mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-21 20:31:02 +01:00
Refactored docker roles
This commit is contained in:
parent
6a4439ba57
commit
1b8ff143e3
@ -21,3 +21,7 @@ on_calendar_deploy_mailu_certificates: "*-*-* 13,01:30:00"
|
|||||||
size_percent_maximum_backup: 75
|
size_percent_maximum_backup: 75
|
||||||
size_percent_disc_space_warning: 85
|
size_percent_disc_space_warning: 85
|
||||||
size_percent_free_disc_space: 90
|
size_percent_free_disc_space: 90
|
||||||
|
|
||||||
|
# Path Variables
|
||||||
|
path_docker_volumes: "/home/administrator/volumes/docker/"
|
||||||
|
path_docker_compose_files: "/home/administrator/docker-compose/"
|
||||||
@ -93,11 +93,6 @@
|
|||||||
vars:
|
vars:
|
||||||
domain: forum.{{top_domain}}
|
domain: forum.{{top_domain}}
|
||||||
http_port: 8005
|
http_port: 8005
|
||||||
- name: setup turn server
|
|
||||||
hosts: turn_server
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- role: server_docker-turn-server
|
|
||||||
- name: setup yourls hosts
|
- name: setup yourls hosts
|
||||||
hosts: yourls
|
hosts: yourls
|
||||||
become: true
|
become: true
|
||||||
|
|||||||
17
roles/independent_user-administrator/tasks/main.yml
Normal file
17
roles/independent_user-administrator/tasks/main.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
- name: create administrator
|
||||||
|
user:
|
||||||
|
name: administrator
|
||||||
|
update_password: on_create
|
||||||
|
password: "{{ user_administrator_initial_password | password_hash('sha512') }}"
|
||||||
|
create_home: yes
|
||||||
|
generate_ssh_key: yes
|
||||||
|
ssh_key_type: rsa
|
||||||
|
ssh_key_bits: 8192
|
||||||
|
|
||||||
|
- name: "create /home/administrator/scripts/"
|
||||||
|
file:
|
||||||
|
path: "/home/administrator/scripts"
|
||||||
|
state: directory
|
||||||
|
owner: administrator
|
||||||
|
group: administrator
|
||||||
|
mode: 0700
|
||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
## new setup
|
## new setup
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/akaunting/
|
cd {{path_docker_compose_files}}akaunting/
|
||||||
export COMPOSE_HTTP_TIMEOUT=600
|
export COMPOSE_HTTP_TIMEOUT=600
|
||||||
export DOCKER_CLIENT_TIMEOUT=600
|
export DOCKER_CLIENT_TIMEOUT=600
|
||||||
AKAUNTING_SETUP=true docker-compose -p akaunting up -d
|
AKAUNTING_SETUP=true docker-compose -p akaunting up -d
|
||||||
@ -68,7 +68,7 @@ export COMPOSE_HTTP_TIMEOUT=600
|
|||||||
export DOCKER_CLIENT_TIMEOUT=600
|
export DOCKER_CLIENT_TIMEOUT=600
|
||||||
|
|
||||||
# destroy all containers
|
# destroy all containers
|
||||||
cd /home/administrator/docker-compose/akaunting/ &&
|
cd {{path_docker_compose_files}}akaunting/ &&
|
||||||
docker-compose down &&
|
docker-compose down &&
|
||||||
docker network prune -f
|
docker network prune -f
|
||||||
|
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
docker_compose_akaunting_path: "/home/administrator/docker-compose/akaunting/"
|
docker_compose_akaunting_path: "{{path_docker_compose_files}}akaunting/"
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
docker_compose_bigbluebutton_path: "/home/administrator/docker-compose/bigbluebutton/"
|
docker_compose_bigbluebutton_path: "{{path_docker_compose_files}}bigbluebutton/"
|
||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate funkwhale
|
- name: recreate funkwhale
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p funkwhale up -d --force-recreate
|
cmd: docker-compose -p funkwhale up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/funkwhale/
|
chdir: "{{docker_compose_path}}"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
docker_compose_path: "/home/administrator/docker-compose/funkwhale/"
|
docker_compose_path: "{{path_docker_compose_files}}funkwhale/"
|
||||||
client_max_body_size: "512M"
|
client_max_body_size: "512M"
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
## update
|
## update
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/gitea/
|
cd {{path_docker_compose_folder}}
|
||||||
docker-compose down
|
docker-compose down
|
||||||
docker-compose pull
|
docker-compose pull
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
@ -19,7 +19,7 @@ Keep in mind to track and to don't interrupt the update process until the migrat
|
|||||||
|
|
||||||
## recreate
|
## recreate
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/gitea/ && docker-compose -p gitea up -d --force-recreate
|
cd {{path_docker_compose_folder}} && docker-compose -p gitea up -d --force-recreate
|
||||||
```
|
```
|
||||||
|
|
||||||
## database access
|
## database access
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate gitea
|
- name: recreate gitea
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p gitea up -d --force-recreate
|
cmd: docker-compose -p gitea up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/gitea/
|
chdir: "{{path_docker_compose_folder}}"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -6,12 +6,12 @@
|
|||||||
template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/gitea/"
|
- name: "create {{path_docker_compose_folder}}"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose/gitea/"
|
path: "{{path_docker_compose_folder}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: add docker-compose.yml
|
||||||
template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/gitea/docker-compose.yml
|
template: src=docker-compose.yml.j2 dest={{path_docker_compose_folder}}docker-compose.yml
|
||||||
notify: recreate gitea
|
notify: recreate gitea
|
||||||
|
|||||||
1
roles/server_docker-gitea/vars/main.yml
Normal file
1
roles/server_docker-gitea/vars/main.yml
Normal file
@ -0,0 +1 @@
|
|||||||
|
path_docker_compose_folder: "{{path_docker_compose_files}}gitea/"
|
||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate mailu
|
- name: recreate mailu
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p mailu up -d --force-recreate
|
cmd: docker-compose -p mailu up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/mailu/
|
chdir: "{{path_docker_compose_files}}mailu/"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 900
|
COMPOSE_HTTP_TIMEOUT: 900
|
||||||
DOCKER_CLIENT_TIMEOUT: 900
|
DOCKER_CLIENT_TIMEOUT: 900
|
||||||
|
|||||||
@ -9,9 +9,9 @@
|
|||||||
template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/mailu"
|
- name: "create {{path_docker_compose_files}}mailu"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose/mailu"
|
path: "{{path_docker_compose_files}}mailu"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
@ -34,20 +34,30 @@
|
|||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: add docker-compose.yml
|
||||||
template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/mailu/docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{path_docker_compose_files}}mailu/docker-compose.yml"
|
||||||
notify: recreate mailu
|
notify: recreate mailu
|
||||||
|
|
||||||
- name: add mailu.env
|
- name: add mailu.env
|
||||||
template: src=mailu.env.j2 dest=/home/administrator/docker-compose/mailu/mailu.env
|
template:
|
||||||
|
src: "mailu.env.j2"
|
||||||
|
dest: "{{path_docker_compose_files}}mailu/mailu.env"
|
||||||
notify: recreate mailu
|
notify: recreate mailu
|
||||||
|
|
||||||
- name: add deploy-letsencrypt-mailu.sh
|
- name: add deploy-letsencrypt-mailu.sh
|
||||||
template: src=deploy-letsencrypt-mailu.sh.j2 dest=/home/administrator/scripts/mailu/deploy-letsencrypt-mailu.sh
|
template:
|
||||||
|
src: "deploy-letsencrypt-mailu.sh.j2"
|
||||||
|
dest: "/home/administrator/scripts/mailu/deploy-letsencrypt-mailu.sh"
|
||||||
|
|
||||||
- name: configure deploy-letsencrypt-mailu.service
|
- name: configure deploy-letsencrypt-mailu.service
|
||||||
template: src=deploy-letsencrypt-mailu.service.j2 dest=/etc/systemd/system/deploy-letsencrypt-mailu.service
|
template:
|
||||||
|
src: "deploy-letsencrypt-mailu.service.j2"
|
||||||
|
dest: "/etc/systemd/system/deploy-letsencrypt-mailu.service"
|
||||||
notify: restart deploy-letsencrypt-mailu.service
|
notify: restart deploy-letsencrypt-mailu.service
|
||||||
|
|
||||||
- name: configure deploy-letsencrypt-mailu.timer
|
- name: configure deploy-letsencrypt-mailu.timer
|
||||||
template: src=deploy-letsencrypt-mailu.timer.j2 dest=/etc/systemd/system/deploy-letsencrypt-mailu.timer
|
template:
|
||||||
|
src: "deploy-letsencrypt-mailu.timer.j2"
|
||||||
|
dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer"
|
||||||
notify: restart deploy-letsencrypt-mailu.timer
|
notify: restart deploy-letsencrypt-mailu.timer
|
||||||
@ -5,11 +5,11 @@
|
|||||||
```
|
```
|
||||||
## cleanup
|
## cleanup
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/mastodon/
|
cd {{path_docker_compose_files}}mastodon/
|
||||||
docker-compose down
|
docker-compose down
|
||||||
docker volume rm mastodon_data mastodon_database mastodon_redis
|
docker volume rm mastodon_data mastodon_database mastodon_redis
|
||||||
cd /home/administrator/docker-compose/ &&
|
cd {{path_docker_compose_files}} &&
|
||||||
rm -vR /home/administrator/docker-compose/mastodon
|
rm -vR {{path_docker_compose_files}}mastodon
|
||||||
```
|
```
|
||||||
|
|
||||||
## access terminal
|
## access terminal
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
docker_compose_mastodon_path: "/home/administrator/docker-compose/mastodon/"
|
docker_compose_mastodon_path: "{{path_docker_compose_files}}mastodon/"
|
||||||
|
|||||||
@ -16,7 +16,7 @@ To update the nextcloud container execute the following commands on the server:
|
|||||||
sudo python /home/administrator/scripts/docker-volume-backup/docker-volume-backup.py
|
sudo python /home/administrator/scripts/docker-volume-backup/docker-volume-backup.py
|
||||||
export COMPOSE_HTTP_TIMEOUT=600
|
export COMPOSE_HTTP_TIMEOUT=600
|
||||||
export DOCKER_CLIENT_TIMEOUT=600
|
export DOCKER_CLIENT_TIMEOUT=600
|
||||||
cd /home/administrator/docker-compose/nextcloud && docker-compose down
|
cd {{path_docker_compose_files}}nextcloud && docker-compose down
|
||||||
```
|
```
|
||||||
|
|
||||||
Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role.
|
Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role.
|
||||||
@ -55,7 +55,7 @@ and disable the not functioning apps.
|
|||||||
|
|
||||||
## recover latest backup
|
## recover latest backup
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/nextcloud &&
|
cd {{path_docker_compose_files}}nextcloud &&
|
||||||
docker-compose down &&
|
docker-compose down &&
|
||||||
docker exec -i nextcloud_database_1 mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" &&
|
docker exec -i nextcloud_database_1 mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" &&
|
||||||
cd /home/administrator/scripts/docker-volume-backup &&
|
cd /home/administrator/scripts/docker-volume-backup &&
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate nextcloud
|
- name: recreate nextcloud
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p nextcloud up -d --force-recreate
|
cmd: docker-compose -p nextcloud up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/nextcloud/
|
chdir: "{{path_docker_compose_files}}nextcloud/"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -3,25 +3,31 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=templates/nextcloud.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template:
|
||||||
|
src: "templates/nextcloud.conf.j2"
|
||||||
|
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create /home/administrator/volumes/docker/nextcloud/"
|
- name: "create {{path_volumes_docker}}nextcloud/"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/volumes/docker/nextcloud"
|
path: "{{path_volumes_docker}}nextcloud"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: configure nginx.conf
|
- name: configure nginx.conf
|
||||||
template: src=templates/nginx.conf.j2 dest=/home/administrator/volumes/docker/nextcloud/nginx.conf
|
template:
|
||||||
|
src: "templates/nginx.conf.j2"
|
||||||
|
dest: "{{path_volumes_docker}}nextcloud/nginx.conf"
|
||||||
notify: recreate nextcloud
|
notify: recreate nextcloud
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/nextcloud/"
|
- name: "create {{path_docker_compose_files}}nextcloud/"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose/nextcloud/"
|
path: "{{path_docker_compose_files}}nextcloud/"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: add docker-compose.yml
|
||||||
template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/nextcloud/docker-compose.yml
|
template:
|
||||||
|
src: docker-compose.yml.j2
|
||||||
|
dest: "{{path_docker_compose_files}}nextcloud/docker-compose.yml"
|
||||||
notify: recreate nextcloud
|
notify: recreate nextcloud
|
||||||
|
|||||||
@ -44,7 +44,7 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
- application
|
- application
|
||||||
volumes:
|
volumes:
|
||||||
- /home/administrator/volumes/docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
|
- "{{path_volumes_docker}}nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro"
|
||||||
volumes_from:
|
volumes_from:
|
||||||
- application
|
- application
|
||||||
redis:
|
redis:
|
||||||
|
|||||||
@ -7,7 +7,7 @@ watch -n 2 "docker ps -a | grep peertube"
|
|||||||
|
|
||||||
## clean rebuild
|
## clean rebuild
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/peertube/ &&
|
cd {{path_docker_compose_files}}peertube/ &&
|
||||||
docker-compose down
|
docker-compose down
|
||||||
docker volume rm peertube_assets peertube_config peertube_data peertube_database peertube_redis
|
docker volume rm peertube_assets peertube_config peertube_data peertube_database peertube_redis
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
docker_compose_peertube_path: "/home/administrator/docker-compose/peertube/"
|
docker_compose_peertube_path: "{{path_docker_compose_files}}peertube/"
|
||||||
|
|||||||
@ -8,7 +8,7 @@ docker volume rm pixelfed_application_data pixelfed_database pixelfed_redis_data
|
|||||||
|
|
||||||
## update
|
## update
|
||||||
```bash
|
```bash
|
||||||
cd /home/administrator/docker-compose/pixelfed/ &&
|
cd {{path_docker_compose_files}}pixelfed/ &&
|
||||||
docker-compose down &&
|
docker-compose down &&
|
||||||
docker network prune -f &&
|
docker network prune -f &&
|
||||||
docker-compose pull &&
|
docker-compose pull &&
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate pixelfed
|
- name: recreate pixelfed
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p pixelfed up -d --force-recreate
|
cmd: docker-compose -p pixelfed up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/pixelfed/
|
chdir: "{{path_docker_compose_files}}pixelfed/"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
docker_compose_path: "/home/administrator/docker-compose/pixelfed/"
|
docker_compose_path: "{{path_docker_compose_files}}pixelfed/"
|
||||||
client_max_body_size: "512M"
|
client_max_body_size: "512M"
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
docker_compose_path: "/home/administrator/docker-compose/roulette-wheel/"
|
docker_compose_path: "{{path_docker_compose_files}}roulette-wheel/"
|
||||||
app_path: "/home/administrator/docker-compose/roulette-wheel/app/"
|
app_path: "{{path_docker_compose_files}}roulette-wheel/app/"
|
||||||
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
- name: recreate turn server
|
|
||||||
command:
|
|
||||||
cmd: docker restart -d -p "{{turn_server_listening_port}}:{{turn_server_listening_port}}" -p "{{turn_server_listening_port}}:{{turn_server_listening_port}}/udp" --mount type=tmpfs,destination=/var/lib/coturn --name "turn_server" -v "/home/administrator/volumes/docker/turn-server/turnserver.conf:/etc/coturn/turnserver.conf" coturn/coturn
|
|
||||||
# -p 49152-65535:49152-65535/udp
|
|
||||||
environment:
|
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
|
||||||
@ -1,10 +0,0 @@
|
|||||||
#role server_docker-turn-server
|
|
||||||
|
|
||||||
May this service needs to be implemented for jitis. It's directly integrated in the docker compose file of role server_docker-nextcloud
|
|
||||||
|
|
||||||
## see
|
|
||||||
- https://nextcloud-talk.readthedocs.io/en/latest/TURN/
|
|
||||||
- https://hub.docker.com/r/instrumentisto/coturn
|
|
||||||
- https://forum.openmediavault.org/index.php?thread/31782-server_docker-nextcloud-talk-plugin-and-turnserver/
|
|
||||||
- https://markus-blog.de/index.php/2020/11/20/how-to-run-nextcloud-talk-high-performance-backend-with-stun-turnserver-on-ubuntu-with-docker-compose/
|
|
||||||
- https://github.com/crazy-max/server_docker-nextcloud/issues/15
|
|
||||||
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
#- name: recieve {{turn_server_domain}} certificate
|
|
||||||
# command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{turn_server_domain}}
|
|
||||||
|
|
||||||
- name: "create /home/administrator/volumes/docker/turn-server/"
|
|
||||||
file:
|
|
||||||
path: "/home/administrator/volumes/docker/turn-server"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: configure turnserver.conf
|
|
||||||
template: src=templates/turnserver.conf.j2 dest=/home/administrator/volumes/docker/turn-server/turnserver.conf
|
|
||||||
notify: recreate turn server
|
|
||||||
@ -1,9 +0,0 @@
|
|||||||
listening-port={{turn_server_listening_port}}
|
|
||||||
fingerprint
|
|
||||||
use-auth-secret
|
|
||||||
static-auth-secret={{turn_server_secret}}
|
|
||||||
realm={{turn_server_domain}}
|
|
||||||
total-quota=0
|
|
||||||
bps-capacity=0
|
|
||||||
stale-nonce
|
|
||||||
no-multicast-peers
|
|
||||||
@ -1 +0,0 @@
|
|||||||
turn_server_listening_port: 3478
|
|
||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate wordpress
|
- name: recreate wordpress
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p wordpress up -d --force-recreate
|
cmd: docker-compose -p wordpress up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/wordpress/
|
chdir: "{{path_docker_compose_files}}wordpress/"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -11,12 +11,12 @@
|
|||||||
loop: "{{domains}}"
|
loop: "{{domains}}"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/wordpress/"
|
- name: "create {{path_docker_compose_files}}wordpress/"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose/wordpress/"
|
path: "{{path_docker_compose_files}}wordpress/"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: add docker-compose.yml
|
||||||
template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/wordpress/docker-compose.yml
|
template: src=docker-compose.yml.j2 dest={{path_docker_compose_files}}wordpress/docker-compose.yml
|
||||||
notify: recreate wordpress
|
notify: recreate wordpress
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
- name: recreate yourls
|
- name: recreate yourls
|
||||||
command:
|
command:
|
||||||
cmd: docker-compose -p yourls up -d --force-recreate
|
cmd: docker-compose -p yourls up -d --force-recreate
|
||||||
chdir: /home/administrator/docker-compose/yourls/
|
chdir: "{{path_docker_compose_files}}yourls/"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|||||||
@ -3,15 +3,19 @@
|
|||||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||||
|
|
||||||
- name: configure {{domain}}.conf
|
- name: configure {{domain}}.conf
|
||||||
template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
template:
|
||||||
|
src: "roles/server_native-docker-reverse-proxy/templates/domain.conf.j2"
|
||||||
|
dest: "/etc/nginx/conf.d/{{domain}}.conf"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/yourls/"
|
- name: "create {{path_docker_compose_files}}yourls/"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose/yourls/"
|
path: "{{path_docker_compose_files}}yourls/"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: add docker-compose.yml
|
||||||
template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/yourls/docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{path_docker_compose_files}}yourls/docker-compose.yml"
|
||||||
notify: recreate yourls
|
notify: recreate yourls
|
||||||
|
|||||||
@ -49,6 +49,6 @@ for failed_container in failed_containers:
|
|||||||
filtered_failed_docker_compose_repositories=list(dict.fromkeys(unfiltered_failed_docker_compose_repositories))
|
filtered_failed_docker_compose_repositories=list(dict.fromkeys(unfiltered_failed_docker_compose_repositories))
|
||||||
for filtered_failed_docker_compose_repository in filtered_failed_docker_compose_repositories:
|
for filtered_failed_docker_compose_repository in filtered_failed_docker_compose_repositories:
|
||||||
print("restarting unhealthy container: " + filtered_failed_docker_compose_repository)
|
print("restarting unhealthy container: " + filtered_failed_docker_compose_repository)
|
||||||
print_bash('cd /home/administrator/docker-compose/' + filtered_failed_docker_compose_repository + '/ && docker-compose restart')
|
print_bash('cd {{path_docker_compose_files}}' + filtered_failed_docker_compose_repository + '/ && docker-compose restart')
|
||||||
|
|
||||||
print("finished restart procedure.")
|
print("finished restart procedure.")
|
||||||
@ -1,5 +1,5 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- server_native-docker-volume-backup
|
- server_native-docker-volume-backup
|
||||||
- server_native-user-administrator
|
- server_user-administrator
|
||||||
- server_native-docker-health-check
|
- server_native-docker-health-check
|
||||||
- server_native-docker-compose-restart-unhealthy
|
- server_native-docker-compose-restart-unhealthy
|
||||||
|
|||||||
@ -5,17 +5,17 @@
|
|||||||
state: present
|
state: present
|
||||||
notify: docker restart
|
notify: docker restart
|
||||||
|
|
||||||
- name: "create /home/administrator/docker-compose/"
|
- name: "create {{path_docker_compose_files}}"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/docker-compose"
|
path: "{{path_docker_compose_files}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
group: administrator
|
group: administrator
|
||||||
|
|
||||||
- name: "create /home/administrator/volumes/docker"
|
- name: "create {{path_docker_volumes}}"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/volumes/docker"
|
path: "{{path_docker_volumes}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0700
|
mode: 0700
|
||||||
owner: administrator
|
owner: administrator
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- server_native-user-administrator
|
- server_user-administrator
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
# role server_native-sshd
|
# role server_native-sshd
|
||||||
## dependencies
|
## dependencies
|
||||||
This role depends on that a well configured user administrator exist.
|
This role depends on that a well configured user administrator exist.
|
||||||
For this reason this role depends on the role server_native-user-administrator.
|
For this reason this role depends on the role server_user-administrator.
|
||||||
A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot.
|
A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot.
|
||||||
|
|
||||||
## PAM
|
## PAM
|
||||||
@ -1,2 +1,2 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- server_native-user-administrator
|
- server_user-administrator
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- server_native-user-alarm
|
- server_user-alarm
|
||||||
- server_native-sshd
|
- server_native-sshd
|
||||||
|
|||||||
@ -1,2 +1,3 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- server_native-sudo
|
- server_native-sudo
|
||||||
|
- independent_user-administrator
|
||||||
@ -1,13 +1,3 @@
|
|||||||
- name: create administrator
|
|
||||||
user:
|
|
||||||
name: administrator
|
|
||||||
update_password: on_create
|
|
||||||
password: "{{ user_administrator_initial_password | password_hash('sha512') }}"
|
|
||||||
create_home: yes
|
|
||||||
generate_ssh_key: yes
|
|
||||||
ssh_key_type: rsa
|
|
||||||
ssh_key_bits: 8192
|
|
||||||
|
|
||||||
- name: create /home/administrator/.ssh/authorized_keys
|
- name: create /home/administrator/.ssh/authorized_keys
|
||||||
copy:
|
copy:
|
||||||
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/administrator/.ssh/authorized_keys"
|
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/administrator/.ssh/authorized_keys"
|
||||||
@ -25,14 +15,6 @@
|
|||||||
group: root
|
group: root
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
|
|
||||||
- name: "create /home/administrator/scripts/"
|
|
||||||
file:
|
|
||||||
path: "/home/administrator/scripts"
|
|
||||||
state: directory
|
|
||||||
owner: administrator
|
|
||||||
group: administrator
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- name: "create /home/administrator/volumes/"
|
- name: "create /home/administrator/volumes/"
|
||||||
file:
|
file:
|
||||||
path: "/home/administrator/volumes"
|
path: "/home/administrator/volumes"
|
||||||
Loading…
Reference in New Issue
Block a user