kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-21 12:09:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-04 22:37:07 +01:00
parent 5503326ea6
commit e50fd54f4e
85 changed files with 610 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
group_vars/all/07_applications.yml
View File

@ -147,11 +147,15 @@ defaults_applications:
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest"
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
## Peertube
peertube:

4
playbook.servers.yml
View File

@ -59,9 +59,7 @@
become: true
roles:
- role: docker-mailu
vars:
enable_central_database: "{{enable_central_database_mailu}}"
- name: setup elk hosts
hosts: elk
become: true

15
roles/docker-akaunting/tasks/main.yml
View File

@ -6,9 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml
- name: "include tasks update-repository-with-files.yml"
include_tasks: update-repository-with-files.yml
vars:
detached_files:
- "docker-compose.yml"
- name: configure run.env
template: src=run.env.j2 dest={{docker_compose.directories.instance}}/env/run.env
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

6
roles/docker-akaunting/templates/docker-compose.yml.j2
View File

@ -3,6 +3,9 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: docker.io/akaunting/akaunting:{{applications.akaunting.version}}
build:
context: .
@ -10,9 +13,6 @@ services:
- 127.0.0.1:{{http_port}}:80
volumes:
- data:/var/www/html
restart: {{docker_restart_policy}}
env_file:
- env/run.env
environment:
- AKAUNTING_SETUP
{% include 'templates/docker/container/networks.yml.j2' %}

0
roles/docker-akaunting/templates/run.env.j2 → roles/docker-akaunting/templates/env.j2
View File

7
roles/docker-attendize/tasks/main.yml
View File

@ -17,5 +17,8 @@
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
notify: restart nginx
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml
- name: "include tasks update-repository-with-files.yml"
include_tasks: update-repository-with-files.yml
vars:
detached_files:
- "docker-compose.yml"

12
roles/docker-baserow/tasks/main.yml
View File

@ -6,14 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: add env
- name: "create {{docker_compose.files.env}}"
template:
src: env.j2
dest: "{{docker_compose.directories.instance}}env"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

6
roles/docker-baserow/templates/docker-compose.yml.j2
View File

@ -5,13 +5,9 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: "baserow/baserow:{{applications.baserow.version}}"
container_name: baserow-application
restart: {{docker_restart_policy}}
logging:
driver: journald
env_file:
- ./env
volumes:
- data:/baserow/data
ports:

4
roles/docker-central-database/templates/services/mariadb.yml.j2
View File

@ -7,12 +7,12 @@
image: mariadb
restart: {{docker_restart_policy}}
env_file:
- mein_env_file.env
- {{database_env}}
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"
volumes:
- database:/var/lib/mysql
healthcheck:
test: "/usr/bin/mariadb --user={{database_username}} --password={{database_password}} --execute \"SHOW DATABASES;\""
test: [ "CMD", "sh", "-c", "/usr/bin/mariadb --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" ]
interval: 3s
timeout: 1s
retries: 5

8
roles/docker-compose/templates/services/base.yml.j2 Normal file
View File

@ -0,0 +1,8 @@
# Base for docker services
restart: {{docker_restart_policy}}
env_file:
- "{{docker_compose.files.env}}"
logging:
driver: journald
{{ "\n" }}

12
roles/docker-compose/vars/docker-compose.yml
View File

@ -4,7 +4,11 @@ _docker_compose_directories_instance: "{{ path_docker_compose_instances }}{{ app
# @See https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
docker_compose:
directories:
instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file
env: "{{_docker_compose_directories_instance}}/.env/" # Folder for env files
services: "{{_docker_compose_directories_instance}}/services/" # Folder for services
volumes: "{{_docker_compose_directories_instance}}/volumes/" # Folder for volumes
instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file
env: "{{_docker_compose_directories_instance}}.env/" # Folder for env files
services: "{{_docker_compose_directories_instance}}services/" # Folder for services
volumes: "{{_docker_compose_directories_instance}}volumes/" # Folder for volumes
config: "{{_docker_compose_directories_instance}}config/" # Folder for configuration files
files:
env: "{{_docker_compose_directories_instance}}.env/env" # General env file
docker_compose: "{{_docker_compose_directories_instance}}docker-compose.yml" # Docker Compose file

4
roles/docker-discourse/tasks/main.yml
View File

@ -43,10 +43,10 @@
mode: '700'
state: directory
- name: "copy configuration to {{discourse_repository_directory}}containers/discourse_application.yml"
- name: "copy configuration to {{discourse_application_yml_destination}}"
template:
src: discourse_application.yml.j2
dest: "{{discourse_repository_directory}}containers/discourse_application.yml"
dest: "{{discourse_application_yml_destination}}"
notify: recreate discourse
- name: "destroy container discourse_application"

11
roles/docker-discourse/vars/main.yml
View File

@ -1,5 +1,6 @@
application_id: "discourse"
discourse_application_container: "discourse_application"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"
discourse_repository_directory: "{{ path_docker_compose_instances + application_id + '/repository/' }}"
application_id: "discourse"
discourse_application_container: "discourse_application"
database_password: "{{ discourse_database_password }}"
database_type: "postgres"
discourse_repository_directory: "{{docker_compose.directories.services}}repository/"
discourse_application_yml_destination: "{{discourse_repository_directory}}containers/discourse_application.yml"

14
roles/docker-friendica/tasks/main.yml
View File

@ -6,6 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

32
roles/docker-friendica/templates/docker-compose.yml.j2
View File

@ -4,7 +4,7 @@ services:
application:
image: "friendica:{{applications.friendica.version}}"
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- data:/var/www/html
ports:
@ -25,36 +25,6 @@ services:
interval: 1m
timeout: 10s
retries: 3
environment:
FRIENDICA_URL: https://{{domain}}
HOSTNAME: {{domain}}
FRIENDICA_NO_VALIDATION: false
# Debugging
FRIENDICA_DEBUGGING: false
FRIENDICA_LOGLEVEL: 5
FRIENDICA_LOGGER: stream
FRIENDICA_LOGFILE: php://stdout
# Database Configuration
MYSQL_HOST: "{{database_host}}:{{database_port}}"
MYSQL_DATABASE: {{database_name}}
MYSQL_USER: {{database_username}}
MYSQL_PASSWORD: {{database_password}}
# Email Configuration
SMTP: {{system_email.host}}
SMTP_DOMAIN: {{system_email.domain}}
SMTP_PORT: {{system_email.smtp_port}}
SMTP_AUTH_USER: {{system_email.username}}
SMTP_AUTH_PASS: {{system_email.password}}
SMTP_TLS: {{ 'on' if system_email.tls else 'off' }}
SMTP_STARTTLS: {{ 'on' if system_email.start_tls else 'off' }}
SMTP_FROM: {{system_email.local}}
# Administrator Credentials
FRIENDICA_ADMIN_MAIL: {{administrator_email}}
MAILNAME: {{administrator_email}}
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

29
roles/docker-friendica/templates/env.j2 Normal file
View File

@ -0,0 +1,29 @@
FRIENDICA_URL= https://{{domain}}
HOSTNAME= {{domain}}
FRIENDICA_NO_VALIDATION= false
# Debugging
FRIENDICA_DEBUGGING= false
FRIENDICA_LOGLEVEL= 5
FRIENDICA_LOGGER= stream
FRIENDICA_LOGFILE= php=//stdout
# Database Configuration
MYSQL_HOST= "{{database_host}}:{{database_port}}"
MYSQL_DATABASE= {{database_name}}
MYSQL_USER= {{database_username}}
MYSQL_PASSWORD= {{database_password}}
# Email Configuration
SMTP= {{system_email.host}}
SMTP_DOMAIN= {{system_email.domain}}
SMTP_PORT= {{system_email.smtp_port}}
SMTP_AUTH_USER= {{system_email.username}}
SMTP_AUTH_PASS= {{system_email.password}}
SMTP_TLS= {{ 'on' if system_email.tls else 'off' }}
SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }}
SMTP_FROM= {{system_email.local}}
# Administrator Credentials
FRIENDICA_ADMIN_MAIL= {{administrator_email}}
MAILNAME= {{administrator_email}}

16
roles/docker-funkwhale/tasks/main.yml
View File

@ -7,14 +7,18 @@
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: add .env
- name: "create {{docker_compose.files.env}}"
template:
src: env.j2
dest: "{{docker_compose.directories.instance}}.env"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
notify: docker compose project setup

17
roles/docker-funkwhale/templates/docker-compose.yml.j2
View File

@ -13,9 +13,8 @@ services:
# of CPUs. You can adjust this, by explicitly setting the --concurrency
# flag:
# celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: funkwhale/api:${FUNKWHALE_VERSION}
env_file: .env
command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
environment:
- C_FORCE_ROOT=true
@ -26,17 +25,15 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
celerybeat:
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: funkwhale/api:${FUNKWHALE_VERSION}
env_file: .env
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
api:
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: funkwhale/api:${FUNKWHALE_VERSION}
env_file: .env
volumes:
- "music:${MUSIC_DIRECTORY_PATH}:ro"
- "data:${MEDIA_ROOT}"
@ -47,12 +44,10 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
front:
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: funkwhale/front:${FUNKWHALE_VERSION}
depends_on:
- api
env_file:
- .env
environment:
# Override those variables in your .env file if needed
- "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
@ -65,9 +60,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
typesense:
restart: {{docker_restart_policy}}
env_file:
- .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: typesense/typesense:0.24.0
volumes:
- ./typesense/data:/data

14
roles/docker-gitea/tasks/main.yml
View File

@ -6,6 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

18
roles/docker-gitea/templates/docker-compose.yml.j2
View File

@ -3,24 +3,8 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
logging:
driver: journald
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: "gitea/gitea:{{applications.gitea.version}}"
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=mysql
- DB_HOST={{database_host}}:{{database_port}}
- DB_NAME={{database_name}}
- DB_USER={{database_username}}
- DB_PASSWD={{database_password}}
- SSH_PORT={{ports.public.ssh_ports[application_id]}}
- SSH_LISTEN_PORT=22
- DOMAIN={{domain}}
- SSH_DOMAIN={{domain}}
- RUN_MODE="{{run_mode}}"
- ROOT_URL="https://{{domain}}/"
ports:
- "127.0.0.1:{{http_port}}:3000"
- "{{ports.public.ssh_ports[application_id]}}:22"

13
roles/docker-gitea/templates/env.j2 Normal file
View File

@ -0,0 +1,13 @@
USER_UID=1000
USER_GID=1000
DB_TYPE=mysql
DB_HOST={{database_host}}:{{database_port}}
DB_NAME={{database_name}}
DB_USER={{database_username}}
DB_PASSWD={{database_password}}
SSH_PORT={{ports.public.ssh_ports[application_id]}}
SSH_LISTEN_PORT=22
DOMAIN={{domain}}
SSH_DOMAIN={{domain}}
RUN_MODE="{{run_mode}}"
ROOT_URL="https://{{domain}}/"

14
roles/docker-gitlab/tasks/main.yml
View File

@ -6,6 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

22
roles/docker-gitlab/templates/docker-compose.yml.j2
View File

@ -6,28 +6,8 @@ services:
web:
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
restart: {{docker_restart_policy}}
hostname: '{{domain}}'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://{{domain}}'
postgresql['enable'] = false
gitlab_rails['gitlab_shell_ssh_port'] = {{ports.public.ssh_ports[application_id]}}
gitlab_rails['db_adapter'] = 'postgresql'
gitlab_rails['db_encoding'] = 'utf8'
gitlab_rails['db_host'] = '{{database_host}}'
gitlab_rails['db_port'] = '{{database_port}}''
gitlab_rails['db_username'] = '{{database_username}}'
gitlab_rails['db_password'] = '{{database_password}}'
gitlab_rails['db_database'] = "{{database_name}}"
nginx['listen_port'] = 80
nginx['listen_https'] = false
gitlab_rails['initial_root_password'] = "{{gitlab_initial_root_password}}"
redis['enable'] = false
gitlab_rails['redis_host'] = 'redis'
gitlab_rails['redis_port'] = '6379'
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{http_port}}:80"
- "{{ports.public.ssh_ports[application_id]}}:22"

22
roles/docker-gitlab/templates/env.j2 Normal file
View File

@ -0,0 +1,22 @@
{# env.j2 #}
{% set config_lines = [
"external_url 'https://{{ domain }}'",
"postgresql['enable']=false",
"gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh_ports[application_id] }}",
"gitlab_rails['db_adapter']='postgresql'",
"gitlab_rails['db_encoding']='utf8'",
"gitlab_rails['db_host']='{{ database_host }}'",
"gitlab_rails['db_port']='{{ database_port }}'",
"gitlab_rails['db_username']='{{ database_username }}'",
"gitlab_rails['db_password']='{{ database_password }}'",
"gitlab_rails['db_database']=\"{{ database_name }}\"",
"nginx['listen_port']=80",
"nginx['listen_https']=false",
"",
"gitlab_rails['initial_root_password']=\"{{ gitlab_initial_root_password }}\"",
"",
"redis['enable']=false",
"gitlab_rails['redis_host']='redis'",
"gitlab_rails['redis_port']='6379'"
] %}
GITLAB_OMNIBUS_CONFIG="{{ config_lines | join('\\n') }}"

14
roles/docker-joomla/tasks/main.yml
View File

@ -9,6 +9,16 @@
loop_control:
loop_var: domain
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

9
roles/docker-joomla/templates/docker-compose.yml.j2
View File

@ -4,14 +4,7 @@ services:
application:
image: "joomla:{{applications.joomla.version}}"
logging:
driver: journald
environment:
JOOMLA_DB_HOST: "{{database_host}}:{{database_port}}"
JOOMLA_DB_USER: "{{database_username}}"
JOOMLA_DB_PASSWORD: "{{database_password}}"
JOOMLA_DB_NAME: "{{database_name}}"
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- data:/var/www/html
ports:

4
roles/docker-joomla/templates/env.j2 Normal file
View File

@ -0,0 +1,4 @@
JOOMLA_DB_HOST="{{database_host}}:{{database_port}}"
JOOMLA_DB_USER="{{database_username}}"
JOOMLA_DB_PASSWORD="{{database_password}}"
JOOMLA_DB_NAME="{{database_name}}"

14
roles/docker-keycloak/tasks/main.yml
View File

@ -6,6 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

11
roles/docker-keycloak/templates/docker-compose.yml.j2
View File

@ -5,16 +5,7 @@ services:
application:
image: quay.io/keycloak/keycloak:{{applications.keycloak.version}}
command: start
environment:
KC_HOSTNAME: https://{{domain}}
KC_HTTP_ENABLED: true
KC_HEALTH_ENABLED: true
KEYCLOAK_ADMIN: "{{applications.keycloak.administrator_username}}"
KEYCLOAK_ADMIN_PASSWORD: "{{keycloak_administrator_password}}"
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://{{database_host}}/{{database_name}}
KC_DB_USERNAME: {{database_username}}
KC_DB_PASSWORD: {{database_password}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{http_port}}:8080"
restart: {{docker_restart_policy}}

9
roles/docker-keycloak/templates/env.j2 Normal file
View File

@ -0,0 +1,9 @@
KC_HOSTNAME= https://{{domain}}
KC_HTTP_ENABLED= true
KC_HEALTH_ENABLED= true
KEYCLOAK_ADMIN= "{{applications.keycloak.administrator_username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{keycloak_administrator_password}}"
KC_DB= postgres
KC_DB_URL= jdbc:postgresql://{{database_host}}/{{database_name}}
KC_DB_USERNAME= {{database_username}}
KC_DB_PASSWORD= {{database_password}}

34
roles/docker-ldap/tasks/main.yml
View File

@ -19,14 +19,32 @@
state: absent
when: not applications.ldap.openldap.expose_to_internet | bool
- name: "create {{docker_compose.directories.instance}}"
file:
path: "{{docker_compose.directories.instance}}"
state: directory
mode: 0755
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: add docker-compose.yml
- name: "create {{docker_compose.files.env}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
- name: "create {{docker_compose.directories.env}}phpldapadmin.env"
template:
src: "phpldapadmin.env.j2"
dest: "{{docker_compose.directories.env}}phpldapadmin.env"
mode: '770'
force: yes
notify: docker compose project setup
- name: "create {{docker_compose.directories.env}}lam.env"
template:
src: "lam.env.j2"
dest: "{{docker_compose.directories.env}}lam.env"
mode: '770'
force: yes
notify: docker compose project setup

51
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -11,64 +11,23 @@ services:
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM
ports:
- 127.0.0.1:{{http_port}}:80
environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD: {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE: files # configuration database (files or mysql) @todo implement mariadb
env_file:
- "{{docker_compose.directories.env}}lam.env"
# LDAP Configuration
LDAP_SERVER: ldap://openldap:389 # LDAP server URL
LDAP_DOMAIN: {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_BASE_DN: {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP admin password
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
ports:
- 127.0.0.1:{{http_port}}:8080
environment:
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
APP_URL: https://{{domain}}
LDAP_HOST: openldap
env_file:
- "{{docker_compose.directories.env}}phpldapadmin.env"
{% endif %}
openldap:
image: bitnami/openldap:{{applications.ldap.openldap.version}}
container_name: openldap
logging:
driver: journald
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}} # Expose just on localhost so that nginx stream proxy can use it
- 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
environment:
# @See https://hub.docker.com/r/bitnami/openldap
# GENERAL
## Database
LDAP_ADMIN_USERNAME: {{applications.ldap.administrator_username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP database admin password.
## Users
LDAP_USERS: ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
LDAP_PASSWORDS: ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
LDAP_ROOT: {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
## Admin
LDAP_ADMIN_DN: {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect
LDAP_CONFIG_ADMIN_ENABLED: yes
LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
# Network
LDAP_PORT_NUMBER: {{ldap_localhost_port}} # Route to default port
LDAP_ENABLE_TLS: no # Using nginx proxy for tls
LDAP_LDAPS_PORT_NUMBER: {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
# Security
LDAP_ALLOW_ANON_BINDING: no # Allow anonymous bindings to the LDAP server. Default: yes.
volumes:
- 'data:/bitnami/openldap'
healthcheck:

26
roles/docker-ldap/templates/env.j2 Normal file
View File

@ -0,0 +1,26 @@
# @See https://hub.docker.com/r/bitnami/openldap
# GENERAL
## Database
LDAP_ADMIN_USERNAME= {{applications.ldap.administrator_username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP database admin password.
## Users
LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
LDAP_PASSWORDS= ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
LDAP_ROOT= {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
## Admin
LDAP_ADMIN_DN= {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect
LDAP_CONFIG_ADMIN_ENABLED= yes
LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
# Network
LDAP_PORT_NUMBER= {{ldap_localhost_port}} # Route to default port
LDAP_ENABLE_TLS= no # Using nginx proxy for tls
LDAP_LDAPS_PORT_NUMBER= {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
# Security
LDAP_ALLOW_ANON_BINDING= no # Allow anonymous bindings to the LDAP server. Default: yes.

13
roles/docker-ldap/templates/lam.env.j2 Normal file
View File

@ -0,0 +1,13 @@
# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
# LDAP Configuration
LDAP_SERVER= {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_BASE_DN= {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER= {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP admin password

3
roles/docker-ldap/templates/phpldapadmin.env.j2 Normal file
View File

@ -0,0 +1,3 @@
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
APP_URL= https://{{domain}}
LDAP_HOST= openldap

16
roles/docker-listmonk/tasks/main.yml
View File

@ -15,16 +15,24 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
- name: add config.toml
template:
src: "config.toml.j2"
dest: "{{docker_compose.directories.instance}}config.toml"
dest: "{{docker_compose.directories.config}}config.toml"
notify: docker compose project setup
- name: flush docker service

6
roles/docker-listmonk/templates/docker-compose.yml.j2
View File

@ -3,14 +3,12 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: listmonk/listmonk:{{applications.listmonk.version}}
ports:
- "127.0.0.1:{{http_port}}:9000"
environment:
- TZ=Etc/UTC
volumes:
- ./config.toml:/listmonk/config.toml
- {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

1
roles/docker-listmonk/templates/env.j2 Normal file
View File

@ -0,0 +1 @@
TZ=Etc/UTC

8
roles/docker-mailu/README.md
View File

@ -41,14 +41,6 @@ If you need to receive emails from another account, follow these steps:
2. Export all data from your original account.
3. Import all data to your new account.
### Data Deletion
To delete all volumes and data, execute the following command with caution:
```bash
rm -vr /etc/mailu/; docker volume rm $(docker volume ls -q | grep mailu_)
```
### Port Management
Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:

26
roles/docker-mailu/tasks/main.yml
View File

@ -8,32 +8,22 @@
vars:
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
- name: "create {{docker_compose.directories.instance}}"
file:
path: "{{docker_compose.directories.instance}}"
state: directory
mode: 0755
- name: "create /etc/mailu/"
file:
path: "/etc/mailu"
state: directory
mode: 0755
- name: "Include the nginx-docker-cert-deploy role"
include_role:
name: nginx-docker-cert-deploy
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: add .env
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.directories.instance}}.env"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
- name: flush docker service

60
roles/docker-mailu/templates/docker-compose.yml.j2
View File

@ -7,19 +7,13 @@ services:
# Core services
resolver:
image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
env_file: .env
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
ipv4_address: {{networks.local.mailu.dns}}
logging:
driver: journald
front:
image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{ http_port }}:80"
- "{{networks.internet.ip4}}:25:25"
@ -31,7 +25,7 @@ services:
- "{{networks.internet.ip4}}:993:993"
- "{{networks.internet.ip4}}:4190:4190"
volumes:
- "/etc/mailu/overrides/nginx:/overrides:ro"
- "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
- "{{cert_mount_directory}}:/certs:ro"
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
resolver:
@ -44,8 +38,7 @@ services:
admin:
image: ghcr.io/mailu/admin:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "admin_data:/data"
- "dkim:/dkim"
@ -54,42 +47,34 @@ services:
condition: service_started
front:
condition: service_started
logging:
driver: journald
dns:
- {{networks.local.mailu.dns}}
{% include 'templates/docker/container/networks.yml.j2' %}
imap:
image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "dovecot_mail:/mail"
- "/etc/mailu/overrides:/overrides:ro"
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
depends_on:
- front
- resolver
dns:
- {{networks.local.mailu.dns}}
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
smtp:
image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "/etc/mailu/overrides:/overrides:ro"
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
- "smtp_queue:/queue"
depends_on:
- front
- resolver
dns:
- {{networks.local.mailu.dns}}
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
oletools:
@ -105,12 +90,11 @@ services:
antispam:
image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "filter:/var/lib/rspamd"
- "dkim:/dkim"
- "/etc/mailu/overrides/rspamd:/overrides:ro"
- "{{docker_compose.directories.volumes}}overrides/rspamd:/overrides:ro"
depends_on:
- front
- redis
@ -118,8 +102,6 @@ services:
- resolver
dns:
- {{networks.local.mailu.dns}}
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
noinet:
@ -127,26 +109,20 @@ services:
# Optional services
antivirus:
image: clamav/clamav-debian:latest
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "filter:/data"
depends_on:
- resolver
dns:
- {{networks.local.mailu.dns}}
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
webdav:
image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "webdav_data:/data"
logging:
driver: journald
depends_on:
- resolver
dns:
@ -158,10 +134,7 @@ services:
image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
volumes:
- "admin_data:/data"
restart: {{docker_restart_policy}}
env_file: .env
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
depends_on:
- admin
- smtp
@ -173,17 +146,14 @@ services:
webmail:
image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "webmail_data:/data"
- "/etc/mailu/overrides:/overrides:ro"
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
depends_on:
- imap
- front
- resolver
logging:
driver: journald
dns:
- {{networks.local.mailu.dns}}
{% include 'templates/docker/container/networks.yml.j2' %}

9
roles/docker-mailu/vars/main.yml
View File

@ -1,5 +1,10 @@
application_id: "mailu"
database_password: "{{mailu_database_password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.instance}}/certs/"
enable_wildcard_certificate: false
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
enable_wildcard_certificate: false
# I don't know why this configuration is necessary.
# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
# @todo research
enable_central_database: "{{enable_central_database_mailu}}"

14
roles/docker-mastodon/tasks/main.yml
View File

@ -9,14 +9,18 @@
loop_control:
loop_var: domain
- name: copy docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: copy configuration
- name: "create {{docker_compose.files.env}}"
template:
src: .env.production.j2
dest: "{{docker_compose.directories.instance}}.env.production"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
- name: flush docker service

15
roles/docker-mastodon/templates/docker-compose.yml.j2
View File

@ -6,8 +6,7 @@ services:
web:
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
healthcheck:
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
@ -16,36 +15,28 @@ services:
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
volumes:
- data:/mastodon/public/system
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
streaming:
image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: node ./streaming
healthcheck:
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
ports:
- "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000"
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
sidekiq:
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: bundle exec sidekiq
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
volumes:
- data:/mastodon/public/system
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
logging:
driver: journald
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/compose/volumes.yml.j2' %}

0
roles/docker-mastodon/templates/.env.production.j2 → roles/docker-mastodon/templates/env.j2
View File

16
roles/docker-matomo/tasks/main.yml
View File

@ -6,8 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

10
roles/docker-matomo/templates/docker-compose.yml.j2
View File

@ -3,18 +3,10 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: matomo:{{applications.matomo.version}}
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{http_port}}:80"
environment:
MATOMO_DATABASE_HOST: "{{database_host}}:{{database_port}}"
MATOMO_DATABASE_ADAPTER: "mysql"
MATOMO_DATABASE_USERNAME: "{{database_username}}"
MATOMO_DATABASE_PASSWORD: "{{database_password}}"
MATOMO_DATABASE_DBNAME: "{{database_name}}"
volumes:
- data:/var/www/html
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

5
roles/docker-matomo/templates/env.j2 Normal file
View File

@ -0,0 +1,5 @@
MATOMO_DATABASE_HOST= "{{database_host}}:{{database_port}}"
MATOMO_DATABASE_ADAPTER= "mysql"
MATOMO_DATABASE_USERNAME= "{{database_username}}"
MATOMO_DATABASE_PASSWORD= "{{database_password}}"
MATOMO_DATABASE_DBNAME= "{{database_name}}"

16
roles/docker-moodle/tasks/main.yml
View File

@ -6,8 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

19
roles/docker-moodle/templates/docker-compose.yml.j2
View File

@ -5,27 +5,12 @@ services:
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
ports:
- 127.0.0.1:{{http_port}}:8080
restart: {{docker_restart_policy}}
logging:
driver: journald
environment:
- MOODLE_DATABASE_HOST={{database_host}}
- MOODLE_DATABASE_PORT_NUMBER={{database_port}}
- MOODLE_DATABASE_USER={{database_username}}
- MOODLE_DATABASE_NAME={{database_name}}
- MOODLE_DATABASE_PASSWORD={{database_password}}
- ALLOW_EMPTY_PASSWORD=no
- MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
- MOODLE_SSLPROXY=yes
- MOODLE_REVERSE_PROXY=yes
- MOODLE_USERNAME={{applications.moodle.administrator_name}}
- MOODLE_PASSWORD={{moodle_user_password}}
- MOODLE_EMAIL={{applications.moodle.administrator_email}}
- BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- 'moodle:/bitnami/moodle'
- 'data:/bitnami/moodledata'
# Healthcheck is not possible due to missing curl and wget in container
# @todo implement healthcheck
# healthcheck:
# test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"]
# interval: 1m

13
roles/docker-moodle/templates/env.j2 Normal file
View File

@ -0,0 +1,13 @@
MOODLE_DATABASE_HOST={{database_host}}
MOODLE_DATABASE_PORT_NUMBER={{database_port}}
MOODLE_DATABASE_USER={{database_username}}
MOODLE_DATABASE_NAME={{database_name}}
MOODLE_DATABASE_PASSWORD={{database_password}}
ALLOW_EMPTY_PASSWORD=no
MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
MOODLE_SSLPROXY=yes
MOODLE_REVERSE_PROXY=yes
MOODLE_USERNAME={{applications.moodle.administrator_name}}
MOODLE_PASSWORD={{moodle_user_password}}
MOODLE_EMAIL={{applications.moodle.administrator_email}}
BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}

14
roles/docker-nextcloud/tasks/main.yml
View File

@ -18,10 +18,18 @@
dest: "{{docker_compose.directories.volumes}}nginx.conf"
notify: docker compose project setup
- name: add docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: docker-compose.yml.j2
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup
# @todo activate

