Compare commits

...

547 Commits

Author SHA1 Message Date
016c050c60 implemented database condition 2024-01-05 13:29:15 +01:00
03b3252a0c Changed discourse to single domain 2024-01-05 13:23:58 +01:00
6cc74eebbf Updated LICENSE.md 2024-01-05 13:12:55 +01:00
924786955e Added discourse to central db network 2024-01-05 12:52:22 +01:00
730fe76c0f solved db logic bug 2024-01-05 12:01:11 +01:00
7ee06df3ba changed default postgres logic and optimized discourse postgres integration 2024-01-05 11:27:04 +01:00
9318333e77 Solved which bug 2024-01-05 11:13:51 +01:00
d24b0dc839 Solved bugs and removed debug messages if repository is not reachable 2024-01-05 11:08:09 +01:00
5ad6bf7e34 Removed if bug 2024-01-05 11:01:48 +01:00
bc1dc01c30 Added discourse domains 2024-01-05 10:42:58 +01:00
d322f64465 Added database type 2024-01-05 00:09:01 +01:00
fa1fefafa6 solved depends on bug 2024-01-05 00:06:19 +01:00
6ac081e501 Implemented central database for matrix and mastodon 2024-01-04 20:57:02 +01:00
77a3fb220a Optimized names 2024-01-04 15:07:04 +01:00
40f6f7dc4f refactored to timer routine 2024-01-04 13:27:07 +01:00
973e667b4f Created role for systemd timers 2024-01-04 11:40:39 +01:00
6cc48f9dc5 Solved nextcloud bugs 2024-01-04 11:36:55 +01:00
51f47f158e Added linebreaks to prevent j2 rendering bug 2024-01-04 10:15:46 +01:00
be2848b01f Removed network formatation bug 2024-01-04 09:47:40 +01:00
d4d18d4d32 Added ip4 address 2024-01-04 09:27:54 +01:00
3d4c61610e Merge branch 'master' of github.com:kevinveenbirkenbach/cymais 2024-01-04 09:19:51 +01:00
1d6acbc128 Added missing database type 2024-01-04 09:19:41 +01:00
2b50cf46e9 Added default wordpress domains 2024-01-04 09:09:38 +01:00
f1e5810ec9 Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2024-01-04 00:18:50 +01:00
685cd10bf3 renamed variable 2024-01-04 00:18:46 +01:00
fa02ce8335 Added missing line break 2024-01-03 20:28:47 +01:00
ae99c9e718 Implemented common docker routine 2024-01-03 20:17:55 +01:00
f0e7df29a8 Removed socket bones 2024-01-03 18:06:34 +01:00
8eed734ad0 Solved authentification bug and added draft for socket 2024-01-03 18:01:58 +01:00
27b5b3a74b Added database variables 2024-01-03 17:02:41 +01:00
ce053a0b58 Solved bugs occuring during setup of yourls 2024-01-03 15:46:28 +01:00
9c81a48f17 Removed buggy variable mapping 2024-01-03 12:07:19 +01:00
509914fb86 Finished final raw draft of central database implementation. UNTESTED. 2024-01-03 11:38:09 +01:00
884b9370bb Adapted variables for template 2024-01-02 21:40:48 +01:00
c863700dbf Renamed templates 2024-01-02 21:39:17 +01:00
ab7ca07ac9 Implemented vars, tasks and templates for central database setup until mastodon role 2024-01-02 21:13:34 +01:00
4e09fbd3fb Implemented variable mapping to reduce complexity 2024-01-02 12:23:25 +01:00
5d91bc039f Removed deprecated depends_on attribut 2024-01-02 11:28:02 +01:00
ab11095ec8 Added user root 2024-01-02 09:11:53 +01:00
d3628d90b9 Implemented cleaning up of all backups 2024-01-02 08:28:00 +01:00
4c6d57c4e0 Added more database conditions to template 2023-12-31 11:44:21 +01:00
a112b67eda Added draft for central postgres and mariadb. variables and networks still need to be adapted 2023-12-31 11:14:18 +01:00
3fa052f71d Refactored docker rroles dto use new role docker-compose 2023-12-30 16:49:37 +01:00
f70a7690a8 Created role docker-compose and refactored attendize, akauntin, openproject 2023-12-30 15:22:18 +01:00
3181ce3def Implemented docker postgres draft 2023-12-29 23:58:57 +01:00
7f2d09d06a Renamed variable 2023-12-29 23:48:44 +01:00
221373e6e3 Added draft for mariadb docker role 2023-12-29 22:50:42 +01:00
41b409c8d5 Solved bug 2023-12-29 19:55:26 +01:00
1e8683bd62 Removed warning for dangling volumes 2023-12-28 23:59:05 +01:00
c2f6b94a22 Added performance hints for gitlab 2023-12-28 22:53:37 +01:00
682c702dbf Changed restart policy of postgres to always 2023-12-28 21:30:33 +01:00
4a20adf26a Activated redis 2023-12-28 19:44:28 +01:00
44d92ddccc Added some parameters 2023-12-28 18:30:31 +01:00
2b19cd8f97 Added correct parameters 2023-12-28 12:33:48 +01:00
04eee34915 added openproject to description 2023-12-28 08:21:35 +01:00
a2382d355a changed listmonk db parameters 2023-12-28 08:17:07 +01:00
92523bdc1b changed title 2023-12-28 00:29:27 +01:00
ebe3fca503 implemented draf for gitlab role 2023-12-28 00:28:30 +01:00
5da4637716 solved wrong file name path 2023-12-27 22:21:24 +01:00
a188d1025a implemented backup of everything before docker update 2023-12-27 22:12:19 +01:00
ceffbc38da changed matrix to compose 2023-12-26 22:45:24 +01:00
1216998760 Changed License 2023-12-26 17:42:10 +01:00
5b9aa582ab refactored redis implementation 2023-12-26 16:40:19 +01:00
dae2a821aa Changed network and volume names 2023-12-26 15:58:56 +01:00
729b2d06c3 Made execution dependent on database parameter 2023-12-26 12:41:51 +01:00
57b74201a0 Solved bugs 2023-12-26 03:36:29 +01:00
aeb64aaa45 Optimized code performance 2023-12-26 03:31:30 +01:00
8863a00908 Changed roles to new docker backup procedure 2023-12-26 03:13:16 +01:00
d010ea55ad changed backup procedure 2023-12-24 22:50:00 +01:00
b064aab289 added -p parameter for healing 2023-12-24 22:35:27 +01:00
5ab43653bd Solved bugs 2023-12-24 21:42:32 +01:00
4c8b96c34a Removed default values 2023-12-24 20:00:17 +01:00
36fc5f8404 Implemented error for dangling volumes https://chat.openai.com/share/981ecca4-9df7-4086-b99e-1b60f2632bf6 2023-12-24 19:40:39 +01:00
e96a94bc2d Implemented check for excited != 0 https://chat.openai.com/share/981ecca4-9df7-4086-b99e-1b60f2632bf6 2023-12-24 19:19:07 +01:00
bc086d5236 Implemented docker-compose.yml file https://chat.openai.com/share/981ecca4-9df7-4086-b99e-1b60f2632bf6 2023-12-24 18:48:38 +01:00
f1c912924e Removed bug https://project.veen.world/projects/cymais/work_packages/90 https://chat.openai.com/share/77291a8a-47cc-4057-a59b-1f0298b23024 2023-12-24 16:06:44 +01:00
621938bf5f Deactivated Whatsapp Bridge 2023-12-22 21:13:41 +01:00
13e39810e3 Solved kondition bug 2023-12-22 20:49:48 +01:00
31fef30a09 Added correct folder 2023-12-22 20:38:12 +01:00
f34c235804 Added description how to clean matrix-ansible manual 2023-12-22 20:29:00 +01:00
4a4435af38 solved variable bugs 2023-12-22 17:36:35 +01:00
824b3b1d87 implemented draft for openproject 2023-12-22 15:49:55 +01:00
b5e9197393 Reactivated old docker-matrix-compose role, parallel to docker-matrix-ansible to allow alternativ installation 2023-12-22 10:23:42 +01:00
75a89a5c9c Added Base for implementing LDAP and SSO with docker compose in later steps 2023-12-22 09:11:40 +01:00
ea8788b095 Changed element domain to fitt to new matrix setup 2023-12-21 20:42:33 +01:00
29f42f6bc9 Solved bug 2023-12-21 20:29:44 +01:00
d9c9b9ddd0 Matrix debugging 2023-12-21 19:50:19 +01:00
c676ab4c81 Merge branch 'master' of github.com:kevinveenbirkenbach/cymais 2023-12-21 18:06:30 +01:00
298d753212 Added password 2023-12-21 17:50:51 +01:00
616044d715 Implemented draft for matrix-docker-ansible-deploy 2023-12-21 17:32:54 +01:00
aac538bce4 Solved case bug 2023-12-20 22:52:56 +01:00
27b8e79b79 Removed typo 2023-12-20 21:40:17 +01:00
74be492050 Implemented draft for matrix whatsapp bridge 2023-12-20 09:51:22 +01:00
e23646cdc2 Implemented email setup for matrix 2023-12-19 16:03:19 +01:00
b3edba90e3 Added additional matrix configuration 2023-12-19 14:46:12 +01:00
e13fd5a457 Updated Readme.md 2023-12-19 14:12:19 +01:00
013e6c348d Implemented element for matrix 2023-12-19 14:07:05 +01:00
7cc1903bc1 Implemented postgres support 2023-12-19 10:00:16 +01:00
0157cd13fe removed wromg cotntainer bug 2023-12-19 09:08:32 +01:00
19fd64b227 Renamed variable 2023-12-18 17:38:08 +01:00
2c5bd62c33 Merge branch 'master' of github.com:kevinveenbirkenbach/cymais 2023-12-18 14:19:53 +01:00
b47c6b5d8f Added time trigger to clean up failed docker images at noon 2023-12-18 12:20:05 +01:00
0dd1dfc71d Optimized timing 2023-12-17 17:34:34 +01:00
0f08beb92d Update COMMON_APPLICATIONS.md 2023-12-17 01:44:47 +01:00
9201f6241e Update README.md 2023-12-17 01:39:10 +01:00
2be16a16f6 removed bugs 2023-12-16 21:35:46 +01:00
9c21d052c4 Implemented system-maintenance-lock and reduced unnecessary complexity 2023-12-16 20:37:40 +01:00
89ffc7fb70 Removed starting of defrost after service is started and used instad the timer to start 2023-12-16 13:50:19 +01:00
1154ce42cf Removed multiple domain implementation for pixelfed because it's not supported by pixelfed 2023-12-16 12:27:10 +01:00
1bcf06934d Changed backup logic 2023-12-16 12:22:31 +01:00
829abab877 Implemented new standard domains for peertube and pixelfed 2023-12-15 18:26:32 +01:00
11b4fe5029 Finished keyboard color change implementation and solved bugs of shell script 2023-12-15 18:17:46 +01:00
351be2e5b1 Optimized potential issues 2023-12-15 17:36:36 +01:00
9aed999a90 Translated to english 2023-12-15 17:16:32 +01:00
25e06a316b Optimized code 2023-12-15 17:11:15 +01:00
05ea8453b3 Implemented improvements 2023-12-15 16:52:41 +01:00
8d26d55641 Added python draft 2023-12-15 16:25:48 +01:00
676093619f Removed headlock(hopefully) 2023-12-15 15:27:09 +01:00
eda977b76e Removed unnecessary default value 2023-12-15 13:27:23 +01:00
ea720b0210 Setted defrost timeout to 2min to don't block other services to long 2023-12-15 12:44:56 +01:00
6ed733a25c Refactored timer manager 2023-12-15 08:35:24 +01:00
618e10d94a Refactored code 2023-12-15 08:27:41 +01:00
84d2111af0 Implemented exception handling for defrost service and refactored code 2023-12-15 08:10:40 +01:00
da523830b9 Implemented start of defrost timer 2023-12-15 07:06:09 +01:00
c96cf73942 Implemented missing parameter 2023-12-15 01:04:14 +01:00
95d7d9cfab Implemented wait for services to stop for defroster 2023-12-15 01:00:20 +01:00
9116a2fa00 Changed defrost interval 2023-12-15 00:46:37 +01:00
3d045c3041 Deactivated autostart of updates after reboot 2023-12-15 00:16:28 +01:00
7cc3d9703f Start service every hour 2023-12-15 00:07:19 +01:00
cc3f927d9b prevent freezer from stopping defrost timer 2023-12-14 22:07:17 +01:00
0ac1d38341 Removed more freezer bugrs 2023-12-14 21:55:17 +01:00
6bcc40cf8a Added handlers for freezer 2023-12-14 21:38:18 +01:00
9f6575ccca Solved more freezer bugs 2023-12-14 21:26:43 +01:00
d4686f1adb Solved more freezer bugs 2023-12-14 21:12:25 +01:00
01055e3965 Solved argument passing bug 2023-12-14 20:27:48 +01:00
7377f6be6d Changed wrong variable name 2023-12-14 19:22:43 +01:00
bde050813c Updated timers 2023-12-14 19:19:39 +01:00
912257e0c2 Implemented defrost timer 2023-12-14 19:06:57 +01:00
b2a0428426 Updated comment 2023-12-14 18:19:44 +01:00
0cd0031368 Rewrote code logic to deal with the case if a service gets activated during the freezer is running 2023-12-14 18:13:13 +01:00
5605e0bcc3 Check if nothing got defreezed during the freezing process 2023-12-14 17:12:42 +01:00
0ba36f3671 Removed the default executing of drefrosting. Defrosting just happes now, if the service was successfull 2023-12-14 16:43:25 +01:00
04b8565108 Optimized freezer 2023-12-14 16:29:11 +01:00
514cac4a04 Removed wrong path 2023-12-14 16:06:02 +01:00
730216cd90 Optimized formatation 2023-12-14 12:34:30 +01:00
c9b8b3a19f implemented max-attempts 2023-12-14 03:21:19 +01:00
5a91ecf8e4 implemented hosts für www_redirect 2023-12-14 02:35:49 +01:00
58c99fef6e reduced stati when service is seen as active 2023-12-14 02:05:22 +01:00
25bd058fca Removed unnecessary handler 2023-12-14 01:57:30 +01:00
d99c0e02b9 Migrated some application to MariaDB and changed versions of Postgres to stay compatible with current installations 2023-12-14 01:34:12 +01:00
5443683042 Solved bug in logic 2023-12-14 00:53:17 +01:00
6cb8c9547b Implemented parameter to force backups before update 2023-12-14 00:32:52 +01:00
b9b1e2d4f8 Made docker backup before docker update obligatoric 2023-12-14 00:22:35 +01:00
f1e1d2f21e Solved bugs in freezer 2023-12-14 00:15:01 +01:00
b97018d84c Implemented freezer for docker 2023-12-13 21:14:08 +01:00
9ba58f82c1 Integration of freezer to services. See https://chat.openai.com/share/c9f5587b-0a60-4005-9329-e53754e3fcfa 2023-12-13 19:36:06 +01:00
f03fbd7c07 Implemented role System Maintenance Service Freezer 2023-12-13 19:02:07 +01:00
1aa0aabee2 Changed nextcloud version to production 2023-12-13 17:03:21 +01:00
fd385b9659 Removed whitespace and comma 2023-12-13 16:33:17 +01:00
400c0d5176 created default parameters for docker versions in all 2023-12-13 15:16:02 +01:00
0498809aaf replaced anonoymous volume through folder mount 2023-12-13 14:42:13 +01:00
ee0681b7f6 Updated README.md 2023-12-13 14:41:23 +01:00
85d8e69743 Optimized README's.md 2023-12-13 14:22:42 +01:00
fd6ce17d6d Optimized README.md 2023-12-13 13:46:40 +01:00
0c8ad80bfc Optimized README.md 2023-12-13 12:31:36 +01:00
1030b3171d Implemented show case list 2023-12-13 12:27:29 +01:00
bda26ddb30 Reformated README.md and VISION_STATEMENT.md 2023-12-13 12:13:26 +01:00
20e763da35 Restructured README.md 2023-12-13 11:54:44 +01:00
c2878fed2a Removed redundant information from README.md and deleted non-official discourse plugins 2023-12-13 11:15:10 +01:00
3dfdc71b4d Implemented matrix role README.md and optimized general README.md 2023-12-13 10:27:21 +01:00
6eefbc4803 Implemented bridge draft 2023-12-13 08:58:53 +01:00
0e0ebac8da removed -t parameter 2023-12-13 00:52:58 +01:00
f28a235c48 Added correct database parameter 2023-12-13 00:46:50 +01:00
320080270f Matrix draft 2023-12-12 22:36:35 +01:00
d5baaff695 Added a bunch of discourse plugins 2023-12-12 18:02:58 +01:00
04b3ce18e0 Optimized nginx health-check and some regex 2023-12-12 17:43:13 +01:00
78ee502ba4 Solved regex bug 2023-12-12 15:50:57 +01:00
0f939e24ce solved health-nginx bugs 2023-12-12 15:21:02 +01:00
1d2f2875b5 Improved performance by executing tasks just once per host 2023-12-12 15:10:11 +01:00
e4c380b2b5 Solved some variable bugs 2023-12-12 12:52:58 +01:00
b1e71e3875 Removed bugs and implemented new server config structure 2023-12-12 12:32:35 +01:00
cac9e6e1c8 implemented new default urls 2023-12-12 01:44:37 +01:00
46ccecf293 Removed debuging message 2023-12-11 19:45:42 +01:00
894902bda0 Added Discourse update to update-docker.py 2023-12-11 19:24:04 +01:00
b9ed0f38bd Added role for automatic redirect from www.*domain.tld to *domain.tld 2023-12-11 16:54:07 +01:00
cc27860886 Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-12-11 12:49:36 +01:00
4d097b6b14 Added multi domain support for discourse 2023-12-11 12:49:28 +01:00
7ded161843 Added Discourse to Readme.md 2023-12-11 09:52:08 +01:00
70933f2f3b Added bootstrap volume 2023-12-10 16:24:43 +01:00
befd7fd052 Raise the sigterm to 1h 2023-12-09 14:31:23 +01:00
0bcc91395b optimized pixelfed README.md 2023-12-09 14:31:01 +01:00
32847a6a99 Raise the sigterm to 2h 2023-12-09 14:30:20 +01:00
e24ab20995 Added README.md 2023-12-08 19:44:53 +01:00
9451ce398d renamed role, to make the purpose better visible 2023-12-08 18:24:45 +01:00
4d5aea8609 changed task structure 2023-12-08 18:22:28 +01:00
e9e5ee1dfb changed mail parameter 2023-12-08 17:52:57 +01:00
1d89ea0471 deleted docker compose from discourse 2023-12-08 16:55:21 +01:00
72f112f81e changed configuration name 2023-12-08 16:03:51 +01:00
aa80da5c18 Optimized description 2023-12-08 15:41:11 +01:00
6cdeaba963 Optimized discourse 2023-12-08 14:14:52 +01:00
9cd9a5db94 Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-12-08 14:05:40 +01:00
6a3642f9e0 Added jrnl 2023-12-08 13:54:28 +01:00
40a0b2c51c Merged 2023-12-08 01:13:32 +01:00
1552e62ea2 solved bug 2023-12-08 01:01:18 +01:00
1d887d3278 implemented discourse draft 2023-12-08 00:34:48 +01:00
f3aa6eba51 implemented multiple domain string substitution for mybb 2023-12-07 18:54:47 +01:00
3721e9e0ad renamed variable 2023-12-07 16:56:43 +01:00
fe77fb623e Updated mybb README.md, renamed variables, solved mybb bug 2023-12-07 15:35:57 +01:00
ed40ee1f42 refactored docker and nginx roles, to make them more modular 2023-12-07 11:19:09 +01:00
dde43c6393 refactored roles. Not fully tested yet. Testrun will be done tomorrow., 2023-12-06 17:59:57 +01:00
994b61dd1a refactored playbooks, tracking and implemented multi domain for mybb 2023-12-06 16:29:34 +01:00
4a540e21b3 refactored wordpress role 2023-12-06 14:40:18 +01:00
b53ff57f8a Raised limits 2023-12-06 13:44:57 +01:00
06013413e9 optimized healh-nginx logic 2023-12-06 12:31:39 +01:00
c43481f8e7 Implemented postgress 2023-12-06 11:36:18 +01:00
16d04d3c62 Updated role 2023-12-05 22:17:47 +01:00
4d38a79a3a Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-12-05 18:45:33 +01:00
3b06b5bcf4 Refactored use of variables 2023-12-05 18:45:26 +01:00
5ca94d6ecc Draft mybb optimation 2023-12-05 18:41:46 +01:00
5ec196b377 Update README.md 2023-12-05 17:00:49 +01:00
ffa013aa16 Optimized README.md 2023-12-05 14:42:29 +01:00
3e5eeb94ec Renamed containers 2023-12-05 14:37:50 +01:00
d71b2c632f Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-12-05 13:46:15 +01:00
39d406a659 implemented listmonk base role 2023-12-05 13:46:06 +01:00
1735d98584 Update README.md 2023-12-04 17:02:56 +01:00
4b9f2b9be2 renamed latex role and removed deprecated packages 2023-12-03 16:34:25 +01:00
1f29da276e added update-ray to update 2023-12-03 16:21:58 +01:00
ace70337ea Implemented update for yay 2023-12-03 16:20:30 +01:00
3120b23eb4 Changed systemd-notifier namings 2023-12-03 11:24:17 +01:00
d3de68b216 Added descriptions 2023-12-03 11:03:32 +01:00
2cf9fcddfc Implemented GnuCash 2023-12-03 10:56:07 +01:00
3c8ea17b00 Removed README.md links 2023-12-03 10:33:57 +01:00
2eff40551d Optimized README.md 2023-12-02 23:01:51 +01:00
0d8fd47e45 Changed repository name 2023-12-02 21:39:50 +01:00
744ce1f872 Updated README.md 2023-12-02 20:52:29 +01:00
751c62a4b4 Included detailled role description to README.md 2023-12-02 20:30:48 +01:00
29ea125179 Refactored pc roles and added README.md's with help of ChatGPT. See https://chat.openai.com/share/df22ba6a-76d0-47c2-a8c7-daec3f42b4e5 2023-12-02 18:49:50 +01:00
0b21168a78 Refactored docker role 2023-12-02 14:41:08 +01:00
a850187bf0 Updated akaunting 2023-12-02 14:27:36 +01:00
63cacea9e7 Updated mysql command 2023-12-02 13:47:43 +01:00
04dca64826 changed description 2023-12-01 14:50:16 +01:00
af10f1f0d8 Refactored due to the reason that it was planed to also include akaunting update procedures. But this is skipped for now 2023-11-30 17:55:23 +01:00
157f1c7306 Added database commands to bbb 2023-11-27 18:57:29 +01:00
93733e9e0e changed docker exec to docker-compose exec 2023-11-25 14:10:29 +01:00
1722c4f841 Optimized Cross-Domain Tracking 2023-11-24 12:19:34 +01:00
973c05b333 Deactivated content security policy for tracking 2023-11-24 09:07:20 +01:00
9d63fe69e1 Changed content security policy for matomo tracking 2023-11-23 15:36:38 +01:00
f8501db1a9 Implemented hopefully the solution for the subs_filter method. Anyway I'm annoyed by this problem an will now clean up and go dacing. Enjoy your evening folks! :) 2023-11-18 22:14:54 +01:00
16d802e687 solved wordpress tracking bug 2023-11-18 21:25:51 +01:00
491d3a7b29 Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-11-18 20:03:01 +01:00
a60ec9fa21 implemented cross-domain matomo tracking on nginx level 2023-11-18 20:02:55 +01:00
9b6cd860ff added draft for docker-listmonk 2023-11-18 14:11:48 +01:00
f285f2b46e solved bug 2023-11-17 23:34:50 +01:00
88038b21e2 implemented whitelisting of anonymous docker volumes 2023-11-17 18:31:35 +01:00
a519a09725 implemented check for anonymous volumes 2023-11-17 16:53:56 +01:00
66280fdbde integrated madomo 2023-11-17 15:15:25 +01:00
2a8ae618f0 renamed nginx roles 2023-11-17 14:08:03 +01:00
eebf359d0a renamed and optimized homepage role 2023-11-17 13:54:56 +01:00
dfaa449989 optimized variable names 2023-11-17 12:35:39 +01:00
6bc6f52f5c solved nginx health bugs 2023-11-17 10:32:15 +01:00
207478027d solved installation bug 2023-11-17 10:07:20 +01:00
090f7adccf implemented health-nginx 2023-11-17 09:36:40 +01:00
756c4d7f77 added new peertube parameter 2023-11-17 09:01:57 +01:00
99d02ee475 removed reload from timed services, so that they don't restart when ansible runs 2023-11-17 01:43:32 +01:00
05d209fa1e Removed buggy condition 2023-11-17 00:45:37 +01:00
3dbdd1dfcb Cleaned up and refactored 2023-11-16 23:29:43 +01:00
cd2c66bc54 renamed 2023-11-16 23:02:38 +01:00
298b1d106e Implemented -e "activate_all_timers=true" 2023-11-16 19:43:54 +01:00
c913d1f62c renamed to heal-docker 2023-11-16 18:42:39 +01:00
db112f3efa renamed to backup-remote-to-local 2023-11-16 17:55:54 +01:00
c70f0b2580 Renamed to backup and cleanup roles 2023-11-16 17:07:28 +01:00
0d4eb75afe Renamed to backup-docker 2023-11-16 16:55:16 +01:00
83c93be87f Removed ignore 2023-11-16 16:51:16 +01:00
0cd2b109e4 Solved bugs 2023-11-16 16:40:45 +01:00
8c42d38bca Updated Readme.md 2023-11-16 16:06:59 +01:00
c38d517ad3 Optimized ressources 2023-11-16 15:42:09 +01:00
d9d6c8060a Renamed health services 2023-11-16 15:32:29 +01:00
04f69aefde Optimized docker update 2023-11-16 15:18:11 +01:00
5186376b61 Optimized update routine 2023-11-16 15:13:34 +01:00
a6c54f9478 Catched error if no local images exist 2023-11-16 14:42:09 +01:00
e9ee992466 Changed need to build logic 2023-11-16 14:33:06 +01:00
806bb2ceee Solved bug 2023-11-16 14:24:13 +01:00
240dbac8dd optimized draft 2023-11-16 14:04:42 +01:00
7fdeb677de implemented an more general digest approach 2023-11-16 13:15:15 +01:00
d61039d3a2 improved rebuild performance 2023-11-16 12:49:53 +01:00
a94cf8d8c2 Added python draft 2023-11-16 12:31:12 +01:00
f091721402 Added draft for update-docker 2023-11-16 12:26:27 +01:00
64d8098612 Implemented cleanup procedure for failed backups 2023-11-04 14:36:55 +01:00
1a02d833a6 Optimized nextcloud for v 27 2023-11-04 14:20:59 +01:00
c0be4a912f Implemented new upload limit 2023-09-11 18:17:10 +02:00
8407c288fb Implemented web socket specific header for baserow 2023-09-02 18:57:18 +02:00
3e73e63059 Added missing meta file 2023-09-02 18:21:36 +02:00
8f715f8d81 Added docker baserow role 2023-09-02 18:09:06 +02:00
5a7141ab12 Updated README.md 2023-09-02 16:55:38 +02:00
96b0d10ea8 Refactored native- 2023-09-02 13:13:28 +02:00
c11333be9a Refactored independent_ 2023-09-02 09:45:26 +02:00
89b4a9bda1 Removed independent_user-administrator role 2023-09-02 09:42:37 +02:00
58925f3afa Added debug instructions 2023-08-26 09:51:47 +02:00
d0745f3439 removed server_ 2023-08-22 23:56:56 +02:00
7830e1f38e removed pc_ 2023-08-22 23:07:10 +02:00
08b13e86f9 replaced workstation-git with git-client 2023-08-22 23:05:18 +02:00
42cdec90ac replacet application-git with workstation-git 2023-08-22 23:02:45 +02:00
4254642313 Removed server_ for better overview 2023-08-22 22:53:44 +02:00
571bed27a3 Removed pc_ for better overview 2023-08-22 22:46:37 +02:00
d8bd1a37ea Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-08-22 18:10:02 +02:00
4edb5f3487 Optimized README.md 2023-08-22 18:09:51 +02:00
c69e283825 Added implementation hint for signal 2023-08-16 16:15:39 +02:00
28df10ef4b Installed python-panda via pacman 2023-08-07 23:02:22 +02:00
70593e5830 Installed python-psutil via pacman 2023-08-07 22:28:37 +02:00
a39754657d Ignored errors of health check service 2023-08-07 21:17:31 +02:00
0007911b42 Added missing software 2023-06-30 17:42:24 +02:00
730de49b1c Optimized pixelfed README.md file with ChatGPT 2023-06-29 14:50:38 +02:00
4e87a98716 Optimized pixelfed README.md file 2023-06-29 14:49:21 +02:00
88a67c7fd9 Optimized README.md with Chat-GPT 2023-06-29 14:41:16 +02:00
8090afb81b Added testing links 2023-06-29 14:29:58 +02:00
c8faebb387 Updated docu for epson installation 2023-06-27 14:36:07 +02:00
d992b94c3c Changed mysql to mariadb 2023-06-21 12:56:28 +02:00
8246eed374 deactivated not functioning code 2023-06-20 23:43:38 +02:00
0de8ff3449 added correct user to execute yay 2023-06-20 22:52:02 +02:00
be89e342c3 updated nextcloud update instruction and set libreoffice to more conservative version 2023-06-20 22:43:11 +02:00
9bd600e6ed Solved type error: https://chat.openai.com/share/132f9bdd-f09c-4ffa-ae80-28c04d5fc484 2023-06-20 09:52:10 +02:00
bac40d54c9 Optimized bug solution 2023-06-16 18:42:22 +02:00
6fb99205c8 Solved bug 2023-06-16 12:13:43 +02:00
55701f1c3c Added draft for attendize 2023-05-29 13:03:57 +02:00
3215e9fd65 Optimized local backup code 2023-05-29 01:12:35 +02:00
9736d651c6 Adapted path 2023-05-28 23:46:12 +02:00
7ac8a7b54e Changed repository pull to warning if not successfull due to github.com down 2023-05-28 23:08:38 +02:00
25e3d3c31c Implemented telegram notifications 2023-05-28 22:17:33 +02:00
196f1e759d Optimized keyboard 2023-05-28 19:29:13 +02:00
cc19e3c5bf Solved systemctl bug and changed color fading algorythm 2023-05-28 16:56:00 +02:00
31dc0191f1 Optimized auto backup 2023-05-28 16:35:45 +02:00
bc0e5f33b8 Optimized keyboard color logic 2023-05-28 15:41:06 +02:00
746ba54c60 Incresed max retries 2023-05-28 15:40:10 +02:00
ee84cf2024 Attempted to safe some bugs 2023-05-28 09:34:39 +02:00
df6e2c7fc5 Optimized msi-keyboard-color and caffeine 2023-05-28 08:28:21 +02:00
b8a23f95db Optimized udev rules for backup to usb with the help of chat gpt https://chat.openai.com/share/a75ca771-d8a4-4b75-9912-c515ba371ae4 2023-05-27 23:04:22 +02:00
3341fc56ac Implemented autostart of caffeine with the help of chat gpt: https://chat.openai.com/share/fa846dac-6068-4386-b3e7-b75f1248ec82 2023-05-27 11:59:37 +02:00
bd557c739b Solved rsync error with chat gpt https://chat.openai.com/share/d9eec2fb-35d1-4135-ae96-17738c69ee63 2023-05-27 11:39:31 +02:00
9ea51d9db7 Optimized Joomla 2023-05-25 20:58:52 +02:00
aa7a15dbbd Added some hints to mailu 2023-05-25 19:51:44 +02:00
783c78c896 Made database available to all containers 2023-05-23 00:23:41 +02:00
ce0694671b Implemented resolver for solving <<non DNSSEC destination>> error 2023-05-23 00:01:22 +02:00
26b0061faf Removed pulling status 2023-05-03 11:40:16 +02:00
39c7a735a6 Finished backup to swappable implementation 2023-05-02 17:58:16 +02:00
8c04fe88ed Removed udev rule and just use timer 2023-05-02 15:22:02 +02:00
708cd44666 Solved variable bug 2023-05-02 12:37:00 +02:00
61c787d186 solved bugs 2023-04-26 23:26:12 +02:00
7eed695623 Finished backup-to-swappable draft 2023-04-26 22:12:40 +02:00
6a4dea3582 Refactored 2023-04-26 14:38:02 +02:00
3b50b9e6f7 Continued draft development 2023-04-26 14:37:40 +02:00
ea784c096d Solved bugs 2023-04-26 12:45:49 +02:00
1b8ff143e3 Refactored docker roles 2023-04-26 11:52:11 +02:00
6a4439ba57 Added draft for auto-usb-backup 2023-04-26 11:51:26 +02:00
cc4e32af87 Added additional information about how much disc space gets freed 2023-04-25 23:33:32 +02:00
63b0cc4a3a Implementing the skipping of used processes 2023-04-25 22:33:04 +02:00
36e41b8c99 Implemented deletion of not fully pulled backups 2023-04-25 21:39:44 +02:00
04671e283b solved path bug 2023-04-19 14:04:27 +02:00
b12c430f33 adapted path 2023-04-19 13:58:47 +02:00
7361da8348 removed backup links and versions folder 2023-04-19 13:36:19 +02:00
7cb11a2d37 solved docker-compose naming bugs 2023-04-19 00:03:13 +02:00
0aacd81f6e solved docker volume backup renaming bug 2023-04-18 23:54:41 +02:00
c20158e400 solved docker-volume-backup bugs 2023-04-18 23:23:46 +02:00
f0b096a1a9 solved set-mtu bug 2023-04-18 23:19:19 +02:00
1e5b9317d7 Optimized wireguard roles 2023-04-18 18:24:55 +02:00
9f1a4c6fdb Solved bugs 2023-04-18 17:00:30 +02:00
3157f504b0 Removed host prefix 2023-04-18 15:45:52 +02:00
cd9eca8ee3 Renamed server roles 2023-04-18 15:41:14 +02:00
9b065dfc5d Merged system update from pc and server repository 2023-04-18 15:30:22 +02:00
5d28c5b04f implemented renamed pc roles 2023-04-18 15:19:32 +02:00
a1d9c5a0cf Merged README.mds 2023-04-18 15:08:42 +02:00
ec0dbee7bb Merged client playbook and server playbook 2023-04-18 14:52:43 +02:00
2c76f99dd1 Add 'client-playbook/' from commit '13f29ce5f74bba0376e04189e757cb9718cf2f93'
git-subtree-dir: client-playbook
git-subtree-mainline: e763d13570
git-subtree-split: 13f29ce5f7
2023-04-18 14:42:10 +02:00
43258848bb Added internet_interfaces variable 2023-04-18 14:34:03 +02:00
f3d3beab39 Solved another wireguard bug 2023-04-18 14:25:10 +02:00
7ef4f7973e Solved wireguard bugs 2023-04-18 13:56:43 +02:00
85d39b7ed1 Added missing parameter 2023-04-16 15:34:06 +02:00
63445e8030 Agtivated btrfs health check for all hosts 2023-04-16 14:55:00 +02:00
59c9ee68c8 solved backups-cleanup.py bug 2023-04-16 14:25:09 +02:00
6a26a2eb5b Solved free disc space bugs 2023-04-16 14:06:37 +02:00
fbef73b3d4 optimized configuration of free disc space and added to calendar 2023-04-16 13:36:45 +02:00
f0d067e957 Solved bugs 2023-04-16 13:29:12 +02:00
7a7073eaf0 Implemented free disc space command 2023-04-16 13:24:41 +02:00
da2d7823b8 Refactored native-backups-cleanup and native-disc-space-check. \n Removed hardcoded values and used parameters instead. 2023-04-16 12:37:31 +02:00
0591f927ec Optimized randomized_delay_sec, persistend & on_calendar for systemd-timer 2023-04-16 10:33:21 +02:00
01231cab6b Added disc-space-checker 2023-04-16 09:59:54 +02:00
0ddd068ff5 Added wireguard debug links to doku 2023-04-16 08:26:13 +02:00
3508baebac Adapted composer file for Mailu 2.0 2023-04-15 19:48:46 +02:00
dea7800c54 Activated MariaDB auto update 2023-04-15 18:11:25 +02:00
9f0df846df Implemented server tact 2023-04-15 17:06:10 +02:00
0f7a2fcb9e Implemented systemctl error checker 2023-04-15 14:31:18 +02:00
d8eb6a7dd3 Upgraded mailu to version 1.9 2023-04-15 13:24:21 +02:00
07bc312ea4 Updated pull-remote-backups README.md 2023-04-14 09:38:35 +02:00
9a5bc45b77 Changed cleanup timer sequence 2023-04-12 20:36:49 +02:00
56a0c60584 solved pull backup bugs 2023-04-12 20:32:52 +02:00
02f0b30758 Added hint for wireguard ssh bugs 2023-04-12 14:40:44 +02:00
526284f0e4 implemented backup-pull from static latest instead of relative 2023-04-12 13:37:04 +02:00
883c949466 Optimized backup scripts 2023-04-12 10:36:38 +02:00
fe347e1c77 Implemented wireguard for client 2023-04-11 21:21:06 +02:00
822f1524e8 added debug hints 2023-04-02 21:10:44 +02:00
d56b5847a2 Optimized docker-compose-restart-unhealthy performance 2023-03-31 13:58:33 +02:00
d159457e65 Solved docler-health-check.sh bug 2023-03-28 11:46:05 +02:00
8dfed43f85 Updated pixelfed README.md 2023-03-27 13:17:40 +02:00
18fd9a9e95 Optimized akaunting role 2023-03-27 02:39:11 +02:00
4d184830f7 solved bugs 2023-03-26 23:29:51 +02:00
0d12256e59 Solved bugs 2023-03-26 21:11:09 +02:00
ec6e4c1a9f Added programm to restart unhealthy docker compose containers 2023-03-26 20:36:36 +02:00
95c1e9e942 Optimized docker-health-check 2023-03-26 17:31:50 +02:00
70d28a2e6a Merge branch 'master' of github.com:kevinveenbirkenbach/server-playbook 2023-03-26 17:06:14 +02:00
ada258b20d Refactored /usr/local/bin 2023-03-26 17:05:06 +02:00
81e3cdac99 Update README.md 2023-03-24 14:49:07 +01:00
91724ded0b Added nextcloud book folder 2023-03-24 12:24:39 +01:00
9253c305b9 Solved bugs 2023-03-24 12:20:00 +01:00
1909e98a75 Cleaned up repository 2023-03-24 11:14:27 +01:00
7b0020b3aa Added dump folder 2023-03-24 10:18:07 +01:00
665a4ba72e Updated Documentation 2023-03-21 11:42:37 +01:00
f2a4c80091 Added pixelfed update instructions 2023-02-22 00:51:53 +01:00
8150de75da Implemented excited check 2023-01-09 16:51:19 +01:00
7db4a5a42f Implemented restart procedures 2023-01-09 15:59:36 +01:00
c2df7dbc7e Changed description 2022-12-25 13:44:25 +01:00
ad4a6f8bc0 Implemented docker health check 2022-12-25 13:40:38 +01:00
49bc0f436c Added hints what todo 2022-12-23 15:53:56 +01:00
f51ac6a7eb Added Workspaces to cloud sync 2022-12-10 22:41:38 +01:00
dd8db239d6 Finished implementation of roulette 2022-12-06 23:40:23 +01:00
027e99f8e3 corrected command 2022-12-06 20:50:32 +01:00
ffbacdca3d Implemented draft four roulette wheel 2022-12-06 20:20:02 +01:00
a190e3da77 finished funkwave draft 2022-12-05 20:47:15 +01:00
c7e17bbb2b Implemented funkwhale draft 2022-12-05 17:43:21 +01:00
35321ca258 corrected command 2022-12-05 17:41:00 +01:00
fb05004e2a Activated ActivityPub Federation 2022-12-05 09:18:52 +01:00
28c4afa4b0 Finished big blue button implementation 2022-12-03 20:43:33 +01:00
034a832510 added maintanance hints for docker 2022-12-03 18:08:26 +01:00
eca9b6b31d bbb draft optimation 2022-12-02 21:18:55 +01:00
c4279e3042 Removed not used complexity 2022-12-02 18:54:43 +01:00
7b2976fcb5 Implemented big blue button draft 2022-12-02 12:57:15 +01:00
62f702975a optimised akaunting 2022-12-02 12:56:53 +01:00
48b4ee3314 adapted upload limit of pixelfed proxy 2022-12-01 17:10:55 +01:00
42e403a4b8 solved nginx configuration bug 2022-11-21 13:59:38 +01:00
095197a65f solved bug 2022-11-21 12:42:08 +01:00
228758549e Updated nginx configuration 2022-11-21 12:18:28 +01:00
829525dec1 Updated Peertube configuration 2022-11-21 12:01:25 +01:00
da7be49aad implemented peertube 2022-11-17 14:47:25 +01:00
b9698bf02d updated env file 2022-11-17 10:46:07 +01:00
1a6f802900 optimized mastodon and pixelfed implementation 2022-11-16 16:04:01 +01:00
d43b98233f deactivated mysql random root passwords 2022-11-16 12:28:16 +01:00
dc37aaa7b1 optimized configuration 2022-11-16 12:27:49 +01:00
61a33916ab implemented pixelfed draft 2022-11-16 11:17:37 +01:00
12a9e55911 updated update instructions 2022-11-16 11:16:06 +01:00
eb1341b6af implemented logging via journald 2022-11-16 09:33:29 +01:00
f60e66cc98 added configuration for single user mode 2022-11-16 09:31:10 +01:00
fc6aa590bf Updated readme.md 2022-11-15 22:09:40 +01:00
45841aceac implemented mastodon 2022-11-15 21:43:05 +01:00
6a17d1ced1 added mastodon docker draft 2022-11-15 11:56:48 +01:00
03fa517bd8 added better multi page update explanation 2022-11-11 16:05:32 +01:00
46a1df99f6 changes for implementation of landing page 2022-11-11 15:27:19 +01:00
f6dde66702 Updated docker-wordpress readme 2022-11-10 17:25:37 +01:00
ca1e2aa7bf Removed random root password 2022-11-10 16:23:36 +01:00
9eeb5ec0e3 added texlive-fontsextra to create cv 2022-10-14 11:46:19 +02:00
ca3459f178 added role latex 2022-10-13 18:29:15 +02:00
772d9f0cc4 added intel drivers 2022-10-12 12:23:33 +02:00
e7b6e08cda implemented blu ray draft 2022-09-04 20:08:33 +02:00
72748de2b0 implemented first draft of versioned akaunting 2022-09-01 20:33:19 +02:00
05139506d5 added describtion how to solve akaunting update bugs 2022-09-01 19:43:05 +02:00
0097fe09db changed root password 2022-08-31 20:22:56 +02:00
616bbd019a Added thunderbird 2022-08-19 22:56:11 +02:00
a58f85a4f5 refactored role names 2022-08-19 22:26:04 +02:00
7b5d1de5c1 Added dependencies for gnome 2022-08-19 22:09:44 +02:00
9874ae7c2a Solved bugs 2022-08-19 21:58:02 +02:00
191d7a7907 Adapted role names 2022-08-19 21:54:18 +02:00
eeb365d5b6 Refactoring Draft 2022-08-19 21:39:23 +02:00
1e5aa4ddbc added todos 2022-08-19 16:52:00 +02:00
030ac15901 Removed caching from proxy pass and raised fastcgi send and get values to allow Nextcloud to process hugher files. 2022-08-19 13:32:51 +02:00
b02b07445e Added rgb support for msi keyboard 2022-08-18 19:23:43 +02:00
8179b6765d Cleaned up readme.md 2022-08-18 18:13:37 +02:00
aeab52ddd8 Added swapfile and ssh configuration role 2022-08-18 18:12:59 +02:00
25946e6925 Moved client setup from core-system repository to roles 2022-08-18 13:49:31 +02:00
ee513f4844 Moved roles from core-system to client-playbook 2022-08-18 13:48:18 +02:00
cf7b11db7c Added epson-multiprinter-support 2022-08-18 08:06:28 +02:00
4ee8525bfb Solved naming bug 2022-08-18 07:27:49 +02:00
f098ad312e Added role native-git 2022-08-18 07:16:21 +02:00
8b4990bd24 Updated role nextcloud 2022-08-17 13:21:50 +02:00
8cdc8cad91 Updated turn-server configuration. Not functioning yet. 2022-04-12 11:14:24 +02:00
7bd377af1f updated README.md 2022-04-11 08:12:12 +02:00
da6d302ba1 Replaced hardcoded container name through variable 2022-04-08 14:17:18 +02:00
370338e8e7 Trigger mail just on failure 2022-04-05 18:24:31 +02:00
69bb10990e Added exit code and regex 2022-04-05 18:24:02 +02:00
b31f8a4da8 added nodeinfo and webfinger routing 2022-04-04 10:39:12 +02:00
ab66ce286a Added slash 2022-03-29 21:36:38 +02:00
0727b179a6 Adapted pull primary backups to hardlinks 2022-03-29 21:20:51 +02:00
f4b8e2b8dd Renamed variables 2022-03-29 19:56:41 +02:00
2d82a1a77f Added native-backups-cleanup to roles 2022-03-29 10:49:28 +02:00
674484eca2 Changed diffs through versions 2022-03-28 18:22:03 +02:00
3f37ee5c6c Optimized different roles 2022-03-17 16:28:57 +01:00
99b66dda81 changed wrong string 2022-03-17 14:00:48 +01:00
f74f2aa171 changed container name 2022-03-16 13:18:31 +01:00
655b4e5c60 Removed docker-wireguard 2022-03-16 07:47:21 +01:00
df91d08578 Updated README.md 2022-02-12 19:52:34 +00:00
bbf16a5124 Upgraded nextcloud description 2022-02-12 08:36:55 +00:00
0a58c439fd Activated fetchmail due to that the reason for the performance problems had been a faulty HDD. 2022-02-11 12:49:41 +01:00
29b061a492 changed from embedded ansible docker to docker-compose files 2022-02-02 12:12:08 +01:00
d05e6c2d40 Added hints 2022-02-02 11:06:56 +01:00
a27f5e6a59 Optimized akaunting 2022-02-01 17:20:12 +01:00
be6000476f Merge branch 'master' of github.com:kevinveenbirkenbach/server-manager 2022-02-01 10:49:12 +01:00
1ee2d76eef Updated readme 2022-01-30 16:13:35 +01:00
597a0ab9ad created health check for btrfs 2022-01-30 13:22:47 +01:00
a90e02ce02 Deactivated fetchmal again, because it still slows down all other docker containers 2022-01-29 20:32:06 +01:00
e6360599ad Implemented logging with journald 2022-01-29 19:21:46 +01:00
9734848663 Deactivated buffering to reduce reverse proxy as bottle neck 2022-01-29 19:07:44 +01:00
a6e50e5041 removed buffering 2022-01-29 16:39:23 +01:00
1f73dc46f8 Activated fetchmail 2022-01-29 16:39:02 +01:00
01ee5f3e67 Cleaned up role docker-jitsi 2022-01-29 14:37:10 +01:00
4b88666091 Added fastcgi_send_timeout and fastcgi_read_timeout to prevent 504 error 2022-01-29 10:21:29 +01:00
4bee6726e7 Added pandas 2022-01-23 22:01:21 +01:00
ba52f8df78 Added databases.csv template copy 2022-01-23 21:43:05 +01:00
01d1d489f4 Changed from bash to python service 2022-01-23 21:22:23 +01:00
7944379bbf Modified vor implementation of data backup 2022-01-23 11:42:04 +01:00
53e6392c30 Removed not functional parameter 2022-01-23 09:25:17 +01:00
38709e525c Changed the container name 2022-01-21 18:59:30 +01:00
6ef5a19211 Added some links concerning the database problems 2022-01-21 18:58:47 +01:00
185a2fb635 Added healthcheck for docker 2022-01-21 18:09:56 +01:00
ff5b7d1e36 Added link concerning roundcube debugging 2022-01-21 17:41:04 +01:00
4781e699e5 Added health check for database 2022-01-21 00:11:06 +01:00
32fdbdf84e Removed role docker postfix 2022-01-20 23:39:10 +01:00
ea2118fa67 Added healthcheck for mariadb 2022-01-20 21:59:53 +01:00
4ba445e0fd Added redis volume 2022-01-20 21:36:32 +01:00
59a5411047 Configurated reversed proxy for akaunting 2022-01-19 00:03:38 +01:00
355b9ae51a Solved OSI layer 8 bug 2022-01-18 22:02:36 +01:00
7f32e547de Changed typos 2022-01-18 19:26:44 +01:00
96ddb78c2c Renamed variable 2022-01-18 19:17:12 +01:00
deac995a98 Added akounting draft 2022-01-18 19:08:45 +01:00
2b63574ec9 Added installation hint 2021-12-15 18:29:07 +01:00
eac2be60f3 Added playpart for role gnome 2021-12-08 13:10:49 +01:00
130a948790 Merge branch 'main' of github.com:kevinveenbirkenbach/client-playbook 2021-12-08 12:59:08 +01:00
4c243ceb01 Added role gnome 2021-12-08 12:58:51 +01:00
a47e932bed Optimized nextloud-client for symbolic links, refactored and solved bugs 2021-11-17 17:35:54 +01:00
dcd5c55543 refactored 2021-11-14 14:13:18 +01:00
2d4197c5a4 Added role torbrowser 2021-11-14 13:59:20 +01:00
a622cacdb9 Renamed roles 2021-11-14 13:56:22 +01:00
9291240bba Added role libreoffice 2021-11-13 18:08:49 +01:00
3f9156c53e removed firefox 2021-11-12 17:06:12 +01:00
a3f294ef0c Added general software 2021-11-12 17:05:11 +01:00
5d46b98eec Added games role 2021-11-12 16:46:26 +01:00
02e1cab5cf added draft 2021-11-12 16:23:58 +01:00
6130387c29 Renamed site to playbook.yml 2021-11-12 15:39:09 +01:00
6184d4845d Initial commit 2021-11-12 13:03:00 +01:00
ce32dc76b2 Added License 2021-11-12 13:00:36 +01:00
08797d202d Removed unnecessary text 2021-11-12 12:57:23 +01:00
Kevin Veen-Birkenbach
4cadbce005 Update README.md 2021-11-12 12:52:51 +01:00
581 changed files with 10425 additions and 1848 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
site.retry site.retry

81
COMMON_APPLICATIONS.md Normal file
View File

@ -0,0 +1,81 @@
# Common Applications
This section outlines the common applications tailored for both servers and end-users, offering a wide range of functionalities to enhance system performance, security, and usability.
## Base Setup
Key for initial system configuration, this section includes hostname setting, systemd journal management, locale configurations, and swapfile handling. Essential for both server and end-user setups, it ensures a solid foundation for system operations.
- **[Hostname](./roles/hostname/)**: Sets the system's hostname.
- **[Journalctl](./roles/journalctl/)**: Configures systemd journal settings.
- **[Locales](./roles/locales/)**: Configures system locales.
- **[System-Swapfile](./roles/system-swapfile/)**: Configures swapfile creation and management.
## Administration Tools
These tools are crucial for effective system administration, encompassing Git setup, Linux admin tools, and sudo configuration, suitable for both server environments and power users.
- **[Git](./roles/git/)**: Basic Git version control system setup.
- **[Administrator-Tools](./roles/pc-administrator-tools/)**: Installs basic Linux administration tools.
- **[Sudo](./roles/sudo/)**: Installs and configures sudo.
## Update
This category focuses on automated updates and maintenance for the system and its components, including package managers and Docker containers, ensuring systems are up-to-date and secure.
- **[update](./roles/update/)**: Automates the process of system updates.
- **[update-apt](./roles/update-apt/)**: Updates system packages using apt (for Debian-based systems).
- **[update-docker](./roles/update-docker/)**: Keeps Docker containers up to date.
- **[update-pacman](./roles/update-pacman/)**: Updates system packages using Pacman (for Arch-based systems).
- **[update-yay](./roles/update-yay/)**: Updates system packages using yay.
## Driver
Caters to a range of devices and needs for hardware driver installation and configuration, an integral part for both server hardware optimization and end-user device functionality.
- **[driver-epson-multiprinter](./roles/driver-epson-multiprinter/)**: Installs drivers for Epson multi-function printers.
- **[driver-intel](./roles/driver-intel/)**: Installs Intel drivers, typically for graphics and other hardware.
- **[driver-msi-keyboard-color](./roles/driver-msi-keyboard-color/)**: Configures MSI keyboard color settings.
- **[driver-non-free](./roles/driver-non-free/)**: Installs non-free drivers, generally for specific hardware needs.
## Security
Enhances system security with roles focused on security measures, user configurations, and SSH settings. It's vital for protecting both server environments and end-user systems.
- **[System Security](./roles/system-security/)**: Enhances overall system security.
- **[User Administrator](./roles/user-administrator/)**: Setup for system administrator user.
- **[User Alarm](./roles/user-alarm/)**: Manages the alarm user.
- **[PC SSH](./roles/pc-ssh/)**: Configuration of SSH for secure remote access.
- **[SSHD](./roles/sshd/)**: Configures SSH daemon settings.
- **[System Maintenance Lock](./roles/system-maintenance-lock)**: Locks maintenance services to prevent dangerous inteactions between services
## Virtual Private Network (VPN)
Centers on VPN configurations for secure and efficient network connectivity, particularly crucial for remote server access and end-users needing secure connections.
- **[client-wireguard](./roles/client-wireguard/)**: Configures Wireguard VPN client.
- **[client-wireguard-behind-firewall](./roles/client-wireguard-behind-firewall/)**: Sets up Wireguard client functionality behind a firewall.
- **[wireguard](./roles/wireguard/)**: Installs and configures Wireguard for secure VPN connections.
## Notifier
Sets up system event notifications via email and Telegram, a versatile feature for server administrators and end-users alike to stay informed about their system's status.
- **[Systemd-Notifier](./roles/systemd-notifier/)**: Notifier service for systemd.
- **[Systemd-Notifier-Email](./roles/systemd-notifier-email/)**: Email notifications for systemd services.
- **[Systemd-Notifier-Telegram](./roles/systemd-notifier-telegram/)**: Telegram notifications for systemd services.
## Backup Solutions
Focuses on comprehensive backup strategies and cleanup procedures, encompassing data backups, remote server backups, and maintenance of backup storage efficiency, crucial for data integrity in both servers and personal devices.
### Backups
For USB devices, Docker volumes, remote servers, and user configurations.
- **[backup-data-to-usb](./roles/backup-data-to-usb/)**: Automates data backup to USB devices.
- **[backup-docker-to-local](./roles/backup-docker-to-local/)**: Backs up Docker volumes to local storage.
- **[backup-remote-to-local](./roles/backup-remote-to-local/)**: Pulls backups from remote servers for local storage.
- **[backups-provider](./roles/backups-provider/)**: Manages backup processes and storage solutions.
- **[backups-provider-user](./roles/backups-provider-user/)**: Creates and configures users for backup processes.
### Backups Cleanup
Manages disk space and cleans up old or failed backups.
- **[cleanup-backups-service](./roles/cleanup-backups-service/)**: Service to clean up old backups automatically.
- **[cleanup-backups-timer](./roles/cleanup-backups-timer/)**: Timer for scheduling the backup cleanup service.
- **[cleanup-disc-space](./roles/cleanup-disc-space/)**: Manages and frees up disk space on the system.
- **[cleanup-failed-docker-backups](./roles/cleanup-failed-docker-backups/)**: Cleans up failed Docker backups.
## Other
Encompasses miscellaneous essential tools and systems, including package management, spellchecking, and typesetting, beneficial for both server maintenance and enhancing end-user experience.
- **[System-Aur-Helper](./roles/system-aur-helper/)**: Installs and configures AUR helper (yay).
- **[Hunspell](./roles/hunspell/)**: Installation of Hunspell spellchecker.
- **[Latex](./roles/pc-latex/)**: Installation of LaTeX typesetting system.
- **[Java](./roles/java/)**: Installs Java Development Kit (JDK).
- **[Python Pip](./roles/python-pip/)**: Installation of Python Pip package manager.

46
END_USER_APPLICATIONS.md Normal file
View File

@ -0,0 +1,46 @@
# End User Applications
End User Applications provide a diverse suite of tools and software designed to enhance the computing experience for personal computer users, including those using desktops and laptops. These applications cover various aspects such as multimedia, productivity, virtualization, and more, catering to the everyday needs of end users.
## Common Applications
In addition to the specialized software found in this document, the [COMMON_APPLICATIONS.md](./COMMON_APPLICATIONS.md) offers a comprehensive range of functionalities that cater to both server and end-user needs. This section enhances system performance, security, and usability with a variety of tools and configurations suitable for diverse computing environments.
## Desktop
This category focuses on tools and configurations that enhance the desktop computing experience. It includes utilities to maintain system activity, and software for optimizing the desktop environment, ensuring a seamless and user-friendly interface for day-to-day computer usage.
- **[Caffeine](./roles/pc-caffeine/)**: Utility to keep your computer awake.
- **[Gnome](./roles/pc-gnome/)**: Installation and configuration of Gnome desktop environment.
## Entertainment
Geared towards leisure and entertainment, this section includes software for playing Blu-ray media, accessing a vast collection of music, and installing various computer games. It's designed to enrich your personal computing experience with multimedia enjoyment and gaming.
- **[Bluray Player Tools](./roles/pc-bluray-player-tools/)**: Software for playing Blu-ray media on personal computers.
- **[Spotify](./roles/pc-spotify/)**: Installation of Spotify for music streaming.
- **[Games](./roles/pc-games/)**: Installation of various computer games.
## Office
This segment caters to professional productivity needs. It encompasses a range of office-related software, from comprehensive office suites and video conferencing tools to cloud storage solutions, facilitating efficient and organized work in various office environments.
- **[LibreOffice](./roles/pc-libreoffice/)**: Installation of the LibreOffice suite.
- **[Office](./roles/pc-office/)**: Various office productivity tools.
- **[Video Conference](./roles/pc-video-conference/)**: Video conferencing software setup.
- **[Nextcloud Client](./roles/pc-nextcloud/)**: Client setup for Nextcloud cloud storage service.
- **[GnuCash](./roles/pc-gnucash/)**: Software to manage finances
- **[Jrnl](./roles/pc-jrnl/)**: CLI Journaling
## Anonymization
Focusing on privacy and security, the Anonymization section offers tools for secure file sharing and anonymous web browsing. It includes software solutions that prioritize user privacy, ensuring secure online activities and data protection.
- **[Qbittorrent](./roles/pc-qbittorrent/)**: Installation of qBittorrent for file sharing.
- **[Torbrowser](./roles/pc-torbrowser/)**: Installation of Tor Browser for anonymous browsing.
## Content Creation
Dedicated to creatives and content producers, this category provides tools essential for video streaming, recording, graphic design, and 3D modeling. It's tailored for those involved in digital content creation, offering the necessary software to bring creative projects to life.
- **[Streaming Tools](./roles/pc-streaming-tools/)**: Software for video streaming and recording.
- **[Designer Tools](./roles/pc-designer-tools/)**: Graphic design and 3D modeling software.
## Development Environment
Targets software developers with tools and environments for various programming languages and development needs.
- **[Developer Tools](./roles/pc-developer-tools/)**: Basic developer tools setup.
- **[Developer Tools for Arduino](./roles/pc-developer-tools-arduino/)**: Setup for Arduino development.
- **[Developer Tools for Bash](./roles/pc-developer-tools-bash/)**: Tools for Bash scripting.
- **[Developer Tools for Java](./roles/pc-developer-tools-java/)**: Java development environment setup.
- **[Developer Tools for PHP](./roles/pc-developer-tools-php/)**: PHP development environment setup.
- **[Developer Tools for Python](./roles/pc-developer-tools-python/)**: Python development environment setup.
- **[Virtual Box](./roles/pc-virtual-box/)**: VirtualBox setup for creating virtual machines.
- **[Network Analyze Tools](./roles/pc-network-analyze-tools/)**: Network analysis and troubleshooting utilities.

27
LICENSE.md Normal file
View File

@ -0,0 +1,27 @@
# License Agreement
## Definitions
- **"Software":** Refers to *"[CyMaIS - Cyber Master Infrastructure Solution](https://cymais.cloud/)"* and its associated source code.
- **"Commercial Use":** Any use of the Software intended for direct or indirect financial gain, including but not limited to sales, rentals, or provision of services.
## Provisions
1. **Attribution of the Original Licensor:** In any distribution or publication of the Software or derivative works, the original licensor, *Kevin Veen-Birkenbach, Email: [license@veen.world](mailto:license@veen.world), Website: [https://www.veen.world/](https://www.veen.world/)* must be explicitly named.
2. **Restrictions on Commercial Use and Profit Sharing:**
- The Software may not be used commercially without an express license from Kevin Veen-Birkenbach.
- All profits and revenues generated directly or indirectly from the use or distribution of the Software are owed 100% to Kevin Veen-Birkenbach unless a separate licensing agreement is made.
- Any commercial exploitation without a corresponding licensing agreement with Kevin Veen-Birkenbach is prohibited.
3. **Service Limitations:** Services that use or are based on the Software may only be offered or performed with a license from Kevin Veen-Birkenbach.
4. **Process for Licensing Inquiries:** For inquiries regarding a commercial use or service license, please contact Kevin Veen-Birkenbach at the above-mentioned email address.
5. **Consequences of Non-Compliance:** Non-compliance with these license terms may result in legal action, including but not limited to injunctions and claims for damages.
6. **Disclaimer:** Use of the Software is at your own risk. The Licensor assumes no liability for any damages that may arise from the use of the Software.
7. **Ownership of Rights:** All rights, including copyright, trademark, and other forms of intellectual property related to the Software, belong exclusively to Kevin Veen-Birkenbach.
## Consent
By using, modifying, or distributing the Software, you agree to these terms.

View File

@ -1,33 +1,80 @@
# Server-Manager # CyMaIS - Cyber Master Infrastructure Solution
## Description
Ansible script to manage servers.
## roles <img src="https://cybermaster.space/wp-content/uploads/sites/7/2023/12/logo_cymais.png" width="300" style="float: right; margin-left: 10px;">
The system use the following role namings:
| role prefix | meaning| Welcome to CyMaIS (Cyber Master Infrastructure Solution), a transformative tool designed to redefine IT infrastructure setup for organizations and individuals alike.
|---|---|
|system-|general system roles which apply basic configurations|
|native-|applications which run native on the system|
|docker-|applications which run on docker containers on the system|
## Update At its core, CyMaIS leverages the power of Docker, Linux, and Ansible to offer a streamlined, automated solution for deploying and managing IT systems.
Follow the best [practices for inventories](https://docs.ansible.com/ansible/2.3/playbooks_best_practices.html) and execute ansible via:
``bash Whether you're a small startup, a growing enterprise, or an individual seeking efficient IT management, CyMaIS provides a comprehensive suite of tools that cater to a wide range of needs. From simple system setups to complex server configurations and end-user PC management, CyMaIS simplifies the entire process.
ansible-playbook -i ~/your-inventories/inventorie/hosts site.yml
``
## Debug Our intuitive interface, coupled with in-depth documentation, makes it accessible to both tech-savvy users and those with limited IT experience.
### Cleanup docker
``bash
docker stop $(docker ps -aq); docker rm $(docker ps -aq); docker volume rm $(docker volume ls -q);
``
## todo With CyMaIS, setting up a secure, scalable, and robust IT infrastructure is not just faster and easier, but also aligned with the best industry practices, ensuring that your organization stays ahead in the ever-evolving digital landscape.
- Use docker-compose.yml files instead of the ansible inbuild docker-compose for more flexibility
- Implement https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
- Refactor https://stackoverflow.com/questions/44784103/where-should-i-put-docker-compose-yml
## see ## Vision
- https://wiki.archlinux.org/index.php/Ansible Our project is anchored in the vision of transforming IT infrastructure deployment into a seamless, secure, and scalable experience.
We are committed to developing a fully automated solution that enables businesses of any size and industry to set up a 100% secure and infinitely scalable IT infrastructure in just 24 hours.
Leveraging the power of Open Source, our tool not only promises to uphold the highest standards of security and adaptability but also embodies a commitment to transparency and community-driven innovation.
This is not just a step towards simplifying IT management it's a leap towards democratizing access to advanced technology, ensuring every business can quickly adapt and thrive in the digital age.
For a deeper understanding of our goals and the ethos driving our project, we invite you to explore our detailed **[Vision Statement](./VISION_STATEMENT.md)**. Here, you'll find the cornerstone principles that guide our development process and our commitment to making a lasting impact in the realm of IT infrastructure.
## Solutions Overview
To help you navigate through our repository, we have categorized our extensive range of tools and solutions into three key areas:
1. **[Server Applications](./SERVER_APPLICATIONS.md)**: Detailed information on server-focused tools and configurations, ideal for managing and optimizing server environments.
2. **[End User Applications](./END_USER_APPLICATIONS.md)**: A guide to applications and tools specifically designed for end-user PCs, enhancing personal computing experience.
3. **[Common Applications](./COMMON_APPLICATIONS.md)**: A comprehensive list of tools and applications that are versatile and useful across both server and end-user environments.
Each of these documents provides a tailored overview, ensuring you can find the right tools and information relevant to your specific needs, whether for server management, personal computing, or general IT infrastructure.
## Key Benefits of CyMaIS for Your Business
**CyMaIS - Cyber Master Infrastructure Solution** revolutionizes IT infrastructure management, making it simpler, safer, and more adaptable for businesses of all sizes. Here's how it can benefit your organization:
1. **Effortless Setup and Management**: CyMaIS makes setting up and managing IT systems a breeze. Whether you're using Linux servers or personal computers, our tool automates the process, saving you time and effort.
2. **Everything You Need in One Place**: From the basics of system setup to advanced features like VPN and Docker, CyMaIS provides a complete range of tools. It's like having an IT expert at your fingertips, offering solutions for every need.
3. **Tailored to Your Business**: We understand that every business is unique. That's why CyMaIS is designed to be flexible, with customizable options to fit your specific requirements, whether you're a start-up, a growing business, or an established enterprise.
4. **Stay Ahead with Proactive Monitoring**: Our tool doesn't just set up your IT infrastructure; it keeps it running smoothly. With automated updates and proactive monitoring, you can rest assured that your systems are always up-to-date and performing optimally.
5. **Uncompromised Security and Reliability**: Protecting your data is our top priority. CyMaIS comes with robust security features and comprehensive backup solutions, giving you peace of mind that your business's sensitive information is safe and secure.
6. **User-Friendly with Expert Support**: While familiarity with Docker, Linux, and Ansible enhances your experience with CyMaIS, it's not a requirement. Our comprehensive roles for servers and end-user PCs simplify the setup process. With these intuitive tools and our detailed guides, managing your IT infrastructure becomes more accessible, even if you're not a seasoned IT professional. Plus, our support team is always ready to assist you, bridging any knowledge gaps and ensuring a smooth operation of your systems.
7. **Open Source Trust and Transparency**: With CyMaIS, you benefit from the reliability and security of open-source software. Our tool is transparent, community-driven, and aligned with the highest standards of software ethics and security.
CyMaIS is more than just an IT solution; it's a commitment to empowering your business with the technology it needs to thrive in todays digital landscape, effortlessly and securely.
## Professional CyMaIS Implementation
<img src="https://cybermaster.space/wp-content/uploads/sites/7/2023/11/FVG_8364BW-scaled.jpg" width="300" style="float: right; margin-left: 30px;">
My name is Kevin Veen-Birkenbach and I'm glad to assist you in the implementation of your secure and scalable IT infrastrucutre solution with CyMaIS.
My expertise in server administration, digital corporate infrastructure, custom software, and information security, all underpinned by a commitment to Open Source solutions, guarantees that your IT setup meets the highest industry standards.
Discover how CyMaIS can transform your IT landscape.
Contact me for more details:
🌍 Website: [www.CyberMaster.Space](https://cybermaster.space)<br />
📧 Email: [kevin@veen.world](mailto:kevin@veen.world)<br />
☎️ Phone: [+ 49 178 179 80 23](tel:00491781798023)
## Showcases
The following list showcases the extensive range of solutions that CyMaIS incorporates, each playing a vital role in providing a comprehensive, efficient, and secure IT infrastructure setup:
[ELK Stack](./roles/docker-elk), [Intel Driver](./roles/driver-intel), [Nginx Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy), [Sudo](./roles/sudo), [Funkwhale](./roles/docker-funkwhale), [MSI Keyboard Color Driver](./roles/driver-msi-keyboard-color), [Nginx Domain Redirect](./roles/nginx-domain-redirect), [GnuCash](./roles/pc-gnucash), [Backup Data to USB](./roles/backup-data-to-usb), [Gitea](./roles/docker-gitea), [Non-Free Driver](./roles/driver-non-free), [Nginx Homepage](./roles/nginx-homepage), [Jrnl](./roles/pc-jrnl), [Systemd Notifier](./roles/systemd-notifier), [Backup Docker to Local](./roles/backup-docker-to-local), [Jenkins](./roles/docker-jenkins), [Git](./roles/git), [Nginx HTTPS](./roles/nginx-https), [Latex](./roles/pc-latex), [Email Notifier](./roles/systemd-notifier-email), [Remote to Local Backup Solution](./roles/backup-remote-to-local), [Joomla](./roles/docker-joomla), [Heal Defect Docker Installations](./roles/heal-docker), [Nginx Matomo Tracking](./roles/nginx-matomo-tracking), [LibreOffice](./roles/pc-libreoffice), [Telegram Notifier](./roles/systemd-notifier-telegram), [Listmonk](./roles/docker-listmonk), [Btrfs Health Check](./roles/health-btrfs), [Nginx WWW Redirect](./roles/nginx-www-redirect), [Network Analyze Tools](./roles/pc-network-analyze-tools), [System Security](./roles/system-security), [Mailu](./roles/docker-mailu), [Disc Space Health Check](./roles/health-disc-space), [Administrator Tools](./roles/pc-administrator-tools), [Nextcloud Client](./roles/pc-nextcloud), [Swapfile Setup](./roles/system-swapfile), [Backups Cleanup](./roles/cleanup-backups-service), [Mastodon](./roles/docker-mastodon), [Docker Container Health Checker](./roles/health-docker-container), [Blu-ray Player Tools](./roles/pc-bluray-player-tools), [Office](./roles/pc-office), [Update Solutions](./roles/update), [Matomo](./roles/docker-matomo), [Docker Volumes Health Checker](./roles/health-docker-volumes), [Caffeine](./roles/pc-caffeine), [Qbittorrent](./roles/pc-qbittorrent), [Update Apt](./roles/update-apt), [Disc Space Cleanup](./roles/cleanup-disc-space), [Matrix](./roles/docker-matrix), [Health Journalctl](./roles/health-journalctl), [Designer Tools](./roles/pc-designer-tools), [Security Tools](./roles/pc-security-tools), [Update Docker](./roles/update-docker), [Failed Docker Backups Cleanup](./roles/cleanup-failed-docker-backups), [MediaWiki](./roles/docker-mediawiki), [Nginx Health Checker](./roles/health-nginx), [Developer Tools](./roles/pc-developer-tools), [Spotify](./roles/pc-spotify), [Update Pacman](./roles/update-pacman), [Client Wireguard](./roles/client-wireguard), [MyBB](./roles/docker-mybb), [Developer Tools for Arduino](./roles/pc-developer-tools-arduino), [SSH](./roles/pc-ssh), [Update Yay](./roles/update-yay), [Client Setup for Wireguard Behind Firewall](./roles/client-wireguard-behind-firewall), [Nextcloud Server](./roles/docker-nextcloud), [Hunspell](./roles/hunspell), [Developer Tools for Bash](./roles/pc-developer-tools-bash), [Streaming Tools](./roles/pc-streaming-tools), [Administrator](./roles/user-administrator), [Docker](./roles/docker), [Peertube](./roles/docker-peertube), [Java](./roles/java), [Developer Tools for Java](./roles/pc-developer-tools-java), [Tor Browser](./roles/pc-torbrowser), [Video Conference](./roles/pc-video-conference), [Wireguard](./roles/wireguard), [Akaunting](./roles/docker-akaunting), [Pixelfed](./roles/docker-pixelfed), [Journalctl](./roles/journalctl), [Developer Tools for PHP](./roles/pc-developer-tools-php), [Virtual Box](./roles/pc-virtual-box), [Postfix](./roles/postfix), [Attendize](./roles/docker-attendize), [Wordpress](./roles/docker-wordpress), [Locales](./roles/locales), [Docker for End Users](./roles/pc-docker), [Games](./roles/pc-games), [Python Pip](./roles/python-pip), [Discourse](./roles/docker-discourse), [Epson Multiprinter Driver](./roles/driver-epson-multiprinter), [Nginx Certbot](./roles/nginx-certbot), [Git](./roles/pc-git), [SSHD](./roles/sshd), [YOURLS](./roles/docker-yourls), [BigBlueButton](./roles/docker-bigbluebutton),[System Maintenance Lock](./roles/system-maintenance-lock),[Open Project](./roles/docker-openproject)...
## License
This project is licensed from Kevin Veen-Birkenbach. The full license is available in the [LICENSE.md](./LICENSE.md) of this repository.

95
SERVER_APPLICATIONS.md Normal file
View File

@ -0,0 +1,95 @@
# Server Applications
Server applications encompass a wide array of functionalities designed to enhance the performance, reliability, and usability of server infrastructures. These applications are essential for maintaining server health, managing web services, facilitating containerization, and providing various tools for specific server needs.
## Common Applications
For a detailed overview of the broad spectrum of server applications, including base setup, administration tools, update mechanisms, driver installations, security enhancements, VPN configurations, notifier services, backup solutions, and other essential tools and systems, please refer to the **[COMMON_APPLICATIONS.md](./COMMON_APPLICATIONS.md)**. This document provides insights into categories and specific roles catered to both server and end-user environments, ensuring comprehensive server management and optimization.
## Server Health
Addresses server maintenance and health monitoring, ensuring optimal performance and reliability of the server infrastructure.
- **[Health Btrfs](./roles/health-btrfs/)**: Monitors the health of Btrfs filesystems.
- **[Health Disc Space](./roles/health-disc-space/)**: Checks for available disk space.
- **[Health Docker Container](./roles/health-docker-container/)**: Monitors the health of Docker containers.
- **[Health Docker Volumes](./roles/health-docker-volumes/)**: Checks the status of Docker volumes.
- **[Health Journalctl](./roles/health-journalctl/)**: Monitors and manages the system journal.
- **[Health Nginx](./roles/health-nginx/)**: Ensures the Nginx server is running smoothly.
- **[Heal Docker](./roles/heal-docker/)**: Automated healing and maintenance tasks for Docker.
## Webserver
Focuses on web server roles and applications, covering SSL certificates, Nginx configurations, reverse proxies, and email services.
- **[Letsencrypt](./roles/letsencrypt/)**: Configures Let's Encrypt for SSL certificates.
- **[Nginx](./roles/nginx/)**: Installs and configures Nginx web server.
- **[Nginx-Docker-Reverse-Proxy](./roles/nginx-docker-reverse-proxy/)**: Sets up a reverse proxy for Docker containers.
- **[Nginx-Homepage](./roles/nginx-homepage/)**: Configures a homepage for Nginx.
- **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
- **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
- **[Nginx-Domain-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
- **[Nginx-WWW-Redirect](./roles/nginx-www-redirect/)**: Redirects all domains with the prefix www. from www.domain.tld to domain.tld
- **[Nginx-Certbot](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates.
- **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
## Docker and Containerization
Dedicated to Docker container setups and application management, offering a wide array of software deployment options.
- **[Docker](./roles/docker/)**: Basic Docker and Docker Compose setup.
### Finance and Project Management
Facilitating the deployment of finance-related and project management applications.
- **[Docker Akaunting](./roles/docker-akaunting/)**: Deployment of the Akaunting finance software.
- **[Open Project](./roles/docker-openproject)**: Project Management Software
### Continues Integration and Continues Delivery
Setups for development platforms and version control systems.
- **[Gitea](./roles/docker-gitea/)**: Setup for the Gitea git server.
- **[Jenkins](./roles/docker-jenkins/)**: Jenkins automation server setup.
- **[ELK](./roles/docker-elk/)**: Elasticsearch, Logstash, and Kibana (ELK) stack setup.
### Content Management
Deployment of various content management systems for web platforms.
- **[Wordpress](./roles/docker-wordpress/)**: Wordpress blog and website platform setup.
- **[Joomla](./roles/docker-joomla/)**: Joomla content management system setup.
### Fediverse Networks
Implementing federated and decentralized social platforms.
- **[Funkwhale](./roles/docker-funkwhale/)**: Deployment of Funkwhale, a federated music streaming server.
- **[Mastodon](./roles/docker-mastodon/)**: Deployment of the Mastodon social network server.
- **[Peertube](./roles/docker-peertube/)**: Deployment of the PeerTube video platform.
- **[Pixelfed](./roles/docker-pixelfed/)**: Pixelfed, a federated image sharing platform, setup.
### Analytics Solutions
Tools for web and data analytics.
- **[Matomo](./roles/docker-matomo/)**: Setup for Matomo, an open-source analytics platform.
### Forum Software
Deployments for community-driven forum platforms.
- **[MyBB](./roles/docker-mybb/)**: Setup for MyBB forum software.
- **[Discourse](./roles/docker-discourse/)**: Setup of Discouse a forum and community platform.
### Wiki and Documentation
Setting up platforms for collaborative information sharing.
- **[MediaWiki](./roles/docker-mediawiki/)**: MediaWiki setup for creating wikis.
### Event and Shop Management
Tools for managing events and online retail.
- **[Attendize](./roles/docker-attendize/)**: Setup for the Attendize event management tool.
### Data and Cloud Storage
Solutions for data management and cloud-based storage.
- **[Baserow](./roles/docker-baserow/)**: Deployment of Baserow, an open-source no-code database tool.
- **[Nextcloud](./roles/docker-nextcloud/)**: Cloud storage solution setup.
### Communication and Collaboration
Platffor enhancing communication and collaborative efforts.
- **[BigBlueButton](./roles/docker-bigbluebutton/)**: Setup for the BigBlueButton video conferencing tool.
- **[Mailu](./roles/docker-mailu/)**: Complete mail server solution.
- **[Matrix](./roles/docker-matrix/)**: Setup and deployment of the Matrix server for secure, decentralized communication.
### Marketing and Communication Tools
Focusing on tools that assist in communication, marketing, and outreach efforts.
- **[Listmonk](./roles/docker-listmonk/)**: Setup for Listmonk, a self-hosted newsletter and mailing list manager.
### Web Utilities and Services
Encompassing tools that enhance web functionality or provide essential web services.
- **[YOURLS](./roles/docker-yourls/)**: Setup for YOURLS, a URL shortening service.
### Miscellaneous
Diverse tools for specific needs and utilities.
- **[Roulette Wheel](./roles/docker-roulette-wheel/)**: Setup for a custom roulette wheel application.

17
VISION_STATEMENT.md Normal file
View File

@ -0,0 +1,17 @@
# Vision Statement
At the heart of our endeavor lies the creation of an unparalleled tool, designed to revolutionize the way IT infrastructure is deployed and managed in businesses of all scales and across various industries. Our vision is to develop a fully automated solution capable of establishing a 100% secure and infinitely scalable corporate IT infrastructure.
This tool, grounded firmly in Open Source principles, will not only champion transparency and innovation but also ensure adaptability and accessibility for every business, regardless of its size or industry. We aim to make the complex process of IT setup not just simpler but also faster achieving full deployment within an audacious timeframe of 24 hours.
We envision a future where businesses are no longer constrained by the complexities of IT infrastructure setup. Instead, they will be empowered with a tool that seamlessly integrates into their operational fabric, offering a robust, secure, and scalable digital backbone. This tool will not only cater to the immediate IT needs of a company but also be agile enough to evolve with their growing demands and the ever-changing technological landscape.
Our commitment is to break down barriers to advanced IT infrastructure, democratizing access to high-level technology solutions. By harnessing the power of Open Source, our solution will not only uphold the highest standards of security and scalability but also foster a community-driven approach to continuous improvement and innovation.
In essence, our vision is to redefine the paradigm of IT infrastructure deployment, making it a swift, secure, and scalable journey for every business, and setting a new benchmark in the industry for efficiency and reliability.
---
Kevin Veen-Birkenbach
Berlin
2023-12-13

60
constructor.yml Normal file
View File

@ -0,0 +1,60 @@
---
- name: update device
hosts: all
become: true
roles:
- role: update
when: execute_updates | bool
- name: setup standard wireguard
hosts: wireguard_server
become: true
roles:
- wireguard
# vpn setup
- name: setup wireguard client behind firewall\nat
hosts: wireguard_behind_firewall
become: true
roles:
- client-wireguard-behind-firewall
- name: setup wireguard client
hosts: wireguard_client
become: true
roles:
- client-wireguard
## backup setup
- name: setup replica backup hosts
hosts: replica_backup
become: true
roles:
- role: backup-remote-to-local
- name: setup backup to swappable
hosts: backup_to_usb
become: true
roles:
- backup-data-to-usb
## driver setup
- name: driver-intel
hosts: intel
become: true
roles:
- driver-intel
- name: setup multiprinter hosts
hosts: epson_multiprinter
become: true
roles:
- driver-epson-multiprinter
## system setup
- name: setup swapfile hosts
hosts: swapfile
become: false
roles:
- system-swapfile

105
end_users.yml Normal file
View File

@ -0,0 +1,105 @@
---
- import_playbook: playbook-common.yml
## pc applications
- name: general host setup
hosts: personal_computers
become: true
roles:
- pc-administrator-tools
- driver-non-free
- name: pc-office
hosts: collection_officetools
become: true
roles:
- pc-office
- pc-jrnl
- name: personal computer for business
hosts: business_personal_computer
become: true
roles:
- pc-gnucash
- name: pc-designer-tools
hosts: collection_designer
become: true
roles:
- pc-designer-tools
- name: pc-qbittorrent
hosts: collection_torrent
become: true
roles:
- pc-qbittorrent
- name: pc-streaming-tools
hosts: collection_streamer
become: true
roles:
- pc-streaming-tools
- name: pc-bluray-player-tools
hosts: collection_bluray_player
become: true
roles:
- pc-bluray-player-tools
- name: pc-latex
hosts: latex
become: true
roles:
- pc-latex
- name: GNOME setup
hosts: gnome
become: true
roles:
- pc-gnome
- name: setup ssh client
hosts: ssh
become: false
roles:
- pc-ssh
- name: setup gaming hosts
hosts: gaming
become: true
roles:
- pc-games
- name: setup entertainment hosts
hosts: entertainment
become: true
roles:
- pc-spotify
- name: setup torbrowser hosts
hosts: torbrowser
become: true
roles:
- pc-torbrowser
- name: setup nextcloud
hosts: nextcloud_client
become: true
roles:
- pc-nextcloud
- name: setup docker
hosts: docker
become: true
roles:
- pc-docker
# driver
- name: setup msi rgb keyboard
hosts: msi_perkeyrgb
become: true
roles:
- driver-msi-keyboard-color
- import_playbook: destructor.yml

173
group_vars/all Normal file
View File

@ -0,0 +1,173 @@
# General
setup: false # Pass CLI commands to execute the setup tasks for the different roles
verbose: false # Prints well formated debug information
top_domain: "localhost" # Change this in inventory to your domain
ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server
backups_folder_path: "/Backups/" # Path to the backups folder
# Server Tact Variables
## Ours in which the server is 100% working. Rest of the time is reserved for maintanance
hours_server_awake: "0..1,9..23"
## Random delay for systemd timers to avoid peak loads.
randomized_delay_sec: "5min"
## Schedule for Health Checks
on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors
on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors
on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space
on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy
on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy
on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available
## Schedule for Cleanup Tasks
on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup
on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours
## Schedule for Backup Tasks
on_calendar_backup_docker_to_local: "*-*-* 03:30:00"
on_calendar_backup_remote_to_local: "*-*-* 21:30:00"
## Schedule for Maintenance Tasks
on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour
on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day
on_calendar_deploy_mailu_certificates: "*-*-* 13,01:30:00" # Deploy Mailu certificates twice per day
on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute
on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon
# Storage Space-Related Configurations
size_percent_maximum_backup: 75 # Maximum storage space in percent for backups
size_percent_disc_space_warning: 85 # Warning threshold in percent for free disk space
size_percent_cleanup_disc_space: 90 # Threshold for triggering cleanup actions
# Path Variables for Key Directories and Scripts
path_administrator_home: "/home/administrator/"
path_administrator_scripts: "{{path_administrator_home}}scripts/"
path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
path_docker_compose_instances: "{{path_administrator_home}}docker-compose/"
path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py"
# Runtime Variables for Process Control
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
nginx_matomo_tracking: false # Activates matomo tracking on all html pages
execute_updates: true # Executes updates
force_backup_before_update: true # Activates the backup before the update procedure
# System maintenance Services
## Timeouts to wait for other services to stop
sytem_maintenance_lock_timeoutcleanup_services: "15min"
sytem_maintenance_lock_timeoutbackup_services: "1h"
sytem_maintenance_lock_timeoutheal_docker: "30min"
sytem_maintenance_lock_timeoutupdate_docker: "2min"
## Services
### Defined Services for Backup Tasks
system_maintenance_backup_services:
- "backup-docker-to-local"
- "backup-remote-to-local"
- "backup-data-to-usb"
- "backup-docker-to-local-everything"
### Defined Services for System Cleanup
system_maintenance_cleanup_services:
- "cleanup-backups"
- "cleanup-disc-space"
- "cleanup-failed-docker-backups"
### Services that Manipulate the System
system_maintenance_manipulation_services:
- "heal-docker"
- "update-docker"
## Total System Maintenance Services
system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"
### Define Variables for Docker Volume Health services
whitelisted_anonymous_docker_volumes: []
# Webserver Configuration
## Nginx-Specific Path Configurations
nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir
nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs
nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins
nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" # Contains upstream configurations
## Docker Applications
### Enable Central MariaDB
enable_central_database: true
### Domain Names for Various Services
domain_akaunting: "akaunting.{{top_domain}}"
domain_baserow: "baserow.{{top_domain}}"
domain_bigbluebutton: "meet.{{top_domain}}"
domain_elk: "elk.{{top_domain}}"
domain_discourse: "forum.{{top_domain}}"
domain_funkwhale: "music.{{top_domain}}"
domain_gitea: "git.{{top_domain}}"
domain_gitlab: "gitlab.{{top_domain}}"
domain_listmonk: "newsletter.{{top_domain}}"
domain_mailu: "mail.{{top_domain}}"
domain_mastodon: "microblog.{{top_domain}}"
domains_mastodon_alternates: []
domain_matomo: "matomo.{{top_domain}}"
domain_matrix_synapse: "matrix.{{top_domain}}"
domain_matrix_element: "element.{{top_domain}}"
domain_mediawiki: "wiki.{{top_domain}}"
domain_nextcloud: "cloud.{{top_domain}}"
domain_pixelfed: "picture.{{top_domain}}"
domain_peertube: "video.{{top_domain}}"
domains_peertube: []
domain_roulette: "roulette.{{top_domain}}"
domain_attendize: "tickets.{{top_domain}}"
domain_yourls: "s.{{top_domain}}"
domain_openproject: "project.{{top_domain}}"
domains_wordpress: ["wordpress.{{top_domain}}","blog.{{top_domain}}"]
### Common Configurations
postgres_default_version: "16"
### Docker Role Specific Parameters
#### Pixelfed
pixelfed_app_name: "Pictures"
#### Matrix
matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose
#### Mastodon
version_mastodon: "latest"
#### Akaunting
version_akaunting: "latest"
#### Mailu
version_mailu: "2.0"
#### Nextcloud
version_nextcloud: "production" # Danger: Nextcloud can't skipp major version updates.
# Routing Configurations for Domain Redirections
redirect_domain_mappings:
- { source: "bbb.{{top_domain}}", target: "{{domain_bigbluebutton}}" }
- { source: "discourse.{{top_domain}}", target: "{{domain_discourse}}" }
- { source: "funkwhale.{{top_domain}}", target: "{{domain_funkwhale}}" }
- { source: "gitea.{{top_domain}}", target: "{{domain_gitea}}" }
- { source: "listmonk.{{top_domain}}", target: "{{domain_listmonk}}" }
- { source: "mastodon.{{top_domain}}", target: "{{domain_mastodon}}" }
- { source: "nextcloud.{{top_domain}}", target: "{{domain_nextcloud}}" }
- { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" }
- { source: "peertube.{{top_domain}}", target: "{{domain_peertube}}" }
- { source: "pictures.{{top_domain}}", target: "{{domain_pixelfed}}" }
- { source: "pixelfed.{{top_domain}}", target: "{{domain_pixelfed}}" }
- { source: "short.{{top_domain}}", target: "{{domain_yourls}}" }
- { source: "videos.{{top_domain}}", target: "{{domain_peertube}}" }

2
requirements.yml Normal file
View File

@ -0,0 +1,2 @@
collections:
- name: kewlfft.aur

View File

@ -0,0 +1,17 @@
# backup-data-to-usb
This Ansible role automates the process of performing backups to a swappable USB device.
## Features
- Automatically starts the backup process when mounted to a specific destination.
- Supports customization of the backup source path and destination.
- Provides a systemd service to run the backup script.
## Author
This role was created and is maintained by Kevin Veen-Birkenbach.
## Credits
This software was created with the assistance of [OpenAI ChatGPT](https://chat.openai.com/share/a75ca771-d8a4-4b75-9912-c515ba371ae4).

View File

@ -0,0 +1,63 @@
#!/usr/bin/env python3
import sys
import subprocess
import shutil
import os
import glob
import datetime
def main():
source_path = sys.argv[1]
print(f"source path: {source_path}")
backup_to_usb_destination_path = sys.argv[2]
print(f"backup to usb destination path: {backup_to_usb_destination_path}")
if not os.path.isdir(backup_to_usb_destination_path):
print(f"Directory {backup_to_usb_destination_path} does not exist")
sys.exit(1)
machine_id = subprocess.run(["sha256sum", "/etc/machine-id"], capture_output=True, text=True).stdout.strip()[:64]
print(f"machine id: {machine_id}")
versions_path = os.path.join(backup_to_usb_destination_path, f"{machine_id}/backup-data-to-usb/")
print(f"versions path: {versions_path}")
if not os.path.isdir(versions_path):
print(f"Creating {versions_path}...")
os.makedirs(versions_path, exist_ok=True)
previous_version_path = max(glob.glob(f"{versions_path}*"), key=os.path.getmtime, default=None)
print(f"previous versions path: {previous_version_path}")
current_version_path = os.path.join(versions_path, datetime.datetime.now().strftime("%Y%m%d%H%M%S"))
print(f"current versions path: {current_version_path}")
print("Creating backup destination folder...")
os.makedirs(current_version_path, exist_ok=True)
print("Starting synchronization...")
try:
rsync_command = [
"rsync", "-abP", "--delete", "--delete-excluded"
]
if previous_version_path is not None:
rsync_command.append("--link-dest=" + previous_version_path)
rsync_command.extend([source_path, current_version_path])
rsync_output = subprocess.check_output(rsync_command, stderr=subprocess.STDOUT, text=True)
print(rsync_output)
print("Synchronization finished")
sys.exit(0)
except subprocess.CalledProcessError as e:
print(e.output)
if "rsync warning: some files vanished before they could be transferred" in e.output:
print("Synchronization finished with rsync warning")
sys.exit(0)
else:
print("Synchronization failed")
sys.exit(1)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,5 @@
- name: "reload backup-data-to-usb.service"
systemd:
name: backup-data-to-usb.service
state: reloaded
daemon_reload: yes

View File

@ -0,0 +1,4 @@
---
dependencies:
- role: cleanup-backups-service
- role: system-maintenance-lock

View File

@ -0,0 +1,16 @@
- name: Copy backup script to the scripts directory
copy:
src: backup-data-to-usb.python
dest: "{{ backup_to_usb_script_path }}"
owner: root
group: root
mode: '0755'
- name: Copy systemd service to systemd directory
template:
src: backup-data-to-usb.service.j2
dest: /etc/systemd/system/backup-data-to-usb.service
owner: root
group: root
mode: '0644'
notify: reload backup-data-to-usb.service

View File

@ -0,0 +1,11 @@
[Unit]
Description=Backup to USB when mounted to {{ backup_to_usb_mount }}
Wants={{systemctl_mount_service_name}}
OnFailure=systemd-notifier@%n.service
[Service]
ExecStart=/bin/python {{ backup_to_usb_script_path }} {{backup_to_usb_source}} {{backup_to_usb_destination}}
ExecStartPost=/bin/systemctl start cleanup-backups.service
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,4 @@
backup_to_usb_script_path: "/usr/local/sbin/backup-data-to-usb.python"
backup_to_usb_destination: "{{backup_to_usb_mount}}{{backup_to_usb_destination_subdirectory}}"
backups_folder_path: "{{backup_to_usb_destination}}"
systemctl_mount_service_name: "{{ backup_to_usb_mount | trim('/') | replace('/', '-') }}.mount"

View File

@ -0,0 +1,4 @@
- name: "reload backup-docker-to-local.service"
systemd:
name: backup-docker-to-local.service
daemon_reload: yes

View File

@ -0,0 +1,6 @@
dependencies:
- git
- backups-provider
- systemd-notifier
- cleanup-failed-docker-backups
- system-maintenance-lock

View File

@ -0,0 +1,75 @@
- name: install pandas system wide
community.general.pacman:
name:
- lsof
- python-pandas
state: present
when: run_once_backup_docker_to_local is not defined
- name: pull backup-docker-to-local.git
git:
repo: "https://github.com/kevinveenbirkenbach/backup-docker-to-local.git"
dest: "{{backup_docker_to_local_folder}}"
update: yes
ignore_errors: true
when: run_once_backup_docker_to_local is not defined
- name: configure backup-docker-to-local-everything.service
template:
src: backup-docker-to-local-everything.service.j2
dest: /etc/systemd/system/backup-docker-to-local-everything.service
notify: reload backup-docker-to-local-everything.service
when: run_once_backup_docker_to_local is not defined
- name: configure backup-docker-to-local.service
template:
src: backup-docker-to-local.service.j2
dest: /etc/systemd/system/backup-docker-to-local.service
notify: reload backup-docker-to-local.service
when: run_once_backup_docker_to_local is not defined
- name: set service_name to the name of the current role
set_fact:
service_name: "{{ role_name }}"
when: run_once_backup_docker_to_local is not defined
- name: "include role for systemd-timer for {{service_name}}"
include_role:
name: systemd-timer
vars:
on_calendar: "{{on_calendar_backup_docker_to_local}}"
when: run_once_backup_docker_to_local is not defined
- name: seed database values
command:
cmd: "python database_entry_seeder.py databases.csv {{docker_compose_project_name}} {{database_host}} {{database_databasename}} {{database_username}} {{database_password}}"
chdir: "{{backup_docker_to_local_folder}}"
when: >
database_host is defined or
database_databasename is defined or
database_username is defined or
database_password is defined
- name: Set file permissions for databases.csv to be readable, writable, and executable by root only
ansible.builtin.file:
path: "{{ backup_docker_to_local_folder }}databases.csv"
mode: '0700'
owner: root
group: root
when: >
(database_host is defined or
database_databasename is defined or
database_username is defined or
database_password is defined) and
run_once_backup_docker_to_local_file_permission is not defined
register: file_permission_result
- name: run the backup_docker_to_local_file_permission tasks once
set_fact:
run_once_backup_docker_to_local_file_permission: true
when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
- name: run the backup_docker_to_local tasks once
set_fact:
run_once_backup_docker_to_local: true
when: run_once_backup_docker_to_local is not defined

View File

@ -0,0 +1,8 @@
[Unit]
Description=backup docker volumes to local folder
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local') | join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --everything'

View File

@ -0,0 +1,8 @@
[Unit]
Description=backup docker volumes to local folder
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local-everything') | join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py'

View File

@ -0,0 +1 @@
backup_docker_to_local_folder: "{{path_administrator_scripts}}backup-docker-to-local/"

View File

@ -1,4 +1,4 @@
# role native-pull-primary-backups # role backup-remote-to-local
## goal ## goal
This script allows to pull backups from a remote server. This script allows to pull backups from a remote server.
@ -11,17 +11,24 @@ Further information you will find [in this blog post](https://www.veen.world/202
## debug ## debug
### live ### live
To track what the service is doing execute the following command: To track what the service is doing execute one of the following commands:
#### systemctl
```bash ```bash
watch -n2 "systemctl status pull-remote-backups.service" watch -n2 "systemctl status backup-remote-to-local.service"
``` ```
#### journalctl
```bash
journalctl -fu backup-remote-to-local.service
```
### history ### history
```bash ```bash
sudo journalctl -u pull-remote-backups sudo journalctl -u backup-remote-to-local
``` ```
## see ## see
- https://superuser.com/questions/363444/how-do-i-get-the-output-and-exit-value-of-a-subshell-when-using-bash-e - https://superuser.com/questions/363444/how-do-i-get-the-output-and-exit-value-of-a-subshell-when-using-bash-e
- https://gist.github.com/otkrsk/b0ffd4018e8a79b9010c461af298471e - https://gist.github.com/otkrsk/b0ffd4018e8a79b9010c461af298471e
- https://serverfault.com/questions/304125/rsync-seems-incompatible-with-bashrc-causes-is-your-shell-clean

View File

@ -0,0 +1,85 @@
#!/bin/bash
# @param $1 hostname from which backup should be pulled
echo "pulling backups from: $1" &&
# error counter
errors=0 &&
echo "loading meta data..." &&
remote_host="backup@$1" &&
echo "host address: $remote_host" &&
remote_machine_id="$( (ssh "$remote_host" sha256sum /etc/machine-id) | head -c 64 )" &&
echo "remote machine id: $remote_machine_id" &&
general_backup_machine_dir="/Backups/$remote_machine_id/" &&
echo "backup dir: $general_backup_machine_dir" &&
remote_backup_types="$(ssh "$remote_host" "find $general_backup_machine_dir -maxdepth 1 -type d -execdir basename {} ;")" &&
echo "backup types: $remote_backup_types" || exit 1
for backup_type in $remote_backup_types; do
if [ "$backup_type" != "$remote_machine_id" ]; then
echo "backup type: $backup_type" &&
general_backup_type_dir="$general_backup_machine_dir""$backup_type/" &&
general_versions_dir="$general_backup_type_dir" &&
local_previous_version_dir="$(ls -d $general_versions_dir* | tail -1)" &&
echo "last local backup: $local_previous_version_dir" &&
remote_backup_versions="$(ssh "$remote_host" ls -d "$general_backup_type_dir"\*)" &&
echo "remote backup versions: $remote_backup_versions" &&
remote_last_backup_dir=$(echo "$remote_backup_versions" | tail -1) &&
echo "last remote backup: $remote_last_backup_dir" &&
remote_source_path="$remote_host:$remote_last_backup_dir/" &&
echo "source path: $remote_source_path" &&
local_backup_destination_path=$remote_last_backup_dir &&
echo "backup destination: $local_backup_destination_path" &&
echo "creating local backup destination folder..." &&
mkdir -vp "$local_backup_destination_path" &&
echo "starting backup..."
rsync_command='rsync -abP --delete --delete-excluded --rsync-path="sudo rsync" --link-dest="'$local_previous_version_dir'" "'$remote_source_path'" "'$local_backup_destination_path'"'
echo "executing: $rsync_command"
retry_count=0
max_retries=12
retry_delay=300 # Retry delay in seconds (5 minutes)
last_retry_start=0
max_retry_duration=43200 # Maximum duration for a single retry attempt (12 hours)
while [[ $retry_count -lt $max_retries ]]; do
echo "Retry attempt: $((retry_count + 1))"
if [[ $retry_count -gt 0 ]]; then
current_time=$(date +%s)
last_retry_duration=$((current_time - last_retry_start))
if [[ $last_retry_duration -ge $max_retry_duration ]]; then
echo "Last retry took more than 12 hours, increasing max retries to 12."
max_retries=12
fi
fi
last_retry_start=$(date +%s)
eval "$rsync_command"
rsync_exit_code=$?
if [[ $rsync_exit_code -eq 0 ]]; then
break
fi
retry_count=$((retry_count + 1))
sleep $retry_delay
done
if [[ $rsync_exit_code -ne 0 ]]; then
echo "Error: rsync failed after $max_retries attempts"
((errors += 1))
fi
fi
done
exit $errors;

View File

@ -0,0 +1,11 @@
- name: "reload backup-remote-to-local service"
systemd:
name: backup-remote-to-local.service
daemon_reload: yes
- name: "restart backup-remote-to-local timer"
systemd:
name: backup-remote-to-local.timer
state: started
enabled: yes
daemon_reload: yes

View File

@ -0,0 +1,7 @@
dependencies:
- git
- systemd-notifier
- cleanup-backups-timer
- cleanup-failed-docker-backups
- system-maintenance-lock
- user-root

View File

@ -0,0 +1,32 @@
- name: "create {{docker_backup_remote_to_local_folder}}"
file:
path: "{{docker_backup_remote_to_local_folder}}"
state: directory
mode: 0755
- name: create backup-remote-to-local.sh
copy:
src: backup-remote-to-local.sh
dest: "{{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh"
mode: 0755
- name: create backup-remote-to-local.service
template: src=backup-remote-to-local.service.j2 dest=/etc/systemd/system/backup-remote-to-local.service
notify: reload backup-remote-to-local service
- name: create backups-remote-to-local.sh
template:
src: backups-remote-to-local.sh.j2
dest: "{{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh"
mode: 0755
- name: set service_name to the name of the current role
set_fact:
service_name: "{{ role_name }}"
- name: "include role for systemd-timer for {{service_name}}"
include_role:
name: systemd-timer
vars:
on_calendar: "{{on_calendar_backup_remote_to_local}}"

View File

@ -0,0 +1,8 @@
[Unit]
Description=pull remote backups
OnFailure=systemd-notifier@%n.service cleanup-failed-docker-backups.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_backup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/bash {{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh'

View File

@ -0,0 +1,8 @@
#!/bin/bash
# Pulls the remote backups from multiple hosts
hosts="{{pull_remote_backups}}";
errors=0
for host in $hosts; do
bash {{docker_backup_remote_to_local_folder}}backup-remote-to-local.sh $host || ((errors+=1));
done;
exit $errors;

View File

@ -0,0 +1 @@
docker_backup_remote_to_local_folder: "{{path_administrator_scripts}}backup-remote-to-local/"

View File

@ -1,4 +1,4 @@
# role native-user-backup # role backups-provider-user
User for backups User for backups
## todo ## todo

View File

@ -0,0 +1,38 @@
#!/bin/sh
# log command
if [ -n "$SSH_ORIGINAL_COMMAND" ]
then
echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" | systemd-cat -t "ssh-wrapper.sh"
fi
# define executable commands
get_hashed_machine_id="sha256sum /etc/machine-id";
hashed_machine_id="$($get_hashed_machine_id | head -c 64)"
get_backup_types="find /Backups/$hashed_machine_id/ -maxdepth 1 -type d -execdir basename {} ;";
# @todo This configuration is not scalable yet. If other backup services then backup-docker-to-local are integrated, this logic needs to be optimized
get_version_directories="ls -d /Backups/$hashed_machine_id/backup-docker-to-local/*"
last_version_directory="$($get_version_directories | tail -1)"
rsync_command="sudo rsync --server --sender -blogDtpre.iLsfxCIvu . $last_version_directory/"
# filter commands
case "$SSH_ORIGINAL_COMMAND" in
"$get_hashed_machine_id")
$get_hashed_machine_id
;;
"$get_version_directories")
$get_version_directories
;;
"$get_backup_types")
$get_backup_types
;;
"$rsync_command")
$rsync_command
;;
*)
echo "This command is not supported."
exit 1
;;
esac

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-sshd - sshd

View File

@ -2,6 +2,7 @@
user: user:
name: backup name: backup
create_home: yes create_home: yes
when: run_once_backups_provider_user is not defined
- name: create .ssh directory - name: create .ssh directory
file: file:
@ -10,10 +11,7 @@
owner: backup owner: backup
group: backup group: backup
mode: '0700' mode: '0700'
when: run_once_backups_provider_user is not defined
- name: register hashed_machine_id
shell: sha256sum /etc/machine-id | head -c 64
register: hashed_machine_id
- name: create /home/backup/.ssh/authorized_keys - name: create /home/backup/.ssh/authorized_keys
template: template:
@ -22,14 +20,16 @@
owner: backup owner: backup
group: backup group: backup
mode: '0644' mode: '0644'
when: run_once_backups_provider_user is not defined
- name: create /home/backup/ssh-wrapper.sh - name: create /home/backup/ssh-wrapper.sh
template: copy:
src: "ssh-wrapper.sh.j2" src: "ssh-wrapper.sh"
dest: /home/backup/ssh-wrapper.sh dest: /home/backup/ssh-wrapper.sh
owner: backup owner: backup
group: backup group: backup
mode: '0700' mode: '0700'
when: run_once_backups_provider_user is not defined
- name: grant backup sudo rights - name: grant backup sudo rights
copy: copy:
@ -39,3 +39,9 @@
owner: root owner: root
group: root group: root
notify: sshd restart notify: sshd restart
when: run_once_backups_provider_user is not defined
- name: run the backups_provider_user tasks once
set_fact:
run_once_backups_provider_user: true
when: run_once_backups_provider_user is not defined

View File

@ -0,0 +1,3 @@
{% for authorized_key in authorized_keys_list %}
command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
{% endfor %}

View File

@ -1,2 +1,2 @@
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys" authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
authorized_keys: "{{ lookup('file', authorized_keys_path) }}" authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"

View File

@ -1,4 +1,4 @@
# role native-primary-backup-host # role backups-provider-host
## todo ## todo
- add full system backup - add full system backup

View File

@ -0,0 +1,3 @@
dependencies:
- backups-provider-user
- cleanup-backups-timer

View File

@ -0,0 +1,14 @@
# role cleanup-backups-timer
Cleans up old backups
## Additional software
It may be neccessary to install gcc seperat to use psutil
```bash
sudo pacman -S gcc
```
## further information
- https://stackoverflow.com/questions/48929553/get-hard-disk-size-in-python

View File

@ -0,0 +1,57 @@
import psutil
import shutil
import os
import argparse
import subprocess
# Validating arguments
parser = argparse.ArgumentParser()
parser.add_argument('--maximum-backup-size-percent', type=int, dest='maximum_backup_size_percent',required=True, choices=range(0,100), help="The directory from which the data should be encrypted.")
parser.add_argument('--backups-folder-path',type=str,dest='backups_folder_path',required=True, help="The folder in which the backups are stored")
args = parser.parse_args()
def print_used_disc_space():
print("%d %% of disk %s are used" % (psutil.disk_usage(args.backups_folder_path).percent,args.backups_folder_path))
def is_directory_used_by_another_process(directory_path):
command= "lsof " + directory_path
process = subprocess.Popen([command], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
output, error = process.communicate()
# @See https://stackoverflow.com/questions/29841984/non-zero-exit-code-for-lsof
if process.wait() > bool(0):
return False
return True
for host_backup_directory_name in os.listdir(args.backups_folder_path):
host_backup_directory_path = os.path.join(args.backups_folder_path, host_backup_directory_name)
for application_directory in os.listdir(host_backup_directory_path):
# The directory which contains all backup versions of the application
versions_directory = os.path.join(host_backup_directory_path, application_directory) + "/"
versions = os.listdir(versions_directory)
versions.sort(reverse=False)
print_used_disc_space()
for version in versions:
version_path=os.path.join(versions_directory, version)
print("Checking directory %s ..." % (version_path))
if version == versions[-1]:
print("Directory %s contains the last version of the backup. Skipped." % (version_path))
continue
if is_directory_used_by_another_process(version_path):
print("Directory %s is used by another process. Skipped." % (version_path))
continue
old_disc_usage_percent=psutil.disk_usage(args.backups_folder_path).percent
if old_disc_usage_percent > args.maximum_backup_size_percent:
print("Deleting %s to free space." % (version_path))
shutil.rmtree(version_path)
new_disc_usage_percent=psutil.disk_usage(args.backups_folder_path).percent
difference_percent=old_disc_usage_percent-new_disc_usage_percent
print("{:6.2f} %% of drive freed".format(difference_percent))
continue
print_used_disc_space()
print("Cleaning up finished.")

View File

@ -0,0 +1,5 @@
- name: "reload cleanup-backups.service"
systemd:
name: cleanup-backups.service
enabled: yes
daemon_reload: yes

View File

@ -0,0 +1,4 @@
dependencies:
- python-pip
- systemd-notifier
- system-maintenance-lock

View File

@ -0,0 +1,32 @@
- name: install lsof and python-psutil
community.general.pacman:
name:
- lsof
- python-psutil
state: present
when: run_once_cleanup_backups_service is not defined
- name: "create {{docker_cleanup_backups}}"
file:
path: "{{docker_cleanup_backups}}"
state: directory
mode: 0755
when: run_once_cleanup_backups_service is not defined
- name: create cleanup-backups.py
copy:
src: "cleanup-backups.py"
dest: "{{docker_cleanup_backups}}cleanup-backups.py"
when: run_once_cleanup_backups_service is not defined
- name: create cleanup-backups.service
template:
src: "cleanup-backups.service.j2"
dest: "/etc/systemd/system/cleanup-backups.service"
notify: reload cleanup-backups.service
when: run_once_cleanup_backups_service is not defined
- name: run the cleanup_backups_service tasks once
set_fact:
run_once_cleanup_backups_service: true
when: run_once_cleanup_backups_service is not defined

View File

@ -0,0 +1,8 @@
[Unit]
Description=delete old backups
OnFailure=systemd-notifier@%n.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/python {{docker_cleanup_backups}}cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}'

View File

@ -0,0 +1 @@
docker_cleanup_backups: "{{path_administrator_scripts}}cleanup-backups/"

View File

@ -0,0 +1,3 @@
# role cleanup-backups-timer
Timer for cleaning up old backups

View File

@ -0,0 +1,2 @@
dependencies:
- cleanup-backups-service

View File

@ -0,0 +1,16 @@
- name: set service_name to the name of the current role
set_fact:
service_name: "{{ role_name }}"
when: run_once_cleanup_backups_timer is not defined
- name: "include role for systemd-timer for {{service_name}}"
include_role:
name: systemd-timer
vars:
on_calendar: "{{on_calendar_cleanup_backups}}"
when: run_once_cleanup_backups_timer is not defined
- name: run the cleanup_backups_timer tasks once
set_fact:
run_once_cleanup_backups_timer: true
when: run_once_cleanup_backups_timer is not defined

View File

@ -0,0 +1,4 @@
# cleanup-disc-space
Frees disc space
## More information
- https://askubuntu.com/questions/380238/how-to-clean-tmp

View File

@ -0,0 +1,5 @@
- name: "reload cleanup-disc-space.service"
systemd:
name: cleanup-disc-space.service
enabled: yes
daemon_reload: yes

View File

@ -0,0 +1,3 @@
dependencies:
- systemd-notifier
- system-maintenance-lock

View File

@ -0,0 +1,26 @@
- name: "create {{cleanup_disc_space_folder}}"
file:
path: "{{cleanup_disc_space_folder}}"
state: directory
mode: 0755
- name: create cleanup-disc-space.sh
template:
src: cleanup-disc-space.sh.j2
dest: "{{cleanup_disc_space_folder}}cleanup-disc-space.sh"
- name: create cleanup-disc-space.service
template:
src: cleanup-disc-space.service.j2
dest: /etc/systemd/system/cleanup-disc-space.service
notify: reload cleanup-disc-space.service
- name: set service_name to the name of the current role
set_fact:
service_name: "{{ role_name }}"
- name: "include role for systemd-timer for {{service_name}}"
include_role:
name: systemd-timer
vars:
on_calendar: "{{on_calendar_cleanup_disc_space}}"

View File

@ -0,0 +1,8 @@
[Unit]
Description=freeing disc space
OnFailure=systemd-notifier@%n.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/bin/bash {{cleanup_disc_space_folder}}cleanup-disc-space.sh {{size_percent_cleanup_disc_space}}'

View File

@ -0,0 +1,53 @@
#!/bin/sh
# @param $1 mimimum free disc space
# @param $2 --force to for execution indepentend on how much disc space is free
execute_cleanup_disc_space=0
minimum_percent_cleanup_disc_space="$1"
force_freeing=false
echo "Checking free disc space..."
df
if [ $# -gt 0 ] && [ "$2" == "--force" ]; then
echo "Forcing disc space freeing."
force_freeing=true
fi
for disc_use_percent in $(df --output=pcent | sed 1d)
do
disc_use_percent_number=$(echo "$disc_use_percent" | sed "s/%//")
if [ "$disc_use_percent_number" -gt "$minimum_percent_cleanup_disc_space" ]; then
echo "WARNING: $disc_use_percent_number exceeds the limit of {{size_percent_disc_space_warning}}%."
execute_cleanup_disc_space+=1;
fi
done
if [ "$disc_use_percent_number" -gt "$minimum_percent_cleanup_disc_space" ] || [ "$force_freeing" = true ]; then
echo "cleaning up /tmp" &&
find /tmp -type f -atime +10 -delete || exit 1
{% if backups_folder_path is defined and size_percent_maximum_backup is defined %}
echo "cleaning up backups" &&
python {{path_administrator_scripts}}cleanup-backups/cleanup-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}} || exit 2
{% endif %}
if pacman -Qs $package > /dev/null ; then
echo "cleaning up docker" &&
docker system prune -f || exit 3
nextcloud_application_container="nextcloud-application-1"
if [ "$(docker ps -a -q -f name=$nextcloud_application_container)" ] ; then
echo "cleaning up docker nextcloud" &&
docker exec -it -u www-data $nextcloud_application_container /var/www/html/occ files:cleanup || exit 4
docker exec -it -u www-data $nextcloud_application_container /var/www/html/occ trashbin:cleanup --all-users || exit 5
docker exec -it -u www-data $nextcloud_application_container /var/www/html/occ versions:cleanup || exit 6
fi
fi
echo "cleaning pacman cache" &&
yes | pacman -Sc || exit 7
echo "cleanup finished."
else
echo "Sufficiend disc space available."
echo "To force the freeing of disc space pass the parameter --force."
fi
exit 0

View File

@ -0,0 +1 @@
cleanup_disc_space_folder: "{{path_administrator_scripts}}cleanup-disc-space/"

View File

@ -0,0 +1,3 @@
# Docker Volume Backup Cleanup
This script cleans up failed docker backups.
It uses https://github.com/kevinveenbirkenbach/cleanup-failed-docker-backups as base.

View File

@ -0,0 +1,5 @@
- name: "reload cleanup-failed-docker-backups.service daemon"
systemd:
name: cleanup-failed-docker-backups.service
enabled: yes
daemon_reload: yes

View File

@ -0,0 +1,4 @@
dependencies:
- git
- systemd-notifier
- system-maintenance-lock

View File

@ -0,0 +1,31 @@
- name: pull cleanup-failed-docker-backups.git
git:
repo: "https://github.com/kevinveenbirkenbach/cleanup-failed-docker-backups.git"
dest: "{{backup_docker_to_local_cleanup_folder}}"
update: yes
ignore_errors: true
when: run_once_cleanup_failed_docker_backups is not defined
- name: configure cleanup-failed-docker-backups.service
template:
src: cleanup-failed-docker-backups.service.j2
dest: /etc/systemd/system/cleanup-failed-docker-backups.service
notify: reload cleanup-failed-docker-backups.service daemon
when: run_once_cleanup_failed_docker_backups is not defined
- name: set service_name to the name of the current role
set_fact:
service_name: "{{ role_name }}"
when: run_once_cleanup_failed_docker_backups is not defined
- name: "include role for systemd-timer for {{service_name}}"
include_role:
name: systemd-timer
vars:
on_calendar: "{{on_calendar_cleanup_failed_docker}}"
when: run_once_cleanup_failed_docker_backups is not defined
- name: run the cleanup_failed_docker_backups tasks once
set_fact:
run_once_cleanup_failed_docker_backups: true
when: run_once_cleanup_failed_docker_backups is not defined

View File

@ -0,0 +1,8 @@
[Unit]
Description=Cleaning up failed docker volume backups
OnFailure=systemd-notifier@%n.service
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{sytem_maintenance_lock_timeoutbackup_services}}"'
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{backup_docker_to_local_cleanup_folder}}cleanup-all.sh {{backup_docker_to_local_cleanup_trigger_directory}}'

View File

@ -0,0 +1 @@
backup_docker_to_local_cleanup_folder: "{{path_administrator_scripts}}cleanup-failed-docker-backups/"

View File

@ -1,4 +1,4 @@
# native-wireguard-behind-nat # client-wireguard-behind-nat
# see # see
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39 - https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39

View File

@ -0,0 +1,2 @@
dependencies:
- client-wireguard

View File

@ -0,0 +1,28 @@
# Role Native Wireguard
Manages wireguard on a client.
## Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
## Other
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
- https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied
- https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv
- https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard
- https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3
- https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer
- https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip
- https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply
- https://www.thomas-krenn.com/de/wiki/Linux_ip_Kommando
- https://wiki.archlinux.org/title/dhcpcd
- https://wiki.ubuntuusers.de/NetworkManager/Dispatcher/
- https://askubuntu.com/questions/1024916/how-can-i-launch-a-systemd-service-at-startup-before-another-systemd-service-sta

View File

@ -0,0 +1,10 @@
[Unit]
Description=set MTU
Before=wg-quick@wg0.service
[Service]
Type=oneshot
ExecStart=bash /usr/local/bin/set-mtu.sh
[Install]
RequiredBy=wg-quick@wg0.service

View File

@ -0,0 +1,6 @@
- name: "restart set-mtu.service"
systemd:
name: set-mtu.service
state: restarted
enabled: yes
daemon_reload: yes

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- native-sudo - wireguard

View File

@ -0,0 +1,11 @@
- name: create set-mtu.service
copy:
src: set-mtu.service
dest: /etc/systemd/system/set-mtu.service
notify: restart set-mtu.service
- name: create set-mtu.sh
template:
src: set-mtu.sh.j2
dest: /usr/local/bin/set-mtu.sh
notify: restart set-mtu.service

View File

@ -0,0 +1,4 @@
#!/bin/bash
{% for internet_interface in internet_interfaces %}
ip li set mtu 1400 dev {{internet_interface}}
{% endfor %}

View File

@ -0,0 +1,106 @@
# Docker Akaunting Setup Guide
## !!!DANGER!!!
**AKAUNTING CONTAINS VERY MUCH PROPERITARY COMPONENTS. IT IS ALMOST IMPOSSIBLE TO USE THIS SOFTWARE FOR FREE IN A PRODUCTIVE ENVIRONMENT. UPDATES MAY BREAK YOUR INSTALLATION. IN THE PAST UPDATES LEADED TO THE REDUCTION OF FREE FEATURES AND INSTEAD THEY BECOME PAYD FEATURES. THIS LEADED TO THAT USERS COULD NOT MAINTAINE THERE COMPANIES IN AKAUNTING ANYMORE**
I recommend to use instead [Open Project](../docker-openproject/) and/or [GNUCash](../pc-gnucash/).
This role still exist in case, that you want to setup Akaunting and you're willing to pay, but I recommend to don't use akaunting.
## Introduction
This guide details the process of setting up Akaunting, a free and online accounting software, using Docker. It's tailored to help you deploy and manage an Akaunting instance efficiently using Docker and Docker Compose.
## Prerequisites
- Docker and Docker Compose installed.
- Basic understanding of Docker concepts.
- Access to the command line or terminal.
## Installation Steps
@ATTENTION Variable ```#AKAUNTING_SETUP: true``` needs to be set
### New Manual Setup
1. **Navigate to Docker Compose Directory**: Change to the directory containing your Docker Compose files for Akaunting.
```bash
cd {{path_docker_compose_instances}}akaunting/
```
2. **Set Environment Variables**: These are necessary to prevent timeouts during long operations.
```bash
export COMPOSE_HTTP_TIMEOUT=600
export DOCKER_CLIENT_TIMEOUT=600
```
3. **Start Akaunting Service**: This command will initialize the Akaunting setup.
```bash
AKAUNTING_SETUP=true docker-compose -p akaunting up -d
```
4. **Check Web Interface**: Ensure the web interface is operational.
5. **Restart Services**: To finalize the setup, restart the services.
```bash
docker-compose down
docker-compose -p akaunting up -d
```
### Administration
- **View Logs**: To check the latest logs of Akaunting.
```bash
docker-compose exec -it akaunting tail -n 300 storage/logs/laravel.log
```
- **Access Containers**: For troubleshooting or configuration.
- Akaunting Container: `docker-compose exec -it akaunting bash`
- Database Container: `docker-compose exec -it akaunting-db /bin/mariadb -u admin --password=$akaunting_db_password akaunting`
### Manual Update
Execute PHP artisan commands in the following order for updating Akaunting:
```bash
php artisan about
php artisan cache:clear
php artisan view:clear
php artisan migrate:status
php artisan update:all
php artisan update:db
```
### Composer
To install Composer, a PHP dependency management tool:
```bash
curl https://getcomposer.org/download/2.4.1/composer.phar --output composer.phar
php composer.phar install
```
### Full Backup Routine
Detailed steps for backing up your Akaunting instance, including setting manual and automatic variables, destroying containers, removing volumes, and rebuilding and recovering volumes. (Refer to the full backup routine script in the original README).
### Setting Variables
Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment:
- `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located.
- `akaunting_db_password`, `version_akaunting`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
### Additional Configuration
- **SSL Certificate**: The guide includes steps to receive a certificate for your domain.
- **Nginx Configuration**: Necessary steps to configure Nginx as a reverse proxy for Akaunting.
- **Database and Runtime Environment**: Instructions on how to set up the `db.env` and `run.env` files for database and runtime configurations.
## Further Information
For more details, visit the [Akaunting Docker Repository](https://github.com/akaunting/docker) and the [Akaunting Forums](https://akaunting.com/forum).
## Contribution and Feedback
Your contributions and feedback are welcome. Please reach out for support or queries at kevin@veen.world.
## Author
This script is developed by Kevin Veen-Birkenbach. You can reach out to him at kevin@veen.world or visit his website at https://www.veen.world.

View File

@ -0,0 +1,13 @@
---
- name: "include docker-compose-common.yml"
include_tasks: docker-compose-common.yml
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml
- name: configure run.env
template: src=run.env.j2 dest={{docker_compose_instance_directory}}/env/run.env
notify: docker compose project setup

View File

@ -0,0 +1,26 @@
version: '3.7'
services:
{% include 'templates/docker-service-' + database_type + '.yml.j2' %}
application:
image: docker.io/akaunting/akaunting:{{version_akaunting}}
build:
context: .
ports:
- 127.0.0.1:{{http_port}}:80
volumes:
- data:/var/www/html
restart: unless-stopped
env_file:
- env/run.env
environment:
- AKAUNTING_SETUP
{% include 'templates/docker-container-networks.yml.j2' %}
{% include 'templates/docker-container-depends-on-just-database.yml.j2' %}
{% include 'templates/docker-compose-volumes.yml.j2' %}
data:
{% include 'templates/docker-compose-networks.yml.j2' %}

View File

@ -0,0 +1,22 @@
# You should change this to match your reverse proxy DNS name and protocol
APP_URL=https://{{domain}}
LOCALE=en-US
# Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
DB_HOST={{database_host}}
# Change these to match env/db.env
DB_DATABASE={{database_databasename}}
DB_USERNAME={{database_username}}
DB_PASSWORD={{database_password}}
# You should change this to a random string of three numbers or letters followed by an underscore
DB_PREFIX=asd_
# These define the first company to exist on this instance. They are only used during setup.
COMPANY_NAME={{akaunting_company_name}}
COMPANY_EMAIL={{akaunting_company_email}}
# This will be the first administrative user created on setup.
ADMIN_EMAIL={{akaunting_setup_admin_email}}
ADMIN_PASSWORD={{akaunting_setup_admin_password}}

View File

@ -0,0 +1,6 @@
docker_compose_project_name: "akaunting"
docker_compose_file_path: "{{docker_compose_instance_directory}}docker-compose.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker-compose-backup.yml"
database_type: "mariadb"
database_password: "{{akaunting_database_password}}"
repository_address: "https://github.com/akaunting/docker.git"

View File

@ -0,0 +1,11 @@
@TODO @ATTENTION THIS ROLE IS WORK IN PROGRESS
# Role: docker-attendize (WIP)
This Ansible role sets up Attendize, an open-source ticket selling and event management platform.
## Setup Instructions
```bash
bash ./Makefile setup
```

View File

@ -0,0 +1,18 @@
---
- name: "include docker-compose-common.yml"
include_tasks: docker-compose-common.yml
- name: receive {{ mail_interface_domain }} certificate
command: certbot certonly --agree-tos --email {{ administrator_email }} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ mail_interface_domain }}
- name: receive {{ domain }} certificate
command: certbot certonly --agree-tos --email {{ administrator_email }} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ domain }}
- name: configure {{domain}}.conf
template:
src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
dest: "{{nginx_servers_directory}}{{domain}}.conf"
notify: restart nginx
- name: "include tasks update-repository-with-docker-compose.yml"
include_tasks: update-repository-with-docker-compose.yml

View File

@ -0,0 +1,41 @@
version: '3.2'
services:
{% include 'templates/docker-service-redis.yml.j2' %}
{% include 'templates/docker-service-' + database_type + '.yml.j2' %}
web:
image: attendize_web:latest
ports:
- "{{http_port}}:80"
volumes:
- .:/usr/share/nginx/html
- .:/var/www
{% include 'templates/docker-container-depends-on-database-redis.yml.j2' %}
maildev:
worker:
env_file:
- ./.env
{% include 'templates/docker-container-networks.yml.j2' %}
worker:
image: attendize_worker:latest
{% include 'templates/docker-container-depends-on-database-redis.yml.j2' %}
maildev:
{% include 'templates/docker-container-networks.yml.j2' %}
volumes:
- .:/usr/share/nginx/html
- .:/var/www
maildev:
image: maildev/maildev
ports:
- "{{ mail_interface_http_port }}:1080"
{% include 'templates/docker-container-networks.yml.j2' %}
{% include 'templates/docker-container-depends-on-just-database.yml.j2' %}
{% include 'templates/docker-compose-volumes.yml.j2' %}
redis:
{% include 'templates/docker-compose-networks.yml.j2' %}

View File

@ -0,0 +1,8 @@
---
docker_compose_project_name: "attendize"
docker_compose_file_path: "{{docker_compose_instance_directory}}docker-compose.yml"
docker_compose_backup_path: "/tmp/{{docker_compose_project_name}}-docker-compose-backup.yml"
mail_interface_domain: "mail.{{domain}}"
database_type: "mariadb"
database_password: "{{attendize_database_password}}"
repository_address: "https://github.com/Attendize/Attendize.git"

View File

@ -0,0 +1,5 @@
# docker baserow
This role allows the setup of [baserole](https://baserow.io/).
It was created with the help of [Chat GPT-4](https://chat.openai.com/share/556c2d7f-6b6f-4256-a646-a50529554efc).

View File

@ -0,0 +1,24 @@
---
- name: "include docker-compose-common.yml"
include_tasks: docker-compose-common.yml
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "create {{docker_compose_instance_directory}}"
file:
path: "{{docker_compose_instance_directory}}"
state: directory
mode: 0755
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose_instance_directory}}docker-compose.yml
notify: docker compose project setup
- name: add env
template:
src: env.j2
dest: "{{docker_compose_instance_directory}}env"
mode: '770'
force: yes
notify: docker compose project setup

View File

@ -0,0 +1,27 @@
version: '2'
services:
{% include 'templates/docker-service-redis.yml.j2' %}
{% include 'templates/docker-service-' + database_type + '.yml.j2' %}
baserow:
image: baserow/baserow:1.19.1
restart: always
logging:
driver: journald
env_file:
- ./env
volumes:
- data:/baserow/data
ports:
- "{{http_port}}:80"
{% include 'templates/docker-container-networks.yml.j2' %}
{% include 'templates/docker-container-depends-on-just-database.yml.j2' %}
{% include 'templates/docker-compose-volumes.yml.j2' %}
data:
redis:
{% include 'templates/docker-compose-networks.yml.j2' %}

View File

@ -0,0 +1,20 @@
# Public URL
BASEROW_PUBLIC_URL=https://{{ domain }}
# Email Server Configuration
EMAIL_SMTP={{ system_email_smtp | upper }}
EMAIL_SMTP_HOST={{ system_email_host }}
EMAIL_SMTP_PORT={{ system_email_smtp_port }}
EMAIL_SMTP_USER={{ system_email_username }}
EMAIL_SMTP_PASSWORD={{ system_email_password }}
EMAIL_SMTP_USE_TLS={{ system_email_tls | upper }}
DATABASE_USER={{ database_username }}
DATABASE_NAME={{ database_databasename }}
DATABASE_HOST={{ database_host }}
DATABASE_PORT=5432
DATABASE_PASSWORD={{ database_password }}
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=

View File

@ -0,0 +1,3 @@
docker_compose_project_name: "baserow"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"

View File

@ -0,0 +1,31 @@
# docker bigbluebutton
@TODO Database needs to be decoupled
Role to deploy [BigBlueButton](https://bigbluebutton.org/).
## maintanace
### cleanup
```bash
docker-compose down;
docker volume rm bigbluebutton_bigbluebutton bigbluebutton_html5-static bigbluebutton_vol-freeswitch bigbluebutton_vol-kurento bigbluebutton_vol-mediasoup bigbluebutton_database
```
### check container status
```bash
watch -n 2 "docker ps -a | grep bigbluebutton"
```
### database access
```bash
sudo docker-compose exec -it postgres psql -U postgres
```
## further information
- https://github.com/bigbluebutton/docker
- https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials
- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/
- https://github.com/docker/compose/issues/4799
- https://www.cyberciti.biz/faq/linux-command-to-remove-virtual-interfaces-or-network-aliases/
- https://www.cyberciti.biz/faq/linux-restart-network-interface/
- https://stackoverflow.com/questions/53347951/docker-network-not-found

View File

@ -0,0 +1,11 @@
# Context: https://chat.openai.com/share/9b3c0e79-15bc-4780-aa88-f0dd149bdaac
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}

View File

@ -0,0 +1,17 @@
---
- name: create docker-compose.yml for bigbluebutton
command:
cmd: bash ./scripts/generate-compose
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
listen: setup bigbluebutton
- name: docker compose up bigbluebutton
command:
cmd: docker-compose -p bigbluebutton up -d --force-recreate
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
listen: setup bigbluebutton

View File

@ -0,0 +1,36 @@
---
- name: include docker vars
include_vars: vars/docker-database-service.yml.j2
- name: load docker compose dependencies
include_role:
name: docker-compose
- name: "include task certbot-matomo.yml"
include_tasks: certbot-matomo.yml
- name: configure {{domain}}.conf
template:
src: "nginx-proxy.conf.j2"
dest: "{{nginx_servers_directory}}{{domain}}.conf"
notify: restart nginx
- name: configure websocket_upgrade.conf
copy:
src: "websocket_upgrade.conf"
dest: "{{nginx_maps_directory}}websocket_upgrade.conf"
notify: restart nginx
- name: pull docker repository
git:
repo: "https://github.com/bigbluebutton/docker.git"
dest: "{{docker_compose_instance_directory}}"
update: yes
recursive: yes
version: main
notify: setup bigbluebutton
ignore_errors: true
- name: deploy .env
template: src=env.j2 dest={{docker_compose_instance_directory}}/.env
notify: setup bigbluebutton

View File

@ -0,0 +1,273 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{domain}}/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{domain}}/privkey.pem
ENABLE_GREENLIGHT=true
# Enable Webhooks
# used by some integrations
#ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
#ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=false
REMOVE_OLD_RECORDING=true
RECORDING_MAX_AGE_DAYS=365
# ====================================
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET={{bigbluebutton_shared_secret}}
ETHERPAD_API_KEY={{bigbluebutton_etherpad_api_key}}
RAILS_SECRET={{bigbluebutton_rails_secret}}
POSTGRESQL_SECRET={{bigbluebutton_postgresql_secret}}
FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
# ====================================
# CONNECTION
# ====================================
DOMAIN={{domain}}
EXTERNAL_IPv4={{ip4_address}}
EXTERNAL_IPv6=
# STUN SERVER
# stun.freeswitch.org
STUN_IP={{ip4_address}}
STUN_PORT=3478
# TURN SERVER
# uncomment and adjust following two lines to add an external TURN server
TURN_SERVER=turns:{{domain}}:5349?transport=tcp
TURN_SECRET={{bigbluebutton_turn_secret}}
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=
# ====================================
# CUSTOMIZATION
# ====================================
CLIENT_TITLE=BigBlueButton
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# language of sound announcements
# options:
# - en-ca-june - EN Canadian June
# - en-us-allison - US English Allison
# - en-us-callie - US English Callie
# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
# - es-ar-mario - Spanish/Argentina Mario
# - fr-ca-june - FR Canadian June
# - pt-br-karina - Brazilian Portuguese Karina
# - ru-RU-elena - RU Russian Elena
# - ru-RU-kirill - RU Russian Kirill
# - ru-RU-vika - RU Russian Viktoriya
# - sv-se-jakob - Swedish (Sweden) Jakob
# - zh-cn-sinmei - Chinese/China Sinmei
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
SOUNDS_LANGUAGE=en-us-callie
# set to false to disable listenOnlyMode
LISTEN_ONLY_MODE=true
# set to true to disable echo test
DISABLE_ECHO_TEST=false
# set to true to automatically share webcam
AUTO_SHARE_WEBCAM=false
# set to true to disable video preview for webcam sharing
DISABLE_VIDEO_PREVIEW=false
# set to false to disable chat
CHAT_ENABLED=true
# set to true to start chat closed
CHAT_START_CLOSED=false
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# maximum count of breakout rooms per meeting
# Warning: increasing the limit of breakout rooms per meeting
# can generate excessive overhead to the server. We recommend
# this value to be kept under 12.
BREAKOUTROOM_LIMIT=8
# set to false to disable the learning dashboard
ENABLE_LEARNING_DASHBOARD=true
# ====================================
# Tuning
# ====================================
# Default = 2; Min = 1; Max = 4
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
# Default = 2; Min = 1; Max = 8
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
# stretching the recommended number of users in BigBlueButton
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
# Microsoft Office365 Login Provider (optional)
#
# For in-depth steps on setting up a Office 365 Login Provider, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
#
OFFICE365_KEY=
OFFICE365_SECRET=
OFFICE365_HD=
# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
OAUTH2_REDIRECT=
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for the variables below.
# Configuring LDAP authentication will take precedence over all other providers.
# For information about setting up LDAP, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
#
# LDAP_SERVER=ldap.example.com
# LDAP_PORT=389
# LDAP_METHOD=plain
# LDAP_UID=uid
# LDAP_BASE=dc=example,dc=com
# LDAP_AUTH=simple
# LDAP_BIND_DN=cn=admin,dc=example,dc=com
# LDAP_PASSWORD=password
# LDAP_ROLE_FIELD=ou
# LDAP_FILTER=(&(attr1=value1)(attr2=value2))
LDAP_SERVER=
LDAP_PORT=
LDAP_METHOD=
LDAP_UID=
LDAP_BASE=
LDAP_BIND_DN=
LDAP_AUTH=
LDAP_PASSWORD=
LDAP_ROLE_FIELD=
LDAP_FILTER=
# Set this to true if you want GreenLight to support user signup and login without
# Omniauth. For more information, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
#
ALLOW_GREENLIGHT_ACCOUNTS=true
SMTP_SERVER={{system_email_host}}
SMTP_DOMAIN={{domain}}
SMTP_PORT={{system_email_smtp_port}}
SMTP_USERNAME={{system_email_username}}
SMTP_PASSWORD={{system_email_password}}
SMTP_AUTH=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_STARTTLS_AUTO={{system_email_start_tls}}
SMTP_SENDER={{system_email_username}}
SMTP_SENDER_EMAIL={{system_email_username}}
# Prefix for the applications root URL.
# Useful for deploying the application to a subdirectory, which is highly recommended
# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
# have to update your authentication callback URL's to reflect this change.
#
# The recommended prefix is "/b".
#
RELATIVE_URL_ROOT="/b"
# Specify which settings you would like the users to configure on room creation
# or edit after the room has been created
# By default, all settings are turned OFF.
#
# Current settings available:
# mute-on-join: Automatically mute users by default when they join a room
# require-moderator-approval: Require moderators to approve new users before they can join the room
# anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
# all-join-moderator: All users join as moderators in BigBlueButton
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
# Specify the maximum number of records to be sent to the BigBlueButton API in one call
# Default is set to 25 records
PAGINATION_NUMBER=25
# Specify the maximum number of rows that should be displayed per page for a paginated table
# Default is set to 25 rows
NUMBER_OF_ROWS=25
# Specify if you want to display the Google Calendar button
# ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
ENABLE_GOOGLE_CALENDAR_BUTTON=
# Set the application into Maintenance Mode
#
# Current options supported:
# true: Renders an error page that does not allow users to access any of the features in the application
# false: Application runs normally
MAINTENANCE_MODE=false
# Displays a flash that appears to inform the user of a scheduled maintenance window
# This variable should contain ONLY the date and time of the scheduled maintenance
#
# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
MAINTENANCE_WINDOW=
# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
#
# Defaults to the Github Issues Page for Greenlight
# Button can be disabled by setting the value to blank
#
# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
# The link to the Need help? button that appears on the Account Dropdown
#
# Defaults to the Greenlight documentation
# Button can be disabled by setting the value to blank
HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# Specify the default registration to be used by Greenlight until an administrator sets the
# registration method
# Allowed values are:
# open - For open registration
# invite - For invite only registration
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite

View File

@ -0,0 +1,20 @@
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name {{domain}};
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}

View File

@ -0,0 +1,6 @@
docker_compose_project_name: "bigbluebutton"
database_host: "postgres" # needs to be fixed
database_databasename: "greenlight-v3"
database_username: "postgres"
database_password: ""
database_type: "postgres"

View File

@ -0,0 +1,8 @@
---
- name: docker compose project setup
command:
cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate
chdir: "{{docker_compose_instance_directory}}"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

View File

@ -0,0 +1,2 @@
dependencies:
- nginx-docker-reverse-proxy

View File

@ -0,0 +1,8 @@
# Ansible Role: Docker-Discourse
This Ansible role sets up Discourse, a popular open-source discussion platform, using Docker containers. It is designed to automate the deployment and configuration process of Discourse, making it easier to maintain and update.
---
This README was generated with information provided in the Ansible role. For more detailed instructions and information, refer to the inline comments within the role files. Additional support and context for this role can be found in an [online chat discussion](https://chat.openai.com/share/fdbf9870-1f7e-491f-b4d2-357e6e8ad59c).

View File

@ -0,0 +1,5 @@
---
- name: recreate discourse
command:
cmd: ./launcher rebuild app
chdir: "{{docker_compose_instance_directory}}"

View File

@ -0,0 +1,47 @@
---
# Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838
- name: install which
pacman:
name: which
state: present
- name: "include docker-compose-common.yml"
include_tasks: docker-compose-common.yml
- name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml
- name: "create {{docker_compose_instance_directory}}"
file:
path: "{{docker_compose_instance_directory}}"
state: directory
mode: 0755
- name: checkout repository
ansible.builtin.shell: git checkout .
become: true
args:
chdir: "{{docker_compose_instance_directory}}"
ignore_errors: true
- name: pull docker repository
git:
repo: "https://github.com/discourse/discourse_docker.git"
dest: "{{docker_compose_instance_directory}}"
update: yes
notify: recreate discourse
become: true
ignore_errors: true
- name: set chmod 700 for {{docker_compose_instance_directory}}containers
ansible.builtin.file:
path: "{{docker_compose_instance_directory}}/containers"
mode: '700'
state: directory
- name: "copy configuration to {{docker_compose_instance_directory}}containers/app.yml"
template:
src: app.yml.j2
dest: "{{docker_compose_instance_directory}}containers/app.yml"
notify: recreate discourse

View File

@ -0,0 +1,133 @@
## this is the all-in-one, standalone Discourse Docker container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed
templates:
{% if not enable_central_database | bool %}
- "templates/postgres.template.yml"
{% endif %}
- "templates/redis.template.yml"
- "templates/web.template.yml"
## Uncomment the next line to enable the IPv6 listener
#- "templates/web.ipv6.template.yml"
- "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#- "templates/web.ssl.template.yml"
#- "templates/web.letsencrypt.ssl.template.yml"
## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
- "127.0.0.1:{{http_port}}:80" # http
#- "443:443" # https
params:
db_default_text_search_config: "pg_catalog.english"
## Set db_shared_buffers to a max of 25% of the total memory.
## will be set automatically by bootstrap based on detected RAM, or you can override
db_shared_buffers: "4096MB"
## can improve sorting performance, but adds memory usage per-connection
#db_work_mem: "40MB"
## Which Git revision should this container use? (default: tests-passed)
#version: tests-passed
env:
LC_ALL: en_US.UTF-8
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
# DISCOURSE_DEFAULT_LOCALE: en
## How many concurrent web requests are supported? Depends on memory and CPU cores.
## will be set automatically by bootstrap based on detected CPUs, or you can override
UNICORN_WORKERS: 8
## TODO: The domain name this Discourse instance will respond to
## Required. Discourse will not work with a bare IP number.
DISCOURSE_HOSTNAME: {{domain}}
## Uncomment if you want the container to be started with the same
## hostname (-h option) as specified above (default "$hostname-$config")
#DOCKER_USE_HOSTNAME: true
## TODO: List of comma delimited emails that will be made admin and developer
## on initial signup example 'user1@example.com,user2@example.com'
DISCOURSE_DEVELOPER_EMAILS: {{administrator_email}}
## TODO: The SMTP mail server used to validate new accounts and send notifications
# SMTP ADDRESS, username, and password are required
# WARNING the char '#' in SMTP password can cause problems!
DISCOURSE_SMTP_ADDRESS: {{ system_email_host }}
DISCOURSE_SMTP_PORT: {{ system_email_smtp_port }}
DISCOURSE_SMTP_USER_NAME: {{ system_email }}
DISCOURSE_SMTP_PASSWORD: {{ system_email_password }}
DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email_start_tls | upper }}
DISCOURSE_SMTP_DOMAIN: {{ system_email_domain }}
DISCOURSE_NOTIFICATION_EMAIL: {{ system_email }}
{% if enable_central_database | bool %}
# Database Configuration
DISCOURSE_DB_USERNAME: {{ database_username }}
DISCOURSE_DB_PASSWORD: {{ database_password }}
DISCOURSE_DB_HOST: {{ database_host }}
DISCOURSE_DB_NAME: {{ database_databasename }}
{% endif %}
## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
#LETSENCRYPT_ACCOUNT_EMAIL: administrator@veen.world
## The http or https CDN address for this Discourse instance (configured to pull)
## see https://meta.discourse.org/t/14857 for details
#DISCOURSE_CDN_URL: https://discourse-cdn.example.com
## The maxmind geolocation IP address key for IP address lookup
## see https://meta.discourse.org/t/-/137387/23 for details
#DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456
## The Docker container is stateless; all data is stored in /shared
volumes:
- volume:
host: discourse_data
guest: /shared
- volume:
host: /var/discourse/shared/standalone/log/var-log
guest: /var/log
## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
after_code:
- exec:
cd: $home/plugins
cmd:
- git clone https://github.com/discourse/docker_manager.git
- git clone https://github.com/discourse/discourse-activity-pub.git
- git clone https://github.com/discourse/discourse-calendar.git
- git clone https://github.com/discourse/discourse-akismet.git
- git clone https://github.com/discourse/discourse-cakeday.git
- git clone https://github.com/discourse/discourse-solved.git
- git clone https://github.com/discourse/discourse-voting.git
- git clone https://github.com/discourse/discourse-oauth2-basic.git
- git clone https://github.com/discourse/discourse-openid-connect.git
## Any custom commands to run after building
run:
- exec: echo "Beginning of custom commands"
## If you want to set the 'From' email address for your first registration, uncomment and change:
## After getting the first signup email, re-comment the line. It only needs to run once.
#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
- exec: echo "End of custom commands"
docker_args:
{% if enable_central_database | bool %}
- --network=central_{{ database_type }}_network
{% endif %}
- --name=discourse_application

Some files were not shown because too many files have changed in this diff Show More