Add Joplin sync server

group_vars/appservers/vars.yml

@@ -6,6 +6,7 @@ apps_include:
   - postfix
   - ipfs
   - jitsi
+  - joplin
   - monerod
   - nextcloud
   - snowflake

group_vars/production/vars.yml

@@ -6,12 +6,18 @@ internal_subnet: 10.2.16.0/24
 postgresql_version: 14
 
 databases:
+  joplin:
+    db: joplin
+    user: joplin
+    password: "{{ vault_databases.joplin.password }}"
   nextcloud:
-    username: nextcloud
+    db: nextcloud
+    user: nextcloud
     password: "{{ vault_databases.nextcloud.password }}"
 
 db_inventory_hostname: sapt-labp-db01
 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
+db_port: 5432
 
 proxy_inventory_hostname: sapt-labr-prx01
 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"

group_vars/production/vault.yml

@@ -1,35 +1,40 @@
 $ANSIBLE_VAULT;1.1;AES256
-38666565393262653238376564633336356466666566613931366465373832646664363362613537
-6530326438663035393638666338653434633038613733370a313136306661613565353966643038
-39663237653766333462666238373633363736636365333932373939326631663462373239336232
-6239613734383439650a393063373963396366396264306437623938366430376531316263653332
-39313235383962363566623839663662393363393562383837343630616530363438343930306632
-31323561366234353236323163643731336130643163373031666138316238646234303163356465
-37306130323338306564356639356165623530366239613965353732333763636132306439613361
-65623834313236323064346561666433663830356530633635613065383966386464626438386539
-39316366303966393336353666326239633365333264336165373266393430346361373861303666
-61333564323834373366316361633966626630316139656331383865663862636437366563366433
-64346234386637366435663738356363346466386132306163383432353436626332393832343236
-63316335373435653764383963656362306161643438383336396332376532326430366231656330
-66356663343939316433386538646364616331316366663433616536666466383432643832316331
-35346438353061613630303334656633303861633761623066303734323533663665383535623635
-30323233396531633836393931376631663765656563626334343765333237386132383230336163
-35373539643033316431373138326130663236663637353638316563613438646438666335643635
-63663735663434393062636538323363386439643361633565323938383239666665663838313666
-63646461393565656661666335366663366635393833663333613066316561633431303232383138
-33323832363461643363303736616234653861323163633231663836316462346237313938343037
-30663032663664333965333334636235303035383238323935616339323530613532363661616530
-64646365323731646464623539393166633431306263396564353435666637636362616631323034
-32303338333066363862643633663735356461626237636665663265316232306561303137656363
-35663961333666333666613534383133323662333265646131633963656166646133663737316439
-37646266396663316430313764613235623332343838343830663938646133323636366133623666
-64633133623564393332663930343530616665306330373131626233653466353334623837653530
-65323836646163353865396230313538393062316134383934363337653937663233316665326562
-35383038333433633538306134343130353231313365356331643763343561353232333939643935
-33663536356639656437343735343965643430646561323434386331616136613832366431383638
-61666335383430346166663865643336303337303566333461666630323332623639333836663735
-62313533333230353165626431643034383232306165383630623763636634363066653837393166
-63303530313830366361653934633661366332336134626231646162336163643964306462363534
-66663432376332343030636338663563316630643837316130653137333539333762333833666434
-30326634643163343762373035326539666665316130393564376631303538313030656236663239
-6462373938366338646539666561666335343665656166383435
+39636638303430366338626365356232346532303734633730636466366539643261623965663937
+3339626431393030656265393838643437353034656332660a663135356531356265616230336238
+32323965306232643363346239623831666635666365336133643432396335363034663464363730
+3564666334386234390a376139396532343138356130373866633530366134656230663435383335
+36653964306334373135323338366132343665616137323537353131396263653265666134386433
+62613563396662616636373635636661383936366137333963653465323964363031356336323539
+37646665623037326263333931656334636437363131643836346461323532303235623830616661
+65616238353038623864346465366364326430316137326634336239666566393063383636393735
+61643662353962323630336332313637326561353663326336323130383930316466616466363561
+63323832643336313339313731613635663337623564343433353337396132323037623463336433
+38323865366237353438376536633930363935393131323832363133363734366634636366386537
+64313031326330616261616161613362303530626631666466633935303037656265373161653534
+61316637383330666630353261653662366466616531663131306566653439386566383466393166
+31386561613431323562636431313437663265376665363165366134656239636537633061346562
+36623938393564383736316565303131373932643533373138656333396238636433613432623235
+61373636623231303639303433656564366637656530663562656431363733373237646337626434
+30613238623939346662393764363730633363363864356266646261646338666539323364353037
+61333734356331633462613433316265313731353666653666346432363966666335626364303061
+35616534633166343934373562363138613066346635626434383564326538386166613934363933
+32383136343037346534626138636565636666393535633565333239346562373331666637323064
+32663662343433646364656366363634363930326661623036626563396438343164383831303539
+37653136303064306666376134656161646136353665653462313333623633363163643537326163
+32353136316532363561366434343430663839376535613833333030643230666334306666666134
+38666533323135393838623565326332313137323337376263316434656438393661343633623630
+30613734333863323731616436636665373339626163353834623163373661343338373561666634
+64373532633533313533396535353962303335653034666133303238666438346433633465366333
+61306366396238323932373366346462636537333034396634343937353630306164366665373131
+32383562306132333366353838613533376431343062643432326163396466646531396437383432
+61636262353562306136656461373531653734326566326363326433326433313433373462633530
+63613932333132646565303435373932643332396430623030303732376635306262396561393964
+39306561633966646466656466353434303837626235376462623839393563363637376265643064
+35383234333561353831326637353964353733613766373136656230653737643737393764313834
+33363639623962643133663031653636336133353030333237646562313030316664626136613238
+33626139646330353837623137303737623138636163636634306130343065626438306133313761
+39366462313464363731383631306161313437343534653033393235663864336531373964636537
+32643237326465393730306662323062623535383036306236303163393261653730323262626162
+33656662633233333435353933396437633139376137633364376538343466396130616435393739
+31636563396637376561623364386463613430393939653638306136393931353135623636653361
+666339653835386565396333383138353366

group_vars/staging/vars.yml

@@ -6,12 +6,18 @@ internal_subnet: 10.2.19.0/24
 postgresql_version: 14
 
 databases:
+  joplin:
+    db: joplin
+    user: joplin
+    password: "{{ vault_databases.joplin.password }}"
   nextcloud:
-    username: nextcloud
+    db: nextcloud
+    user: nextcloud
     password: "{{ vault_databases.nextcloud.password }}"
 
 db_inventory_hostname: sapt-labs-db01
 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}"
+db_port: 5432
 
 proxy_inventory_hostname: sapt-labr-prx01
 proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}"

group_vars/staging/vault.yml

@@ -1,35 +1,40 @@
 $ANSIBLE_VAULT;1.1;AES256
-39333261386639633632616336613338323739393565356466333734663163623561613234656136
-3364336635623064383363663231303463646432386237300a383734316161366361323333393432
-34653231643465656462613165366539663063333335366431313666303730316431643534333533
-6164383833393564660a323165633039353166646232626639376664636665313039376664623465
-64326462396231393035323739613537323736366462613936666563373139663737626334623837
-37613333373662666330633131626363643834323531393735613563303930353537656130316664
-31636632306362343162353536356530383530363530323931623930363239373866343266663132
-63663036333939316131343162343038323265303336316436373039316134393936613830316465
-66646131623833636263633238663637363165396136356436316237373130323737616332396136
-66353636653332346261303965613463323562633566383436613761633064613331653164306263
-38623063616566376564623535343363383861343338313637666330376161616162613737626434
-63356333633963656137333736666431346262383434366662323066646561353530343834316161
-32333861346534373038666563366537313832303265386562393630633861313437353135306231
-34313766666533306163643237643765616131333830316136336463666637393262313066386663
-61623735666165383162353361383137616162393239346432386261633933666530313639623465
-36373037333837346231396636633166393565623261636430303965313635353566633238656632
-39646136633431326266313066623861333661373431316162316539363139343061656432356365
-33363763313366636165346236353666656562356339653239666262386264356539653531666261
-33663538376562663838616161306135646331336362306130396534653335633435656133636265
-65326431373061393066353732653936343633313366393864633933643563623336353561373234
-33326535326264386237316663396633353037373364636435346538636337643839643130643934
-39643864386135623664646230343039623234333636633963626537323062363061643036376431
-39393537373937363530393039366264633737633661663030303830636636313766373965633531
-62646235636238616537626638653263343630663535373064376232376638626438346238616337
-62656330373061306564663062363835326664666234616332316566616537626239633837396230
-30613036356566383231383631663133653161383334396435363836336364323437353931343231
-37333032333135333635366634363836656363663834396231323737343238353035366237343239
-31303135336530313432323238653361646662636362326634313763316566323663356236323933
-38613262383562626564323434313839633739376536393638363632383933306633333135306263
-31623834626163663263396638353238653564653464646239643831343230326432383232323135
-34633632343831306537333264396230323732383761376534303661653764646438626561393731
-61653434636665346535393763376139656664303738313638336262313830323238343838346536
-37313535313662323335353865346665323236363830393663613035633936623439616366643439
-6464316134376336646431616466336436393235336234666236
+31643866633132323732326663356361393062663563343135623737663631636666633064663162
+3936323730613333656566366336393732316435303738630a656233626664666463373936613931
+35333935356235613461393039383433353661376563366135643266366237303366323866653365
+3962366436393132610a353763303565323937393838336338386164376537346234646237333132
+33346138383366313132613838336639623239353531633532653335616235396462303931373031
+37336530386366303063343537656332346538306335636366326265663537623436613664356263
+35366665383666663939333232616439663536663530323739343632363361343430346666343338
+36366333393937353061303939363963393562653930323763636437393635373366373165613332
+62633038386331323037613639356461653337653539366665346232323033636339616233646332
+36613962616430316561376137636135336661616530663262356633393764643537336661666565
+36306236336361366338613739626237616335633932613832313732323433623234356630333361
+62616666616565373837393834363035653036316466373732383033316262633263613563643038
+61643261366537663332653466356639333662616239376135373232313264613432666363663663
+65383032336665646639346338623838633965343937356137376338613265313366373239343831
+62303333393139656465323238613935643136643666663432633966396132373964373439656534
+39646634343363656333656237326430636465376238633837616338336462346463303233386361
+38363431376338376135663839353462383366646161323532653637616366333163313961356231
+34343034313336356634663739613039636436336331636239643965373361353434643535343036
+65663534336331623366336431343932373438343664613932306165613431363662393939643662
+61333465623137313466643438373736343663313236343830633039386465613531616165366539
+32323766316364343533373930376431336436623063396539653633313535333332386361393064
+37383433623437623433663331633732393236346261313039346365636534616161353136636461
+62363139666665313238376261336530386639353265363533393739643831616139653263616138
+62376662356230306638616636363266386533336662303634343037313736313961366332663165
+38386334353462666230333832666133653161303635356636383333356661643662303732346336
+34316362343561366439626161373138633065666164323931386664383261653064646266366630
+30313138363036346231303830313038376537666664386165643661653866366637363633316331
+37356437636437336137376165346139363732386566353333356432336333343266373564303338
+32663038353738643963323532663230653637373563653432393462333036346665356131346533
+61386562366466396134326533313262353735383265393832313934663834376133663963336431
+32313363313238396366656630333131326661373031623039313332316431383466333064393234
+35303631333431326237653934356532386262323666386532383834333539663763366631333364
+64653838313837623032313364386336616235616561383439393931323133333838343063343333
+63653765616335333262633661616533363937373666643138313332316231363963633365353938
+31383262323135313362376633353735616539333934653931613431643164636337666561316566
+34666464636534613064656466343663613765623330383462303633613864363962663034333939
+39663537316534633864633236666665333862383636616263343535336538626234616130633130
+30356261666236393263373735366261616566303162356465363931646131386361373562616134
+663238623038616332643066643339663039

roles/apps/defaults/main.yml

@@ -48,6 +48,14 @@ apps_vars:
     port: 80
     version: stable
 
+  joplin:
+    backup: true
+    sender: false
+    extra_tasks: true
+    domain: joplin.{{ apps_base_domain }}
+    port: 22300
+    version: 2.14.2-beta
+
   monerod:
     backup: false
     sender: false

roles/apps/tasks/extra_tasks/jitsi.yml

@@ -5,6 +5,7 @@
   ansible.builtin.file:
     path: "{{ apps_data_root }}/jitsi/data/{{ dir }}"
     owner: root
+    group: root
     mode: u=rwx,g=rx,o=rx
     state: directory
   loop:

roles/apps/tasks/extra_tasks/joplin.yml

@@ -0,0 +1,10 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create subdirectory for Joplin data
+  ansible.builtin.file:
+    path: "{{ apps_data_root }}/joplin/data/storage"
+    owner: '1001'
+    group: '1001'
+    mode: u=rwx,g=rx,o=rx
+    state: directory

roles/apps/templates/compose-files/joplin.yml.j2

@@ -0,0 +1,29 @@
+{# code: language=ansible-jinja #}
+# THIS FILE IS MANAGED BY ANSIBLE
+
+version: "3.8"
+
+services:
+  server:
+    image: joplin/server:{{ apps_vars.joplin.version }}
+    restart: always
+    environment:
+      APP_PORT: {{ apps_vars.joplin.port }}
+      APP_BASE_URL: https://{{ apps_vars.joplin.domain }}
+      DB_CLIENT: pg
+      POSTGRES_HOST: {{ db_host }}
+      POSTGRES_PORT: {{ db_port }}
+      POSTGRES_DATABASE: {{ databases.joplin.db }}
+      POSTGRES_USER: {{ databases.joplin.user }}
+      POSTGRES_PASSWORD: {{ databases.joplin.password }}
+      STORAGE_DRIVER: Type=Filesystem; Path=/storage
+    networks:
+      {{ apps_shared_docker_network }}:
+        aliases:
+          - joplin
+    volumes:
+      - "./data/storage:/storage:rw"
+
+networks:
+  {{ apps_shared_docker_network }}:
+    external: true

roles/apps/templates/compose-files/monerod.yml.j2

@@ -9,11 +9,11 @@ services:
     restart: always
     command:
       - '--rpc-restricted-bind-ip=0.0.0.0'
-      - '--rpc-restricted-bind-port=18089'
+      - '--rpc-restricted-bind-port={{ apps_vars.monerod.port }}'
       - '--no-igd'
       - '--no-zmq'
       - '--enable-dns-blocklist'
-{% if hostname in groups['staging'] %}
+{% if hostname not in groups['production'] %}
       - '--prune-blockchain'
 {% endif %}
     networks:

roles/apps/templates/compose-files/nextcloud.yml.j2

@@ -16,8 +16,8 @@ services:
     restart: always
     environment:
       POSTGRES_HOST: {{ db_host }}
-      POSTGRES_DB: nextcloud
-      POSTGRES_USER: {{ databases.nextcloud.username }}
+      POSTGRES_DB: {{ databases.nextcloud.db }}
+      POSTGRES_USER: {{ databases.nextcloud.user }}
       POSTGRES_PASSWORD: {{ databases.nextcloud.password }}
       REDIS_HOST: redis
       REDIS_HOST_PASSWORD: {{ redis_passwords.nextcloud }}

roles/apps/templates/nginx/conf.d/joplin.conf.j2

@@ -0,0 +1,21 @@
+{# code: language=ansible-jinja #}
+# THIS FILE IS MANAGED BY ANSIBLE
+
+server {
+    server_name {{ apps_vars.joplin.domain }};
+    listen 8080;
+
+    set $upstream http://joplin:{{ apps_vars.joplin.port }};
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto "https";
+
+    proxy_http_version      1.1;
+    proxy_buffering         off;
+
+    location / {
+        proxy_pass $upstream;
+    }
+}

roles/postgresql/defaults/main.yml

@@ -4,5 +4,3 @@
 postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data"
 postgresql_wal_archive: "{{ data_fs }}/wal-archive"
 postgresql_service: postgresql-{{ postgresql_version }}
-
-postgresql_db_list: "{{ databases | dict2items(key_name='name', value_name='vars') }}"

roles/postgresql/tasks/database.yml

@@ -1,24 +1,24 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- name: Create database user '{{ db.vars.username }}'
+- name: Create database user '{{ app.user }}'
   community.postgresql.postgresql_user:
-    name: "{{ db.vars.username }}"
-    password: "{{ db.vars.password }}"
+    name: "{{ app.user }}"
+    password: "{{ app.password }}"
     state: present
 
-- name: Create database '{{ db.name }}'
+- name: Create database '{{ app.db }}'
   community.postgresql.postgresql_db:
-    name: "{{ db.name }}"
-    owner: "{{ db.vars.username }}"
+    name: "{{ app.db }}"
+    owner: postgres
     template: template0
     encoding: UTF-8
     state: present
 
-- name: Grant all priviliges to owner on database '{{ db.name }}'
+- name: Grant user all priviliges on database '{{ app.db }}'
   community.postgresql.postgresql_privs:
-    database: "{{ db.name }}"
-    roles: "{{ db.vars.username }}"
+    database: "{{ app.db }}"
+    roles: "{{ app.user }}"
     type: database
     privs: ALL
     state: present

roles/postgresql/tasks/main.yml

@@ -92,7 +92,7 @@
     apply:
       become: true
       become_user: postgres
-  loop: "{{ postgresql_db_list }}"
-  loop_control:
-    loop_var: db
+  loop: "{{ databases | dict2items }}"
+  vars:
+    app: "{{ item.value }}"
   no_log: true

roles/postgresql/templates/pg_hba.conf.j2

@@ -1,11 +1,12 @@
 {# code: language=ansible-jinja #}
 # THIS FILE IS MANAGED BY ANSIBLE
-# TYPE  DATABASE        USER                    ADDRESS                 METHOD
-local   all             postgres                                        peer
-local   all             all                                             scram-sha-256
-host    all             all                     127.0.0.1/32            scram-sha-256
-host    all             all                     ::1/128                 scram-sha-256
 
-{% for db in postgresql_db_list|sort %}
-host    {{ db.name }}   {{ db.vars.username }}  {{ internal_subnet }}   scram-sha-256
+# TYPE  DATABASE         USER             ADDRESS                METHOD
+local   all              postgres                                peer
+local   all              all                                     scram-sha-256
+host    all              all              127.0.0.1/32           scram-sha-256
+host    all              all              ::1/128                scram-sha-256
+
+{% for _, app in databases|dictsort %}
+host    {{ app.db }}    {{ app.user }}    {{ internal_subnet }}  scram-sha-256
 {% endfor %}

roles/proxy/templates/caddy/Caddyfile.j2

@@ -77,6 +77,31 @@ ipfs.local.{{ proxy_vars[env].app01.base_domain }} {
     respond 403
 }
 
+joplin.{{ proxy_vars[env].app01.base_domain }} {
+    tls {{ tls_email }} {
+        dns njalla {{ njalla_api_token }}
+    }
+
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        -Server
+    }
+
+{% if env == 'production' %}
+    reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
+{% else %}
+    @local {
+        remote_ip {{ proxy_trusted_subnets | join(' ') }}
+    }
+
+    handle @local {
+        reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
+    }
+
+    respond 403
+{% endif %}
+}
+
 meet.{{ proxy_vars[env].app01.base_domain }} {
     tls {{ tls_email }} {
         dns njalla {{ njalla_api_token }}