diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 1135d58..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "kubespray"] - path = kubespray - url = ssh://git@gitlab.banditlair.com:2224/phfroidmont/kubespray.git diff --git a/ansible-playbook.sh b/ansible-playbook.sh deleted file mode 100755 index 922a280..0000000 --- a/ansible-playbook.sh +++ /dev/null @@ -1,14 +0,0 @@ -#! /bin/bash - -set -e - -export HCLOUD_TOKEN=$(./get_hcloud_token.sh) -ENVIRONMENT=$(cat .environment) -source .virtualenv/bin/activate - -ARGS="-i inventories/$ENVIRONMENT" -ARGS="$ARGS --vault-id=~/.ssh/vault-pass" -ARGS="$ARGS $@" - -echo "ansible-playbook $ARGS" -ansible-playbook $ARGS diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index f7c7e6b..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,25 +0,0 @@ -[defaults] -any_errors_fatal = True -deprecation_warnings = True -display_skipped_hosts = False -host_key_checking = False -nocows = 1 -#stdout_callback=skippy -callback_whitelist=profile_tasks -remote_user = root -retry_files_enabled = False -library = kubespray/library/ -roles_path = kubespray/roles/ -invalid_task_attribute_failed=False -force_valid_group_names = ignore -strategy_plugins = kubespray/plugins/mitogen/ansible_mitogen/plugins/strategy -fact_caching = jsonfile -fact_caching_connection = /tmp - -[ssh_connection] -control_path = /tmp/ansible-ssh-%%h-%%p-%%r -pipelining = True -ssh_args = -C -o ControlMaster=auto -o ControlPersist=5m -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null - -[inventory] -enable_plugins = hcloud, ini, script, yaml diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml deleted file mode 100644 index da46ff5..0000000 --- a/group_vars/all/vars.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -ansible_python_interpreter: /usr/bin/python3 - -kubeadm_enabled: true - -harden_linux_root_password: "{{k8s_scaleway_root_password}}" -harden_linux_deploy_user: deploy -harden_linux_deploy_user_password: "{{k8s_scaleway_deploy_user_password}}" -harden_linux_deploy_user_home: /home/deploy -harden_linux_ufw_defaults_user: - "^DEFAULT_FORWARD_POLICY": 'DEFAULT_FORWARD_POLICY="ACCEPT"' -harden_linux_deploy_user_public_keys: "{{ scw_authorized_keys }}" -harden_linux_ufw_allow_networks: - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" -harden_linux_sysctl_settings_user: - "net.ipv4.ip_forward": 1 - "net.ipv6.conf.default.forwarding": 1 - "net.ipv6.conf.all.forwarding": 1 -harden_linux_ufw_logging: 'on' -harden_linux_sshguard_whitelist: - - "127.0.0.0/8" - - "::1/128" - - "212.83.165.111" - - "10.3.0.0/24" - - "10.200.0.0/16" diff --git a/group_vars/all/vault b/group_vars/all/vault deleted file mode 100644 index 735db5c..0000000 --- a/group_vars/all/vault +++ /dev/null @@ -1,66 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64366663356439393235303130346265663733333431373661363739653333336233386265653231 -3435376361366666663135396566313539383136643739320a313335666464393538386538636138 -61636534633461363331363139643064343530396463353131636336613163373034653531343763 -6237663337333063300a373737393066383533323961656539653466363336656632333331386263 -65323366323536316661303365653335653237356239356535653230393464623333643730646534 -65313338363731646339616435346166373635623538323433336464656535313866343363393132 -36373830316666653161323063303131623030666439326338393431316233326562303862363537 -34333133616333636561633763356665336132653933646331626463316236306537383437393238 -34306438313634653064313161643865646361393432323436623230333566303336383562393366 -30613362306632356333323838646430333564306232386439346262613632663234626631393763 -35336363303361366561646639353831303336346264313665313932343039353938313638366366 -38376162616339653534333335616365323864323436393361356165333231313037356564393861 -65623135346465373266373233353438303263373163623762613032356565623362636533383064 -61333566393364363936356135303763326531333737303765313135613266366132646266636164 -33396535323861653732653135393838323463336230373330353862386261346331366339663861 -31626331313732356361353534363330616434336230663635653035376535363765393836323232 -39663734356234376335353233363635393562326537663461613035383239363739353437383930 -35343866323431343562383539396437653433336463373830316165323266333062323238613839 -32343865366163646466663266336664336262616562666538656266373263393366326337323034 -64326337663038373234353535336133613363623336396236393137343234323161613232373139 -38383139393961646133636132323966376531336266613364656439626264373264396231346531 -30643163363836663137393930343538353334313165646134316430623536313465656535333037 -39646232633730383764653235613736323339653164613265663537386535653265343832343937 -32343432306338616163663466363930353439373333626335363935636538373233383465626330 -65356165643062393234666432303065306464636635626536336262636566656663356535353133 -33303266373962353866643963343265383136643436393739656163663464636262323462353137 -33383736333362316564643937623761636237323164383332653561346264386639346361616166 -63656538303934623536386330623835626463316231663561373139306566353630653864613534 -35323139353365396662656236363036353733333464343932353532633230343736653939373538 -61336333303235356235376431666337353630666461313065383765376234373931313063306331 -32386162666537653036343833353237666161326635376439636162626635633938366562636662 -35366632363564366239316236373037393239343237316565393862666130343933623561383833 -62383232663638313862343962356530316632303438363331653531613131333561343437326362 -66366162386336346234383831633961346531316461623733313762613430356137353938643366 -32316435336461386563616637396162623739336137396135326439333331623730313433336434 -37613833353031313764616339646661383533616465663331323634663763313636653332633966 -33383038646262343465323732643230336537613564373932306139633339666437313161656136 -33343264636539636563653239363730373762306135613131353035626365373934616539303363 -38636437626638326234396238396363656362373137653634666664346536323837653839306165 -35623164373361636162656263393738386666396434363537356234303131363331633035393164 -31386633386334303661333936633539636132326663643166366339303939366132346666313463 -65636535363463323732323237373661646164383166343163613465336233343162333637313131 -36306334333039643461376532353936353233336332623031613530323236626334343266653433 -63666130663831393336643132616166363730616531633161373865353962366238343437613963 -38376639613666316436313431626564303937363933663262646637386134353335316632383963 -65656637303061356335343366666161333662626466313938303864373666373731616266616163 -65323362353966333236393634366436356532353632373237666566363263663532353438623236 -35343134616432383363633036313531626632643530393966646332363533386364383138363236 -65636536663465356265353733353436363135626462383535366538303265386139663261383832 -64366338663562393262333065393064663366643531616361383736653665623532343164653937 -31316530653533393366373531626562353436376234636530396266616630313764623966346462 -64356361313539613732386564663065646561313262376532616633343434323734353966396333 -30613366363536323631333266353634623132376330613762333133626565393537386534393135 -32316236323638326262656261663731366563623034373465643962663339386663646436653562 -35653637323266623466643230666237346136343061616138613064653136356132633762623235 -39366232363939336162333965626566323761376230653431333235316266396432336464353639 -33343930666332396530383535343761313832323339346439666165623965333035386334313332 -63616166333234383231643436306433326631313162613133386662636539393864626239356334 -63393739303837373864323266373766353266663931616231613439336438356334343036383565 -61393064356539386437613135613930653132336331386265646531336134326339663231306637 -64646639303666383235373361643066643234343532626537323939333737613962363035356430 -31333034343938366536313163636533626238653139393738633434373063613561633532373334 -36353939623963383438313866313637316463323866373332666536373764393463636132353066 -65303766653033623862653665636332306466643435623238346430353564653364336661393832 -36363136653461306362623265383161313138363062373265313431363333613866 diff --git a/playbook.yml b/playbook.yml deleted file mode 100644 index 673a5f7..0000000 --- a/playbook.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- hosts: storage - become: true - vars: - docker_compose_files_folder_previous_server: /etc/compose - docker_compose_files_folder: /etc/compose - domain_name: banditlair.com - sub_domains: - - rpg - roles: - - role: base - tags: ['base'] - - role: scripts - tags: [ 'scripts' ] - - role: daily-backup - tags: [ 'backup' ] - - role: docker - tags: [ 'docker' ] - - role: traefik-proxy-docker - tags: [ 'traefik' ] - - role: searx-docker - tags: [ 'searx' ] - - role: wiki-docker - tags: [ 'wiki' ] - - role: emby-docker - tags: [ 'emby' ] - - role: gitlab-docker - tags: [ 'gitlab' ] - - role: torrent-docker - tags: [ 'torrent' ] - - role: monit - tags: [ 'monit' ] - - role: stb-wordpress-docker - tags: [ 'stb' ] - - role: invidious-docker - tags: [ 'invidious' ] - - role: ddns-docker - tags: [ 'ddns' ] - - role: mailu-docker - tags: [ 'mailu' ] - - role: website-marie-docker - tags: [ 'website-marie' ] - diff --git a/production b/production deleted file mode 100644 index 4e61294..0000000 --- a/production +++ /dev/null @@ -1,2 +0,0 @@ -[storage] -storage1 ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_host=144.76.18.197 diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml deleted file mode 100644 index 86d7332..0000000 --- a/roles/base/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Install base packages - package: - name: - - htop - - git - - nload - - ufw - - borgbackup - - vim - state: present - update_cache: yes diff --git a/roles/daily-backup/tasks/main.yml b/roles/daily-backup/tasks/main.yml deleted file mode 100644 index 36294a2..0000000 --- a/roles/daily-backup/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Create fullBackup.sh - template: - src: fullBackup.sh - dest: /root/fullBackup.sh - mode: 0700 -- name: Create backup cron job - cron: - name: daily backup - state: present - minute: 0 - hour: 4 - job: "/root/fullBackup.sh >> /var/log/backup.log 2>&1" - diff --git a/roles/daily-backup/templates/fullBackup.sh b/roles/daily-backup/templates/fullBackup.sh deleted file mode 100755 index 4fed89e..0000000 --- a/roles/daily-backup/templates/fullBackup.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -set -e - -touch /backups/backup-ongoing - -REPOSITORY=ssh://backup@212.129.12.205:22/./ - -export BORG_PASSPHRASE='{{backup_borg_passphrase}}' - -#echo 'Dumping NextCloud database' -#docker exec nextcloud_postgres_1 sh -c "pg_dump -U nextcloud nextcloud > /backups/database.dmp" - -echo 'Dumping S.T.B. wordpress database' -docker exec stb_db_1 sh -c "mysqldump -u stb -p{{stb_mysql_password}} stb > /backups/database.dmp" - -#echo 'Dumping matrix database' -#docker exec matrix_db_1 sh -c "pg_dump -U synapse synapse > /backups/database.dmp" - -#echo 'Dumping invidious database' -#docker exec invidious_postgres_1 sh -c "pg_dump -U kemal invidious > /backups/database.dmp" - -echo 'Copying murmur database' -docker stop murmur_murmur_1 -cp /var/lib/murmur/murmur.sqlite /backups/murmur/murmur.sqlite -docker start murmur_murmur_1 - -echo 'Creating GitLab backup' -docker exec gitlab_gitlab_1 gitlab-rake gitlab:backup:create - -echo 'Starting Borg backup' -borg create -v --stats --compression lz4 \ - ${REPOSITORY}::'{hostname}-{now:%Y-%m-%d}' \ - /root \ - /home \ - /data \ - /etc \ - /var/lib/mailu \ - /var/lib/matrix/media_store \ - /var/lib/nextcloud \ - /var/lib/transmission \ - /var/lib/wiki \ - /var/lib/stb \ - /var/lib/nzbget \ - /opt/factorio \ - /backups \ - --exclude '/var/lib/nextcloud/db' - -# If there is an error backing up, reset password envvar and exit -if [ "$?" = "1" ] ; then - export BORG_PASSPHRASE="" - exit 1 -fi - -# Use the `prune` subcommand to maintain 14 daily, 8 weekly and 12 monthly -# archives of THIS machine. The '{hostname}-' prefix is very important to -# limit prune's operation to this machine's archives and not apply to -# other machine's archives also. -borg prune -v --list ${REPOSITORY} --prefix '{hostname}-' \ - --keep-daily=14 --keep-weekly=8 --keep-monthly=12 - -# Unset the password -export BORG_PASSPHRASE="" - -rm -f /backups/backup-ongoing -touch /backups/backup-ok - -exit 0 diff --git a/roles/ddns-docker/files/ddns/docker-compose.yml b/roles/ddns-docker/files/ddns/docker-compose.yml deleted file mode 100644 index 6b4eef7..0000000 --- a/roles/ddns-docker/files/ddns/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: '3' - -networks: - web: - external: - name: web - -services: - ddns: - image: davd/docker-ddns:latest - restart: unless-stopped - environment: - RECORD_TTL: 60 - ZONE: ddns.banditlair.com - SHARED_SECRET: changeme - labels: - - "traefik.backend=ddns" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:ns.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8080" - - "traefik.default.protocol=http" - expose: - - 8080 - ports: - - "53:53" - - "53:53/udp" - networks: - - web - volumes: - - /var/lib/ddns/bind:/var/cache/bind \ No newline at end of file diff --git a/roles/ddns-docker/tasks/main.yml b/roles/ddns-docker/tasks/main.yml deleted file mode 100644 index 2f70377..0000000 --- a/roles/ddns-docker/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Copy ddns config - copy: - src: ddns - dest: "{{docker_compose_files_folder}}" - -- name: Start ddns docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/ddns" - state: present diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml deleted file mode 100644 index ea5c3d3..0000000 --- a/roles/docker/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -docker_apt_key: https://download.docker.com/linux/ubuntu/gpg -docker_apt_repository: https://download.docker.com/linux/ubuntu -# Choose 'edge' 'stable' or 'testing' for docker channel -docker_apt_channel: stable diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml deleted file mode 100644 index 27f9043..0000000 --- a/roles/docker/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart docker - systemd: - name: docker - state: restarted diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index a1dc8b1..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,93 +0,0 @@ ---- -- name: Ensure docker packages are not present - apt: - state: absent - name: ['docker', 'docker-engine', 'docker.io'] - -- name: Install docker package dependencies - apt: - state: latest - name: ['apt-transport-https', 'ca-certificates'] - update_cache: yes - cache_valid_time: 86400 - register: result - retries: 3 - until: result is success - -- name: Adding Docker official gpg key - apt_key: - url: "{{ docker_apt_key }}" - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - -- name: Setting Docker repository depending on arch - set_fact: - docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}" - when: ansible_architecture == item.system_arch - with_items: - - { system_arch: 'x86_64', apt_arch: 'amd64' } - - { system_arch: 'arm', apt_arch: 'armhf' } - -- name: Printing Docker repository - debug: - var: docker_repository - -- name: Adding Docker repository - apt_repository: - repo: "{{ docker_repository }}" - state: present - update_cache: true - -- name: Install Docker. - package: - name: docker-ce - state: present - notify: restart docker - -- name: Ensure containerd service dir exists. - file: - path: /etc/systemd/system/containerd.service.d - state: directory - -- name: Add shim to ensure Docker can start in all environments. - template: - src: override.conf.j2 - dest: /etc/systemd/system/containerd.service.d/override.conf - register: override_template - -- name: Reload systemd daemon if template is changed. - systemd: - daemon_reload: true - when: override_template is changed - -- name: Ensure Docker is started and enabled at boot. - service: - name: docker - state: started - enabled: true - -- name: Ensure handlers are notified now to avoid firewall conflicts. - meta: flush_handlers - -- name: Install python3-pip - apt: - name: python3-pip - state: latest - cache_valid_time: 86400 - register: result - retries: 3 - until: result is success - -- name: Install docker-compose package dependencies - apt: - state: latest - name: python3-setuptools - update_cache: yes - cache_valid_time: 86400 - register: result - retries: 3 - until: result is success - -- name: Install docker-compose - pip: - name: docker-compose diff --git a/roles/docker/templates/override.conf.j2 b/roles/docker/templates/override.conf.j2 deleted file mode 100644 index adab53c..0000000 --- a/roles/docker/templates/override.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# {{ ansible_managed }} -[Service] -ExecStartPre= diff --git a/roles/emby-docker/files/emby/docker-compose.yml b/roles/emby-docker/files/emby/docker-compose.yml deleted file mode 100644 index 6715de4..0000000 --- a/roles/emby-docker/files/emby/docker-compose.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - emby: - image: emby/embyserver:latest - volumes: - - ./config:/config - - /data:/media:ro - - /etc/localtime:/etc/localtime:ro - environment: - - UID=33 - - GID=33 - labels: - - "traefik.backend=emby" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:emby.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8096" - - "traefik.default.protocol=http" - networks: - - web - restart: always diff --git a/roles/emby-docker/tasks/main.yml b/roles/emby-docker/tasks/main.yml deleted file mode 100644 index 7f864a5..0000000 --- a/roles/emby-docker/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Copy emby config - copy: - src: emby - dest: "{{docker_compose_files_folder}}" -- name: Start emby docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/emby" - state: present diff --git a/roles/gitlab-docker/defaults/main.yml b/roles/gitlab-docker/defaults/main.yml deleted file mode 100644 index 7676be8..0000000 --- a/roles/gitlab-docker/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -email_password: "" \ No newline at end of file diff --git a/roles/gitlab-docker/files/gitlab/.env b/roles/gitlab-docker/files/gitlab/.env deleted file mode 100644 index c8ded99..0000000 --- a/roles/gitlab-docker/files/gitlab/.env +++ /dev/null @@ -1 +0,0 @@ -GITLAB_DOMAIN=gitlab.banditlair.com \ No newline at end of file diff --git a/roles/gitlab-docker/files/gitlab/docker-compose.yml b/roles/gitlab-docker/files/gitlab/docker-compose.yml deleted file mode 100644 index 746beae..0000000 --- a/roles/gitlab-docker/files/gitlab/docker-compose.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - gitlab: - image: 'gitlab/gitlab-ce:13.7.3-ce.0' - hostname: ${GITLAB_DOMAIN} - labels: - - "traefik.docker.network=web" - - "traefik.enable=true" - - "traefik.default.protocol=http" - - "traefik.gitlab.frontend.rule=Host:gitlab.banditlair.com" - - "traefik.gitlab.port=9090" - - "traefik.registry.frontend.rule=Host:registry.banditlair.com" - - "traefik.registry.port=5005" - ports: - - "2224:22" - expose: - - 9090 - - 5005 - volumes: - - ./config:/etc/gitlab - - /var/log/gitlab:/var/log/gitlab - - /var/lib/gitlab:/var/opt/gitlab - - /backups/gitlab:/var/opt/gitlab/backups - - /etc/localtime:/etc/localtime:ro - networks: - - web - restart: always - - runner: - image: 'gitlab/gitlab-runner:latest' - volumes: - - ./runner-config:/etc/gitlab-runner - - /var/run/docker.sock:/var/run/docker.sock - - /etc/localtime:/etc/localtime:ro - restart: always diff --git a/roles/gitlab-docker/files/gitlab/runner-config/config.toml b/roles/gitlab-docker/files/gitlab/runner-config/config.toml deleted file mode 100644 index e42a10b..0000000 --- a/roles/gitlab-docker/files/gitlab/runner-config/config.toml +++ /dev/null @@ -1,16 +0,0 @@ -concurrent = 1 -check_interval = 0 - -[[runners]] - name = "local-runner" - url = "https://gitlab.banditlair.com/" - token = "1cc1e58b1325920f45fc52a4468292" - executor = "docker" - [runners.docker] - tls_verify = false - image = "alpine:latest" - privileged = false - disable_cache = false - volumes = ["/cache"] - shm_size = 0 - [runners.cache] diff --git a/roles/gitlab-docker/files/restore-backup.sh b/roles/gitlab-docker/files/restore-backup.sh deleted file mode 100644 index 855932f..0000000 --- a/roles/gitlab-docker/files/restore-backup.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -e -docker-compose exec gitlab chown -R $1:$1 /var/opt/gitlab/backups -docker-compose exec gitlab gitlab-rake gitlab:backup:restore force=yes \ No newline at end of file diff --git a/roles/gitlab-docker/tasks/main.yml b/roles/gitlab-docker/tasks/main.yml deleted file mode 100644 index 6455a00..0000000 --- a/roles/gitlab-docker/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Copy docker-compose.yml - copy: - src: gitlab - dest: "{{docker_compose_files_folder}}" - -- name: Create gitlab config folder - file: - dest: "{{docker_compose_files_folder}}/gitlab/config" - state: directory - -- name: Create gitlab config - template: - src: gitlab/config/gitlab.rb - dest: "{{docker_compose_files_folder}}/gitlab/config/gitlab.rb" - -- name: Start gitlab docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/gitlab" - state: present - -- name: Find Gitlab user repositories - find: - paths: /var/lib/gitlab/git-data/repositories/ - file_type: directory - patterns: "*" - register: gitlab_users_repos - -- name: Get Gitlab git user id - command: docker-compose exec -T gitlab id -u git - args: - chdir: "{{docker_compose_files_folder}}/gitlab/" - register: gitlab_git_uid - when: gitlab_users_repos.matched|int == 0 - -- name: Wait for Gitlab to be installed - wait_for: - path: /var/lib/gitlab/postgres-exporter/ - state: present - timeout: 600 - when: gitlab_users_repos.matched|int == 0 - -- name: Restore backup if no users are found - script: restore-backup.sh {{gitlab_git_uid.stdout}} - register: gitlab_backup_restore - args: - chdir: "{{docker_compose_files_folder}}/gitlab/" - retries: 5 - delay: 30 - until: gitlab_backup_restore.rc == 0 - when: gitlab_users_repos.matched|int == 0 diff --git a/roles/gitlab-docker/templates/gitlab/config/gitlab.rb b/roles/gitlab-docker/templates/gitlab/config/gitlab.rb deleted file mode 100644 index 66add59..0000000 --- a/roles/gitlab-docker/templates/gitlab/config/gitlab.rb +++ /dev/null @@ -1,1624 +0,0 @@ -## GitLab configuration settings -##! This file is generated during initial installation and **is not** modified -##! during upgrades. -##! Check out the latest version of this file to know about the different -##! settings that can be configured by this file, which may be found at: -##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template - - -## GitLab URL -##! URL on which GitLab will be reachable. -##! For more details on configuring external_url see: -##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab -external_url 'https://gitlab.banditlair.com' - -## Legend -##! The following notations at the beginning of each line may be used to -##! differentiate between components of this file and to easily select them using -##! a regex. -##! ## Titles, subtitles etc -##! ##! More information - Description, Docs, Links, Issues etc. -##! Configuration settings have a single # followed by a single space at the -##! beginning; Remove them to enable the setting. - -##! **Configuration settings below are optional.** -##! **The values currently assigned are only examples and ARE NOT the default -##! values.** - - -################################################################################ -################################################################################ -## Configuration Settings for GitLab CE and EE ## -################################################################################ -################################################################################ - -################################################################################ -## gitlab.yml configuration -##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md -################################################################################ -# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' -# gitlab_rails['time_zone'] = 'UTC' - -### Email Settings -# gitlab_rails['gitlab_email_enabled'] = true -gitlab_rails['gitlab_email_from'] = 'gitlab@banditlair.com' -# gitlab_rails['gitlab_email_display_name'] = 'Gitlab' -gitlab_rails['gitlab_email_reply_to'] = 'noreply@banditlair.com' -# gitlab_rails['gitlab_email_subject_suffix'] = '' - -### GitLab user privileges -# gitlab_rails['gitlab_default_can_create_group'] = true -# gitlab_rails['gitlab_username_changing_enabled'] = true - -### Default Theme -# gitlab_rails['gitlab_default_theme'] = 2 - -### Default project feature settings -# gitlab_rails['gitlab_default_projects_features_issues'] = true -# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true -# gitlab_rails['gitlab_default_projects_features_wiki'] = true -# gitlab_rails['gitlab_default_projects_features_snippets'] = true -# gitlab_rails['gitlab_default_projects_features_builds'] = true -# gitlab_rails['gitlab_default_projects_features_container_registry'] = true - -### Automatic issue closing -###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more -###! information about this pattern. -# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" - -### Download location -###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file -###! is created in the following directory. -# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' - -### Gravatar Settings -# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' -# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' - -### Auxiliary jobs -###! Periodically executed jobs, to self-heal Gitlab, do external -###! synchronizations, etc. -###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job -###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in -# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *" -# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *" -# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *" -# gitlab_rails['repository_check_worker_cron'] = "20 * * * *" -# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" -# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" - -### Webhook Settings -###! Number of seconds to wait for HTTP response after sending webhook HTTP POST -###! request (default: 10) -# gitlab_rails['webhook_timeout'] = 10 - -### Trusted proxies -###! Customize if you have GitLab behind a reverse proxy which is running on a -###! different machine. -###! **Add the IP address for your reverse proxy to the list, otherwise users -###! will appear signed in from that address.** -# gitlab_rails['trusted_proxies'] = [] - -### Monitoring settings -###! IP whitelist controlling access to monitoring endpoints -# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8'] -###! Time between sampling of unicorn socket metrics, in seconds -# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10 - -### Reply by email -###! Allow users to comment on issues and merge requests by replying to -###! notification emails. -###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html -# gitlab_rails['incoming_email_enabled'] = true - -#### Incoming Email Address -####! The email address including the `%{key}` placeholder that will be replaced -####! to reference the item being replied to. -####! **The placeholder can be omitted but if present, it must appear in the -####! "user" part of the address (before the `@`).** -# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" - -#### Email account username -####! **With third party providers, this is usually the full email address.** -####! **With self-hosted email servers, this is usually the user part of the -####! email address.** -# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" - -#### Email account password -# gitlab_rails['incoming_email_password'] = "[REDACTED]" - -#### IMAP Settings -# gitlab_rails['incoming_email_host'] = "imap.gmail.com" -# gitlab_rails['incoming_email_port'] = 993 -# gitlab_rails['incoming_email_ssl'] = true -# gitlab_rails['incoming_email_start_tls'] = false - -#### Incoming Mailbox Settings -####! The mailbox where incoming mail will end up. Usually "inbox". -# gitlab_rails['incoming_email_mailbox_name'] = "inbox" -####! The IDLE command timeout. -# gitlab_rails['incoming_email_idle_timeout'] = 60 - -### Job Artifacts -# gitlab_rails['artifacts_enabled'] = true -# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts" -# gitlab_rails['artifacts_object_store_enabled'] = false -# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" -# gitlab_rails['artifacts_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY' -# } - -### Git LFS -# gitlab_rails['lfs_enabled'] = true -# gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects" - -### Usage Statistics -# gitlab_rails['usage_ping_enabled'] = true - -### GitLab Mattermost -###! These settings are void if Mattermost is installed on the same omnibus -###! install -# gitlab_rails['mattermost_host'] = "https://mattermost.example.com" - -### LDAP Settings -###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html -###! **Be careful not to break the indentation in the ldap_servers block. It is -###! in yaml format and the spaces must be retained. Using tabs will not work.** - -# gitlab_rails['ldap_enabled'] = false - -###! **remember to close this block with 'EOS' below** -# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' -# main: # 'main' is the GitLab 'provider ID' of this LDAP server -# label: 'LDAP' -# host: '_your_ldap_server' -# port: 389 -# uid: 'sAMAccountName' -# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' -# password: '_the_password_of_the_bind_user' -# encryption: 'plain' # "start_tls" or "simple_tls" or "plain" -# verify_certificates: true -# ca_file: '' -# ssl_version: '' -# active_directory: true -# allow_username_or_email_login: false -# block_auto_created_users: false -# base: '' -# user_filter: '' -# attributes: -# username: ['uid', 'userid', 'sAMAccountName'] -# email: ['mail', 'email', 'userPrincipalName'] -# name: 'cn' -# first_name: 'givenName' -# last_name: 'sn' -# ## EE only -# group_base: '' -# admin_group: '' -# sync_ssh_keys: false -# -# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server -# label: 'LDAP' -# host: '_your_ldap_server' -# port: 389 -# uid: 'sAMAccountName' -# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' -# password: '_the_password_of_the_bind_user' -# encryption: 'plain' # "start_tls" or "simple_tls" or "plain" -# verify_certificates: true -# ca_file: '' -# ssl_version: '' -# active_directory: true -# allow_username_or_email_login: false -# block_auto_created_users: false -# base: '' -# user_filter: '' -# attributes: -# username: ['uid', 'userid', 'sAMAccountName'] -# email: ['mail', 'email', 'userPrincipalName'] -# name: 'cn' -# first_name: 'givenName' -# last_name: 'sn' -# ## EE only -# group_base: '' -# admin_group: '' -# sync_ssh_keys: false -# EOS - -### OmniAuth Settings -###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html -# gitlab_rails['omniauth_enabled'] = false -# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] -# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' -# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' -# gitlab_rails['omniauth_block_auto_created_users'] = true -# gitlab_rails['omniauth_auto_link_ldap_user'] = false -# gitlab_rails['omniauth_auto_link_saml_user'] = false -# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] -# gitlab_rails['omniauth_providers'] = [ -# { -# "name" => "google_oauth2", -# "app_id" => "YOUR APP ID", -# "app_secret" => "YOUR APP SECRET", -# "args" => { "access_type" => "offline", "approval_prompt" => "" } -# } -# ] - -### Backup Settings -###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html - -# gitlab_rails['manage_backup_path'] = true -# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" - -###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions -# gitlab_rails['backup_archive_permissions'] = 0644 - -# gitlab_rails['backup_pg_schema'] = 'public' - -###! The duration in seconds to keep backups before they are allowed to be deleted -gitlab_rails['backup_keep_time'] = 60 - -# gitlab_rails['backup_upload_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AKIAKIAKI', -# 'aws_secret_access_key' => 'secret123' -# } -# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' -# gitlab_rails['backup_multipart_chunk_size'] = 104857600 - -###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for -###! backups** -# gitlab_rails['backup_encryption'] = 'AES256' - -###! **Specifies Amazon S3 storage class to use for backups. Valid values -###! include 'STANDARD', 'STANDARD_IA', 'GLACIER', and -###! 'REDUCED_REDUNDANCY'** -# gitlab_rails['backup_storage_class'] = 'STANDARD' - -### For setting up different data storing directory -###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory -###! **If you want to use a single non-default directory to store git data use a -###! path that doesn't contain symlinks.** -# git_data_dirs({ -# "default" => { -# "path" => "/mnt/nfs-01/git-data", -# "failure_count_threshold" => 10, -# "failure_wait_time" => 30, -# "failure_reset_time" => 1800, -# "storage_timeout" => 5 -# } -# }) - -### Gitaly settings -# gitlab_rails['gitaly_token'] = 'secret token' - -### For storing GitLab application uploads, eg. LFS objects, build artifacts -###! Docs: https://docs.gitlab.com/ce/development/shared_files.html -# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' - -### GitLab Shell settings for GitLab -gitlab_rails['gitlab_shell_ssh_port'] = 2224 -# gitlab_rails['git_max_size'] = 20971520 -# gitlab_rails['git_timeout'] = 10 -# gitlab_rails['gitlab_shell_git_timeout'] = 800 - -### Extra customization -# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' -# gitlab_rails['extra_piwik_url'] = '_your_piwik_url' -# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id' - -##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html -# gitlab_rails['env'] = { -# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" -# } - -# gitlab_rails['rack_attack_git_basic_auth'] = { -# 'enabled' => true, -# 'ip_whitelist' => ["127.0.0.1"], -# 'maxretry' => 10, -# 'findtime' => 60, -# 'bantime' => 3600 -# } - -# gitlab_rails['rack_attack_protected_paths'] = [ -# '/users/password', -# '/users/sign_in', -# '/api/#{API::API.version}/session.json', -# '/api/#{API::API.version}/session', -# '/users', -# '/users/confirmation', -# '/unsubscribes/', -# '/import/github/personal_access_token' -# ] - -###! **We do not recommend changing these directories.** -# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" -# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" - -### GitLab application settings -# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" -# gitlab_rails['rate_limit_requests_per_period'] = 10 -# gitlab_rails['rate_limit_period'] = 60 - -#### Change the initial default admin password and shared runner registraion tokens. -####! **Only applicable on initial setup, changing these settings after database -####! is created and seeded won't yield any change.** -# gitlab_rails['initial_root_password'] = "password" -# gitlab_rails['initial_shared_runners_registration_token'] = "token" - -#### Enable or disable automatic database migrations -# gitlab_rails['auto_migrate'] = true - -#### This is advanced feature used by large gitlab deployments where loading -#### whole RAILS env takes a lot of time. -# gitlab_rails['rake_cache_clear'] = true - -### GitLab database settings -###! Docs: https://docs.gitlab.com/omnibus/settings/database.html -###! **Only needed if you use an external database.** -# gitlab_rails['db_adapter'] = "postgresql" -# gitlab_rails['db_encoding'] = "unicode" -# gitlab_rails['db_collation'] = nil -# gitlab_rails['db_database'] = "gitlabhq_production" -# gitlab_rails['db_pool'] = 10 -# gitlab_rails['db_username'] = "gitlab" -# gitlab_rails['db_password'] = nil -# gitlab_rails['db_host'] = nil -# gitlab_rails['db_port'] = 5432 -# gitlab_rails['db_socket'] = nil -# gitlab_rails['db_sslmode'] = nil -# gitlab_rails['db_sslrootcert'] = nil -# gitlab_rails['db_prepared_statements'] = true -# gitlab_rails['db_statements_limit'] = 1000 - - -### GitLab Redis settings -###! Connect to your own Redis instance -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html - -#### Redis TCP connection -# gitlab_rails['redis_host'] = "127.0.0.1" -# gitlab_rails['redis_port'] = 6379 -# gitlab_rails['redis_password'] = nil -# gitlab_rails['redis_database'] = 0 - -#### Redis local UNIX socket (will be disabled if TCP method is used) -# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" - -#### Sentinel support -####! To have Sentinel working, you must enable Redis TCP connection support -####! above and define a few Sentinel hosts below (to get a reliable setup -####! at least 3 hosts). -####! **You don't need to list every sentinel host, but the ones not listed will -####! not be used in a fail-over situation to query for the new master.** -# gitlab_rails['redis_sentinels'] = [ -# {'host' => '127.0.0.1', 'port' => 26379}, -# ] - -### GitLab email server settings -###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html -###! **Use smtp instead of sendmail/postfix.** - -gitlab_rails['smtp_enable'] = true -gitlab_rails['smtp_address'] = "mail.banditlair.com" -gitlab_rails['smtp_port'] = 465 -gitlab_rails['smtp_user_name'] = "noreply@banditlair.com" -gitlab_rails['smtp_password'] = "{{email_password}}" -gitlab_rails['smtp_domain'] = "banditlair.com" -gitlab_rails['smtp_authentication'] = "plain" -gitlab_rails['smtp_enable_starttls_auto'] = true -gitlab_rails['smtp_tls'] = true - -###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** -###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html -# gitlab_rails['smtp_openssl_verify_mode'] = 'none' - -# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" -# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" - -################################################################################ -## Container Registry settings -##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html -################################################################################ - -registry_external_url 'https://registry.banditlair.com' - -### Settings used by GitLab application -gitlab_rails['registry_enabled'] = true -gitlab_rails['registry_host'] = "registry.banditlair.com" -gitlab_rails['registry_port'] = "443" -# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" - -###! **Do not change the following 3 settings unless you know what you are -###! doing** -# gitlab_rails['registry_api_url'] = "http://localhost:5000" -# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" -# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" - -### Settings used by Registry application -# registry['enable'] = true -# registry['username'] = "registry" -# registry['group'] = "registry" -# registry['uid'] = nil -# registry['gid'] = nil -# registry['dir'] = "/var/opt/gitlab/registry" -# registry['registry_http_addr'] = "localhost:5000" -# registry['debug_addr'] = "localhost:5001" -# registry['log_directory'] = "/var/log/gitlab/registry" -# registry['log_level'] = "info" -# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" -# registry['storage_delete_enabled'] = true - -### Registry backend storage -###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver -# registry['storage'] = { -# 's3' => { -# 'accesskey' => 'AKIAKIAKI', -# 'secretkey' => 'secret123', -# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI' -# } -# } - -### Registry notifications endpoints -# registry['notifications'] = [ -# { -# 'name' => 'test_endpoint', -# 'url' => 'https://gitlab.example.com/notify2', -# 'timeout' => '500ms', -# 'threshold' => 5, -# 'backoff' => '1s', -# 'headers' => { -# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"] -# } -# } -# ] -### Default registry notifications -# registry['default_notifications_timeout'] = "500ms" -# registry['default_notifications_threshold'] = 5 -# registry['default_notifications_backoff'] = "1s" -# registry['default_notifications_headers'] = {} - - - -################################################################################ -## GitLab Workhorse -##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md -################################################################################ - -# gitlab_workhorse['enable'] = true -# gitlab_workhorse['ha'] = false -# gitlab_workhorse['listen_network'] = "unix" -# gitlab_workhorse['listen_umask'] = 000 -# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket" -# gitlab_workhorse['auth_backend'] = "http://localhost:8080" - -##! the empty string is the default in gitlab-workhorse option parser -# gitlab_workhorse['auth_socket'] = "''" - -##! put an empty string on the command line -# gitlab_workhorse['pprof_listen_addr'] = "''" - -##! put an empty string on the command line -# gitlab_workhorse['prometheus_listen_addr'] = "''" - -# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" -# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" -# gitlab_workhorse['proxy_headers_timeout'] = "1m0s" - -##! limit number of concurrent API requests, defaults to 0 which is unlimited -# gitlab_workhorse['api_limit'] = 0 - -##! limit number of API requests allowed to be queued, defaults to 0 which -##! disables queuing -# gitlab_workhorse['api_queue_limit'] = 0 - -##! duration after which we timeout requests if they sit too long in the queue -# gitlab_workhorse['api_queue_duration'] = "30s" - -##! Long polling duration for job requesting for runners -# gitlab_workhorse['api_ci_long_polling_duration'] = "60s" - -# gitlab_workhorse['env'] = { -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" -# } - -################################################################################ -## GitLab User Settings -##! Modify default git user. -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group -################################################################################ - -# user['username'] = "git" -# user['group'] = "git" -# user['uid'] = nil -# user['gid'] = nil - -##! The shell for the git user -# user['shell'] = "/bin/sh" - -##! The home directory for the git user -# user['home'] = "/var/opt/gitlab" - -# user['git_user_name'] = "GitLab" -# user['git_user_email'] = "gitlab@#{node['fqdn']}" - -################################################################################ -## GitLab Unicorn -##! Tweak unicorn settings. -##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html -################################################################################ - -# unicorn['worker_timeout'] = 60 -###! Minimum worker_processes is 2 at this moment -###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771 -# unicorn['worker_processes'] = 2 - -### Advanced settings -# unicorn['listen'] = '127.0.0.1' -# unicorn['port'] = 8080 -# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' -# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid' -# unicorn['tcp_nopush'] = true -# unicorn['backlog_socket'] = 1024 - -###! **Make sure somaxconn is equal or higher then backlog_socket** -# unicorn['somaxconn'] = 1024 - -###! **We do not recommend changing this setting** -# unicorn['log_directory'] = "/var/log/gitlab/unicorn" - -### **Only change these settings if you understand well what they mean** -###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/ -###! https://github.com/kzk/unicorn-worker-killer -# unicorn['worker_memory_limit_min'] = "400 * 1 << 20" -# unicorn['worker_memory_limit_max'] = "650 * 1 << 20" - -################################################################################ -## GitLab Sidekiq -################################################################################ - -# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" -# sidekiq['shutdown_timeout'] = 4 -# sidekiq['concurrency'] = 25 - -################################################################################ -## gitlab-shell -################################################################################ - -# gitlab_shell['audit_usernames'] = false -# gitlab_shell['log_level'] = 'INFO' -# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} -# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" -# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks" - -# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" - -### Git trace log file. -###! If set, git commands receive GIT_TRACE* environment variables -###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging -###! An absolute path starting with / – the trace output will be appended to -###! that file. It needs to exist so we can check permissions and avoid -###! throwing warnings to the users. -# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" - -##! **We do not recommend changing this directory.** -# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" - -################################################################ -## GitLab PostgreSQL -################################################################ - -###! Changing any of these settings requires a restart of postgresql. -###! By default, reconfigure reloads postgresql if it is running. If you -###! change any of these settings, be sure to run `gitlab-ctl restart postgresql` -###! after reconfigure in order for the changes to take effect. -# postgresql['enable'] = true -# postgresql['listen_address'] = nil -# postgresql['port'] = 5432 -# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data" - -##! **recommend value is 1/4 of total RAM, up to 14GB.** -# postgresql['shared_buffers'] = "256MB" - -### Advanced settings -# postgresql['ha'] = false -# postgresql['dir'] = "/var/opt/gitlab/postgresql" -# postgresql['log_directory'] = "/var/log/gitlab/postgresql" -# postgresql['username'] = "gitlab-psql" -# postgresql['uid'] = nil -# postgresql['gid'] = nil -# postgresql['shell'] = "/bin/sh" -# postgresql['home'] = "/var/opt/gitlab/postgresql" -# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" -# postgresql['sql_user'] = "gitlab" -# postgresql['max_connections'] = 200 -# postgresql['md5_auth_cidr_addresses'] = [] -# postgresql['trust_auth_cidr_addresses'] = [] -# postgresql['wal_buffers'] = "-1" -# postgresql['autovacuum_max_workers'] = "3" -# postgresql['autovacuum_freeze_max_age'] = "200000000" -# postgresql['track_activity_query_size'] = "1024" -# postgresql['shared_preload_libraries'] = nil -# postgresql['dynamic_shared_memory_type'] = nil -# postgresql['hot_standby'] = "off" - -### Replication settings -###! Note, some replication settings do not require a full restart. They are documented below. -# postgresql['wal_level'] = "hot_standby" -# postgresql['max_wal_senders'] = 5 -# postgresql['max_replication_slots'] = 0 -# postgresql['max_locks_per_transaction'] = 128 - -# Backup/Archive settings -# default['gitlab']['postgresql']['archive_mode'] = "off" - -###! Changing any of these settings only requires a reload of postgresql. You do not need to -###! restart postgresql if you change any of these and run reconfigure. -# postgresql['work_mem'] = "16MB" -# postgresql['maintenance_work_mem'] = "16MB" -# postgresql['checkpoint_segments'] = 10 -# postgresql['checkpoint_timeout'] = "5min" -# postgresql['checkpoint_completion_target'] = 0.9 -# postgresql['checkpoint_warning'] = "30s" -# postgresql['effective_cache_size'] = "1MB" -# postgresql['shmmax'] = 17179869184 # or 4294967295 -# postgresql['shmall'] = 4194304 # or 1048575 -# postgresql['autovacuum'] = "on" -# postgresql['log_autovacuum_min_duration'] = "-1" -# postgresql['autovacuum_naptime'] = "1min" -# postgresql['autovacuum_vacuum_threshold'] = "50" -# postgresql['autovacuum_analyze_threshold'] = "50" -# postgresql['autovacuum_vacuum_scale_factor'] = "0.02" -# postgresql['autovacuum_analyze_scale_factor'] = "0.01" -# postgresql['autovacuum_vacuum_cost_delay'] = "20ms" -# postgresql['autovacuum_vacuum_cost_limit'] = "-1" -# postgresql['statement_timeout'] = "60000" -# postgresql['idle_in_transaction_session_timeout'] = "60000" -# postgresql['log_line_prefix'] = "%a" - -### Available in PostgreSQL 9.6 and later -# postgresql['min_wal_size'] = 80MB -# postgresql['max_wal_size'] = 1GB - -# Backup/Archive settings -# default['gitlab']['postgresql']['archive_command'] = nil -# default['gitlab']['postgresql']['archive_timeout'] = "60" - -### Replication settings -# postgresql['sql_replication_user'] = "gitlab_replicator" -# postgresql['wal_keep_segments'] = 10 -# postgresql['max_standby_archive_delay'] = "30s" -# postgresql['max_standby_streaming_delay'] = "30s" -# postgresql['synchronous_commit'] = on -# postgresql['synchronous_standby_names'] = '' -# postgresql['hot_standby_feedback'] = 'off' -# postgresql['random_page_cost'] = 2.0 -# postgresql['log_temp_files'] = -1 -# postgresql['log_checkpoints'] = 'off' -# To add custom entries to pg_hba.conf use the following -# postgresql['custom_pg_hba_entries'][APPLICATION] = { # APPLICATION should identify what the settings are used for -# type: example, -# database: example, -# user: example, -# cidr: example, -# method: example, -# option: exmple -# } -# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation -# of the values - - -################################################################################ -## GitLab Redis -##! **Can be disabled if you are using your own Redis instance.** -##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html -################################################################################ - -# redis['enable'] = true -# redis['username'] = "gitlab-redis" -# redis['maxclients'] = "10000" -# redis['tcp_timeout'] = "60" -# redis['tcp_keepalive'] = "300" -# redis['uid'] = nil -# redis['gid'] = nil - -###! **To enable only Redis service in this machine, uncomment -###! one of the lines below (choose master or slave instance types).** -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html -###! https://docs.gitlab.com/ce/administration/high_availability/redis.html -# redis_master_role['enable'] = true -# redis_slave_role['enable'] = true - -### Redis TCP support (will disable UNIX socket transport) -# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one -# redis['port'] = 6379 -# redis['password'] = 'redis-password-goes-here' - -### Redis Sentinel support -###! **You need a master slave Redis replication to be able to do failover** -###! **Please read the documentation before enabling it to understand the -###! caveats:** -###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html - -### Replication support -#### Slave Redis instance -# redis['master'] = false # by default this is true - -#### Slave and Sentinel shared configuration -####! **Both need to point to the master Redis instance to get replication and -####! heartbeat monitoring** -# redis['master_name'] = 'gitlab-redis' -# redis['master_ip'] = nil -# redis['master_port'] = 6379 - -####! **Master password should have the same value defined in -####! redis['password'] to enable the instance to transition to/from -####! master/slave in a failover event.** -# redis['master_password'] = 'redis-password-goes-here' - -####! Increase these values when your slaves can't catch up with master -# redis['client_output_buffer_limit_normal'] = '0 0 0' -# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60' -# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' - -################################################################################ -## GitLab Web server -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server -################################################################################ - -##! When bundled nginx is disabled we need to add the external webserver user to -##! the GitLab webserver group. -# web_server['external_users'] = [] -# web_server['username'] = 'gitlab-www' -# web_server['group'] = 'gitlab-www' -# web_server['uid'] = nil -# web_server['gid'] = nil -# web_server['shell'] = '/bin/false' -# web_server['home'] = '/var/opt/gitlab/nginx' - -################################################################################ -## GitLab NGINX -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html -################################################################################ - -# nginx['enable'] = true -# nginx['client_max_body_size'] = '250m' -# nginx['redirect_http_to_https'] = false -# nginx['redirect_http_to_https_port'] = 80 - -##! Most root CA's are included by default -# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" - -##! enable/disable 2-way SSL client authentication -# nginx['ssl_verify_client'] = "off" - -##! if ssl_verify_client on, verification depth in the client certificates chain -# nginx['ssl_verify_depth'] = "1" - -# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" -# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" -# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" -# nginx['ssl_prefer_server_ciphers'] = "on" - -##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -##! https://cipherli.st/** -# nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" - -##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** -# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m" - -##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** -# nginx['ssl_session_timeout'] = "5m" - -# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem -# nginx['listen_addresses'] = ['*', '[::]'] - -##! **Defaults to forcing web browsers to always communicate using only HTTPS** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security -# nginx['hsts_max_age'] = 31536000 -# nginx['hsts_include_subdomains'] = false - -##! **Override only if you use a reverse proxy** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port -nginx['listen_port'] = 9090 - -##! **Override only if your reverse proxy internally communicates over HTTP** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl -nginx['listen_https'] = false - -# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" -# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" -# nginx['proxy_read_timeout'] = 3600 -# nginx['proxy_connect_timeout'] = 300 -nginx['proxy_set_headers'] = { -# "Host" => "$http_host_with_default", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", - "X-Forwarded-Proto" => "https", - "X-Forwarded-Ssl" => "on" -# "Upgrade" => "$http_upgrade", -# "Connection" => "$connection_upgrade" -} -# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' -# nginx['proxy_cache'] = 'gitlab' -# nginx['http2_enabled'] = true -# nginx['real_ip_trusted_addresses'] = [] -# nginx['real_ip_header'] = nil -# nginx['real_ip_recursive'] = nil -# nginx['custom_error_pages'] = { -# '404' => { -# 'title' => 'Example title', -# 'header' => 'Example header', -# 'message' => 'Example message' -# } -# } - -### Advanced settings -# nginx['dir'] = "/var/opt/gitlab/nginx" -# nginx['log_directory'] = "/var/log/gitlab/nginx" -# nginx['worker_processes'] = 4 -# nginx['worker_connections'] = 10240 -# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' -# nginx['sendfile'] = 'on' -# nginx['tcp_nopush'] = 'on' -# nginx['tcp_nodelay'] = 'on' -# nginx['gzip'] = "on" -# nginx['gzip_http_version'] = "1.0" -# nginx['gzip_comp_level'] = "2" -# nginx['gzip_proxied'] = "any" -# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] -# nginx['keepalive_timeout'] = 65 -# nginx['cache_max_size'] = '5000m' -# nginx['server_names_hash_bucket_size'] = 64 - -### Nginx status -# nginx['status'] = { -# "enable" => true, -# "listen_addresses" => ["127.0.0.1"], -# "fqdn" => "dev.example.com", -# "port" => 9999, -# "options" => { -# "stub_status" => "on", # Turn on stats -# "server_tokens" => "off", # Don't show the version of NGINX -# "access_log" => "off", # Disable logs for stats -# "allow" => "127.0.0.1", # Only allow access from localhost -# "deny" => "all" # Deny access to anyone else -# } -# } - -################################################################################ -## GitLab Logging -##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html -################################################################################ - -# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data -# logging['svlogd_num'] = 30 # keep 30 rotated log files -# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours -# logging['svlogd_filter'] = "gzip" # compress logs with gzip -# logging['svlogd_udp'] = nil # transmit log messages via UDP -# logging['svlogd_prefix'] = nil # custom prefix for log messages -# logging['logrotate_frequency'] = "daily" # rotate logs daily -# logging['logrotate_size'] = nil # do not rotate by size by default -# logging['logrotate_rotate'] = 30 # keep 30 rotated logs -# logging['logrotate_compress'] = "compress" # see 'man logrotate' -# logging['logrotate_method'] = "copytruncate" # see 'man logrotate' -# logging['logrotate_postrotate'] = nil # no postrotate command by default -# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz - -### UDP log forwarding -##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding - -##! remote host to ship log messages to via UDP -# logging['udp_log_shipping_host'] = nil - -##! remote port to ship log messages to via UDP -# logging['udp_log_shipping_port'] = 514 - -################################################################################ -## Logrotate -##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate -##! You can disable built in logrotate feature. -################################################################################ -# logrotate['enable'] = true - -################################################################################ -## Users and groups accounts -##! Disable management of users and groups accounts. -##! **Set only if creating accounts manually** -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management -################################################################################ - -# manage_accounts['enable'] = false - -################################################################################ -## Storage directories -##! Disable managing storage directories -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management -################################################################################ - -##! **Set only if the select directories are created manually** -# manage_storage_directories['enable'] = false -# manage_storage_directories['manage_etc'] = false - -################################################################################ -## Runtime directory -##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory -################################################################################ - -# runtime_dir '/run' - -################################################################################ -## Git -##! Advanced setting for configuring git system settings for omnibus-gitlab -##! internal git -################################################################################ - -##! For multiple options under one header use array of comma separated values, -##! eg.: -##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } - -# omnibus_gitconfig['system'] = { -# "pack" => ["threads = 1"], -# "receive" => ["fsckObjects = true"], -# "repack" => ["writeBitmaps = true"], -# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"], -# } - -################################################################################ -## GitLab Pages -##! Docs: https://docs.gitlab.com/ce/pages/administration.html -################################################################################ - -##! Define to enable GitLab Pages -# pages_external_url "http://pages.example.com/" -# gitlab_pages['enable'] = false - -##! Configure to expose GitLab Pages on external IP address, serving the HTTP -# gitlab_pages['external_http'] = [] - -##! Configure to expose GitLab Pages on external IP address, serving the HTTPS -# gitlab_pages['external_https'] = [] - -# gitlab_pages['listen_proxy'] = "localhost:8090" -# gitlab_pages['redirect_http'] = true -# gitlab_pages['use_http2'] = true -# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" -# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" - -##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics -# gitlab_pages['metrics_address'] = ":9235" - -################################################################################ -## GitLab Pages NGINX -################################################################################ - -# All the settings defined in the "GitLab Nginx" section are also available in this "GitLab Pages NGINX" section -# You just have to change the key "nginx['some_settings']" with "pages_nginx['some_settings']" - -# Below you can find settings that are exclusive to "GitLab Pages NGINX" -# pages_nginx['enable'] = false - -# gitlab_rails['pages_path'] = "/mnt/storage/pages" - -################################################################################ -## GitLab CI -##! Docs: https://docs.gitlab.com/ce/ci/quick_start/README.html -################################################################################ - -# gitlab_ci['gitlab_ci_all_broken_builds'] = true -# gitlab_ci['gitlab_ci_add_pusher'] = true -# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' - -################################################################################ -## GitLab Mattermost -##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost -################################################################################ - -# mattermost_external_url 'http://mattermost.example.com' - -# mattermost['enable'] = false -# mattermost['username'] = 'mattermost' -# mattermost['group'] = 'mattermost' -# mattermost['uid'] = nil -# mattermost['gid'] = nil -# mattermost['home'] = '/var/opt/gitlab/mattermost' -# mattermost['database_name'] = 'mattermost_production' - -# mattermost['service_use_ssl'] = false -# mattermost['service_address'] = "127.0.0.1" -# mattermost['service_port'] = "8065" -# mattermost['service_site_url'] = nil -# mattermost['service_maximum_login_attempts'] = 10 -# mattermost['service_google_developer_key'] = nil -# mattermost['service_enable_incoming_webhooks'] = true -# mattermost['service_enable_post_username_override'] = true -# mattermost['service_enable_post_icon_override'] = true -# mattermost['service_enable_testing'] = false -# mattermost['service_enable_security_fix_alert'] = true -# mattermost['service_enable_insecure_outgoing_connections'] = false -# mattermost['service_allow_cors_from'] = "" -# mattermost['service_enable_outgoing_webhooks'] = true -# mattermost['service_enable_commands'] = true -# mattermost['service_enable_custom_emoji'] = false -# mattermost['service_enable_only_admin_integrations'] = true -# mattermost['service_enable_oauth_service_provider'] = false -# mattermost['service_enable_developer'] = false -# mattermost['service_session_length_web_in_days'] = 30 -# mattermost['service_session_length_mobile_in_days'] = 30 -# mattermost['service_session_length_sso_in_days'] = 30 -# mattermost['service_session_cache_in_minutes'] = 10 -# mattermost['service_connection_security'] = nil -# mattermost['service_tls_cert_file'] = nil -# mattermost['service_tls_key_file'] = nil -# mattermost['service_use_lets_encrypt'] = false -# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache" -# mattermost['service_forward_80_to_443'] = false -# mattermost['service_read_timeout'] = 300 -# mattermost['service_write_timeout'] = 300 -# mattermost['service_time_between_user_typing_updates_milliseconds'] = 5000 -# mattermost['service_enable_link_previews'] = false -# mattermost['service_enable_user_typing_messages'] = true -# mattermost['service_enable_post_search'] = true -# mattermost['service_enable_user_statuses'] = true -# mattermost['service_enable_emoji_picker'] = true -# mattermost['service_enable_channel_viewed_messages'] = true -# mattermost['service_enable_apiv3'] = true -# mattermost['service_goroutine_health_threshold'] = -1 -# mattermost['service_user_access_tokens'] = false - -# mattermost['team_site_name'] = "GitLab Mattermost" -# mattermost['team_max_users_per_team'] = 150 -# mattermost['team_enable_team_creation'] = true -# mattermost['team_enable_user_creation'] = true -# mattermost['team_enable_open_server'] = false -# mattermost['team_allow_public_link'] = true -# mattermost['team_allow_valet_default'] = false -# mattermost['team_restrict_creation_to_domains'] = "gmail.com" -# mattermost['team_restrict_team_names'] = true -# mattermost['team_restrict_direct_message'] = "any" -# mattermost['team_max_channels_per_team'] = 2000 -# mattermost['team_user_status_away_timeout'] = 300 -# mattermost['team_teammate_name_display'] = "full_name" - -# mattermost['sql_driver_name'] = 'mysql' -# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" -# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"] -# mattermost['sql_max_idle_conns'] = 10 -# mattermost['sql_max_open_conns'] = 10 -# mattermost['sql_trace'] = false -# mattermost['sql_data_source_search_replicas'] = [] -# mattermost['sql_query_timeout'] = 30 - - -# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost' -# mattermost['log_console_enable'] = true -# mattermost['log_console_level'] = 'INFO' -# mattermost['log_enable_file'] = false -# mattermost['log_file_level'] = 'INFO' -# mattermost['log_file_format'] = nil -# mattermost['log_enable_diagnostics'] = true - -# mattermost['gitlab_enable'] = false -# mattermost['gitlab_id'] = "12345656" -# mattermost['gitlab_secret'] = "123456789" -# mattermost['gitlab_scope'] = "" -# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" -# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" -# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user" - -# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'} - -# mattermost['email_enable_sign_up_with_email'] = true -# mattermost['email_enable_sign_in_with_email'] = true -# mattermost['email_enable_sign_in_with_username'] = false -# mattermost['email_send_email_notifications'] = false -# mattermost['email_require_email_verification'] = false -# mattermost['email_smtp_username'] = nil -# mattermost['email_smtp_password'] = nil -# mattermost['email_smtp_server'] = nil -# mattermost['email_smtp_port'] = nil -# mattermost['email_connection_security'] = nil -# mattermost['email_feedback_name'] = nil -# mattermost['email_feedback_email'] = nil -# mattermost['email_feedback_organization'] = nil -# mattermost['email_send_push_notifications'] = true -# mattermost['email_push_notification_server'] = "" -# mattermost['email_push_notification_contents'] = "generic" -# mattermost['email_enable_batching'] = false -# mattermost['email_batching_buffer_size'] = 256 -# mattermost['email_batching_interval'] = 30 -# mattermost['email_skip_server_certificate_verification'] = false -# mattermost['email_smtp_auth'] = false -# mattermost['email_notification_content_type'] = "full" - -# mattermost['file_max_file_size'] = 52428800 -# mattermost['file_driver_name'] = "local" -# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" -# mattermost['file_enable_public_link'] = true -# mattermost['file_initial_font'] = 'luximbi.ttf' -# mattermost['file_amazon_s3_access_key_id'] = nil -# mattermost['file_amazon_s3_bucket'] = nil -# mattermost['file_amazon_s3_secret_access_key'] = nil -# mattermost['file_amazon_s3_region'] = nil -# mattermost["file_amazon_s3_endpoint"] = nil -# mattermost["file_amazon_s3_bucket_endpoint"] = nil -# mattermost["file_amazon_s3_location_constraint"] = false -# mattermost["file_amazon_s3_lowercase_bucket"] = false -# mattermost["file_amazon_s3_ssl"] = true -# mattermost["file_amazon_s3_sign_v2"] = false -# mattermost['file_enable_file_attachments'] = true - -# mattermost['ratelimit_enable_rate_limiter'] = false -# mattermost['ratelimit_per_sec'] = 10 -# mattermost['ratelimit_memory_store_size'] = 10000 -# mattermost['ratelimit_vary_by_remote_addr'] = true -# mattermost['ratelimit_vary_by_header'] = nil -# mattermost['ratelimit_max_burst'] = 100 - -# mattermost['support_terms_of_service_link'] = "/static/help/terms.html" -# mattermost['support_privacy_policy_link'] = "/static/help/privacy.html" -# mattermost['support_about_link'] = "/static/help/about.html" -# mattermost['support_report_a_problem_link'] = "/static/help/report_problem.html" -# mattermost['support_email'] = "support@example.com" - -# mattermost['privacy_show_email_address'] = true -# mattermost['privacy_show_full_name'] = true - -# mattermost['localization_server_locale'] = "en" -# mattermost['localization_client_locale'] = "en" -# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR" - -# mattermost['webrtc_enable'] = false -# mattermost['webrtc_gateway_websocket_url'] = nil -# mattermost['webrtc_gateway_admin_url'] = nil -# mattermost['webrtc_gateway_admin_secret'] = nil -# mattermost['webrtc_gateway_stun_uri'] = nil -# mattermost['webrtc_gateway_turn_uri'] = nil -# mattermost['webrtc_gateway_turn_username'] = nil -# mattermost['webrtc_gateway_turn_shared_key'] = nil - -################################################################################ -## Mattermost NGINX -################################################################################ - -# All the settings defined in the "GitLab NGINX" section are also available in this "Mattermost NGINX" section -# You just have to change the key "nginx['some_settings']" with "mattermost_nginx['some_settings']" - -# Below you can find settings that are exclusive to "Mattermost NGINX" -# mattermost_nginx['enable'] = false - -# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" -# mattermost_nginx['proxy_set_headers'] = { -# "Host" => "$http_host", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", -# "X-Frame-Options" => "SAMEORIGIN", -# "X-Forwarded-Proto" => "https", -# "X-Forwarded-Ssl" => "on", -# "Upgrade" => "$http_upgrade", -# "Connection" => "$connection_upgrade" -# } - - -################################################################################ -## Registry NGINX -################################################################################ - -# All the settings defined in the "GitLab NGINX" section are also available in this "Registry NGINX" section -# You just have to change the key "nginx['some_settings']" with "registry_nginx['some_settings']" - -# Below you can find settings that are exclusive to "Registry NGINX" -registry_nginx['enable'] = true -registry_nginx['listen_port'] = 5005 -registry_nginx['listen_https'] = false - -registry_nginx['proxy_set_headers'] = { -# "Host" => "$http_host", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", - "X-Forwarded-Proto" => "https", - "X-Forwarded-Ssl" => "on" -} - -################################################################################ -## Prometheus -##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/ -################################################################################ - -prometheus['enable'] = false -prometheus['monitor_kubernetes'] = false -# prometheus['username'] = 'gitlab-prometheus' -# prometheus['uid'] = nil -# prometheus['gid'] = nil -# prometheus['shell'] = '/bin/sh' -# prometheus['home'] = '/var/opt/gitlab/prometheus' -# prometheus['log_directory'] = '/var/log/gitlab/prometheus' -# prometheus['scrape_interval'] = 15 -# prometheus['scrape_timeout'] = 15 -# prometheus['chunk_encoding_version'] = 2 -# -### Custom scrape configs -# -# Prometheus can scrape additional jobs via scrape_configs. The default automatically -# includes all of the exporters supported by the omnibus config. -# -# See: https://prometheus.io/docs/operating/configuration/# -# -# Example: -# -# prometheus['scrape_configs'] = [ -# { -# 'job_name': 'example', -# 'static_configs' => [ -# 'targets' => ['hostname:port'], -# ], -# }, -# ] -# -### Prometheus Memory Management -# -# Prometheus needs to be configured for how much memory is used. -# * This sets the target heap size. -# * This value accounts for approximately 2/3 of the memory used by the server. -# * The recommended memory is 4kb per unique metrics time-series. -# See: https://prometheus.io/docs/operating/storage/#memory-usage -# -# prometheus['target_heap_size'] = ( -# # Use 25mb + 2% of total memory for Prometheus memory. -# 26_214_400 + (node['memory']['total'].to_i * 1024 * 0.02 ) -# ).to_i -# -# prometheus['flags'] = { -# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data", -# 'storage.local.chunk-encoding-version' => user_config['chunk-encoding-version'], -# 'storage.local.target-heap-size' => node['gitlab']['prometheus']['target-heap-size'], -# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# prometheus['listen_address'] = 'localhost:9090' - -################################################################################ -## Prometheus Node Exporter -##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/node_exporter.html -################################################################################ - -# node_exporter['enable'] = true -# node_exporter['home'] = '/var/opt/gitlab/node-exporter' -# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' -# node_exporter['flags'] = { -# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# node_exporter['listen_address'] = 'localhost:9100' - -################################################################################ -## Prometheus Redis exporter -##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/redis_exporter.html -################################################################################ - -# redis_exporter['enable'] = true -# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter' -# redis_exporter['flags'] = { -# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}", -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# redis_exporter['listen_address'] = 'localhost:9121' - -################################################################################ -## Prometheus Postgres exporter -##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/postgres_exporter.html -################################################################################ - -# postgres_exporter['enable'] = true -# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter' -# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter' -# postgres_exporter['flags'] = {} -# postgres_exporter['listen_address'] = 'localhost:9187' - -################################################################################ -## Prometheus Gitlab monitor -##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html -################################################################################ - - -# gitlab_monitor['enable'] = true -# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor" -# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor" - -##! Advanced settings. Should be changed only if absolutely needed. -# gitlab_monitor['listen_address'] = 'localhost' -# gitlab_monitor['listen_port'] = '9168' - -# To completely disable prometheus, and all of it's exporters, set to false -# prometheus_monitoring['enable'] = true - -################################################################################ -## Gitaly -##! Docs: -################################################################################ - - -# gitaly['enable'] = false -# gitaly['dir'] = "/var/opt/gitlab/gitaly" -# gitaly['log_directory'] = "/var/log/gitlab/gitaly" -# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly" -# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly" -# gitaly['env'] = { -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", -# 'HOME' => '/var/opt/gitlab' -# } -# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket" -# gitaly['listen_addr'] = "localhost:8075" -# gitaly['prometheus_listen_addr'] = "localhost:9175" -# gitaly['logging_format'] = "json" -# gitaly['logging_sentry_dsn'] = "https://:@sentry.io/" -# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]" -# gitaly['auth_token'] = '' -# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced - - -################################################################################ -################################################################################ -## Configuration Settings for GitLab EE only ## -################################################################################ -################################################################################ - - -################################################################################ -## Auxiliary cron jobs applicable to GitLab EE only -################################################################################ -# -# gitlab_rails['geo_bulk_notify_worker_cron'] = "*/10 * * * * *" -# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *" -# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *" -# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" -# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *" -# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" - -################################################################################ -## Kerberos (EE Only) -##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access -################################################################################ - -# gitlab_rails['kerberos_enabled'] = true -# gitlab_rails['kerberos_keytab'] = /etc/http.keytab -# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM -# gitlab_rails['kerberos_use_dedicated_port'] = true -# gitlab_rails['kerberos_port'] = 8443 -# gitlab_rails['kerberos_https'] = true - -################################################################################ -## GitLab Sentinel (EE Only) -##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel -################################################################################ - -##! **Make sure you configured all redis['master_*'] keys above before -##! continuing.** - -##! To enable Sentinel and disable all other services in this machine, -##! uncomment the line below (if you've enabled Redis role, it will keep it). -##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html -# redis_sentinel_role['enable'] = true - -# sentinel['enable'] = true - -##! Bind to all interfaces, uncomment to specify an IP and bind to a single one -# sentinel['bind'] = '0.0.0.0' - -##! Uncomment to change default port -# sentinel['port'] = 26379 - -##! Quorum must reflect the amount of voting sentinels it take to start a -##! failover. -##! **Value must NOT be greater then the amount of sentinels.** -##! The quorum can be used to tune Sentinel in two ways: -##! 1. If a the quorum is set to a value smaller than the majority of Sentinels -##! we deploy, we are basically making Sentinel more sensible to master -##! failures, triggering a failover as soon as even just a minority of -##! Sentinels is no longer able to talk with the master. -##! 2. If a quorum is set to a value greater than the majority of Sentinels, we -##! are making Sentinel able to failover only when there are a very large -##! number (larger than majority) of well connected Sentinels which agree -##! about the master being down. -# sentinel['quorum'] = 1 - -### Consider unresponsive server down after x amount of ms. -# sentinel['down_after_milliseconds'] = 10000 - -### Specifies the failover timeout in milliseconds. -##! It is used in many ways: -##! -##! - The time needed to re-start a failover after a previous failover was -##! already tried against the same master by a given Sentinel, is two -##! times the failover timeout. -##! -##! - The time needed for a slave replicating to a wrong master according -##! to a Sentinel current configuration, to be forced to replicate -##! with the right master, is exactly the failover timeout (counting since -##! the moment a Sentinel detected the misconfiguration). -##! -##! - The time needed to cancel a failover that is already in progress but -##! did not produced any configuration change (SLAVEOF NO ONE yet not -##! acknowledged by the promoted slave). -##! -##! - The maximum time a failover in progress waits for all the slaves to be -##! reconfigured as slaves of the new master. However even after this time -##! the slaves will be reconfigured by the Sentinels anyway, but not with -##! the exact parallel-syncs progression as specified. -# sentinel['failover_timeout'] = 60000 - -################################################################################ -## GitLab Sidekiq Cluster (EE only) -################################################################################ - -##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes -##! besides the default one. These processes can be used to consume a dedicated set -##! of queues. This can be used to ensure certain queues always have dedicated -##! workers, no matter the amount of jobs that need to be processed. - -# sidekiq_cluster['enable'] = false -# sidekiq_cluster['ha'] = false -# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster" -# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks - -##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a -##! Sidekiq process. Multiple queues can be processed by the same process by -##! separating them with a comma within the group entry - -# sidekiq_cluster['queue_groups'] = [ -# "process_commit,post_receive", -# "gitlab_shell" -# ] -# - -##! If negate is enabled then sidekiq-cluster will process all the queues that -##! don't match those in queue_groups. - -# sidekiq_cluster['negate'] = false - -################################################################################ -## Additional Database Settings (EE only) -##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html -################################################################################ -# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] } - -################################################################################ -## GitLab Geo -##! Docs: https://docs.gitlab.com/ee/gitlab-geo -################################################################################ -# geo_primary_role['enable'] = false -# geo_secondary_role['enable'] = false - -################################################################################ -## GitLab Geo Secondary (EE only) -################################################################################ -# geo_secondary['auto_migrate'] = true -# geo_secondary['db_adapter'] = "postgresql" -# geo_secondary['db_encoding'] = "unicode" -# geo_secondary['db_collation'] = nil -# geo_secondary['db_database'] = "gitlabhq_geo_production" -# geo_secondary['db_pool'] = 10 -# geo_secondary['db_username'] = "gitlab_geo" -# geo_secondary['db_password'] = nil -# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql" -# geo_secondary['db_port'] = 5431 -# geo_secondary['db_socket'] = nil -# geo_secondary['db_sslmode'] = nil -# geo_secondary['db_sslrootcert'] = nil -# geo_secondary['db_sslca'] = nil - -################################################################################ -## GitLab Geo Secondary Tracking Database (EE only) -################################################################################ - -# geo_postgresql['enable'] = false -# geo_postgresql['ha'] = false -# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql' -# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data' - -################################################################################ -# Pgbouncer (EE only) -# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only) -# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details -################################################################################ -# pgbouncer['enable'] = false -# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer' -# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer' -# pgbouncer['listen_addr'] = '0.0.0.0' -# pgbouncer['listen_port'] = '6432' -# pgbouncer['pool_mode'] = 'session' -# pgbouncer['server_reset_query'] = 'DISCARD ALL' -# pgbouncer['max_client_conn'] = '100' -# pgbouncer['default_pool_size'] = '20' -# pgbouncer['min_pool_size'] = '0' -# pgbouncer['reserve_pool_size'] = '0' -# pgbouncer['reserve_pool_timeout'] = '5.0' -# pgbouncer['server_round_robin'] = '0' -# pgbouncer['log_connections'] = '0' -# pgbouncer['server_idle_timeout'] = '600.0' -# pgbouncer['dns_max_ttl'] = '15.0' -# pgbouncer['dns_zone_check_period'] = '0' -# pgbouncer['dns_nxdomain_ttl'] = '15.0' -# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer) -# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer) -# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits' -# pgbouncer['databases'] = { -# DATABASE_NAME: { -# host: HOSTNAME, -# port: PORT -# user: USERNAME, -# password: PASSWORD -###! generate this with `echo -n '$password + $username' | md5sum` -# } -# ... -# } -# pgbouncer['auth_type'] = 'md5' -# pgbouncer['auth_hba_file'] = nil -# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)' -# pgbouncer['users'] = [ -# { -# name: USERNAME, -# password: MD5_PASSWORD_HASH -# } -# ] -# postgresql['pgbouncer_user'] = nil -# postgresql['pgbouncer_user_password'] = nil -# - -################################################################################ -# Repmgr (EE only) -################################################################################ -# repmgr['cluster'] = 'gitlab_cluster' -# repmgr['database'] = 'gitlab_repmgr' -# repmgr['host'] = nil -# repmgr['node_number'] = nil -# repmgr['port'] = 5432 -# repmgr['trust_auth_cidr_addresses'] = [] -# repmgr['user'] = 'gitlab_repmgr' - -################################################################################ -# Consul (EEP only) -################################################################################ -# consul['enable'] = false -# consul['dir'] = '/var/opt/gitlab/consul' -# consul['user'] = 'gitlab-consul' -# consul['config_file'] = '/var/opt/gitlab/consul/config.json' -# consul['config_dir'] = '/var/opt/gitlab/consul/config.d' -# consul['data_dir'] = '/var/opt/gitlab/consul/data' -# consul['log_directory'] = '/var/log/gitlab/consul' -# consul['script_directory'] = '/var/opt/gitlab/consul/scripts' -# consul['configuration'] = { -# 'client_addr' => nil, -# 'datacenter' => 'gitlab_consul', -# 'enable_script_checks' => true, -# 'server' => false -# } -# consul['services'] = [] -# consul['service_config'] = { -# 'postgresql' => { -# 'service' => { -# 'name' => "postgresql", -# 'address' => '', -# 'port' => 5432, -# 'checks' => [ -# { -# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql", -# 'interval' => "10s" -# } -# ] -# } -# } -# } -# consul['watchers'] = { -# 'postgresql' => { -# enable: false, -# handler: 'failover_pgbouncer' -# } -# } diff --git a/roles/invidious-docker/files/docker-compose.yml b/roles/invidious-docker/files/docker-compose.yml deleted file mode 100644 index 241d5e7..0000000 --- a/roles/invidious-docker/files/docker-compose.yml +++ /dev/null @@ -1,66 +0,0 @@ -version: '2.4' - -networks: - web: - external: - name: web - -services: - postgres: - image: postgres:10 - restart: unless-stopped - volumes: - - /var/lib/postgresql/invidious:/var/lib/postgresql/data - - /backups/invidious:/backups - - ./repo/config/sql:/config/sql - - ./repo/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh - environment: - POSTGRES_DB: invidious - POSTGRES_PASSWORD: kemal - POSTGRES_USER: kemal - healthcheck: - test: [ "CMD", "pg_isready", "-U", "postgres" ] - invidious: - build: - context: repo - dockerfile: docker/Dockerfile - mem_limit: 2g - restart: unless-stopped - volumes: - - ./config.yml:/invidious/config/config.yml - expose: - - 3000 - environment: - # Adapted from ./config/config.yml - INVIDIOUS_CONFIG: | - crawl_threads: 1 - channel_threads: 1 - check_tables: true - feed_threads: 1 - video_threads: 1 - db: - user: kemal - password: kemal - host: postgres - port: 5432 - dbname: invidious - full_refresh: false - https_only: true - geo_bypass: true - top_enabled: false - force_resolve: ipv4 - admins: - - paultrial - domain: yt.banditlair.com - labels: - - "traefik.backend=invidious" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:yt.banditlair.com" - - "traefik.enable=true" - - "traefik.port=3000" - - "traefik.default.protocol=http" - depends_on: - - postgres - networks: - - web - - default diff --git a/roles/invidious-docker/tasks/main.yml b/roles/invidious-docker/tasks/main.yml deleted file mode 100644 index 55d6b2d..0000000 --- a/roles/invidious-docker/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Copy docker-compose.yml - copy: - src: docker-compose.yml - dest: "{{docker_compose_files_folder}}/invidious/" - -- name: Checkout git repo - git: - repo: https://github.com/omarroth/invidious.git - dest: "{{docker_compose_files_folder}}/invidious/repo" - force: yes - -- name: Build and start docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/invidious" - build: yes - pull: yes - state: present diff --git a/roles/keepalived-hcloud/files/check_nginx.sh b/roles/keepalived-hcloud/files/check_nginx.sh deleted file mode 100644 index 756ff33..0000000 --- a/roles/keepalived-hcloud/files/check_nginx.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -curl 127.0.0.1/healthz -fsS diff --git a/roles/keepalived-hcloud/files/hcloud_failover.py b/roles/keepalived-hcloud/files/hcloud_failover.py deleted file mode 100644 index a3952db..0000000 --- a/roles/keepalived-hcloud/files/hcloud_failover.py +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env python3 -# (c) 2018 Maximilian Siegl - -import sys -import json -import os -import requests -from multiprocessing import Process - -CONFIG_PATH = os.path.join(os.path.abspath( - os.path.dirname(__file__)), "config.json") - - -def del_ip(ip_bin_path, floating_ip, interface): - os.system(ip_bin_path + " addr del " + floating_ip + " dev " + interface) - - -def add_ip(ip_bin_path, floating_ip, interface): - os.system(ip_bin_path + " addr add " + floating_ip + " dev " + interface) - - -def change_request(endstate, url, header, payload, ip_bin_path, floating_ip, interface): - if endstate == "BACKUP": - del_ip(ip_bin_path, floating_ip, interface) - elif endstate == "FAULT": - del_ip(ip_bin_path, floating_ip, interface) - elif endstate == "MASTER": - add_ip(ip_bin_path, floating_ip, interface) - print("Post request to: " + url) - print("Header: " + str(header)) - print("Data: " + str(payload)) - r = requests.post(url, data=payload, headers=header) - print("Response:") - print(r.status_code, r.reason) - print(r.text) - else: - print("Error: Endstate not defined!") - - -def main(arg_type, arg_name, arg_endstate): - with open(CONFIG_PATH, "r") as config_file: - config = json.load(config_file) - - header = { - "Content-Type": "application/json", - "Authorization": "Bearer " + config["api-token"] - } - - payload = '''{"server": ''' + str(config["server-id"]) + "}" - - print("Perform action for transition to " + arg_endstate + " state") - - for ips in config["ips"]: - url = config["url"].format(ips["floating-ip-id"]) - Process(target=change_request, args=(arg_endstate, url, header, payload, - config["ip_bin_path"], ips["floating-ip"], config["interface"])).start() - - -if __name__ == "__main__": - main(arg_type=sys.argv[1], arg_name=sys.argv[2], arg_endstate=sys.argv[3]) diff --git a/roles/keepalived-hcloud/handlers/main.yml b/roles/keepalived-hcloud/handlers/main.yml deleted file mode 100644 index 904ae8c..0000000 --- a/roles/keepalived-hcloud/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart keepalived - systemd: - name: keepalived - state: restarted diff --git a/roles/keepalived-hcloud/tasks/main.yml b/roles/keepalived-hcloud/tasks/main.yml deleted file mode 100644 index de40413..0000000 --- a/roles/keepalived-hcloud/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -- name: Install keepalived - package: - name: keepalived - state: present - -- name: Keepalived config - template: - src: keepalived.conf.j2 - dest: /etc/keepalived/keepalived.conf - notify: restart keepalived - -- name: Copy nginx healtcheck script - copy: - src: check_nginx.sh - dest: /etc/keepalived/check_nginx.sh - mode: 0700 - -- name: Copy hcloud failover script - copy: - src: hcloud_failover.py - dest: /etc/keepalived/hcloud_failover.py - mode: 0700 - -- name: Copy hcloud failover script config - template: - src: config.json.j2 - dest: /etc/keepalived/config.json - mode: 0700 - -- name: Start and enable keepalived - systemd: - name: keepalived - enabled: yes - state: started diff --git a/roles/keepalived-hcloud/templates/config.json.j2 b/roles/keepalived-hcloud/templates/config.json.j2 deleted file mode 100644 index 9415860..0000000 --- a/roles/keepalived-hcloud/templates/config.json.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{ - "url": "https://api.hetzner.cloud/v1/floating_ips/{}/actions/assign", - "api-token": "{{ hcloud_token_vip }}", - "ips": [ - { - "floating-ip-id": "{{ floating_ip_id }}", - "floating-ip": "{{ floating_ip }}" - } - ], - "server-id": {{ hostvars[inventory_hostname]['id'] }}, - "interface": "eth0", - "ip_bin_path": "/bin/ip" -} \ No newline at end of file diff --git a/roles/keepalived-hcloud/templates/keepalived.conf.j2 b/roles/keepalived-hcloud/templates/keepalived.conf.j2 deleted file mode 100644 index e7b2ffe..0000000 --- a/roles/keepalived-hcloud/templates/keepalived.conf.j2 +++ /dev/null @@ -1,41 +0,0 @@ -vrrp_script check_nginx { - script /etc/keepalived/check_nginx.sh - interval 3 - fall 5 - rise 1 -} - -vrrp_instance VI_1 { -{% if inventory_hostname == groups['kube-node'][0] %} - state MASTER -{% else %} - state BACKUP -{% endif %} - priority 100 - interface eth0 - virtual_router_id 50 - - unicast_src_ip {{ hostvars[inventory_hostname]['ipv4'] }} - unicast_peer { -{% for host in (groups['kube-node']) %} -{% if host != inventory_hostname %} - {{ hostvars[host]['ipv4'] }} -{% endif %} -{% endfor %} - } - - authentication { - auth_type PASS - auth_pass "{{ keepalived_shared_secret }}" - } - - virtual_ipaddress { - {{ floating_ip }} - } - - track_script { - chk_haproxy - } - - notify /etc/keepalived/hcloud_failover.py -} diff --git a/roles/mailu-docker/defaults/main.yml b/roles/mailu-docker/defaults/main.yml deleted file mode 100644 index 797c238..0000000 --- a/roles/mailu-docker/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -mailu_secret_key: diff --git a/roles/mailu-docker/files/mailu/docker-compose.yml b/roles/mailu-docker/files/mailu/docker-compose.yml deleted file mode 100644 index 0eab31c..0000000 --- a/roles/mailu-docker/files/mailu/docker-compose.yml +++ /dev/null @@ -1,123 +0,0 @@ -version: '3.6' - -networks: - web: - external: - name: web - default: - driver: bridge - ipam: - driver: default - config: - - subnet: 192.168.64.0/20 - -services: - front: - image: mailu/nginx:$VERSION - restart: always - env_file: .env - logging: - driver: json-file - ports: - - "$BIND_ADDRESS4:110:110" - - "$BIND_ADDRESS4:143:143" - - "$BIND_ADDRESS4:993:993" - - "$BIND_ADDRESS4:995:995" - - "$BIND_ADDRESS4:25:25" - - "$BIND_ADDRESS4:465:465" - - "$BIND_ADDRESS4:587:587" - labels: - - "traefik.backend=webmail" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:webmail.banditlair.com" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - volumes: - - "../traefik/certs/ssl/certs/banditlair.com.crt:/certs/cert.pem" - - "../traefik/certs/ssl/private/banditlair.com.key:/certs/key.pem" - - "/var/lib/mailu/overrides/nginx:/overrides" - networks: - - web - - default - - redis: - image: redis:alpine - restart: always - volumes: - - "/var/lib/mailu/redis:/data" - - resolver: - image: mailu/unbound:$VERSION - restart: always - env_file: .env - networks: - default: - ipv4_address: 192.168.64.254 - - admin: - image: mailu/admin:$VERSION - restart: always - env_file: .env - volumes: - - "/var/lib/mailu/data:/data" - - "/var/lib/mailu/dkim:/dkim" - depends_on: - - redis - - imap: - image: mailu/dovecot:$VERSION - restart: always - env_file: .env - volumes: - - "/var/lib/mailu/data:/data" - - "/var/lib/mailu/mail:/mail" - - "./overrides:/overrides" - depends_on: - - front - - smtp: - image: mailu/postfix:$VERSION - restart: always - env_file: .env - volumes: - - "/var/lib/mailu/data:/data" - - "./overrides:/overrides" - depends_on: - - front - - resolver - dns: - - 192.168.64.254 - - antispam: - image: mailu/rspamd:$VERSION - restart: always - env_file: .env - volumes: - - "/var/lib/mailu/filter:/var/lib/rspamd" - - "/var/lib/mailu/dkim:/dkim" - - "./overrides/rspamd:/etc/rspamd/override.d" - depends_on: - - front - - resolver - dns: - - 192.168.64.254 - - fetchmail: - image: mailu/fetchmail:$VERSION - restart: always - env_file: .env - depends_on: - - resolver - dns: - - 192.168.64.254 - - webmail: - image: mailu/rainloop - restart: always - env_file: .env - volumes: - - "/var/lib/mailu/webmail:/data" - depends_on: - - imap - diff --git a/roles/mailu-docker/files/mailu/overrides/dovecot.conf b/roles/mailu-docker/files/mailu/overrides/dovecot.conf deleted file mode 100644 index 11c7d56..0000000 --- a/roles/mailu-docker/files/mailu/overrides/dovecot.conf +++ /dev/null @@ -1,6 +0,0 @@ -protocol imap { - # Maximum number of IMAP connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - mail_max_userip_connections = 100 -} - diff --git a/roles/mailu-docker/files/mailu/overrides/postfix.cf b/roles/mailu-docker/files/mailu/overrides/postfix.cf deleted file mode 100644 index f42f76e..0000000 --- a/roles/mailu-docker/files/mailu/overrides/postfix.cf +++ /dev/null @@ -1 +0,0 @@ -#debug_peer_list = 172.22.0.1 diff --git a/roles/mailu-docker/files/mailu/overrides/rspamd/dkim_signing.conf b/roles/mailu-docker/files/mailu/overrides/rspamd/dkim_signing.conf deleted file mode 100644 index 1dbc9fe..0000000 --- a/roles/mailu-docker/files/mailu/overrides/rspamd/dkim_signing.conf +++ /dev/null @@ -1,2 +0,0 @@ -allow_username_mismatch = true; - diff --git a/roles/mailu-docker/tasks/main.yml b/roles/mailu-docker/tasks/main.yml deleted file mode 100644 index 61dad85..0000000 --- a/roles/mailu-docker/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Copy mailu config - copy: - src: mailu - dest: "{{docker_compose_files_folder}}" -- name: Create mailu config - template: - src: mailu/.env - dest: "{{docker_compose_files_folder}}/mailu/.env" -- name: Start mailu docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/mailu" - state: present diff --git a/roles/mailu-docker/templates/mailu/.env b/roles/mailu-docker/templates/mailu/.env deleted file mode 100644 index b0b72ac..0000000 --- a/roles/mailu-docker/templates/mailu/.env +++ /dev/null @@ -1,137 +0,0 @@ -# Mailu main configuration file -# -# Most configuration variables can be modified through the Web interface, -# these few settings must however be configured before starting the mail -# server and require a restart upon change. - -################################### -# Common configuration variables -################################### - -# Mailu version to run (stable, 1.0, 1.1, etc. or latest) -VERSION=1.6 - -# Set to a randomly generated 16 bytes string -SECRET_KEY={{mailu_secret_key}} - -BIND_ADDRESS4=0.0.0.0 - -# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external! -SUBNET=192.168.64.0/20 - -# Main mail domain -DOMAIN=banditlair.com - -# Exposed mail-server hostname -HOSTNAMES=mail.banditlair.com,mail2.banditlair.com - -# Postmaster local part (will append the main mail domain) -POSTMASTER=admin - -# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail) -TLS_FLAVOR=mail - -# Authentication rate limit (per source IP address) -AUTH_RATELIMIT=30/minute;1800/hour - -# Opt-out of statistics, replace with "True" to opt out -DISABLE_STATISTICS=True - -################################### -# Optional features -################################### - -# Expose the admin interface (value: true, false) -ADMIN=true - -# Choose which webmail to run if any (values: roundcube, rainloop, none) -WEBMAIL=rainloop - -# Dav server implementation (value: radicale, none) -WEBDAV=none - -# Antivirus solution (value: clamav, none) -ANTIVIRUS=none - -################################### -# Mail settings -################################### - -# Message size limit in bytes -# Default: accept messages up to 50MB -# Max attachment size will be 33% smaller -MESSAGE_SIZE_LIMIT=50000000 - -# Networks granted relay permissions -# Use this with care, all hosts in this networks will be able to send mail without authentication! -RELAYNETS=192.168.64.0/20 - -# Will relay all outgoing mails if configured -RELAYHOST= - -# Fetchmail delay -FETCHMAIL_DELAY=600 - -# Recipient delimiter, character used to delimiter localpart from custom address part -# e.g. localpart+custom@domain;tld -RECIPIENT_DELIMITER=+ - - -# DMARC rua and ruf email -DMARC_RUA=dmarc -DMARC_RUF=dmarc - - -# Weclome email, enable and set a topic and body if you wish to send welcome -# emails to all users. -WELCOME=true -WELCOME_SUBJECT=Welcome to your new email account -WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly! - -################################### -# Web settings -################################### - -# Path to redirect / to -WEBROOT_REDIRECT=/webmail - -# Path to the admin interface if enabled -WEB_ADMIN=/admin - -# Path to the webmail if enabled -WEB_WEBMAIL=/webmail - -# Website name -SITENAME=Banditlair mails - -# Linked Website URL -WEBSITE=https://banditlair.com - -################################### -# Advanced settings -################################### - -# Docker-compose project name, this will prepended to containers names. -COMPOSE_PROJECT_NAME=mailu - -# Default password scheme used for newly created accounts and changed passwords -# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) -PASSWORD_SCHEME=BLF-CRYPT - -# Header to take the real ip from -REAL_IP_HEADER= - -# IPs for nginx set_real_ip_from (CIDR list separated by commas) -REAL_IP_FROM= - -# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) -REJECT_UNLISTED_RECIPIENT= - -# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) -LOG_LEVEL=WARNING - -################################### -# Database settings -################################### -DB_FLAVOR=sqlite - diff --git a/roles/matrix-docker/defaults/main.yml b/roles/matrix-docker/defaults/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/roles/matrix-docker/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/matrix-docker/files/matrix/docker-compose.yml b/roles/matrix-docker/files/matrix/docker-compose.yml deleted file mode 100644 index 55e8878..0000000 --- a/roles/matrix-docker/files/matrix/docker-compose.yml +++ /dev/null @@ -1,76 +0,0 @@ -version: "2" -services: - db: - image: postgres:9 - restart: always - ports: - - "127.0.0.1:5432:5432" - volumes: - - /var/lib/matrix/db:/var/lib/postgresql/data - - /backups/matrix:/backups - - /etc/localtime:/etc/localtime:ro - environment: - - POSTGRES_PASSWORD=synapse - - POSTGRES_USER=synapse - networks: - - matrix - - synapse: - image: matrixdotorg/synapse -# ports: - # Coturn -# - "3478:3478" -# - "5349:5349" - labels: - - "traefik.enable=true" - - "traefik.default.protocol=http" - - "traefik.docker.network=web" - - "traefik.port=8008" - - "traefik.backend=synapse" - - "traefik.frontend.rule=Host:banditlair.com,matrix.banditlair.com" - - "traefik.frontend.passHostHeader=true" - volumes: - - /var/lib/matrix/media_store:/data/media_store - - /var/log/synapse:/data/log - - ./synapse:/data - - /etc/localtime:/etc/localtime:ro - depends_on: - - db - networks: - - matrix - - web - restart: always - - coturn: - image: instrumentisto/coturn - network_mode: host - volumes: - - ./synapse:/data - - ./synapse/turnserver.conf:/etc/coturn/turnserver.conf - tmpfs: - - /var/lib/coturn - - dimension: - image: turt2live/matrix-dimension - labels: - - "traefik.docker.network=web" - - "traefik.backend=dimension" - - "traefik.frontend.rule=Host:dimension.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8184" - - "traefik.default.protocol=http" - expose: - - 8184 - volumes: - - ./dimension:/data - networks: - - web - restart: always - -networks: - matrix: - external: - name: matrix-network - web: - external: - name: web diff --git a/roles/matrix-docker/tasks/main.yml b/roles/matrix-docker/tasks/main.yml deleted file mode 100644 index 6110faf..0000000 --- a/roles/matrix-docker/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Copy matrix docker files - copy: - src: matrix - dest: "{{docker_compose_files_folder}}" - -- name: Create matrix-network docker network - docker_network: - name: matrix-network - -- name: Start matrix docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/matrix" - state: present - -- name: Wait for database to start and count matrix users - shell: docker-compose exec -T db psql -U synapse synapse -c "select count(*) from users;" -t - args: - chdir: "{{docker_compose_files_folder}}/matrix/" - register: matrix_users_count - until: matrix_users_count.rc == 0 - retries: 10 - changed_when: false - -- name: Restore Matrix database if needed - command: docker-compose exec -T db sh -c "psql -U synapse synapse < /backups/database.dmp" - args: - chdir: "{{docker_compose_files_folder}}/matrix/" - when: matrix_users_count.stdout|int == 0 diff --git a/roles/monit/files/checkBackupStatus.sh b/roles/monit/files/checkBackupStatus.sh deleted file mode 100755 index e32fdd4..0000000 --- a/roles/monit/files/checkBackupStatus.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -e - -ONGOING_FILE="/backups/backup-ongoing" - -if [ -f "$ONGOING_FILE" ] -then - if test `find "$ONGOING_FILE" -mmin +180` - then - LAST_MODIFICATION_HOURS=`expr "$(($(date +%s) - $(date +%s -r $ONGOING_FILE)))" / 3600` - echo "Backup not finished after more than $LAST_MODIFICATION_HOURS hours" - exit 1 - fi -fi - -exit 0 diff --git a/roles/monit/handlers/main.yml b/roles/monit/handlers/main.yml deleted file mode 100644 index 5ad2dd6..0000000 --- a/roles/monit/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: reload monit - command: monit reload diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml deleted file mode 100644 index 9406c77..0000000 --- a/roles/monit/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Install monit - package: - name: monit - state: present - update_cache: yes - -- name: Enable and start monit service - systemd: - name: monit.service - state: started - enabled: True - -- name: Create fullBackup.sh - copy: - src: checkBackupStatus.sh - dest: /usr/local/bin/checkBackupStatus.sh - mode: 0700 - -- name: Copy monit config - template: - src: monitrc - dest: /etc/monit/monitrc - mode: 0600 - notify: reload monit diff --git a/roles/monit/templates/monitrc b/roles/monit/templates/monitrc deleted file mode 100755 index b787bb1..0000000 --- a/roles/monit/templates/monitrc +++ /dev/null @@ -1,365 +0,0 @@ -############################################################################### -## Monit control file -############################################################################### -## -## Comments begin with a '#' and extend through the end of the line. Keywords -## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. -## -## Below you will find examples of some frequently used statements. For -## information about the control file and a complete list of statements and -## options, please have a look in the Monit manual. -## -## -############################################################################### -## Global section -############################################################################### -## -## Start Monit in the background (run as a daemon): -# -set daemon 30 # check services at 30 seconds intervals - with start delay 300 # optional: delay the first check by 4-minutes (by -# # default Monit check immediately after Monit start) -# -# -## Set syslog logging. If you want to log to a standalone log file instead, -## specify the full path to the log file -# -set log syslog - -# -# -## Set the location of the Monit lock file which stores the process id of the -## running Monit instance. By default this file is stored in $HOME/.monit.pid -# -# set pidfile /var/run/monit.pid -# -## Set the location of the Monit id file which stores the unique id for the -## Monit instance. The id is generated and stored on first Monit start. By -## default the file is placed in $HOME/.monit.id. -# -# set idfile /var/.monit.id -# -## Set the location of the Monit state file which saves monitoring states -## on each cycle. By default the file is placed in $HOME/.monit.state. If -## the state file is stored on a persistent filesystem, Monit will recover -## the monitoring state across reboots. If it is on temporary filesystem, the -## state will be lost on reboot which may be convenient in some situations. -# -# set statefile /var/.monit.state -# -# - -## Set limits for various tests. The following example shows the default values: -## -# set limits { -# programOutput: 512 B, # check program's output truncate limit -# sendExpectBuffer: 256 B, # limit for send/expect protocol test -# fileContentBuffer: 512 B, # limit for file content test -# httpContentBuffer: 1 MB, # limit for HTTP content test -# networkTimeout: 5 seconds # timeout for network I/O -# programTimeout: 300 seconds # timeout for check program -# stopTimeout: 30 seconds # timeout for service stop -# startTimeout: 30 seconds # timeout for service start -# restartTimeout: 30 seconds # timeout for service restart -# } - -## Set global SSL options (just most common options showed, see manual for -## full list). -# -set ssl { - verify : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED) - #selfsigned : allow # allow self signed SSL certificates (reject by default) -} -# -# -## Set the list of mail servers for alert delivery. Multiple servers may be -## specified using a comma separator. If the first mail server fails, Monit -# will use the second mail server in the list and so on. By default Monit uses -# port 25 - it is possible to override this with the PORT option. -# -# set mailserver mail.bar.baz, # primary mailserver -# backup.bar.baz port 10025, # backup mailserver on port 10025 -# localhost # fallback relay -set mailserver mail.banditlair.com PORT 465 - USERNAME noreply@banditlair.com PASSWORD {{email_password}} - using SSL -# -# -## By default Monit will drop alert events if no mail servers are available. -## If you want to keep the alerts for later delivery retry, you can use the -## EVENTQUEUE statement. The base directory where undelivered alerts will be -## stored is specified by the BASEDIR option. You can limit the queue size -## by using the SLOTS option (if omitted, the queue is limited by space -## available in the back end filesystem). -# -set eventqueue - basedir /var/monit # set the base directory where events will be stored - slots 100 # optionally limit the queue size -# -# -## Send status and events to M/Monit (for more informations about M/Monit -## see https://mmonit.com/). By default Monit registers credentials with -## M/Monit so M/Monit can smoothly communicate back to Monit and you don't -## have to register Monit credentials manually in M/Monit. It is possible to -## disable credential registration using the commented out option below. -## Though, if safety is a concern we recommend instead using https when -## communicating with M/Monit and send credentials encrypted. The password -## should be URL encoded if it contains URL-significant characters like -## ":", "?", "@". Default timeout is 5 seconds, you can customize it by -## adding the timeout option. -# -set mmonit https://{{monit_mmonit_login}}:{{monit_mmonit_password}}@mmonit.camefaitplaisir.com/collector -# # with timeout 30 seconds # Default timeout is 5 seconds -# # and register without credentials # Don't register credentials -# -# -## Monit by default uses the following format for alerts if the mail-format -## statement is missing:: -## --8<-- -## set mail-format { -## from: Monit -## subject: monit alert -- $EVENT $SERVICE -## message: $EVENT Service $SERVICE -## Date: $DATE -## Action: $ACTION -## Host: $HOST -## Description: $DESCRIPTION -## -## Your faithful employee, -## Monit -## } -## --8<-- -## -## You can override this message format or parts of it, such as subject -## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. -## are expanded at runtime. For example, to override the sender, use: -# -# set mail-format { from: monit@foo.bar } -# -set mail-format { from: monit@banditlair.com } -# -## You can set alert recipients whom will receive alerts if/when a -## service defined in this file has errors. Alerts may be restricted on -## events by using a filter as in the second example below. -# -# set alert sysadm@foo.bar # receive all alerts -# -set alert self.alert@banditlair.com -#set alert pascal.falbo@hotmail.fr # Fucking Microshit blacklists my mail server -## Do not alert when Monit starts, stops or performs a user initiated action. -## This filter is recommended to avoid getting alerts for trivial cases. -# -# set alert your-name@your.domain not on { instance, action } -# -# -## Monit has an embedded HTTP interface which can be used to view status of -## services monitored and manage services from a web interface. The HTTP -## interface is also required if you want to issue Monit commands from the -## command line, such as 'monit status' or 'monit restart service' The reason -## for this is that the Monit client uses the HTTP interface to send these -## commands to a running Monit daemon. See the Monit Wiki if you want to -## enable SSL for the HTTP interface. -# -set httpd port 2812 and - use address localhost # only accept connection from localhost - allow localhost # allow localhost to connect to the server and - allow admin:monit # require user 'admin' with password 'monit' - #with ssl { # enable SSL/TLS and set path to server certificate - # pemfile: /etc/ssl/certs/monit.pem - #} - -############################################################################### -## Services -############################################################################## -## -## Check general system resources such as load average, cpu and memory -## usage. Each test specifies a resource, conditions and the action to be -## performed should a test fail. -# -# check system $HOST -# if loadavg (1min) > 4 then alert -# if loadavg (5min) > 2 then alert -# if cpu usage > 95% for 10 cycles then alert -# if memory usage > 75% then alert -# if swap usage > 25% then alert -check system $HOST -# if loadavg (1min) > 4 then alert -# if loadavg (5min) > 2 then alert - if cpu usage > 95% for 10 cycles then alert - if memory usage > 75% then alert - if swap usage > 25% then alert - - -# -# -## Check if a file exists, checksum, permissions, uid and gid. In addition -## to alert recipients in the global section, customized alert can be sent to -## additional recipients by specifying a local alert handler. The service may -## be grouped using the GROUP option. More than one group can be specified by -## repeating the 'group name' statement. -# -# check file apache_bin with path /usr/local/apache/bin/httpd -# if failed checksum and -# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor -# if failed permission 755 then unmonitor -# if failed uid "root" then unmonitor -# if failed gid "root" then unmonitor -# alert security@foo.bar on { -# checksum, permission, uid, gid, unmonitor -# } with the mail-format { subject: Alarm! } -# group server -# -# -## Check that a process is running, in this case Apache, and that it respond -## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, -## and number of children. If the process is not running, Monit will restart -## it by default. In case the service is restarted very often and the -## problem remains, it is possible to disable monitoring using the TIMEOUT -## statement. This service depends on another service (apache_bin) which -## is defined above. -# -# check process apache with pidfile /usr/local/apache/logs/httpd.pid -# start program = "/etc/init.d/httpd start" with timeout 60 seconds -# stop program = "/etc/init.d/httpd stop" -# if cpu > 60% for 2 cycles then alert -# if cpu > 80% for 5 cycles then restart -# if totalmem > 200.0 MB for 5 cycles then restart -# if children > 250 then restart -# if loadavg(5min) greater than 10 for 8 cycles then stop -# if disk read > 500 kb/s for 10 cycles then alert -# if disk write > 500 kb/s for 10 cycles then alert -# if failed host www.tildeslash.com port 80 protocol http and request "/somefile.html" then restart -# if failed port 443 protocol https with timeout 15 seconds then restart -# if 3 restarts within 5 cycles then unmonitor -# depends on apache_bin -# group server -# -# -## Check filesystem permissions, uid, gid, space usage, inode usage and disk I/O. -## Other services, such as databases, may depend on this resource and an automatically -## graceful stop may be cascaded to them before the filesystem will become full and data -## lost. -# -# check filesystem datafs with path /dev/sdb1 -# start program = "/bin/mount /data" -# stop program = "/bin/umount /data" -# if failed permission 660 then unmonitor -# if failed uid "root" then unmonitor -# if failed gid "disk" then unmonitor -# if space usage > 80% for 5 times within 15 cycles then alert -# if space usage > 99% then stop -# if inode usage > 30000 then alert -# if inode usage > 99% then stop -# if read rate > 1 MB/s for 5 cycles then alert -# if read rate > 500 operations/s for 5 cycles then alert -# if write rate > 1 MB/s for 5 cycles then alert -# if write rate > 500 operations/s for 5 cycles then alert -# if service time > 10 milliseconds for 3 times within 5 cycles then alert -# group server - -check filesystem root with path / - if SPACE usage > 90% then alert - -# -# -## Check a file's timestamp. In this example, we test if a file is older -## than 15 minutes and assume something is wrong if its not updated. Also, -## if the file size exceed a given limit, execute a script -# -# check file database with path /data/mydatabase.db -# if failed permission 700 then alert -# if failed uid "data" then alert -# if failed gid "data" then alert -# if timestamp > 15 minutes then alert -# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba -# -# -## Check directory permission, uid and gid. An event is triggered if the -## directory does not belong to the user with uid 0 and gid 0. In addition, -## the permissions have to match the octal description of 755 (see chmod(1)). -# -# check directory bin with path /bin -# if failed permission 755 then unmonitor -# if failed uid 0 then unmonitor -# if failed gid 0 then unmonitor -# -# -## Check a remote host availability by issuing a ping test and check the -## content of a response from a web server. Up to three pings are sent and -## connection to a port and an application level network check is performed. -# -# check host myserver with address 192.168.1.1 -# if failed ping then alert -# if failed port 3306 protocol mysql with timeout 15 seconds then alert -# if failed port 80 protocol http -# and request /some/path with content = "a string" -# then alert -# -# -## Check a network link status (up/down), link capacity changes, saturation -## and bandwidth usage. -# -check network public with interface enp3s0 - if failed link then alert -# if changed link then alert -# if saturation > 90% then alert -# if download > 10 MB/s then alert -# if total uploaded > 1 GB in last hour then alert -# -# -## Check custom program status output. -# -# check program myscript with path /usr/local/bin/myscript.sh -# if status != 0 then alert -# -# - -check file daily-backup-done with path /backups/backup-ok - if changed timestamp then alert - -check program checkBackupStatus with path /usr/local/bin/checkBackupStatus.sh - if status != 0 then alert - -check host home-ssh with address phf.ddns.banditlair.com - if failed port 2222 protocol ssh with timeout 20 seconds then alert - -check host searX with address banditlair.com - if failed port 443 protocol https with timeout 20 seconds then alert - -check host NextCloud with address cloud.banditlair.com - if failed port 443 protocol https with timeout 20 seconds then alert - -check host Gitlab-ssh with address gitlab.banditlair.com - if failed port 2224 protocol ssh with timeout 20 seconds then alert - -check host Gitlab-ui with address gitlab.banditlair.com - if failed port 443 protocol https with timeout 20 seconds then alert - -check host mail-admin with address mailu.banditlair.com - if failed url https://webmail.banditlair.com/admin/ with timeout 20 seconds then alert - -#check host Grafana with address grafana.banditlair.com -# if failed port 443 protocol https with timeout 20 seconds then alert - -#check host sonar with address sonar.banditlair.com -# if failed port 443 protocol https with timeout 20 seconds then alert - -check host transmission with address transmission.banditlair.com - if failed - port 443 - protocol https - status = 401 - with timeout 20 seconds - then alert - -check host anderia-wiki with address anderia.banditlair.com - if failed port 443 protocol https with timeout 20 seconds then alert -############################################################################### -## Includes -############################################################################### -## -## It is possible to include additional configuration parts from other files or -## directories. -# -# include /etc/monit.d/* -# diff --git a/roles/nextcloud-docker/defaults/main.yml b/roles/nextcloud-docker/defaults/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/roles/nextcloud-docker/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/nextcloud-docker/files/nextcloud/app/Dockerfile b/roles/nextcloud-docker/files/nextcloud/app/Dockerfile deleted file mode 100644 index 6a6d3ef..0000000 --- a/roles/nextcloud-docker/files/nextcloud/app/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM nextcloud:21.0.3-fpm - -RUN apt-get update && apt-get install -y \ - supervisor \ - cron \ - vim \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /var/log/supervisord /var/run/supervisord && \ - echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab - - -COPY supervisord.conf /etc/supervisor/supervisord.conf - -CMD ["/usr/bin/supervisord"] diff --git a/roles/nextcloud-docker/files/nextcloud/app/supervisord.conf b/roles/nextcloud-docker/files/nextcloud/app/supervisord.conf deleted file mode 100644 index 9114fc2..0000000 --- a/roles/nextcloud-docker/files/nextcloud/app/supervisord.conf +++ /dev/null @@ -1,23 +0,0 @@ -[supervisord] -nodaemon=true -logfile=/var/log/supervisord/supervisord.log -pidfile=/var/run/supervisord/supervisord.pid -childlogdir=/var/log/supervisord/ -logfile_maxbytes=50MB ; maximum size of logfile before rotation -logfile_backups=10 ; number of backed up logfiles -loglevel=debug - -[program:php-fpm] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=php-fpm - -[program:cron] -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 -command=cron -f - diff --git a/roles/nextcloud-docker/files/nextcloud/config/.htaccess b/roles/nextcloud-docker/files/nextcloud/config/.htaccess deleted file mode 100644 index 79e65ab..0000000 --- a/roles/nextcloud-docker/files/nextcloud/config/.htaccess +++ /dev/null @@ -1,15 +0,0 @@ -# line below if for Apache 2.4 - -Require all denied - - -# line below if for Apache 2.2 - -deny from all - - -# section for Apache 2.2 and 2.4 - -IndexIgnore * - - diff --git a/roles/nextcloud-docker/files/nextcloud/config/apps.config.php b/roles/nextcloud-docker/files/nextcloud/config/apps.config.php deleted file mode 100644 index a4bed83..0000000 --- a/roles/nextcloud-docker/files/nextcloud/config/apps.config.php +++ /dev/null @@ -1,15 +0,0 @@ - array ( - 0 => array ( - "path" => OC::$SERVERROOT."/apps", - "url" => "/apps", - "writable" => false, - ), - 1 => array ( - "path" => OC::$SERVERROOT."/custom_apps", - "url" => "/custom_apps", - "writable" => true, - ), - ), -); diff --git a/roles/nextcloud-docker/files/nextcloud/config/redis.config.php b/roles/nextcloud-docker/files/nextcloud/config/redis.config.php deleted file mode 100644 index 452dd9a..0000000 --- a/roles/nextcloud-docker/files/nextcloud/config/redis.config.php +++ /dev/null @@ -1,10 +0,0 @@ - '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - 'redis' => array( - 'host' => 'redis', - 'port' => 6379, - ), -); - diff --git a/roles/nextcloud-docker/files/nextcloud/db/custom.cnf b/roles/nextcloud-docker/files/nextcloud/db/custom.cnf deleted file mode 100644 index 958fd08..0000000 --- a/roles/nextcloud-docker/files/nextcloud/db/custom.cnf +++ /dev/null @@ -1,3 +0,0 @@ -[mysqld] -innodb_buffer_pool_size=2G - diff --git a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml b/roles/nextcloud-docker/files/nextcloud/docker-compose.yml deleted file mode 100644 index ae9d4d3..0000000 --- a/roles/nextcloud-docker/files/nextcloud/docker-compose.yml +++ /dev/null @@ -1,81 +0,0 @@ -version: '3' - -networks: - web: - external: - name: web - -services: - web: - build: ./web - volumes: - - /var/lib/nextcloud:/var/www/html:ro - - /etc/localtime:/etc/localtime:ro - labels: - - "traefik.backend=nextcloud" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:cloud.banditlair.com" - - "traefik.frontend.headers.customResponseHeaders=Strict-Transport-Security:max-age=15552000; includeSubDomains" - - "traefik.frontend.headers.referrerPolicy=no-referrer" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - depends_on: - - app - networks: - - web - - default - restart: always - - app: - build: ./app - volumes: - - /var/lib/nextcloud:/var/www/html - - ./config:/var/www/html/config - - /data:/media - - /etc/localtime:/etc/localtime:ro - environment: - - NEXTCLOUD_UPDATE=1 - depends_on: - - postgres - - redis - restart: always - - postgres: - image: postgres:12 - volumes: - - /var/lib/postgresql/nextcloud:/var/lib/postgresql/data - - /backups/nextcloud:/backups - - /etc/localtime:/etc/localtime:ro - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - POSTGRES_DB=nextcloud - - POSTGRES_USER=nextcloud - - POSTGRES_PASSWORD=${MYSQL_PASSWORD} - restart: always - - redis: - image: redis - restart: always - - onlyoffice: - image: onlyoffice/documentserver:latest - stdin_open: true - tty: true - expose: - - 80 - labels: - - "traefik.backend=onlyoffice" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:office.banditlair.com" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - volumes: - - /var/lib/onlyoffice:/var/www/onlyoffice/Data - - /var/log/onlyoffice:/var/log/onlyoffice - networks: - - web - - default - restart: always - diff --git a/roles/nextcloud-docker/files/nextcloud/web/Dockerfile b/roles/nextcloud-docker/files/nextcloud/web/Dockerfile deleted file mode 100644 index b4a8d47..0000000 --- a/roles/nextcloud-docker/files/nextcloud/web/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM nginx - -COPY nginx.conf /etc/nginx/nginx.conf - diff --git a/roles/nextcloud-docker/files/nextcloud/web/nginx.conf b/roles/nextcloud-docker/files/nextcloud/web/nginx.conf deleted file mode 100644 index 1f5ce64..0000000 --- a/roles/nextcloud-docker/files/nextcloud/web/nginx.conf +++ /dev/null @@ -1,160 +0,0 @@ -user www-data; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server app:9000; - } - - server { - listen 80; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - # add_header Strict-Transport-Security "max-age=15768000; - # includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; - - fastcgi_hide_header X-Powered-By; - - - root /var/www/html; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json - # last; - - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } - - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location / { - rewrite ^ /index.php$uri; - } - - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { - deny all; - } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^/(?:updater|ocs-provider)(?:$|/) { - try_files $uri/ =404; - index index.php; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$uri$is_args$args; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - # add_header Strict-Transport-Security "max-age=15768000; - # includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; - # Optional: Don't log access to other assets - access_log off; - } - } - -} - diff --git a/roles/nextcloud-docker/tasks/main.yml b/roles/nextcloud-docker/tasks/main.yml deleted file mode 100644 index 1a8af29..0000000 --- a/roles/nextcloud-docker/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Copy nextcloud docker files - copy: - src: nextcloud - dest: "{{docker_compose_files_folder}}" - -- name: Create .env - template: - src: nextcloud/.env - dest: "{{docker_compose_files_folder}}/nextcloud/.env" - -- name: Create nextcloud config - template: - src: nextcloud/config/{{item}} - dest: "{{docker_compose_files_folder}}/nextcloud/config/{{item}}" - with_items: - - base.config.php - - database.config.php - - mail.config.php - -- name: Change config folder owner to http - file: - path: "{{docker_compose_files_folder}}/nextcloud/config" - owner: "33" - group: "33" - recurse: yes - -- name: Build and start nextcloud docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/nextcloud" - build: yes - pull: yes - state: present - -- name: Check if database tables exist - command: docker-compose exec -T postgres psql -U nextcloud nextcloud -c "\dt" - args: - chdir: "{{docker_compose_files_folder}}/nextcloud/" - register: db_tables_exist - retries: 15 - delay: 10 - until: db_tables_exist is succeeded - changed_when: no - -- name: Restore Nextcloud database - command: docker-compose exec -T postgres sh -c "psql -U nextcloud nextcloud < /backups/database.dmp" - args: - chdir: "{{docker_compose_files_folder}}/nextcloud/" - when: db_tables_exist.stdout_lines|length == 0 diff --git a/roles/nextcloud-docker/templates/nextcloud/.env b/roles/nextcloud-docker/templates/nextcloud/.env deleted file mode 100644 index 541e146..0000000 --- a/roles/nextcloud-docker/templates/nextcloud/.env +++ /dev/null @@ -1,15 +0,0 @@ -COMPOSE_PROJECT_NAME=nextcloud - -#Domains -CLOUD_DOMAIN=cloud.banditlair.com -COLLABORA_DOMAIN=office.banditlair.com - -#Letsencrypt -LETSENCRYPT_EMAIL=banditlair@outlook.com - -#MySQL -MYSQL_ROOT_PASSWORD={{nextcloud_mysql_root_password}} -MYSQL_DATABASE=nextcloud -MYSQL_USER=nextcloud -MYSQL_PASSWORD={{nextcloud_mysql_password}} - diff --git a/roles/nextcloud-docker/templates/nextcloud/config/base.config.php b/roles/nextcloud-docker/templates/nextcloud/config/base.config.php deleted file mode 100644 index 2549edb..0000000 --- a/roles/nextcloud-docker/templates/nextcloud/config/base.config.php +++ /dev/null @@ -1,20 +0,0 @@ - 'ocbsz7gnyjst', - 'passwordsalt' => '{{nextcloud_passwordsalt}}', - 'secret' => '{{nextcloud_secret}}', - 'trusted_domains' => - array ( - 0 => 'localhost', - 1 => 'web', - 2 => 'cloud.banditlair.com', - ), - 'datadirectory' => '/var/www/html/data', - 'overwrite.cli.url' => 'https://cloud.banditlair.com', - 'htaccess.RewriteBase' => '/', - 'maintenance' => false, - 'updater.release.channel' => 'stable', - 'loglevel' => '1', - 'filelocking.enabled' => true, - 'theme' => '', -); diff --git a/roles/nextcloud-docker/templates/nextcloud/config/database.config.php b/roles/nextcloud-docker/templates/nextcloud/config/database.config.php deleted file mode 100644 index 70db6c1..0000000 --- a/roles/nextcloud-docker/templates/nextcloud/config/database.config.php +++ /dev/null @@ -1,9 +0,0 @@ - 'pgsql', - 'dbname' => 'nextcloud', - 'dbhost' => 'postgres', - 'dbtableprefix' => 'oc_', - 'dbuser' => 'nextcloud', - 'dbpassword' => '{{nextcloud_mysql_password}}' -); diff --git a/roles/nextcloud-docker/templates/nextcloud/config/mail.config.php b/roles/nextcloud-docker/templates/nextcloud/config/mail.config.php deleted file mode 100644 index d288f82..0000000 --- a/roles/nextcloud-docker/templates/nextcloud/config/mail.config.php +++ /dev/null @@ -1,13 +0,0 @@ - 'smtp', - 'mail_smtpauthtype' => 'PLAIN', - 'mail_smtpsecure' => 'ssl', - 'mail_smtpauth' => 1, - 'mail_from_address' => 'noreply', - 'mail_domain' => 'banditlair.com', - 'mail_smtphost' => 'mail.banditlair.com', - 'mail_smtpport' => '465', - 'mail_smtpname' => 'noreply@banditlair.com', - 'mail_smtppassword' => '{{email_password}}', -); diff --git a/roles/scripts/files/proxyFirewall.sh b/roles/scripts/files/proxyFirewall.sh deleted file mode 100644 index 5c342c1..0000000 --- a/roles/scripts/files/proxyFirewall.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -# Clear config -iptables -t nat -F -iptables -t mangle -F -iptables -F -iptables -X - - -echo 1 > /proc/sys/net/ipv4/ip_forward - -PORTS_TO_FORWARD_TCP_STORAGE="53 80 143 443 2224 3478 8008 8448 27015 64738" -PORTS_TO_FORWARD_UDP_STORAGE="53 34197 64738" -PORTS_TO_FORWARD_TCP_MAIL="25 110 143 465 587 993 995" - -DESTINATION_IP_STORAGE="5.9.66.49" -DESTINATION_IP_MAIL="5.9.66.49" - -for port in `echo $PORTS_TO_FORWARD_TCP_STORAGE` -do - iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE} - iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT -done - -for port in `echo $PORTS_TO_FORWARD_UDP_STORAGE` -do - iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE} - iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT -done - -for port in `echo $PORTS_TO_FORWARD_TCP_MAIL` -do - iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_MAIL} - iptables -A FORWARD -d ${DESTINATION_IP_MAIL}/32 -p tcp -m tcp --dport ${port} -j ACCEPT -done - -iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/roles/scripts/files/syncDataToK8s.sh b/roles/scripts/files/syncDataToK8s.sh deleted file mode 100644 index 2fdd1b8..0000000 --- a/roles/scripts/files/syncDataToK8s.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -e - -DESTINATION_HOST=116.203.8.164 - -rsync -aAvh -e 'ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 30522' --progress /var/lib/wiki/ root@${DESTINATION_HOST}:/data/wiki --delete diff --git a/roles/scripts/tasks/main.yml b/roles/scripts/tasks/main.yml deleted file mode 100644 index 3a30fc6..0000000 --- a/roles/scripts/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Create scripts - template: - src: "{{ item }}" - dest: /root/{{ item }} - mode: 0700 - loop: - - dockerComposeAll.sh - - syncData.sh - - updateAll.sh - -- name: Create syncDataToK8s.sh - copy: - src: syncDataToK8s.sh - dest: /root/syncDataToK8s.sh - mode: 0700 - diff --git a/roles/scripts/templates/dockerComposeAll.sh b/roles/scripts/templates/dockerComposeAll.sh deleted file mode 100755 index 4547b36..0000000 --- a/roles/scripts/templates/dockerComposeAll.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -for dir in {{docker_compose_files_folder}}/* -do - if [ -d ${dir} ] - then - echo "docker-compose $1 ${dir}" - cd "${dir}" - docker-compose $1 - echo -------------------------------------------------------------- - fi -done; - diff --git a/roles/scripts/templates/syncData.sh b/roles/scripts/templates/syncData.sh deleted file mode 100644 index dc67344..0000000 --- a/roles/scripts/templates/syncData.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -set -e - -SOURCE_HOST=5.9.66.49 - -#Sync Media -rsync -aAvh --progress root@${SOURCE_HOST}:/data/ /data --delete - -#Sync Backups -rsync -aAvh --progress root@${SOURCE_HOST}:/backups/ /backups --delete - -#Sync Torrents -mkdir -p {{docker_compose_files_folder}}/torrent -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/torrent/config/ {{docker_compose_files_folder}}/torrent/config --delete -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/transmission/ /var/lib/transmission --delete - -#Sync emby -mkdir -p {{docker_compose_files_folder}}/emby -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/emby/config/ {{docker_compose_files_folder}}/emby/config --exclude "transcoding-temp" --delete - -#Sync matrix -mkdir -p {{docker_compose_files_folder}}/matrix -mkdir -p /var/lib/matrix -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/matrix/synapse/ {{docker_compose_files_folder}}/matrix/synapse --delete -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/matrix/media_store/ /var/lib/matrix/media_store --delete -rsync -aAvh --progress root@${SOURCE_HOST}:/var/log/synapse/ /var/log/synapse --delete - -#Sync nextcloud -mkdir -p {{docker_compose_files_folder}}/nextcloud/config -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/nextcloud/config/ {{docker_compose_files_folder}}/nextcloud/config --delete -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/nextcloud/ /var/lib/nextcloud --delete - -#Sync Wiki -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/wiki/ /var/lib/wiki --delete - -#Sync certificates -mkdir -p {{docker_compose_files_folder}}/traefik/certs/ -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/traefik/certs/ {{docker_compose_files_folder}}/traefik/certs --delete - -#Sync factorio -mkdir -p /opt/factorio -rsync -aAvh --progress root@${SOURCE_HOST}:/opt/factorio/ /opt/factorio --delete - -#Sync STB wordpress -mkdir -p /var/lib/stb -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/stb/ /var/lib/stb --delete -rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/stb/ {{docker_compose_files_folder}}/stb --delete - -#Sync Mailu -rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete diff --git a/roles/scripts/templates/updateAll.sh b/roles/scripts/templates/updateAll.sh deleted file mode 100755 index 02af5cc..0000000 --- a/roles/scripts/templates/updateAll.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - - -for dir in {{docker_compose_files_folder}}/* -do - if [ -d ${dir} ] - then - echo "Updating ${dir}" - cd "${dir}" - docker-compose pull - [ ${dir} = 'nextcloud' ] && docker-compose build --pull - docker-compose up -d - echo -------------------------------------------------------------- - fi -done; - diff --git a/roles/searx-docker/files/searx/.env b/roles/searx-docker/files/searx/.env deleted file mode 100644 index c3d1c6c..0000000 --- a/roles/searx-docker/files/searx/.env +++ /dev/null @@ -1 +0,0 @@ -COMPOSE_PROJECT_NAME=searx \ No newline at end of file diff --git a/roles/searx-docker/files/searx/docker-compose.yml b/roles/searx-docker/files/searx/docker-compose.yml deleted file mode 100644 index a346b77..0000000 --- a/roles/searx-docker/files/searx/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - searx: - image: hoellen/searx - environment: - - BASE_URL="https://banditlair.com" - - IMAGE_PROXY=True -# labels: -# - "traefik.backend=searx" -# - "traefik.docker.network=web" -# - "traefik.frontend.rule=Host:banditlair.com" -# - "traefik.enable=true" -# - "traefik.port=8888" -# - "traefik.default.protocol=http" - networks: - - web - restart: always diff --git a/roles/searx-docker/tasks/main.yml b/roles/searx-docker/tasks/main.yml deleted file mode 100644 index 17e6ca5..0000000 --- a/roles/searx-docker/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Copy searx config - copy: - src: searx - dest: "{{docker_compose_files_folder}}" - -- name: Start searx docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/searx" - state: present diff --git a/roles/sonar-docker/files/sonar/.env b/roles/sonar-docker/files/sonar/.env deleted file mode 100644 index a1ee8e8..0000000 --- a/roles/sonar-docker/files/sonar/.env +++ /dev/null @@ -1,6 +0,0 @@ -COMPOSE_PROJECT_NAME=sonar - -SONAR_DOMAIN=sonar.banditlair.com - -#Letsencrypt -LETSENCRYPT_EMAIL=banditlair@outlook.com diff --git a/roles/sonar-docker/files/sonar/docker-compose.yml b/roles/sonar-docker/files/sonar/docker-compose.yml deleted file mode 100644 index 98ff32f..0000000 --- a/roles/sonar-docker/files/sonar/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: '2.2' - -networks: - proxy-tier: - external: - name: nginx-proxy - sonarnet: - driver: bridge - -services: - sonarqube: - image: sonarqube - expose: - - 9000 - environment: - - SONARQUBE_JDBC_URL=jdbc:postgresql://db:5432/sonar - - VIRTUAL_HOST=${SONAR_DOMAIN} - - VIRTUAL_NETWORK=nginx-proxy - - VIRTUAL_PORT=9000 -# - LETSENCRYPT_HOST=${SONAR_DOMAIN} -# - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} - volumes: - - ./sonarqube:/opt/sonarqube/conf - - /var/lib/sonarqube/data:/opt/sonarqube/data - - /var/lib/sonarqube/extensions:/opt/sonarqube/extensions - - /var/lib/sonarqube/lib/bundled-plugins:/opt/sonarqube/lib/bundled-plugins - links: - - db - networks: - - sonarnet - - proxy-tier - restart: unless-stopped - - db: - image: postgres - environment: - - POSTGRES_USER=sonar - - POSTGRES_PASSWORD=sonar - volumes: - - /var/lib/sonaqube/db:/var/lib/postgresql - networks: - - sonarnet - restart: unless-stopped diff --git a/roles/stb-wordpress-docker/files/docker-compose.yml b/roles/stb-wordpress-docker/files/docker-compose.yml deleted file mode 100644 index ef32a13..0000000 --- a/roles/stb-wordpress-docker/files/docker-compose.yml +++ /dev/null @@ -1,57 +0,0 @@ -version: '3' - -networks: - web: - external: - name: web - -services: - biathlon: - build: ./biathlon - volumes: - - ./storage:/root/storage - - /etc/localtime:/etc/localtime:ro - labels: - - "traefik.backend=biathlon" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:biathlon.societe-de-tir-bertrix.com" - - "traefik.enable=true" - - "traefik.port=8080" - - "traefik.default.protocol=http" - networks: - - web - - default - restart: always - db: - image: mariadb:10.3.8 - volumes: - - /var/lib/mariadb/stb:/var/lib/mysql - - /backups/stb:/backups - - /etc/localtime:/etc/localtime:ro - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - MYSQL_DATABASE=${MYSQL_DATABASE} - - MYSQL_USER=${MYSQL_USER} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - restart: always - wordpress: - image: wordpress:4.9.4-php7.1-apache - volumes: - - /var/lib/stb:/var/www/html - - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini - labels: - - "traefik.backend=wordpress" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:societe-de-tir-bertrix.com,www.societe-de-tir-bertrix.com" - - "traefik.frontend.redirect.regex=^https?://societe-de-tir-bertrix.com/(.*)" - - "traefik.frontend.redirect.replacement=https://www.societe-de-tir-bertrix.com/$${1}" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - depends_on: - - db - networks: - - web - - default - restart: always - diff --git a/roles/stb-wordpress-docker/files/uploads.ini b/roles/stb-wordpress-docker/files/uploads.ini deleted file mode 100644 index b6b3071..0000000 --- a/roles/stb-wordpress-docker/files/uploads.ini +++ /dev/null @@ -1,6 +0,0 @@ -file_uploads = On -memory_limit = 64M -upload_max_filesize = 64M -post_max_size = 64M -max_execution_time = 600 - diff --git a/roles/stb-wordpress-docker/tasks/main.yml b/roles/stb-wordpress-docker/tasks/main.yml deleted file mode 100644 index adbb1dc..0000000 --- a/roles/stb-wordpress-docker/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Create config folder - file: - state: directory - dest: "{{docker_compose_files_folder}}/stb" - -- name: Copy STB docker-compose - copy: - src: docker-compose.yml - dest: "{{docker_compose_files_folder}}/stb/" - -- name: Copy php upload config - copy: - src: uploads.ini - dest: "{{docker_compose_files_folder}}/stb/" - -- name: Create .env - template: - src: .env - dest: "{{docker_compose_files_folder}}/stb/.env" - -- name: Pull and start docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/stb" - state: present - -- name: Check if database tables exist - command: docker-compose exec -T db mysql -u stb -p{{stb_mysql_password}} stb -e "show tables;" - args: - chdir: "{{docker_compose_files_folder}}/stb/" - register: db_tables_exist - retries: 15 - delay: 10 - until: db_tables_exist.rc == 0 - changed_when: no - -- name: Restore STB database - command: docker-compose exec -T db sh -c "mysql -u stb -p{{stb_mysql_password}} stb < /backups/database.dmp" - args: - chdir: "{{docker_compose_files_folder}}/stb/" - when: db_tables_exist.stdout_lines|length == 0 diff --git a/roles/stb-wordpress-docker/templates/.env b/roles/stb-wordpress-docker/templates/.env deleted file mode 100644 index d73b298..0000000 --- a/roles/stb-wordpress-docker/templates/.env +++ /dev/null @@ -1,8 +0,0 @@ -COMPOSE_PROJECT_NAME=stb - -#MySQL -MYSQL_ROOT_PASSWORD={{stb_mysql_root_password}} -MYSQL_DATABASE=stb -MYSQL_USER=stb -MYSQL_PASSWORD={{stb_mysql_password}} - diff --git a/roles/torrent-docker/defaults/main.yml b/roles/torrent-docker/defaults/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/roles/torrent-docker/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/torrent-docker/files/torrent/docker-compose.yml b/roles/torrent-docker/files/torrent/docker-compose.yml deleted file mode 100644 index 5136bb5..0000000 --- a/roles/torrent-docker/files/torrent/docker-compose.yml +++ /dev/null @@ -1,173 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - transmission: - image: haugene/transmission-openvpn:latest - cap_add: - - NET_ADMIN - devices: - - /dev/net/tun:/dev/net/tun - sysctls: - - net.ipv6.conf.all.disable_ipv6=0 - volumes: - - /var/lib/transmission:/data - - ./config/transmission:/config - - /data:/media - - /etc/localtime:/etc/localtime:ro - expose: - - 9091 - environment: - - OPENVPN_PROVIDER=NORDVPN - - NORDVPN_COUNTRY=DE - - NORDVPN_CATEGORY=legacy_p2p - - NORDVPN_PROTOCOL=udp - - OPENVPN_USERNAME=${VPN_USER} - - OPENVPN_PASSWORD=${VPN_PASS} - - WEBPROXY_ENABLED=false - - LOCAL_NETWORK=172.19.0.0/16 - - PUID=33 - - PGID=33 - - TRANSMISSION_RPC_USERNAME=admin - - TRANSMISSION_RPC_PASSWORD=${TRANSMISSION_RPC_PASSWORD} - dns: - - 208.67.222.222 - - 208.67.220.220 - labels: - - "traefik.backend=transmission" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:transmission.banditlair.com" - - "traefik.enable=true" - - "traefik.port=9091" - - "traefik.default.protocol=http" - - "traefik.frontend.auth.basic=admin:${TRANSMISSION_BASIC_PASSWORD_HASH}" - restart: always - networks: - - web - - sonarr: - image: linuxserver/sonarr - expose: - - 8989 - environment: - - PUID=33 - - PGID=33 - labels: - - "traefik.backend=sonarr" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:sonarr.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8989" - - "traefik.default.protocol=http" - volumes: - - /var/lib/transmission/completed:/downloads - - /var/lib/nzbget/downloads:/nzbget - - ./config/sonarr:/config - - /data/TV:/tv - - /etc/localtime:/etc/localtime:ro - restart: always - networks: - - web - - radarr: - image: linuxserver/radarr - expose: - - 7878 - environment: - - PUID=33 - - PGID=33 - labels: - - "traefik.backend=radarr" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:radarr.banditlair.com" - - "traefik.enable=true" - - "traefik.port=7878" - - "traefik.default.protocol=http" - volumes: - - /var/lib/transmission/completed:/downloads - - /var/lib/nzbget/downloads:/nzbget - - ./config/radarr:/config - - /data/Movies:/movies - - /etc/localtime:/etc/localtime:ro - restart: always - networks: - - web - - headphones: - image: linuxserver/headphones - expose: - - 8181 - environment: - - PUID=33 - - PGID=33 - labels: - - "traefik.backend=headphones" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:headphones.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8181" - - "traefik.default.protocol=http" - volumes: - - /var/lib/transmission:/data - - ./config/headphones:/config - - /data/Music:/music - - /etc/localtime:/etc/localtime:ro - restart: always - networks: - - web - - nzbget: - image: linuxserver/nzbget - expose: - - 6789 - environment: - - PUID=33 - - PGID=33 - labels: - - "traefik.backend=nzbget" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:nzbget.banditlair.com" - - "traefik.enable=true" - - "traefik.port=6789" - - "traefik.default.protocol=http" - volumes: - - /var/lib/nzbget/downloads:/downloads - - ./config/nzbget:/config - - /etc/localtime:/etc/localtime:ro - restart: always - networks: - - web - - jackett: - image: linuxserver/jackett - expose: - - 9117 - environment: - - PUID=33 - - PGID=33 - labels: - - "traefik.backend=jackett" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:jackett.banditlair.com" - - "traefik.enable=true" - - "traefik.port=9117" - - "traefik.default.protocol=http" - volumes: - - ./config/jackett:/config - - /etc/localtime:/etc/localtime:ro - restart: always - networks: - - web - flaresolverr: - image: ghcr.io/flaresolverr/flaresolverr:latest - environment: - - LOG_LEVEL=debug - - CAPTCHA_SOLVER=hcaptcha-solver - restart: unless-stopped - networks: - - web - diff --git a/roles/torrent-docker/tasks/main.yml b/roles/torrent-docker/tasks/main.yml deleted file mode 100644 index 1b69fd7..0000000 --- a/roles/torrent-docker/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Copy torrent docker files - copy: - src: torrent - dest: "{{docker_compose_files_folder}}" -- name: Create torrent .env - template: - src: torrent/.env - dest: "{{docker_compose_files_folder}}/torrent/.env" -- name: Start torrent docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/torrent" - state: present diff --git a/roles/torrent-docker/templates/torrent/.env b/roles/torrent-docker/templates/torrent/.env deleted file mode 100644 index 8092b62..0000000 --- a/roles/torrent-docker/templates/torrent/.env +++ /dev/null @@ -1,13 +0,0 @@ -COMPOSE_PROJECT_NAME=torrent - -#VPN -VPN_USER={{deluge_vpn_user}} -VPN_PASS={{deluge_vpn_password}} -VPN_REMOTE=vpn.blackvpn.de -VPN_PORT=443 -VPN_PROTOCOL=udp -VPN_PROV=blackvpn_de - -#Transmission -TRANSMISSION_RPC_PASSWORD={{transmission_rpc_password}} -TRANSMISSION_BASIC_PASSWORD_HASH={{transmission_rpc_password | password_hash('md5')}} \ No newline at end of file diff --git a/roles/traefik-proxy-docker/tasks/main.yml b/roles/traefik-proxy-docker/tasks/main.yml deleted file mode 100644 index f2db01a..0000000 --- a/roles/traefik-proxy-docker/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Copy traefik files - template: - src: "{{item}}" - dest: "{{docker_compose_files_folder}}/traefik/{{item}}" - loop: - - .env - - docker-compose.yml - - data/traefik.toml -- name: Create web docker network - community.general.docker_network: - name: web -- name: Start traefik docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/traefik" - state: present diff --git a/roles/traefik-proxy-docker/templates/.env b/roles/traefik-proxy-docker/templates/.env deleted file mode 100644 index 4c7a168..0000000 --- a/roles/traefik-proxy-docker/templates/.env +++ /dev/null @@ -1 +0,0 @@ -TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}} diff --git a/roles/traefik-proxy-docker/templates/data/traefik.toml b/roles/traefik-proxy-docker/templates/data/traefik.toml deleted file mode 100644 index ab7f7ce..0000000 --- a/roles/traefik-proxy-docker/templates/data/traefik.toml +++ /dev/null @@ -1,53 +0,0 @@ -debug = false - -logLevel = "ERROR" -defaultEntryPoints = ["https","http"] - -[entryPoints] - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - [entryPoints.https] - address = ":443" - [entryPoints.https.tls] - [entryPoints.traefik] - address = ":8080" - -# Activate API and Dashboard -[api] -entryPoint = "traefik" -dashboard = true - -[retry] - -[docker] -endpoint = "unix:///var/run/docker.sock" -{% if inventory_hostname in (groups['mail']) %} -domain = "mail1.banditlair.com" -{% else %} -domain = "banditlair.com" -{% endif %} -watch = true -exposedbydefault = false - -[acme] -email = "letsencrypt.account@banditlair.com" -storage = "acme.json" -entryPoint = "https" -OnHostRule = true -KeyType = "RSA4096" -[acme.httpChallenge] -entryPoint = "http" - -[[acme.domains]] -{% if inventory_hostname in (groups['mail']) %} -main = "mail1.banditlair.com" -{% else %} -main = "banditlair.com" -sans = ["mail.banditlair.com"] -{% endif %} - - -[accessLog] -filePath = "/var/log/traefik/access.log" diff --git a/roles/traefik-proxy-docker/templates/docker-compose.yml b/roles/traefik-proxy-docker/templates/docker-compose.yml deleted file mode 100644 index a9c0cf2..0000000 --- a/roles/traefik-proxy-docker/templates/docker-compose.yml +++ /dev/null @@ -1,38 +0,0 @@ -version: '3' - -services: - traefik: - container_name: traefik - image: traefik:1.7-alpine - ports: - - 80:80 - - 443:443 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./data:/etc/traefik - - /var/log/traefik:/var/log/traefik - - ./certs/acme.json:/acme.json - labels: - - "traefik.backend=traefik" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:traefik.banditlair.com" - - "traefik.enable=true" - - "traefik.port=8080" - - "traefik.default.protocol=http" - - "traefik.frontend.auth.basic=admin:${TRAEFIK_DASHBOARD_PASSWORD_HASH}" - networks: - - web - restart: always - - certdumper: - image: ldez/traefik-certs-dumper:v2.4.1 - depends_on: - - traefik - restart: unless-stopped - volumes: - - ./certs:/traefik - command: file --source /traefik/acme.json --dest /traefik/ssl --watch - -networks: - web: - external: true diff --git a/roles/website-marie-docker/files/website-marie/docker-compose.yml b/roles/website-marie-docker/files/website-marie/docker-compose.yml deleted file mode 100644 index c4e915c..0000000 --- a/roles/website-marie-docker/files/website-marie/docker-compose.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - website-marie: - image: nginx - labels: - - "traefik.backend=website-marie" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:osteopathie.froidmont.org,www.osteopathie.froidmont.org" - - "traefik.frontend.redirect.regex=^https?://www.osteopathie.froidmont.org/(.*)" - - "traefik.frontend.redirect.replacement=https://osteopathie.froidmont.org/$${1}" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - volumes: - - /var/lib/website-marie:/usr/share/nginx/html:ro - - ./nginx.conf:/etc/nginx/nginx.conf:ro - networks: - - web - restart: always diff --git a/roles/website-marie-docker/files/website-marie/nginx.conf b/roles/website-marie-docker/files/website-marie/nginx.conf deleted file mode 100644 index eb515a2..0000000 --- a/roles/website-marie-docker/files/website-marie/nginx.conf +++ /dev/null @@ -1,31 +0,0 @@ -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - gzip on; - - include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file diff --git a/roles/website-marie-docker/tasks/main.yml b/roles/website-marie-docker/tasks/main.yml deleted file mode 100644 index 75a0cdd..0000000 --- a/roles/website-marie-docker/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Copy website config - copy: - src: website-marie - dest: "{{docker_compose_files_folder}}" - -- name: Start website-marie docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/website-marie" - state: present - diff --git a/roles/wiki-docker/files/wiki/.env b/roles/wiki-docker/files/wiki/.env deleted file mode 100644 index c3c51f4..0000000 --- a/roles/wiki-docker/files/wiki/.env +++ /dev/null @@ -1,2 +0,0 @@ -COMPOSE_PROJECT_NAME=wiki - diff --git a/roles/wiki-docker/files/wiki/docker-compose.yml b/roles/wiki-docker/files/wiki/docker-compose.yml deleted file mode 100644 index 5ef43c8..0000000 --- a/roles/wiki-docker/files/wiki/docker-compose.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: '2.2' - -networks: - web: - external: - name: web - -services: - anderia: - image: 'bitnami/dokuwiki:0.20180422.201901061035' - expose: - - 80 - volumes: - - '/var/lib/wiki/anderia:/bitnami' - - /etc/localtime:/etc/localtime:ro - labels: - - "traefik.backend=anderia" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:anderia.banditlair.com" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - networks: - - web - restart: always - arkadia: - image: 'bitnami/dokuwiki:0.20180422.201901061035' - expose: - - 80 - volumes: - - '/var/lib/wiki/arkadia:/bitnami' - - /etc/localtime:/etc/localtime:ro - labels: - - "traefik.backend=arkadia" - - "traefik.docker.network=web" - - "traefik.frontend.rule=Host:arkadia.banditlair.com" - - "traefik.enable=true" - - "traefik.port=80" - - "traefik.default.protocol=http" - networks: - - web - restart: always diff --git a/roles/wiki-docker/tasks/main.yml b/roles/wiki-docker/tasks/main.yml deleted file mode 100644 index 09c1a2e..0000000 --- a/roles/wiki-docker/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Copy wiki config - copy: - src: wiki - dest: "{{docker_compose_files_folder}}" - -- name: Start wiki docker project - docker_compose: - project_src: "{{docker_compose_files_folder}}/wiki" - state: present