|
volume_folder: "{{ volume_root_folder }}/restic"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
remote_user: dc-user
|
||||||
|
remote_domain: rynkeby.skovgaard.tel
|
||||||
|
host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
|
||||||
|
repository: restic
|
||||||
|
version: "1.7.0"
|
||||||
|
disabled_in_vagrant: true
|
||||||
|
# mail dance
|
||||||
|
domain: "noreply.{{ base_domain }}"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
mail_from: "backup@noreply.{{ base_domain }}"
|
||||||
|
|
||||||
|
docker_registry:
|
||||||
|
domain: "docker.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/docker-registry"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
post_deploy_tasks: true
|
||||||
|
username: "docker"
|
||||||
|
password: "{{ docker_password }}"
|
||||||
|
version: "2"
|
||||||
|
|
||||||
|
### External services ###
|
||||||
|
nextcloud:
|
||||||
|
domain: "cloud.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/nextcloud"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: 28-apache
|
||||||
|
postgres_version: "10"
|
||||||
|
redis_version: 7-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
forgejo:
|
||||||
|
domain: "git.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/forgejo"
|
||||||
|
version: "1.21.8-0"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
passit:
|
||||||
|
domain: "passit.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/passit"
|
||||||
|
version: stable
|
||||||
|
postgres_version: 15-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
matrix:
|
||||||
|
domain: "matrix.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/matrix"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v1.98.0
|
||||||
|
postgres_version: 15-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
element:
|
||||||
|
domain: "element.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/element"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v1.11.51
|
||||||
|
|
||||||
|
privatebin:
|
||||||
|
domain: "paste.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/privatebin"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "20221009"
|
||||||
|
|
||||||
|
hedgedoc:
|
||||||
|
domain: "pad.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/hedgedoc"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: 1.9.9-alpine
|
||||||
|
postgres_version: 10-alpine
|
||||||
|
|
||||||
|
data_coop_website:
|
||||||
|
domain: "{{ base_domain }}"
|
||||||
|
www_domain: "www.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/datacoop"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: stable
|
||||||
|
staging_domain: "staging.{{ base_domain }}"
|
||||||
|
staging_version: staging
|
||||||
|
|
||||||
|
slides_2022_website:
|
||||||
|
domain: "2022.slides.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/slides-2022"
|
||||||
|
version: latest
|
||||||
|
|
||||||
|
fedi_dk_website:
|
||||||
|
domain: fedi.dk
|
||||||
|
volume_folder: "{{ volume_website_folder }}/fedidk"
|
||||||
|
version: latest
|
||||||
|
|
||||||
|
vhs_website:
|
||||||
|
domain: vhs.data.coop
|
||||||
|
volume_folder: "{{ volume_website_folder }}/vhs"
|
||||||
|
version: latest
|
||||||
|
|
||||||
|
cryptohagen_website:
|
||||||
|
domains:
|
||||||
|
- "cryptohagen.dk"
|
||||||
|
- "www.cryptohagen.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/cryptohagen"
|
||||||
|
|
||||||
|
ulovliglogning_website:
|
||||||
|
domains:
|
||||||
|
- "ulovliglogning.dk"
|
||||||
|
- "www.ulovliglogning.dk"
|
||||||
|
- "ulovlig-logning.dk"
|
||||||
|
- "www.ulovlig-logning.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/ulovliglogning"
|
||||||
|
|
||||||
|
cryptoaarhus_website:
|
||||||
|
domains:
|
||||||
|
- "cryptoaarhus.dk"
|
||||||
|
- "www.cryptoaarhus.dk"
|
||||||
|
volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
|
||||||
|
|
||||||
|
drone:
|
||||||
|
domain: "drone.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/drone"
|
||||||
|
version: "1"
|
||||||
|
|
||||||
|
mailu:
|
||||||
|
domain: "mail.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/mailu"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
dns: 192.168.203.254
|
||||||
|
subnet: 192.168.203.0/24
|
||||||
|
version: "2.0"
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
redis_version: alpine
|
||||||
|
|
||||||
|
mastodon:
|
||||||
|
domain: "social.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/mastodon"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
post_deploy_tasks: true
|
||||||
|
version: v4.2.8
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
redis_version: 6-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
rallly:
|
||||||
|
domain: "when.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/rallly"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "2"
|
||||||
|
postgres_version: 14-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
membersystem:
|
||||||
|
domain: "member.{{ base_domain }}"
|
||||||
|
django_admins: "Vidir:valberg@orn.li"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/membersystem"
|
||||||
|
version: latest
|
||||||
|
postgres_version: 13-alpine
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
writefreely:
|
||||||
|
domain: "write.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/writefreely"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: v0.15.0
|
||||||
|
mariadb_version: "11.2"
|
||||||
|
allowed_sender_domain: true
|
||||||
|
|
||||||
|
watchtower:
|
||||||
|
volume_folder: "{{ volume_root_folder }}/watchtower"
|
||||||
|
version: "1.5.3"
|
||||||
|
|
||||||
|
diun:
|
||||||
|
version: "4.27"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/diun"
|
||||||
|
|
||||||
|
### Uptime monitoring ###
|
||||||
|
uptime_kuma:
|
||||||
|
domain: "uptime.{{ base_domain }}"
|
||||||
|
status_domain: "status.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/uptime_kuma"
|
||||||
|
pre_deploy_tasks: true
|
||||||
|
version: "latest"
|
||||||
|
|
||||||
|
services_exclude: []
|
||||||
|
services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
|
|
@ -1,43 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
restart: always
|
|
||||||
image: postgres
|
|
||||||
networks:
|
|
||||||
- fider
|
|
||||||
volumes:
|
|
||||||
- /var/fider/pg_data:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
POSTGRES_USER: fider
|
|
||||||
POSTGRES_PASSWORD: "SOMESTRONGPASSWORD"
|
|
||||||
|
|
||||||
app:
|
|
||||||
restart: always
|
|
||||||
image: getfider/fider:stable
|
|
||||||
ports:
|
|
||||||
- "9999:3000"
|
|
||||||
networks:
|
|
||||||
- fider
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
GO_ENV: production
|
|
||||||
DATABASE_URL: postgres://fider:SOMESTRONGPASSWORD@db:5432/fider?sslmode=disable
|
|
||||||
JWT_SECRET: LONGRANDOMSTRING
|
|
||||||
|
|
||||||
EMAIL_NOREPLY: noreply@data.coop
|
|
||||||
EMAIL_SMTP_HOST: smtp.fastmail.com
|
|
||||||
EMAIL_SMTP_PORT: 587
|
|
||||||
EMAIL_SMTP_USERNAME: a_smtp_user
|
|
||||||
EMAIL_SMTP_PASSWORD: password_for_smtp_user
|
|
||||||
|
|
||||||
VIRTUAL_HOST: feedback.data.coop
|
|
||||||
LETSENCRYPT_HOST: feedback.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
|
|
||||||
networks:
|
|
||||||
fider:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,42 +0,0 @@
|
||||||
version: "2.3"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
gitea:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
services:
|
|
||||||
server:
|
|
||||||
image: gitea/gitea:latest
|
|
||||||
environment:
|
|
||||||
- USER_UID=1000
|
|
||||||
- USER_GID=1000
|
|
||||||
- VIRTUAL_HOST=gitea.local
|
|
||||||
- VIRTUAL_PORT=3000
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- gitea
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
- gitea:/data
|
|
||||||
ports:
|
|
||||||
- "3000:3000"
|
|
||||||
- "222:22"
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
|
|
||||||
db:
|
|
||||||
image: postgres:9.6
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=gitea
|
|
||||||
- POSTGRES_PASSWORD=gitea
|
|
||||||
- POSTGRES_DB=gitea
|
|
||||||
networks:
|
|
||||||
- gitea
|
|
||||||
volumes:
|
|
||||||
- postgres:/var/lib/postgresql/data
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
gitea:
|
|
||||||
postgres:
|
|
|
@ -1,38 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- db:/var/lib/postgresql/data
|
|
||||||
environment:
|
|
||||||
- POSTGRES_DB=nextcloud
|
|
||||||
- POSTGRES_USER=nextcloud
|
|
||||||
networks:
|
|
||||||
- nextcloud
|
|
||||||
app:
|
|
||||||
image: nextcloud
|
|
||||||
volumes:
|
|
||||||
- nextcloud:/var/www/html
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- POSTGRES_HOST=db
|
|
||||||
- POSTGRES_PASSWORD=hest
|
|
||||||
- POSTGRES_DB=nextcloud
|
|
||||||
- POSTGRES_USER=nextcloud
|
|
||||||
- VIRTUAL_HOST=nextcloud.local
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
ports:
|
|
||||||
- "80"
|
|
||||||
networks:
|
|
||||||
- nextcloud
|
|
||||||
- external_services
|
|
||||||
volumes:
|
|
||||||
nextcloud:
|
|
||||||
db:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
nextcloud:
|
|
|
@ -1,49 +0,0 @@
|
||||||
---
|
|
||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
nginx-proxy:
|
|
||||||
image: jwilder/nginx-proxy
|
|
||||||
container_name: nginx-proxy
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
- "443:443"
|
|
||||||
volumes:
|
|
||||||
- conf:/etc/nginx/conf.d
|
|
||||||
- vhost:/etc/nginx/vhost.d
|
|
||||||
- html:/usr/share/nginx/html
|
|
||||||
- dhparam:/etc/nginx/dhparam
|
|
||||||
- certs:/etc/nginx/certs:ro
|
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
|
|
||||||
letsencrypt:
|
|
||||||
image: jrcs/letsencrypt-nginx-proxy-companion
