move roles, files and templates dirs out of playbook dir into root dir
All checks were successful
/ Ansible Lint (push) Successful in 1m38s
All checks were successful
/ Ansible Lint (push) Successful in 1m38s
Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the "playbooks" directory to find the files and templates for a host. Therefore move them out of the "playbooks" directory into the root directory and add symlinks so everything still works. Similarly for local roles, they also need to be next to the playbooks. So for a nicer structure, move the "roles" directory out into the root directory as well and add a symlink so everything still works. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html#storing-and-finding-roles
This commit is contained in:
parent
fab4942852
commit
5bb283d5e7
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
147 changed files with 3 additions and 0 deletions
1
playbooks/templates
Symbolic link
1
playbooks/templates
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
../templates
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
---
|
||||
# see https://github.com/hedgedoc/container/blob/master/docker-compose.yml
|
||||
|
||||
services:
|
||||
database:
|
||||
image: docker.io/library/mariadb:11
|
||||
environment:
|
||||
- "MARIADB_DATABASE=wordpress"
|
||||
- "MARIADB_ROOT_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_ROOT_PASSWORD", create=false, missing="error") }}"
|
||||
- "MARIADB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "MARIADB_USER=wordpress"
|
||||
- "MARIADB_AUTO_UPGRADE=yes"
|
||||
volumes:
|
||||
- database:/var/lib/mysql
|
||||
networks:
|
||||
backend:
|
||||
restart: unless-stopped
|
||||
|
||||
app:
|
||||
image: docker.io/library/wordpress:6-php8.1
|
||||
environment:
|
||||
- "WORDPRESS_DB_HOST=database"
|
||||
- "WORDPRESS_DB_NAME=wordpress"
|
||||
- "WORDPRESS_DB_USER=wordpress"
|
||||
- "WORDPRESS_TABLE_PREFIX=wp_"
|
||||
- "WORDPRESS_DB_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/ccchoir/DB_PASSWORD", create=false, missing="error") }}"
|
||||
volumes:
|
||||
- wordpress:/var/www/html/wp-content
|
||||
ports:
|
||||
- "127.0.0.1:3000:80"
|
||||
networks:
|
||||
backend:
|
||||
frontend:
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
volumes:
|
||||
database: {}
|
||||
wordpress: {}
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
frontend:
|
||||
|
|
@ -1,98 +0,0 @@
|
|||
<?php
|
||||
$CONFIG = array (
|
||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
||||
'apps_paths' =>
|
||||
array (
|
||||
0 =>
|
||||
array (
|
||||
'path' => '/var/www/html/apps',
|
||||
'url' => '/apps',
|
||||
'writable' => false,
|
||||
),
|
||||
1 =>
|
||||
array (
|
||||
'path' => '/var/www/html/custom_apps',
|
||||
'url' => '/custom_apps',
|
||||
'writable' => true,
|
||||
),
|
||||
),
|
||||
'instanceid' => 'oc9uqhr7buka',
|
||||
'passwordsalt' => 'SK2vmQeTEHrkkwx9K+hC1WX33lPJDs',
|
||||
'secret' => '3dBt5THD2ehg0yWdVDAvMmsY8yLtrfk/gE560lkMqYqgh6lu',
|
||||
'trusted_domains' =>
|
||||
array (
|
||||
0 => 'cloud.hamburg.ccc.de',
|
||||
),
|
||||
'datadirectory' => '/var/www/html/data',
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '25.0.9.2',
|
||||
'overwrite.cli.url' => 'https://cloud.hamburg.ccc.de',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'database',
|
||||
'dbport' => '',
|
||||
'dbtableprefix' => 'oc_',
|
||||
'mysql.utf8mb4' => true,
|
||||
'dbuser' => 'nextcloud',
|
||||
'dbpassword' => 'TdBLMQQeKbz1zab3sySUsGxo3',
|
||||
'installed' => true,
|
||||
// Some Nextcloud options that might make sense here
|
||||
'allow_user_to_change_display_name' => false,
|
||||
'lost_password_link' => 'disabled',
|
||||
// URL of provider. All other URLs are auto-discovered from .well-known
|
||||
'oidc_login_provider_url' => 'https://id.ccchh.net/realms/ccchh',
|
||||
// Client ID and secret registered with the provider
|
||||
'oidc_login_client_id' => 'cloud',
|
||||
'oidc_login_client_secret' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/kc-client-secret", create=false, missing="error") }}',
|
||||
// Automatically redirect the login page to the provider
|
||||
'oidc_login_auto_redirect' => true,
|
||||
// Redirect to this page after logging out the user
|
||||
//'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
|
||||
// If set to true the user will be redirected to the
|
||||
// logout endpoint of the OIDC provider after logout
|
||||
// in Nextcloud. After successfull logout the OIDC
|
||||
// provider will redirect back to 'oidc_login_logout_url' (MUST be set).
|
||||
'oidc_login_end_session_redirect' => true,
|
||||
// Quota to assign if no quota is specified in the OIDC response (bytes)
|
||||
//
|
||||
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
|
||||
// zero or -1 or ''.
|
||||
'oidc_login_default_quota' => '1000000000',
|
||||
// Login button text
|
||||
'oidc_login_button_text' => 'Log in via id.ccchh.net',
|
||||
// Hide the NextCloud password change form.
|
||||
'oidc_login_hide_password_form' => false,
|
||||
// Use ID Token instead of UserInfo
|
||||
'oidc_login_use_id_token' => false,
|
||||
'oidc_login_attributes' => array (
|
||||
'id' => 'preferred_username',
|
||||
'name' => 'name',
|
||||
'mail' => 'email',
|
||||
'quota' => 'ownCloudQuota',
|
||||
'home' => 'homeDirectory',
|
||||
'ldap_uid' => 'uid',
|
||||
'groups' => 'ownCloudGroups',
|
||||
'login_filter' => 'realm_access_roles',
|
||||
'photoURL' => 'picture',
|
||||
'is_admin' => 'ownCloudAdmin',
|
||||
),
|
||||
// Default group to add users to (optional, defaults to nothing)
|
||||
//'oidc_login_default_group' => 'oidc',
|
||||
'oidc_login_filter_allowed_values' => null,
|
||||
// Set OpenID Connect scope
|
||||
'oidc_login_scope' => 'openid profile',
|
||||
// The `id` attribute in `oidc_login_attributes` must return the
|
||||
// "Internal Username" (see expert settings in LDAP integration)
|
||||
'oidc_login_proxy_ldap' => false,
|
||||
// Fallback to direct login if login from OIDC fails
|
||||
// Note that no error message will be displayed if enabled
|
||||
'oidc_login_disable_registration' => false,
|
||||
//'oidc_login_redir_fallback' => false,
|
||||
// If you get your groups from the oidc_login_attributes, you might want
|
||||
// to create them if they are not already existing, Default is `false`.
|
||||
'oidc_create_groups' => true,
|
||||
// Enable use of WebDAV via OIDC bearer token.
|
||||
'oidc_login_webdav_enabled' => true,
|
||||
// Enable authentication with user/password for DAV clients that do not
|
||||
// support token authentication (e.g. DAVx⁵)
|
||||
'oidc_login_password_authentication' => false,
|
||||
);
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
<?php
|
||||
$CONFIG = array (
|
||||
'default_phone_region' => 'DE',
|
||||
'hide_login_form' => true,
|
||||
'mail_smtpmode' => 'smtp',
|
||||
'mail_smtphost' => 'cow.hamburg.ccc.de',
|
||||
'mail_smtpport' => 465,
|
||||
'mail_smtpsecure' => 'ssl',
|
||||
'mail_smtpauth' => true,
|
||||
'mail_smtpauthtype' => 'LOGIN',
|
||||
'mail_smtpname' => 'no-reply@cloud.hamburg.ccc.de',
|
||||
'mail_from_address' => 'no-reply',
|
||||
'mail_domain' => 'cloud.hamburg.ccc.de',
|
||||
'mail_smtppassword' => '{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/cloud/smtp_password", create=false, missing="error") }}',
|
||||
'mail_smtpdebug' => true,
|
||||
'maintenance_window_start' => 1,
|
||||
);
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
services:
|
||||
es_server:
|
||||
image: es_server
|
||||
restart: unless-stopped
|
||||
build:
|
||||
context: /home/chaos/engelsystem
|
||||
dockerfile: /home/chaos/engelsystem/docker/Dockerfile
|
||||
environment:
|
||||
MYSQL_HOST: es_database
|
||||
MYSQL_USER: engelsystem
|
||||
MYSQL_PASSWORD: engelsystem
|
||||
MYSQL_DATABASE: engelsystem
|
||||
APP_NAME: CCCamp2023 Alternative Engelsystem
|
||||
APP_URL: https://aes.ccchh.net
|
||||
CONTACT_EMAIL: mailto:aes@hamburg.ccc.de
|
||||
GOODIE_TYPE: none
|
||||
ENABLE_VOUCHER: false
|
||||
MAIL_DRIVER: smtp
|
||||
MAIL_FROM_ADDRESS: aes@send-only-mail.ccchh.net
|
||||
MAIL_HOST: send-only-mailserver.ccchh.net
|
||||
MAIL_PORT: 465
|
||||
MAIL_ENCRYPTION: tls
|
||||
MAIL_USERNAME: aes
|
||||
MAIL_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/engelsystem/MAIL_PASSWORD", create=false, missing="error") }}
|
||||
ports:
|
||||
- "5080:80"
|
||||
networks:
|
||||
- database
|
||||
- internet
|
||||
depends_on:
|
||||
- es_database
|
||||
extra_hosts:
|
||||
- "send-only-mailserver.ccchh.net:185.161.129.132"
|
||||
|
||||
es_database:
|
||||
image: mariadb:10.2
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MYSQL_DATABASE: engelsystem
|
||||
MYSQL_USER: engelsystem
|
||||
MYSQL_PASSWORD: engelsystem
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: 1
|
||||
MYSQL_INITDB_SKIP_TZINFO: "yes"
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
networks:
|
||||
- database
|
||||
volumes:
|
||||
db: {}
|
||||
|
||||
networks:
|
||||
database:
|
||||
internal: true
|
||||
internet:
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
---
|
||||
services:
|
||||
|
||||
prometheus:
|
||||
image: prom/prometheus
|
||||
container_name: prometheus
|
||||
command:
|
||||
- '--config.file=/etc/prometheus/prometheus.yml'
|
||||
ports:
|
||||
- 9090:9090
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./configs/prometheus.yml:/etc/prometheus/prometheus.yml
|
||||
- ./configs/prometheus_alerts.rules.yaml:/etc/prometheus/rules/alerts.rules.yaml
|
||||
- prom_data:/prometheus
|
||||
|
||||
alertmanager:
|
||||
image: prom/alertmanager
|
||||
container_name: alertmanager
|
||||
command:
|
||||
- '--config.file=/etc/alertmanager/alertmanager.yaml'
|
||||
ports:
|
||||
- 9093:9093
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./configs/alertmanager.yaml:/etc/alertmanager/alertmanager.yaml
|
||||
- ./configs/alertmanager_alert_templates.tmpl:/etc/alertmanager/templates/alert_templates.tmpl
|
||||
- alertmanager_data:/alertmanager
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana
|
||||
container_name: grafana
|
||||
ports:
|
||||
- 3000:3000
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- GF_SECURITY_ADMIN_USER=admin
|
||||
- "GF_SECURITY_ADMIN_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/GF_SECURITY_ADMIN_PASSWORD", create=false, missing="error") }}"
|
||||
volumes:
|
||||
- ./configs/grafana.ini:/etc/grafana/grafana.ini
|
||||
- ./configs/grafana-datasource.yml:/etc/grafana/provisioning/datasources/datasource.yml
|
||||
- graf_data:/var/lib/grafana
|
||||
|
||||
pve-exporter:
|
||||
image: prompve/prometheus-pve-exporter
|
||||
container_name: pve-exporter
|
||||
ports:
|
||||
- 9221:9221
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PVE_USER=grafana@pve
|
||||
- "PVE_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/prometheus-exporter", create=false, missing="error") }}"
|
||||
- PVE_VERIFY_SSL=false
|
||||
volumes:
|
||||
- /dev/null:/etc/prometheus/pve.yml
|
||||
|
||||
|
||||
volumes:
|
||||
graf_data: {}
|
||||
prom_data: {}
|
||||
alertmanager_data: {}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
# Links & References:
|
||||
# - https://prometheus.io/docs/alerting/latest/configuration/
|
||||
# - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml
|
||||
|
||||
route:
|
||||
group_by: ["alertname", "site", "type", "hypervisor"]
|
||||
|
||||
group_wait: 30s
|
||||
group_interval: 5m
|
||||
repeat_interval: 3h
|
||||
|
||||
receiver: ccchh-infrastructure-alerts
|
||||
|
||||
|
||||
{# Disable these for now, but might be interesting in the future.
|
||||
# Inhibition rules allow to mute a set of alerts given that another alert is
|
||||
# firing.
|
||||
# We use this to mute any warning-level notifications if the same alert is
|
||||
# already critical.
|
||||
inhibit_rules:
|
||||
- source_matchers: [severity="critical"]
|
||||
target_matchers: [severity="warning"]
|
||||
# Apply inhibition if the alertname is the same.
|
||||
# CAUTION:
|
||||
# If all label names listed in `equal` are missing
|
||||
# from both the source and target alerts,
|
||||
# the inhibition rule will apply!
|
||||
equal: [alertname, cluster, service] #}
|
||||
|
||||
templates:
|
||||
- "/etc/alertmanager/templates/*.tmpl"
|
||||
|
||||
receivers:
|
||||
- name: "ccchh-infrastructure-alerts"
|
||||
telegram_configs:
|
||||
- send_resolved: true
|
||||
bot_token: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/alertmanager_telegram_bot_token", create=false, missing="error") }}
|
||||
chat_id: -1002434372415
|
||||
parse_mode: HTML
|
||||
message: {{ "'{{ template \"alert-message.telegram.ccchh\" . }}'" }}
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
[server]
|
||||
root_url = https://grafana.hamburg.ccc.de
|
||||
|
||||
[auth]
|
||||
disable_login_form = true
|
||||
|
||||
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
|
||||
[auth.generic_oauth]
|
||||
enabled = true
|
||||
auto_login = true
|
||||
name = id.hamburg.ccc.de
|
||||
allow_sign_up = true
|
||||
client_id = grafana
|
||||
client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
|
||||
scopes = openid email profile offline_access roles
|
||||
email_attribute_path = email
|
||||
login_attribute_path = username
|
||||
name_attribute_path = full_name
|
||||
auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
|
||||
token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
|
||||
api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
|
||||
signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
|
||||
role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
|
||||
allow_assign_grafana_admin = true
|
||||
use_refresh_token = true
|
||||
|
|
@ -1,124 +0,0 @@
|
|||
## Secrets:
|
||||
#
|
||||
# Secrets should be provided via the relevant `x_secrets.env` files to the
|
||||
# containers. Options to be set are documented by commented out environment
|
||||
# variables.
|
||||
#
|
||||
## Links & Resources:
|
||||
#
|
||||
# https://www.keycloak.org/
|
||||
# https://www.keycloak.org/documentation
|
||||
# https://www.keycloak.org/getting-started/getting-started-docker
|
||||
# https://www.keycloak.org/server/configuration
|
||||
# https://www.keycloak.org/server/containers
|
||||
# https://www.keycloak.org/server/configuration-production
|
||||
# https://www.keycloak.org/server/db
|
||||
# https://hub.docker.com/_/postgres
|
||||
# https://github.com/docker-library/docs/blob/master/postgres/README.md
|
||||
# https://www.keycloak.org/server/hostname
|
||||
# https://www.keycloak.org/server/reverseproxy
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
|
||||
# https://www.keycloak.org/server/all-config
|
||||
|
||||
services:
|
||||
keycloak:
|
||||
image: git.hamburg.ccc.de/ccchh/oci-images/keycloak:26.0
|
||||
pull_policy: always
|
||||
restart: unless-stopped
|
||||
command: start --optimized
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- keycloak
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL_HOST: db
|
||||
KC_DB_USERNAME: keycloak
|
||||
KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }}
|
||||
KC_HOSTNAME: https://id.hamburg.ccc.de
|
||||
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: false
|
||||
KC_HOSTNAME_ADMIN: https://keycloak-admin.hamburg.ccc.de
|
||||
KC_PROXY_HEADERS: xforwarded
|
||||
KC_HTTP_ENABLED: true
|
||||
ports:
|
||||
- "8080:8080"
|
||||
|
||||
db:
|
||||
image: postgres:15.2
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
volumes:
|
||||
- "./database:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }}
|
||||
POSTGRES_DB: keycloak
|
||||
|
||||
id-invite-web:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: web
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- web
|
||||
- email
|
||||
- keycloak
|
||||
ports:
|
||||
- 3000:3000
|
||||
environment:
|
||||
- "APP_EMAIL_BASE_URI=http://id-invite-email:3000"
|
||||
- "APP_KEYCLOAK_BASE_URI=http://id-invite-keycloak:3000"
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "BOTTLE_URL_SCHEME=https"
|
||||
- "IDINVITE_INVITE_REQUIRES_GROUP=id_invite"
|
||||
- "IDINVITE_URL=https://invite.hamburg.ccc.de"
|
||||
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
|
||||
- "IDINVITE_VALID_HOURS=50"
|
||||
- "IDINVITE_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_TOKEN_SECRET", create=false, missing="error") }}"
|
||||
- "IDINVITE_DISCOVERY_URL=https://id.hamburg.ccc.de/realms/ccchh/.well-known/openid-configuration"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
|
||||
- "MAIL_FROM=no-reply@hamburg.ccc.de"
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
|
||||
id-invite-email:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: email
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- email
|
||||
- web
|
||||
environment:
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "IDINVITE_KEYCLOAK_NAME=CCCHH ID"
|
||||
- "MAIL_FROM=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
|
||||
- "SMTP_USERNAME=no-reply@id.hamburg.ccc.de"
|
||||
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/NO_REPLY_SMTP", create=false, missing="error") }}"
|
||||
|
||||
id-invite-keycloak:
|
||||
image: git.hamburg.ccc.de/ccchh/id-invite/id-invite:latest
|
||||
command: keycloak
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- keycloak
|
||||
environment:
|
||||
- "BOTTLE_HOST=0.0.0.0"
|
||||
- "IDINVITE_CLIENT_ID=id-invite"
|
||||
- "IDINVITE_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_CLIENT_SECRET", create=false, missing="error") }}"
|
||||
- "KEYCLOAK_API_URL=http://keycloak:8080"
|
||||
- "KEYCLOAK_API_USERNAME=id-invite"
|
||||
- "KEYCLOAK_API_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/IDINVITE_ADMIN_PASSWORD", create=false, missing="error") }}"
|
||||
- "KEYCLOAK_API_REALM=ccchh"
|
||||
- 'KEYCLOAK_GROUPS=["user"]'
|
||||
|
||||
|
||||
|
||||
networks:
|
||||
keycloak:
|
||||
external: false
|
||||
web:
|
||||
email:
|
||||
external: false
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
## Links & Resources
|
||||
#
|
||||
# https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx
|
||||
|
||||
services:
|
||||
onlyoffice:
|
||||
image: onlyoffice/documentserver:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "./onlyoffice/DocumentServer/logs:/var/log/onlyoffice"
|
||||
- "./onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data"
|
||||
- "./onlyoffice/DocumentServer/lib:/var/lib/onlyoffice"
|
||||
- "./onlyoffice/DocumentServer/db:/var/lib/postgresql"
|
||||
ports:
|
||||
- "8080:80"
|
||||
environment:
|
||||
JWT_SECRET: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/onlyoffice/JWT_SECRET", create=false, missing="error") }}
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
---
|
||||
# see https://github.com/hedgedoc/container/blob/master/docker-compose.yml
|
||||
|
||||
services:
|
||||
database:
|
||||
image: docker.io/library/postgres:15-alpine
|
||||
environment:
|
||||
- "POSTGRES_USER=hedgedoc"
|
||||
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "POSTGRES_DB=hedgedoc"
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
restart: unless-stopped
|
||||
|
||||
app:
|
||||
#image: quay.io/hedgedoc/hedgedoc:1.9.9
|
||||
image: quay.io/hedgedoc/hedgedoc:latest
|
||||
environment:
|
||||
- "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
|
||||
- "CMD_DOMAIN=pad.hamburg.ccc.de"
|
||||
- "CMD_PROTOCOL_USESSL=true"
|
||||
- "CMD_HSTS_ENABLE=false"
|
||||
- "CMD_URL_ADDPORT=false"
|
||||
- "CMD_ALLOW_FREEURL=true"
|
||||
- "CMD_ALLOW_EMAIL_REGISTER=false"
|
||||
- "CMD_ALLOW_ANONYMOUS=false"
|
||||
- "CMD_ALLOW_ANONYMOUS_EDITS=true"
|
||||
- "CMD_ALLOW_ANONYMOUS_VIEWS=true"
|
||||
- "CMD_DEFAULT_PERMISSION=limited"
|
||||
- "CMD_EMAIL=false"
|
||||
- "CMD_OAUTH2_USER_PROFILE_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo"
|
||||
- "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username"
|
||||
- "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name"
|
||||
- "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email"
|
||||
- "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
|
||||
- "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
|
||||
- "CMD_OAUTH2_CLIENT_ID=pad"
|
||||
- "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
|
||||
- "CMD_OAUTH2_PROVIDERNAME=Keycloak"
|
||||
- "CMD_OAUTH2_SCOPE=openid email profile"
|
||||
volumes:
|
||||
- uploads:/hedgedoc/public/uploads
|
||||
ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
hedgedoc-expire:
|
||||
image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest
|
||||
# command: "emailcheck"
|
||||
command: "cron"
|
||||
environment:
|
||||
- "POSTGRES_HOSTNAME=database"
|
||||
- "POSTGRES_USERNAME=hedgedoc"
|
||||
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "SMTP_FROM=pad@hamburg.ccc.de"
|
||||
- "SMTP_HOSTNAME=cow.hamburg.ccc.de"
|
||||
- "SMTP_USERNAME=pad@hamburg.ccc.de"
|
||||
- "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
|
||||
- "URL=https://pad.hamburg.ccc.de"
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
volumes:
|
||||
database: {}
|
||||
uploads: {}
|
||||
|
|
@ -1,106 +0,0 @@
|
|||
---
|
||||
# see https://github.com/pretalx/pretalx-docker/blob/main/docker-compose.yml
|
||||
|
||||
services:
|
||||
database:
|
||||
image: docker.io/library/postgres:15-alpine
|
||||
environment:
|
||||
- "POSTGRES_USER=pretalx"
|
||||
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "POSTGRES_DB=pretalx"
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
restart: unless-stopped
|
||||
|
||||
redis:
|
||||
image: redis:latest
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- redis:/data
|
||||
|
||||
static:
|
||||
image: docker.io/library/nginx
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- public:/usr/share/nginx/html
|
||||
ports:
|
||||
- 8081:80
|
||||
|
||||
pretalx:
|
||||
image: pretalx/standalone:latest
|
||||
entrypoint: gunicorn
|
||||
command:
|
||||
- "pretalx.wsgi"
|
||||
- "--name"
|
||||
- "pretalx"
|
||||
- "--workers"
|
||||
- "4"
|
||||
- "--max-requests"
|
||||
- "1200"
|
||||
- "--max-requests-jitter"
|
||||
- "50"
|
||||
- "--log-level=info"
|
||||
- "--bind=0.0.0.0:8080"
|
||||
ports:
|
||||
- 8080:8080
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PRETALX_DATA_DIR: /data
|
||||
PRETALX_FILESYSTEM_MEDIA: /public/media
|
||||
PRETALX_FILESYSTEM_STATIC: /public/static
|
||||
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
|
||||
PRETALX_DB_TYPE: postgresql
|
||||
PRETALX_DB_NAME: pretalx
|
||||
PRETALX_DB_USER: pretalx
|
||||
PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
|
||||
PRETALX_DB_HOST: database
|
||||
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
|
||||
PRETALX_MAIL_HOST: "cow-intern.hamburg.ccc.de"
|
||||
PRETALX_CELERY_BACKEND: redis://redis/1
|
||||
PRETALX_CELERY_BROKER: redis://redis/2
|
||||
PRETALX_REDIS: redis://redis/3
|
||||
PRETALX_REDIS_SESSIONS: "True"
|
||||
# PRETALX_LOGGING_EMAIL: noc@hamburg.ccc.de
|
||||
PRETALX_LANGUAGE_CODE: de
|
||||
PRETALX_TIME_ZONE: Europe/Berlin
|
||||
volumes:
|
||||
- pretalx:/data
|
||||
- public:/public
|
||||
|
||||
celery:
|
||||
image: pretalx/standalone:latest
|
||||
command:
|
||||
- taskworker
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
PRETALX_DATA_DIR: /data
|
||||
PRETALX_FILESYSTEM_MEDIA: /public/media
|
||||
PRETALX_FILESYSTEM_STATIC: /public/static
|
||||
PRETALX_SITE_URL: https://pretalx.hamburg.ccc.de
|
||||
PRETALX_DB_TYPE: postgresql
|
||||
PRETALX_DB_NAME: pretalx
|
||||
PRETALX_DB_USER: pretalx
|
||||
PRETALX_DB_PASS: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/DB_PASSWORD", create=false, missing="error") }}"
|
||||
PRETALX_DB_HOST: database
|
||||
PRETALX_MAIL_FROM: "pretalx@hamburg.ccc.de"
|
||||
PRETALX_MAIL_HOST: "cow.hamburg.ccc.de"
|
||||
PRETALX_MAIL_PORT: 587
|
||||
PRETALX_MAIL_USER: pretalx@hamburg.ccc.de
|
||||
PRETALX_MAIL_PASSWORD: "{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pretalx/PRETALX_MAIL_PASSWORD", create=false, missing="error") }}"
|
||||
PRETALX_MAIL_TLS: "true"
|
||||
PRETALX_CELERY_BACKEND: redis://redis/1
|
||||
PRETALX_CELERY_BROKER: redis://redis/2
|
||||
PRETALX_REDIS: redis://redis/3
|
||||
PRETALX_REDIS_SESSIONS: "True"
|
||||
# PRETALX_LOGGING_EMAIL: noc@hamburg.ccc.de
|
||||
PRETALX_LANGUAGE_CODE: de
|
||||
PRETALX_TIME_ZONE: Europe/Berlin
|
||||
volumes:
|
||||
- pretalx:/data
|
||||
- public:/public
|
||||
|
||||
volumes:
|
||||
database: {}
|
||||
redis: {}
|
||||
pretalx: {}
|
||||
public: {}
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
---
|
||||
services:
|
||||
database:
|
||||
image: docker.io/library/postgres:15-alpine
|
||||
environment:
|
||||
- "POSTGRES_USER=pretix"
|
||||
- "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}"
|
||||
- "POSTGRES_DB=pretix"
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
networks:
|
||||
backend:
|
||||
restart: unless-stopped
|
||||
|
||||
redis:
|
||||
image: docker.io/library/redis:7
|
||||
ports:
|
||||
- "6379:6379"
|
||||
volumes:
|
||||
- redis:/rdata
|
||||
# run redis-server, save a snapshot every 60 seconds if there has been at least 1 write
|
||||
command: ["redis-server", "--save", "60", "1"]
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
backend:
|
||||
|
||||
pretix:
|
||||
image: docker.io/pretix/standalone:2024.8
|
||||
command: ["all"]
|
||||
ports:
|
||||
- "8345:80"
|
||||
volumes:
|
||||
- ./configs/pretix.cfg:/etc/pretix/pretix.cfg
|
||||
- pretix:/data
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
backend:
|
||||
frontend:
|
||||
|
||||
volumes:
|
||||
database: {}
|
||||
pretix: {}
|
||||
redis: {}
|
||||
|
||||
networks:
|
||||
backend:
|
||||
internal: true
|
||||
frontend:
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
[pretix]
|
||||
instance_name=CCCHH Tickets
|
||||
url=https://tickets.hamburg.ccc.de
|
||||
currency=EUR
|
||||
datadir=/data
|
||||
trust_x_forwarded_for=on
|
||||
trust_x_forwarded_proto=on
|
||||
|
||||
[database]
|
||||
backend=postgresql
|
||||
name=pretix
|
||||
user=pretix
|
||||
password={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/tickets/DB_PASSWORD", create=false, missing="error") }}
|
||||
host=database
|
||||
|
||||
[mail]
|
||||
from=tickets@hamburg.ccc.de
|
||||
host=cow-intern.hamburg.ccc.de
|
||||
|
||||
[redis]
|
||||
location=redis://redis/0
|
||||
sessions=true
|
||||
|
||||
[celery]
|
||||
backend=redis://redis/0
|
||||
broker=redis://redis/1
|
||||
|
|
@ -1,158 +0,0 @@
|
|||
---
|
||||
{#
|
||||
https://github.com/zammad/zammad-docker-compose
|
||||
Docker Compose does not allow defining variables in the compose file (only in .env files), so we use Jinja variables instead
|
||||
see https://github.com/zammad/zammad-docker-compose/blob/master/.env
|
||||
#}
|
||||
{%- set ELASTICSEARCH_VERSION = "8" | quote -%}
|
||||
{%- set IMAGE_REPO = "ghcr.io/zammad/zammad" | quote -%}
|
||||
{%- set MEMCACHE_SERVERS = "zammad-memcached:11211" | quote -%}
|
||||
{%- set MEMCACHE_VERSION = "1.6-alpine" | quote -%}
|
||||
{%- set POSTGRES_DB = "zammad_production" | quote -%}
|
||||
{%- set POSTGRES_HOST = "zammad-postgresql" | quote -%}
|
||||
{%- set POSTGRES_USER = "zammad" | quote -%}
|
||||
{%- set POSTGRES_PASS = lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/zammad/DB_PASSWORD", create=false, missing="error") | quote -%}
|
||||
{%- set POSTGRES_PORT = "5432" | quote -%}
|
||||
{%- set POSTGRES_VERSION = "15-alpine" | quote -%}
|
||||
{%- set REDIS_URL = "redis://zammad-redis:6379" | quote -%}
|
||||
{%- set REDIS_VERSION = "7-alpine" | quote -%}
|
||||
{%- set RESTART = "always" | quote -%}
|
||||
{%- set VERSION = "6" | quote -%}
|
||||
x-shared:
|
||||
zammad-service: &zammad-service
|
||||
environment: &zammad-environment
|
||||
MEMCACHE_SERVERS: {{ MEMCACHE_SERVERS }}
|
||||
POSTGRESQL_DB: {{ POSTGRES_DB }}
|
||||
POSTGRESQL_HOST: {{ POSTGRES_HOST }}
|
||||
POSTGRESQL_USER: {{ POSTGRES_USER }}
|
||||
POSTGRESQL_PASS: {{ POSTGRES_PASS }}
|
||||
POSTGRESQL_PORT: {{ POSTGRES_PORT }}
|
||||
REDIS_URL: {{ REDIS_URL }}
|
||||
# Allow passing in these variables via .env:
|
||||
AUTOWIZARD_JSON:
|
||||
AUTOWIZARD_RELATIVE_PATH:
|
||||
ELASTICSEARCH_ENABLED:
|
||||
ELASTICSEARCH_HOST:
|
||||
ELASTICSEARCH_PORT:
|
||||
ELASTICSEARCH_SCHEMA:
|
||||
ELASTICSEARCH_NAMESPACE:
|
||||
ELASTICSEARCH_REINDEX:
|
||||
ELASTICSEARCH_SSL_VERIFY:
|
||||
NGINX_PORT:
|
||||
NGINX_SERVER_NAME:
|
||||
NGINX_SERVER_SCHEME: https
|
||||
POSTGRESQL_DB_CREATE:
|
||||
POSTGRESQL_OPTIONS:
|
||||
RAILS_TRUSTED_PROXIES:
|
||||
ZAMMAD_WEB_CONCURRENCY:
|
||||
ZAMMAD_SESSION_JOBS:
|
||||
ZAMMAD_PROCESS_SCHEDULED:
|
||||
ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
|
||||
image: {{ IMAGE_REPO }}:{{ VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
volumes:
|
||||
- zammad-storage:/opt/zammad/storage
|
||||
- zammad-var:/opt/zammad/var
|
||||
depends_on:
|
||||
- zammad-memcached
|
||||
- zammad-postgresql
|
||||
- zammad-redis
|
||||
|
||||
services:
|
||||
|
||||
zammad-backup:
|
||||
command: ["zammad-backup"]
|
||||
depends_on:
|
||||
- zammad-railsserver
|
||||
- zammad-postgresql
|
||||
entrypoint: /usr/local/bin/backup.sh
|
||||
environment:
|
||||
<<: *zammad-environment
|
||||
BACKUP_TIME: "03:00"
|
||||
HOLD_DAYS: "10"
|
||||
TZ: Europe/Berlin
|
||||
image: postgres:{{ POSTGRES_VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
volumes:
|
||||
- zammad-backup:/var/tmp/zammad
|
||||
- zammad-storage:/opt/zammad/storage:ro
|
||||
- zammad-var:/opt/zammad/var:ro
|
||||
- ./scripts/backup.sh:/usr/local/bin/backup.sh:ro
|
||||
|
||||
zammad-elasticsearch:
|
||||
image: bitnami/elasticsearch:{{ ELASTICSEARCH_VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
volumes:
|
||||
- elasticsearch-data:/bitnami/elasticsearch/data
|
||||
|
||||
zammad-init:
|
||||
<<: *zammad-service
|
||||
command: ["zammad-init"]
|
||||
depends_on:
|
||||
- zammad-postgresql
|
||||
restart: on-failure
|
||||
user: 0:0
|
||||
volumes:
|
||||
- zammad-storage:/opt/zammad/storage
|
||||
- zammad-var:/opt/zammad/var
|
||||
|
||||
zammad-memcached:
|
||||
command: memcached -m 256M
|
||||
image: memcached:{{ MEMCACHE_VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
|
||||
zammad-nginx:
|
||||
<<: *zammad-service
|
||||
command: ["zammad-nginx"]
|
||||
expose:
|
||||
- "8080"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
depends_on:
|
||||
- zammad-railsserver
|
||||
volumes:
|
||||
- zammad-var:/opt/zammad/var:ro # required for the zammad-ready check file
|
||||
|
||||
zammad-postgresql:
|
||||
environment:
|
||||
POSTGRES_DB: {{ POSTGRES_DB }}
|
||||
POSTGRES_USER: {{ POSTGRES_USER }}
|
||||
POSTGRES_PASSWORD: {{ POSTGRES_PASS }}
|
||||
image: postgres:{{ POSTGRES_VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
volumes:
|
||||
- postgresql-data:/var/lib/postgresql/data
|
||||
|
||||
zammad-railsserver:
|
||||
<<: *zammad-service
|
||||
command: ["zammad-railsserver"]
|
||||
|
||||
zammad-redis:
|
||||
image: redis:{{ REDIS_VERSION }}
|
||||
restart: {{ RESTART }}
|
||||
volumes:
|
||||
- redis-data:/data
|
||||
|
||||
zammad-scheduler:
|
||||
<<: *zammad-service
|
||||
command: ["zammad-scheduler"]
|
||||
volumes:
|
||||
- /ansible_docker_compose/zammad-scheduler-database.yml:/opt/zammad/config/database.yml # workaround for connection pool issue
|
||||
|
||||
zammad-websocket:
|
||||
<<: *zammad-service
|
||||
command: ["zammad-websocket"]
|
||||
|
||||
volumes:
|
||||
elasticsearch-data:
|
||||
driver: local
|
||||
postgresql-data:
|
||||
driver: local
|
||||
redis-data:
|
||||
driver: local
|
||||
zammad-backup:
|
||||
driver: local
|
||||
zammad-storage:
|
||||
driver: local
|
||||
zammad-var:
|
||||
driver: local
|
||||
Loading…
Add table
Add a link
Reference in a new issue