mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 05:36:59 +01:00
Migrate to bigger Hetzner server
This commit is contained in:
Paul-Henri Froidmont
parent
d77f2ef548
commit
86fb8e71c1
32 changed files with 294 additions and 226 deletions
|
|
@ -14,6 +14,10 @@
|
|||
job: "/home/claude/syncArchRepo.sh"
|
||||
user: claude
|
||||
- name: Copy Arch Linux mirror config
|
||||
copy: src=arch-mirror dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: arch-mirror
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
- name: Start Arch mirror project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/arch-mirror state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/arch-mirror"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -5,6 +5,6 @@
|
|||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Start ddns docker project
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/ddns"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -2,6 +2,3 @@ docker_apt_key: https://download.docker.com/linux/ubuntu/gpg
|
|||
docker_apt_repository: https://download.docker.com/linux/ubuntu
|
||||
# Choose 'edge' 'stable' or 'testing' for docker channel
|
||||
docker_apt_channel: stable
|
||||
# Docker daemon config file
|
||||
docker_daemon_config: /etc/docker/daemon.json
|
||||
docker_version: 18.06.*
|
||||
|
|
|
|||
|
|
@ -1,10 +1,5 @@
|
|||
---
|
||||
- name: reload systemd
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: restart docker
|
||||
systemd:
|
||||
name: docker
|
||||
state: restarted
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,107 +1,94 @@
|
|||
---
|
||||
- name: Docker installation for Ubuntu distribution
|
||||
block:
|
||||
- name: Ensure docker packages are not present
|
||||
apt:
|
||||
state: absent
|
||||
name: ['docker', 'docker-engine', 'docker.io']
|
||||
|
||||
- name: Ensure docker packages are not present
|
||||
apt:
|
||||
state: absent
|
||||
name: ['docker', 'docker-engine', 'docker.io']
|
||||
- name: Install docker package dependencies
|
||||
apt:
|
||||
state: latest
|
||||
name: ['apt-transport-https', 'ca-certificates']
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
|
||||
- name: Install docker package dependencies
|
||||
apt:
|
||||
state: latest
|
||||
name: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common']
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
- name: Adding Docker official gpg key
|
||||
apt_key:
|
||||
url: "{{ docker_apt_key }}"
|
||||
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
||||
state: present
|
||||
|
||||
- name: Adding Docker official gpg key
|
||||
apt_key:
|
||||
url: "{{ docker_apt_key }}"
|
||||
state: present
|
||||
- name: Setting Docker repository depending on arch
|
||||
set_fact:
|
||||
docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
|
||||
when: ansible_architecture == item.system_arch
|
||||
with_items:
|
||||
- { system_arch: 'x86_64', apt_arch: 'amd64' }
|
||||
- { system_arch: 'arm', apt_arch: 'armhf' }
|
||||
|
||||
- name: Setting Docker repository depending on arch
|
||||
set_fact:
|
||||
docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
|
||||
when: ansible_architecture == item.system_arch
|
||||
with_items:
|
||||
- { system_arch: 'x86_64', apt_arch: 'amd64' }
|
||||
- { system_arch: 'arm', apt_arch: 'armhf' }
|
||||
- name: Printing Docker repository
|
||||
debug:
|
||||
var: docker_repository
|
||||
|
||||
- name: Printing Docker repository
|
||||
debug:
|
||||
var: docker_repository
|
||||
- name: Adding Docker repository
|
||||
apt_repository:
|
||||
repo: "{{ docker_repository }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Adding Docker repository
|
||||
apt_repository:
|
||||
repo: "{{ docker_repository }}"
|
||||
state: present
|
||||
filename: 'docker'
|
||||
- name: Install Docker.
|
||||
package:
|
||||
name: docker-ce
|
||||
state: present
|
||||
notify: restart docker
|
||||
|
||||
- name: Explicitly create docker0
|
||||
shell: |
|
||||
ip link add name docker0 type bridge || true
|
||||
ip addr add dev docker0 172.17.0.1/16 || true
|
||||
changed_when: no
|
||||
- name: Ensure containerd service dir exists.
|
||||
file:
|
||||
path: /etc/systemd/system/containerd.service.d
|
||||
state: directory
|
||||
|
||||
- name: Install docker-ce
|
||||
apt:
|
||||
name: docker-ce={{ docker_version }}
|
||||
update_cache: yes
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
- name: Add shim to ensure Docker can start in all environments.
|
||||
template:
|
||||
src: override.conf.j2
|
||||
dest: /etc/systemd/system/containerd.service.d/override.conf
|
||||
register: override_template
|
||||
|
||||
- name: Pin docker-ce release
|
||||
copy:
|
||||
dest: /etc/apt/preferences.d/docker-ce
|
||||
content: |
|
||||
Package: docker-ce
|
||||
Pin: version {{ docker_version }}
|
||||
Pin-Priority: 1002
|
||||
- name: Reload systemd daemon if template is changed.