|
|
||||||
container_name: nginx-proxy-le
|
|
||||||
depends_on:
|
|
||||||
- nginx-proxy
|
|
||||||
volumes:
|
|
||||||
- vhost:/etc/nginx/vhost.d
|
|
||||||
- html:/usr/share/nginx/html
|
|
||||||
- dhparam:/etc/nginx/dhparam:ro
|
|
||||||
- certs:/etc/nginx/certs
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
environment:
|
|
||||||
- NGINX_PROXY_CONTAINER=nginx-proxy
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
conf:
|
|
||||||
vhost:
|
|
||||||
html:
|
|
||||||
dhparam:
|
|
||||||
certs:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
||||||
|
|
|
@ -1,61 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
openldap:
|
|
||||||
image: osixia/openldap:1.2.2
|
|
||||||
container_name: openldap
|
|
||||||
environment:
|
|
||||||
LDAP_LOG_LEVEL: "256"
|
|
||||||
LDAP_ORGANISATION: "data.coop"
|
|
||||||
LDAP_DOMAIN: "data.coop"
|
|
||||||
LDAP_BASE_DN: ""
|
|
||||||
LDAP_ADMIN_PASSWORD: "admin"
|
|
||||||
LDAP_CONFIG_PASSWORD: "config"
|
|
||||||
LDAP_READONLY_USER: "true"
|
|
||||||
LDAP_READONLY_USER_USERNAME: "readonly"
|
|
||||||
LDAP_READONLY_USER_PASSWORD: "readonly"
|
|
||||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
|
||||||
LDAP_BACKEND: "mdb"
|
|
||||||
LDAP_TLS: "true"
|
|
||||||
LDAP_TLS_CRT_FILENAME: "ldap.crt"
|
|
||||||
LDAP_TLS_KEY_FILENAME: "ldap.key"
|
|
||||||
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
|
|
||||||
LDAP_TLS_ENFORCE: "false"
|
|
||||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
|
|
||||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
|
||||||
LDAP_TLS_VERIFY_CLIENT: "demand"
|
|
||||||
LDAP_REPLICATION: "false"
|
|
||||||
KEEP_EXISTING_CONFIG: "false"
|
|
||||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
|
||||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
|
||||||
tty: true
|
|
||||||
stdin_open: true
|
|
||||||
volumes:
|
|
||||||
- /var/lib/ldap
|
|
||||||
- /etc/ldap/slapd.d
|
|
||||||
- /container/service/slapd/assets/certs/
|
|
||||||
ports:
|
|
||||||
- "389:389"
|
|
||||||
- "636:636"
|
|
||||||
domainname: "ldap.data.coop" # important: same as hostname
|
|
||||||
hostname: "ldap.data.coop"
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
phpldapadmin:
|
|
||||||
image: osixia/phpldapadmin:latest
|
|
||||||
container_name: phpldapadmin
|
|
||||||
environment:
|
|
||||||
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
|
|
||||||
PHPLDAPADMIN_HTTPS: "false"
|
|
||||||
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
|
|
||||||
VIRTUAL_HOST: ldap.data.coop
|
|
||||||
LETSENCRYPT_HOST: ldap.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
depends_on:
|
|
||||||
- openldap
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -1,23 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
thelounge:
|
|
||||||
image: thelounge/lounge:latest
|
|
||||||
container_name: thelounge
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- "9000:9000"
|
|
||||||
volumes:
|
|
||||||
- thelounge:/home/lounge/data # bind lounge config from the host's file system
|
|
||||||
networks:
|
|
||||||
- external_services
|
|
||||||
environment:
|
|
||||||
VIRTUAL_HOST: irc.data.coop
|
|
||||||
LETSENCRYPT_HOST: irc.data.coop
|
|
||||||
LETSENCRYPT_EMAIL: valberg@orn.li
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
thelounge:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
external_services:
|
|
||||||
external: true
|
|
|
@ -0,0 +1 @@
|
||||||
|
-c 3500
|
|
@ -0,0 +1,20 @@
|
||||||
|
# DB Version: 14
|
||||||
|
# OS Type: linux
|
||||||
|
# DB Type: oltp
|
||||||
|
# Total Memory (RAM): 16 GB
|
||||||
|
# Connections num: 300
|
||||||
|
# Data Storage: hdd
|
||||||
|
|
||||||
|
listen_addresses = '*'
|
||||||
|
max_connections = 300
|
||||||
|
shared_buffers = 4GB
|
||||||
|
effective_cache_size = 12GB
|
||||||
|
maintenance_work_mem = 1GB
|
||||||
|
checkpoint_completion_target = 0.9
|
||||||
|
wal_buffers = 16MB
|
||||||
|
default_statistics_target = 100
|
||||||
|
random_page_cost = 4
|
||||||
|
effective_io_concurrency = 2
|
||||||
|
work_mem = 6990kB
|
||||||
|
min_wal_size = 2GB
|
||||||
|
max_wal_size = 8GB
|
|
@ -0,0 +1,37 @@
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.util.logcontext.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
file:
|
||||||
|
class: logging.handlers.RotatingFileHandler
|
||||||
|
formatter: precise
|
||||||
|
filename: /data/homeserver.log
|
||||||
|
maxBytes: 104857600
|
||||||
|
backupCount: 10
|
||||||
|
filters: [context]
|
||||||
|
encoding: utf8
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
filters: [context]
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: WARN
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers: [file, console]
|
|
@ -0,0 +1,154 @@
|
||||||
|
;<?php http_response_code(403); /*
|
||||||
|
; config file for PrivateBin
|
||||||
|
;
|
||||||
|
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
||||||
|
|
||||||
|
[main]
|
||||||
|
; (optional) set a project name to be displayed on the website
|
||||||
|
name = "paste.data.coop"
|
||||||
|
|
||||||
|
; enable or disable the discussion feature, defaults to true
|
||||||
|
discussion = true
|
||||||
|
|
||||||
|
; preselect the discussion feature, defaults to false
|
||||||
|
opendiscussion = false
|
||||||
|
|
||||||
|
; enable or disable the password feature, defaults to true
|
||||||
|
password = true
|
||||||
|
|
||||||
|
; enable or disable the file upload feature, defaults to false
|
||||||
|
fileupload = true
|
||||||
|
|
||||||
|
; preselect the burn-after-reading feature, defaults to false
|
||||||
|
burnafterreadingselected = false
|
||||||
|
|
||||||
|
; which display mode to preselect by default, defaults to "plaintext"
|
||||||
|
; make sure the value exists in [formatter_options]
|
||||||
|
defaultformatter = "plaintext"
|
||||||
|
|
||||||
|
; (optional) set a syntax highlighting theme, as found in css/prettify/
|
||||||
|
; syntaxhighlightingtheme = "sons-of-obsidian"
|
||||||
|
|
||||||
|
; size limit per paste or comment in bytes, defaults to 2 Mebibytes
|
||||||
|
sizelimit = 2097152
|
||||||
|
|
||||||
|
; template to include, default is "bootstrap" (tpl/bootstrap.php)
|
||||||
|
template = "bootstrap"
|
||||||
|
|
||||||
|
; (optional) notice to display
|
||||||
|
; notice = "Note: This is a test service: Data may be deleted anytime. Kittens will die if you abuse this service."
|
||||||
|
|
||||||
|
; by default PrivateBin will guess the visitors language based on the browsers
|
||||||
|
; settings. Optionally you can enable the language selection menu, which uses
|
||||||
|
; a session cookie to store the choice until the browser is closed.
|
||||||
|
languageselection = false
|
||||||
|
|
||||||
|
; set the language your installs defaults to, defaults to English
|
||||||
|
; if this is set and language selection is disabled, this will be the only language
|
||||||
|
; languagedefault = "en"
|
||||||
|
|
||||||
|
; (optional) URL shortener address to offer after a new paste is created
|
||||||
|
; it is suggested to only use this with self-hosted shorteners as this will leak
|
||||||
|
; the pastes encryption key
|
||||||
|
; urlshortener = "https://shortener.example.com/api?link="
|
||||||
|
|
||||||
|
; (optional) Let users create a QR code for sharing the paste URL with one click.
|
||||||
|
; It works both when a new paste is created and when you view a paste.
|
||||||
|
; qrcode = true
|
||||||
|
|
||||||
|
; (optional) IP based icons are a weak mechanism to detect if a comment was from
|
||||||
|
; a different user when the same username was used in a comment. It might be
|
||||||
|
; used to get the IP of a non anonymous comment poster if the server salt is
|
||||||
|
; leaked and a SHA256 HMAC rainbow table is generated for all (relevant) IPs.
|
||||||
|
; Can be set to one these values: none / vizhash / identicon (default).
|
||||||
|
; icon = none
|
||||||
|
|
||||||
|
; Content Security Policy headers allow a website to restrict what sources are
|
||||||
|
; allowed to be accessed in its context. You need to change this if you added
|
||||||
|
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||||
|
; scripts or run your site behind certain DDoS-protection services.
|
||||||
|
; Check the documentation at https://content-security-policy.com/
|
||||||
|
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
|
||||||
|
; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details.
|
||||||
|
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
|
||||||
|
|
||||||
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
; sha256 in HMAC for the deletion token
|
||||||
|
zerobincompatibility = false
|
||||||
|
|
||||||
|
[expire]
|
||||||
|
; expire value that is selected per default
|
||||||
|
; make sure the value exists in [expire_options]
|
||||||
|
default = "1day"
|
||||||
|
|
||||||
|
[expire_options]
|
||||||
|
; Set each one of these to the number of seconds in the expiration period,
|
||||||
|
; or 0 if it should never expire
|
||||||
|
5min = 300
|
||||||
|
10min = 600
|
||||||
|
1hour = 3600
|
||||||
|
1day = 86400
|
||||||
|
1week = 604800
|
||||||
|
; Well this is not *exactly* one month, it's 30 days:
|
||||||
|
1month = 2592000
|
||||||
|
1year = 31536000
|
||||||
|
never = 0
|
||||||
|
|
||||||
|
[formatter_options]
|
||||||
|
; Set available formatters, their order and their labels
|
||||||
|
plaintext = "Plain Text"
|
||||||
|
syntaxhighlighting = "Source Code"
|
||||||
|
markdown = "Markdown"
|
||||||
|
|
||||||
|
[traffic]
|
||||||
|
; time limit between calls from the same IP address in seconds
|
||||||
|
; Set this to 0 to disable rate limiting.
|
||||||
|
limit = 10
|
||||||
|
|
||||||
|
; (optional) if your website runs behind a reverse proxy or load balancer,
|
||||||
|
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
|
||||||
|
header = "X_FORWARDED_FOR"
|
||||||
|
|
||||||
|
; directory to store the traffic limits in
|
||||||
|
dir = PATH "data"
|
||||||
|
|
||||||
|
[purge]
|
||||||
|
; minimum time limit between two purgings of expired pastes, it is only
|
||||||
|
; triggered when pastes are created
|
||||||
|
; Set this to 0 to run a purge every time a paste is created.
|
||||||
|
limit = 300
|
||||||
|
|
||||||
|
; maximum amount of expired pastes to delete in one purge
|
||||||
|
; Set this to 0 to disable purging. Set it higher, if you are running a large
|
||||||
|
; site
|
||||||
|
batchsize = 10
|
||||||
|
|
||||||
|
; directory to store the purge limit in
|
||||||
|
dir = PATH "data"
|
||||||
|
|
||||||
|
[model]
|
||||||
|
; name of data model class to load and directory for storage
|
||||||
|
; the default model "Filesystem" stores everything in the filesystem
|
||||||
|
class = Filesystem
|
||||||
|
[model_options]
|
||||||
|
dir = PATH "data"
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of DB configuration for MySQL
|
||||||
|
;class = Database
|
||||||
|
;[model_options]
|
||||||
|
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
|
||||||
|
;tbl = "privatebin_" ; table prefix
|
||||||
|
;usr = "privatebin"
|
||||||
|
;pwd = "Z3r0P4ss"
|
||||||
|
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
||||||
|
|
||||||
|
;[model]
|
||||||
|
; example of DB configuration for SQLite
|
||||||
|
;class = Database
|
||||||
|
;[model_options]
|
||||||
|
;dsn = "sqlite:" PATH "data/db.sq3"
|
||||||
|
;usr = null
|
||||||
|
;pwd = null
|
||||||
|
;opt[12] = true ; PDO::ATTR_PERSISTENT
|
|
@ -0,0 +1 @@
|
||||||
|
MIICszCCAZsCBgF8WpKKwTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwHhcNMjExMDA3MTE0MzQ1WhcNMzExMDA3MTE0NTI1WjAdMRswGQYDVQQDDBJkYXRhLmNvb3Agc2VydmljZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdV0stfU8aA1bi+GYd/a5DOyoox01BgzWwBFqVjlo80frsOsH8g814eDuMuff/UJy+2YxaozYQGxP+DcOVXi+0Fts9zjRj6wa6HCQqiR/SNUa69fGHcyAo2Tr0faxOyf3QMBqIngTRZB99quNMuAM96RCg25LtDaaWjNVxdHlj78+kU1bQXExp0ZfELlKGtllWP07cyz4nGfZmuK1AiWSsRbDIbyK5dvzw/pMS1kexh6ylnQu1iLqD3vYZBUDX9lPNkavTYZNCEL4ElUvR81S0ko2zkYAUiuVTtTUKucc98dTRhkuV4YCiiW6UQGY/jzmXYBfpzAY3n5eH5iUu/tRXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFQc8ytexKiXOIGrSYYtFaF/lxv8AwMgsndv8YxJ+x/cUwN9tdmA8IAZDIS13qBrCOdZE4pJ/09VkYdErcpbtV7PWC3LDv/c2qakyiBUYZj4WgJio+oD0GCqXsby3aqJeVt9cJr4gSsXxn1c+7GV7p/gc/2FFmlWcqMN/2F7LvFvObu55QlppWZrn8kreaUQmRuTTIviFQRmvrmwKyK52LEcK7qoh/v1aHyYDl91gu3nLMEluz6hy3UEPYgpdH1t2C7K0Kjri25pJNGCFrpKjWWveteKazUeDd4adHMiw2MVfeEyTCXEFoaxQS9QmbmhSMRhiHjbdffL7xi//aSh1bo=
|
|
@ -0,0 +1,14 @@
|
||||||
|
location /_matrix {
|
||||||
|
proxy_pass http://0.0.0.0:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/server {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{"m.server": "matrix.data.coop:443"}';
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/matrix/client {
|
||||||
|
default_type application/json;
|
||||||
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.data.coop"}}';
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 10G;
|
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 1G; # default is 1M
|
|
@ -0,0 +1,2 @@
|
||||||
|
listen 3000;
|
||||||
|
client_max_body_size 50M; # default is 1M
|
|
@ -0,0 +1,2 @@
|
||||||
|
listen 8008;
|
||||||
|
client_max_body_size 1G; # default is 1M
|
|
@ -0,0 +1 @@
|
||||||
|
client_max_body_size 1G; # default is 1M
|
|
@ -0,0 +1,4 @@
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
|
@ -0,0 +1,2 @@
|
||||||
|
server_name www.data.coop;
|
||||||
|
return 301 $scheme://data.coop$request_uri;
|
|
@ -0,0 +1,6 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: restart nginx
|
||||||
|
command: docker compose restart proxy
|
||||||
|
args:
|
||||||
|
chdir: "{{ services.nginx_proxy.volume_folder }}"
|
|
@ -0,0 +1,26 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create volume folder for service {{ service.name }}
|
||||||
|
file:
|
||||||
|
name: "{{ service.vars.volume_folder }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload Compose file for service {{ service.name }}
|
||||||
|
template:
|
||||||
|
src: compose-files/{{ service.name }}.yml.j2
|
||||||
|
dest: "{{ service.vars.volume_folder }}/docker-compose.yml"
|
||||||
|
owner: root
|
||||||
|
mode: u=rw,go=
|
||||||
|
|
||||||
|
- name: Run pre-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: pre_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.pre_deploy_tasks is defined and service.vars.pre_deploy_tasks
|
||||||
|
|
||||||
|
- name: Deploy Compose stack for service {{ service.name }}
|
||||||
|
command: docker compose up -d --remove-orphans --pull always
|
||||||
|
args:
|
||||||
|
chdir: "{{ service.vars.volume_folder }}"
|
||||||
|
|
||||||
|
- name: Run post-deployment tasks for service {{ service.name }}
|
||||||
|
include_tasks: post_deploy/{{ service.name }}.yml
|
||||||
|
when: service.vars.post_deploy_tasks is defined and service.vars.post_deploy_tasks
|
|
@ -1,28 +1,44 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: add docker gpg key
|
- name: Add Docker PGP key
|
||||||
apt_key:
|
apt_key:
|
||||||
keyserver: pgp.key-server.io
|
keyserver: pgp.mit.edu
|
||||||
id: 8D81803C0EBFCD88
|
id: 8D81803C0EBFCD88
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: add docker apt repository
|
- name: Add Docker apt repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb https://download.docker.com/linux/ubuntu artful stable
|
repo: deb https://download.docker.com/linux/ubuntu bionic stable
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: install docker-ce
|
- name: Install Docker
|
||||||
apt:
|
apt:
|
||||||
name: docker-ce
|
name: "{{ pkgs }}"
|
||||||
|
state: present
|
||||||
|
vars:
|
||||||
|
pkgs:
|
||||||
|
- docker-ce
|
||||||
|
- docker-compose-plugin
|
||||||
|
|
||||||
|
- name: Configure cron job to prune unused Docker data weekly
|
||||||
|
cron:
|
||||||
|
name: Prune unused Docker data
|
||||||
|
cron_file: ansible_docker_prune
|
||||||
|
job: 'docker system prune -fa && docker volume prune -fa'
|
||||||
|
special_time: weekly
|
||||||
|
user: root
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: install docker python bindings
|
- name: Create folder structure for bind mounts
|
||||||
pip:
|
file:
|
||||||
executable: "pip3"
|
name: "{{ item }}"
|
||||||
name: "docker-compose"
|
state: directory
|
||||||
state: present
|
loop:
|
||||||
|
- "{{ volume_root_folder }}"
|
||||||
|
- "{{ volume_website_folder }}"
|
||||||
|
|
||||||
- name: setup services
|
- name: Set up services
|
||||||
import_tasks: services.yml
|
import_tasks: services.yml
|
||||||
tags:
|
tags:
|
||||||
- setup_services
|
- setup_services
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Generate htpasswd file
|
||||||
|
shell: docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd
|
||||||
|
args:
|
||||||
|
chdir: "{{ services.docker_registry.volume_folder }}"
|
||||||
|
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
|
||||||
|
|
||||||
|
- name: log in to registry
|
||||||
|
docker_login:
|
||||||
|
registry: "{{ 'docker.data.coop' if vagrant else services.docker_registry.domain }}"
|
||||||
|
username: docker
|
||||||
|
password: "{{ docker_password }}"
|
|
@ -0,0 +1,19 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Configure cron job to remove old Mastodon media daily
|
||||||
|
cron:
|
||||||
|
name: Clean Mastodon media data older than a week
|
||||||
|
cron_file: ansible_mastodon_clean_media
|
||||||
|
job: docker exec mastodon-web-1 tootctl media remove --days 7
|
||||||
|
special_time: daily
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure cron job to remove old Mastodon preview cards daily
|
||||||
|
cron:
|
||||||
|
name: Clean Mastodon preview card data older than two weeks
|
||||||
|
cron_file: ansible_mastodon_clean_preview_cards
|
||||||
|
job: docker exec mastodon-web-1 tootctl preview_cards remove --days 14
|
||||||
|
special_time: daily
|
||||||
|
user: root
|
||||||
|
state: present
|
|
@ -0,0 +1,11 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Upload vhost config for root domain
|
||||||
|
copy:
|
||||||
|
src: vhost/base_domain
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.domain }}"
|
||||||
|
|
||||||
|
- name: Upload vhost config for WWW domain
|
||||||
|
copy:
|
||||||
|
src: vhost/www.base_domain
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.data_coop_website.www_domain }}"
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- auth
|
||||||
|
- registry
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy docker registry vhost configuration
|
||||||
|
copy:
|
||||||
|
src: vhost/docker_registry
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
|
||||||
|
mode: "0644"
|
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.element.volume_folder }}/data"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload config.json
|
||||||
|
template:
|
||||||
|
src: element/config.json.j2
|
||||||
|
dest: "{{ services.element.volume_folder }}/data/config.json"
|
||||||
|
|
||||||
|
- name: Upload riot.im.conf
|
||||||
|
copy:
|
||||||
|
src: element/riot.im.conf
|
||||||
|
dest: "{{ services.element.volume_folder }}/data/riot.im.conf"
|
||||||
|
|
||||||
|
- name: Upload vhost config for Element domain
|
||||||
|
copy:
|
||||||
|
src: vhost/element
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.element.domain }}"
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- db
|
||||||
|
- hedgedoc/uploads
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Copy SSO certificate
|
||||||
|
copy:
|
||||||
|
src: sso/sso.data.coop.pem
|
||||||
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
||||||
|
mode: "0644"
|
|
@ -0,0 +1,45 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.mailu.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- redis
|
||||||
|
- certs
|
||||||
|
- data
|
||||||
|
- dkim
|
||||||
|
- mail
|
||||||
|
- mailqueue
|
||||||
|
- filter
|
||||||
|
- postgres
|
||||||
|
- webmail
|
||||||
|
- overrides
|
||||||
|
- overrides/nginx
|
||||||
|
- overrides/dovecot
|
||||||
|
- overrides/postfix
|
||||||
|
- overrides/rspamd
|
||||||
|
- overrides/snappymail
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload mailu.env file
|
||||||
|
template:
|
||||||
|
src: mailu/env.j2
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/mailu.env"
|
||||||
|
|
||||||
|
- name: Hard link to Let's Encrypt TLS certificate
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/fullchain.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/cert.pem"
|
||||||
|
state: hard
|
||||||
|
force: true
|
||||||
|
when: letsencrypt_enabled
|
||||||
|
|
||||||
|
- name: Hard link to Let's Encrypt TLS key
|
||||||
|
file:
|
||||||
|
src: "{{ services.nginx_proxy.volume_folder }}/certs/{{ services.mailu.domain }}/key.pem"
|
||||||
|
dest: "{{ services.mailu.volume_folder }}/certs/key.pem"
|
||||||
|
state: hard
|
||||||
|
force: true
|
||||||
|
when: letsencrypt_enabled
|
|
@ -0,0 +1,45 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder for Mastodon data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/mastodon_data"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Create subfolder for PostgreSQL data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/postgres_data"
|
||||||
|
state: directory
|
||||||
|
owner: "70"
|
||||||
|
mode: u=rwx,go=
|
||||||
|
|
||||||
|
- name: Create subfolder for PostgreSQL config
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/postgres_config"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Create subfolder for Redis data
|
||||||
|
file:
|
||||||
|
name: "{{ services.mastodon.volume_folder }}/redis_data"
|
||||||
|
state: directory
|
||||||
|
owner: "999"
|
||||||
|
group: "1000"
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Upload mastodon.env file
|
||||||
|
template:
|
||||||
|
src: mastodon/env.j2
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/mastodon.env"
|
||||||
|
|
||||||
|
- name: Upload vhost config for Mastodon domain
|
||||||
|
copy:
|
||||||
|
src: vhost/mastodon
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.mastodon.domain }}"
|
||||||
|
|
||||||
|
- name: Upload PostgreSQL config
|
||||||
|
copy:
|
||||||
|
src: mastodon/postgresql.conf
|
||||||
|
dest: "{{ services.mastodon.volume_folder }}/postgres_config/postgresql.conf"
|
|
@ -0,0 +1,34 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
owner: "991"
|
||||||
|
group: "991"
|
||||||
|
loop:
|
||||||
|
- data
|
||||||
|
- data/uploads
|
||||||
|
- data/media
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Create Matrix DB subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.matrix.volume_folder }}/db"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload vhost config for Matrix domain
|
||||||
|
copy:
|
||||||
|
src: vhost/matrix
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.matrix.domain }}"
|
||||||
|
|
||||||
|
- name: Upload homeserver.yaml
|
||||||
|
template:
|
||||||
|
src: matrix/homeserver.yaml.j2
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/homeserver.yaml"
|
||||||
|
|
||||||
|
- name: Upload Matrix logging config
|
||||||
|
copy:
|
||||||
|
src: matrix/log.config
|
||||||
|
dest: "{{ services.matrix.volume_folder }}/data/matrix.data.coop.log.config"
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- app
|
||||||
|
- postgres
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload vhost config for Nextcloud domain
|
||||||
|
copy:
|
||||||
|
src: vhost/nextcloud
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.nextcloud.domain }}"
|
||||||
|
notify: "restart nginx"
|
|
@ -0,0 +1,14 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.nginx_proxy.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- conf
|
||||||
|
- vhost
|
||||||
|
- html
|
||||||
|
- dhparam
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
|
@ -0,0 +1,12 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.openldap.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- var/lib/ldap
|
||||||
|
- etc/slapd
|
||||||
|
- certs
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Set up network for Postfix
|
||||||
|
docker_network:
|
||||||
|
name: postfix
|
||||||
|
ipam_config:
|
||||||
|
- subnet: '172.16.0.0/16'
|
||||||
|
gateway: 172.16.0.1
|
||||||
|
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.postfix.volume_folder }}/dkim"
|
||||||
|
state: directory
|
|
@ -0,0 +1,16 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolders
|
||||||
|
file:
|
||||||
|
name: "{{ services.privatebin.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- cfg
|
||||||
|
- data
|
||||||
|
loop_control:
|
||||||
|
loop_var: volume
|
||||||
|
|
||||||
|
- name: Upload PrivateBin config
|
||||||
|
copy:
|
||||||
|
src: privatebin/conf.php
|
||||||
|
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
|
|
@ -0,0 +1,11 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder
|
||||||
|
file:
|
||||||
|
name: "{{ services.rallly.volume_folder }}/postgres"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy rallly.env file
|
||||||
|
template:
|
||||||
|
src: rallly/env.j2
|
||||||
|
dest: "{{ services.rallly.volume_folder }}/rallly.env"
|
|
@ -0,0 +1,72 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create SSH directory
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload private SSH key
|
||||||
|
copy:
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
content: "{{ restic_secrets.ssh_privkey }}"
|
||||||
|
|
||||||
|
- name: Derive public SSH key
|
||||||
|
shell: >-
|
||||||
|
ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
|
||||||
|
> {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
|
||||||
|
args:
|
||||||
|
creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
|
||||||
|
- name: Set file permissions on public SSH key
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: Upload SSH config
|
||||||
|
template:
|
||||||
|
src: restic/ssh.config.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/config"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Upload SSH known_hosts file
|
||||||
|
template:
|
||||||
|
src: restic/ssh.known_hosts.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Create scripts directory
|
||||||
|
file:
|
||||||
|
path: "{{ services.restic.volume_folder }}/scripts"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload failure.sh script
|
||||||
|
template:
|
||||||
|
src: restic/failure.sh.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/scripts/failure.sh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Upload success.sh script
|
||||||
|
template:
|
||||||
|
src: restic/success.sh.j2
|
||||||
|
dest: "{{ services.restic.volume_folder }}/scripts/success.sh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: Upload vhost config for uptime domain
|
||||||
|
copy:
|
||||||
|
src: vhost/uptime_kuma
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.domain }}_location"
|
||||||
|
|
||||||
|
- name: Upload vhost config for status domain
|
||||||
|
copy:
|
||||||
|
src: vhost/uptime_kuma
|
||||||
|
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.uptime_kuma.status_domain }}_location"
|
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create subfolder for MariaDB data
|
||||||
|
file:
|
||||||
|
name: "{{ services.writefreely.volume_folder }}/db"
|
||||||
|
owner: "999"
|
||||||
|
group: "999"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Create subfolder for encryption keys
|
||||||
|
file:
|
||||||
|
name: "{{ services.writefreely.volume_folder }}/keys"
|
||||||
|
owner: "2"
|
||||||
|
group: "2"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Upload config.ini
|
||||||
|
template:
|
||||||
|
src: "writefreely/config.ini.j2"
|
||||||
|
dest: "{{ services.writefreely.volume_folder }}/config.ini"
|
|
@ -1,11 +1,28 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: setup external services network
|
- name: Set up external services network
|
||||||
docker_network:
|
docker_network:
|
||||||
name: external_services
|
name: external_services
|
||||||
|
|
||||||
- name: setup services
|
- name: Deploy all services
|
||||||
docker_service:
|
include_tasks:
|
||||||
project_name: "{{ item }}"
|
file: block.yml
|
||||||
definition:
|
vars:
|
||||||
"{{ lookup('file', 'composefiles/{{ item }}.yml') | from_yaml }}"
|
service:
|
||||||
with_items: "{{ services }}"
|
name: "{{ item }}"
|
||||||
|
vars: "{{ services[item] }}"
|
||||||
|
loop: "{{ services_include }}"
|
||||||
|
when: single_service is not defined and
|
||||||
|
(item.vars.disabled_in_vagrant is not defined or
|
||||||
|
not (item.vars.disabled_in_vagrant and vagrant))
|
||||||
|
|
||||||
|
- name: Deploy single service
|
||||||
|
include_tasks:
|
||||||
|
file: block.yml
|
||||||
|
vars:
|
||||||
|
service:
|
||||||
|
name: "{{ single_service }}"
|
||||||
|
vars: "{{ services[single_service] }}"
|
||||||
|
when: single_service is defined and single_service in services and
|
||||||
|
(services[single_service].disabled_in_vagrant is not defined or
|
||||||
|
not (services[single_service].disabled_in_vagrant and vagrant))
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/cryptoaarhus-website
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptoaarhus_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/cryptohagen-website
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.cryptohagen_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,27 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
prod-web:
|
||||||
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.domain }},{{ services.data_coop_website.www_domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
staging-web:
|
||||||
|
image: docker.data.coop/data-coop-website:{{ services.data_coop_website.staging_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.data_coop_website.staging_domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
version: "3.5"
|
||||||
|
|
||||||
|
services:
|
||||||
|
diun:
|
||||||
|
image: "ghcr.io/crazy-max/diun:{{ services.diun.version }}"
|
||||||
|
command: serve
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
- "TZ=Europe/Paris"
|
||||||
|
- "DIUN_WATCH_WORKERS=20"
|
||||||
|
- "DIUN_WATCH_SCHEDULE=0 */6 * * *"
|
||||||
|
- "DIUN_WATCH_JITTER=30s"
|
||||||
|
- "DIUN_PROVIDERS_DOCKER=true"
|
||||||
|
- "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
|
||||||
|
labels:
|
||||||
|
- "diun.enable=true"
|
||||||
|
restart: always
|
