phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 13:46:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Migrate to bigger Hetzner server

Browse source
This commit is contained in:
Paul-Henri Froidmont 2019-11-05 03:37:05 +01:00
parent d77f2ef548
commit 86fb8e71c1
32 changed files with 294 additions and 226 deletions
Download patch file Download diff file Expand all files Collapse all files

16
dns/banditlair.com.zone
View file

@ -6,21 +6,25 @@ banditlair.com. 86400 IN NS ns0.online.net.
banditlair.com. 86400 IN NS ns1.online.net. banditlair.com. 86400 IN NS ns1.online.net.
; Custom DNS server ; Custom DNS server
ns.banditlair.com. 600 IN A 144.76.18.197
ddns.banditlair.com. 3600 IN NS ns.banditlair.com. ddns.banditlair.com. 3600 IN NS ns.banditlair.com.
ns.banditlair.com. 600 IN A 5.9.66.49
; Main domain ; Main domain
banditlair.com. 86400 IN A 5.9.66.49 banditlair.com. 600 IN A 144.76.18.197
www.banditlair.com. 86400 IN CNAME banditlair.com. www.banditlair.com. 600 IN CNAME banditlair.com.
storage1 600 IN A 5.9.66.49 storage1 600 IN A 144.76.18.197
*.banditlair.com. 600 IN CNAME banditlair.com. *.banditlair.com. 600 IN CNAME banditlair.com.
; Avoid the proxy for Emby to keep maximum bandwidth
emby 600 IN A 144.76.18.197
; Matrix special record ; Matrix special record
banditlair.com.banditlair.com. 86400 IN SRV 12 10 8448 matrix.banditlair.com. banditlair.com.banditlair.com. 86400 IN SRV 12 10 8448 matrix.banditlair.com.
; Mail server related records ; Mail server related records
mail2 86400 IN A 5.9.66.49 ;webmail 86400 IN A 144.76.18.197
;mail 86400 IN A 78.47.38.125
;mail2 86400 IN A 144.76.18.197
banditlair.com. 86400 IN MX 20 mail2.banditlair.com. banditlair.com. 86400 IN MX 20 mail2.banditlair.com.
banditlair.com. 86400 IN MX 12 mail.banditlair.com. banditlair.com. 86400 IN MX 12 mail.banditlair.com.
banditlair.com. 600 IN TXT "v=spf1 mx -all" banditlair.com. 600 IN TXT "v=spf1 mx -all"

51
playbook.yml
View file

@ -1,11 +1,10 @@
--- ---
- hosts: all - hosts: storage
become: true become: true
vars: vars:
docker_compose_files_folder_previous_server: /etc/images docker_compose_files_folder_previous_server: /etc/compose
docker_compose_files_folder: /etc/compose docker_compose_files_folder: /etc/compose
domain_name: banditlair.com domain_name: banditlair.com
docker_version: 18.06.*
sub_domains: sub_domains:
- rpg - rpg
roles: roles:
@ -13,18 +12,38 @@
- { role: scripts, tags: [ 'scripts' ] } - { role: scripts, tags: [ 'scripts' ] }
- { role: daily-backup, tags: [ 'backup' ] } - { role: daily-backup, tags: [ 'backup' ] }
- { role: docker, tags: [ 'docker' ] } - { role: docker, tags: [ 'docker' ] }
- { role: murmur-docker, tags: [ 'murmur', 'docker' ] } - { role: murmur-docker, tags: [ 'murmur' ] }
- { role: searx-docker, tags: [ 'searx', 'docker' ] } - { role: searx-docker, tags: [ 'searx' ] }
- { role: wiki-docker, tags: [ 'wiki', 'docker' ] } - { role: wiki-docker, tags: [ 'wiki' ] }
- { role: emby-docker, tags: [ 'emby', 'docker' ] } - { role: emby-docker, tags: [ 'emby' ] }
- { role: gitlab-docker, tags: [ 'gitlab', 'docker' ] } - { role: gitlab-docker, tags: [ 'gitlab' ] }
- { role: mailu-docker, tags: [ 'mailu', 'docker' ] } - { role: nextcloud-docker, tags: [ 'nextcloud' ] }
- { role: nextcloud-docker, tags: [ 'nextcloud', 'docker' ] } - { role: matrix-docker, tags: [ 'matrix' ] }
- { role: matrix-docker, tags: [ 'matrix', 'docker' ] } - { role: torrent-docker, tags: [ 'torrent' ] }
- { role: torrent-docker, tags: [ 'torrent', 'docker' ] }
- { role: monit, tags: [ 'monit' ] } - { role: monit, tags: [ 'monit' ] }
- { role: stb-wordpress-docker, tags: [ 'stb', 'docker' ] } - { role: stb-wordpress-docker, tags: [ 'stb' ] }
- { role: invidious-docker, tags: [ 'invidious', 'docker' ] } - { role: invidious-docker, tags: [ 'invidious' ] }
- { role: traefik-proxy-docker, tags: [ 'traefik', 'docker' ] } - { role: traefik-proxy-docker, tags: [ 'traefik' ] }
- { role: ddns-docker, tags: [ 'ddns', 'docker' ] } - { role: ddns-docker, tags: [ 'ddns' ] }
- role: mailu-docker
tags: [ 'mailu' ]
- hosts: mail
become: true
vars:
docker_compose_files_folder_previous_server: /etc/compose
docker_compose_files_folder: /etc/compose
domain_name: banditlair.com
sub_domains:
- rpg
roles:
- role: scripts
tags: [ 'scripts' ]
- role: daily-backup
tags: [ 'backup' ]
- role: docker
tags: [ 'docker' ]
- role: mailu-docker
tags: [ 'mailu' ]
- role: traefik-proxy-docker
tags: [ 'traefik' ]

8
production
View file

@ -1,2 +1,8 @@
#195.154.134.7 ansible_user=root #195.154.134.7 ansible_user=root
5.9.66.49 ansible_user=root ansible_python_interpreter=/usr/bin/python3 #5.9.66.49 ansible_user=root ansible_python_interpreter=/usr/bin/python3
[storage]
storage1 ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_host=144.76.18.197
[mail]
mail1 ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_host=78.47.116.71

8
roles/arch-mirror-docker/tasks/main.yml
View file

@ -14,6 +14,10 @@
job: "/home/claude/syncArchRepo.sh" job: "/home/claude/syncArchRepo.sh"
user: claude user: claude
- name: Copy Arch Linux mirror config - name: Copy Arch Linux mirror config
copy: src=arch-mirror dest={{docker_compose_files_folder}} copy:
src: arch-mirror
dest: "{{docker_compose_files_folder}}"
- name: Start Arch mirror project - name: Start Arch mirror project
docker_service: project_src={{docker_compose_files_folder}}/arch-mirror state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/arch-mirror"
state: present

2
roles/ddns-docker/tasks/main.yml
View file

@ -5,6 +5,6 @@
dest: "{{docker_compose_files_folder}}" dest: "{{docker_compose_files_folder}}"
- name: Start ddns docker project - name: Start ddns docker project
docker_service: docker_compose:
project_src: "{{docker_compose_files_folder}}/ddns" project_src: "{{docker_compose_files_folder}}/ddns"
state: present state: present

3
roles/docker/defaults/main.yml
View file

@ -2,6 +2,3 @@ docker_apt_key: https://download.docker.com/linux/ubuntu/gpg
docker_apt_repository: https://download.docker.com/linux/ubuntu docker_apt_repository: https://download.docker.com/linux/ubuntu
# Choose 'edge' 'stable' or 'testing' for docker channel # Choose 'edge' 'stable' or 'testing' for docker channel
docker_apt_channel: stable docker_apt_channel: stable
# Docker daemon config file
docker_daemon_config: /etc/docker/daemon.json
docker_version: 18.06.*

5
roles/docker/handlers/main.yml
View file

@ -1,10 +1,5 @@
--- ---
- name: reload systemd
command: systemctl daemon-reload
- name: restart docker - name: restart docker
systemd: systemd:
name: docker name: docker
state: restarted state: restarted

