mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-02-22 12:29:39 +01:00
Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested
This commit is contained in:
parent
5503326ea6
commit
e50fd54f4e
@ -147,11 +147,15 @@ defaults_applications:
|
|||||||
|
|
||||||
## OAuth2 Proxy
|
## OAuth2 Proxy
|
||||||
oauth2_proxy:
|
oauth2_proxy:
|
||||||
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
||||||
version: "latest"
|
version: "latest"
|
||||||
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
||||||
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
||||||
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
|
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
|
||||||
|
|
||||||
|
## Open Project
|
||||||
|
openproject:
|
||||||
|
version: "13" # Update when available. Sadly no rolling release implemented
|
||||||
|
|
||||||
## Peertube
|
## Peertube
|
||||||
peertube:
|
peertube:
|
||||||
|
|||||||
@ -59,8 +59,6 @@
|
|||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- role: docker-mailu
|
- role: docker-mailu
|
||||||
vars:
|
|
||||||
enable_central_database: "{{enable_central_database_mailu}}"
|
|
||||||
|
|
||||||
- name: setup elk hosts
|
- name: setup elk hosts
|
||||||
hosts: elk
|
hosts: elk
|
||||||
|
|||||||
@ -6,9 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: "include tasks update-repository-with-docker-compose.yml"
|
- name: "include tasks update-repository-with-files.yml"
|
||||||
include_tasks: update-repository-with-docker-compose.yml
|
include_tasks: update-repository-with-files.yml
|
||||||
|
vars:
|
||||||
|
detached_files:
|
||||||
|
- "docker-compose.yml"
|
||||||
|
|
||||||
- name: configure run.env
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template: src=run.env.j2 dest={{docker_compose.directories.instance}}/env/run.env
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -3,6 +3,9 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
|
|
||||||
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
|
|
||||||
image: docker.io/akaunting/akaunting:{{applications.akaunting.version}}
|
image: docker.io/akaunting/akaunting:{{applications.akaunting.version}}
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
@ -10,9 +13,6 @@ services:
|
|||||||
- 127.0.0.1:{{http_port}}:80
|
- 127.0.0.1:{{http_port}}:80
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
env_file:
|
|
||||||
- env/run.env
|
|
||||||
environment:
|
environment:
|
||||||
- AKAUNTING_SETUP
|
- AKAUNTING_SETUP
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|||||||
@ -17,5 +17,8 @@
|
|||||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
||||||
- name: "include tasks update-repository-with-docker-compose.yml"
|
- name: "include tasks update-repository-with-files.yml"
|
||||||
include_tasks: update-repository-with-docker-compose.yml
|
include_tasks: update-repository-with-files.yml
|
||||||
|
vars:
|
||||||
|
detached_files:
|
||||||
|
- "docker-compose.yml"
|
||||||
@ -6,14 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add env
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}env"
|
dest: "{{docker_compose.files.env}}"
|
||||||
mode: '770'
|
mode: '770'
|
||||||
force: yes
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
@ -5,13 +5,9 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: "baserow/baserow:{{applications.baserow.version}}"
|
image: "baserow/baserow:{{applications.baserow.version}}"
|
||||||
container_name: baserow-application
|
container_name: baserow-application
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
env_file:
|
|
||||||
- ./env
|
|
||||||
volumes:
|
volumes:
|
||||||
- data:/baserow/data
|
- data:/baserow/data
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
@ -7,12 +7,12 @@
|
|||||||
image: mariadb
|
image: mariadb
|
||||||
restart: {{docker_restart_policy}}
|
restart: {{docker_restart_policy}}
|
||||||
env_file:
|
env_file:
|
||||||
- mein_env_file.env
|
- {{database_env}}
|
||||||
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"
|
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"
|
||||||
volumes:
|
volumes:
|
||||||
- database:/var/lib/mysql
|
- database:/var/lib/mysql
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "/usr/bin/mariadb --user={{database_username}} --password={{database_password}} --execute \"SHOW DATABASES;\""
|
test: [ "CMD", "sh", "-c", "/usr/bin/mariadb --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" ]
|
||||||
interval: 3s
|
interval: 3s
|
||||||
timeout: 1s
|
timeout: 1s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|||||||
8
roles/docker-compose/templates/services/base.yml.j2
Normal file
8
roles/docker-compose/templates/services/base.yml.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# Base for docker services
|
||||||
|
restart: {{docker_restart_policy}}
|
||||||
|
env_file:
|
||||||
|
- "{{docker_compose.files.env}}"
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
|
{{ "\n" }}
|
||||||
@ -4,7 +4,11 @@ _docker_compose_directories_instance: "{{ path_docker_compose_instances }}{{ app
|
|||||||
# @See https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
|
# @See https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
|
||||||
docker_compose:
|
docker_compose:
|
||||||
directories:
|
directories:
|
||||||
instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file
|
instance: "{{_docker_compose_directories_instance}}" # Folder for docker-compose.yml file
|
||||||
env: "{{_docker_compose_directories_instance}}/.env/" # Folder for env files
|
env: "{{_docker_compose_directories_instance}}.env/" # Folder for env files
|
||||||
services: "{{_docker_compose_directories_instance}}/services/" # Folder for services
|
services: "{{_docker_compose_directories_instance}}services/" # Folder for services
|
||||||
volumes: "{{_docker_compose_directories_instance}}/volumes/" # Folder for volumes
|
volumes: "{{_docker_compose_directories_instance}}volumes/" # Folder for volumes
|
||||||
|
config: "{{_docker_compose_directories_instance}}config/" # Folder for configuration files
|
||||||
|
files:
|
||||||
|
env: "{{_docker_compose_directories_instance}}.env/env" # General env file
|
||||||
|
docker_compose: "{{_docker_compose_directories_instance}}docker-compose.yml" # Docker Compose file
|
||||||
|
|||||||
@ -43,10 +43,10 @@
|
|||||||
mode: '700'
|
mode: '700'
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: "copy configuration to {{discourse_repository_directory}}containers/discourse_application.yml"
|
- name: "copy configuration to {{discourse_application_yml_destination}}"
|
||||||
template:
|
template:
|
||||||
src: discourse_application.yml.j2
|
src: discourse_application.yml.j2
|
||||||
dest: "{{discourse_repository_directory}}containers/discourse_application.yml"
|
dest: "{{discourse_application_yml_destination}}"
|
||||||
notify: recreate discourse
|
notify: recreate discourse
|
||||||
|
|
||||||
- name: "destroy container discourse_application"
|
- name: "destroy container discourse_application"
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
application_id: "discourse"
|
application_id: "discourse"
|
||||||
discourse_application_container: "discourse_application"
|
discourse_application_container: "discourse_application"
|
||||||
database_password: "{{ baserow_database_password }}"
|
database_password: "{{ discourse_database_password }}"
|
||||||
database_type: "postgres"
|
database_type: "postgres"
|
||||||
discourse_repository_directory: "{{ path_docker_compose_instances + application_id + '/repository/' }}"
|
discourse_repository_directory: "{{docker_compose.directories.services}}repository/"
|
||||||
|
discourse_application_yml_destination: "{{discourse_repository_directory}}containers/discourse_application.yml"
|
||||||
@ -6,6 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -4,7 +4,7 @@ services:
|
|||||||
|
|
||||||
application:
|
application:
|
||||||
image: "friendica:{{applications.friendica.version}}"
|
image: "friendica:{{applications.friendica.version}}"
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
ports:
|
ports:
|
||||||
@ -25,36 +25,6 @@ services:
|
|||||||
interval: 1m
|
interval: 1m
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
environment:
|
|
||||||
FRIENDICA_URL: https://{{domain}}
|
|
||||||
HOSTNAME: {{domain}}
|
|
||||||
FRIENDICA_NO_VALIDATION: false
|
|
||||||
|
|
||||||
# Debugging
|
|
||||||
FRIENDICA_DEBUGGING: false
|
|
||||||
FRIENDICA_LOGLEVEL: 5
|
|
||||||
FRIENDICA_LOGGER: stream
|
|
||||||
FRIENDICA_LOGFILE: php://stdout
|
|
||||||
|
|
||||||
# Database Configuration
|
|
||||||
MYSQL_HOST: "{{database_host}}:{{database_port}}"
|
|
||||||
MYSQL_DATABASE: {{database_name}}
|
|
||||||
MYSQL_USER: {{database_username}}
|
|
||||||
MYSQL_PASSWORD: {{database_password}}
|
|
||||||
|
|
||||||
# Email Configuration
|
|
||||||
SMTP: {{system_email.host}}
|
|
||||||
SMTP_DOMAIN: {{system_email.domain}}
|
|
||||||
SMTP_PORT: {{system_email.smtp_port}}
|
|
||||||
SMTP_AUTH_USER: {{system_email.username}}
|
|
||||||
SMTP_AUTH_PASS: {{system_email.password}}
|
|
||||||
SMTP_TLS: {{ 'on' if system_email.tls else 'off' }}
|
|
||||||
SMTP_STARTTLS: {{ 'on' if system_email.start_tls else 'off' }}
|
|
||||||
SMTP_FROM: {{system_email.local}}
|
|
||||||
|
|
||||||
# Administrator Credentials
|
|
||||||
FRIENDICA_ADMIN_MAIL: {{administrator_email}}
|
|
||||||
MAILNAME: {{administrator_email}}
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
29
roles/docker-friendica/templates/env.j2
Normal file
29
roles/docker-friendica/templates/env.j2
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
FRIENDICA_URL= https://{{domain}}
|
||||||
|
HOSTNAME= {{domain}}
|
||||||
|
FRIENDICA_NO_VALIDATION= false
|
||||||
|
|
||||||
|
# Debugging
|
||||||
|
FRIENDICA_DEBUGGING= false
|
||||||
|
FRIENDICA_LOGLEVEL= 5
|
||||||
|
FRIENDICA_LOGGER= stream
|
||||||
|
FRIENDICA_LOGFILE= php=//stdout
|
||||||
|
|
||||||
|
# Database Configuration
|
||||||
|
MYSQL_HOST= "{{database_host}}:{{database_port}}"
|
||||||
|
MYSQL_DATABASE= {{database_name}}
|
||||||
|
MYSQL_USER= {{database_username}}
|
||||||
|
MYSQL_PASSWORD= {{database_password}}
|
||||||
|
|
||||||
|
# Email Configuration
|
||||||
|
SMTP= {{system_email.host}}
|
||||||
|
SMTP_DOMAIN= {{system_email.domain}}
|
||||||
|
SMTP_PORT= {{system_email.smtp_port}}
|
||||||
|
SMTP_AUTH_USER= {{system_email.username}}
|
||||||
|
SMTP_AUTH_PASS= {{system_email.password}}
|
||||||
|
SMTP_TLS= {{ 'on' if system_email.tls else 'off' }}
|
||||||
|
SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }}
|
||||||
|
SMTP_FROM= {{system_email.local}}
|
||||||
|
|
||||||
|
# Administrator Credentials
|
||||||
|
FRIENDICA_ADMIN_MAIL= {{administrator_email}}
|
||||||
|
MAILNAME= {{administrator_email}}
|
||||||
@ -7,14 +7,18 @@
|
|||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add .env
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}.env"
|
dest: "{{docker_compose.files.env}}"
|
||||||
mode: '770'
|
mode: '770'
|
||||||
force: yes
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -13,9 +13,8 @@ services:
|
|||||||
# of CPUs. You can adjust this, by explicitly setting the --concurrency
|
# of CPUs. You can adjust this, by explicitly setting the --concurrency
|
||||||
# flag:
|
# flag:
|
||||||
# celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
|
# celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: funkwhale/api:${FUNKWHALE_VERSION}
|
image: funkwhale/api:${FUNKWHALE_VERSION}
|
||||||
env_file: .env
|
|
||||||
command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
|
command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
|
||||||
environment:
|
environment:
|
||||||
- C_FORCE_ROOT=true
|
- C_FORCE_ROOT=true
|
||||||
@ -26,17 +25,15 @@ services:
|
|||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
celerybeat:
|
celerybeat:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: funkwhale/api:${FUNKWHALE_VERSION}
|
image: funkwhale/api:${FUNKWHALE_VERSION}
|
||||||
env_file: .env
|
|
||||||
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
|
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
|
||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
api:
|
api:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: funkwhale/api:${FUNKWHALE_VERSION}
|
image: funkwhale/api:${FUNKWHALE_VERSION}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "music:${MUSIC_DIRECTORY_PATH}:ro"
|
- "music:${MUSIC_DIRECTORY_PATH}:ro"
|
||||||
- "data:${MEDIA_ROOT}"
|
- "data:${MEDIA_ROOT}"
|
||||||
@ -47,12 +44,10 @@ services:
|
|||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
front:
|
front:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: funkwhale/front:${FUNKWHALE_VERSION}
|
image: funkwhale/front:${FUNKWHALE_VERSION}
|
||||||
depends_on:
|
depends_on:
|
||||||
- api
|
- api
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
environment:
|
environment:
|
||||||
# Override those variables in your .env file if needed
|
# Override those variables in your .env file if needed
|
||||||
- "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
|
- "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
|
||||||
@ -65,9 +60,7 @@ services:
|
|||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
typesense:
|
typesense:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
image: typesense/typesense:0.24.0
|
image: typesense/typesense:0.24.0
|
||||||
volumes:
|
volumes:
|
||||||
- ./typesense/data:/data
|
- ./typesense/data:/data
|
||||||
|
|||||||
@ -6,6 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -3,24 +3,8 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
logging:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
driver: journald
|
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
image: "gitea/gitea:{{applications.gitea.version}}"
|
image: "gitea/gitea:{{applications.gitea.version}}"
|
||||||
environment:
|
|
||||||
- USER_UID=1000
|
|
||||||
- USER_GID=1000
|
|
||||||
- DB_TYPE=mysql
|
|
||||||
- DB_HOST={{database_host}}:{{database_port}}
|
|
||||||
- DB_NAME={{database_name}}
|
|
||||||
- DB_USER={{database_username}}
|
|
||||||
- DB_PASSWD={{database_password}}
|
|
||||||
- SSH_PORT={{ports.public.ssh_ports[application_id]}}
|
|
||||||
- SSH_LISTEN_PORT=22
|
|
||||||
- DOMAIN={{domain}}
|
|
||||||
- SSH_DOMAIN={{domain}}
|
|
||||||
- RUN_MODE="{{run_mode}}"
|
|
||||||
- ROOT_URL="https://{{domain}}/"
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:3000"
|
- "127.0.0.1:{{http_port}}:3000"
|
||||||
- "{{ports.public.ssh_ports[application_id]}}:22"
|
- "{{ports.public.ssh_ports[application_id]}}:22"
|
||||||
|
|||||||
13
roles/docker-gitea/templates/env.j2
Normal file
13
roles/docker-gitea/templates/env.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
USER_UID=1000
|
||||||
|
USER_GID=1000
|
||||||
|
DB_TYPE=mysql
|
||||||
|
DB_HOST={{database_host}}:{{database_port}}
|
||||||
|
DB_NAME={{database_name}}
|
||||||
|
DB_USER={{database_username}}
|
||||||
|
DB_PASSWD={{database_password}}
|
||||||
|
SSH_PORT={{ports.public.ssh_ports[application_id]}}
|
||||||
|
SSH_LISTEN_PORT=22
|
||||||
|
DOMAIN={{domain}}
|
||||||
|
SSH_DOMAIN={{domain}}
|
||||||
|
RUN_MODE="{{run_mode}}"
|
||||||
|
ROOT_URL="https://{{domain}}/"
|
||||||
@ -6,6 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -6,28 +6,8 @@ services:
|
|||||||
|
|
||||||
web:
|
web:
|
||||||
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
|
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
hostname: '{{domain}}'
|
hostname: '{{domain}}'
|
||||||
environment:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
GITLAB_OMNIBUS_CONFIG: |
|
|
||||||
external_url 'https://{{domain}}'
|
|
||||||
postgresql['enable'] = false
|
|
||||||
gitlab_rails['gitlab_shell_ssh_port'] = {{ports.public.ssh_ports[application_id]}}
|
|
||||||
gitlab_rails['db_adapter'] = 'postgresql'
|
|
||||||
gitlab_rails['db_encoding'] = 'utf8'
|
|
||||||
gitlab_rails['db_host'] = '{{database_host}}'
|
|
||||||
gitlab_rails['db_port'] = '{{database_port}}''
|
|
||||||
gitlab_rails['db_username'] = '{{database_username}}'
|
|
||||||
gitlab_rails['db_password'] = '{{database_password}}'
|
|
||||||
gitlab_rails['db_database'] = "{{database_name}}"
|
|
||||||
nginx['listen_port'] = 80
|
|
||||||
nginx['listen_https'] = false
|
|
||||||
|
|
||||||
gitlab_rails['initial_root_password'] = "{{gitlab_initial_root_password}}"
|
|
||||||
|
|
||||||
redis['enable'] = false
|
|
||||||
gitlab_rails['redis_host'] = 'redis'
|
|
||||||
gitlab_rails['redis_port'] = '6379'
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
- "{{ports.public.ssh_ports[application_id]}}:22"
|
- "{{ports.public.ssh_ports[application_id]}}:22"
|
||||||
|
|||||||
22
roles/docker-gitlab/templates/env.j2
Normal file
22
roles/docker-gitlab/templates/env.j2
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{# env.j2 #}
|
||||||
|
{% set config_lines = [
|
||||||
|
"external_url 'https://{{ domain }}'",
|
||||||
|
"postgresql['enable']=false",
|
||||||
|
"gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh_ports[application_id] }}",
|
||||||
|
"gitlab_rails['db_adapter']='postgresql'",
|
||||||
|
"gitlab_rails['db_encoding']='utf8'",
|
||||||
|
"gitlab_rails['db_host']='{{ database_host }}'",
|
||||||
|
"gitlab_rails['db_port']='{{ database_port }}'",
|
||||||
|
"gitlab_rails['db_username']='{{ database_username }}'",
|
||||||
|
"gitlab_rails['db_password']='{{ database_password }}'",
|
||||||
|
"gitlab_rails['db_database']=\"{{ database_name }}\"",
|
||||||
|
"nginx['listen_port']=80",
|
||||||
|
"nginx['listen_https']=false",
|
||||||
|
"",
|
||||||
|
"gitlab_rails['initial_root_password']=\"{{ gitlab_initial_root_password }}\"",
|
||||||
|
"",
|
||||||
|
"redis['enable']=false",
|
||||||
|
"gitlab_rails['redis_host']='redis'",
|
||||||
|
"gitlab_rails['redis_port']='6379'"
|
||||||
|
] %}
|
||||||
|
GITLAB_OMNIBUS_CONFIG="{{ config_lines | join('\\n') }}"
|
||||||
@ -9,6 +9,16 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: domain
|
loop_var: domain
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
@ -4,14 +4,7 @@ services:
|
|||||||
|
|
||||||
application:
|
application:
|
||||||
image: "joomla:{{applications.joomla.version}}"
|
image: "joomla:{{applications.joomla.version}}"
|
||||||
logging:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
driver: journald
|
|
||||||
environment:
|
|
||||||
JOOMLA_DB_HOST: "{{database_host}}:{{database_port}}"
|
|
||||||
JOOMLA_DB_USER: "{{database_username}}"
|
|
||||||
JOOMLA_DB_PASSWORD: "{{database_password}}"
|
|
||||||
JOOMLA_DB_NAME: "{{database_name}}"
|
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
4
roles/docker-joomla/templates/env.j2
Normal file
4
roles/docker-joomla/templates/env.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
JOOMLA_DB_HOST="{{database_host}}:{{database_port}}"
|
||||||
|
JOOMLA_DB_USER="{{database_username}}"
|
||||||
|
JOOMLA_DB_PASSWORD="{{database_password}}"
|
||||||
|
JOOMLA_DB_NAME="{{database_name}}"
|
||||||
@ -6,6 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -5,16 +5,7 @@ services:
|
|||||||
application:
|
application:
|
||||||
image: quay.io/keycloak/keycloak:{{applications.keycloak.version}}
|
image: quay.io/keycloak/keycloak:{{applications.keycloak.version}}
|
||||||
command: start
|
command: start
|
||||||
environment:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
KC_HOSTNAME: https://{{domain}}
|
|
||||||
KC_HTTP_ENABLED: true
|
|
||||||
KC_HEALTH_ENABLED: true
|
|
||||||
KEYCLOAK_ADMIN: "{{applications.keycloak.administrator_username}}"
|
|
||||||
KEYCLOAK_ADMIN_PASSWORD: "{{keycloak_administrator_password}}"
|
|
||||||
KC_DB: postgres
|
|
||||||
KC_DB_URL: jdbc:postgresql://{{database_host}}/{{database_name}}
|
|
||||||
KC_DB_USERNAME: {{database_username}}
|
|
||||||
KC_DB_PASSWORD: {{database_password}}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:8080"
|
- "127.0.0.1:{{http_port}}:8080"
|
||||||
restart: {{docker_restart_policy}}
|
restart: {{docker_restart_policy}}
|
||||||
|
|||||||
9
roles/docker-keycloak/templates/env.j2
Normal file
9
roles/docker-keycloak/templates/env.j2
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
KC_HOSTNAME= https://{{domain}}
|
||||||
|
KC_HTTP_ENABLED= true
|
||||||
|
KC_HEALTH_ENABLED= true
|
||||||
|
KEYCLOAK_ADMIN= "{{applications.keycloak.administrator_username}}"
|
||||||
|
KEYCLOAK_ADMIN_PASSWORD= "{{keycloak_administrator_password}}"
|
||||||
|
KC_DB= postgres
|
||||||
|
KC_DB_URL= jdbc:postgresql://{{database_host}}/{{database_name}}
|
||||||
|
KC_DB_USERNAME= {{database_username}}
|
||||||
|
KC_DB_PASSWORD= {{database_password}}
|
||||||
@ -19,14 +19,32 @@
|
|||||||
state: absent
|
state: absent
|
||||||
when: not applications.ldap.openldap.expose_to_internet | bool
|
when: not applications.ldap.openldap.expose_to_internet | bool
|
||||||
|
|
||||||
- name: "create {{docker_compose.directories.instance}}"
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
file:
|
|
||||||
path: "{{docker_compose.directories.instance}}"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.directories.env}}phpldapadmin.env"
|
||||||
|
template:
|
||||||
|
src: "phpldapadmin.env.j2"
|
||||||
|
dest: "{{docker_compose.directories.env}}phpldapadmin.env"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.directories.env}}lam.env"
|
||||||
|
template:
|
||||||
|
src: "lam.env.j2"
|
||||||
|
dest: "{{docker_compose.directories.env}}lam.env"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
@ -11,64 +11,23 @@ services:
|
|||||||
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM
|
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM
|
||||||
ports:
|
ports:
|
||||||
- 127.0.0.1:{{http_port}}:80
|
- 127.0.0.1:{{http_port}}:80
|
||||||
environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
|
env_file:
|
||||||
|
- "{{docker_compose.directories.env}}lam.env"
|
||||||
|
|
||||||
# Basic Configuration
|
|
||||||
LAM_PASSWORD: {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
|
|
||||||
|
|
||||||
# Database
|
|
||||||
LAM_CONFIGURATION_DATABASE: files # configuration database (files or mysql) @todo implement mariadb
|
|
||||||
|
|
||||||
# LDAP Configuration
|
|
||||||
LDAP_SERVER: ldap://openldap:389 # LDAP server URL
|
|
||||||
LDAP_DOMAIN: {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=...
|
|
||||||
LDAP_BASE_DN: {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
|
||||||
LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
|
|
||||||
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP admin password
|
|
||||||
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
|
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
|
||||||
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
|
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
|
||||||
ports:
|
ports:
|
||||||
- 127.0.0.1:{{http_port}}:8080
|
- 127.0.0.1:{{http_port}}:8080
|
||||||
environment:
|
env_file:
|
||||||
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
|
- "{{docker_compose.directories.env}}phpldapadmin.env"
|
||||||
APP_URL: https://{{domain}}
|
|
||||||
LDAP_HOST: openldap
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
openldap:
|
openldap:
|
||||||
image: bitnami/openldap:{{applications.ldap.openldap.version}}
|
image: bitnami/openldap:{{applications.ldap.openldap.version}}
|
||||||
container_name: openldap
|
container_name: openldap
|
||||||
logging:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
driver: journald
|
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
ports:
|
ports:
|
||||||
- 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}} # Expose just on localhost so that nginx stream proxy can use it
|
- 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}} # Expose just on localhost so that nginx stream proxy can use it
|
||||||
- 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
|
- 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
|
||||||
environment:
|
|
||||||
# @See https://hub.docker.com/r/bitnami/openldap
|
|
||||||
|
|
||||||
# GENERAL
|
|
||||||
## Database
|
|
||||||
LDAP_ADMIN_USERNAME: {{applications.ldap.administrator_username}} # LDAP database admin user.
|
|
||||||
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP database admin password.
|
|
||||||
|
|
||||||
## Users
|
|
||||||
LDAP_USERS: ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
|
|
||||||
LDAP_PASSWORDS: ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
|
|
||||||
LDAP_ROOT: {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
|
|
||||||
|
|
||||||
## Admin
|
|
||||||
LDAP_ADMIN_DN: {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect
|
|
||||||
LDAP_CONFIG_ADMIN_ENABLED: yes
|
|
||||||
LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
|
|
||||||
LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
|
|
||||||
|
|
||||||
# Network
|
|
||||||
LDAP_PORT_NUMBER: {{ldap_localhost_port}} # Route to default port
|
|
||||||
LDAP_ENABLE_TLS: no # Using nginx proxy for tls
|
|
||||||
LDAP_LDAPS_PORT_NUMBER: {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
|
|
||||||
|
|
||||||
# Security
|
|
||||||
LDAP_ALLOW_ANON_BINDING: no # Allow anonymous bindings to the LDAP server. Default: yes.
|
|
||||||
volumes:
|
volumes:
|
||||||
- 'data:/bitnami/openldap'
|
- 'data:/bitnami/openldap'
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
26
roles/docker-ldap/templates/env.j2
Normal file
26
roles/docker-ldap/templates/env.j2
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
|
||||||
|
# @See https://hub.docker.com/r/bitnami/openldap
|
||||||
|
|
||||||
|
# GENERAL
|
||||||
|
## Database
|
||||||
|
LDAP_ADMIN_USERNAME= {{applications.ldap.administrator_username}} # LDAP database admin user.
|
||||||
|
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP database admin password.
|
||||||
|
|
||||||
|
## Users
|
||||||
|
LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
|
||||||
|
LDAP_PASSWORDS= ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
|
||||||
|
LDAP_ROOT= {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
|
||||||
|
|
||||||
|
## Admin
|
||||||
|
LDAP_ADMIN_DN= {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect
|
||||||
|
LDAP_CONFIG_ADMIN_ENABLED= yes
|
||||||
|
LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}}
|
||||||
|
LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
|
||||||
|
|
||||||
|
# Network
|
||||||
|
LDAP_PORT_NUMBER= {{ldap_localhost_port}} # Route to default port
|
||||||
|
LDAP_ENABLE_TLS= no # Using nginx proxy for tls
|
||||||
|
LDAP_LDAPS_PORT_NUMBER= {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
|
||||||
|
|
||||||
|
# Security
|
||||||
|
LDAP_ALLOW_ANON_BINDING= no # Allow anonymous bindings to the LDAP server. Default: yes.
|
||||||
13
roles/docker-ldap/templates/lam.env.j2
Normal file
13
roles/docker-ldap/templates/lam.env.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
|
||||||
|
|
||||||
|
# Basic Configuration
|
||||||
|
LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
|
||||||
|
|
||||||
|
# Database
|
||||||
|
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
|
||||||
|
|
||||||
|
# LDAP Configuration
|
||||||
|
LDAP_SERVER= {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=...
|
||||||
|
LDAP_BASE_DN= {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
||||||
|
LDAP_USER= {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
|
||||||
|
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP admin password
|
||||||
3
roles/docker-ldap/templates/phpldapadmin.env.j2
Normal file
3
roles/docker-ldap/templates/phpldapadmin.env.j2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
|
||||||
|
APP_URL= https://{{domain}}
|
||||||
|
LDAP_HOST= openldap
|
||||||
@ -15,16 +15,24 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add config.toml
|
- name: add config.toml
|
||||||
template:
|
template:
|
||||||
src: "config.toml.j2"
|
src: "config.toml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}config.toml"
|
dest: "{{docker_compose.directories.config}}config.toml"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: flush docker service
|
- name: flush docker service
|
||||||
|
|||||||
@ -3,14 +3,12 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
image: listmonk/listmonk:{{applications.listmonk.version}}
|
image: listmonk/listmonk:{{applications.listmonk.version}}
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:9000"
|
- "127.0.0.1:{{http_port}}:9000"
|
||||||
environment:
|
|
||||||
- TZ=Etc/UTC
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./config.toml:/listmonk/config.toml
|
- {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
1
roles/docker-listmonk/templates/env.j2
Normal file
1
roles/docker-listmonk/templates/env.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
TZ=Etc/UTC
|
||||||
@ -41,14 +41,6 @@ If you need to receive emails from another account, follow these steps:
|
|||||||
2. Export all data from your original account.
|
2. Export all data from your original account.
|
||||||
3. Import all data to your new account.
|
3. Import all data to your new account.
|
||||||
|
|
||||||
### Data Deletion
|
|
||||||
|
|
||||||
To delete all volumes and data, execute the following command with caution:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
rm -vr /etc/mailu/; docker volume rm $(docker volume ls -q | grep mailu_)
|
|
||||||
```
|
|
||||||
|
|
||||||
### Port Management
|
### Port Management
|
||||||
|
|
||||||
Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
|
Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
|
||||||
|
|||||||
@ -8,32 +8,22 @@
|
|||||||
vars:
|
vars:
|
||||||
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
|
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
|
||||||
|
|
||||||
- name: "create {{docker_compose.directories.instance}}"
|
|
||||||
file:
|
|
||||||
path: "{{docker_compose.directories.instance}}"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: "create /etc/mailu/"
|
|
||||||
file:
|
|
||||||
path: "/etc/mailu"
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: "Include the nginx-docker-cert-deploy role"
|
- name: "Include the nginx-docker-cert-deploy role"
|
||||||
include_role:
|
include_role:
|
||||||
name: nginx-docker-cert-deploy
|
name: nginx-docker-cert-deploy
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add .env
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: "env.j2"
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}.env"
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: flush docker service
|
- name: flush docker service
|
||||||
|
|||||||
@ -7,19 +7,13 @@ services:
|
|||||||
# Core services
|
# Core services
|
||||||
resolver:
|
resolver:
|
||||||
image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
|
image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
|
||||||
env_file: .env
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
ipv4_address: {{networks.local.mailu.dns}}
|
ipv4_address: {{networks.local.mailu.dns}}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
front:
|
front:
|
||||||
image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
|
image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{ http_port }}:80"
|
- "127.0.0.1:{{ http_port }}:80"
|
||||||
- "{{networks.internet.ip4}}:25:25"
|
- "{{networks.internet.ip4}}:25:25"
|
||||||
@ -31,7 +25,7 @@ services:
|
|||||||
- "{{networks.internet.ip4}}:993:993"
|
- "{{networks.internet.ip4}}:993:993"
|
||||||
- "{{networks.internet.ip4}}:4190:4190"
|
- "{{networks.internet.ip4}}:4190:4190"
|
||||||
volumes:
|
volumes:
|
||||||
- "/etc/mailu/overrides/nginx:/overrides:ro"
|
- "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
|
||||||
- "{{cert_mount_directory}}:/certs:ro"
|
- "{{cert_mount_directory}}:/certs:ro"
|
||||||
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
|
||||||
resolver:
|
resolver:
|
||||||
@ -44,8 +38,7 @@ services:
|
|||||||
|
|
||||||
admin:
|
admin:
|
||||||
image: ghcr.io/mailu/admin:{{applications.mailu.version}}
|
image: ghcr.io/mailu/admin:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "admin_data:/data"
|
- "admin_data:/data"
|
||||||
- "dkim:/dkim"
|
- "dkim:/dkim"
|
||||||
@ -54,42 +47,34 @@ services:
|
|||||||
condition: service_started
|
condition: service_started
|
||||||
front:
|
front:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
imap:
|
imap:
|
||||||
image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
|
image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "dovecot_mail:/mail"
|
- "dovecot_mail:/mail"
|
||||||
- "/etc/mailu/overrides:/overrides:ro"
|
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
smtp:
|
smtp:
|
||||||
image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
|
image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "/etc/mailu/overrides:/overrides:ro"
|
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
|
||||||
- "smtp_queue:/queue"
|
- "smtp_queue:/queue"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
oletools:
|
oletools:
|
||||||
@ -105,12 +90,11 @@ services:
|
|||||||
|
|
||||||
antispam:
|
antispam:
|
||||||
image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
|
image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "filter:/var/lib/rspamd"
|
- "filter:/var/lib/rspamd"
|
||||||
- "dkim:/dkim"
|
- "dkim:/dkim"
|
||||||
- "/etc/mailu/overrides/rspamd:/overrides:ro"
|
- "{{docker_compose.directories.volumes}}overrides/rspamd:/overrides:ro"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
- redis
|
- redis
|
||||||
@ -118,8 +102,6 @@ services:
|
|||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
noinet:
|
noinet:
|
||||||
|
|
||||||
@ -127,26 +109,20 @@ services:
|
|||||||
# Optional services
|
# Optional services
|
||||||
antivirus:
|
antivirus:
|
||||||
image: clamav/clamav-debian:latest
|
image: clamav/clamav-debian:latest
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "filter:/data"
|
- "filter:/data"
|
||||||
depends_on:
|
depends_on:
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
webdav:
|
webdav:
|
||||||
image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
|
image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "webdav_data:/data"
|
- "webdav_data:/data"
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- resolver
|
- resolver
|
||||||
dns:
|
dns:
|
||||||
@ -158,10 +134,7 @@ services:
|
|||||||
image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
|
image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
|
||||||
volumes:
|
volumes:
|
||||||
- "admin_data:/data"
|
- "admin_data:/data"
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- admin
|
- admin
|
||||||
- smtp
|
- smtp
|
||||||
@ -173,17 +146,14 @@ services:
|
|||||||
|
|
||||||
webmail:
|
webmail:
|
||||||
image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
|
image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "webmail_data:/data"
|
- "webmail_data:/data"
|
||||||
- "/etc/mailu/overrides:/overrides:ro"
|
- "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
|
||||||
depends_on:
|
depends_on:
|
||||||
- imap
|
- imap
|
||||||
- front
|
- front
|
||||||
- resolver
|
- resolver
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
dns:
|
dns:
|
||||||
- {{networks.local.mailu.dns}}
|
- {{networks.local.mailu.dns}}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|||||||
@ -1,5 +1,10 @@
|
|||||||
application_id: "mailu"
|
application_id: "mailu"
|
||||||
database_password: "{{mailu_database_password}}"
|
database_password: "{{mailu_database_password}}"
|
||||||
database_type: "mariadb"
|
database_type: "mariadb"
|
||||||
cert_mount_directory: "{{docker_compose.directories.instance}}/certs/"
|
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
|
||||||
enable_wildcard_certificate: false
|
enable_wildcard_certificate: false
|
||||||
|
|
||||||
|
# I don't know why this configuration is necessary.
|
||||||
|
# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
|
||||||
|
# @todo research
|
||||||
|
enable_central_database: "{{enable_central_database_mailu}}"
|
||||||
@ -9,14 +9,18 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: domain
|
loop_var: domain
|
||||||
|
|
||||||
- name: copy docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: copy configuration
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: .env.production.j2
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}.env.production"
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: flush docker service
|
- name: flush docker service
|
||||||
|
|||||||
@ -6,8 +6,7 @@ services:
|
|||||||
|
|
||||||
web:
|
web:
|
||||||
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
|
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env.production
|
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
@ -16,36 +15,28 @@ services:
|
|||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
volumes:
|
volumes:
|
||||||
- data:/mastodon/public/system
|
- data:/mastodon/public/system
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}}
|
image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env.production
|
|
||||||
command: node ./streaming
|
command: node ./streaming
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000"
|
- "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000"
|
||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
sidekiq:
|
sidekiq:
|
||||||
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
|
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
env_file: .env.production
|
|
||||||
command: bundle exec sidekiq
|
command: bundle exec sidekiq
|
||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
volumes:
|
volumes:
|
||||||
- data:/mastodon/public/system
|
- data:/mastodon/public/system
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
{% include 'templates/docker/compose/volumes.yml.j2' %}
|
{% include 'templates/docker/compose/volumes.yml.j2' %}
|
||||||
|
|||||||
@ -6,8 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
@ -3,18 +3,10 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
logging:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
driver: journald
|
|
||||||
image: matomo:{{applications.matomo.version}}
|
image: matomo:{{applications.matomo.version}}
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
environment:
|
|
||||||
MATOMO_DATABASE_HOST: "{{database_host}}:{{database_port}}"
|
|
||||||
MATOMO_DATABASE_ADAPTER: "mysql"
|
|
||||||
MATOMO_DATABASE_USERNAME: "{{database_username}}"
|
|
||||||
MATOMO_DATABASE_PASSWORD: "{{database_password}}"
|
|
||||||
MATOMO_DATABASE_DBNAME: "{{database_name}}"
|
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||||
|
|||||||
5
roles/docker-matomo/templates/env.j2
Normal file
5
roles/docker-matomo/templates/env.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
MATOMO_DATABASE_HOST= "{{database_host}}:{{database_port}}"
|
||||||
|
MATOMO_DATABASE_ADAPTER= "mysql"
|
||||||
|
MATOMO_DATABASE_USERNAME= "{{database_username}}"
|
||||||
|
MATOMO_DATABASE_PASSWORD= "{{database_password}}"
|
||||||
|
MATOMO_DATABASE_DBNAME= "{{database_name}}"
|
||||||
@ -6,8 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -5,27 +5,12 @@ services:
|
|||||||
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
|
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
|
||||||
ports:
|
ports:
|
||||||
- 127.0.0.1:{{http_port}}:8080
|
- 127.0.0.1:{{http_port}}:8080
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
environment:
|
|
||||||
- MOODLE_DATABASE_HOST={{database_host}}
|
|
||||||
- MOODLE_DATABASE_PORT_NUMBER={{database_port}}
|
|
||||||
- MOODLE_DATABASE_USER={{database_username}}
|
|
||||||
- MOODLE_DATABASE_NAME={{database_name}}
|
|
||||||
- MOODLE_DATABASE_PASSWORD={{database_password}}
|
|
||||||
- ALLOW_EMPTY_PASSWORD=no
|
|
||||||
- MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
|
|
||||||
- MOODLE_SSLPROXY=yes
|
|
||||||
- MOODLE_REVERSE_PROXY=yes
|
|
||||||
- MOODLE_USERNAME={{applications.moodle.administrator_name}}
|
|
||||||
- MOODLE_PASSWORD={{moodle_user_password}}
|
|
||||||
- MOODLE_EMAIL={{applications.moodle.administrator_email}}
|
|
||||||
- BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
|
|
||||||
volumes:
|
volumes:
|
||||||
- 'moodle:/bitnami/moodle'
|
- 'moodle:/bitnami/moodle'
|
||||||
- 'data:/bitnami/moodledata'
|
- 'data:/bitnami/moodledata'
|
||||||
# Healthcheck is not possible due to missing curl and wget in container
|
# Healthcheck is not possible due to missing curl and wget in container
|
||||||
|
# @todo implement healthcheck
|
||||||
# healthcheck:
|
# healthcheck:
|
||||||
# test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"]
|
# test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"]
|
||||||
# interval: 1m
|
# interval: 1m
|
||||||
|
|||||||
13
roles/docker-moodle/templates/env.j2
Normal file
13
roles/docker-moodle/templates/env.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
MOODLE_DATABASE_HOST={{database_host}}
|
||||||
|
MOODLE_DATABASE_PORT_NUMBER={{database_port}}
|
||||||
|
MOODLE_DATABASE_USER={{database_username}}
|
||||||
|
MOODLE_DATABASE_NAME={{database_name}}
|
||||||
|
MOODLE_DATABASE_PASSWORD={{database_password}}
|
||||||
|
ALLOW_EMPTY_PASSWORD=no
|
||||||
|
MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
|
||||||
|
MOODLE_SSLPROXY=yes
|
||||||
|
MOODLE_REVERSE_PROXY=yes
|
||||||
|
MOODLE_USERNAME={{applications.moodle.administrator_name}}
|
||||||
|
MOODLE_PASSWORD={{moodle_user_password}}
|
||||||
|
MOODLE_EMAIL={{applications.moodle.administrator_email}}
|
||||||
|
BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
|
||||||
@ -18,10 +18,18 @@
|
|||||||
dest: "{{docker_compose.directories.volumes}}nginx.conf"
|
dest: "{{docker_compose.directories.volumes}}nginx.conf"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: docker-compose.yml.j2
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
# @todo activate
|
# @todo activate
|
||||||
|
|||||||
@ -7,34 +7,9 @@ services:
|
|||||||
application:
|
application:
|
||||||
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
|
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
|
||||||
container_name: {{nextcloud_application_container_name}}
|
container_name: {{nextcloud_application_container_name}}
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
environment:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
# See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
|
|
||||||
|
|
||||||
# Database Configuration
|
|
||||||
MYSQL_DATABASE: "{{database_name}}"
|
|
||||||
MYSQL_USER: "{{database_username}}"
|
|
||||||
MYSQL_PASSWORD: "{{database_password}}"
|
|
||||||
MYSQL_HOST: "{{database_host}}:{{database_port}}"
|
|
||||||
|
|
||||||
# Memory
|
|
||||||
PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder
|
|
||||||
|
|
||||||
# Email Configuration
|
|
||||||
SMTP_HOST: {{system_email.host}}
|
|
||||||
SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }}
|
|
||||||
SMTP_PORT: {{system_email.smtp_port}}
|
|
||||||
SMTP_NAME: {{system_email.username}}
|
|
||||||
SMTP_PASSWORD: {{system_email.password}}
|
|
||||||
|
|
||||||
# Email from configuration
|
|
||||||
MAIL_FROM_ADDRESS: no-reply
|
|
||||||
MAIL_DOMAIN: {{system_email.domain}}
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
21
roles/docker-nextcloud/templates/env.j2
Normal file
21
roles/docker-nextcloud/templates/env.j2
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
|
||||||
|
|
||||||
|
# Database Configuration
|
||||||
|
MYSQL_DATABASE= "{{database_name}}"
|
||||||
|
MYSQL_USER= "{{database_username}}"
|
||||||
|
MYSQL_PASSWORD= "{{database_password}}"
|
||||||
|
MYSQL_HOST= "{{database_host}}:{{database_port}}"
|
||||||
|
|
||||||
|
# Memory
|
||||||
|
PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
|
||||||
|
|
||||||
|
# Email Configuration
|
||||||
|
SMTP_HOST= {{system_email.host}}
|
||||||
|
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
|
||||||
|
SMTP_PORT= {{system_email.smtp_port}}
|
||||||
|
SMTP_NAME= {{system_email.username}}
|
||||||
|
SMTP_PASSWORD= {{system_email.password}}
|
||||||
|
|
||||||
|
# Email from configuration
|
||||||
|
MAIL_FROM_ADDRESS= no-reply
|
||||||
|
MAIL_DOMAIN= {{system_email.domain}}
|
||||||
@ -1,6 +1,6 @@
|
|||||||
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.instance}}"
|
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.volumes}}"
|
||||||
template:
|
template:
|
||||||
src: oauth2-proxy-keycloak.cfg.j2
|
src: oauth2-proxy-keycloak.cfg.j2
|
||||||
dest: "{{docker_compose.directories.instance}}{{applications.oauth2_proxy.configuration_file}}"
|
dest: "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}"
|
||||||
notify:
|
notify:
|
||||||
- docker compose project setup
|
- docker compose project setup
|
||||||
@ -6,5 +6,5 @@
|
|||||||
ports:
|
ports:
|
||||||
- {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
|
- {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
|
||||||
volumes:
|
volumes:
|
||||||
- "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
|
- "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
@ -1,3 +1,4 @@
|
|||||||
group :opf_plugins do
|
group :opf_plugins do
|
||||||
gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
|
# Deactivated plugin because it seems like it's already included in the basic image
|
||||||
|
#gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
|
||||||
end
|
end
|
||||||
@ -1,8 +1,16 @@
|
|||||||
---
|
---
|
||||||
- name: rebuild docker image
|
- name: rebuild custom openproject docker image
|
||||||
command:
|
command:
|
||||||
cmd: docker build --no-cache -t custom_openproject .
|
cmd: docker build --no-cache -t {{custom_openproject_image}} .
|
||||||
chdir: "{{docker_compose.directories.instance}}"
|
chdir: "{{openproject_plugins_service}}"
|
||||||
|
environment:
|
||||||
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
|
|
||||||
|
- name: rebuild openproject repository
|
||||||
|
command:
|
||||||
|
cmd: docker compose build
|
||||||
|
chdir: "{{openproject_repository_service}}"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
DOCKER_CLIENT_TIMEOUT: 600
|
DOCKER_CLIENT_TIMEOUT: 600
|
||||||
@ -6,24 +6,43 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: "include tasks update-repository-with-docker-compose.yml"
|
#- name: "include tasks update-repository-with-files.yml"
|
||||||
include_tasks: update-repository-with-docker-compose.yml
|
# include_tasks: update-repository-with-files.yml
|
||||||
|
# vars:
|
||||||
|
# detached_files:
|
||||||
|
# - "docker-compose.yml"
|
||||||
|
|
||||||
- name: "Transfering Gemfile.plugins to {{docker_compose.directories.instance}}"
|
- name: "Create {{openproject_plugins_service}}"
|
||||||
|
file:
|
||||||
|
path: "{{openproject_plugins_service}}"
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: "Transfering Gemfile.plugins to {{openproject_plugins_service}}"
|
||||||
copy:
|
copy:
|
||||||
src: Gemfile.plugins
|
src: Gemfile.plugins
|
||||||
dest: "{{docker_compose.directories.instance}}Gemfile.plugins"
|
dest: "{{openproject_plugins_service}}Gemfile.plugins"
|
||||||
notify:
|
notify:
|
||||||
- docker compose project setup
|
- docker compose project setup
|
||||||
- rebuild docker image
|
- rebuild custom openproject docker image
|
||||||
|
|
||||||
- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}"
|
- name: "Transfering Dockerfile to {{openproject_plugins_service}}Dockerfile"
|
||||||
copy:
|
template:
|
||||||
src: Dockerfile
|
src: Dockerfile
|
||||||
dest: "{{docker_compose.directories.instance}}Dockerfile"
|
dest: "{{openproject_plugins_service}}Dockerfile"
|
||||||
notify:
|
notify:
|
||||||
- docker compose project setup
|
- docker compose project setup
|
||||||
- rebuild docker image
|
- rebuild custom openproject docker image
|
||||||
|
|
||||||
|
- name: pull docker repository
|
||||||
|
git:
|
||||||
|
repo: "{{ repository_address }}"
|
||||||
|
dest: "{{ openproject_repository_service }}"
|
||||||
|
update: yes
|
||||||
|
notify:
|
||||||
|
- docker compose project setup
|
||||||
|
- rebuild openproject repository
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: "create {{dummy_volume}}"
|
- name: "create {{dummy_volume}}"
|
||||||
file:
|
file:
|
||||||
@ -31,8 +50,16 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: "copy .env"
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{ docker_compose.directories.instance }}.env"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
FROM openproject/community:13
|
FROM openproject/community:{{applications.openproject.version}}
|
||||||
|
|
||||||
# If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
|
# If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
|
||||||
# you will have to copy the plugin code into the container here and use the
|
# you will have to copy the plugin code into the container here and use the
|
||||||
@ -1,7 +1,7 @@
|
|||||||
x-op-app: &app
|
x-op-app: &app
|
||||||
logging:
|
logging:
|
||||||
driver: journald
|
driver: journald
|
||||||
image: custom_openproject
|
image: {{custom_openproject_image}}
|
||||||
environment:
|
environment:
|
||||||
OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}"
|
OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}"
|
||||||
OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}"
|
OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}"
|
||||||
@ -27,16 +27,12 @@ services:
|
|||||||
cache:
|
cache:
|
||||||
image: memcached
|
image: memcached
|
||||||
container_name: openproject-memcached
|
container_name: openproject-memcached
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
proxy:
|
proxy:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
image: {{custom_openproject_image}}
|
||||||
driver: journald
|
|
||||||
image: custom_openproject
|
|
||||||
container_name: openproject-proxy
|
container_name: openproject-proxy
|
||||||
command: "./docker/prod/proxy"
|
command: "./docker/prod/proxy"
|
||||||
ports:
|
ports:
|
||||||
@ -53,7 +49,7 @@ services:
|
|||||||
|
|
||||||
web:
|
web:
|
||||||
<<: *app
|
<<: *app
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
command: "./docker/prod/web"
|
command: "./docker/prod/web"
|
||||||
container_name: openproject-web
|
container_name: openproject-web
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
@ -74,9 +70,7 @@ services:
|
|||||||
autoheal:
|
autoheal:
|
||||||
image: willfarrell/autoheal:1.2.0
|
image: willfarrell/autoheal:1.2.0
|
||||||
container_name: openproject-autoheal
|
container_name: openproject-autoheal
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
environment:
|
environment:
|
||||||
@ -86,7 +80,7 @@ services:
|
|||||||
|
|
||||||
worker:
|
worker:
|
||||||
<<: *app
|
<<: *app
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
command: "./docker/prod/worker"
|
command: "./docker/prod/worker"
|
||||||
container_name: openproject-worker
|
container_name: openproject-worker
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
@ -98,7 +92,7 @@ services:
|
|||||||
|
|
||||||
cron:
|
cron:
|
||||||
<<: *app
|
<<: *app
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
command: "./docker/prod/cron"
|
command: "./docker/prod/cron"
|
||||||
container_name: openproject-cron
|
container_name: openproject-cron
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
@ -112,6 +106,10 @@ services:
|
|||||||
<<: *app
|
<<: *app
|
||||||
command: "./docker/prod/seeder"
|
command: "./docker/prod/seeder"
|
||||||
container_name: openproject-seeder
|
container_name: openproject-seeder
|
||||||
|
env_file:
|
||||||
|
- "{{docker_compose.files.env}}"
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
@ -1,12 +1,15 @@
|
|||||||
application_id: "openproject"
|
application_id: "openproject"
|
||||||
repository_directory: "{{ path_docker_compose_instances }}{{application_id}}/"
|
|
||||||
docker_compose.directories.instance: "{{repository_directory}}compose/"
|
|
||||||
repository_address: "https://github.com/opf/openproject-deploy"
|
repository_address: "https://github.com/opf/openproject-deploy"
|
||||||
database_password: "{{openproject_database_password}}"
|
database_password: "{{openproject_database_password}}"
|
||||||
database_type: "postgres"
|
database_type: "postgres"
|
||||||
|
|
||||||
|
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"
|
||||||
|
openproject_repository_service: "{{docker_compose.directories.services}}repository/"
|
||||||
|
custom_openproject_image: "custom_openproject"
|
||||||
|
|
||||||
|
|
||||||
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
|
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
|
||||||
dummy_volume: "{{repository_directory}}dummy_volume"
|
dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume"
|
||||||
|
|
||||||
# OAuth2 Proxy Configuration
|
# OAuth2 Proxy Configuration
|
||||||
oauth2_proxy_upstream_application_and_port: "proxy:80"
|
oauth2_proxy_upstream_application_and_port: "proxy:80"
|
||||||
|
|||||||
@ -9,12 +9,16 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
loop_var: domain
|
loop_var: domain
|
||||||
|
|
||||||
- name: copy docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: copy configuration
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}.env"
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -6,8 +6,7 @@ services:
|
|||||||
|
|
||||||
application:
|
application:
|
||||||
image: chocobozzz/peertube:production-{{applications.peertube.version}}
|
image: chocobozzz/peertube:production-{{applications.peertube.version}}
|
||||||
env_file:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
- .env
|
|
||||||
ports:
|
ports:
|
||||||
- "1935:1935"
|
- "1935:1935"
|
||||||
- "{{http_port}}:9000"
|
- "{{http_port}}:9000"
|
||||||
@ -15,7 +14,6 @@ services:
|
|||||||
- assets:/app/client/dist
|
- assets:/app/client/dist
|
||||||
- data:/data
|
- data:/data
|
||||||
- config:/config
|
- config:/config
|
||||||
restart: "always"
|
|
||||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
@ -6,8 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -3,17 +3,9 @@ services:
|
|||||||
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
|
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
|
image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
|
||||||
container_name: phpmyadmin
|
container_name: phpmyadmin
|
||||||
environment:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
PMA_HOST: central-mariadb
|
|
||||||
{% if applications.phpmyadmin.autologin | bool %}
|
|
||||||
PMA_USER: root
|
|
||||||
PMA_PASSWORD: "{{central_mariadb_root_password}}"
|
|
||||||
{% endif %}
|
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||||
|
|||||||
5
roles/docker-phpmyadmin/templates/env.j2
Normal file
5
roles/docker-phpmyadmin/templates/env.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
PMA_HOST= central-mariadb
|
||||||
|
{% if applications.phpmyadmin.autologin | bool %}
|
||||||
|
PMA_USER= root
|
||||||
|
PMA_PASSWORD= "{{central_mariadb_root_password}}"
|
||||||
|
{% endif %}
|
||||||
@ -6,14 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
- name: add env
|
- name: "create {{docker_compose.files.env}}"
|
||||||
template:
|
template:
|
||||||
src: env.j2
|
src: "env.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}env"
|
dest: "{{docker_compose.files.env}}"
|
||||||
mode: '770'
|
mode: '770'
|
||||||
force: yes
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
@ -6,11 +6,7 @@ services:
|
|||||||
|
|
||||||
application:
|
application:
|
||||||
image: zknt/pixelfed:{{applications.pixelfed.version}}
|
image: zknt/pixelfed:{{applications.pixelfed.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
env_file:
|
|
||||||
- ./env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "data:/var/www/storage"
|
- "data:/var/www/storage"
|
||||||
- "./env:/var/www/.env"
|
- "./env:/var/www/.env"
|
||||||
@ -20,11 +16,7 @@ services:
|
|||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
worker:
|
worker:
|
||||||
image: zknt/pixelfed:{{applications.pixelfed.version}}
|
image: zknt/pixelfed:{{applications.pixelfed.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
env_file:
|
|
||||||
- ./env
|
|
||||||
volumes:
|
volumes:
|
||||||
- "data:/var/www/storage"
|
- "data:/var/www/storage"
|
||||||
- "./env:/var/www/.env"
|
- "./env:/var/www/.env"
|
||||||
|
|||||||
@ -6,8 +6,11 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: "include tasks update-repository-with-docker-compose.yml"
|
- name: "include tasks update-repository-with-files.yml"
|
||||||
include_tasks: update-repository-with-docker-compose.yml
|
include_tasks: update-repository-with-files.yml
|
||||||
|
vars:
|
||||||
|
detached_files:
|
||||||
|
- "docker-compose.yml"
|
||||||
|
|
||||||
- name: create {{docker_compose.directories.instance}}/app/config.yaml
|
- name: create {{docker_compose.directories.instance}}/app/config.yaml
|
||||||
copy:
|
copy:
|
||||||
|
|||||||
@ -10,6 +10,6 @@
|
|||||||
include_tasks: update-repository-with-files.yml
|
include_tasks: update-repository-with-files.yml
|
||||||
vars:
|
vars:
|
||||||
detached_files:
|
detached_files:
|
||||||
- .env
|
- "{{docker_compose.directories.env}}env"
|
||||||
- docker-compose.yml
|
- "{{docker_compose.directories.instance}}docker-compose.yml"
|
||||||
- docker-compose-inits.yml
|
- "{{docker_compose.directories.instance}}docker-compose-inits.yml"
|
||||||
|
|||||||
@ -32,6 +32,7 @@ services:
|
|||||||
taiga-manage:
|
taiga-manage:
|
||||||
image: taigaio/taiga-back:latest
|
image: taigaio/taiga-back:latest
|
||||||
environment: *default-back-environment
|
environment: *default-back-environment
|
||||||
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
|
|
||||||
|
|||||||
@ -38,16 +38,12 @@ x-volumes:
|
|||||||
services:
|
services:
|
||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
taiga-back:
|
taiga-back:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
image: taigaio/taiga-back:{{applications.taiga.version}}
|
image: taigaio/taiga-back:{{applications.taiga.version}}
|
||||||
environment: *default-back-environment
|
environment: *default-back-environment
|
||||||
volumes: *default-back-volumes
|
volumes: *default-back-volumes
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
|
|
||||||
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
|
{% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
|
||||||
taiga-events-rabbitmq:
|
taiga-events-rabbitmq:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
@ -55,9 +51,7 @@ services:
|
|||||||
condition: service_started
|
condition: service_started
|
||||||
|
|
||||||
taiga-async:
|
taiga-async:
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
image: taigaio/taiga-back:latest
|
image: taigaio/taiga-back:latest
|
||||||
entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
|
entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
|
||||||
environment: *default-back-environment
|
environment: *default-back-environment
|
||||||
@ -82,9 +76,7 @@ services:
|
|||||||
hostname: "taiga-async-rabbitmq"
|
hostname: "taiga-async-rabbitmq"
|
||||||
volumes:
|
volumes:
|
||||||
- async-rabbitmq-data:/var/lib/rabbitmq
|
- async-rabbitmq-data:/var/lib/rabbitmq
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
@ -95,10 +87,7 @@ services:
|
|||||||
TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}"
|
TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}"
|
||||||
TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}"
|
TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}"
|
||||||
TAIGA_SUBPATH: "${SUBPATH}"
|
TAIGA_SUBPATH: "${SUBPATH}"
|
||||||
# ...your customizations go here
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
@ -111,10 +100,7 @@ services:
|
|||||||
RABBITMQ_USER: "${RABBITMQ_USER}"
|
RABBITMQ_USER: "${RABBITMQ_USER}"
|
||||||
RABBITMQ_PASS: "${RABBITMQ_PASS}"
|
RABBITMQ_PASS: "${RABBITMQ_PASS}"
|
||||||
TAIGA_SECRET_KEY: "${SECRET_KEY}"
|
TAIGA_SECRET_KEY: "${SECRET_KEY}"
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -131,9 +117,7 @@ services:
|
|||||||
hostname: "events-rabbitmq"
|
hostname: "events-rabbitmq"
|
||||||
volumes:
|
volumes:
|
||||||
- events-rabbitmq-data:/var/lib/rabbitmq
|
- events-rabbitmq-data:/var/lib/rabbitmq
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
@ -143,9 +127,7 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
MAX_AGE: "${ATTACHMENTS_MAX_AGE}"
|
MAX_AGE: "${ATTACHMENTS_MAX_AGE}"
|
||||||
SECRET_KEY: "${SECRET_KEY}"
|
SECRET_KEY: "${SECRET_KEY}"
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
@ -158,9 +140,7 @@ services:
|
|||||||
- ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
|
- ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
|
||||||
- static-data:/taiga/static
|
- static-data:/taiga/static
|
||||||
- media-data:/taiga/media
|
- media-data:/taiga/media
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
|
|
||||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||||
taiga:
|
taiga:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: rebuild wordpress container
|
- name: rebuild wordpress container
|
||||||
command:
|
command:
|
||||||
cmd: docker build --no-cache -t custom_wordpress .
|
cmd: docker build --no-cache -t {{custom_wordpress_image}} .
|
||||||
chdir: "{{docker_compose.directories.instance}}"
|
chdir: "{{docker_compose.directories.instance}}"
|
||||||
environment:
|
environment:
|
||||||
COMPOSE_HTTP_TIMEOUT: 600
|
COMPOSE_HTTP_TIMEOUT: 600
|
||||||
|
|||||||
@ -27,6 +27,17 @@
|
|||||||
- docker compose project setup
|
- docker compose project setup
|
||||||
- rebuild wordpress container
|
- rebuild wordpress container
|
||||||
|
|
||||||
- name: "add docker-compose.yml to {{docker_compose.directories.instance}}"
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
template:
|
||||||
|
src: "docker-compose.yml.j2"
|
||||||
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
|||||||
@ -3,20 +3,13 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
logging:
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
driver: journald
|
image: {{custom_wordpress_image}}
|
||||||
image: custom_wordpress
|
|
||||||
container_name: wordpress-application
|
container_name: wordpress-application
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
restart: {{docker_restart_policy}}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
environment:
|
|
||||||
WORDPRESS_DB_HOST: "{{database_host}}:{{database_port}}"
|
|
||||||
WORDPRESS_DB_USER: "{{database_username}}"
|
|
||||||
WORDPRESS_DB_PASSWORD: "{{database_password}}"
|
|
||||||
WORDPRESS_DB_NAME: "{{database_name}}"
|
|
||||||
volumes:
|
volumes:
|
||||||
- data:/var/www/html
|
- data:/var/www/html
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
4
roles/docker-wordpress/templates/env.j2
Normal file
4
roles/docker-wordpress/templates/env.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
|
||||||
|
WORDPRESS_DB_USER= "{{database_username}}"
|
||||||
|
WORDPRESS_DB_PASSWORD= "{{database_password}}"
|
||||||
|
WORDPRESS_DB_NAME= "{{database_name}}"
|
||||||
@ -2,3 +2,4 @@ application_id: "wordpress"
|
|||||||
wordpress_max_upload_size: "64M"
|
wordpress_max_upload_size: "64M"
|
||||||
database_type: "mariadb"
|
database_type: "mariadb"
|
||||||
database_password: "{{wordpress_database_password}}"
|
database_password: "{{wordpress_database_password}}"
|
||||||
|
custom_wordpress_image: "custom_wordpress"
|
||||||
@ -6,8 +6,16 @@
|
|||||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||||
include_tasks: nginx-docker-proxy-domain.yml
|
include_tasks: nginx-docker-proxy-domain.yml
|
||||||
|
|
||||||
- name: add docker-compose.yml
|
- name: "create {{docker_compose.files.docker_compose}}"
|
||||||
template:
|
template:
|
||||||
src: "docker-compose.yml.j2"
|
src: "docker-compose.yml.j2"
|
||||||
dest: "{{docker_compose.directories.instance}}docker-compose.yml"
|
dest: "{{docker_compose.files.docker_compose}}"
|
||||||
|
notify: docker compose project setup
|
||||||
|
|
||||||
|
- name: "create {{docker_compose.files.env}}"
|
||||||
|
template:
|
||||||
|
src: "env.j2"
|
||||||
|
dest: "{{docker_compose.files.env}}"
|
||||||
|
mode: '770'
|
||||||
|
force: yes
|
||||||
notify: docker compose project setup
|
notify: docker compose project setup
|
||||||
|
|||||||
@ -3,20 +3,10 @@ services:
|
|||||||
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
|
||||||
|
|
||||||
application:
|
application:
|
||||||
logging:
|
|
||||||
driver: journald
|
|
||||||
image: yourls:{{applications.yourls.version}}
|
image: yourls:{{applications.yourls.version}}
|
||||||
restart: {{docker_restart_policy}}
|
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{http_port}}:80"
|
- "127.0.0.1:{{http_port}}:80"
|
||||||
environment:
|
|
||||||
YOURLS_DB_HOST: "{{database_host}}"
|
|
||||||
YOURLS_DB_USER: "{{database_username}}"
|
|
||||||
YOURLS_DB_PASS: "{{database_password}}"
|
|
||||||
YOURLS_DB_NAME: "{{database_name}}"
|
|
||||||
YOURLS_SITE: "https://{{domain}}"
|
|
||||||
YOURLS_USER: "{{applications.yourls.administrator_username}}"
|
|
||||||
YOURLS_PASS: "{{yourls_administrator_password}}"
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]
|
test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]
|
||||||
interval: 1m
|
interval: 1m
|
||||||
|
|||||||
7
roles/docker-yourls/templates/env.j2
Normal file
7
roles/docker-yourls/templates/env.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
YOURLS_DB_HOST: "{{database_host}}"
|
||||||
|
YOURLS_DB_USER: "{{database_username}}"
|
||||||
|
YOURLS_DB_PASS: "{{database_password}}"
|
||||||
|
YOURLS_DB_NAME: "{{database_name}}"
|
||||||
|
YOURLS_SITE: "https://{{domain}}"
|
||||||
|
YOURLS_USER: "{{applications.yourls.administrator_username}}"
|
||||||
|
YOURLS_PASS: "{{yourls_administrator_password}}"
|
||||||
@ -2,29 +2,30 @@
|
|||||||
|
|
||||||
# Check if the necessary parameters are provided
|
# Check if the necessary parameters are provided
|
||||||
if [ "$#" -ne 2 ]; then
|
if [ "$#" -ne 2 ]; then
|
||||||
echo "Usage: $0 <domain> <docker_compose.directories.instance>"
|
echo "Usage: $0 <domain> <docker_compose_instance_directory>"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Assign parameters
|
# Assign parameters
|
||||||
domain="$1"
|
domain="$1"
|
||||||
docker_compose.directories.instance="$2"
|
docker_compose_instance_directory="$2"
|
||||||
|
docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs"
|
||||||
|
|
||||||
# Copy certificates
|
# Copy certificates
|
||||||
cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose.directories.instance/certs" || exit 1
|
cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_cert_directory" || exit 1
|
||||||
|
|
||||||
# This code is optimized for mailu
|
# This code is optimized for mailu
|
||||||
cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose.directories.instance/certs/key.pem" || exit 1
|
cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1
|
||||||
cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose.directories.instance/certs/cert.pem" || exit 1
|
cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1
|
||||||
|
|
||||||
# Set correct reading rights
|
# Set correct reading rights
|
||||||
chmod a+r -v "$docker_compose.directories.instance/certs/"*
|
chmod a+r -v "$docker_compose_cert_directory/"*
|
||||||
|
|
||||||
# Flag to track if any Nginx reload was successful
|
# Flag to track if any Nginx reload was successful
|
||||||
nginx_reload_successful=false
|
nginx_reload_successful=false
|
||||||
|
|
||||||
# Reload Nginx in all containers within the Docker Compose setup
|
# Reload Nginx in all containers within the Docker Compose setup
|
||||||
cd "$docker_compose.directories.instance" || exit 1
|
cd "$docker_compose_instance_directory" || exit 1
|
||||||
|
|
||||||
# Iterate over all services
|
# Iterate over all services
|
||||||
for service in $(docker compose ps --services); do
|
for service in $(docker compose ps --services); do
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
src: "nginx-docker-cert-deploy.sh"
|
src: "nginx-docker-cert-deploy.sh"
|
||||||
dest: "{{nginx_docker_cert_deploy_script}}"
|
dest: "{{nginx_docker_cert_deploy_script}}"
|
||||||
when: run_once_nginx_docker_cert_deploy is not defined
|
when: run_once_nginx_docker_cert_deploy is not defined
|
||||||
|
notify: restart nginx-docker-cert-deploy.cymais.service
|
||||||
|
|
||||||
- name: run the nginx_docker_cert_deploy tasks once
|
- name: run the nginx_docker_cert_deploy tasks once
|
||||||
set_fact:
|
set_fact:
|
||||||
@ -14,6 +15,7 @@
|
|||||||
path: "{{cert_mount_directory}}"
|
path: "{{cert_mount_directory}}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
notify: restart nginx-docker-cert-deploy.cymais.service
|
||||||
|
|
||||||
- name: configure nginx-docker-cert-deploy.cymais.service
|
- name: configure nginx-docker-cert-deploy.cymais.service
|
||||||
template:
|
template:
|
||||||
|
|||||||
@ -1,5 +0,0 @@
|
|||||||
- name: "include tasks update-repository-with-files.yml"
|
|
||||||
include_tasks: update-repository-with-files.yml
|
|
||||||
vars:
|
|
||||||
detached_files:
|
|
||||||
- "docker-compose.yml"
|
|
||||||
@ -1,3 +1,6 @@
|
|||||||
|
# It isn't best practice to use this task
|
||||||
|
# Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing
|
||||||
|
# @todo Refactor\Remove
|
||||||
- name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
|
- name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
|
merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user