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: registry:{{ services.docker_registry.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./registry:/var/lib/registry"
|
||||||
|
- "./auth:/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
REGISTRY_AUTH: "htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
|
||||||
|
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,40 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: drone/drone:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_GITEA_SERVER: https://{{ services.forgejo.domain }}
|
||||||
|
DRONE_GITEA_CLIENT_ID: "{{ drone_secrets.oauth_client_id }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_secrets.oauth_client_secret }}"
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: true
|
||||||
|
DRONE_SERVER_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_SERVER_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.drone.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
runner:
|
||||||
|
image: drone/drone-runner-docker:{{ services.drone.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
environment:
|
||||||
|
DRONE_RPC_HOST: "{{ services.drone.domain }}"
|
||||||
|
DRONE_RPC_PROTO: https
|
||||||
|
DRONE_RPC_SECRET: "{{ drone_secrets.rpc_shared_secret }}"
|
||||||
|
DRONE_RUNNER_CAPACITY: 2
|
||||||
|
DRONE_RUNNER_NAME: data.coop_drone_runner
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: avhost/docker-matrix-element:{{ services.element.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
expose:
|
||||||
|
- "8080"
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.element.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.element.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/unipi:{{ services.fedi_dk_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.fedi_dk_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
command: --remote=https://git.data.coop/fedi.dk/website.git#main
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,38 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
ports:
|
||||||
|
- "22:22"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
|
||||||
|
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
|
||||||
|
FORGEJO__mailer__ENABLED: true
|
||||||
|
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
|
||||||
|
FORGEJO__mailer__PROTOCOL: smtp
|
||||||
|
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}"
|
||||||
|
FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}"
|
||||||
|
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
|
||||||
|
FORGEJO__security__PASSWORD_COMPLEXITY: off
|
||||||
|
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
|
||||||
|
FORGEJO__security__PASSWORD_CHECK_PWN: true
|
||||||
|
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
|
||||||
|
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.hedgedoc.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: codimd
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
||||||
|
POSTGRES_DB: codimd
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
||||||
|
volumes:
|
||||||
|
- "./hedgedoc/uploads:/hedgedoc/public/uploads"
|
||||||
|
- "./sso.data.coop.pem:/sso.data.coop.pem"
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
|
||||||
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER: False
|
||||||
|
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
||||||
|
CMD_EMAIL: False
|
||||||
|
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
||||||
|
CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
|
||||||
|
CMD_SAML_ISSUER: hedgedoc
|
||||||
|
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||||
|
CMD_USECDN: false
|
||||||
|
CMD_PROTOCOL_USESSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,42 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.keycloak.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: keycloak
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.keycloak }}"
|
||||||
|
POSTGRES_DB: keycloak
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: quay.io/keycloak/keycloak:{{ services.keycloak.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
command:
|
||||||
|
- "start"
|
||||||
|
- "--db=postgres"
|
||||||
|
- "--db-url=jdbc:postgresql://db:5432/keycloak"
|
||||||
|
- "--db-username=keycloak"
|
||||||
|
- "--db-password={{ postgres_passwords.keycloak }}"
|
||||||
|
- "--hostname={{ services.keycloak.domain }}"
|
||||||
|
- "--proxy=edge"
|
||||||
|
- "--https-port=8080"
|
||||||
|
- "--http-relative-path=/auth"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
VIRTUAL_PORT: "8080"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.keycloak.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,146 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.mailu.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: mailu
|
||||||
|
POSTGRES_USER: mailu
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.mailu }}"
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:{{ services.mailu.redis_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./redis:/data"
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
front:
|
||||||
|
image: ghcr.io/mailu/nginx:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mailu.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
volumes:
|
||||||
|
- "./certs:/certs"
|
||||||
|
- "./overrides/nginx:/overrides:ro"
|
||||||
|
expose:
|
||||||
|
- "80"
|
||||||
|
ports:
|
||||||
|
- "25:25"
|
||||||
|
- "465:465"
|
||||||
|
- "587:587"
|
||||||
|
- "110:110"
|
||||||
|
- "995:995"
|
||||||
|
- "143:143"
|
||||||
|
- "993:993"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- webmail
|
||||||
|
- external_services
|
||||||
|
depends_on:
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
resolver:
|
||||||
|
image: ghcr.io/mailu/unbound:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: ghcr.io/mailu/admin:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
- "./dkim:/dkim"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
aliases:
|
||||||
|
- admin.mailu
|
||||||
|
depends_on:
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
imap:
|
||||||
|
image: ghcr.io/mailu/dovecot:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mail:/mail"
|
||||||
|
- "./overrides/dovecot:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
smtp:
|
||||||
|
image: ghcr.io/mailu/postfix:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./mailqueue:/queue"
|
||||||
|
- "./overrides/postfix:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
|
||||||
|
antispam:
|
||||||
|
image: ghcr.io/mailu/rspamd:{{ services.mailu.version }}
|
||||||
|
hostname: antispam
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./filter:/var/lib/rspamd"
|
||||||
|
- "./overrides/rspamd:/overrides:ro"
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
- redis
|
||||||
|
- resolver
|
||||||
|
dns:
|
||||||
|
- "{{ services.mailu.dns }}"
|
||||||
|
|
||||||
|
webmail:
|
||||||
|
image: ghcr.io/mailu/webmail:{{ services.mailu.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: mailu.env
|
||||||
|
volumes:
|
||||||
|
- "./webmail:/data"
|
||||||
|
- "./overrides/snappymail:/overrides:ro"
|
||||||
|
networks:
|
||||||
|
- webmail
|
||||||
|
depends_on:
|
||||||
|
- front
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
driver: default
|
||||||
|
config:
|
||||||
|
- subnet: "{{ services.mailu.subnet }}"
|
||||||
|
webmail:
|
||||||
|
driver: bridge
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,146 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
x-sidekiq: &sidekiq
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
restart: always
|
||||||
|
image: postgres:{{ services.mastodon.postgres_version }}
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres_data:/var/lib/postgresql/data"
|
||||||
|
- "./postgres_config:/config:ro"
|
||||||
|
command: postgres -c config_file=/config/postgresql.conf
|
||||||
|
environment:
|
||||||
|
POSTGRES_HOST_AUTH_METHOD: trust
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
|
|
||||||
|
redis:
|
||||||
|
restart: always
|
||||||
|
image: redis:{{ services.mastodon.redis_version }}
|
||||||
|
volumes:
|
||||||
|
- "./redis_data:/data"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
|
|
||||||
|
web:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./mastodon_data:/mastodon/public/system"
|
||||||
|
environment:
|
||||||
|
MAX_THREADS: 10
|
||||||
|
WEB_CONCURRENCY: 3
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
VIRTUAL_PATH: /
|
||||||
|
LETSENCRYPT_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
streaming:
|
||||||
|
image: tootsuite/mastodon:{{ services.mastodon.version }}
|
||||||
|
restart: always
|
||||||
|
env_file: mastodon.env
|
||||||
|
command: node ./streaming
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:4000:4000"
|
||||||
|
environment:
|
||||||
|
DB_POOL: 15
|
||||||
|
VIRTUAL_HOST: "{{ services.mastodon.domain }}"
|
||||||
|
VIRTUAL_PORT: "4000"
|
||||||
|
VIRTUAL_PATH: "/api/v1/streaming"
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
redis:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
# sidekiq-default-push-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-push-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q push -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-default-pull-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-default-pull-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q default -q pull -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-pull-default-push: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-pull-default-push:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q pull -q default -q push
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-default-pull: DB_POOL = 25, -c 25 for 25 connections
|
||||||
|
sidekiq-push-default-pull:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 25 -q push -q default -q pull
|
||||||
|
environment:
|
||||||
|
DB_POOL: 25
|
||||||
|
|
||||||
|
# sidekiq-push-scheduler: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-scheduler:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q scheduler
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-mailers: DB_POOL = 5, -c 5 for 5 connections
|
||||||
|
sidekiq-push-mailers:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 5 -q push -q mailers
|
||||||
|
environment:
|
||||||
|
DB_POOL: 5
|
||||||
|
