From e50fd54f4e8faeb32df47ebe938febd81bf3e496 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 4 Feb 2025 22:37:07 +0100 Subject: [PATCH] Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested --- group_vars/all/07_applications.yml | 10 +++- playbook.servers.yml | 4 +- roles/docker-akaunting/tasks/main.yml | 15 +++-- .../templates/docker-compose.yml.j2 | 6 +- .../templates/{run.env.j2 => env.j2} | 0 roles/docker-attendize/tasks/main.yml | 7 ++- roles/docker-baserow/tasks/main.yml | 12 ++-- .../templates/docker-compose.yml.j2 | 6 +- .../templates/services/mariadb.yml.j2 | 4 +- .../templates/services/base.yml.j2 | 8 +++ roles/docker-compose/vars/docker-compose.yml | 12 ++-- roles/docker-discourse/tasks/main.yml | 4 +- roles/docker-discourse/vars/main.yml | 11 ++-- roles/docker-friendica/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 32 +--------- roles/docker-friendica/templates/env.j2 | 29 +++++++++ roles/docker-funkwhale/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 17 ++---- roles/docker-gitea/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 18 +----- roles/docker-gitea/templates/env.j2 | 13 ++++ roles/docker-gitlab/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 22 +------ roles/docker-gitlab/templates/env.j2 | 22 +++++++ roles/docker-joomla/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 9 +-- roles/docker-joomla/templates/env.j2 | 4 ++ roles/docker-keycloak/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 11 +--- roles/docker-keycloak/templates/env.j2 | 9 +++ roles/docker-ldap/tasks/main.yml | 34 ++++++++--- .../templates/docker-compose.yml.j2 | 51 ++-------------- roles/docker-ldap/templates/env.j2 | 26 ++++++++ roles/docker-ldap/templates/lam.env.j2 | 13 ++++ .../docker-ldap/templates/phpldapadmin.env.j2 | 3 + roles/docker-listmonk/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 6 +- roles/docker-listmonk/templates/env.j2 | 1 + roles/docker-mailu/README.md | 8 --- roles/docker-mailu/tasks/main.yml | 26 +++----- .../templates/docker-compose.yml.j2 | 60 +++++-------------- roles/docker-mailu/vars/main.yml | 9 ++- roles/docker-mastodon/tasks/main.yml | 14 +++-- .../templates/docker-compose.yml.j2 | 15 +---- .../templates/{.env.production.j2 => env.j2} | 0 roles/docker-matomo/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 10 +--- roles/docker-matomo/templates/env.j2 | 5 ++ roles/docker-moodle/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 19 +----- roles/docker-moodle/templates/env.j2 | 13 ++++ roles/docker-nextcloud/tasks/main.yml | 14 ++++- .../templates/docker-compose.yml.j2 | 27 +-------- roles/docker-nextcloud/templates/env.j2 | 21 +++++++ roles/docker-oauth2-proxy/tasks/main.yml | 4 +- .../templates/container.yml.j2 | 2 +- .../docker-openproject/files/Gemfile.plugins | 3 +- roles/docker-openproject/handlers/main.yml | 14 ++++- roles/docker-openproject/tasks/main.yml | 53 ++++++++++++---- .../{files => templates}/Dockerfile | 2 +- .../templates/docker-compose.yml.j2 | 26 ++++---- roles/docker-openproject/vars/main.yml | 9 ++- roles/docker-peertube/tasks/main.yml | 14 +++-- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-phpmyadmin/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 10 +--- roles/docker-phpmyadmin/templates/env.j2 | 5 ++ roles/docker-pixelfed/tasks/main.yml | 12 ++-- .../templates/docker-compose.yml.j2 | 12 +--- roles/docker-portfolio/tasks/main.yml | 7 ++- roles/docker-taiga/tasks/main.yml | 6 +- .../templates/docker-compose-inits.yml.j2 | 1 + .../templates/docker-compose.yml.j2 | 36 +++-------- roles/docker-wordpress/handlers/main.yml | 2 +- roles/docker-wordpress/tasks/main.yml | 15 ++++- .../templates/docker-compose.yml.j2 | 11 +--- roles/docker-wordpress/templates/env.j2 | 4 ++ roles/docker-wordpress/vars/main.yml | 3 +- roles/docker-yourls/tasks/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 12 +--- roles/docker-yourls/templates/env.j2 | 7 +++ .../files/nginx-docker-cert-deploy.sh | 15 ++--- roles/nginx-docker-cert-deploy/tasks/main.yml | 2 + .../update-repository-with-docker-compose.yml | 5 -- tasks/update-repository-with-files.yml | 3 + 85 files changed, 610 insertions(+), 515 deletions(-) rename roles/docker-akaunting/templates/{run.env.j2 => env.j2} (100%) create mode 100644 roles/docker-compose/templates/services/base.yml.j2 create mode 100644 roles/docker-friendica/templates/env.j2 create mode 100644 roles/docker-gitea/templates/env.j2 create mode 100644 roles/docker-gitlab/templates/env.j2 create mode 100644 roles/docker-joomla/templates/env.j2 create mode 100644 roles/docker-keycloak/templates/env.j2 create mode 100644 roles/docker-ldap/templates/env.j2 create mode 100644 roles/docker-ldap/templates/lam.env.j2 create mode 100644 roles/docker-ldap/templates/phpldapadmin.env.j2 create mode 100644 roles/docker-listmonk/templates/env.j2 rename roles/docker-mastodon/templates/{.env.production.j2 => env.j2} (100%) create mode 100644 roles/docker-matomo/templates/env.j2 create mode 100644 roles/docker-moodle/templates/env.j2 create mode 100644 roles/docker-nextcloud/templates/env.j2 rename roles/docker-openproject/{files => templates}/Dockerfile (90%) create mode 100644 roles/docker-phpmyadmin/templates/env.j2 create mode 100644 roles/docker-wordpress/templates/env.j2 create mode 100644 roles/docker-yourls/templates/env.j2 delete mode 100644 tasks/update-repository-with-docker-compose.yml diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index f2bd56e5..d41c00fe 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -147,11 +147,15 @@ defaults_applications: ## OAuth2 Proxy oauth2_proxy: - configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it + configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it version: "latest" redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. - allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups - cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 + allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups + cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 + + ## Open Project + openproject: + version: "13" # Update when available. Sadly no rolling release implemented ## Peertube peertube: diff --git a/playbook.servers.yml b/playbook.servers.yml index 02993d32..487f9390 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -59,9 +59,7 @@ become: true roles: - role: docker-mailu - vars: - enable_central_database: "{{enable_central_database_mailu}}" - + - name: setup elk hosts hosts: elk become: true diff --git a/roles/docker-akaunting/tasks/main.yml b/roles/docker-akaunting/tasks/main.yml index 843a510b..6d9aa5aa 100644 --- a/roles/docker-akaunting/tasks/main.yml +++ b/roles/docker-akaunting/tasks/main.yml @@ -6,9 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: "include tasks update-repository-with-docker-compose.yml" - include_tasks: update-repository-with-docker-compose.yml +- name: "include tasks update-repository-with-files.yml" + include_tasks: update-repository-with-files.yml + vars: + detached_files: + - "docker-compose.yml" -- name: configure run.env - template: src=run.env.j2 dest={{docker_compose.directories.instance}}/env/run.env +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-akaunting/templates/docker-compose.yml.j2 b/roles/docker-akaunting/templates/docker-compose.yml.j2 index 51c4da01..9332e464 100644 --- a/roles/docker-akaunting/templates/docker-compose.yml.j2 +++ b/roles/docker-akaunting/templates/docker-compose.yml.j2 @@ -3,6 +3,9 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: + +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} + image: docker.io/akaunting/akaunting:{{applications.akaunting.version}} build: context: . @@ -10,9 +13,6 @@ services: - 127.0.0.1:{{http_port}}:80 volumes: - data:/var/www/html - restart: {{docker_restart_policy}} - env_file: - - env/run.env environment: - AKAUNTING_SETUP {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-akaunting/templates/run.env.j2 b/roles/docker-akaunting/templates/env.j2 similarity index 100% rename from roles/docker-akaunting/templates/run.env.j2 rename to roles/docker-akaunting/templates/env.j2 diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index 48035ded..c9d410c3 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -17,5 +17,8 @@ dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx -- name: "include tasks update-repository-with-docker-compose.yml" - include_tasks: update-repository-with-docker-compose.yml \ No newline at end of file +- name: "include tasks update-repository-with-files.yml" + include_tasks: update-repository-with-files.yml + vars: + detached_files: + - "docker-compose.yml" \ No newline at end of file diff --git a/roles/docker-baserow/tasks/main.yml b/roles/docker-baserow/tasks/main.yml index 0a618f60..31e34f52 100644 --- a/roles/docker-baserow/tasks/main.yml +++ b/roles/docker-baserow/tasks/main.yml @@ -6,14 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: add env +- name: "create {{docker_compose.files.env}}" template: - src: env.j2 - dest: "{{docker_compose.directories.instance}}env" + src: "env.j2" + dest: "{{docker_compose.files.env}}" mode: '770' force: yes notify: docker compose project setup \ No newline at end of file diff --git a/roles/docker-baserow/templates/docker-compose.yml.j2 b/roles/docker-baserow/templates/docker-compose.yml.j2 index d4d09e58..dd0b4616 100644 --- a/roles/docker-baserow/templates/docker-compose.yml.j2 +++ b/roles/docker-baserow/templates/docker-compose.yml.j2 @@ -5,13 +5,9 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: "baserow/baserow:{{applications.baserow.version}}" container_name: baserow-application - restart: {{docker_restart_policy}} - logging: - driver: journald - env_file: - - ./env volumes: - data:/baserow/data ports: diff --git a/roles/docker-central-database/templates/services/mariadb.yml.j2 b/roles/docker-central-database/templates/services/mariadb.yml.j2 index e3265990..ba00f62d 100644 --- a/roles/docker-central-database/templates/services/mariadb.yml.j2 +++ b/roles/docker-central-database/templates/services/mariadb.yml.j2 @@ -7,12 +7,12 @@ image: mariadb restart: {{docker_restart_policy}} env_file: - - mein_env_file.env + - {{database_env}} command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" volumes: - database:/var/lib/mysql healthcheck: - test: "/usr/bin/mariadb --user={{database_username}} --password={{database_password}} --execute \"SHOW DATABASES;\"" + test: [ "CMD", "sh", "-c", "/usr/bin/mariadb --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" ] interval: 3s timeout: 1s retries: 5 diff --git a/roles/docker-compose/templates/services/base.yml.j2 b/roles/docker-compose/templates/services/base.yml.j2 new file mode 100644 index 00000000..0fe88ce8 --- /dev/null +++ b/roles/docker-compose/templates/services/base.yml.j2 @@ -0,0 +1,8 @@ +# Base for docker services + restart: {{docker_restart_policy}} + env_file: + - "{{docker_compose.files.env}}" + logging: + driver: journald + +{{ "\n" }} \ No newline at end of file diff --git a/roles/docker-compose/vars/docker-compose.yml b/roles/docker-compose/vars/docker-compose.yml index b1f42816..44254b85 100644 --- a/roles/docker-compose/vars/docker-compose.yml +++ b/roles/docker-compose/vars/docker-compose.yml @@ -4,7 +4,11 @@ _docker_compose_directories_instance: "{{ path_docker_compose_instances }}{{ app # @See https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4 docker_compose: directories: - instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file - env: "{{_docker_compose_directories_instance}}/.env/" # Folder for env files - services: "{{_docker_compose_directories_instance}}/services/" # Folder for services - volumes: "{{_docker_compose_directories_instance}}/volumes/" # Folder for volumes + instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file + env: "{{_docker_compose_directories_instance}}.env/" # Folder for env files + services: "{{_docker_compose_directories_instance}}services/" # Folder for services + volumes: "{{_docker_compose_directories_instance}}volumes/" # Folder for volumes + config: "{{_docker_compose_directories_instance}}config/" # Folder for configuration files + files: + env: "{{_docker_compose_directories_instance}}.env/env" # General env file + docker_compose: "{{_docker_compose_directories_instance}}docker-compose.yml" # Docker Compose file diff --git a/roles/docker-discourse/tasks/main.yml b/roles/docker-discourse/tasks/main.yml index 5776107e..6317e6eb 100644 --- a/roles/docker-discourse/tasks/main.yml +++ b/roles/docker-discourse/tasks/main.yml @@ -43,10 +43,10 @@ mode: '700' state: directory -- name: "copy configuration to {{discourse_repository_directory}}containers/discourse_application.yml" +- name: "copy configuration to {{discourse_application_yml_destination}}" template: src: discourse_application.yml.j2 - dest: "{{discourse_repository_directory}}containers/discourse_application.yml" + dest: "{{discourse_application_yml_destination}}" notify: recreate discourse - name: "destroy container discourse_application" diff --git a/roles/docker-discourse/vars/main.yml b/roles/docker-discourse/vars/main.yml index 9318b7f7..ffeed9e4 100644 --- a/roles/docker-discourse/vars/main.yml +++ b/roles/docker-discourse/vars/main.yml @@ -1,5 +1,6 @@ -application_id: "discourse" -discourse_application_container: "discourse_application" -database_password: "{{ baserow_database_password }}" -database_type: "postgres" -discourse_repository_directory: "{{ path_docker_compose_instances + application_id + '/repository/' }}" \ No newline at end of file +application_id: "discourse" +discourse_application_container: "discourse_application" +database_password: "{{ discourse_database_password }}" +database_type: "postgres" +discourse_repository_directory: "{{docker_compose.directories.services}}repository/" +discourse_application_yml_destination: "{{discourse_repository_directory}}containers/discourse_application.yml" \ No newline at end of file diff --git a/roles/docker-friendica/tasks/main.yml b/roles/docker-friendica/tasks/main.yml index a7b9fc29..2cb38eae 100644 --- a/roles/docker-friendica/tasks/main.yml +++ b/roles/docker-friendica/tasks/main.yml @@ -6,6 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-friendica/templates/docker-compose.yml.j2 b/roles/docker-friendica/templates/docker-compose.yml.j2 index 3db5417c..c1ac97ca 100644 --- a/roles/docker-friendica/templates/docker-compose.yml.j2 +++ b/roles/docker-friendica/templates/docker-compose.yml.j2 @@ -4,7 +4,7 @@ services: application: image: "friendica:{{applications.friendica.version}}" - restart: {{docker_restart_policy}} + {% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - data:/var/www/html ports: @@ -25,36 +25,6 @@ services: interval: 1m timeout: 10s retries: 3 - environment: - FRIENDICA_URL: https://{{domain}} - HOSTNAME: {{domain}} - FRIENDICA_NO_VALIDATION: false - - # Debugging - FRIENDICA_DEBUGGING: false - FRIENDICA_LOGLEVEL: 5 - FRIENDICA_LOGGER: stream - FRIENDICA_LOGFILE: php://stdout - - # Database Configuration - MYSQL_HOST: "{{database_host}}:{{database_port}}" - MYSQL_DATABASE: {{database_name}} - MYSQL_USER: {{database_username}} - MYSQL_PASSWORD: {{database_password}} - - # Email Configuration - SMTP: {{system_email.host}} - SMTP_DOMAIN: {{system_email.domain}} - SMTP_PORT: {{system_email.smtp_port}} - SMTP_AUTH_USER: {{system_email.username}} - SMTP_AUTH_PASS: {{system_email.password}} - SMTP_TLS: {{ 'on' if system_email.tls else 'off' }} - SMTP_STARTTLS: {{ 'on' if system_email.start_tls else 'off' }} - SMTP_FROM: {{system_email.local}} - - # Administrator Credentials - FRIENDICA_ADMIN_MAIL: {{administrator_email}} - MAILNAME: {{administrator_email}} {% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} diff --git a/roles/docker-friendica/templates/env.j2 b/roles/docker-friendica/templates/env.j2 new file mode 100644 index 00000000..9c6e09c5 --- /dev/null +++ b/roles/docker-friendica/templates/env.j2 @@ -0,0 +1,29 @@ +FRIENDICA_URL= https://{{domain}} +HOSTNAME= {{domain}} +FRIENDICA_NO_VALIDATION= false + +# Debugging +FRIENDICA_DEBUGGING= false +FRIENDICA_LOGLEVEL= 5 +FRIENDICA_LOGGER= stream +FRIENDICA_LOGFILE= php=//stdout + +# Database Configuration +MYSQL_HOST= "{{database_host}}:{{database_port}}" +MYSQL_DATABASE= {{database_name}} +MYSQL_USER= {{database_username}} +MYSQL_PASSWORD= {{database_password}} + +# Email Configuration +SMTP= {{system_email.host}} +SMTP_DOMAIN= {{system_email.domain}} +SMTP_PORT= {{system_email.smtp_port}} +SMTP_AUTH_USER= {{system_email.username}} +SMTP_AUTH_PASS= {{system_email.password}} +SMTP_TLS= {{ 'on' if system_email.tls else 'off' }} +SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }} +SMTP_FROM= {{system_email.local}} + +# Administrator Credentials +FRIENDICA_ADMIN_MAIL= {{administrator_email}} +MAILNAME= {{administrator_email}} \ No newline at end of file diff --git a/roles/docker-funkwhale/tasks/main.yml b/roles/docker-funkwhale/tasks/main.yml index a500fa30..d9ee1760 100644 --- a/roles/docker-funkwhale/tasks/main.yml +++ b/roles/docker-funkwhale/tasks/main.yml @@ -7,14 +7,18 @@ include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: add .env +- name: "create {{docker_compose.files.env}}" template: - src: env.j2 - dest: "{{docker_compose.directories.instance}}.env" + src: "env.j2" + dest: "{{docker_compose.files.env}}" mode: '770' force: yes - notify: docker compose project setup \ No newline at end of file + notify: docker compose project setup + + diff --git a/roles/docker-funkwhale/templates/docker-compose.yml.j2 b/roles/docker-funkwhale/templates/docker-compose.yml.j2 index b02ff8e7..46d8d703 100644 --- a/roles/docker-funkwhale/templates/docker-compose.yml.j2 +++ b/roles/docker-funkwhale/templates/docker-compose.yml.j2 @@ -13,9 +13,8 @@ services: # of CPUs. You can adjust this, by explicitly setting the --concurrency # flag: # celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4 - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: funkwhale/api:${FUNKWHALE_VERSION} - env_file: .env command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0} environment: - C_FORCE_ROOT=true @@ -26,17 +25,15 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} celerybeat: - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: funkwhale/api:${FUNKWHALE_VERSION} - env_file: .env command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} api: - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: funkwhale/api:${FUNKWHALE_VERSION} - env_file: .env volumes: - "music:${MUSIC_DIRECTORY_PATH}:ro" - "data:${MEDIA_ROOT}" @@ -47,12 +44,10 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} front: - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: funkwhale/front:${FUNKWHALE_VERSION} depends_on: - api - env_file: - - .env environment: # Override those variables in your .env file if needed - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}" @@ -65,9 +60,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} typesense: - restart: {{docker_restart_policy}} - env_file: - - .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: typesense/typesense:0.24.0 volumes: - ./typesense/data:/data diff --git a/roles/docker-gitea/tasks/main.yml b/roles/docker-gitea/tasks/main.yml index a7b9fc29..2cb38eae 100644 --- a/roles/docker-gitea/tasks/main.yml +++ b/roles/docker-gitea/tasks/main.yml @@ -6,6 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-gitea/templates/docker-compose.yml.j2 b/roles/docker-gitea/templates/docker-compose.yml.j2 index 30da4972..6fa5ee71 100644 --- a/roles/docker-gitea/templates/docker-compose.yml.j2 +++ b/roles/docker-gitea/templates/docker-compose.yml.j2 @@ -3,24 +3,8 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: - logging: - driver: journald - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: "gitea/gitea:{{applications.gitea.version}}" - environment: - - USER_UID=1000 - - USER_GID=1000 - - DB_TYPE=mysql - - DB_HOST={{database_host}}:{{database_port}} - - DB_NAME={{database_name}} - - DB_USER={{database_username}} - - DB_PASSWD={{database_password}} - - SSH_PORT={{ports.public.ssh_ports[application_id]}} - - SSH_LISTEN_PORT=22 - - DOMAIN={{domain}} - - SSH_DOMAIN={{domain}} - - RUN_MODE="{{run_mode}}" - - ROOT_URL="https://{{domain}}/" ports: - "127.0.0.1:{{http_port}}:3000" - "{{ports.public.ssh_ports[application_id]}}:22" diff --git a/roles/docker-gitea/templates/env.j2 b/roles/docker-gitea/templates/env.j2 new file mode 100644 index 00000000..e11f904c --- /dev/null +++ b/roles/docker-gitea/templates/env.j2 @@ -0,0 +1,13 @@ +USER_UID=1000 +USER_GID=1000 +DB_TYPE=mysql +DB_HOST={{database_host}}:{{database_port}} +DB_NAME={{database_name}} +DB_USER={{database_username}} +DB_PASSWD={{database_password}} +SSH_PORT={{ports.public.ssh_ports[application_id]}} +SSH_LISTEN_PORT=22 +DOMAIN={{domain}} +SSH_DOMAIN={{domain}} +RUN_MODE="{{run_mode}}" +ROOT_URL="https://{{domain}}/" \ No newline at end of file diff --git a/roles/docker-gitlab/tasks/main.yml b/roles/docker-gitlab/tasks/main.yml index a7b9fc29..2cb38eae 100644 --- a/roles/docker-gitlab/tasks/main.yml +++ b/roles/docker-gitlab/tasks/main.yml @@ -6,6 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-gitlab/templates/docker-compose.yml.j2 b/roles/docker-gitlab/templates/docker-compose.yml.j2 index 17db0e41..2dc138db 100644 --- a/roles/docker-gitlab/templates/docker-compose.yml.j2 +++ b/roles/docker-gitlab/templates/docker-compose.yml.j2 @@ -6,28 +6,8 @@ services: web: image: "gitlab/gitlab-ee:{{applications.gitlab.version}}" - restart: {{docker_restart_policy}} hostname: '{{domain}}' - environment: - GITLAB_OMNIBUS_CONFIG: | - external_url 'https://{{domain}}' - postgresql['enable'] = false - gitlab_rails['gitlab_shell_ssh_port'] = {{ports.public.ssh_ports[application_id]}} - gitlab_rails['db_adapter'] = 'postgresql' - gitlab_rails['db_encoding'] = 'utf8' - gitlab_rails['db_host'] = '{{database_host}}' - gitlab_rails['db_port'] = '{{database_port}}'' - gitlab_rails['db_username'] = '{{database_username}}' - gitlab_rails['db_password'] = '{{database_password}}' - gitlab_rails['db_database'] = "{{database_name}}" - nginx['listen_port'] = 80 - nginx['listen_https'] = false - - gitlab_rails['initial_root_password'] = "{{gitlab_initial_root_password}}" - - redis['enable'] = false - gitlab_rails['redis_host'] = 'redis' - gitlab_rails['redis_port'] = '6379' +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{http_port}}:80" - "{{ports.public.ssh_ports[application_id]}}:22" diff --git a/roles/docker-gitlab/templates/env.j2 b/roles/docker-gitlab/templates/env.j2 new file mode 100644 index 00000000..fa67bf2a --- /dev/null +++ b/roles/docker-gitlab/templates/env.j2 @@ -0,0 +1,22 @@ +{# env.j2 #} +{% set config_lines = [ + "external_url 'https://{{ domain }}'", + "postgresql['enable']=false", + "gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh_ports[application_id] }}", + "gitlab_rails['db_adapter']='postgresql'", + "gitlab_rails['db_encoding']='utf8'", + "gitlab_rails['db_host']='{{ database_host }}'", + "gitlab_rails['db_port']='{{ database_port }}'", + "gitlab_rails['db_username']='{{ database_username }}'", + "gitlab_rails['db_password']='{{ database_password }}'", + "gitlab_rails['db_database']=\"{{ database_name }}\"", + "nginx['listen_port']=80", + "nginx['listen_https']=false", + "", + "gitlab_rails['initial_root_password']=\"{{ gitlab_initial_root_password }}\"", + "", + "redis['enable']=false", + "gitlab_rails['redis_host']='redis'", + "gitlab_rails['redis_port']='6379'" +] %} +GITLAB_OMNIBUS_CONFIG="{{ config_lines | join('\\n') }}" diff --git a/roles/docker-joomla/tasks/main.yml b/roles/docker-joomla/tasks/main.yml index 4a245902..ba749414 100644 --- a/roles/docker-joomla/tasks/main.yml +++ b/roles/docker-joomla/tasks/main.yml @@ -9,6 +9,16 @@ loop_control: loop_var: domain -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup \ No newline at end of file diff --git a/roles/docker-joomla/templates/docker-compose.yml.j2 b/roles/docker-joomla/templates/docker-compose.yml.j2 index e1b612d7..9832c587 100644 --- a/roles/docker-joomla/templates/docker-compose.yml.j2 +++ b/roles/docker-joomla/templates/docker-compose.yml.j2 @@ -4,14 +4,7 @@ services: application: image: "joomla:{{applications.joomla.version}}" - logging: - driver: journald - environment: - JOOMLA_DB_HOST: "{{database_host}}:{{database_port}}" - JOOMLA_DB_USER: "{{database_username}}" - JOOMLA_DB_PASSWORD: "{{database_password}}" - JOOMLA_DB_NAME: "{{database_name}}" - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - data:/var/www/html ports: diff --git a/roles/docker-joomla/templates/env.j2 b/roles/docker-joomla/templates/env.j2 new file mode 100644 index 00000000..05242b64 --- /dev/null +++ b/roles/docker-joomla/templates/env.j2 @@ -0,0 +1,4 @@ +JOOMLA_DB_HOST="{{database_host}}:{{database_port}}" +JOOMLA_DB_USER="{{database_username}}" +JOOMLA_DB_PASSWORD="{{database_password}}" +JOOMLA_DB_NAME="{{database_name}}" \ No newline at end of file diff --git a/roles/docker-keycloak/tasks/main.yml b/roles/docker-keycloak/tasks/main.yml index a7b9fc29..2cb38eae 100644 --- a/roles/docker-keycloak/tasks/main.yml +++ b/roles/docker-keycloak/tasks/main.yml @@ -6,6 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-keycloak/templates/docker-compose.yml.j2 b/roles/docker-keycloak/templates/docker-compose.yml.j2 index d89c80a7..f0756f54 100644 --- a/roles/docker-keycloak/templates/docker-compose.yml.j2 +++ b/roles/docker-keycloak/templates/docker-compose.yml.j2 @@ -5,16 +5,7 @@ services: application: image: quay.io/keycloak/keycloak:{{applications.keycloak.version}} command: start - environment: - KC_HOSTNAME: https://{{domain}} - KC_HTTP_ENABLED: true - KC_HEALTH_ENABLED: true - KEYCLOAK_ADMIN: "{{applications.keycloak.administrator_username}}" - KEYCLOAK_ADMIN_PASSWORD: "{{keycloak_administrator_password}}" - KC_DB: postgres - KC_DB_URL: jdbc:postgresql://{{database_host}}/{{database_name}} - KC_DB_USERNAME: {{database_username}} - KC_DB_PASSWORD: {{database_password}} + {% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{http_port}}:8080" restart: {{docker_restart_policy}} diff --git a/roles/docker-keycloak/templates/env.j2 b/roles/docker-keycloak/templates/env.j2 new file mode 100644 index 00000000..5da95a79 --- /dev/null +++ b/roles/docker-keycloak/templates/env.j2 @@ -0,0 +1,9 @@ +KC_HOSTNAME= https://{{domain}} +KC_HTTP_ENABLED= true +KC_HEALTH_ENABLED= true +KEYCLOAK_ADMIN= "{{applications.keycloak.administrator_username}}" +KEYCLOAK_ADMIN_PASSWORD= "{{keycloak_administrator_password}}" +KC_DB= postgres +KC_DB_URL= jdbc:postgresql://{{database_host}}/{{database_name}} +KC_DB_USERNAME= {{database_username}} +KC_DB_PASSWORD= {{database_password}} \ No newline at end of file diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 48ba9142..dffd8e27 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -19,14 +19,32 @@ state: absent when: not applications.ldap.openldap.expose_to_internet | bool -- name: "create {{docker_compose.directories.instance}}" - file: - path: "{{docker_compose.directories.instance}}" - state: directory - mode: 0755 +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup -- name: add docker-compose.yml +- name: "create {{docker_compose.files.env}}" template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes + notify: docker compose project setup + +- name: "create {{docker_compose.directories.env}}phpldapadmin.env" + template: + src: "phpldapadmin.env.j2" + dest: "{{docker_compose.directories.env}}phpldapadmin.env" + mode: '770' + force: yes + notify: docker compose project setup + +- name: "create {{docker_compose.directories.env}}lam.env" + template: + src: "lam.env.j2" + dest: "{{docker_compose.directories.env}}lam.env" + mode: '770' + force: yes notify: docker compose project setup \ No newline at end of file diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index 3022690e..6c04ea84 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -11,64 +11,23 @@ services: image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM ports: - 127.0.0.1:{{http_port}}:80 - environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env - - # Basic Configuration - LAM_PASSWORD: {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam - - # Database - LAM_CONFIGURATION_DATABASE: files # configuration database (files or mysql) @todo implement mariadb + env_file: + - "{{docker_compose.directories.env}}lam.env" - # LDAP Configuration - LDAP_SERVER: ldap://openldap:389 # LDAP server URL - LDAP_DOMAIN: {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=... - LDAP_BASE_DN: {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN - LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM) - LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP admin password {% elif applications.ldap.webinterface == 'phpldapadmin' %} image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}} ports: - 127.0.0.1:{{http_port}}:8080 - environment: - # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container - APP_URL: https://{{domain}} - LDAP_HOST: openldap + env_file: + - "{{docker_compose.directories.env}}phpldapadmin.env" {% endif %} openldap: image: bitnami/openldap:{{applications.ldap.openldap.version}} container_name: openldap - logging: - driver: journald - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}} # Expose just on localhost so that nginx stream proxy can use it - 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost - environment: - # @See https://hub.docker.com/r/bitnami/openldap - - # GENERAL - ## Database - LDAP_ADMIN_USERNAME: {{applications.ldap.administrator_username}} # LDAP database admin user. - LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP database admin password. - - ## Users - LDAP_USERS: ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 - LDAP_PASSWORDS: ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2 - LDAP_ROOT: {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org - - ## Admin - LDAP_ADMIN_DN: {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect - LDAP_CONFIG_ADMIN_ENABLED: yes - LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}} - LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}} - - # Network - LDAP_PORT_NUMBER: {{ldap_localhost_port}} # Route to default port - LDAP_ENABLE_TLS: no # Using nginx proxy for tls - LDAP_LDAPS_PORT_NUMBER: {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port). - - # Security - LDAP_ALLOW_ANON_BINDING: no # Allow anonymous bindings to the LDAP server. Default: yes. volumes: - 'data:/bitnami/openldap' healthcheck: diff --git a/roles/docker-ldap/templates/env.j2 b/roles/docker-ldap/templates/env.j2 new file mode 100644 index 00000000..d844e0c6 --- /dev/null +++ b/roles/docker-ldap/templates/env.j2 @@ -0,0 +1,26 @@ + +# @See https://hub.docker.com/r/bitnami/openldap + +# GENERAL +## Database +LDAP_ADMIN_USERNAME= {{applications.ldap.administrator_username}} # LDAP database admin user. +LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP database admin password. + +## Users +LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 +LDAP_PASSWORDS= ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2 +LDAP_ROOT= {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org + +## Admin +LDAP_ADMIN_DN= {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect +LDAP_CONFIG_ADMIN_ENABLED= yes +LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}} +LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}} + +# Network +LDAP_PORT_NUMBER= {{ldap_localhost_port}} # Route to default port +LDAP_ENABLE_TLS= no # Using nginx proxy for tls +LDAP_LDAPS_PORT_NUMBER= {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port). + +# Security +LDAP_ALLOW_ANON_BINDING= no # Allow anonymous bindings to the LDAP server. Default: yes. \ No newline at end of file diff --git a/roles/docker-ldap/templates/lam.env.j2 b/roles/docker-ldap/templates/lam.env.j2 new file mode 100644 index 00000000..7c0cd0d9 --- /dev/null +++ b/roles/docker-ldap/templates/lam.env.j2 @@ -0,0 +1,13 @@ +# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env + +# Basic Configuration +LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam + +# Database +LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb + +# LDAP Configuration +LDAP_SERVER= {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=... +LDAP_BASE_DN= {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN +LDAP_USER= {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM) +LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP admin password \ No newline at end of file diff --git a/roles/docker-ldap/templates/phpldapadmin.env.j2 b/roles/docker-ldap/templates/phpldapadmin.env.j2 new file mode 100644 index 00000000..4d991f73 --- /dev/null +++ b/roles/docker-ldap/templates/phpldapadmin.env.j2 @@ -0,0 +1,3 @@ +# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container +APP_URL= https://{{domain}} +LDAP_HOST= openldap \ No newline at end of file diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml index 8df90f8d..1f9afd1f 100644 --- a/roles/docker-listmonk/tasks/main.yml +++ b/roles/docker-listmonk/tasks/main.yml @@ -15,16 +15,24 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup - name: add config.toml template: src: "config.toml.j2" - dest: "{{docker_compose.directories.instance}}config.toml" + dest: "{{docker_compose.directories.config}}config.toml" notify: docker compose project setup - name: flush docker service diff --git a/roles/docker-listmonk/templates/docker-compose.yml.j2 b/roles/docker-listmonk/templates/docker-compose.yml.j2 index eae59ada..ec1a8c47 100644 --- a/roles/docker-listmonk/templates/docker-compose.yml.j2 +++ b/roles/docker-listmonk/templates/docker-compose.yml.j2 @@ -3,14 +3,12 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: listmonk/listmonk:{{applications.listmonk.version}} ports: - "127.0.0.1:{{http_port}}:9000" - environment: - - TZ=Etc/UTC volumes: - - ./config.toml:/listmonk/config.toml + - {{docker_compose.directories.config}}config.toml:/listmonk/config.toml {% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} diff --git a/roles/docker-listmonk/templates/env.j2 b/roles/docker-listmonk/templates/env.j2 new file mode 100644 index 00000000..2a2aefb7 --- /dev/null +++ b/roles/docker-listmonk/templates/env.j2 @@ -0,0 +1 @@ +TZ=Etc/UTC \ No newline at end of file diff --git a/roles/docker-mailu/README.md b/roles/docker-mailu/README.md index adf9bdd0..3b6b5e93 100644 --- a/roles/docker-mailu/README.md +++ b/roles/docker-mailu/README.md @@ -41,14 +41,6 @@ If you need to receive emails from another account, follow these steps: 2. Export all data from your original account. 3. Import all data to your new account. -### Data Deletion - -To delete all volumes and data, execute the following command with caution: - -```bash -rm -vr /etc/mailu/; docker volume rm $(docker volume ls -q | grep mailu_) -``` - ### Port Management Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify: diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index 9b771281..38df8a8c 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -8,32 +8,22 @@ vars: nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;" -- name: "create {{docker_compose.directories.instance}}" - file: - path: "{{docker_compose.directories.instance}}" - state: directory - mode: 0755 - -- name: "create /etc/mailu/" - file: - path: "/etc/mailu" - state: directory - mode: 0755 - - name: "Include the nginx-docker-cert-deploy role" include_role: name: nginx-docker-cert-deploy -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: add .env +- name: "create {{docker_compose.files.env}}" template: src: "env.j2" - dest: "{{docker_compose.directories.instance}}.env" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup - name: flush docker service diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index bf72cd8b..7a1cd802 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -7,19 +7,13 @@ services: # Core services resolver: image: ghcr.io/mailu/unbound:{{applications.mailu.version}} - env_file: .env - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} ipv4_address: {{networks.local.mailu.dns}} - logging: - driver: journald front: image: ghcr.io/mailu/nginx:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{ http_port }}:80" - "{{networks.internet.ip4}}:25:25" @@ -31,7 +25,7 @@ services: - "{{networks.internet.ip4}}:993:993" - "{{networks.internet.ip4}}:4190:4190" volumes: - - "/etc/mailu/overrides/nginx:/overrides:ro" + - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro" - "{{cert_mount_directory}}:/certs:ro" {% include 'templates/docker/container/depends-on-also-database.yml.j2' %} resolver: @@ -44,8 +38,7 @@ services: admin: image: ghcr.io/mailu/admin:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "admin_data:/data" - "dkim:/dkim" @@ -54,42 +47,34 @@ services: condition: service_started front: condition: service_started - logging: - driver: journald dns: - {{networks.local.mailu.dns}} {% include 'templates/docker/container/networks.yml.j2' %} imap: image: ghcr.io/mailu/dovecot:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "dovecot_mail:/mail" - - "/etc/mailu/overrides:/overrides:ro" + - "{{docker_compose.directories.volumes}}overrides:/overrides:ro" depends_on: - front - resolver dns: - {{networks.local.mailu.dns}} - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} smtp: image: ghcr.io/mailu/postfix:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - - "/etc/mailu/overrides:/overrides:ro" + - "{{docker_compose.directories.volumes}}overrides:/overrides:ro" - "smtp_queue:/queue" depends_on: - front - resolver dns: - {{networks.local.mailu.dns}} - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} oletools: @@ -105,12 +90,11 @@ services: antispam: image: ghcr.io/mailu/rspamd:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "filter:/var/lib/rspamd" - "dkim:/dkim" - - "/etc/mailu/overrides/rspamd:/overrides:ro" + - "{{docker_compose.directories.volumes}}overrides/rspamd:/overrides:ro" depends_on: - front - redis @@ -118,8 +102,6 @@ services: - resolver dns: - {{networks.local.mailu.dns}} - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} noinet: @@ -127,26 +109,20 @@ services: # Optional services antivirus: image: clamav/clamav-debian:latest - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "filter:/data" depends_on: - resolver dns: - {{networks.local.mailu.dns}} - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} webdav: image: ghcr.io/mailu/radicale:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "webdav_data:/data" - logging: - driver: journald depends_on: - resolver dns: @@ -158,10 +134,7 @@ services: image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}} volumes: - "admin_data:/data" - restart: {{docker_restart_policy}} - env_file: .env - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} depends_on: - admin - smtp @@ -173,17 +146,14 @@ services: webmail: image: ghcr.io/mailu/webmail:{{applications.mailu.version}} - restart: {{docker_restart_policy}} - env_file: .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "webmail_data:/data" - - "/etc/mailu/overrides:/overrides:ro" + - "{{docker_compose.directories.volumes}}overrides:/overrides:ro" depends_on: - imap - front - resolver - logging: - driver: journald dns: - {{networks.local.mailu.dns}} {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index 094dab26..ec57a852 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -1,5 +1,10 @@ application_id: "mailu" database_password: "{{mailu_database_password}}" database_type: "mariadb" -cert_mount_directory: "{{docker_compose.directories.instance}}/certs/" -enable_wildcard_certificate: false \ No newline at end of file +cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" +enable_wildcard_certificate: false + +# I don't know why this configuration is necessary. +# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu +# @todo research +enable_central_database: "{{enable_central_database_mailu}}" \ No newline at end of file diff --git a/roles/docker-mastodon/tasks/main.yml b/roles/docker-mastodon/tasks/main.yml index af7bfcb6..ca081ea1 100644 --- a/roles/docker-mastodon/tasks/main.yml +++ b/roles/docker-mastodon/tasks/main.yml @@ -9,14 +9,18 @@ loop_control: loop_var: domain -- name: copy docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: copy configuration +- name: "create {{docker_compose.files.env}}" template: - src: .env.production.j2 - dest: "{{docker_compose.directories.instance}}.env.production" + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup - name: flush docker service diff --git a/roles/docker-mastodon/templates/docker-compose.yml.j2 b/roles/docker-mastodon/templates/docker-compose.yml.j2 index 2683852c..e5bf38d5 100644 --- a/roles/docker-mastodon/templates/docker-compose.yml.j2 +++ b/roles/docker-mastodon/templates/docker-compose.yml.j2 @@ -6,8 +6,7 @@ services: web: image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}} - restart: {{docker_restart_policy}} - env_file: .env.production +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" healthcheck: test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] @@ -16,36 +15,28 @@ services: {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} volumes: - data:/mastodon/public/system - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} streaming: image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}} - restart: {{docker_restart_policy}} - env_file: .env.production +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: node ./streaming healthcheck: test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] ports: - "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000" {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} sidekiq: image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}} - restart: {{docker_restart_policy}} - env_file: .env.production +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: bundle exec sidekiq {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} volumes: - data:/mastodon/public/system healthcheck: test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] - logging: - driver: journald {% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/compose/volumes.yml.j2' %} diff --git a/roles/docker-mastodon/templates/.env.production.j2 b/roles/docker-mastodon/templates/env.j2 similarity index 100% rename from roles/docker-mastodon/templates/.env.production.j2 rename to roles/docker-mastodon/templates/env.j2 diff --git a/roles/docker-matomo/tasks/main.yml b/roles/docker-matomo/tasks/main.yml index 4eb7f1d5..31e34f52 100644 --- a/roles/docker-matomo/tasks/main.yml +++ b/roles/docker-matomo/tasks/main.yml @@ -6,8 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes + notify: docker compose project setup \ No newline at end of file diff --git a/roles/docker-matomo/templates/docker-compose.yml.j2 b/roles/docker-matomo/templates/docker-compose.yml.j2 index 731171a3..e7a8579e 100644 --- a/roles/docker-matomo/templates/docker-compose.yml.j2 +++ b/roles/docker-matomo/templates/docker-compose.yml.j2 @@ -3,18 +3,10 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: matomo:{{applications.matomo.version}} - restart: {{docker_restart_policy}} ports: - "127.0.0.1:{{http_port}}:80" - environment: - MATOMO_DATABASE_HOST: "{{database_host}}:{{database_port}}" - MATOMO_DATABASE_ADAPTER: "mysql" - MATOMO_DATABASE_USERNAME: "{{database_username}}" - MATOMO_DATABASE_PASSWORD: "{{database_password}}" - MATOMO_DATABASE_DBNAME: "{{database_name}}" volumes: - data:/var/www/html {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} diff --git a/roles/docker-matomo/templates/env.j2 b/roles/docker-matomo/templates/env.j2 new file mode 100644 index 00000000..a4ca7282 --- /dev/null +++ b/roles/docker-matomo/templates/env.j2 @@ -0,0 +1,5 @@ +MATOMO_DATABASE_HOST= "{{database_host}}:{{database_port}}" +MATOMO_DATABASE_ADAPTER= "mysql" +MATOMO_DATABASE_USERNAME= "{{database_username}}" +MATOMO_DATABASE_PASSWORD= "{{database_password}}" +MATOMO_DATABASE_DBNAME= "{{database_name}}" \ No newline at end of file diff --git a/roles/docker-moodle/tasks/main.yml b/roles/docker-moodle/tasks/main.yml index 4eb7f1d5..2cb38eae 100644 --- a/roles/docker-moodle/tasks/main.yml +++ b/roles/docker-moodle/tasks/main.yml @@ -6,8 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-moodle/templates/docker-compose.yml.j2 b/roles/docker-moodle/templates/docker-compose.yml.j2 index 8b3e5ad8..8c6ed175 100644 --- a/roles/docker-moodle/templates/docker-compose.yml.j2 +++ b/roles/docker-moodle/templates/docker-compose.yml.j2 @@ -5,27 +5,12 @@ services: image: docker.io/bitnami/moodle:{{applications.moodle.version}} ports: - 127.0.0.1:{{http_port}}:8080 - restart: {{docker_restart_policy}} - logging: - driver: journald - environment: - - MOODLE_DATABASE_HOST={{database_host}} - - MOODLE_DATABASE_PORT_NUMBER={{database_port}} - - MOODLE_DATABASE_USER={{database_username}} - - MOODLE_DATABASE_NAME={{database_name}} - - MOODLE_DATABASE_PASSWORD={{database_password}} - - ALLOW_EMPTY_PASSWORD=no - - MOODLE_SITE_NAME="{{applications.moodle.site_titel}}" - - MOODLE_SSLPROXY=yes - - MOODLE_REVERSE_PROXY=yes - - MOODLE_USERNAME={{applications.moodle.administrator_name}} - - MOODLE_PASSWORD={{moodle_user_password}} - - MOODLE_EMAIL={{applications.moodle.administrator_email}} - - BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - 'moodle:/bitnami/moodle' - 'data:/bitnami/moodledata' # Healthcheck is not possible due to missing curl and wget in container +# @todo implement healthcheck # healthcheck: # test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"] # interval: 1m diff --git a/roles/docker-moodle/templates/env.j2 b/roles/docker-moodle/templates/env.j2 new file mode 100644 index 00000000..6afb2a48 --- /dev/null +++ b/roles/docker-moodle/templates/env.j2 @@ -0,0 +1,13 @@ +MOODLE_DATABASE_HOST={{database_host}} +MOODLE_DATABASE_PORT_NUMBER={{database_port}} +MOODLE_DATABASE_USER={{database_username}} +MOODLE_DATABASE_NAME={{database_name}} +MOODLE_DATABASE_PASSWORD={{database_password}} +ALLOW_EMPTY_PASSWORD=no +MOODLE_SITE_NAME="{{applications.moodle.site_titel}}" +MOODLE_SSLPROXY=yes +MOODLE_REVERSE_PROXY=yes +MOODLE_USERNAME={{applications.moodle.administrator_name}} +MOODLE_PASSWORD={{moodle_user_password}} +MOODLE_EMAIL={{applications.moodle.administrator_email}} +BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} \ No newline at end of file diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 78065883..28bd60a0 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -18,10 +18,18 @@ dest: "{{docker_compose.directories.volumes}}nginx.conf" notify: docker compose project setup -- name: add docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" template: - src: docker-compose.yml.j2 - dest: "{{docker_compose.directories.instance}}docker-compose.yml" + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup # @todo activate diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2 index 0dfa56a8..96b7b183 100644 --- a/roles/docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2 @@ -7,34 +7,9 @@ services: application: image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" container_name: {{nextcloud_application_container_name}} - restart: {{docker_restart_policy}} - logging: - driver: journald volumes: - data:/var/www/html - environment: - # See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html - - # Database Configuration - MYSQL_DATABASE: "{{database_name}}" - MYSQL_USER: "{{database_username}}" - MYSQL_PASSWORD: "{{database_password}}" - MYSQL_HOST: "{{database_host}}:{{database_port}}" - - # Memory - PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder - - # Email Configuration - SMTP_HOST: {{system_email.host}} - SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }} - SMTP_PORT: {{system_email.smtp_port}} - SMTP_NAME: {{system_email.username}} - SMTP_PASSWORD: {{system_email.password}} - - # Email from configuration - MAIL_FROM_ADDRESS: no-reply - MAIL_DOMAIN: {{system_email.domain}} - +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2 new file mode 100644 index 00000000..bb5b971e --- /dev/null +++ b/roles/docker-nextcloud/templates/env.j2 @@ -0,0 +1,21 @@ +# See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html + +# Database Configuration +MYSQL_DATABASE= "{{database_name}}" +MYSQL_USER= "{{database_username}}" +MYSQL_PASSWORD= "{{database_password}}" +MYSQL_HOST= "{{database_host}}:{{database_port}}" + +# Memory +PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder + +# Email Configuration +SMTP_HOST= {{system_email.host}} +SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }} +SMTP_PORT= {{system_email.smtp_port}} +SMTP_NAME= {{system_email.username}} +SMTP_PASSWORD= {{system_email.password}} + +# Email from configuration +MAIL_FROM_ADDRESS= no-reply +MAIL_DOMAIN= {{system_email.domain}} \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/tasks/main.yml b/roles/docker-oauth2-proxy/tasks/main.yml index 3263b64c..8fe35d02 100644 --- a/roles/docker-oauth2-proxy/tasks/main.yml +++ b/roles/docker-oauth2-proxy/tasks/main.yml @@ -1,6 +1,6 @@ -- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.instance}}" +- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.volumes}}" template: src: oauth2-proxy-keycloak.cfg.j2 - dest: "{{docker_compose.directories.instance}}{{applications.oauth2_proxy.configuration_file}}" + dest: "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}" notify: - docker compose project setup \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/templates/container.yml.j2 b/roles/docker-oauth2-proxy/templates/container.yml.j2 index 2dffe4bd..3db6b243 100644 --- a/roles/docker-oauth2-proxy/templates/container.yml.j2 +++ b/roles/docker-oauth2-proxy/templates/container.yml.j2 @@ -6,5 +6,5 @@ ports: - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp volumes: - - "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg" + - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg" {% include 'templates/docker/container/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/docker-openproject/files/Gemfile.plugins b/roles/docker-openproject/files/Gemfile.plugins index 80561a21..bc5f7d10 100644 --- a/roles/docker-openproject/files/Gemfile.plugins +++ b/roles/docker-openproject/files/Gemfile.plugins @@ -1,3 +1,4 @@ group :opf_plugins do - gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master" + # Deactivated plugin because it seems like it's already included in the basic image + #gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master" end \ No newline at end of file diff --git a/roles/docker-openproject/handlers/main.yml b/roles/docker-openproject/handlers/main.yml index 11ec478c..706a3890 100644 --- a/roles/docker-openproject/handlers/main.yml +++ b/roles/docker-openproject/handlers/main.yml @@ -1,8 +1,16 @@ --- -- name: rebuild docker image +- name: rebuild custom openproject docker image command: - cmd: docker build --no-cache -t custom_openproject . - chdir: "{{docker_compose.directories.instance}}" + cmd: docker build --no-cache -t {{custom_openproject_image}} . + chdir: "{{openproject_plugins_service}}" + environment: + COMPOSE_HTTP_TIMEOUT: 600 + DOCKER_CLIENT_TIMEOUT: 600 + +- name: rebuild openproject repository + command: + cmd: docker compose build + chdir: "{{openproject_repository_service}}" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 \ No newline at end of file diff --git a/roles/docker-openproject/tasks/main.yml b/roles/docker-openproject/tasks/main.yml index b019e3ca..cb471fbc 100644 --- a/roles/docker-openproject/tasks/main.yml +++ b/roles/docker-openproject/tasks/main.yml @@ -6,24 +6,43 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: "include tasks update-repository-with-docker-compose.yml" - include_tasks: update-repository-with-docker-compose.yml +#- name: "include tasks update-repository-with-files.yml" +# include_tasks: update-repository-with-files.yml +# vars: +# detached_files: +# - "docker-compose.yml" -- name: "Transfering Gemfile.plugins to {{docker_compose.directories.instance}}" +- name: "Create {{openproject_plugins_service}}" + file: + path: "{{openproject_plugins_service}}" + state: directory + mode: '0755' + +- name: "Transfering Gemfile.plugins to {{openproject_plugins_service}}" copy: src: Gemfile.plugins - dest: "{{docker_compose.directories.instance}}Gemfile.plugins" + dest: "{{openproject_plugins_service}}Gemfile.plugins" notify: - docker compose project setup - - rebuild docker image + - rebuild custom openproject docker image -- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}" - copy: +- name: "Transfering Dockerfile to {{openproject_plugins_service}}Dockerfile" + template: src: Dockerfile - dest: "{{docker_compose.directories.instance}}Dockerfile" + dest: "{{openproject_plugins_service}}Dockerfile" notify: - docker compose project setup - - rebuild docker image + - rebuild custom openproject docker image + +- name: pull docker repository + git: + repo: "{{ repository_address }}" + dest: "{{ openproject_repository_service }}" + update: yes + notify: + - docker compose project setup + - rebuild openproject repository + become: true - name: "create {{dummy_volume}}" file: @@ -31,8 +50,16 @@ state: directory mode: 0755 -- name: "copy .env" - template: - src: env.j2 - dest: "{{ docker_compose.directories.instance }}.env" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-openproject/files/Dockerfile b/roles/docker-openproject/templates/Dockerfile similarity index 90% rename from roles/docker-openproject/files/Dockerfile rename to roles/docker-openproject/templates/Dockerfile index e5b7688d..632e76d8 100644 --- a/roles/docker-openproject/files/Dockerfile +++ b/roles/docker-openproject/templates/Dockerfile @@ -1,4 +1,4 @@ -FROM openproject/community:13 +FROM openproject/community:{{applications.openproject.version}} # If installing a local plugin (using `path:` in the `Gemfile.plugins` above), # you will have to copy the plugin code into the container here and use the diff --git a/roles/docker-openproject/templates/docker-compose.yml.j2 b/roles/docker-openproject/templates/docker-compose.yml.j2 index a6fad774..f76d59d4 100644 --- a/roles/docker-openproject/templates/docker-compose.yml.j2 +++ b/roles/docker-openproject/templates/docker-compose.yml.j2 @@ -1,7 +1,7 @@ x-op-app: &app logging: driver: journald - image: custom_openproject + image: {{custom_openproject_image}} environment: OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}" OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}" @@ -27,16 +27,12 @@ services: cache: image: memcached container_name: openproject-memcached - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} proxy: - restart: {{docker_restart_policy}} - logging: - driver: journald - image: custom_openproject +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} + image: {{custom_openproject_image}} container_name: openproject-proxy command: "./docker/prod/proxy" ports: @@ -53,7 +49,7 @@ services: web: <<: *app - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: "./docker/prod/web" container_name: openproject-web {% include 'templates/docker/container/networks.yml.j2' %} @@ -74,9 +70,7 @@ services: autoheal: image: willfarrell/autoheal:1.2.0 container_name: openproject-autoheal - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "/var/run/docker.sock:/var/run/docker.sock" environment: @@ -86,7 +80,7 @@ services: worker: <<: *app - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: "./docker/prod/worker" container_name: openproject-worker {% include 'templates/docker/container/networks.yml.j2' %} @@ -98,7 +92,7 @@ services: cron: <<: *app - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} command: "./docker/prod/cron" container_name: openproject-cron {% include 'templates/docker/container/networks.yml.j2' %} @@ -112,6 +106,10 @@ services: <<: *app command: "./docker/prod/seeder" container_name: openproject-seeder + env_file: + - "{{docker_compose.files.env}}" + logging: + driver: journald restart: on-failure {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index f9444f73..f5ef5e5c 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -1,12 +1,15 @@ application_id: "openproject" -repository_directory: "{{ path_docker_compose_instances }}{{application_id}}/" -docker_compose.directories.instance: "{{repository_directory}}compose/" repository_address: "https://github.com/opf/openproject-deploy" database_password: "{{openproject_database_password}}" database_type: "postgres" +openproject_plugins_service: "{{docker_compose.directories.services}}plugins/" +openproject_repository_service: "{{docker_compose.directories.services}}repository/" +custom_openproject_image: "custom_openproject" + + # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes -dummy_volume: "{{repository_directory}}dummy_volume" +dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume" # OAuth2 Proxy Configuration oauth2_proxy_upstream_application_and_port: "proxy:80" diff --git a/roles/docker-peertube/tasks/main.yml b/roles/docker-peertube/tasks/main.yml index 7391efa9..b2f5fd58 100644 --- a/roles/docker-peertube/tasks/main.yml +++ b/roles/docker-peertube/tasks/main.yml @@ -9,12 +9,16 @@ loop_control: loop_var: domain -- name: copy docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: copy configuration +- name: "create {{docker_compose.files.env}}" template: - src: env.j2 - dest: "{{docker_compose.directories.instance}}.env" + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-peertube/templates/docker-compose.yml.j2 b/roles/docker-peertube/templates/docker-compose.yml.j2 index df18658c..fdc122bd 100644 --- a/roles/docker-peertube/templates/docker-compose.yml.j2 +++ b/roles/docker-peertube/templates/docker-compose.yml.j2 @@ -6,8 +6,7 @@ services: application: image: chocobozzz/peertube:production-{{applications.peertube.version}} - env_file: - - .env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "1935:1935" - "{{http_port}}:9000" @@ -15,7 +14,6 @@ services: - assets:/app/client/dist - data:/data - config:/config - restart: "always" {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-phpmyadmin/tasks/main.yml b/roles/docker-phpmyadmin/tasks/main.yml index 25e9de21..01cd6180 100644 --- a/roles/docker-phpmyadmin/tasks/main.yml +++ b/roles/docker-phpmyadmin/tasks/main.yml @@ -6,8 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 index f0ae2750..c114c2c1 100644 --- a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 +++ b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 @@ -3,17 +3,9 @@ services: {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %} application: - logging: - driver: journald image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}} container_name: phpmyadmin - environment: - PMA_HOST: central-mariadb -{% if applications.phpmyadmin.autologin | bool %} - PMA_USER: root - PMA_PASSWORD: "{{central_mariadb_root_password}}" -{% endif %} - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{http_port}}:80" {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} diff --git a/roles/docker-phpmyadmin/templates/env.j2 b/roles/docker-phpmyadmin/templates/env.j2 new file mode 100644 index 00000000..9195f28b --- /dev/null +++ b/roles/docker-phpmyadmin/templates/env.j2 @@ -0,0 +1,5 @@ +PMA_HOST= central-mariadb +{% if applications.phpmyadmin.autologin | bool %} +PMA_USER= root +PMA_PASSWORD= "{{central_mariadb_root_password}}" +{% endif %} \ No newline at end of file diff --git a/roles/docker-pixelfed/tasks/main.yml b/roles/docker-pixelfed/tasks/main.yml index 5d2c5ba0..31e34f52 100644 --- a/roles/docker-pixelfed/tasks/main.yml +++ b/roles/docker-pixelfed/tasks/main.yml @@ -6,14 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: add env +- name: "create {{docker_compose.files.env}}" template: - src: env.j2 - dest: "{{docker_compose.directories.instance}}env" + src: "env.j2" + dest: "{{docker_compose.files.env}}" mode: '770' force: yes notify: docker compose project setup \ No newline at end of file diff --git a/roles/docker-pixelfed/templates/docker-compose.yml.j2 b/roles/docker-pixelfed/templates/docker-compose.yml.j2 index b44283cc..7557e96f 100644 --- a/roles/docker-pixelfed/templates/docker-compose.yml.j2 +++ b/roles/docker-pixelfed/templates/docker-compose.yml.j2 @@ -6,11 +6,7 @@ services: application: image: zknt/pixelfed:{{applications.pixelfed.version}} - restart: {{docker_restart_policy}} - logging: - driver: journald - env_file: - - ./env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "data:/var/www/storage" - "./env:/var/www/.env" @@ -20,11 +16,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} worker: image: zknt/pixelfed:{{applications.pixelfed.version}} - restart: {{docker_restart_policy}} - logging: - driver: journald - env_file: - - ./env +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} volumes: - "data:/var/www/storage" - "./env:/var/www/.env" diff --git a/roles/docker-portfolio/tasks/main.yml b/roles/docker-portfolio/tasks/main.yml index 1f644728..43afe646 100644 --- a/roles/docker-portfolio/tasks/main.yml +++ b/roles/docker-portfolio/tasks/main.yml @@ -6,8 +6,11 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: "include tasks update-repository-with-docker-compose.yml" - include_tasks: update-repository-with-docker-compose.yml +- name: "include tasks update-repository-with-files.yml" + include_tasks: update-repository-with-files.yml + vars: + detached_files: + - "docker-compose.yml" - name: create {{docker_compose.directories.instance}}/app/config.yaml copy: diff --git a/roles/docker-taiga/tasks/main.yml b/roles/docker-taiga/tasks/main.yml index b9f2203e..55f8edc7 100644 --- a/roles/docker-taiga/tasks/main.yml +++ b/roles/docker-taiga/tasks/main.yml @@ -10,6 +10,6 @@ include_tasks: update-repository-with-files.yml vars: detached_files: - - .env - - docker-compose.yml - - docker-compose-inits.yml + - "{{docker_compose.directories.env}}env" + - "{{docker_compose.directories.instance}}docker-compose.yml" + - "{{docker_compose.directories.instance}}docker-compose-inits.yml" diff --git a/roles/docker-taiga/templates/docker-compose-inits.yml.j2 b/roles/docker-taiga/templates/docker-compose-inits.yml.j2 index 0cf504ad..cd347e38 100644 --- a/roles/docker-taiga/templates/docker-compose-inits.yml.j2 +++ b/roles/docker-taiga/templates/docker-compose-inits.yml.j2 @@ -32,6 +32,7 @@ services: taiga-manage: image: taigaio/taiga-back:latest environment: *default-back-environment +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-taiga/templates/docker-compose.yml.j2 b/roles/docker-taiga/templates/docker-compose.yml.j2 index 3220ef86..4fb1af8d 100644 --- a/roles/docker-taiga/templates/docker-compose.yml.j2 +++ b/roles/docker-taiga/templates/docker-compose.yml.j2 @@ -38,16 +38,12 @@ x-volumes: services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} taiga-back: - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: taigaio/taiga-back:{{applications.taiga.version}} environment: *default-back-environment volumes: *default-back-volumes - {% include 'templates/docker/container/networks.yml.j2' %} taiga: - {% include 'templates/docker/container/depends-on-also-database.yml.j2' %} taiga-events-rabbitmq: condition: service_started @@ -55,9 +51,7 @@ services: condition: service_started taiga-async: - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: taigaio/taiga-back:latest entrypoint: ["/taiga-back/docker/async_entrypoint.sh"] environment: *default-back-environment @@ -82,9 +76,7 @@ services: hostname: "taiga-async-rabbitmq" volumes: - async-rabbitmq-data:/var/lib/rabbitmq - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: @@ -95,10 +87,7 @@ services: TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}" TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}" TAIGA_SUBPATH: "${SUBPATH}" - # ...your customizations go here - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: @@ -111,10 +100,7 @@ services: RABBITMQ_USER: "${RABBITMQ_USER}" RABBITMQ_PASS: "${RABBITMQ_PASS}" TAIGA_SECRET_KEY: "${SECRET_KEY}" - restart: {{docker_restart_policy}} - logging: - driver: journald - +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: depends_on: @@ -131,9 +117,7 @@ services: hostname: "events-rabbitmq" volumes: - events-rabbitmq-data:/var/lib/rabbitmq - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: @@ -143,9 +127,7 @@ services: environment: MAX_AGE: "${ATTACHMENTS_MAX_AGE}" SECRET_KEY: "${SECRET_KEY}" - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: @@ -158,9 +140,7 @@ services: - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf - static-data:/taiga/static - media-data:/taiga/media - restart: {{docker_restart_policy}} - logging: - driver: journald +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} taiga: diff --git a/roles/docker-wordpress/handlers/main.yml b/roles/docker-wordpress/handlers/main.yml index bcdff04f..010cd2de 100644 --- a/roles/docker-wordpress/handlers/main.yml +++ b/roles/docker-wordpress/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: rebuild wordpress container command: - cmd: docker build --no-cache -t custom_wordpress . + cmd: docker build --no-cache -t {{custom_wordpress_image}} . chdir: "{{docker_compose.directories.instance}}" environment: COMPOSE_HTTP_TIMEOUT: 600 diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index 732e9faf..56ab3228 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -27,6 +27,17 @@ - docker compose project setup - rebuild wordpress container -- name: "add docker-compose.yml to {{docker_compose.directories.instance}}" - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes + notify: docker compose project setup + diff --git a/roles/docker-wordpress/templates/docker-compose.yml.j2 b/roles/docker-wordpress/templates/docker-compose.yml.j2 index 3b16bfd0..69a18d07 100644 --- a/roles/docker-wordpress/templates/docker-compose.yml.j2 +++ b/roles/docker-wordpress/templates/docker-compose.yml.j2 @@ -3,20 +3,13 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: - logging: - driver: journald - image: custom_wordpress + {% include 'roles/docker-compose/templates/services/base.yml.j2' %} + image: {{custom_wordpress_image}} container_name: wordpress-application build: context: . - restart: {{docker_restart_policy}} ports: - "127.0.0.1:{{http_port}}:80" - environment: - WORDPRESS_DB_HOST: "{{database_host}}:{{database_port}}" - WORDPRESS_DB_USER: "{{database_username}}" - WORDPRESS_DB_PASSWORD: "{{database_password}}" - WORDPRESS_DB_NAME: "{{database_name}}" volumes: - data:/var/www/html healthcheck: diff --git a/roles/docker-wordpress/templates/env.j2 b/roles/docker-wordpress/templates/env.j2 new file mode 100644 index 00000000..ae261dfd --- /dev/null +++ b/roles/docker-wordpress/templates/env.j2 @@ -0,0 +1,4 @@ +WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}" +WORDPRESS_DB_USER= "{{database_username}}" +WORDPRESS_DB_PASSWORD= "{{database_password}}" +WORDPRESS_DB_NAME= "{{database_name}}" \ No newline at end of file diff --git a/roles/docker-wordpress/vars/main.yml b/roles/docker-wordpress/vars/main.yml index 736ce6b9..9277e76d 100644 --- a/roles/docker-wordpress/vars/main.yml +++ b/roles/docker-wordpress/vars/main.yml @@ -1,4 +1,5 @@ application_id: "wordpress" wordpress_max_upload_size: "64M" database_type: "mariadb" -database_password: "{{wordpress_database_password}}" \ No newline at end of file +database_password: "{{wordpress_database_password}}" +custom_wordpress_image: "custom_wordpress" \ No newline at end of file diff --git a/roles/docker-yourls/tasks/main.yml b/roles/docker-yourls/tasks/main.yml index 4eb7f1d5..2cb38eae 100644 --- a/roles/docker-yourls/tasks/main.yml +++ b/roles/docker-yourls/tasks/main.yml @@ -6,8 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: add docker-compose.yml - template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.directories.instance}}docker-compose.yml" +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" + notify: docker compose project setup + +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-yourls/templates/docker-compose.yml.j2 b/roles/docker-yourls/templates/docker-compose.yml.j2 index 1fd887ff..447902f3 100644 --- a/roles/docker-yourls/templates/docker-compose.yml.j2 +++ b/roles/docker-yourls/templates/docker-compose.yml.j2 @@ -3,20 +3,10 @@ services: {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %} application: - logging: - driver: journald image: yourls:{{applications.yourls.version}} - restart: {{docker_restart_policy}} +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{http_port}}:80" - environment: - YOURLS_DB_HOST: "{{database_host}}" - YOURLS_DB_USER: "{{database_username}}" - YOURLS_DB_PASS: "{{database_password}}" - YOURLS_DB_NAME: "{{database_name}}" - YOURLS_SITE: "https://{{domain}}" - YOURLS_USER: "{{applications.yourls.administrator_username}}" - YOURLS_PASS: "{{yourls_administrator_password}}" healthcheck: test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"] interval: 1m diff --git a/roles/docker-yourls/templates/env.j2 b/roles/docker-yourls/templates/env.j2 new file mode 100644 index 00000000..92f2d702 --- /dev/null +++ b/roles/docker-yourls/templates/env.j2 @@ -0,0 +1,7 @@ +YOURLS_DB_HOST: "{{database_host}}" +YOURLS_DB_USER: "{{database_username}}" +YOURLS_DB_PASS: "{{database_password}}" +YOURLS_DB_NAME: "{{database_name}}" +YOURLS_SITE: "https://{{domain}}" +YOURLS_USER: "{{applications.yourls.administrator_username}}" +YOURLS_PASS: "{{yourls_administrator_password}}" \ No newline at end of file diff --git a/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh b/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh index 31bf00c6..d64dd726 100644 --- a/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh +++ b/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh @@ -2,29 +2,30 @@ # Check if the necessary parameters are provided if [ "$#" -ne 2 ]; then - echo "Usage: $0 " + echo "Usage: $0 " exit 1 fi # Assign parameters domain="$1" -docker_compose.directories.instance="$2" +docker_compose_instance_directory="$2" +docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs" # Copy certificates -cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose.directories.instance/certs" || exit 1 +cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_cert_directory" || exit 1 # This code is optimized for mailu -cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose.directories.instance/certs/key.pem" || exit 1 -cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose.directories.instance/certs/cert.pem" || exit 1 +cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1 +cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1 # Set correct reading rights -chmod a+r -v "$docker_compose.directories.instance/certs/"* +chmod a+r -v "$docker_compose_cert_directory/"* # Flag to track if any Nginx reload was successful nginx_reload_successful=false # Reload Nginx in all containers within the Docker Compose setup -cd "$docker_compose.directories.instance" || exit 1 +cd "$docker_compose_instance_directory" || exit 1 # Iterate over all services for service in $(docker compose ps --services); do diff --git a/roles/nginx-docker-cert-deploy/tasks/main.yml b/roles/nginx-docker-cert-deploy/tasks/main.yml index 3599f9e8..90408c07 100644 --- a/roles/nginx-docker-cert-deploy/tasks/main.yml +++ b/roles/nginx-docker-cert-deploy/tasks/main.yml @@ -3,6 +3,7 @@ src: "nginx-docker-cert-deploy.sh" dest: "{{nginx_docker_cert_deploy_script}}" when: run_once_nginx_docker_cert_deploy is not defined + notify: restart nginx-docker-cert-deploy.cymais.service - name: run the nginx_docker_cert_deploy tasks once set_fact: @@ -14,6 +15,7 @@ path: "{{cert_mount_directory}}" state: directory mode: 0755 + notify: restart nginx-docker-cert-deploy.cymais.service - name: configure nginx-docker-cert-deploy.cymais.service template: diff --git a/tasks/update-repository-with-docker-compose.yml b/tasks/update-repository-with-docker-compose.yml deleted file mode 100644 index f0dd951c..00000000 --- a/tasks/update-repository-with-docker-compose.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: "include tasks update-repository-with-files.yml" - include_tasks: update-repository-with-files.yml - vars: - detached_files: - - "docker-compose.yml" \ No newline at end of file diff --git a/tasks/update-repository-with-files.yml b/tasks/update-repository-with-files.yml index 63ad8d6e..0131c5e2 100644 --- a/tasks/update-repository-with-files.yml +++ b/tasks/update-repository-with-files.yml @@ -1,3 +1,6 @@ +# It isn't best practice to use this task +# Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing +# @todo Refactor\Remove - name: "Merge detached_files with applications.oauth2_proxy.configuration_file" ansible.builtin.set_fact: merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"