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
when: override_template is changed
|
||||
|
||||
- name: Fixing systemd unit for Docker config file
|
||||
template:
|
||||
src: docker.service.j2
|
||||
dest: /lib/systemd/system/docker.service
|
||||
notify: reload systemd
|
||||
- name: Ensure Docker is started and enabled at boot.
|
||||
service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Create docker config directory
|
||||
file:
|
||||
path: /etc/docker
|
||||
mode: 0700
|
||||
recurse: yes
|
||||
- name: Ensure handlers are notified now to avoid firewall conflicts.
|
||||
meta: flush_handlers
|
||||
|
||||
- name: Templating /etc/docker/daemon.json
|
||||
template:
|
||||
src: daemon.json.j2
|
||||
dest: /etc/docker/daemon.json
|
||||
notify: restart docker
|
||||
- name: Install python3-pip
|
||||
apt:
|
||||
name: python3-pip
|
||||
state: latest
|
||||
cache_valid_time: 86400
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
|
||||
- name: Flushing handlers 2
|
||||
meta: flush_handlers
|
||||
|
||||
- name: Getting Docker version
|
||||
shell: "docker --version"
|
||||
register: docker_version
|
||||
changed_when: no
|
||||
- name: Install docker-compose package dependencies
|
||||
apt:
|
||||
state: latest
|
||||
name: python3-setuptools
|
||||
update_cache: yes
|
||||
cache_valid_time: 86400
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
|
||||
- name: Install python3-pip
|
||||
apt:
|
||||
name: python3-pip
|
||||
state: latest
|
||||
cache_valid_time: 3600
|
||||
register: result
|
||||
retries: 3
|
||||
until: result is success
|
||||
|
||||
- name: Install docker-compose
|
||||
pip:
|
||||
name: docker-compose
|
||||
|
||||
- name: Printing Docker version
|
||||
debug: var=docker_version
|
||||
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
- name: Install docker-compose
|
||||
pip:
|
||||
name: docker-compose
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
"experimental": true
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=https://docs.docker.com
|
||||
After=network-online.target docker.socket firewalld.service
|
||||
Wants=network-online.target
|
||||
Requires=docker.socket
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
# the default is not to use systemd for cgroups because the delegate issues still
|
||||
# exists and systemd currently does not support the cgroup feature set required
|
||||
# for containers run by docker
|
||||
ExecStart=/usr/bin/dockerd --config-file {{ docker_daemon_config }} -H fd://
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
LimitNOFILE=1048576
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
# Uncomment TasksMax if your systemd version supports it.
|
||||
# Only systemd 226 and above support this version.
|
||||
TasksMax=infinity
|
||||
TimeoutStartSec=0
|
||||
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
||||
Delegate=yes
|
||||
# kill only the docker process, not all processes in the cgroup
|
||||
KillMode=process
|
||||
# restart the docker process if it exits prematurely
|
||||
Restart=on-failure
|
||||
StartLimitBurst=3
|
||||
StartLimitInterval=60s
|
||||
Environment="NO_PROXY=https://cp-par1.scaleway.com,https://cp-ams1.scaleway.com,https://account.scaleway.com,http://169.254.42.42,192.168.66.0/24"
|
||||
Environment="DOCKER_OPTS=--iptables=false --ip-masq=false"
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
3
roles/docker/templates/override.conf.j2
Normal file
3
roles/docker/templates/override.conf.j2
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# {{ ansible_managed }}
|
||||
[Service]
|
||||
ExecStartPre=
|
||||
|
|
@ -1,5 +1,9 @@
|
|||
---
|
||||
- name: Copy emby config
|
||||
copy: src=emby dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: emby
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
- name: Start emby docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/emby state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/emby"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -1,27 +1,45 @@
|
|||
---
|
||||
- name: Copy docker-compose.yml
|
||||
copy: src=gitlab dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: gitlab
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Create gitlab config folder
|
||||
file: dest={{docker_compose_files_folder}}/gitlab/config state=directory
|
||||
file:
|
||||
dest: "{{docker_compose_files_folder}}/gitlab/config"
|
||||
state: directory
|
||||
|
||||
- name: Create gitlab config
|
||||
template: src=gitlab/config/gitlab.rb dest={{docker_compose_files_folder}}/gitlab/config/gitlab.rb
|
||||
template:
|
||||
src: gitlab/config/gitlab.rb
|
||||
dest: "{{docker_compose_files_folder}}/gitlab/config/gitlab.rb"
|
||||
|
||||
- name: Start gitlab docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/gitlab state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/gitlab"
|
||||
state: present
|
||||
|
||||
- name: Find Gitlab user repositories
|
||||
find: paths=/var/lib/gitlab/git-data/repositories/ file_type=directory patterns="*"
|
||||
find:
|
||||
paths: /var/lib/gitlab/git-data/repositories/
|
||||
file_type: directory
|
||||
patterns: "*"
|
||||
register: gitlab_users_repos
|
||||
|
||||
- name: Get Gitlab git user id
|
||||
command: docker-compose exec -T gitlab id -u git
|
||||
args:
|
||||
chdir: "{{docker_compose_files_folder}}/gitlab/"
|
||||
register: gitlab_git_uid
|
||||
when: gitlab_users_repos.matched|int == 0
|
||||
|
||||
- name: Wait for Gitlab to be installed
|
||||
wait_for:
|
||||
path: /var/lib/gitlab/postgres-exporter/
|
||||
state: present
|
||||
timeout: 600
|
||||
when: gitlab_users_repos.matched|int == 0
|
||||
|
||||
- name: Restore backup if no users are found
|
||||
script: restore-backup.sh {{gitlab_git_uid.stdout}}
|
||||
register: gitlab_backup_restore
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ networks:
|
|||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 172.22.0.0/16
|
||||
- subnet: 192.168.64.0/20
|
||||
|
||||
services:
|
||||
front:
|
||||
|
|
@ -53,7 +53,7 @@ services:
|
|||
env_file: .env
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.22.255.254
|
||||
ipv4_address: 192.168.64.254
|
||||
|
||||
admin:
|
||||
image: mailu/admin:$VERSION
|
||||
|
|
@ -87,7 +87,7 @@ services:
|
|||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- 172.22.255.254
|
||||
- 192.168.64.254
|
||||
|
||||
antispam:
|
||||
image: mailu/rspamd:$VERSION
|
||||
|
|
@ -101,7 +101,7 @@ services:
|
|||
- front
|
||||
- resolver
|
||||
dns:
|
||||
- 172.22.255.254
|
||||
- 192.168.64.254
|
||||
|
||||
fetchmail:
|
||||
image: mailu/fetchmail:$VERSION
|
||||
|
|
@ -110,7 +110,7 @@ services:
|
|||
depends_on:
|
||||
- resolver
|
||||
dns:
|
||||
- 172.22.255.254
|
||||
- 192.168.64.254
|
||||
|
||||
webmail:
|
||||
image: mailu/rainloop
|
||||
|
|
|
|||
|
|
@ -1,2 +1 @@
|
|||
|
||||
#debug_peer_list = 172.22.0.1
|
||||
|
|
|
|||
|
|
@ -1,7 +1,13 @@
|
|||
---
|
||||
- name: Copy mailu config
|
||||
copy: src=mailu dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: mailu
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
- name: Create mailu config
|
||||
template: src=mailu/.env dest={{docker_compose_files_folder}}/mailu/.env
|
||||
template:
|
||||
src: mailu/.env
|
||||
dest: "{{docker_compose_files_folder}}/mailu/.env"
|
||||
- name: Start mailu docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/mailu state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/mailu"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ SECRET_KEY={{mailu_secret_key}}
|
|||
BIND_ADDRESS4=0.0.0.0
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!
|
||||
SUBNET=172.22.0.0/16
|
||||
SUBNET=192.168.64.0/20
|
||||
|
||||
# Main mail domain
|
||||
DOMAIN=banditlair.com
|
||||
|
|
@ -64,7 +64,7 @@ MESSAGE_SIZE_LIMIT=50000000
|
|||
|
||||
# Networks granted relay permissions
|
||||
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
||||
RELAYNETS=172.22.0.0/16
|
||||
RELAYNETS=192.168.64.0/20
|
||||
|
||||
# Will relay all outgoing mails if configured
|
||||
RELAYHOST=
|
||||
|
|
|
|||
|
|
@ -33,6 +33,8 @@ services:
|
|||
- /var/log/synapse:/data/log
|
||||
- ./synapse:/data
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- matrix
|
||||
- web
|
||||
|
|
|
|||
|
|
@ -3,13 +3,16 @@
|
|||
copy:
|
||||
src: matrix
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Create matrix-network docker network
|
||||
docker_network:
|
||||
name: matrix-network
|
||||
|
||||
- name: Start matrix docker project
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/matrix"
|
||||
state: present
|
||||
|
||||
- name: Wait for database to start and count matrix users
|
||||
shell: docker-compose exec -T db psql -U synapse synapse -c "select count(*) from users;" -t
|
||||
args:
|
||||
|
|
@ -18,8 +21,9 @@
|
|||
until: matrix_users_count.rc == 0
|
||||
retries: 10
|
||||
changed_when: false
|
||||
|
||||
- name: Restore Matrix database if needed
|
||||
command: docker-compose exec -T db sh -c "psql -U synapse synapse < /backups/database.dmp"
|
||||
args:
|
||||
chdir: "{{docker_compose_files_folder}}/matrix/"
|
||||
when: matrix_users_count.stdout|int == 0
|
||||
when: matrix_users_count.stdout|int == 0
|
||||
|
|
|
|||
|
|
@ -352,7 +352,7 @@ check host transmission with address transmission.banditlair.com
|
|||
with timeout 20 seconds
|
||||
then alert
|
||||
|
||||
check host rpg-wiki with address rpg.banditlair.com
|
||||
check host anderia-wiki with address anderia.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
###############################################################################
|
||||
## Includes
|
||||
|
|
|
|||
|
|
@ -1,9 +1,19 @@
|
|||
---
|
||||
- name: Copy murmur config
|
||||
copy: src=murmur dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: murmur
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
- name: Create murmur data folder
|
||||
file: dest=/var/lib/murmur state=directory
|
||||
file:
|
||||
dest: /var/lib/murmur
|
||||
state: directory
|
||||
- name: Copy murmur database
|
||||
copy: src=/backups/murmur/murmur.sqlite dest=/var/lib/murmur/ force=no remote_src=yes
|
||||
copy:
|
||||
src: /backups/murmur/murmur.sqlite
|
||||
dest: /var/lib/murmur/
|
||||
force: no
|
||||
remote_src: yes
|
||||
- name: Start murmur docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/murmur state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/murmur"
|
||||
state: present
|
||||
|
|
@ -3,10 +3,12 @@
|
|||
copy:
|
||||
src: nextcloud
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Create .env
|
||||
template:
|
||||
src: nextcloud/.env
|
||||
dest: "{{docker_compose_files_folder}}/nextcloud/.env"
|
||||
|
||||
- name: Create nextcloud config
|
||||
template:
|
||||
src: nextcloud/config/{{item}}
|
||||
|
|
@ -15,20 +17,23 @@
|
|||
- base.config.php
|
||||
- database.config.php
|
||||
- mail.config.php
|
||||
|
||||
- name: Change config folder owner to http
|
||||
file:
|
||||
path: "{{docker_compose_files_folder}}/nextcloud/config"
|
||||
owner: 33
|
||||
group: 33
|
||||
owner: "33"
|
||||
group: "33"
|
||||
recurse: yes
|
||||
|
||||
- name: Build and start nextcloud docker project
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/nextcloud"
|
||||
build: yes
|
||||
pull: yes
|
||||
state: present
|
||||
|
||||
- name: Check if database tables exist
|
||||
command: docker-compose exec -T db mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud -e "show tables;"
|
||||
command: docker-compose exec -T postgres psql -U nextcloud nextcloud -c "\dt"
|
||||
args:
|
||||
chdir: "{{docker_compose_files_folder}}/nextcloud/"
|
||||
register: db_tables_exist
|
||||
|
|
@ -36,8 +41,9 @@
|
|||
delay: 10
|
||||
until: db_tables_exist.rc == 0
|
||||
changed_when: no
|
||||
|
||||
- name: Restore Nextcloud database
|
||||
command: docker-compose exec -T db sh -c "mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud < /backups/database.dmp"
|
||||
command: docker-compose exec -T postgres sh -c "psql -U nextcloud nextcloud < /backups/database.dmp"
|
||||
args:
|
||||
chdir: "{{docker_compose_files_folder}}/nextcloud/"
|
||||
when: db_tables_exist.stdout_lines|length == 0
|
||||
|
|
|
|||
|
|
@ -9,20 +9,29 @@ iptables -X
|
|||
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
PORTS_TO_FORWARD_TCP="25 53 80 110 143 443 465 587 993 995 2224 3478 8008 8448 27015 64738"
|
||||
PORTS_TO_FORWARD_UDP="53 34197 64738"
|
||||
#DESTINATION_IP="212.83.165.111"
|
||||
DESTINATION_IP="5.9.66.49"
|
||||
PORTS_TO_FORWARD_TCP_STORAGE="53 80 143 443 2224 3478 8008 8448 27015 64738"
|
||||
PORTS_TO_FORWARD_UDP_STORAGE="53 34197 64738"
|
||||
PORTS_TO_FORWARD_TCP_MAIL="25 110 143 465 587 993 995"
|
||||
|
||||
for port in `echo $PORTS_TO_FORWARD_TCP`
|
||||
DESTINATION_IP_STORAGE="5.9.66.49"
|
||||
DESTINATION_IP_MAIL="5.9.66.49"
|
||||
|
||||
for port in `echo $PORTS_TO_FORWARD_TCP_STORAGE`
|
||||
do
|
||||
iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP}
|
||||
iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
|
||||
iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
|
||||
iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
|
||||
done
|
||||
|
||||
for port in `echo $PORTS_TO_FORWARD_UDP`
|
||||
for port in `echo $PORTS_TO_FORWARD_UDP_STORAGE`
|
||||
do
|
||||
iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP}
|
||||
iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
|
||||
iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
|
||||
iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
|
||||
done
|
||||
|
||||
for port in `echo $PORTS_TO_FORWARD_TCP_MAIL`
|
||||
do
|
||||
iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_MAIL}
|
||||
iptables -A FORWARD -d ${DESTINATION_IP_MAIL}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
|
||||
done
|
||||
|
||||
iptables -t nat -A POSTROUTING -j MASQUERADE
|
||||
|
|
|
|||
|
|
@ -2,10 +2,11 @@
|
|||
|
||||
set -e
|
||||
|
||||
SOURCE_HOST=195.154.134.7
|
||||
SOURCE_HOST=5.9.66.49
|
||||
|
||||
{% if inventory_hostname in (groups['storage']) %}
|
||||
#Sync Media
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/media/ /data --delete
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/data/ /data --delete
|
||||
|
||||
#Sync Backups
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/backups/ /backups --delete
|
||||
|
|
@ -19,14 +20,12 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/transmission/ /var/lib/trans
|
|||
mkdir -p {{docker_compose_files_folder}}/emby
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/emby/config/ {{docker_compose_files_folder}}/emby/config --exclude "transcoding-temp" --delete
|
||||
|
||||
#Sync Mailu
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
|
||||
|
||||
#Sync matrix
|
||||
mkdir -p {{docker_compose_files_folder}}/matrix
|
||||
mkdir -p /var/lib/matrix
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/matrix/synapse/ {{docker_compose_files_folder}}/matrix/synapse --delete
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/matrix/media_store/ /var/lib/matrix/media_store --delete
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/var/log/synapse/ /var/log/synapse --delete
|
||||
|
||||
#Sync nextcloud
|
||||
mkdir -p {{docker_compose_files_folder}}/nextcloud/config
|
||||
|
|
@ -47,3 +46,10 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/opt/factorio/ /opt/factorio --delete
|
|||
#Sync STB wordpress
|
||||
mkdir -p /var/lib/stb
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/stb/ /var/lib/stb --delete
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/stb/ {{docker_compose_files_folder}}/stb --delete
|
||||
{% endif %}
|
||||
|
||||
{% if inventory_hostname in (groups['mail']) %}
|
||||
#Sync Mailu
|
||||
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,10 @@
|
|||
---
|
||||
- name: Copy searx config
|
||||
copy: src=searx dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: searx
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Start searx docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/searx state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/searx"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -3,22 +3,27 @@
|
|||
file:
|
||||
state: directory
|
||||
dest: "{{docker_compose_files_folder}}/stb"
|
||||
|
||||
- name: Copy STB docker-compose
|
||||
copy:
|
||||
src: docker-compose.yml
|
||||
dest: "{{docker_compose_files_folder}}/stb/"
|
||||
|
||||
- name: Copy php upload config
|
||||
copy:
|
||||
src: uploads.ini
|
||||
dest: "{{docker_compose_files_folder}}/stb/"
|
||||
|
||||
- name: Create .env
|
||||
template:
|
||||
src: .env
|
||||
dest: "{{docker_compose_files_folder}}/stb/.env"
|
||||
|
||||
- name: Pull and start docker project
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/stb"
|
||||
state: present
|
||||
|
||||
- name: Check if database tables exist
|
||||
command: docker-compose exec -T db mysql -u stb -p{{stb_mysql_password}} stb -e "show tables;"
|
||||
args:
|
||||
|
|
@ -28,6 +33,7 @@
|
|||
delay: 10
|
||||
until: db_tables_exist.rc == 0
|
||||
changed_when: no
|
||||
|
||||
- name: Restore STB database
|
||||
command: docker-compose exec -T db sh -c "mysql -u stb -p{{stb_mysql_password}} stb < /backups/database.dmp"
|
||||
args:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,6 @@
|
|||
src: torrent/.env
|
||||
dest: "{{docker_compose_files_folder}}/torrent/.env"
|
||||
- name: Start torrent docker project
|
||||
docker_service:
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/torrent"
|
||||
state: present
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -1,12 +1,16 @@
|
|||
---
|
||||
- name: Copy traefik config
|
||||
copy: src=traefik dest={{docker_compose_files_folder}}
|
||||
- name: Create traefik .env
|
||||
- name: Copy traefik files
|
||||
template:
|
||||
src: traefik/.env
|
||||
dest: "{{docker_compose_files_folder}}/traefik/.env"
|
||||
src: "{{item}}"
|
||||
dest: "{{docker_compose_files_folder}}/traefik/{{item}}"
|
||||
loop:
|
||||
- .env
|
||||
- docker-compose.yml
|
||||
- data/traefik.toml
|
||||
- name: Create web docker network
|
||||
docker_network:
|
||||
name: web
|
||||
- name: Start traefik docker project
|
||||
docker_compose: project_src={{docker_compose_files_folder}}/traefik state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/traefik"
|
||||
state: present
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}}
|
||||
TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}}
|
||||
|
|
@ -23,7 +23,11 @@ dashboard = true
|
|||
|
||||
[docker]
|
||||
endpoint = "unix:///var/run/docker.sock"
|
||||
{% if inventory_hostname in (groups['mail']) %}
|
||||
domain = "mail1.banditlair.com"
|
||||
{% else %}
|
||||
domain = "banditlair.com"
|
||||
{% endif %}
|
||||
watch = true
|
||||
exposedbydefault = false
|
||||
|
||||
|
|
@ -37,8 +41,13 @@ KeyType = "RSA4096"
|
|||
entryPoint = "http"
|
||||
|
||||
[[acme.domains]]
|
||||
{% if inventory_hostname in (groups['mail']) %}
|
||||
main = "mail1.banditlair.com"
|
||||
{% else %}
|
||||
main = "banditlair.com"
|
||||
sans = ["mail.banditlair.com"]
|
||||
{% endif %}
|
||||
|
||||
|
||||
[accessLog]
|
||||
filePath = "/var/log/traefik/access.log"
|
||||
|
|
@ -15,7 +15,7 @@ services:
|
|||
labels:
|
||||
- "traefik.backend=traefik"
|
||||
- "traefik.docker.network=web"
|
||||
- "traefik.frontend.rule=Host:traefik.banditlair.com"
|
||||
- "traefik.frontend.rule=Host:traefik.{{inventory_hostname}}.banditlair.com"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.port=8080"
|
||||
- "traefik.default.protocol=http"
|
||||
|
|
@ -1,5 +1,10 @@
|
|||
---
|
||||
- name: Copy wiki config
|
||||
copy: src=wiki dest={{docker_compose_files_folder}}
|
||||
copy:
|
||||
src: wiki
|
||||
dest: "{{docker_compose_files_folder}}"
|
||||
|
||||
- name: Start wiki docker project
|
||||
docker_service: project_src={{docker_compose_files_folder}}/wiki state=present
|
||||
docker_compose:
|
||||
project_src: "{{docker_compose_files_folder}}/wiki"
|
||||
state: present
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue