From 5f718e1027f5da425f6205221d705bd1c731a196 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 10 Nov 2022 21:48:24 +0100 Subject: [PATCH 01/25] Add firewall setup with UFW --- roles/ubuntu_base/tasks/base.yml | 1 + roles/ubuntu_base/tasks/firewall.yml | 20 ++++++++++++++++++++ roles/ubuntu_base/tasks/main.yml | 2 ++ 3 files changed, 23 insertions(+) create mode 100644 roles/ubuntu_base/tasks/firewall.yml diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 257352b3..f4ed43f6 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -9,6 +9,7 @@ - apparmor - haveged - mosh + - ufw - srvadmin-all # Dell OpenManage - name: Install necessary packages via pip diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml new file mode 100644 index 00000000..bd40c93d --- /dev/null +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -0,0 +1,20 @@ +--- +- name: Setup firewall with UFW + community.general.ufw: + state: enabled + policy: deny +- name: Allow necessary ports + community.general.ufw: + rule: allow + port: "{{ item }}" + loop: + - 22 # Gitea SSH + - 80 # HTTP + - 443 # HTTPS + - 389 # OpenLDAP + - 636 # OpenLDAP + - 25 # Email + - 465 # Email + - 587 # Email + - 993 # Email + - 19022 # SSH diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index d6d34a44..dddc5089 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -7,4 +7,6 @@ tags: [install-base-packages] - import_tasks: users.yml tags: [setup-users] +- import_tasks: firewall.yml + tags: [setup-firewall] From d597a956ffd8500f3ce685976ce44be201fcafc0 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 10 Nov 2022 22:03:49 +0100 Subject: [PATCH 02/25] Add installation of community modules to deploy.sh --- deploy.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy.sh b/deploy.sh index 2a36b0e6..70095a1f 100755 --- a/deploy.sh +++ b/deploy.sh @@ -2,6 +2,11 @@ BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass" +if [ -z "$(ansible-galaxy collection list community.general 2>/dev/null)" ]; then + echo "Installing community modules" + ansible-galaxy collection install community.general +fi + if [ -z "$1" ]; then echo "Deploying all!" $BASE_CMD From 58dbf9ff229c6c854d50e68178f88d547df5ef90 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 15 Nov 2022 20:42:18 +0100 Subject: [PATCH 03/25] Allow only TCP traffic on specified ports --- roles/ubuntu_base/tasks/firewall.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index bd40c93d..f4318653 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -8,13 +8,13 @@ rule: allow port: "{{ item }}" loop: - - 22 # Gitea SSH - - 80 # HTTP - - 443 # HTTPS - - 389 # OpenLDAP - - 636 # OpenLDAP - - 25 # Email - - 465 # Email - - 587 # Email - - 993 # Email - - 19022 # SSH + - "22/tcp" # Gitea SSH + - "80/tcp" # HTTP + - "443/tcp" # HTTPS + - "389/tcp" # OpenLDAP + - "636/tcp" # OpenLDAP + - "25/tcp" # Email + - "465/tcp" # Email + - "587/tcp" # Email + - "993/tcp" # Email + - "19022/tcp" # SSH From 4bc69b49bb4576a3afbf13d297764467515c99d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Thu, 17 Nov 2022 20:40:59 +0100 Subject: [PATCH 04/25] Upgrade mastodon to 4.0.2 --- roles/docker/tasks/services/mastodon.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index bdb34cb3..c3e976ad 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -52,7 +52,7 @@ - "{{ mastodon.volume_folder }}/redis_data:/data" web: - image: tootsuite/mastodon:v3.5.3 + image: "tootsuite/mastodon:{{ mastodon_version }}" restart: always env_file: "{{ mastodon.volume_folder }}/env_file" command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" @@ -74,7 +74,7 @@ LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" streaming: - image: tootsuite/mastodon:v3.5.3 + image: "tootsuite/mastodon:{{ mastodon_version }}" restart: always env_file: "{{ mastodon.volume_folder }}/env_file" command: node ./streaming @@ -91,7 +91,7 @@ - redis sidekiq: - image: tootsuite/mastodon:v3.5.3 + image: "tootsuite/mastodon:{{ mastodon_version }}" restart: always env_file: "{{ mastodon.volume_folder }}/env_file" command: bundle exec sidekiq @@ -114,3 +114,5 @@ external: true internal_network: internal: true + vars: + mastodon_version: "v4.0.2" \ No newline at end of file From 2c9dce860049251b445cc1a1c9e4014fdf7e63ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Thu, 17 Nov 2022 20:50:38 +0100 Subject: [PATCH 05/25] Upgrade gitea to 1.17.3. --- roles/docker/tasks/services/gitea.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/gitea.yml b/roles/docker/tasks/services/gitea.yml index d5726e0b..aeffae18 100644 --- a/roles/docker/tasks/services/gitea.yml +++ b/roles/docker/tasks/services/gitea.yml @@ -7,7 +7,7 @@ - name: gitea container docker_container: name: gitea - image: gitea/gitea:1.16.8 + image: gitea/gitea:1.17.3 restart_policy: unless-stopped networks: - name: gitea From 12effe5673c2743241c39e55dff96c93babcafab Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 21 Nov 2022 21:34:07 +0100 Subject: [PATCH 06/25] Upgrade Nextcloud to 25.x.x --- roles/docker/tasks/services/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 38adfd22..0debac68 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -24,7 +24,7 @@ POSTGRES_USER: "nextcloud" app: - image: "nextcloud:22-apache" + image: "nextcloud:25-apache" restart: "unless-stopped" networks: - "nextcloud" From 1ebfab5abf94b94a82480f5aa9a4333e7979ce06 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 21 Nov 2022 23:31:22 +0100 Subject: [PATCH 07/25] Upgrade one major version at a time, 23 now --- roles/docker/tasks/services/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 0debac68..ea38787f 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -24,7 +24,7 @@ POSTGRES_USER: "nextcloud" app: - image: "nextcloud:25-apache" + image: "nextcloud:23-apache" restart: "unless-stopped" networks: - "nextcloud" From e917636d05cd090de51fbf5c5f91c1cef63292ca Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 21 Nov 2022 23:37:07 +0100 Subject: [PATCH 08/25] Upgrade Nextcloud to 24 --- roles/docker/tasks/services/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index ea38787f..aefcc51f 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -24,7 +24,7 @@ POSTGRES_USER: "nextcloud" app: - image: "nextcloud:23-apache" + image: "nextcloud:24-apache" restart: "unless-stopped" networks: - "nextcloud" From 20b977eacbc418e611291edcc4f5430f7bff1ceb Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 21 Nov 2022 23:42:20 +0100 Subject: [PATCH 09/25] Upgrade Nextcloud to version 25 --- roles/docker/tasks/services/nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index aefcc51f..0debac68 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -24,7 +24,7 @@ POSTGRES_USER: "nextcloud" app: - image: "nextcloud:24-apache" + image: "nextcloud:25-apache" restart: "unless-stopped" networks: - "nextcloud" From d467084fb7456957f62b5f610fc1de214562ca3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 09:36:36 +0100 Subject: [PATCH 10/25] Bump mastodon sidekiq threads to 32. --- roles/docker/tasks/services/mastodon.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index c3e976ad..10663401 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -94,7 +94,9 @@ image: "tootsuite/mastodon:{{ mastodon_version }}" restart: always env_file: "{{ mastodon.volume_folder }}/env_file" - command: bundle exec sidekiq + command: bundle exec sidekiq -c 32 + environment: + DB_POOL: 32 depends_on: - db - redis From 31a73f48fb9e31c1b0549313f0e1edafda80e05f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 14:37:31 +0100 Subject: [PATCH 11/25] Upgrade and pin nginx-proxy and acme-companion. --- roles/docker/tasks/services/nginx-proxy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/docker/tasks/services/nginx-proxy.yml b/roles/docker/tasks/services/nginx-proxy.yml index bf9fa90e..3bcce7e1 100644 --- a/roles/docker/tasks/services/nginx-proxy.yml +++ b/roles/docker/tasks/services/nginx-proxy.yml @@ -16,7 +16,7 @@ - name: nginx proxy container docker_container: name: nginx-proxy - image: jwilder/nginx-proxy + image: nginxproxy/nginx-proxy:1.0 restart_policy: always networks: - name: external_services @@ -34,7 +34,7 @@ - name: nginx letsencrypt container docker_container: name: nginx-proxy-le - image: nginxproxy/acme-companion + image: nginxproxy/acme-companion:2.2 restart_policy: always volumes: - "{{ nginx.volume_folder }}/vhost:/etc/nginx/vhost.d" From 728cffc453bf3e710c6a2d0e9b03fd522a6f8ae4 Mon Sep 17 00:00:00 2001 From: reynir Date: Tue, 22 Nov 2022 13:38:46 +0000 Subject: [PATCH 12/25] Expose mastodon streaming api (#124) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Reynir Björnsson Co-authored-by: Víðir Valberg Guðmundsson Reviewed-on: https://git.data.coop/data.coop/ansible/pulls/124 Co-authored-by: reynir Co-committed-by: reynir --- roles/docker/tasks/services/mastodon.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/docker/tasks/services/mastodon.yml b/roles/docker/tasks/services/mastodon.yml index 10663401..7da21dfa 100644 --- a/roles/docker/tasks/services/mastodon.yml +++ b/roles/docker/tasks/services/mastodon.yml @@ -70,6 +70,7 @@ environment: VIRTUAL_HOST: "{{ mastodon.domain }}" VIRTUAL_PORT: "3000" + VIRTUAL_PATH: "/" LETSENCRYPT_HOST: "{{ mastodon.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" @@ -89,6 +90,10 @@ depends_on: - db - redis + environment: + VIRTUAL_HOST: "{{ mastodon.domain }}" + VIRTUAL_PORT: "4000" + VIRTUAL_PATH: "/api/v1/streaming" sidekiq: image: "tootsuite/mastodon:{{ mastodon_version }}" From 8180a736f757c01184f9c15d3cb4bba82dbb457e Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 16:53:34 +0100 Subject: [PATCH 13/25] Use Alpine-based nginx-proxy Docker image --- roles/docker/tasks/services/nginx-proxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nginx-proxy.yml b/roles/docker/tasks/services/nginx-proxy.yml index 3bcce7e1..58154919 100644 --- a/roles/docker/tasks/services/nginx-proxy.yml +++ b/roles/docker/tasks/services/nginx-proxy.yml @@ -16,7 +16,7 @@ - name: nginx proxy container docker_container: name: nginx-proxy - image: nginxproxy/nginx-proxy:1.0 + image: nginxproxy/nginx-proxy:1.0-alpine restart_policy: always networks: - name: external_services From fe4b3ede81eb859954039f720d91a73e88722641 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 17:15:59 +0100 Subject: [PATCH 14/25] Add Redis memcache to Nextcloud --- group_vars/all/secrets.yml | 275 +++++++++++----------- group_vars/all/secrets.yml.contents | 3 + roles/docker/tasks/services/nextcloud.yml | 13 +- 3 files changed, 155 insertions(+), 136 deletions(-) diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index 2a4aae86..d53a118f 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,136 +1,141 @@ $ANSIBLE_VAULT;1.1;AES256 -30386366303437316232616366623561376337343535383437333038666264656530626237396333 -3463393737373931643262636262396637323638316162370a623232386565386333363737326239 -30643539356166306261303762663961346165663739366264303963386636616134663064333631 -3062616162616565390a626666663763343435306432393965646261343837666261616531383531 -31643736363630633164303934373664393362356534393863323533373264366636636333643964 -39363536636561313164353036306431353363303238666532306131623336333465376430353566 -65353333393831396432666661313331643665383939376234346330653661613039653231633435 -31386462333839303339313064333433383766636366336337633935353130376462386366646162 -37386434316638383565663933303633646435636265663661363337336461373933643361386331 -35356235633737356363636165306435313366656634663336333339663839616436393838653863 -63393631633663363735343133353236623538303731643733343237356538656664336461346666 -32383334373931633639613931346663663735333964623034633461373630623231383662653733 -61393033613131613963323630323261653664353661613162313562663632363264656365316532 -36323430346535633235313737666564646363616361346262366132646265366362363537663535 -61386336326161346330643662616637303664356661356564343933326162633732346262326561 -32656237653231353664363635643965623734376539356237616332393131303634316165616661 -33333764646437356533336663333336623337383238306537616238376163343937646563383331 -35373935396335316165623363646434306239333833666131326563633063653665666433316235 -30363438386533303365363934666434656661633535313831643766363832656339393533633938 -31383936616466306662373764643338393465653934333964393431376334383537636663623939 -62313762373334353139633432313639383262393865333738386338373866663330616337313864 -63623630646665636166656632643566626336353031306334353935646433323766326635653566 -66383361643333653733663337613861323835653535353038643064373839666630393336643236 -63616231323762313965326363323462353665623632366366383735656634366161316432366261 -38393739663335346665383263343430306633373134633463303935313632316439386130666662 -36353238333563353336653238643231663031363435323362376131393739383632306233663138 -65653733386439343337336162353961393035643137653734326463333063643865666138613861 -61313839343835333934306532383363623138353839633765383733623239396630646565633163 -63656365643932383632346431616161633038313838303861326163326263633433393431613864 -34366663626465313362323539626335383965363532636637636238396266306437353734363338 -35616239373834353566303733653437623332303232633666613831323339393936386361353032 -39336132326539383734663536656565313633306630363962396132633162363334623165633061 -32613531633362623833343665646462623162343937653136373233313030343666386331336431 -61613731316262643364356636643539666639383933363963663434653332626538333438643962 -62623736336133383466326234306239346336626462643635336138363030306439623862373031 -61366531316134306430396362343936393566643664373835306162656165663330616530396131 -63363834363233326364393238656230373866643866636635376430316266336634343463633266 -65313537353239316263663136633066666237303038646532653031346534656534656637353632 -38356231343265333866313232663234366336393437636238373033393038626330613330316430 -39393132633465303131303430386163333164326236376437623465376135383666646338643435 -61643764636365663765633531303266303039343362363264303535663937656461383635666234 -32363137653564316331653734633931303930656362306161326234363563616133663332656339 -64323136356639343566353961616439383362306137366236326533386236306662613132356534 -35643463366163653662366636386239366235613735666662663039623638643938306665623431 -38393561303437383964393138373031633331326363623534386265363534313535353939343865 -36373465343937333964303131333566323239336536393030653935326165306664376434383664 -36396636333066313538383432366561393335316337343934396236313436636533386166656339 -35346539623030626464323064383037393664323164363732626233643763303363363966383933 -37343731336431663765633032623331313937346634306233383431633635376664393134353465 -30653264343933326161326232386535663135653061333161633338626366666436666638643362 -31646138386530643033656438326232656237383335363666353536653638383134303636656135 -35666531383965353362336639656561613930363764626666626464643963376131316338383132 -39303165383439333366383533383738333139396462613664346361653838663865646339363931 -36313665323663626134363861653635336339653432346264623639663562626630663436346463 -39386561333330653432653966326436653933656233656539656263336133613530666132303738 -62613431306638626339316234393866636361393133323234356334653737643539326164323332 -62663166353235653863353632343033386266366632316630636262326332666635653633633562 -39383263613635656631616565366665636239366563656335643930303435386431306365323062 -30323061333439353939653631376639383561326262313638323462613930393237333234323261 -32353737663866663638393562653333303532373063616638316663643261306436363365333739 -38613739303264396436623331623163623464316366663861643466623336653163313830316233 -64323036306532306462396334656564353562356630643033633339366561343333613165383439 -34376634653862636239613532323466343334613236396638653661653835623931623932316466 -61346261366366393962306538383564353461623734643261373934336361623831653739333135 -38353439633134373839393637366366323664373030643565326233323735306236313332306636 -35363863353538383832666331353934326631656662643162306135343231303963643065333163 -64623261383734376361353532346461306664343937663166653964346561613634353763346662 -35633664633738633834313062626231346463313965316334363337363438396532333134306334 -61386337396639396661643833663033383361303237356334343433343836323835336233393435 -64303863356430326435306436353032386261633339343763643137636165333661303065386136 -62376133613231616266643239633635366665333230343863383437646331666637343738666236 -33646237313164353361373936383562386230396361363231393634313033616332623062633430 -62646165643231376630636265326433303736323665666531613765643636373465643931636336 -33336464373863623730396538303962303432363564373863623338306630623732373539333166 -32306636623562373563373635343865613435633535613165613239636334366466656631373539 -32333638353662626666623933373534383961363466383865633662643530306431653438393136 -63613336316564313039363233663264353936616462376236386166333364653364643531383435 -34666461613161626137656565626564636337643138333038303537633035346465663638653030 -63383462346437373665393565353866343764363863653635613466356464363634333236363234 -65343438393366623463623831346464646263633663643636363938393133383639636266363239 -65373462386131366437336635643663316564343132623736326639633962316537343463646130 -30306135373031663262313336353261643530316337613033663361643063616536393664656236 -62643536366165393062386337646431653263373134623562366231383235626637303538383533 -66626535353564653466616431666535323964313834373333653039316633653634396563333530 -61303633323132646230623866383631333963383866643235393938333732653437346164666238 -33386235653835323231613039373465396461373164623561336566666362303462393539386439 -35613336316638623963393437356564313562366630336437386236643638393935646264323330 -61633365373230333065653635303633313435613039353133626565386164643263393034323531 -64613135626463626233343638663863363131653335613539646437636633386639636139663166 -65333939353735323861373262373033363263376138656461373733636137383033326164323263 -39653964313261613536363664336633623166663431643037613366643539663764666139613538 -35303135646230313838306535353530663230323831393436656664373635393535393166663366 -62653162333130373033363162656531333830376530663236623464373538376566663531396566 -30383930316630393434666637386561346236346430623436326639376431636338326163663233 -65326534306262343337383535383339633065343239613931623138323564643165343639356463 -61356132323764633438363033326635353539663762613661386332326536653631323336613238 -32613635663063646436376465313863636563316464623062656266613364653237353533333262 -35663064336133306463303764366334646536633562333933373731326430633131393333343034 -31663736613964316335323139323032313166646233383830326637366639323165353435636664 -61636462386164343538323539613536623165353435386562633433663665386432323438303236 -30633864306330303933653865663564326161663637396239393330356666656235383764396636 -61366333316631323036666236646339623734303265336366393237363831343765613336613638 -61393463623265363264333430376566393463326561366131353561303365653131373930333464 -61393734646462316362396439656563343935643466373231333933393365653962633864363836 -38313837643663366134333939343832393035386238633365333634643461303832636463363636 -37326361333666316239623239643830636135656338646561643464376538356632353532363439 -66653364386564336635376433343862313732323538333763653938333733653739376532333139 -37396463663035643332633264323630613061383563323664343834383765623137393564393035 -38343332623261366138613830363931326531646338653561373639333762346130313336393364 -62613036313339656339646432326464363435336265396639323131666561363165663138383235 -35396139623239666165353964373864393564333738623465333163356165656163363961643666 -30336236386431326236343534643430333164366237343264353933373135626538363937663761 -33663633343364646263623239353061653366373463666535386533376230303935663361303062 -38626261636637626465643638353239343066346431653666366165343239643735323865303966 -36663364643331316435613939333437633533373030363861656534313935343862613563343638 -61656665633131336135613834303538333438623864333639363036363237643038333532303564 -64323033386261666663376333363765313637656363666362633163366634633433393363646361 -32646138363337343037326463343633366536313633323634653837343862623961666633313631 -63303433343430386666633937626638653333663537386331343334303339343962333961636535 -31633134646337303238633038316337383031626466333163623365333966623063613934626264 -64313439623132343564663863316264363361623563333534383665323932376335376363393961 -64333035663030376130656261383835333230373037626661383131376231376362303866343533 -63353933616431356133663134633464613636383436633835653638663939396561613333386565 -66633963396664353662363063666661653433633232646365613633313966333766343165613639 -34616537653136646565383764613435633931366530326564663733633137666133343533353865 -65383339366262383530643136633262343962376561326365323030346233343761313264613964 -65623566336132373035313138323763323934623339323964353533343639376537353634363437 -36663962366362633735316165363936623336616431326364346565366635653633663735336436 -63656234323737343739643432353063313532616130343161333862346664323136346464326437 -35666532626664316565643631323666353732656238626639313035613265366464646339363261 -31343664363336343063306364366565656466656363343466613665353535383736303466613166 -35326538396234393739303133346139313136663731326561386236653464646336306265396233 -36666265646132353036346134336136313562666535313834613866326166613461663232313037 -64613633333436656431383065623331613264613230656566326431343364333231366265633438 -303438346539333132303436376338303064 +35343731613336373363633564396639393230633664336338396164303238316564326663643638 +3365306264343434623836656435653436396636353866620a646336316338373866313362363664 +65363931633031613362383337643038636435303739376131643564633831316435653937353061 +6330306330383865640a643937326634393437313864326361373634373930623464613363663831 +37373230366262323261316134326333663262643764623639306239623066613335616531613662 +32343331313266363630343465376332303862353834653262306536623538383662366562616635 +34636561663366323434356337376261373039353931636139656437346165656663653233333266 +62353961626665636463396566626330383836383030363032303563633466326339626263306165 +31313266636330653933363630396166333339376564333133623237373962386164616332616438 +39623132663766633331306636613532333739613938333435393633386166333335393565633963 +30363165643038623962353762323338306466353031383531623066363632363033383639393537 +31333037626638353830653538373634666432346166373661313531656466383263323262373565 +38383766343030643939633830343332666165643661363631633963393632666632643361656139 +35346131363539613137396465306663363836666662303932646262383231363634373231373333 +34366636346530383736393532646563643139343764333661663033316432386632393139326439 +39303661333732376433663539383662363232313135663838616231343863326631353434326337 +36313335393262663932666365336334396131393362636637653630653965643662626434323736 +65663966306661646131643962336366643235353863646136613463323337663865323262613461 +33363636386665646538333334373564396333316665343566653662666331666236303438343962 +63396164316561363132306237336365313835346663616339666538643033356637633432383331 +64363964356264643038396139383838616131383466666565383131663331336530663832306635 +30643630623861633939646665326262393635626265323261653339646263386334353064393534 +63303464623433333863386136626566336135346561343964323436643739343037383839373332 +34656439333538653461663764323265303064643165663263316164396633623232626535353863 +64643766623032653838306134376131623564363735386531383732346438343932353966333062 +30613166623138333865343735663530346635383162616635326330636161303863626539663166 +31336333643765303635643862666234643538313033663563663034343632653466626661343639 +33656436393738326135363166623633366331633065373633313864353333316131346664353532 +66646239373166376361326664646263616263323632636235353864656438383038663662376164 +37336431306166366561623836373938366336623866653730353861333431383832313039313739 +61616435666236373463616162653732373766336365313930383665363661356565613461373165 +66636537333333633832366234633066366537646138346233313233376135666666336264316435 +64613030323430343764336465353334633836653133343532386435636136336638313162626462 +33363830396462616662313030316166646531643238363130613036666631643737306138326234 +65323763636363393031616633633338653531633639356238316236303264303034623632626261 +36626639633234396230356236643766306232646230623665633866643434313334303265323465 +66386461323563343236633864396562306165616338306334353563656461346464353930646161 +36653064613736346237363362663835656365616334363238376566316137303737316630316363 +65393139313832353461313634393931633761666531316333373762373265613464303365326338 +66393165366334636431353836336535636233336332336664613263613465393235363235623037 +61313037633761366661303663636364346131326334393765646262393863363062333739376466 +65653434336532323365376233646365323537313131306661306363313864326361646432326632 +64383533313833333466313231353863656634623135386631363864363834633035636632366164 +66356539353264633461396132336435353234333132376130616335613136356364643165346537 +62366630363439336432353066323238363233613032343635663731613134393639656535333736 +32623733333866393565366661643030376137646437616336386530363230376637316436313763 +36323532643763363864336634623132343530333531363231383130333064653233363339646136 +35343165623864646530633731373539356665316164653365303965663862313462313362643637 +34633163363833626635613634633938656334366366316266636532613065333436663633656530 +65623561326565643739303931323539643337373736646663363362646139323333346237353731 +32643739626561396664646537376139326339626235336464343964613761396430343461346639 +33326631373030653637393865333837386432333634653066353366613334396639626631653737 +34353831386366636663323761656431663965303561636236366538393261653333396537326461 +31323332613737646364616565393534306131323234633933636638333637623661343334383561 +30323464373365626662323062363135333932666163323235633131303566323964343734383238 +32376435363737373336363363613738366337626162333236643738373266633933363162303833 +37366631343933313934313463363834643835333766663361303335313539363839663231333963 +66326261323631386532346637376132646263303466383330373833633034373933616538306330 +33386334306330346161633131386130636634643531633233376337343637363235356135383366 +31366463323831636438646262613239663830333531386330326131643032653033336339643561 +64636439323065343564306163303134623439343963383136633864623633363364646535666565 +31393564316234343066303664396534386537303364343234303832346331326430386432636332 +38316565346433663639646330393339303530623636386332633666656363376239383535386134 +35376135306461333237383562356162326338363435643133653838343535326535326337376130 +37306462633835666132653466373163613566633863343363653539343239316233616661633532 +64386538363163653963363331623531313237636431343934643136656536323734636261656333 +39636132613431653562393238346565323330656539666230643566633663316239353436383566 +64303535353031636662643062326565313837393932346431326137316337376361363338383533 +34613632323230393233666437346466626232363636636636393836333832633335393734343565 +33333461343530333135663436343333623966363230666330323562363136383166666665333861 +65366436643363383331353361656434336631396437616562303861666263353533313738326138 +33653735333230636437643038633763343063336262386663313237653661346262653834616665 +37343834323937623761386639653736313232323166373561643235336261306430393533376139 +31653132613331626435623333343862393038643364616236626466333338646639663930663436 +66636462646130653537343739646437363130313766636438663130616665333232396331303531 +30373762343531383239653132633363386239643666316166363931326563343633653433383538 +36333733626363626464636435626131653439313862666230393334353938356436376664323961 +62326566646463396536633265333461306430616437646630363239653333643732366430373133 +32323636636161623932376235383430366661636439643565366532376239613366303039376434 +39646437363636633265313838616463383231643030643732306364333161656236303131333533 +62343539613264383830306639303164643233653032616566646163656564356262323065303134 +61613563646538316232353833636536633435336663326262663062663030326234316131353835 +34363564306335356633343438396434363261646665653665633235303932383266393630623238 +31323037336566633035366464386232616561383566343061343031623630383238643433376231 +64633634616133386138326138393138353937363332646637663363363064393065336438303932 +38393139306330396338646233366235316435313838633563353838303832616630633731323535 +31393039306630613734343433633662343831313336616561656136323039333235383733363364 +66383836363239376539316362646232356636336665316664653565653439353932663433346438 +65306365623334656133636332393265643163313939363537323738646664326364343064396337 +37383637383064643763363135386434316664306231376462653066653063313962316231386162 +63343533386262616631333233316330666263656532306466623733343764646361666165393863 +62326435346532623635343535353263626566313061643563613937346562643962386565396439 +62616661626464613366656462353932323732313062363566316562396134346433376237326664 +39333238346464393930653435363336333365323537356531313830626437303736333635356534 +62653766323065373662366162333363343466373135623262663436626438306337333365633633 +37333931623434666564366430666462343162303030643733623637656337393763393437656335 +36393162363765383464316562306532336265373130623566646134666337333133363863373964 +33666437323733396139653436323262383336306561643738366463646461646462333338623662 +30656135343934633335376634326533313663653761656235626165313834356464636535326439 +32343834316433393236353739646663393930663635646366623835633363653662626535366361 +64626561613064646431306634393330333265366530353063653132353735663564326563323961 +39663535346539326165313263383933653633306330303930376336316632636537363437663063 +64376465663634363838623230386139636231353665616165323065633661343339373432373732 +63356130653535303934396335306566646538383938636331333362353534366632663930393732 +37353365343532646137343631383833616430326631323564666361323934383839303130636333 +38653139303663356337376261616463303665623431613963643137356439326162386337326161 +61383434383534353732343733326139313462396432366336653139363466653336626338366365 +31386438333438633465666337393732343533373363646234383265323132303433316135396232 +39373764333863626634343636306533393361643135323531383963366137626464353064613065 +61623063303865646161363432643765323361363364383635646538636232353337636235613861 +36396631383639633263303131383537326464313433663032346230386432633864613335616533 +61373238363930653866643933623561613363333139373135633332643563613838346434623033 +34353161396433663632656633356536323662386332626566393636323463363334613234376137 +38643465656262656236666332383361616164366230323936346565303961333761613136353435 +63643839636464323362396235333738626132393030393737373438393032323931643936306239 +31643537353462626238306563316132663139393635356631373839653462613238323831303537 +33626362636362383530386333343266383061646436353635396230396231343364323631343037 +65663363656463393234313465386233663635626333346132353539366464653532333830326661 +64343136323366346239373737666435366363663237663039636631656266333562376532396661 +35666430626233333166356139613233306536303365313262363366316135326662636166393031 +38356661396232366236303732326666353864353735336161326663623030343766633266623236 +65626237636133626335656663323533386236353164303230313237643130386133613466613933 +31343261356632643265623866373965326561363538326336656561373631373938343334653662 +32616366373839373737393262633064666437303538386363616431386138346439353534623631 +63323063346564646462313034623630396462623565646430363338393239343761396235303863 +31636531323732303230626437363764306631366363643766633734353336373564393731366238 +32623563633661646465396136396462663363376333613434666632383637616133626132616362 +61343032643966323539353033643136616463353563666462313731386261633333623832643439 +38323666666330356538313730306334336433613364313065313761636261363433356438323136 +61343233643138646263626333306265366239613266646663323733636162323332643531643331 +39396433636233366365336166356661623132656261656666386361326164643634366436303737 +61653832373162356634313163363233323964303738366266376665346365396635343332396166 +35393263373732313734353332663238326563366534623131386233633365303664616562386231 +36326138356230663731306339666138343161386331313137313861633039303930623663646333 +65336461653033333332323162363539663366653762303266656366386665396463626265303264 +35666437663966663130633663643861326563336466633133646562383230363332646639616436 +36656137653061303262633736653433343838323666646261386266353735326564386465646334 +34633339336336613531666132633832363838343333353862333136616532613462343364616539 +37363437613236323235383936613763383966366265303731303034373430333936366339323437 +32303537653062663233 diff --git a/group_vars/all/secrets.yml.contents b/group_vars/all/secrets.yml.contents index 667cf55c..e56296d8 100644 --- a/group_vars/all/secrets.yml.contents +++ b/group_vars/all/secrets.yml.contents @@ -22,6 +22,9 @@ docker_password: xxx mailu_secret_key: xxx +nextcloud_secrets: + redis_password: xxx + drone_secrets: oauth_client_id: xxx oauth_client_secret: xxx diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 0debac68..b9f2bedb 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -22,6 +22,15 @@ POSTGRES_DB: "nextcloud" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" POSTGRES_USER: "nextcloud" + + redis: + image: "redis:7-alpine" + restart: "unless-stopped" + command: "redis-server --requirepass {{ nextcloud_secrets.redis_password }}" + tmpfs: + - /var/lib/redis + networks: + - "nextcloud" app: image: "nextcloud:25-apache" @@ -35,10 +44,12 @@ VIRTUAL_HOST: "{{ nextcloud.domain }}" LETSENCRYPT_HOST: "{{ nextcloud.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - POSTGRES_HOST: "nextcloud_postgres_1" + POSTGRES_HOST: "postgres" POSTGRES_DB: "nextcloud" POSTGRES_USER: "nextcloud" POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" + REDIS_HOST: "redis" + REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}" networks: nextcloud: From e0c0163aae6cae7bcf16b9fef9352ccf0bfad43e Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 17:40:55 +0100 Subject: [PATCH 15/25] Add cron container to Nextcloud --- roles/docker/tasks/services/nextcloud.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index b9f2bedb..995b7785 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -31,6 +31,18 @@ - /var/lib/redis networks: - "nextcloud" + + cron: + image: "nextcloud:25-apache" + restart: "unless-stopped" + entrypoint: "/cron.sh" + networks: + - "nextcloud" + volumes: + - "{{ nextcloud.volume_folder }}/app:/var/www/html" + depends_on: + - "postgres" + - "redis" app: image: "nextcloud:25-apache" @@ -39,7 +51,7 @@ - "nextcloud" - "external_services" volumes: - - "{{ nextcloud.volume_folder }}/app:/var/www/html" + - "{{ nextcloud.volume_folder }}/app:/var/www/html" environment: VIRTUAL_HOST: "{{ nextcloud.domain }}" LETSENCRYPT_HOST: "{{ nextcloud.domain }}" @@ -50,6 +62,9 @@ POSTGRES_PASSWORD: "{{ postgres_passwords.nextcloud }}" REDIS_HOST: "redis" REDIS_HOST_PASSWORD: "{{ nextcloud_secrets.redis_password }}" + depends_on: + - "postgres" + - "redis" networks: nextcloud: From efbdcc9a5a744cfa3f16e872f5c25bd9675c67e8 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 17:45:13 +0100 Subject: [PATCH 16/25] Add missing postfix network to Nextcloud container --- roles/docker/tasks/services/nextcloud.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index 995b7785..05ae4103 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -49,6 +49,7 @@ restart: "unless-stopped" networks: - "nextcloud" + - "postfix" - "external_services" volumes: - "{{ nextcloud.volume_folder }}/app:/var/www/html" From 9852a424704b5cf12aba959409aedd17f9d4f63b Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 18:59:34 +0100 Subject: [PATCH 17/25] Upgrade Element to 1.11.8 --- roles/docker/tasks/services/matrix_riot.yml | 2 +- roles/docker/tasks/services/passit.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 3b515e59..362b8518 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -101,7 +101,7 @@ riot: container_name: riot_app - image: avhost/docker-matrix-riot:v1.11.0 + image: avhost/docker-matrix-riot:v1.11.8 restart: unless-stopped networks: - matrix diff --git a/roles/docker/tasks/services/passit.yml b/roles/docker/tasks/services/passit.yml index bc29166b..3214ae2f 100644 --- a/roles/docker/tasks/services/passit.yml +++ b/roles/docker/tasks/services/passit.yml @@ -7,7 +7,6 @@ definition: version: "3.6" services: - passit_db: image: "postgres:10" restart: "always" From 71cc3e2241473d848a5b919d8b14485d8a62510f Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 21:22:23 +0100 Subject: [PATCH 18/25] Fix firewall ports format --- roles/ubuntu_base/tasks/firewall.yml | 43 +++++++++++++++++++++------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index f4318653..ddc90226 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -6,15 +6,36 @@ - name: Allow necessary ports community.general.ufw: rule: allow - port: "{{ item }}" + port: "{{ item.port }}" + proto: "{{ item.proto }}" loop: - - "22/tcp" # Gitea SSH - - "80/tcp" # HTTP - - "443/tcp" # HTTPS - - "389/tcp" # OpenLDAP - - "636/tcp" # OpenLDAP - - "25/tcp" # Email - - "465/tcp" # Email - - "587/tcp" # Email - - "993/tcp" # Email - - "19022/tcp" # SSH + # Gitea SSH + - port: 22 + proto: "tcp" + # HTTP + - port: 80 + proto: "tcp" + # HTTPS + - port: 443 + proto: "tcp" + # OpenLDAP + - port: 389 + proto: "tcp" + # OpenLDAP + - port: 636 + proto: "tcp" + # Email + - port: 25 + proto: "tcp" + # Email + - port: 465 + proto: "tcp" + # Email + - port: 587 + proto: "tcp" + # Email + - port: 993 + proto: "tcp" + # SSH + - port: 19022 + proto: "tcp" From fc7ca37b07337d76e7f8c28a4f280675b6f8dbcb Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 22 Nov 2022 21:37:37 +0100 Subject: [PATCH 19/25] Make TCP the default allowed firewall protocol Custom protocol can still be specified by adding `proto: "proto"` to a loop item. --- roles/ubuntu_base/tasks/firewall.yml | 43 ++++++++-------------------- 1 file changed, 12 insertions(+), 31 deletions(-) diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index ddc90226..17860a86 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -3,39 +3,20 @@ community.general.ufw: state: enabled policy: deny + - name: Allow necessary ports community.general.ufw: rule: allow port: "{{ item.port }}" - proto: "{{ item.proto }}" + proto: "{{ item.proto | default('tcp') }}" loop: - # Gitea SSH - - port: 22 - proto: "tcp" - # HTTP - - port: 80 - proto: "tcp" - # HTTPS - - port: 443 - proto: "tcp" - # OpenLDAP - - port: 389 - proto: "tcp" - # OpenLDAP - - port: 636 - proto: "tcp" - # Email - - port: 25 - proto: "tcp" - # Email - - port: 465 - proto: "tcp" - # Email - - port: 587 - proto: "tcp" - # Email - - port: 993 - proto: "tcp" - # SSH - - port: 19022 - proto: "tcp" + - port: 22 # Gitea SSH + - port: 80 # HTTP + - port: 443 # HTTPS + - port: 389 # OpenLDAP + - port: 636 # OpenLDAP + - port: 25 # Email + - port: 465 # Email + - port: 587 # Email + - port: 993 # Email + - port: 19022 # SSH From 14d97ee7a69bb79c8b5ab589b7cd15859aafe943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 22:37:58 +0100 Subject: [PATCH 20/25] Upgrade keycloak to 20.0.1 --- roles/docker/tasks/services/keycloak.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 37d45462..8cf3303e 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -19,24 +19,19 @@ POSTGRES_DB: "keycloak" app: - image: "quay.io/keycloak/keycloak:15.0.2" + image: "quay.io/keycloak/keycloak:20.0.1" restart: "unless-stopped" networks: - "keycloak" - "postfix" - "external_services" + command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ keycloak.domain }} --proxy=edge --https-port=8080" environment: VIRTUAL_HOST: "{{ keycloak.domain }}" VIRTUAL_PORT: "8080" LETSENCRYPT_HOST: "{{ keycloak.domain }}" LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" - DB_USER: "keycloak" - DB_PASSWORD: "{{ postgres_passwords.keycloak }}" - DB_ADDR: "keycloak_postgres_1" - #KEYCLOAK_USER: "{{ keycloak_secrets.admin_user }}" # Only used for the first run of the application to set up the admin user - #KEYCLOAK_PASSWORD: "{{ keycloak_secrets.admin_password }}" - PROXY_ADDRESS_FORWARDING: "true" - + networks: keycloak: postfix: From 394e158c5157fc5621425f817119cab38532330a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 22:39:34 +0100 Subject: [PATCH 21/25] Make sure to always restart membersystem if it goes down. --- roles/docker/tasks/services/membersystem.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/membersystem.yml b/roles/docker/tasks/services/membersystem.yml index b214abb5..2d2a38d0 100644 --- a/roles/docker/tasks/services/membersystem.yml +++ b/roles/docker/tasks/services/membersystem.yml @@ -9,7 +9,7 @@ services: backend: image: docker.data.coop/member.data.coop:latest - restart: unless-stopped + restart: always user: $UID:$GID tty: true depends_on: @@ -38,6 +38,7 @@ postgres: image: postgres:13-alpine + restart: always volumes: - "{{ volume_root_folder }}/membersystem/postgres/data:/var/lib/postgresql/data" networks: From f040880c267101c0170d47d58eba138cff78584c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 22:47:22 +0100 Subject: [PATCH 22/25] Pin rallly. --- roles/docker/tasks/services/rallly.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/docker/tasks/services/rallly.yml b/roles/docker/tasks/services/rallly.yml index c5576f5e..6ce966ca 100644 --- a/roles/docker/tasks/services/rallly.yml +++ b/roles/docker/tasks/services/rallly.yml @@ -17,7 +17,7 @@ services: rallly_db: image: "postgres:14-alpine" - restart: "unless-stopped" + restart: "always" shm_size: "256mb" networks: rallly_internal: @@ -35,8 +35,8 @@ com.centurylinklabs.watchtower.enable: "true" rallly: - image: "lukevella/rallly:latest" - restart: "unless-stopped" + image: "lukevella/rallly:a21f92bf74308d66cfcd545d49b81eba0211a222" + restart: "always" networks: rallly_internal: external_services: From cbc209c381918c8ab5d84cb656b43dc91ffe97b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 22:52:08 +0100 Subject: [PATCH 23/25] Set keycloak path to the old path. --- roles/docker/tasks/services/keycloak.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/keycloak.yml b/roles/docker/tasks/services/keycloak.yml index 8cf3303e..26a56618 100644 --- a/roles/docker/tasks/services/keycloak.yml +++ b/roles/docker/tasks/services/keycloak.yml @@ -25,7 +25,7 @@ - "keycloak" - "postfix" - "external_services" - command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ keycloak.domain }} --proxy=edge --https-port=8080" + command: "start --db=postgres --db-url=jdbc:postgresql://postgres:5432/keycloak --db-username=keycloak --db-password={{ postgres_passwords.keycloak }} --hostname={{ keycloak.domain }} --proxy=edge --https-port=8080 --http-relative-path=/auth" environment: VIRTUAL_HOST: "{{ keycloak.domain }}" VIRTUAL_PORT: "8080" From d6766e601a876efd7feca2728e5a8e06b9784fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 22:52:23 +0100 Subject: [PATCH 24/25] Upgrade portainer to 2.16.2. --- roles/docker/tasks/services/portainer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/services/portainer.yml b/roles/docker/tasks/services/portainer.yml index ae21b4ba..acadd753 100644 --- a/roles/docker/tasks/services/portainer.yml +++ b/roles/docker/tasks/services/portainer.yml @@ -8,7 +8,7 @@ - name: run portainer docker_container: name: portainer - image: portainer/portainer-ee:2.16.1 + image: portainer/portainer-ee:2.16.2 restart_policy: always networks: - name: external_services From 78b15ddcc453644b48a5761ebecc2b7c0c92251a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Tue, 22 Nov 2022 23:13:01 +0100 Subject: [PATCH 25/25] Pin restic backup. --- roles/docker/tasks/services/restic-backup.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/docker/tasks/services/restic-backup.yml b/roles/docker/tasks/services/restic-backup.yml index fd1726f9..3b0a9e3c 100644 --- a/roles/docker/tasks/services/restic-backup.yml +++ b/roles/docker/tasks/services/restic-backup.yml @@ -7,7 +7,7 @@ version: '3.6' services: restic-backup: - image: mazzolino/restic + image: mazzolino/restic:1.6.0 restart: always environment: RUN_ON_STARTUP: "true" @@ -29,7 +29,7 @@ - /docker-volumes:/mnt/volumes:ro restic-prune: - image: "mazzolino/restic" + image: "mazzolino/restic:1.6.0" environment: RUN_ON_STARTUP: "true" PRUNE_CRON: "0 0 4 * * *"