27
roles/docker-nextcloud/templates/docker-compose.yml.j2
View File

@ -7,34 +7,9 @@ services:
application:
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
container_name: {{nextcloud_application_container_name}}
restart: {{docker_restart_policy}}
logging:
driver: journald
volumes:
- data:/var/www/html
environment:
# See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
# Database Configuration
MYSQL_DATABASE: "{{database_name}}"
MYSQL_USER: "{{database_username}}"
MYSQL_PASSWORD: "{{database_password}}"
MYSQL_HOST: "{{database_host}}:{{database_port}}"
# Memory
PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder
# Email Configuration
SMTP_HOST: {{system_email.host}}
SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT: {{system_email.smtp_port}}
SMTP_NAME: {{system_email.username}}
SMTP_PASSWORD: {{system_email.password}}
# Email from configuration
MAIL_FROM_ADDRESS: no-reply
MAIL_DOMAIN: {{system_email.domain}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}

21
roles/docker-nextcloud/templates/env.j2 Normal file
View File

@ -0,0 +1,21 @@
# See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
# Database Configuration
MYSQL_DATABASE= "{{database_name}}"
MYSQL_USER= "{{database_username}}"
MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
# Memory
PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
# Email Configuration
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.smtp_port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
# Email from configuration
MAIL_FROM_ADDRESS= no-reply
MAIL_DOMAIN= {{system_email.domain}}

4
roles/docker-oauth2-proxy/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.instance}}"
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.volumes}}"
template:
src: oauth2-proxy-keycloak.cfg.j2
dest: "{{docker_compose.directories.instance}}{{applications.oauth2_proxy.configuration_file}}"
dest: "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}"
notify:
- docker compose project setup

2
roles/docker-oauth2-proxy/templates/container.yml.j2
View File

@ -6,5 +6,5 @@
ports:
- {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
volumes:
- "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
- "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
{% include 'templates/docker/container/networks.yml.j2' %}

3
roles/docker-openproject/files/Gemfile.plugins
View File

@ -1,3 +1,4 @@
group :opf_plugins do
gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
# Deactivated plugin because it seems like it's already included in the basic image
#gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
end

14
roles/docker-openproject/handlers/main.yml
View File

@ -1,8 +1,16 @@
---
- name: rebuild docker image
- name: rebuild custom openproject docker image
command:
cmd: docker build --no-cache -t custom_openproject .
chdir: "{{docker_compose.directories.instance}}"
cmd: docker build --no-cache -t {{custom_openproject_image}} .
chdir: "{{openproject_plugins_service}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
- name: rebuild openproject repository
command:
cmd: docker compose build
chdir: "{{openproject_repository_service}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

53
roles/docker-openproject/tasks/main.yml
View File

@ -6,24 +6,43 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml
#- name: "include tasks update-repository-with-files.yml"
# include_tasks: update-repository-with-files.yml
# vars:
# detached_files:
# - "docker-compose.yml"
- name: "Transfering Gemfile.plugins to {{docker_compose.directories.instance}}"
- name: "Create {{openproject_plugins_service}}"
file:
path: "{{openproject_plugins_service}}"
state: directory
mode: '0755'
- name: "Transfering Gemfile.plugins to {{openproject_plugins_service}}"
copy:
src: Gemfile.plugins
dest: "{{docker_compose.directories.instance}}Gemfile.plugins"
dest: "{{openproject_plugins_service}}Gemfile.plugins"
notify:
- docker compose project setup
- rebuild docker image
- rebuild custom openproject docker image
- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}"
copy:
- name: "Transfering Dockerfile to {{openproject_plugins_service}}Dockerfile"
template:
src: Dockerfile
dest: "{{docker_compose.directories.instance}}Dockerfile"
dest: "{{openproject_plugins_service}}Dockerfile"
notify:
- docker compose project setup
- rebuild docker image
- rebuild custom openproject docker image
- name: pull docker repository
git:
repo: "{{ repository_address }}"
dest: "{{ openproject_repository_service }}"
update: yes
notify:
- docker compose project setup
- rebuild openproject repository
become: true
- name: "create {{dummy_volume}}"
file:
@ -31,8 +50,16 @@
state: directory
mode: 0755
- name: "copy .env"
template:
src: env.j2
dest: "{{ docker_compose.directories.instance }}.env"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

2
roles/docker-openproject/files/Dockerfile → roles/docker-openproject/templates/Dockerfile
View File

@ -1,4 +1,4 @@
FROM openproject/community:13
FROM openproject/community:{{applications.openproject.version}}
# If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
# you will have to copy the plugin code into the container here and use the

26
roles/docker-openproject/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
x-op-app: &app
logging:
driver: journald
image: custom_openproject
image: {{custom_openproject_image}}
environment:
OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}"
OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}"
@ -27,16 +27,12 @@ services:
cache:
image: memcached
container_name: openproject-memcached
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
proxy:
restart: {{docker_restart_policy}}
logging:
driver: journald
image: custom_openproject
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: {{custom_openproject_image}}
container_name: openproject-proxy
command: "./docker/prod/proxy"
ports:
@ -53,7 +49,7 @@ services:
web:
<<: *app
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: "./docker/prod/web"
container_name: openproject-web
{% include 'templates/docker/container/networks.yml.j2' %}
@ -74,9 +70,7 @@ services:
autoheal:
image: willfarrell/autoheal:1.2.0
container_name: openproject-autoheal
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
@ -86,7 +80,7 @@ services:
worker:
<<: *app
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: "./docker/prod/worker"
container_name: openproject-worker
{% include 'templates/docker/container/networks.yml.j2' %}
@ -98,7 +92,7 @@ services:
cron:
<<: *app
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
command: "./docker/prod/cron"
container_name: openproject-cron
{% include 'templates/docker/container/networks.yml.j2' %}
@ -112,6 +106,10 @@ services:
<<: *app
command: "./docker/prod/seeder"
container_name: openproject-seeder
env_file:
- "{{docker_compose.files.env}}"
logging:
driver: journald
restart: on-failure
{% include 'templates/docker/container/networks.yml.j2' %}

9
roles/docker-openproject/vars/main.yml
View File

@ -1,12 +1,15 @@
application_id: "openproject"
repository_directory: "{{ path_docker_compose_instances }}{{application_id}}/"
docker_compose.directories.instance: "{{repository_directory}}compose/"
repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{openproject_database_password}}"
database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"
openproject_repository_service: "{{docker_compose.directories.services}}repository/"
custom_openproject_image: "custom_openproject"
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
dummy_volume: "{{repository_directory}}dummy_volume"
dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume"
# OAuth2 Proxy Configuration
oauth2_proxy_upstream_application_and_port: "proxy:80"

14
roles/docker-peertube/tasks/main.yml
View File

@ -9,12 +9,16 @@
loop_control:
loop_var: domain
- name: copy docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: copy configuration
- name: "create {{docker_compose.files.env}}"
template:
src: env.j2
dest: "{{docker_compose.directories.instance}}.env"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

4
roles/docker-peertube/templates/docker-compose.yml.j2
View File

@ -6,8 +6,7 @@ services:
application:
image: chocobozzz/peertube:production-{{applications.peertube.version}}
env_file:
- .env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "1935:1935"
- "{{http_port}}:9000"
@ -15,7 +14,6 @@ services:
- assets:/app/client/dist
- data:/data
- config:/config
restart: "always"
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}

16
roles/docker-phpmyadmin/tasks/main.yml
View File

@ -6,8 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

10
roles/docker-phpmyadmin/templates/docker-compose.yml.j2
View File

@ -3,17 +3,9 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
logging:
driver: journald
image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
container_name: phpmyadmin
environment:
PMA_HOST: central-mariadb
{% if applications.phpmyadmin.autologin | bool %}
PMA_USER: root
PMA_PASSWORD: "{{central_mariadb_root_password}}"
{% endif %}
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{http_port}}:80"
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

5
roles/docker-phpmyadmin/templates/env.j2 Normal file
View File

@ -0,0 +1,5 @@
PMA_HOST= central-mariadb
{% if applications.phpmyadmin.autologin | bool %}
PMA_USER= root
PMA_PASSWORD= "{{central_mariadb_root_password}}"
{% endif %}

12
roles/docker-pixelfed/tasks/main.yml
View File

@ -6,14 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: add env
- name: "create {{docker_compose.files.env}}"
template:
src: env.j2
dest: "{{docker_compose.directories.instance}}env"
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

12
roles/docker-pixelfed/templates/docker-compose.yml.j2
View File

@ -6,11 +6,7 @@ services:
application:
image: zknt/pixelfed:{{applications.pixelfed.version}}
restart: {{docker_restart_policy}}
logging:
driver: journald
env_file:
- ./env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "data:/var/www/storage"
- "./env:/var/www/.env"
@ -20,11 +16,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
worker:
image: zknt/pixelfed:{{applications.pixelfed.version}}
restart: {{docker_restart_policy}}
logging:
driver: journald
env_file:
- ./env
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- "data:/var/www/storage"
- "./env:/var/www/.env"

7
roles/docker-portfolio/tasks/main.yml
View File

@ -6,8 +6,11 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml
- name: "include tasks update-repository-with-files.yml"
include_tasks: update-repository-with-files.yml
vars:
detached_files:
- "docker-compose.yml"
- name: create {{docker_compose.directories.instance}}/app/config.yaml
copy:

6
roles/docker-taiga/tasks/main.yml
View File

@ -10,6 +10,6 @@
include_tasks: update-repository-with-files.yml
vars:
detached_files:
- .env
- docker-compose.yml
- docker-compose-inits.yml
- "{{docker_compose.directories.env}}env"
- "{{docker_compose.directories.instance}}docker-compose.yml"
- "{{docker_compose.directories.instance}}docker-compose-inits.yml"

1
roles/docker-taiga/templates/docker-compose-inits.yml.j2
View File

@ -32,6 +32,7 @@ services:
taiga-manage:
image: taigaio/taiga-back:latest
environment: *default-back-environment
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}

36
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -38,16 +38,12 @@ x-volumes:
services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
taiga-back:
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: taigaio/taiga-back:{{applications.taiga.version}}
environment: *default-back-environment
volumes: *default-back-volumes
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
taiga-events-rabbitmq:
condition: service_started
@ -55,9 +51,7 @@ services:
condition: service_started
taiga-async:
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: taigaio/taiga-back:latest
entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
environment: *default-back-environment
@ -82,9 +76,7 @@ services:
hostname: "taiga-async-rabbitmq"
volumes:
- async-rabbitmq-data:/var/lib/rabbitmq
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
@ -95,10 +87,7 @@ services:
TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}"
TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}"
TAIGA_SUBPATH: "${SUBPATH}"
# ...your customizations go here
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
@ -111,10 +100,7 @@ services:
RABBITMQ_USER: "${RABBITMQ_USER}"
RABBITMQ_PASS: "${RABBITMQ_PASS}"
TAIGA_SECRET_KEY: "${SECRET_KEY}"
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
depends_on:
@ -131,9 +117,7 @@ services:
hostname: "events-rabbitmq"
volumes:
- events-rabbitmq-data:/var/lib/rabbitmq
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
@ -143,9 +127,7 @@ services:
environment:
MAX_AGE: "${ATTACHMENTS_MAX_AGE}"
SECRET_KEY: "${SECRET_KEY}"
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:
@ -158,9 +140,7 @@ services:
- ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
- static-data:/taiga/static
- media-data:/taiga/media
restart: {{docker_restart_policy}}
logging:
driver: journald
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
taiga:

2
roles/docker-wordpress/handlers/main.yml
View File

@ -1,7 +1,7 @@
---
- name: rebuild wordpress container
command:
cmd: docker build --no-cache -t custom_wordpress .
cmd: docker build --no-cache -t {{custom_wordpress_image}} .
chdir: "{{docker_compose.directories.instance}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600

15
roles/docker-wordpress/tasks/main.yml
View File

@ -27,6 +27,17 @@
- docker compose project setup
- rebuild wordpress container
- name: "add docker-compose.yml to {{docker_compose.directories.instance}}"
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

11
roles/docker-wordpress/templates/docker-compose.yml.j2
View File

@ -3,20 +3,13 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
logging:
driver: journald
image: custom_wordpress
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: {{custom_wordpress_image}}
container_name: wordpress-application
build:
context: .
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{http_port}}:80"
environment:
WORDPRESS_DB_HOST: "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER: "{{database_username}}"
WORDPRESS_DB_PASSWORD: "{{database_password}}"
WORDPRESS_DB_NAME: "{{database_name}}"
volumes:
- data:/var/www/html
healthcheck:

4
roles/docker-wordpress/templates/env.j2 Normal file
View File

@ -0,0 +1,4 @@
WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER= "{{database_username}}"
WORDPRESS_DB_PASSWORD= "{{database_password}}"
WORDPRESS_DB_NAME= "{{database_name}}"

3
roles/docker-wordpress/vars/main.yml
View File

@ -1,4 +1,5 @@
application_id: "wordpress"
wordpress_max_upload_size: "64M"
database_type: "mariadb"
database_password: "{{wordpress_database_password}}"
database_password: "{{wordpress_database_password}}"
custom_wordpress_image: "custom_wordpress"

16
roles/docker-yourls/tasks/main.yml
View File

@ -6,8 +6,16 @@
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
- name: "create {{docker_compose.files.docker_compose}}"
template:
src: "docker-compose.yml.j2"
dest: "{{docker_compose.files.docker_compose}}"
notify: docker compose project setup
- name: "create {{docker_compose.files.env}}"
template:
src: "env.j2"
dest: "{{docker_compose.files.env}}"
mode: '770'
force: yes
notify: docker compose project setup

12
roles/docker-yourls/templates/docker-compose.yml.j2
View File

@ -3,20 +3,10 @@ services:
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
application:
logging:
driver: journald
image: yourls:{{applications.yourls.version}}
restart: {{docker_restart_policy}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{http_port}}:80"
environment:
YOURLS_DB_HOST: "{{database_host}}"
YOURLS_DB_USER: "{{database_username}}"
YOURLS_DB_PASS: "{{database_password}}"
YOURLS_DB_NAME: "{{database_name}}"
YOURLS_SITE: "https://{{domain}}"
YOURLS_USER: "{{applications.yourls.administrator_username}}"
YOURLS_PASS: "{{yourls_administrator_password}}"
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]
interval: 1m

7
roles/docker-yourls/templates/env.j2 Normal file
View File

@ -0,0 +1,7 @@
YOURLS_DB_HOST: "{{database_host}}"
YOURLS_DB_USER: "{{database_username}}"
YOURLS_DB_PASS: "{{database_password}}"
YOURLS_DB_NAME: "{{database_name}}"
YOURLS_SITE: "https://{{domain}}"
YOURLS_USER: "{{applications.yourls.administrator_username}}"
YOURLS_PASS: "{{yourls_administrator_password}}"

15
roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
View File

@ -2,29 +2,30 @@
# Check if the necessary parameters are provided
if [ "$#" -ne 2 ]; then
echo "Usage: $0 <domain> <docker_compose.directories.instance>"
echo "Usage: $0 <domain> <docker_compose_instance_directory>"
exit 1
fi
# Assign parameters
domain="$1"
docker_compose.directories.instance="$2"
docker_compose_instance_directory="$2"
docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs"
# Copy certificates
cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose.directories.instance/certs" || exit 1
cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_cert_directory" || exit 1
# This code is optimized for mailu
cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose.directories.instance/certs/key.pem" || exit 1
cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose.directories.instance/certs/cert.pem" || exit 1
cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1
cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1
# Set correct reading rights
chmod a+r -v "$docker_compose.directories.instance/certs/"*
chmod a+r -v "$docker_compose_cert_directory/"*
# Flag to track if any Nginx reload was successful
nginx_reload_successful=false
# Reload Nginx in all containers within the Docker Compose setup
cd "$docker_compose.directories.instance" || exit 1
cd "$docker_compose_instance_directory" || exit 1
# Iterate over all services
for service in $(docker compose ps --services); do

2
roles/nginx-docker-cert-deploy/tasks/main.yml
View File

@ -3,6 +3,7 @@
src: "nginx-docker-cert-deploy.sh"
dest: "{{nginx_docker_cert_deploy_script}}"
when: run_once_nginx_docker_cert_deploy is not defined
notify: restart nginx-docker-cert-deploy.cymais.service
- name: run the nginx_docker_cert_deploy tasks once
set_fact:
@ -14,6 +15,7 @@
path: "{{cert_mount_directory}}"
state: directory
mode: 0755
notify: restart nginx-docker-cert-deploy.cymais.service
- name: configure nginx-docker-cert-deploy.cymais.service
template:

5
tasks/update-repository-with-docker-compose.yml
View File

@ -1,5 +0,0 @@
- name: "include tasks update-repository-with-files.yml"
include_tasks: update-repository-with-files.yml
vars:
detached_files:
- "docker-compose.yml"

3
tasks/update-repository-with-files.yml
View File

@ -1,3 +1,6 @@
# It isn't best practice to use this task
# Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing
# @todo Refactor\Remove
- name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
ansible.builtin.set_fact:
merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"