113
roles/docker/tasks/main.yml
View file

@ -1,28 +1,26 @@
--- ---
- name: Docker installation for Ubuntu distribution - name: Ensure docker packages are not present
block:
- name: Ensure docker packages are not present
apt: apt:
state: absent state: absent
name: ['docker', 'docker-engine', 'docker.io'] name: ['docker', 'docker-engine', 'docker.io']
- name: Install docker package dependencies - name: Install docker package dependencies
apt: apt:
state: latest state: latest
name: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common'] name: ['apt-transport-https', 'ca-certificates']
update_cache: yes update_cache: yes
cache_valid_time: 86400 cache_valid_time: 86400
register: result register: result
retries: 3 retries: 3
until: result is success until: result is success
- name: Adding Docker official gpg key - name: Adding Docker official gpg key
apt_key: apt_key:
url: "{{ docker_apt_key }}" url: "{{ docker_apt_key }}"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present state: present
- name: Setting Docker repository depending on arch - name: Setting Docker repository depending on arch
set_fact: set_fact:
docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}" docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
when: ansible_architecture == item.system_arch when: ansible_architecture == item.system_arch
@ -30,78 +28,67 @@
- { system_arch: 'x86_64', apt_arch: 'amd64' } - { system_arch: 'x86_64', apt_arch: 'amd64' }
- { system_arch: 'arm', apt_arch: 'armhf' } - { system_arch: 'arm', apt_arch: 'armhf' }
- name: Printing Docker repository - name: Printing Docker repository
debug: debug:
var: docker_repository var: docker_repository
- name: Adding Docker repository - name: Adding Docker repository
apt_repository: apt_repository:
repo: "{{ docker_repository }}" repo: "{{ docker_repository }}"
state: present state: present
filename: 'docker' update_cache: true
- name: Explicitly create docker0 - name: Install Docker.
shell: | package:
ip link add name docker0 type bridge || true name: docker-ce
ip addr add dev docker0 172.17.0.1/16 || true state: present
changed_when: no
- name: Install docker-ce
apt:
name: docker-ce={{ docker_version }}
update_cache: yes
register: result
retries: 3
until: result is success
- name: Pin docker-ce release
copy:
dest: /etc/apt/preferences.d/docker-ce
content: |
Package: docker-ce
Pin: version {{ docker_version }}
Pin-Priority: 1002
- name: Fixing systemd unit for Docker config file
template:
src: docker.service.j2
dest: /lib/systemd/system/docker.service
notify: reload systemd
- name: Create docker config directory
file:
path: /etc/docker
mode: 0700
recurse: yes
- name: Templating /etc/docker/daemon.json
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify: restart docker notify: restart docker
- name: Flushing handlers 2 - name: Ensure containerd service dir exists.
file:
path: /etc/systemd/system/containerd.service.d
state: directory
- name: Add shim to ensure Docker can start in all environments.
template:
src: override.conf.j2
dest: /etc/systemd/system/containerd.service.d/override.conf
register: override_template
- name: Reload systemd daemon if template is changed.
systemd:
daemon_reload: true
when: override_template is changed
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: started
enabled: true
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers meta: flush_handlers
- name: Getting Docker version - name: Install python3-pip
shell: "docker --version"
register: docker_version
changed_when: no
- name: Install python3-pip
apt: apt:
name: python3-pip name: python3-pip
state: latest state: latest
cache_valid_time: 3600 cache_valid_time: 86400
register: result register: result
retries: 3 retries: 3
until: result is success until: result is success
- name: Install docker-compose
- name: Install docker-compose package dependencies
apt:
state: latest
name: python3-setuptools
update_cache: yes
cache_valid_time: 86400
register: result
retries: 3
until: result is success
- name: Install docker-compose
pip: pip:
name: docker-compose name: docker-compose
- name: Printing Docker version
debug: var=docker_version
when: ansible_distribution == "Ubuntu"

3
roles/docker/templates/daemon.json.j2
View file

@ -1,3 +0,0 @@
{
"experimental": true
}

37
roles/docker/templates/docker.service.j2
View file

@ -1,37 +0,0 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --config-file {{ docker_daemon_config }} -H fd://
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
Environment="NO_PROXY=https://cp-par1.scaleway.com,https://cp-ams1.scaleway.com,https://account.scaleway.com,http://169.254.42.42,192.168.66.0/24"
Environment="DOCKER_OPTS=--iptables=false --ip-masq=false"
[Install]
WantedBy=multi-user.target

3
roles/docker/templates/override.conf.j2 Normal file
View file

@ -0,0 +1,3 @@
# {{ ansible_managed }}
[Service]
ExecStartPre=

8
roles/emby-docker/tasks/main.yml
View file

@ -1,5 +1,9 @@
--- ---
- name: Copy emby config - name: Copy emby config
copy: src=emby dest={{docker_compose_files_folder}} copy:
src: emby
dest: "{{docker_compose_files_folder}}"
- name: Start emby docker project - name: Start emby docker project
docker_service: project_src={{docker_compose_files_folder}}/emby state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/emby"
state: present

28
roles/gitlab-docker/tasks/main.yml
View file

@ -1,27 +1,45 @@
--- ---
- name: Copy docker-compose.yml - name: Copy docker-compose.yml
copy: src=gitlab dest={{docker_compose_files_folder}} copy:
src: gitlab
dest: "{{docker_compose_files_folder}}"
- name: Create gitlab config folder - name: Create gitlab config folder
file: dest={{docker_compose_files_folder}}/gitlab/config state=directory file:
dest: "{{docker_compose_files_folder}}/gitlab/config"
state: directory
- name: Create gitlab config - name: Create gitlab config
template: src=gitlab/config/gitlab.rb dest={{docker_compose_files_folder}}/gitlab/config/gitlab.rb template:
src: gitlab/config/gitlab.rb
dest: "{{docker_compose_files_folder}}/gitlab/config/gitlab.rb"
- name: Start gitlab docker project - name: Start gitlab docker project
docker_service: project_src={{docker_compose_files_folder}}/gitlab state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/gitlab"
state: present
- name: Find Gitlab user repositories - name: Find Gitlab user repositories
find: paths=/var/lib/gitlab/git-data/repositories/ file_type=directory patterns="*" find:
paths: /var/lib/gitlab/git-data/repositories/
file_type: directory
patterns: "*"
register: gitlab_users_repos register: gitlab_users_repos
- name: Get Gitlab git user id - name: Get Gitlab git user id
command: docker-compose exec -T gitlab id -u git command: docker-compose exec -T gitlab id -u git
args: args:
chdir: "{{docker_compose_files_folder}}/gitlab/" chdir: "{{docker_compose_files_folder}}/gitlab/"
register: gitlab_git_uid register: gitlab_git_uid
when: gitlab_users_repos.matched|int == 0 when: gitlab_users_repos.matched|int == 0
- name: Wait for Gitlab to be installed - name: Wait for Gitlab to be installed
wait_for: wait_for:
path: /var/lib/gitlab/postgres-exporter/ path: /var/lib/gitlab/postgres-exporter/
state: present state: present
timeout: 600 timeout: 600
when: gitlab_users_repos.matched|int == 0 when: gitlab_users_repos.matched|int == 0
- name: Restore backup if no users are found - name: Restore backup if no users are found
script: restore-backup.sh {{gitlab_git_uid.stdout}} script: restore-backup.sh {{gitlab_git_uid.stdout}}
register: gitlab_backup_restore register: gitlab_backup_restore

10
roles/mailu-docker/files/mailu/docker-compose.yml
View file

@ -9,7 +9,7 @@ networks:
ipam: ipam:
driver: default driver: default
config: config:
- subnet: 172.22.0.0/16 - subnet: 192.168.64.0/20
services: services:
front: front:
@ -53,7 +53,7 @@ services:
env_file: .env env_file: .env
networks: networks:
default: default:
ipv4_address: 172.22.255.254 ipv4_address: 192.168.64.254
admin: admin:
image: mailu/admin:$VERSION image: mailu/admin:$VERSION
@ -87,7 +87,7 @@ services:
- front - front
- resolver - resolver
dns: dns:
- 172.22.255.254 - 192.168.64.254
antispam: antispam:
image: mailu/rspamd:$VERSION image: mailu/rspamd:$VERSION
@ -101,7 +101,7 @@ services:
- front - front
- resolver - resolver
dns: dns:
- 172.22.255.254 - 192.168.64.254
fetchmail: fetchmail:
image: mailu/fetchmail:$VERSION image: mailu/fetchmail:$VERSION
@ -110,7 +110,7 @@ services:
depends_on: depends_on:
- resolver - resolver
dns: dns:
- 172.22.255.254 - 192.168.64.254
webmail: webmail:
image: mailu/rainloop image: mailu/rainloop

1
roles/mailu-docker/files/mailu/overrides/postfix.cf
View file

@ -1,2 +1 @@
#debug_peer_list = 172.22.0.1 #debug_peer_list = 172.22.0.1

12
roles/mailu-docker/tasks/main.yml
View file

@ -1,7 +1,13 @@
--- ---
- name: Copy mailu config - name: Copy mailu config
copy: src=mailu dest={{docker_compose_files_folder}} copy:
src: mailu
dest: "{{docker_compose_files_folder}}"
- name: Create mailu config - name: Create mailu config
template: src=mailu/.env dest={{docker_compose_files_folder}}/mailu/.env template:
src: mailu/.env
dest: "{{docker_compose_files_folder}}/mailu/.env"
- name: Start mailu docker project - name: Start mailu docker project
docker_service: project_src={{docker_compose_files_folder}}/mailu state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/mailu"
state: present

4
roles/mailu-docker/templates/mailu/.env
View file

@ -17,7 +17,7 @@ SECRET_KEY={{mailu_secret_key}}
BIND_ADDRESS4=0.0.0.0 BIND_ADDRESS4=0.0.0.0
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external! # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!
SUBNET=172.22.0.0/16 SUBNET=192.168.64.0/20
# Main mail domain # Main mail domain
DOMAIN=banditlair.com DOMAIN=banditlair.com
@ -64,7 +64,7 @@ MESSAGE_SIZE_LIMIT=50000000
# Networks granted relay permissions # Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication! # Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS=172.22.0.0/16 RELAYNETS=192.168.64.0/20
# Will relay all outgoing mails if configured # Will relay all outgoing mails if configured
RELAYHOST= RELAYHOST=

2
roles/matrix-docker/files/matrix/docker-compose.yml
View file

@ -33,6 +33,8 @@ services:
- /var/log/synapse:/data/log - /var/log/synapse:/data/log
- ./synapse:/data - ./synapse:/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
depends_on:
- db
networks: networks:
- matrix - matrix
- web - web

6
roles/matrix-docker/tasks/main.yml
View file

@ -3,13 +3,16 @@
copy: copy:
src: matrix src: matrix
dest: "{{docker_compose_files_folder}}" dest: "{{docker_compose_files_folder}}"
- name: Create matrix-network docker network - name: Create matrix-network docker network
docker_network: docker_network:
name: matrix-network name: matrix-network
- name: Start matrix docker project - name: Start matrix docker project
docker_service: docker_compose:
project_src: "{{docker_compose_files_folder}}/matrix" project_src: "{{docker_compose_files_folder}}/matrix"
state: present state: present
- name: Wait for database to start and count matrix users - name: Wait for database to start and count matrix users
shell: docker-compose exec -T db psql -U synapse synapse -c "select count(*) from users;" -t shell: docker-compose exec -T db psql -U synapse synapse -c "select count(*) from users;" -t
args: args:
@ -18,6 +21,7 @@
until: matrix_users_count.rc == 0 until: matrix_users_count.rc == 0
retries: 10 retries: 10
changed_when: false changed_when: false
- name: Restore Matrix database if needed - name: Restore Matrix database if needed
command: docker-compose exec -T db sh -c "psql -U synapse synapse < /backups/database.dmp" command: docker-compose exec -T db sh -c "psql -U synapse synapse < /backups/database.dmp"
args: args:

2
roles/monit/templates/monitrc
View file

@ -352,7 +352,7 @@ check host transmission with address transmission.banditlair.com
with timeout 20 seconds with timeout 20 seconds
then alert then alert
check host rpg-wiki with address rpg.banditlair.com check host anderia-wiki with address anderia.banditlair.com
if failed port 443 protocol https with timeout 20 seconds then alert if failed port 443 protocol https with timeout 20 seconds then alert
############################################################################### ###############################################################################
## Includes ## Includes

18
roles/murmur-docker/tasks/main.yml
View file

@ -1,9 +1,19 @@
--- ---
- name: Copy murmur config - name: Copy murmur config
copy: src=murmur dest={{docker_compose_files_folder}} copy:
src: murmur
dest: "{{docker_compose_files_folder}}"
- name: Create murmur data folder - name: Create murmur data folder
file: dest=/var/lib/murmur state=directory file:
dest: /var/lib/murmur
state: directory
- name: Copy murmur database - name: Copy murmur database
copy: src=/backups/murmur/murmur.sqlite dest=/var/lib/murmur/ force=no remote_src=yes copy:
src: /backups/murmur/murmur.sqlite
dest: /var/lib/murmur/
force: no
remote_src: yes
- name: Start murmur docker project - name: Start murmur docker project
docker_service: project_src={{docker_compose_files_folder}}/murmur state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/murmur"
state: present

16
roles/nextcloud-docker/tasks/main.yml
View file

@ -3,10 +3,12 @@
copy: copy:
src: nextcloud src: nextcloud
dest: "{{docker_compose_files_folder}}" dest: "{{docker_compose_files_folder}}"
- name: Create .env - name: Create .env
template: template:
src: nextcloud/.env src: nextcloud/.env
dest: "{{docker_compose_files_folder}}/nextcloud/.env" dest: "{{docker_compose_files_folder}}/nextcloud/.env"
- name: Create nextcloud config - name: Create nextcloud config
template: template:
src: nextcloud/config/{{item}} src: nextcloud/config/{{item}}
@ -15,20 +17,23 @@
- base.config.php - base.config.php
- database.config.php - database.config.php
- mail.config.php - mail.config.php
- name: Change config folder owner to http - name: Change config folder owner to http
file: file:
path: "{{docker_compose_files_folder}}/nextcloud/config" path: "{{docker_compose_files_folder}}/nextcloud/config"
owner: 33 owner: "33"
group: 33 group: "33"
recurse: yes recurse: yes
- name: Build and start nextcloud docker project - name: Build and start nextcloud docker project
docker_service: docker_compose:
project_src: "{{docker_compose_files_folder}}/nextcloud" project_src: "{{docker_compose_files_folder}}/nextcloud"
build: yes build: yes
pull: yes pull: yes
state: present state: present
- name: Check if database tables exist - name: Check if database tables exist
command: docker-compose exec -T db mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud -e "show tables;" command: docker-compose exec -T postgres psql -U nextcloud nextcloud -c "\dt"
args: args:
chdir: "{{docker_compose_files_folder}}/nextcloud/" chdir: "{{docker_compose_files_folder}}/nextcloud/"
register: db_tables_exist register: db_tables_exist
@ -36,8 +41,9 @@
delay: 10 delay: 10
until: db_tables_exist.rc == 0 until: db_tables_exist.rc == 0
changed_when: no changed_when: no
- name: Restore Nextcloud database - name: Restore Nextcloud database
command: docker-compose exec -T db sh -c "mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud < /backups/database.dmp" command: docker-compose exec -T postgres sh -c "psql -U nextcloud nextcloud < /backups/database.dmp"
args: args:
chdir: "{{docker_compose_files_folder}}/nextcloud/" chdir: "{{docker_compose_files_folder}}/nextcloud/"
when: db_tables_exist.stdout_lines|length == 0 when: db_tables_exist.stdout_lines|length == 0

29
roles/scripts/files/proxyFirewall.sh
View file

@ -9,20 +9,29 @@ iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
PORTS_TO_FORWARD_TCP="25 53 80 110 143 443 465 587 993 995 2224 3478 8008 8448 27015 64738" PORTS_TO_FORWARD_TCP_STORAGE="53 80 143 443 2224 3478 8008 8448 27015 64738"
PORTS_TO_FORWARD_UDP="53 34197 64738" PORTS_TO_FORWARD_UDP_STORAGE="53 34197 64738"
#DESTINATION_IP="212.83.165.111" PORTS_TO_FORWARD_TCP_MAIL="25 110 143 465 587 993 995"
DESTINATION_IP="5.9.66.49"
for port in `echo $PORTS_TO_FORWARD_TCP` DESTINATION_IP_STORAGE="5.9.66.49"
DESTINATION_IP_MAIL="5.9.66.49"
for port in `echo $PORTS_TO_FORWARD_TCP_STORAGE`
do do
iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP} iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
done done
for port in `echo $PORTS_TO_FORWARD_UDP` for port in `echo $PORTS_TO_FORWARD_UDP_STORAGE`
do do
iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP} iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
done done
for port in `echo $PORTS_TO_FORWARD_TCP_MAIL`
do
iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_MAIL}
iptables -A FORWARD -d ${DESTINATION_IP_MAIL}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
done
iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t nat -A POSTROUTING -j MASQUERADE

16
roles/scripts/templates/syncData.sh
View file

@ -2,10 +2,11 @@
set -e set -e
SOURCE_HOST=195.154.134.7 SOURCE_HOST=5.9.66.49
{% if inventory_hostname in (groups['storage']) %}
#Sync Media #Sync Media
rsync -aAvh --progress root@${SOURCE_HOST}:/media/ /data --delete rsync -aAvh --progress root@${SOURCE_HOST}:/data/ /data --delete
#Sync Backups #Sync Backups
rsync -aAvh --progress root@${SOURCE_HOST}:/backups/ /backups --delete rsync -aAvh --progress root@${SOURCE_HOST}:/backups/ /backups --delete
@ -19,14 +20,12 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/transmission/ /var/lib/trans
mkdir -p {{docker_compose_files_folder}}/emby mkdir -p {{docker_compose_files_folder}}/emby
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/emby/config/ {{docker_compose_files_folder}}/emby/config --exclude "transcoding-temp" --delete rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/emby/config/ {{docker_compose_files_folder}}/emby/config --exclude "transcoding-temp" --delete
#Sync Mailu
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
#Sync matrix #Sync matrix
mkdir -p {{docker_compose_files_folder}}/matrix mkdir -p {{docker_compose_files_folder}}/matrix
mkdir -p /var/lib/matrix mkdir -p /var/lib/matrix
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/matrix/synapse/ {{docker_compose_files_folder}}/matrix/synapse --delete rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/matrix/synapse/ {{docker_compose_files_folder}}/matrix/synapse --delete
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/matrix/media_store/ /var/lib/matrix/media_store --delete rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/matrix/media_store/ /var/lib/matrix/media_store --delete
rsync -aAvh --progress root@${SOURCE_HOST}:/var/log/synapse/ /var/log/synapse --delete
#Sync nextcloud #Sync nextcloud
mkdir -p {{docker_compose_files_folder}}/nextcloud/config mkdir -p {{docker_compose_files_folder}}/nextcloud/config
@ -47,3 +46,10 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/opt/factorio/ /opt/factorio --delete
#Sync STB wordpress #Sync STB wordpress
mkdir -p /var/lib/stb mkdir -p /var/lib/stb
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/stb/ /var/lib/stb --delete rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/stb/ /var/lib/stb --delete
rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/stb/ {{docker_compose_files_folder}}/stb --delete
{% endif %}
{% if inventory_hostname in (groups['mail']) %}
#Sync Mailu
rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
{% endif %}

9
roles/searx-docker/tasks/main.yml
View file

@ -1,5 +1,10 @@
--- ---
- name: Copy searx config - name: Copy searx config
copy: src=searx dest={{docker_compose_files_folder}} copy:
src: searx
dest: "{{docker_compose_files_folder}}"
- name: Start searx docker project - name: Start searx docker project
docker_service: project_src={{docker_compose_files_folder}}/searx state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/searx"
state: present

8
roles/stb-wordpress-docker/tasks/main.yml
View file

@ -3,22 +3,27 @@
file: file:
state: directory state: directory
dest: "{{docker_compose_files_folder}}/stb" dest: "{{docker_compose_files_folder}}/stb"
- name: Copy STB docker-compose - name: Copy STB docker-compose
copy: copy:
src: docker-compose.yml src: docker-compose.yml
dest: "{{docker_compose_files_folder}}/stb/" dest: "{{docker_compose_files_folder}}/stb/"
- name: Copy php upload config - name: Copy php upload config
copy: copy:
src: uploads.ini src: uploads.ini
dest: "{{docker_compose_files_folder}}/stb/" dest: "{{docker_compose_files_folder}}/stb/"
- name: Create .env - name: Create .env
template: template:
src: .env src: .env
dest: "{{docker_compose_files_folder}}/stb/.env" dest: "{{docker_compose_files_folder}}/stb/.env"
- name: Pull and start docker project - name: Pull and start docker project
docker_service: docker_compose:
project_src: "{{docker_compose_files_folder}}/stb" project_src: "{{docker_compose_files_folder}}/stb"
state: present state: present
- name: Check if database tables exist - name: Check if database tables exist
command: docker-compose exec -T db mysql -u stb -p{{stb_mysql_password}} stb -e "show tables;" command: docker-compose exec -T db mysql -u stb -p{{stb_mysql_password}} stb -e "show tables;"
args: args:
@ -28,6 +33,7 @@
delay: 10 delay: 10
until: db_tables_exist.rc == 0 until: db_tables_exist.rc == 0
changed_when: no changed_when: no
- name: Restore STB database - name: Restore STB database
command: docker-compose exec -T db sh -c "mysql -u stb -p{{stb_mysql_password}} stb < /backups/database.dmp" command: docker-compose exec -T db sh -c "mysql -u stb -p{{stb_mysql_password}} stb < /backups/database.dmp"
args: args:

2
roles/torrent-docker/tasks/main.yml
View file

@ -8,6 +8,6 @@
src: torrent/.env src: torrent/.env
dest: "{{docker_compose_files_folder}}/torrent/.env" dest: "{{docker_compose_files_folder}}/torrent/.env"
- name: Start torrent docker project - name: Start torrent docker project
docker_service: docker_compose:
project_src: "{{docker_compose_files_folder}}/torrent" project_src: "{{docker_compose_files_folder}}/torrent"
state: present state: present

16
roles/traefik-proxy-docker/tasks/main.yml
View file

@ -1,12 +1,16 @@
--- ---
- name: Copy traefik config - name: Copy traefik files
copy: src=traefik dest={{docker_compose_files_folder}}
- name: Create traefik .env
template: template:
src: traefik/.env src: "{{item}}"
dest: "{{docker_compose_files_folder}}/traefik/.env" dest: "{{docker_compose_files_folder}}/traefik/{{item}}"
loop:
- .env
- docker-compose.yml
- data/traefik.toml
- name: Create web docker network - name: Create web docker network
docker_network: docker_network:
name: web name: web
- name: Start traefik docker project - name: Start traefik docker project
docker_compose: project_src={{docker_compose_files_folder}}/traefik state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/traefik"
state: present

0
roles/traefik-proxy-docker/templates/traefik/.env → roles/traefik-proxy-docker/templates/.env
View file

9
roles/traefik-proxy-docker/files/traefik/data/traefik.toml → roles/traefik-proxy-docker/templates/data/traefik.toml
View file

@ -23,7 +23,11 @@ dashboard = true
[docker] [docker]
endpoint = "unix:///var/run/docker.sock" endpoint = "unix:///var/run/docker.sock"
{% if inventory_hostname in (groups['mail']) %}
domain = "mail1.banditlair.com"
{% else %}
domain = "banditlair.com" domain = "banditlair.com"
{% endif %}
watch = true watch = true
exposedbydefault = false exposedbydefault = false
@ -37,8 +41,13 @@ KeyType = "RSA4096"
entryPoint = "http" entryPoint = "http"
[[acme.domains]] [[acme.domains]]
{% if inventory_hostname in (groups['mail']) %}
main = "mail1.banditlair.com"
{% else %}
main = "banditlair.com" main = "banditlair.com"
sans = ["mail.banditlair.com"] sans = ["mail.banditlair.com"]
{% endif %}
[accessLog] [accessLog]
filePath = "/var/log/traefik/access.log" filePath = "/var/log/traefik/access.log"

2
roles/traefik-proxy-docker/files/traefik/docker-compose.yml → roles/traefik-proxy-docker/templates/docker-compose.yml
View file

@ -15,7 +15,7 @@ services:
labels: labels:
- "traefik.backend=traefik" - "traefik.backend=traefik"
- "traefik.docker.network=web" - "traefik.docker.network=web"
- "traefik.frontend.rule=Host:traefik.banditlair.com" - "traefik.frontend.rule=Host:traefik.{{inventory_hostname}}.banditlair.com"
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.port=8080" - "traefik.port=8080"
- "traefik.default.protocol=http" - "traefik.default.protocol=http"

9
roles/wiki-docker/tasks/main.yml
View file

@ -1,5 +1,10 @@
--- ---
- name: Copy wiki config - name: Copy wiki config
copy: src=wiki dest={{docker_compose_files_folder}} copy:
src: wiki
dest: "{{docker_compose_files_folder}}"
- name: Start wiki docker project - name: Start wiki docker project
docker_service: project_src={{docker_compose_files_folder}}/wiki state=present docker_compose:
project_src: "{{docker_compose_files_folder}}/wiki"
state: present