diff --git a/inventories/chaosknoten/host_vars/lists.yaml b/inventories/chaosknoten/host_vars/lists.yaml new file mode 100644 index 0000000..2175571 --- /dev/null +++ b/inventories/chaosknoten/host_vars/lists.yaml @@ -0,0 +1,12 @@ +docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/compose/compose.yaml') }}" +docker_compose__configuration_files: [ ] + +certbot__version_spec: "" +certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz +certbot__certificate_domains: + - "lists.hamburg.ccc.de" + +nginx__version_spec: "" +nginx__configurations: + - name: lists.hamburg.ccc.de + content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}" diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index 8158538..384f3fb 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -6,6 +6,18 @@ all: ansible_host: cloud-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 + keycloak: + ansible_host: keycloak-intern.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 + lists: + ansible_host: lists.hamburg.ccc.de + ansible_port: 42666 + ansible_user: chaos + onlyoffice: + ansible_host: onlyoffice-intern.hamburg.ccc.de + ansible_user: chaos + ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 pad: ansible_host: pad-intern.hamburg.ccc.de ansible_port: 42666 @@ -15,22 +27,15 @@ all: ansible_host: public-reverse-proxy.hamburg.ccc.de ansible_port: 42666 ansible_user: chaos - keycloak: - ansible_host: keycloak-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 wiki: ansible_host: wiki-intern.hamburg.ccc.de ansible_user: chaos ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 - onlyoffice: - ansible_host: onlyoffice-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666 docker_compose_hosts: hosts: pad: keycloak: + lists: onlyoffice: nextcloud_hosts: hosts: @@ -40,6 +45,7 @@ all: pad: public-reverse-proxy: keycloak: + lists: wiki: onlyoffice: public_reverse_proxy_hosts: @@ -53,6 +59,7 @@ all: hosts: pad: keycloak: + lists: wiki: onlyoffice: infrastructure_authorized_keys_hosts: diff --git a/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml b/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml new file mode 100644 index 0000000..f29fb15 --- /dev/null +++ b/playbooks/files/chaosknoten/configs/lists/compose/compose.yaml @@ -0,0 +1,73 @@ +version: '2' + +services: + mailman-core: + restart: unless-stopped + image: maxking/mailman-core:0.4 # Use a specific version tag (tag latest is not published) + container_name: mailman-core + hostname: mailman-core + volumes: + - /opt/mailman/core:/opt/mailman/ + stop_grace_period: 30s + links: + - database:database + depends_on: + - database + environment: + - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb + - DATABASE_TYPE=postgres + - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase + - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86 + - MTA=postfix + ports: + - "127.0.0.1:8001:8001" # API + - "127.0.0.1:8024:8024" # LMTP - incoming emails + networks: + mailman: + + mailman-web: + restart: unless-stopped + image: maxking/mailman-web:0.4 # Use a specific version tag (tag latest is not published) + container_name: mailman-web + hostname: mailman-web + depends_on: + - database + links: + - mailman-core:mailman-core + - database:database + volumes: + - /opt/mailman/web:/opt/mailman-web-data + environment: + - DATABASE_TYPE=postgres + - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb + - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86 + - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de + - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt + - MAILMAN_ADMIN_USER=ccchh-admin + - MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de + ports: + - "127.0.0.1:8000:8000" # HTTP + - "127.0.0.1:8080:8080" # uwsgi + networks: + mailman: + + database: + restart: unless-stopped + environment: + - POSTGRES_DB=mailmandb + - POSTGRES_USER=mailman + - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz + image: postgres:11-alpine + volumes: + - /opt/mailman/database:/var/lib/postgresql/data + networks: + mailman: + +networks: + mailman: + driver: bridge + ipam: + driver: default + config: + - + subnet: 172.19.199.0/24 diff --git a/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf b/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf new file mode 100644 index 0000000..ee8a221 --- /dev/null +++ b/playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf @@ -0,0 +1,26 @@ +server { + root /var/www/html; + server_name lists.hamburg.ccc.de; # managed by Certbot + + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + + ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/lists.hamburg.ccc.de/privkey.pem; # managed by Certbot + # verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/chain.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + location /static { + alias /opt/mailman/web/static; + autoindex off; + } + + location / { + uwsgi_pass localhost:8080; + include uwsgi_params; + uwsgi_read_timeout 300; + } +}