|
||||||
|
# sidekiq-push-ingress: DB_POOL = 10, -c 10 for 10 connections
|
||||||
|
sidekiq-push-ingress:
|
||||||
|
<<: *sidekiq
|
||||||
|
command: bundle exec sidekiq -c 10 -q push -q ingress
|
||||||
|
environment:
|
||||||
|
DB_POOL: 10
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,36 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.matrix.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: synapse
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}"
|
||||||
|
|
||||||
|
synapse:
|
||||||
|
image: matrixdotorg/synapse:{{ services.matrix.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./data:/data"
|
||||||
|
environment:
|
||||||
|
SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
|
||||||
|
SYNAPSE_CACHE_FACTOR: "2"
|
||||||
|
SYNAPSE_LOG_LEVEL: INFO
|
||||||
|
VIRTUAL_HOST: "{{ services.matrix.domain }}"
|
||||||
|
VIRTUAL_PORT: "8008"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.matrix.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,44 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: docker.data.coop/membersystem:{{ services.membersystem.version }}
|
||||||
|
restart: always
|
||||||
|
user: "$UID:$GID"
|
||||||
|
tty: true
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
environment:
|
||||||
|
SECRET_KEY: "{{ membersystem_secrets.secret_key }}"
|
||||||
|
DATABASE_URL: postgres://postgres:{{ postgres_passwords.membersystem }}@postgres:5432/postgres
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_PORT: 5432
|
||||||
|
EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
VIRTUAL_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
VIRTUAL_PORT: "8000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.membersystem.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
ALLOWED_HOSTS: "{{ services.membersystem.domain }}"
|
||||||
|
CSRF_TRUSTED_ORIGINS: https://{{ services.membersystem.domain }}
|
||||||
|
DJANGO_ADMINS: "{{ services.membersystem.django_admins }}"
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.membersystem.domain }}
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.membersystem.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./postgres/data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.membersystem }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,36 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: netdata/netdata:{{ services.netdata.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
hostname: hevonen.servers.{{ base_domain }}
|
||||||
|
volumes:
|
||||||
|
- "/proc:/host/proc:ro"
|
||||||
|
- "/sys:/host/sys:ro"
|
||||||
|
- "/etc/os-release:/host/etc/os-release:ro"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST : "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.netdata.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
PGID: "999"
|
||||||
|
DOCKER_HOST: "socket_proxy:2375"
|
||||||
|
cap_add:
|
||||||
|
- SYS_PTRACE
|
||||||
|
security_opt:
|
||||||
|
- apparmor:unconfined
|
||||||
|
|
||||||
|
socket-proxy:
|
||||||
|
image: tecnativa/docker-socket-proxy:latest
|
||||||
|
volumes:
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||||
|
environment:
|
||||||
|
CONTAINERS: 1
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,59 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:{{ services.nextcloud.postgres_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:{{ services.nextcloud.redis_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
command: redis-server --requirepass {{ nextcloud_secrets.redis_password }}
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/redis
|
||||||
|
|
||||||
|
cron:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
entrypoint: /cron.sh
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud:{{ services.nextcloud.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./app:/var/www/html"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.nextcloud.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
POSTGRES_HOST: postgres
|
||||||
|
POSTGRES_DB: nextcloud
|
||||||
|
POSTGRES_USER: nextcloud
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}"
|
||||||
|
REDIS_HOST: redis
|
||||||
|
REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}"
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,38 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
proxy:
|
||||||
|
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- "./conf:/etc/nginx/conf.d"
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam"
|
||||||
|
- "./certs:/etc/nginx/certs:ro"
|
||||||
|
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||||
|
labels:
|
||||||
|
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
|
||||||
|
|
||||||
|
{% if letsencrypt_enabled %}
|
||||||
|
acme:
|
||||||
|
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./vhost:/etc/nginx/vhost.d"
|
||||||
|
- "./html:/usr/share/nginx/html"
|
||||||
|
- "./dhparam:/etc/nginx/dhparam:ro"
|
||||||
|
- "./certs:/etc/nginx/certs"
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
depends_on:
|
||||||
|
- proxy
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,58 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: osixia/openldap:{{ services.openldap.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
tty: true
|
||||||
|
stdin_open: true
|
||||||
|
volumes:
|
||||||
|
- "./var/lib/ldap:/var/lib/ldap"
|
||||||
|
- "./etc/slapd.d:/etc/ldap/slapd.d"
|
||||||
|
- "./certs:/container/service/slapd/assets/certs/"
|
||||||
|
ports:
|
||||||
|
- "389:389"
|
||||||
|
- "636:636"
|
||||||
|
hostname: "{{ services.openldap.domain }}"
|
||||||
|
domainname: "{{ services.openldap.domain }}" # important: same as hostname
|
||||||
|
environment:
|
||||||
|
LDAP_LOG_LEVEL: "256"
|
||||||
|
LDAP_ORGANISATION: "{{ base_domain }}"
|
||||||
|
LDAP_DOMAIN: "{{ base_domain }}"
|
||||||
|
LDAP_BASE_DN: ""
|
||||||
|
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
|
||||||
|
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
|
||||||
|
LDAP_READONLY_USER: false
|
||||||
|
LDAP_RFC2307BIS_SCHEMA: false
|
||||||
|
LDAP_BACKEND: mdb
|
||||||
|
LDAP_TLS: true
|
||||||
|
LDAP_TLS_CRT_FILENAME: ldap.crt
|
||||||
|
LDAP_TLS_KEY_FILENAME: ldap.key
|
||||||
|
LDAP_TLS_CA_CRT_FILENAME: ca.crt
|
||||||
|
LDAP_TLS_ENFORCE: false
|
||||||
|
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
|
||||||
|
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||||
|
LDAP_TLS_VERIFY_CLIENT: demand
|
||||||
|
LDAP_REPLICATION: false
|
||||||
|
KEEP_EXISTING_CONFIG: false
|
||||||
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
|
||||||
|
LDAP_SSL_HELPER_PREFIX: ldap
|
||||||
|
|
||||||
|
admin:
|
||||||
|
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
PHPLDAPADMIN_LDAP_HOSTS: app
|
||||||
|
PHPLDAPADMIN_HTTPS: false
|
||||||
|
PHPLDAPADMIN_TRUST_PROXY_SSL: true
|
||||||
|
VIRTUAL_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,38 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.passit.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- "./data:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: passit
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.passit }}"
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: passit/passit:{{ services.passit.version }}
|
||||||
|
command: bin/start.sh
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- postfix
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
DATABASE_URL: postgres://passit:{{ postgres_passwords.passit }}@db:5432/passit
|
||||||
|
SECRET_KEY: "{{ passit_secret_key }}"
|
||||||
|
IS_DEBUG: "False"
|
||||||
|
EMAIL_URL: smtp://noop@{{ smtp_host }}:{{ smtp_port }}
|
||||||
|
DEFAULT_FROM_EMAIL: noreply@{{ services.passit.domain }}
|
||||||
|
EMAIL_CONFIRMATION_HOST: https://{{ services.passit.domain }}
|
||||||
|
FIDO_SERVER_ID: "{{ services.passit.domain }}"
|
||||||
|
VIRTUAL_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.passit.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: portainer/portainer-ee:{{ services.portainer.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- ".:/data"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock:rw"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.portainer.domain }}"
|
||||||
|
VIRTUAL_PORT: "9000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: boky/postfix:{{ services.postfix.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
aliases:
|
||||||
|
- postfix
|
||||||
|
volumes:
|
||||||
|
- "./dkim:/etc/opendkim/keys"
|
||||||
|
environment:
|
||||||
|
# Get all services which have allowed_sender_domain defined
|
||||||
|
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
|
||||||
|
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
|
||||||
|
DKIM_AUTOGENERATE: true
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./cfg:/privatebin/cfg"
|
||||||
|
- "./data:/privatebin/data"
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,41 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:{{ services.rallly.postgres_version }}
|
||||||
|
restart: always
|
||||||
|
shm_size: 256mb
|
||||||
|
volumes:
|
||||||
|
- "./postgres:/var/lib/postgresql/data"
|
||||||
|
environment:
|
||||||
|
POSTGRES_PASSWORD: "{{ postgres_passwords.rallly }}"
|
||||||
|
POSTGRES_DB: rallly_db
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||||
|
interval: 5s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: lukevella/rallly:{{ services.rallly.version }}
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
- postfix
|
||||||
|
env_file: rallly.env
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.rallly.domain }}"
|
||||||
|
VIRTUAL_PORT: "3000"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.rallly.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
db:
|
||||||
|
condition: service_healthy
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,50 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
backup:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
restart: always
|
||||||
|
hostname: {{ inventory_hostname_short }}
|
||||||
|
domainname: {{ inventory_hostname }}
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
BACKUP_CRON: "0 30 3 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
RESTIC_BACKUP_SOURCES: /mnt/volumes
|
||||||
|
RESTIC_BACKUP_ARGS: >-
|
||||||
|
--tag datacoop-volumes
|
||||||
|
--exclude '*.tmp'
|
||||||
|
--exclude '/mnt/volumes/mastodon/mastodon_data/cache/'
|
||||||
|
--exclude '/mnt/volumes/restic/'
|
||||||
|
--verbose
|
||||||
|
RESTIC_FORGET_ARGS: >-
|
||||||
|
--keep-last 10
|
||||||
|
--keep-daily 7
|
||||||
|
--keep-weekly 5
|
||||||
|
--keep-monthly 12
|
||||||
|
TZ: Europe/Copenhagen
|
||||||
|
POST_COMMANDS_FAILURE: /run/libexec/failure.sh
|
||||||
|
POST_COMMANDS_SUCCESS: /run/libexec/success.sh
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
||||||
|
- "./scripts:/run/libexec:ro"
|
||||||
|
- "/docker-volumes:/mnt/volumes:ro"
|
||||||
|
networks:
|
||||||
|
- postfix
|
||||||
|
|
||||||
|
prune:
|
||||||
|
image: mazzolino/restic:{{ services.restic.version }}
|
||||||
|
environment:
|
||||||
|
RUN_ON_STARTUP: false
|
||||||
|
PRUNE_CRON: "0 30 4 * * *"
|
||||||
|
RESTIC_REPOSITORY: sftp:{{ services.restic.remote_user }}@{{ services.restic.remote_domain }}:{{ services.restic.repository }}
|
||||||
|
RESTIC_PASSWORD: "{{ restic_secrets.repository_password }}"
|
||||||
|
TZ: Europe/copenhagen
|
||||||
|
volumes:
|
||||||
|
- "./ssh:/run/secrets/.ssh:ro"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
postfix:
|
||||||
|
external: true
|
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/unipi:{{ services.slides_2022_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.slides_2022_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.slides_2022_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
command: --remote=https://git.data.coop/data.coop/slides.git#slides2022
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,17 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: ulovliglogning/ulovliglogning.dk:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.ulovliglogning_website.domains | join(',') }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,21 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: '3.3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
uptime-kuma:
|
||||||
|
image: "louislam/uptime-kuma:{{ services.uptime_kuma.version }}"
|
||||||
|
restart: always
|
||||||
|
container_name: uptime-kuma
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./uptime-kuma-data:/app/data"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.uptime_kuma.domain }},{{ services.uptime_kuma.status_domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.uptime_kuma.domain }},{{ services.uptime_kuma.status_domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,22 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: docker.data.coop/unipi:{{ services.vhs_website.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- external_services
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.vhs_website.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.vhs_website.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
command: --remote=https://git.data.coop/vhs.data.coop/website.git#main
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
devices:
|
||||||
|
- "/dev/net/tun"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,12 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: containrrr/watchtower:{{ services.watchtower.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
WATCHTOWER_POLL_INTERVAL: "60"
|
||||||
|
volumes:
|
||||||
|
- "/root/.docker/config.json:/config.json:ro"
|
||||||
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
|
@ -0,0 +1,32 @@
|
||||||
|
# vim: ft=yaml.docker-compose
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: mariadb:{{ services.writefreely.mariadb_version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./db:/var/lib/mysql"
|
||||||
|
environment:
|
||||||
|
MYSQL_DATABASE: writefreely
|
||||||
|
MYSQL_ROOT_PASSWORD: {{ writefreely_secrets.db_password }}
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: ghcr.io/writefreely/writefreely:{{ services.writefreely.version }}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- external_services
|
||||||
|
volumes:
|
||||||
|
- "./keys:/go/keys"
|
||||||
|
- "./config.ini:/go/config.ini"
|
||||||
|
environment:
|
||||||
|
VIRTUAL_HOST: "{{ services.writefreely.domain }}"
|
||||||
|
LETSENCRYPT_HOST: "{{ services.writefreely.domain }}"
|
||||||
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": "https://{{ services.matrix.domain }}"
|
||||||
|
},
|
||||||
|
"m.identity_server": {
|
||||||
|
"base_url": "https://vector.im"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"brand": "element.data.coop",
|
||||||
|
"integrations_ui_url": "https://scalar.vector.im/",
|
||||||
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||||
|
"integrations_widgets_urls": [
|
||||||
|
"https://scalar-staging.riot.im/scalar/api",
|
||||||
|
"https://scalar.vector.im/api"
|
||||||
|
],
|
||||||
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||||
|
"features": {
|
||||||
|
"feature_rich_quoting": "enable",
|
||||||
|
"feature_pinning": "enable",
|
||||||
|
"feature_presence_management": "enable",
|
||||||
|
"feature_sticker_messages": "enable",
|
||||||
|
"feature_jitsi": "enable",
|
||||||
|
"feature_tag_panel": "enable",
|
||||||
|
"feature_keybackup": "enable",
|
||||||
|
"feature_custom_status": "enable",
|
||||||
|
"feature_custom_tags": "enable",
|
||||||
|
"feature_lazyloading": "enable",
|
||||||
|
"feature_tabbed_settings": "enable",
|
||||||
|
"feature_sas": "enable"
|
||||||
|
},
|
||||||
|
"welcomeUserId": "",
|
||||||
|
"piwik": false,
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": [
|
||||||
|
"{{ base_domain }}"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"enable_presence_by_hs_url": {
|
||||||
|
"https://{{ services.matrix.domain }}": false
|
||||||
|
},
|
||||||
|
"terms_and_conditions_links": [
|
||||||
|
{
|
||||||
|
"url": "https://riot.im/privacy",
|
||||||
|
"text": "Privacy Policy"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://matrix.org/docs/guides/riot_im_cookie_policy",
|
||||||
|
"text": "Cookie Policy"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,183 @@
|
||||||
|
# Mailu main configuration file
|
||||||
|
#
|
||||||
|
# This file is autogenerated by the configuration management wizard for compose flavor.
|
||||||
|
# For a detailed list of configuration variables, see the documentation at
|
||||||
|
# https://mailu.io
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Common configuration variables
|
||||||
|
###################################
|
||||||
|
|
||||||
|
# Set to a randomly generated 16 bytes string
|
||||||
|
SECRET_KEY={{ mailu_secret_key }}
|
||||||
|
|
||||||
|
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||||
|
SUBNET={{ services.mailu.subnet }}
|
||||||
|
|
||||||
|
# Main mail domain
|
||||||
|
DOMAIN={{ base_domain }}
|
||||||
|
|
||||||
|
# Hostnames for this server, separated with comas
|
||||||
|
HOSTNAMES={{ services.mailu.domain }}
|
||||||
|
|
||||||
|
# Postmaster local part (will append the main mail domain)
|
||||||
|
POSTMASTER=admin
|
||||||
|
|
||||||
|
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||||
|
TLS_FLAVOR=mail
|
||||||
|
|
||||||
|
# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
|
||||||
|
AUTH_RATELIMIT_IP=1200/hour
|
||||||
|
|
||||||
|
# Authentication rate limit per user (regardless of the source-IP)
|
||||||
|
AUTH_RATELIMIT_USER=100/day
|
||||||
|
|
||||||
|
# Opt-out of statistics, replace with "True" to opt out
|
||||||
|
DISABLE_STATISTICS=True
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Optional features
|
||||||
|
###################################
|
||||||
|
|
||||||
|
# Expose the admin interface (value: true, false)
|
||||||
|
ADMIN=true
|
||||||
|
|
||||||
|
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||||
|
WEBMAIL=snappymail
|
||||||
|
|
||||||
|
# Expose the API interface (value: true, false)
|
||||||
|
API=false
|
||||||
|
|
||||||
|
# Dav server implementation (value: radicale, none)
|
||||||
|
WEBDAV=none
|
||||||
|
|
||||||
|
# Antivirus solution (value: clamav, none)
|
||||||
|
ANTIVIRUS=none
|
||||||
|
|
||||||
|
# Scan Macros solution (value: true, false)
|
||||||
|
SCAN_MACROS=false
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Mail settings
|
||||||
|
###################################
|
||||||
|
|
||||||
|
# Message size limit in bytes
|
||||||
|
# Default: accept messages up to 50MB
|
||||||
|
# Max attachment size will be 33% smaller
|
||||||
|
MESSAGE_SIZE_LIMIT=50000000
|
||||||
|
|
||||||
|
# Message rate limit (per user)
|
||||||
|
MESSAGE_RATELIMIT=1000/day
|
||||||
|
|
||||||
|
# Networks granted relay permissions
|
||||||
|
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
||||||
|
RELAYNETS=
|
||||||
|
|
||||||
|
# Will relay all outgoing mails if configured
|
||||||
|
RELAYHOST=
|
||||||
|
|
||||||
|
# Enable fetchmail
|
||||||
|
FETCHMAIL_ENABLED=False
|
||||||
|
|
||||||
|
# Fetchmail delay
|
||||||
|
FETCHMAIL_DELAY=600
|
||||||
|
|
||||||
|
# Recipient delimiter, character used to delimiter localpart from custom address part
|
||||||
|
RECIPIENT_DELIMITER=+
|
||||||
|
|
||||||
|
# DMARC rua and ruf email
|
||||||
|
DMARC_RUA=admin
|
||||||
|
DMARC_RUF=admin
|
||||||
|
|
||||||
|
# Welcome email, enable and set a topic and body if you wish to send welcome
|
||||||
|
# emails to all users.
|
||||||
|
WELCOME=false
|
||||||
|
WELCOME_SUBJECT=Welcome to your new email account
|
||||||
|
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
|
||||||
|
|
||||||
|
# Maildir Compression
|
||||||
|
# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
|
||||||
|
COMPRESSION=
|
||||||
|
# change compression-level, default: 6 (value: 1-9)
|
||||||
|
COMPRESSION_LEVEL=
|
||||||
|
|
||||||
|
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
|
||||||
|
# FULL_TEXT_SEARCH=off
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Web settings
|
||||||
|
###################################
|
||||||
|
|
||||||
|
# Path to redirect / to
|
||||||
|
WEBROOT_REDIRECT=/webmail
|
||||||
|
|
||||||
|
# Path to the admin interface if enabled
|
||||||
|
WEB_ADMIN=/admin
|
||||||
|
|
||||||
|
# Path to the webmail if enabled
|
||||||
|
WEB_WEBMAIL=/webmail
|
||||||
|
|
||||||
|
# Path to the API interface if enabled
|
||||||
|
WEB_API=/api
|
||||||
|
|
||||||
|
# Website name
|
||||||
|
SITENAME={{ base_domain }}
|
||||||
|
|
||||||
|
# Linked Website URL
|
||||||
|
WEBSITE=https://{{ base_domain }}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Advanced settings
|
||||||
|
###################################
|
||||||
|
|
||||||
|
# Log driver for front service. Possible values:
|
||||||
|
# json-file (default)
|
||||||
|
# journald (On systemd platforms, useful for Fail2Ban integration)
|
||||||
|
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
||||||
|
# LOG_DRIVER=json-file
|
||||||
|
|
||||||
|
# Docker-compose project name, this will prepended to containers names.
|
||||||
|
COMPOSE_PROJECT_NAME=mailu
|
||||||
|
|
||||||
|
# Number of rounds used by the password hashing scheme
|
||||||
|
CREDENTIAL_ROUNDS=12
|
||||||
|
|
||||||
|
# Header to take the real ip from
|
||||||
|
REAL_IP_HEADER=X-Forwarded-For
|
||||||
|
|
||||||
|
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
||||||
|
REAL_IP_FROM={{ services.mailu.subnet }}
|
||||||
|
|
||||||
|
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
||||||
|
REJECT_UNLISTED_RECIPIENT=
|
||||||
|
|
||||||
|
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
||||||
|
LOG_LEVEL=WARNING
|
||||||
|
|
||||||
|
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
||||||
|
TZ=Europe/Copenhagen
|
||||||
|
|
||||||
|
# Default spam threshold used for new users
|
||||||
|
DEFAULT_SPAM_THRESHOLD=80
|
||||||
|
|
||||||
|
# API token required for authenticating to the RESTful API.
|
||||||
|
# This is a mandatory setting for using the RESTful API.
|
||||||
|
API_TOKEN=
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Container address settings
|
||||||
|
###################################
|
||||||
|
|
||||||
|
ADMIN_ADDRESS=admin.mailu
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# Database settings
|
||||||
|
###################################
|
||||||
|
|
||||||
|
DB_FLAVOR=postgresql
|
||||||
|
DB_USER=mailu
|
||||||
|
DB_PW={{ postgres_passwords.mailu }}
|
||||||
|
DB_HOST=postgres
|
||||||
|
DB_NAME=mailu
|
|
@ -0,0 +1,59 @@
|
||||||
|
# This is a sample configuration file. You can generate your configuration
|
||||||
|
# with the `rake mastodon:setup` interactive setup wizard, but to customize
|
||||||
|
# your setup even further, you'll need to edit it manually. This sample does
|
||||||
|
# not demonstrate all available configuration options. Please look at
|
||||||
|
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
|
||||||
|
|
||||||
|
# Note that this file accepts slightly different syntax depending on whether
|
||||||
|
# you are using `docker-compose` or not. In particular, if you use
|
||||||
|
# `docker-compose`, the value of each declared variable will be taken verbatim,
|
||||||
|
# including surrounding quotes.
|
||||||
|
# See: https://github.com/mastodon/mastodon/issues/16895
|
||||||
|
|
||||||
|
# Federation
|
||||||
|
# ----------
|
||||||
|
# This identifies your server and cannot be changed safely later
|
||||||
|
# ----------
|
||||||
|
LOCAL_DOMAIN={{ services.mastodon.domain }}
|
||||||
|
|
||||||
|
# Redis
|
||||||
|
# -----
|
||||||
|
REDIS_HOST=redis
|
||||||
|
REDIS_PORT=6379
|
||||||
|
|
||||||
|
# PostgreSQL
|
||||||
|
# ----------
|
||||||
|
DB_HOST=db
|
||||||
|
DB_USER=postgres
|
||||||
|
DB_NAME=mastodon
|
||||||
|
DB_PASS={{ postgres_passwords.mastodon }}
|
||||||
|
DB_PORT=5432
|
||||||
|
|
||||||
|
# ------------------------
|
||||||
|
ES_ENABLED=false
|
||||||
|
|
||||||
|
# Secrets
|
||||||
|
# -------
|
||||||
|
# Make sure to use `rake secret` to generate secrets
|
||||||
|
# -------
|
||||||
|
SECRET_KEY_BASE={{ mastodon_secrets.secret_key_base }}
|
||||||
|
OTP_SECRET={{ mastodon_secrets.otp_secret }}
|
||||||
|
|
||||||
|
# Web Push
|
||||||
|
# --------
|
||||||
|
# Generate with `rake mastodon:webpush:generate_vapid_key`
|
||||||
|
# --------
|
||||||
|
VAPID_PRIVATE_KEY={{ mastodon_secrets.vapid_private_key }}
|
||||||
|
VAPID_PUBLIC_KEY={{ mastodon_secrets.vapid_public_key }}
|
||||||
|
|
||||||
|
# Sending mail
|
||||||
|
# ------------
|
||||||
|
SMTP_SERVER={{ smtp_host }}
|
||||||
|
SMTP_PORT={{ smtp_port }}
|
||||||
|
SMTP_LOGIN=
|
||||||
|
SMTP_PASSWORD=
|
||||||
|
SMTP_FROM_ADDRESS=notifications@{{ services.mastodon.domain }}
|
||||||
|
|
||||||
|
# File storage (optional)
|
||||||
|
# -----------------------
|
||||||
|
S3_ENABLED=false
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,9 @@
|
||||||
|
NEXT_PUBLIC_BASE_URL="https://{{ services.rallly.domain }}"
|
||||||
|
DATABASE_URL="postgres://postgres:{{ postgres_passwords.rallly }}@db:5432/rallly_db"
|
||||||
|
SECRET_PASSWORD="{{ rallly_secrets.secret_password }}"
|
||||||
|
SUPPORT_EMAIL="noreply@{{ services.rallly.domain }}"
|
||||||
|
SMTP_HOST="{{ smtp_host }}"
|
||||||
|
SMTP_PORT="{{ smtp_port }}"
|
||||||
|
SMTP_SECURE="false"
|
||||||
|
SMTP_USER=noop
|
||||||
|
SMTP_PWD=noop
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/sh
|
||||||
|
curl smtp://{{ smtp_host }} --mail-from {{ services.restic.mail_from }} --mail-rcpt admin@data.coop --upload-file . << END_OF_MAIL
|
||||||
|
From: Restic backup <{{ services.restic.mail_from }}>
|
||||||
|
To: admin@data.coop
|
||||||
|
Subject: Restic backup failed
|
||||||
|
Date: $(date)
|
||||||
|
|
||||||
|
Dear sir or madam,
|
||||||
|
|
||||||
|
Tonight's backup failed!
|
||||||
|
|
||||||
|
Best,
|
||||||
|
Your backup software.
|
||||||
|
END_OF_MAIL
|
|
@ -0,0 +1,3 @@
|
||||||
|
Host {{ services.restic.remote_domain }}
|
||||||
|
ServerAliveInterval 60
|
||||||
|
ServerAliveCountMax 240
|
|
@ -0,0 +1 @@
|
||||||
|
{{ services.restic.remote_domain }} {{ services.restic.host_key }}
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/sh
|
||||||
|
curl '{{ restic_secrets.uptime_kuma_url }}'
|
|
@ -0,0 +1,44 @@
|
||||||
|
[server]
|
||||||
|
port = 8080
|
||||||
|
bind = 0.0.0.0
|
||||||
|
autocert = false
|
||||||
|
gopher_port = 0
|
||||||
|
|
||||||
|
[database]
|
||||||
|
type = mysql
|
||||||
|
username = root
|
||||||
|
password = {{ writefreely_secrets.db_password }}
|
||||||
|
database = writefreely
|
||||||
|
host = db
|
||||||
|
port = 3306
|
||||||
|
tls = false
|
||||||
|
|
||||||
|
[app]
|
||||||
|
site_name = data.coop
|
||||||
|
site_description =
|
||||||
|
host = https://{{ services.writefreely.domain }}
|
||||||
|
theme = write
|
||||||
|
editor =
|
||||||
|
disable_js = false
|
||||||
|
webfonts = true
|
||||||
|
landing =
|
||||||
|
simple_nav = false
|
||||||
|
wf_modesty = false
|
||||||
|
chorus = false
|
||||||
|
forest = false
|
||||||
|
disable_drafts = false
|
||||||
|
single_user = false
|
||||||
|
open_registration = false
|
||||||
|
open_deletion = false
|
||||||
|
min_username_len = 3
|
||||||
|
max_blogs = 1
|
||||||
|
federation = true
|
||||||
|
public_stats = false
|
||||||
|
monetization = false
|
||||||
|
notes_only = false
|
||||||
|
private = false
|
||||||
|
local_timeline = true
|
||||||
|
user_invites = admin
|
||||||
|
default_visibility =
|
||||||
|
update_checks = false
|
||||||
|
disable_password_auth = false
|
|
@ -1,8 +1,17 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Install necessary packages
|
- name: Install necessary packages via apt
|
||||||
apt:
|
apt:
|
||||||
name: "{{ packages }}"
|
name: "{{ packages }}"
|
||||||
vars:
|
vars:
|
||||||
packages:
|
packages:
|
||||||
- aptitude
|
- aptitude
|
||||||
- python3-pip
|
- python3-pip
|
||||||
|
- apparmor
|
||||||
|
- haveged
|
||||||
|
- mosh
|
||||||
|
|
||||||
|
- name: Install Dell OpenManage
|
||||||
|
apt:
|
||||||
|
name: srvadmin-all
|
||||||
|
when: not vagrant and not skip_dell_apt_repo
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Import dell apt signing key
|
||||||
|
apt_key:
|
||||||
|
id: "1285491434D8786F"
|
||||||
|
keyserver: "keyserver.ubuntu.com"
|
||||||
|
|
||||||
|
- name: Configure dell apt repo
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb https://linux.dell.com/repo/community/openmanage/10101/focal focal main"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Restrict dell apt repo"
|
||||||
|
copy:
|
||||||
|
dest: "/etc/apt/preferences.d/dell"
|
||||||
|
content: |
|
||||||
|
Explanation: Deny all packages from this repo that exist elsewhere
|
||||||
|
Package: *
|
||||||
|
Pin: origin "linux.dell.com"
|
||||||
|
Pin-Priority: 400
|
|
@ -0,0 +1,23 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Setup firewall with UFW
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
||||||
|
policy: deny
|
||||||
|
|
||||||
|
- name: Allow necessary ports
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "{{ item.port }}"
|
||||||
|
proto: "{{ item.proto | default('tcp') }}"
|
||||||
|
loop:
|
||||||
|
- port: 22 # Gitea SSH
|
||||||
|
- port: 80 # HTTP
|
||||||
|
- port: 443 # HTTPS
|
||||||
|
- port: 389 # OpenLDAP
|
||||||
|
- port: 636 # OpenLDAP
|
||||||
|
- port: 25 # Email
|
||||||
|
- port: 465 # Email
|
||||||
|
- port: 587 # Email
|
||||||
|
- port: 993 # Email
|
||||||
|
- port: 19022 # SSH
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue