phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add mailu and nextcloud

Browse source
This commit is contained in:
Paul-Henri Froidmont 2017-12-31 14:03:28 +01:00
parent 409828214b
commit 643ab3229a
20 changed files with 583 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/gitlab-docker/tasks/main.yml
View file

@ -9,7 +9,9 @@
find: paths=/var/lib/gitlab/git-data/repositories/ file_type=directory patterns="*"
register: gitlab_users_repos
- name: Get Gitlab git user id
command: docker exec gitlab_gitlab_1 id -u git
command: docker-compose exec -T gitlab id -u git
args:
chdir: "{{docker_compose_files_folder}}/gitlab/"
register: gitlab_git_uid
when: gitlab_users_repos.matched|int == 0
- name: Wait for Gitlab to be installed

2
roles/mailu-docker/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
mailu_secret_key:

108
roles/mailu-docker/files/mailu/docker-compose.yml Normal file
View file

@ -0,0 +1,108 @@
version: '2'
networks:
proxy-tier:
external:
name: nginx-proxy
services:
redis:
image: redis:latest
restart: always
volumes:
- "$ROOT/redis:/data"
imap:
image: mailu/dovecot:$VERSION
restart: always
env_file: .env
ports:
- "$BIND_ADDRESS:110:110"
- "$BIND_ADDRESS:143:143"
- "$BIND_ADDRESS:993:993"
- "$BIND_ADDRESS:995:995"
- "$BIND_ADDRESS:4190:4190"
volumes:
- "$ROOT/data:/data"
- "$ROOT/mail:/mail"
- "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
- "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
- "$ROOT/overrides:/overrides"
smtp:
image: mailu/postfix:$VERSION
restart: always
env_file: .env
ports:
- "$BIND_ADDRESS:25:25"
- "$BIND_ADDRESS:465:465"
- "$BIND_ADDRESS:587:587"
volumes:
- "$ROOT/data:/data"
- "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
- "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
- "$ROOT/overrides:/overrides"
milter:
image: mailu/rmilter:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/filter:/data"
- "$ROOT/dkim:/dkim"
- "$ROOT/overrides:/overrides"
antispam:
image: mailu/rspamd:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/filter:/var/lib/rspamd"
antivirus:
image: mailu/clamav:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/filter:/data"
webdav:
image: mailu/$WEBDAV:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/dav:/data"
admin:
image: mailu/admin:$VERSION
restart: always
env_file: .env
#hostname: mailu.banditlair.com
ports:
- "127.0.0.1:8000:80"
environment:
- VIRTUAL_HOST=${HOSTNAME}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8000
volumes:
- "$ROOT/data:/data"
- "$ROOT/dkim:/dkim"
- "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
- "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy-tier
#webmail:
# image: "mailu/$WEBMAIL:$VERSION"
# restart: always
# env_file: .env
# volumes:
# - "$ROOT/webmail:/data"
fetchmail:
image: mailu/fetchmail:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/data:/data"

2
roles/mailu-docker/meta/main.yml Normal file
View file

@ -0,0 +1,2 @@
dependencies:
- nginx-proxy-docker

7
roles/mailu-docker/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Copy mailu config
copy: src=mailu dest={{docker_compose_files_folder}}
- name: Create mailu config
template: src=mailu/.env dest={{docker_compose_files_folder}}/mailu/.env
- name: Start mailu docker project
docker_service: project_src={{docker_compose_files_folder}}/mailu state=present

84
roles/mailu-docker/templates/mailu/.env Normal file
View file

@ -0,0 +1,84 @@
# Mailu main configuration file
#
# Most configuration variables can be modified through the Web interface,
# these few settings must however be configured before starting the mail
# server and require a restart upon change.
###################################
# Common configuration variables
###################################
# Set this to the path where Mailu data and configuration is stored
ROOT=/var/lib/mailu
# Mailu version to run (stable, 1.0, 1.1, etc. or latest)
VERSION=stable
# Set to a randomly generated 16 bytes string
SECRET_KEY={{mailu_secret_key}}
# Address where listening ports should bind
BIND_ADDRESS={{inventory_hostname}}
# Main mail domain
DOMAIN=banditlair.com
# Exposed mail-server hostname
HOSTNAME=mail.banditlair.com
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
###################################
# Optional features
###################################
# Choose which frontend Web server to run if any (value: nginx, nginx-no-https, none)
FRONTEND=none
# Choose which webmail to run if any (values: roundcube, rainloop, none)
WEBMAIL=none
# Expose the admin interface in publicly (values: yes, no)
EXPOSE_ADMIN=no
# Use Letsencrypt to generate a TLS certificate (uncomment to enable)
ENABLE_CERTBOT=True
# Dav server implementation (value: radicale, none)
WEBDAV=none
###################################
# Mail settings
###################################
# Message size limit in bytes
# Default: accept messages up to 50MB
MESSAGE_SIZE_LIMIT=50000000
# Networks granted relay permissions, make sure that you include your Docker
# internal network (default to 172.17.0.0/16)
RELAYNETS=172.25.0.0/16
# Will relay all outgoing mails if configured
RELAYHOST=
# Fetchmail delay
FETCHMAIL_DELAY=600
###################################
# Nginx settings
###################################
# SSL DHPARAM Bits
#NGINX_SSL_DHPARAM_BITS=2048
###################################
# Developers
###################################
# Uncomment this to enable debugging globally
#DEBUG=True

1
roles/nextcloud-docker/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
---

14
roles/nextcloud-docker/files/nextcloud/Dockerfile.cron Normal file
View file

@ -0,0 +1,14 @@
FROM nextcloud:fpm
RUN apt-get update && apt-get install -y \
supervisor \
cron \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /var/log/supervisord /var/run/supervisord && \
echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
COPY supervisord.conf /etc/supervisor/supervisord.conf
CMD ["/usr/bin/supervisord"]

15
roles/nextcloud-docker/files/nextcloud/config/.htaccess Executable file
View file

@ -0,0 +1,15 @@
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>

4
roles/nextcloud-docker/files/nextcloud/config/apcu.config.php Executable file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);

15
roles/nextcloud-docker/files/nextcloud/config/apps.config.php Executable file
View file

@ -0,0 +1,15 @@
<?php
$CONFIG = array (
"apps_paths" => array (
0 => array (
"path" => OC::$SERVERROOT."/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => OC::$SERVERROOT."/custom_apps",
"url" => "/custom_apps",
"writable" => true,
),
),
);

111
roles/nextcloud-docker/files/nextcloud/config/nginx.conf Normal file
View file

@ -0,0 +1,111 @@
user www-data;
events {
worker_connections 768;
}
http {
upstream backend {
server app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
# Add headers to serve security related headers
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# collabora static files
location ^~ /loleaflet {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
}

77
roles/nextcloud-docker/files/nextcloud/docker-compose.yml Normal file
View file

@ -0,0 +1,77 @@
version: '2.2'
networks:
proxy-tier:
external:
name: nginx-proxy
services:
web:
image: nginx
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
- collabora
volumes_from:
- app
environment:
- VIRTUAL_HOST=${CLOUD_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
networks:
- proxy-tier
restart: always
app:
build:
context: .
dockerfile: Dockerfile.cron
links:
- db
volumes:
- /var/lib/nextcloud/apps:/var/www/html/apps
- ./config:/var/www/html/config
- /var/lib/nextcloud/data:/var/www/html/data
- /media:/media
networks:
- proxy-tier
restart: always
db:
image: mariadb
volumes:
- /var/lib/nextcloud/db:/var/lib/mysql
- /backups/nextcloud:/backups
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
networks:
- proxy-tier
restart: always
redis:
image: redis
networks:
- proxy-tier
restart: always
collabora:
image: collabora/code
cap_add:
- MKNOD
expose:
- 9980
environment:
- domain=${CLOUD_DOMAIN}
- VIRTUAL_HOST=${COLLABORA_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=9980
#- VIRTUAL_PROTO=https
# - LETSENCRYPT_HOST=${COLLABORA_DOMAIN}
# - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
networks:
- proxy-tier
restart: always

23
roles/nextcloud-docker/files/nextcloud/supervisord.conf Normal file
View file

@ -0,0 +1,23 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=cron -f

2
roles/nextcloud-docker/meta/main.yml Normal file
View file

@ -0,0 +1,2 @@
dependencies:
- nginx-proxy-docker

36
roles/nextcloud-docker/tasks/main.yml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Copy nextcloud docker files
copy:
src: nextcloud
dest: "{{docker_compose_files_folder}}"
- name: Create nextcloud .env
template:
src: nextcloud/.env
dest: "{{docker_compose_files_folder}}/nextcloud/.env"
- name: Create nextcloud config
template:
src: nextcloud/config/config.php
dest: "{{docker_compose_files_folder}}/nextcloud/config/config.php"
- name: Change config folder owner to http
file:
path: "{{docker_compose_files_folder}}/nextcloud/config"
owner: http
group: http
recurse: yes
- name: Build and start nextcloud docker project
docker_service:
project_src: "{{docker_compose_files_folder}}/nextcloud"
build: yes
state: present
- name: Check if database tables exist
command: docker-compose exec -T db mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud -e "show tables;"
args:
chdir: "{{docker_compose_files_folder}}/nextcloud/"
register: db_tables_exist
ignore_errors: true
changed_when: db_tables_exist.stdout_lines|length == 0
- name: Restore database
command: docker-compose exec -T db sh -c "mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud < /backups/database.dmp"
args:
chdir: "{{docker_compose_files_folder}}/nextcloud/"
when: db_tables_exist.stdout_lines|length == 0

15
roles/nextcloud-docker/templates/nextcloud/.env Normal file
View file

@ -0,0 +1,15 @@
COMPOSE_PROJECT_NAME=nextcloud
#Domains
CLOUD_DOMAIN=cloud.banditlair.com
COLLABORA_DOMAIN=office.banditlair.com
#Letsencrypt
LETSENCRYPT_EMAIL=banditlair@outlook.com
#MySQL
MYSQL_ROOT_PASSWORD={{nextcloud_mysql_root_password}}
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_PASSWORD={{nextcloud_mysql_password}}

61
roles/nextcloud-docker/templates/nextcloud/config/config.php Normal file
View file

@ -0,0 +1,61 @@
<?php
$CONFIG = array (
'instanceid' => 'ocbsz7gnyjst',
'passwordsalt' => '{{nextcloud_passwordsalt}}',
'secret' => '{{nextcloud_secret}}',
'trusted_domains' =>
array (
0 => 'localhost',
2 => 'cloud.banditlair.com',
),
'datadirectory' => '/var/www/html/data',
'overwrite.cli.url' => 'https://cloud.banditlair.com',
'dbtype' => 'mysql',
'version' => '12.0.4.3',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '3306',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => '{{nextcloud_mysql_password}}',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'htaccess.RewriteBase' => '/',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'maintenance' => false,
'updater.release.channel' => 'stable',
'loglevel' => '1',
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'ssl',
'mail_smtpauth' => 1,
'mail_from_address' => 'noreply',
'mail_domain' => 'banditlair.com',
'mail_smtphost' => 'mail.banditlair.com',
'mail_smtpport' => '465',
'mail_smtpname' => 'noreply@banditlair.com',
'mail_smtppassword' => '{{email_password}}',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
'timeout' => 0.0,
'password' => '',
),
);

4
roles/nginx-proxy-docker/files/proxy/docker-compose.yml
View file

@ -1,7 +1,7 @@
version: '2.2'
networks:
proxy-tier:
default:
external:
name: nginx-proxy
@ -17,8 +17,6 @@ services:
- ./nginx/html:/usr/share/nginx/html
- ./nginx/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
networks:
- proxy-tier
restart: always
letsencrypt-companion: