Migrate to bigger Hetzner server

dns/banditlair.com.zone

@@ -6,21 +6,25 @@ banditlair.com. 86400 IN NS ns0.online.net.
 banditlair.com.	86400 IN NS ns1.online.net.
 
 ; Custom DNS server
+ns.banditlair.com.   600  IN A  144.76.18.197
 ddns.banditlair.com. 3600 IN NS ns.banditlair.com.
-ns.banditlair.com.   600  IN A  5.9.66.49
-
 
 ; Main domain
-banditlair.com.     86400 IN A     5.9.66.49
+banditlair.com.     600 IN A     144.76.18.197
-www.banditlair.com. 86400 IN CNAME banditlair.com.
+www.banditlair.com. 600 IN CNAME banditlair.com.
-storage1            600   IN A     5.9.66.49
+storage1            600 IN A     144.76.18.197
-*.banditlair.com.   600   IN CNAME banditlair.com.
+*.banditlair.com.   600 IN CNAME banditlair.com.
+
+; Avoid the proxy for Emby to keep maximum bandwidth
+emby 600 IN A 144.76.18.197
 
 ; Matrix special record
 banditlair.com.banditlair.com. 86400 IN SRV 12 10 8448 matrix.banditlair.com.
 
 ; Mail server related records
-mail2                                        86400 IN A   5.9.66.49
+;webmail                                     86400 IN A   144.76.18.197
+;mail                                        86400 IN A   78.47.38.125
+;mail2                                       86400 IN A   144.76.18.197
 banditlair.com.                              86400 IN MX  20 mail2.banditlair.com.
 banditlair.com.                              86400 IN MX  12 mail.banditlair.com.
 banditlair.com.                              600   IN TXT "v=spf1 mx -all"

playbook.yml

@@ -1,11 +1,10 @@
 ---
-- hosts: all
+- hosts: storage
   become: true
   vars:
-    docker_compose_files_folder_previous_server: /etc/images
+    docker_compose_files_folder_previous_server: /etc/compose
     docker_compose_files_folder: /etc/compose
     domain_name: banditlair.com
-    docker_version: 18.06.*
     sub_domains:
       - rpg
   roles:
@@ -13,18 +12,38 @@
     - { role: scripts, tags: [ 'scripts' ] }
     - { role: daily-backup, tags: [ 'backup' ] }
     - { role: docker, tags: [ 'docker' ] }
-    - { role: murmur-docker, tags: [ 'murmur', 'docker' ] }
+    - { role: murmur-docker, tags: [ 'murmur' ] }
-    - { role: searx-docker, tags: [ 'searx', 'docker' ] }
+    - { role: searx-docker, tags: [ 'searx' ] }
-    - { role: wiki-docker, tags: [ 'wiki', 'docker' ] }
+    - { role: wiki-docker, tags: [ 'wiki' ] }
-    - { role: emby-docker, tags: [ 'emby', 'docker' ] }
+    - { role: emby-docker, tags: [ 'emby' ] }
-    - { role: gitlab-docker, tags: [ 'gitlab', 'docker' ] }
+    - { role: gitlab-docker, tags: [ 'gitlab' ] }
-    - { role: mailu-docker, tags: [ 'mailu', 'docker' ] }
+    - { role: nextcloud-docker, tags: [ 'nextcloud' ] }
-    - { role: nextcloud-docker, tags: [ 'nextcloud', 'docker' ] }
+    - { role: matrix-docker, tags: [ 'matrix' ] }
-    - { role: matrix-docker, tags: [ 'matrix', 'docker' ] }
+    - { role: torrent-docker, tags: [ 'torrent' ] }
-    - { role: torrent-docker, tags: [ 'torrent', 'docker' ] }
     - { role: monit, tags: [ 'monit' ] }
-    - { role: stb-wordpress-docker, tags: [ 'stb', 'docker' ] }
+    - { role: stb-wordpress-docker, tags: [ 'stb' ] }
-    - { role: invidious-docker, tags: [ 'invidious', 'docker' ] }
+    - { role: invidious-docker, tags: [ 'invidious' ] }
-    - { role: traefik-proxy-docker, tags: [ 'traefik', 'docker' ] }
+    - { role: traefik-proxy-docker, tags: [ 'traefik' ] }
-    - { role: ddns-docker, tags: [ 'ddns', 'docker' ] }
+    - { role: ddns-docker, tags: [ 'ddns' ] }
+    - role: mailu-docker
+      tags: [ 'mailu' ]
 
+- hosts: mail
+  become: true
+  vars:
+    docker_compose_files_folder_previous_server: /etc/compose
+    docker_compose_files_folder: /etc/compose
+    domain_name: banditlair.com
+    sub_domains:
+      - rpg
+  roles:
+    - role: scripts
+      tags: [ 'scripts' ]
+    - role: daily-backup
+      tags: [ 'backup' ]
+    - role: docker
+      tags: [ 'docker' ]
+    - role: mailu-docker
+      tags: [ 'mailu' ]
+    - role: traefik-proxy-docker
+      tags: [ 'traefik' ]

production

@@ -1,2 +1,8 @@
 #195.154.134.7   ansible_user=root
-5.9.66.49  ansible_user=root ansible_python_interpreter=/usr/bin/python3
+#5.9.66.49  ansible_user=root ansible_python_interpreter=/usr/bin/python3
+
+[storage]
+storage1    ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_host=144.76.18.197
+
+[mail]
+mail1       ansible_user=root ansible_python_interpreter=/usr/bin/python3 ansible_host=78.47.116.71

roles/arch-mirror-docker/tasks/main.yml

@@ -14,6 +14,10 @@
     job: "/home/claude/syncArchRepo.sh"
     user: claude
 - name: Copy Arch Linux mirror config
-  copy: src=arch-mirror dest={{docker_compose_files_folder}}
+  copy:
+    src: arch-mirror
+    dest: "{{docker_compose_files_folder}}"
 - name: Start Arch mirror project
-  docker_service: project_src={{docker_compose_files_folder}}/arch-mirror state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/arch-mirror"
+    state: present

roles/ddns-docker/tasks/main.yml

@@ -5,6 +5,6 @@
     dest: "{{docker_compose_files_folder}}"
 
 - name: Start ddns docker project
-  docker_service:
+  docker_compose:
     project_src: "{{docker_compose_files_folder}}/ddns"
     state: present

roles/docker/defaults/main.yml

@@ -2,6 +2,3 @@ docker_apt_key: https://download.docker.com/linux/ubuntu/gpg
 docker_apt_repository: https://download.docker.com/linux/ubuntu
 # Choose 'edge' 'stable' or 'testing' for docker channel
 docker_apt_channel: stable
-# Docker daemon config file
-docker_daemon_config: /etc/docker/daemon.json
-docker_version: 18.06.*

roles/docker/handlers/main.yml

@@ -1,10 +1,5 @@
 ---
-- name: reload systemd
-  command: systemctl daemon-reload
-
 - name: restart docker
   systemd:
     name: docker
     state: restarted
-
-

roles/docker/tasks/main.yml

@@ -1,107 +1,94 @@
 ---
-- name: Docker installation for Ubuntu distribution
+- name: Ensure docker packages are not present
-  block:
+  apt:
+    state: absent
+    name: ['docker', 'docker-engine', 'docker.io']
 
-  - name: Ensure docker packages are not present
+- name: Install docker package dependencies
-    apt:
+  apt:
-      state: absent
+    state: latest
-      name: ['docker', 'docker-engine', 'docker.io']
+    name: ['apt-transport-https', 'ca-certificates']
+    update_cache: yes
+    cache_valid_time: 86400
+  register: result
+  retries: 3
+  until: result is success
 
-  - name: Install docker package dependencies
+- name: Adding Docker official gpg key
-    apt:
+  apt_key:
-      state: latest
+    url: "{{ docker_apt_key }}"
-      name: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common']
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-      update_cache: yes
+    state: present
-      cache_valid_time: 86400
-    register: result
-    retries: 3
-    until: result is success
 
-  - name: Adding Docker official gpg key
+- name: Setting Docker repository depending on arch
-    apt_key:
+  set_fact:
-      url: "{{ docker_apt_key }}"
+    docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
-      state: present
+  when: ansible_architecture == item.system_arch
+  with_items:
+    - { system_arch: 'x86_64', apt_arch: 'amd64' }
+    - { system_arch: 'arm', apt_arch: 'armhf' }
 
-  - name: Setting Docker repository depending on arch
+- name: Printing Docker repository
-    set_fact:
+  debug:
-      docker_repository: "deb [arch={{ item.apt_arch }}] {{ docker_apt_repository }} {{ ansible_distribution_release }} {{ docker_apt_channel }}"
+    var: docker_repository
-    when: ansible_architecture == item.system_arch
-    with_items:
-      - { system_arch: 'x86_64', apt_arch: 'amd64' }
-      - { system_arch: 'arm', apt_arch: 'armhf' }
 
-  - name: Printing Docker repository
+- name: Adding Docker repository
-    debug:
+  apt_repository:
-      var: docker_repository
+    repo: "{{ docker_repository }}"
+    state: present
+    update_cache: true
 
-  - name: Adding Docker repository
+- name: Install Docker.
-    apt_repository:
+  package:
-      repo: "{{ docker_repository }}"
+    name: docker-ce
-      state: present
+    state: present
-      filename: 'docker'
+  notify: restart docker
 
-  - name: Explicitly create docker0
+- name: Ensure containerd service dir exists.
-    shell: |
+  file:
-      ip link add name docker0 type bridge || true
+    path: /etc/systemd/system/containerd.service.d
-      ip addr add dev docker0 172.17.0.1/16 || true
+    state: directory
-    changed_when: no
 
-  - name: Install docker-ce
+- name: Add shim to ensure Docker can start in all environments.
-    apt:
+  template:
-      name: docker-ce={{ docker_version }}
+    src: override.conf.j2
-      update_cache: yes
+    dest: /etc/systemd/system/containerd.service.d/override.conf
-    register: result
+  register: override_template
-    retries: 3
-    until: result is success
 
-  - name: Pin docker-ce release
+- name: Reload systemd daemon if template is changed.
-    copy:
+  systemd:
-      dest: /etc/apt/preferences.d/docker-ce
+    daemon_reload: true
-      content: |
+  when: override_template is changed
-        Package: docker-ce
-        Pin: version {{ docker_version }}
-        Pin-Priority: 1002
 
-  - name: Fixing systemd unit for Docker config file
+- name: Ensure Docker is started and enabled at boot.
-    template:
+  service:
-      src: docker.service.j2
+    name: docker
-      dest: /lib/systemd/system/docker.service
+    state: started
-    notify: reload systemd
+    enabled: true
 
-  - name: Create docker config directory
+- name: Ensure handlers are notified now to avoid firewall conflicts.
-    file:
+  meta: flush_handlers
-      path: /etc/docker
-      mode: 0700
-      recurse: yes
 
-  - name: Templating /etc/docker/daemon.json
+- name: Install python3-pip
-    template:
+  apt:
-      src: daemon.json.j2
+    name: python3-pip
-      dest: /etc/docker/daemon.json
+    state: latest
-    notify: restart docker
+    cache_valid_time: 86400
+  register: result
+  retries: 3
+  until: result is success
 
-  - name: Flushing handlers 2
-    meta: flush_handlers
 
-  - name: Getting Docker version
+- name: Install docker-compose package dependencies
-    shell: "docker --version"
+  apt:
-    register: docker_version
+    state: latest
-    changed_when: no
+    name: python3-setuptools
+    update_cache: yes
+    cache_valid_time: 86400
+  register: result
+  retries: 3
+  until: result is success
 
-  - name: Install python3-pip
+- name: Install docker-compose
-    apt:
+  pip:
-      name: python3-pip
+    name: docker-compose
-      state: latest
-      cache_valid_time: 3600
-    register: result
-    retries: 3
-    until: result is success
-
-  - name: Install docker-compose
-    pip:
-      name: docker-compose
-
-  - name: Printing Docker version
-    debug: var=docker_version
-
-  when: ansible_distribution == "Ubuntu"

roles/docker/templates/daemon.json.j2

@@ -1,3 +0,0 @@
-{
-  "experimental": true
-}

roles/docker/templates/docker.service.j2

@@ -1,37 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network-online.target docker.socket firewalld.service
-Wants=network-online.target
-Requires=docker.socket
-
-[Service]
-Type=notify
-# the default is not to use systemd for cgroups because the delegate issues still
-# exists and systemd currently does not support the cgroup feature set required
-# for containers run by docker
-ExecStart=/usr/bin/dockerd --config-file {{ docker_daemon_config }} -H fd://
-ExecReload=/bin/kill -s HUP $MAINPID
-LimitNOFILE=1048576
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNPROC=infinity
-LimitCORE=infinity
-# Uncomment TasksMax if your systemd version supports it.
-# Only systemd 226 and above support this version.
-TasksMax=infinity
-TimeoutStartSec=0
-# set delegate yes so that systemd does not reset the cgroups of docker containers
-Delegate=yes
-# kill only the docker process, not all processes in the cgroup
-KillMode=process
-# restart the docker process if it exits prematurely
-Restart=on-failure
-StartLimitBurst=3
-StartLimitInterval=60s
-Environment="NO_PROXY=https://cp-par1.scaleway.com,https://cp-ams1.scaleway.com,https://account.scaleway.com,http://169.254.42.42,192.168.66.0/24"
-Environment="DOCKER_OPTS=--iptables=false --ip-masq=false"
-
-[Install]
-WantedBy=multi-user.target
-

roles/docker/templates/override.conf.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+[Service]
+ExecStartPre=

roles/emby-docker/tasks/main.yml

@@ -1,5 +1,9 @@
 ---
 - name: Copy emby config
-  copy: src=emby dest={{docker_compose_files_folder}}
+  copy:
+    src: emby
+    dest: "{{docker_compose_files_folder}}"
 - name: Start emby docker project
-  docker_service: project_src={{docker_compose_files_folder}}/emby state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/emby"
+    state: present

roles/gitlab-docker/tasks/main.yml

@@ -1,27 +1,45 @@
 ---
 - name: Copy docker-compose.yml
-  copy: src=gitlab dest={{docker_compose_files_folder}}
+  copy:
+    src: gitlab
+    dest: "{{docker_compose_files_folder}}"
+
 - name: Create gitlab config folder
-  file: dest={{docker_compose_files_folder}}/gitlab/config state=directory
+  file:
+    dest: "{{docker_compose_files_folder}}/gitlab/config"
+    state: directory
+
 - name: Create gitlab config
-  template: src=gitlab/config/gitlab.rb dest={{docker_compose_files_folder}}/gitlab/config/gitlab.rb
+  template:
+    src: gitlab/config/gitlab.rb
+    dest: "{{docker_compose_files_folder}}/gitlab/config/gitlab.rb"
+
 - name: Start gitlab docker project
-  docker_service: project_src={{docker_compose_files_folder}}/gitlab state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/gitlab"
+    state: present
+
 - name: Find Gitlab user repositories
-  find: paths=/var/lib/gitlab/git-data/repositories/ file_type=directory patterns="*"
+  find:
+    paths: /var/lib/gitlab/git-data/repositories/
+    file_type: directory
+    patterns: "*"
   register: gitlab_users_repos
+
 - name: Get Gitlab git user id
   command: docker-compose exec -T gitlab id -u git
   args:
       chdir: "{{docker_compose_files_folder}}/gitlab/"
   register: gitlab_git_uid
   when: gitlab_users_repos.matched|int == 0
+
 - name: Wait for Gitlab to be installed
   wait_for:
     path: /var/lib/gitlab/postgres-exporter/
     state: present
     timeout: 600
   when: gitlab_users_repos.matched|int == 0
+
 - name: Restore backup if no users are found
   script: restore-backup.sh {{gitlab_git_uid.stdout}}
   register: gitlab_backup_restore

roles/mailu-docker/files/mailu/docker-compose.yml

@@ -9,7 +9,7 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 172.22.0.0/16
+        - subnet: 192.168.64.0/20
 
 services:
   front:
@@ -53,7 +53,7 @@ services:
     env_file: .env
     networks:
       default:
-        ipv4_address: 172.22.255.254
+        ipv4_address: 192.168.64.254
 
   admin:
     image: mailu/admin:$VERSION
@@ -87,7 +87,7 @@ services:
       - front
       - resolver
     dns:
-      - 172.22.255.254
+      - 192.168.64.254
 
   antispam:
     image: mailu/rspamd:$VERSION
@@ -101,7 +101,7 @@ services:
       - front
       - resolver
     dns:
-      - 172.22.255.254
+      - 192.168.64.254
 
   fetchmail:
     image: mailu/fetchmail:$VERSION
@@ -110,7 +110,7 @@ services:
     depends_on:
       - resolver
     dns:
-      - 172.22.255.254
+      - 192.168.64.254
 
   webmail:
     image: mailu/rainloop

roles/mailu-docker/files/mailu/overrides/postfix.cf

@@ -1,2 +1 @@
-
 #debug_peer_list = 172.22.0.1

roles/mailu-docker/tasks/main.yml

@@ -1,7 +1,13 @@
 ---
 - name: Copy mailu config
-  copy: src=mailu dest={{docker_compose_files_folder}}
+  copy:
+    src: mailu
+    dest: "{{docker_compose_files_folder}}"
 - name: Create mailu config
-  template: src=mailu/.env dest={{docker_compose_files_folder}}/mailu/.env
+  template:
+    src: mailu/.env
+    dest: "{{docker_compose_files_folder}}/mailu/.env"
 - name: Start mailu docker project
-  docker_service: project_src={{docker_compose_files_folder}}/mailu state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/mailu"
+    state: present

roles/mailu-docker/templates/mailu/.env

@@ -17,7 +17,7 @@ SECRET_KEY={{mailu_secret_key}}
 BIND_ADDRESS4=0.0.0.0
 
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!
-SUBNET=172.22.0.0/16
+SUBNET=192.168.64.0/20
 
 # Main mail domain
 DOMAIN=banditlair.com
@@ -64,7 +64,7 @@ MESSAGE_SIZE_LIMIT=50000000
 
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
-RELAYNETS=172.22.0.0/16
+RELAYNETS=192.168.64.0/20
 
 # Will relay all outgoing mails if configured
 RELAYHOST=

roles/matrix-docker/files/matrix/docker-compose.yml

@@ -33,6 +33,8 @@ services:
       - /var/log/synapse:/data/log
       - ./synapse:/data
       - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      - db
     networks:
       - matrix
       - web

roles/matrix-docker/tasks/main.yml

@@ -3,13 +3,16 @@
   copy:
     src: matrix
     dest: "{{docker_compose_files_folder}}"
+
 - name: Create matrix-network docker network
   docker_network:
     name: matrix-network
+
 - name: Start matrix docker project
-  docker_service:
+  docker_compose:
     project_src: "{{docker_compose_files_folder}}/matrix"
     state: present
+
 - name: Wait for database to start and count matrix users
   shell: docker-compose exec -T db psql -U synapse synapse -c "select count(*) from users;" -t
   args:
@@ -18,6 +21,7 @@
   until: matrix_users_count.rc == 0
   retries: 10
   changed_when: false
+
 - name: Restore Matrix database if needed
   command: docker-compose exec -T db sh -c "psql -U synapse synapse < /backups/database.dmp"
   args:

roles/monit/templates/monitrc

@@ -352,7 +352,7 @@ check host transmission with address transmission.banditlair.com
         with timeout 20 seconds 
     then alert
 
-check host rpg-wiki with address rpg.banditlair.com
+check host anderia-wiki with address anderia.banditlair.com
     if failed port 443 protocol https with timeout 20 seconds then alert
 ###############################################################################
 ## Includes

roles/murmur-docker/tasks/main.yml

@@ -1,9 +1,19 @@
 ---
 - name: Copy murmur config
-  copy: src=murmur dest={{docker_compose_files_folder}}
+  copy:
+    src: murmur
+    dest: "{{docker_compose_files_folder}}"
 - name: Create murmur data folder
-  file: dest=/var/lib/murmur state=directory
+  file:
+    dest: /var/lib/murmur
+    state: directory
 - name: Copy murmur database
-  copy: src=/backups/murmur/murmur.sqlite dest=/var/lib/murmur/ force=no remote_src=yes
+  copy:
+    src: /backups/murmur/murmur.sqlite
+    dest: /var/lib/murmur/
+    force: no
+    remote_src: yes
 - name: Start murmur docker project
-  docker_service: project_src={{docker_compose_files_folder}}/murmur state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/murmur"
+    state: present

roles/nextcloud-docker/tasks/main.yml

@@ -3,10 +3,12 @@
   copy:
     src: nextcloud
     dest: "{{docker_compose_files_folder}}"
+
 - name: Create .env
   template:
     src: nextcloud/.env
     dest: "{{docker_compose_files_folder}}/nextcloud/.env"
+
 - name: Create nextcloud config
   template:
     src: nextcloud/config/{{item}}
@@ -15,20 +17,23 @@
     - base.config.php
     - database.config.php
     - mail.config.php
+
 - name: Change config folder owner to http
   file:
     path: "{{docker_compose_files_folder}}/nextcloud/config"
-    owner: 33
+    owner: "33"
-    group: 33
+    group: "33"
     recurse: yes
+
 - name: Build and start nextcloud docker project
-  docker_service:
+  docker_compose:
     project_src: "{{docker_compose_files_folder}}/nextcloud"
     build: yes
     pull: yes
     state: present
+
 - name: Check if database tables exist
-  command: docker-compose exec -T db mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud -e "show tables;"
+  command: docker-compose exec -T postgres psql -U nextcloud nextcloud -c "\dt"
   args:
       chdir: "{{docker_compose_files_folder}}/nextcloud/"
   register: db_tables_exist
@@ -36,8 +41,9 @@
   delay: 10
   until: db_tables_exist.rc == 0
   changed_when: no
+
 - name: Restore Nextcloud database
-  command: docker-compose exec -T db sh -c "mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud < /backups/database.dmp"
+  command: docker-compose exec -T postgres sh -c "psql -U nextcloud nextcloud < /backups/database.dmp"
   args:
     chdir: "{{docker_compose_files_folder}}/nextcloud/"
   when: db_tables_exist.stdout_lines|length == 0

roles/scripts/files/proxyFirewall.sh

@@ -9,20 +9,29 @@ iptables -X
 
 echo 1 > /proc/sys/net/ipv4/ip_forward
 
-PORTS_TO_FORWARD_TCP="25 53 80 110 143 443 465 587 993 995 2224 3478 8008 8448 27015 64738"
+PORTS_TO_FORWARD_TCP_STORAGE="53 80 143 443 2224 3478 8008 8448 27015 64738"
-PORTS_TO_FORWARD_UDP="53 34197 64738"
+PORTS_TO_FORWARD_UDP_STORAGE="53 34197 64738"
-#DESTINATION_IP="212.83.165.111"
+PORTS_TO_FORWARD_TCP_MAIL="25 110 143 465 587 993 995"
-DESTINATION_IP="5.9.66.49"
 
-for port in `echo $PORTS_TO_FORWARD_TCP`
+DESTINATION_IP_STORAGE="5.9.66.49"
+DESTINATION_IP_MAIL="5.9.66.49"
+
+for port in `echo $PORTS_TO_FORWARD_TCP_STORAGE`
 do
-	iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP}
+	iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
-	iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
+	iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
 done
 
-for port in `echo $PORTS_TO_FORWARD_UDP`
+for port in `echo $PORTS_TO_FORWARD_UDP_STORAGE`
 do
-	iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP}
+	iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_STORAGE}
-	iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
+	iptables -A FORWARD -d ${DESTINATION_IP_STORAGE}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
 done
+
+for port in `echo $PORTS_TO_FORWARD_TCP_MAIL`
+do
+	iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP_MAIL}
+	iptables -A FORWARD -d ${DESTINATION_IP_MAIL}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
+done
+
 iptables -t nat -A POSTROUTING -j MASQUERADE

roles/scripts/templates/syncData.sh

@@ -2,10 +2,11 @@
 
 set -e
 
-SOURCE_HOST=195.154.134.7
+SOURCE_HOST=5.9.66.49
 
+{% if inventory_hostname in (groups['storage']) %}
 #Sync Media
-rsync -aAvh --progress root@${SOURCE_HOST}:/media/ /data --delete
+rsync -aAvh --progress root@${SOURCE_HOST}:/data/ /data --delete
 
 #Sync Backups
 rsync -aAvh --progress root@${SOURCE_HOST}:/backups/ /backups --delete
@@ -19,14 +20,12 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/transmission/ /var/lib/trans
 mkdir -p {{docker_compose_files_folder}}/emby
 rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/emby/config/ {{docker_compose_files_folder}}/emby/config --exclude "transcoding-temp"  --delete
 
-#Sync Mailu
-rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
-
 #Sync matrix
 mkdir -p {{docker_compose_files_folder}}/matrix
 mkdir -p /var/lib/matrix
 rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/matrix/synapse/ {{docker_compose_files_folder}}/matrix/synapse --delete
 rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/matrix/media_store/ /var/lib/matrix/media_store --delete
+rsync -aAvh --progress root@${SOURCE_HOST}:/var/log/synapse/ /var/log/synapse --delete
 
 #Sync nextcloud
 mkdir -p {{docker_compose_files_folder}}/nextcloud/config
@@ -47,3 +46,10 @@ rsync -aAvh --progress root@${SOURCE_HOST}:/opt/factorio/ /opt/factorio --delete
 #Sync STB wordpress
 mkdir -p /var/lib/stb
 rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/stb/ /var/lib/stb --delete
+rsync -aAvh --progress root@${SOURCE_HOST}:{{docker_compose_files_folder_previous_server}}/stb/ {{docker_compose_files_folder}}/stb --delete
+{% endif %}
+
+{% if inventory_hostname in (groups['mail']) %}
+#Sync Mailu
+rsync -aAvh --progress root@${SOURCE_HOST}:/var/lib/mailu/ /var/lib/mailu --delete
+{% endif %}

roles/searx-docker/tasks/main.yml

@@ -1,5 +1,10 @@
 ---
 - name: Copy searx config
-  copy: src=searx dest={{docker_compose_files_folder}}
+  copy:
+    src: searx
+    dest: "{{docker_compose_files_folder}}"
+
 - name: Start searx docker project
-  docker_service: project_src={{docker_compose_files_folder}}/searx state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/searx"
+    state: present

roles/stb-wordpress-docker/tasks/main.yml

@@ -3,22 +3,27 @@
   file:
     state: directory
     dest: "{{docker_compose_files_folder}}/stb"
+
 - name: Copy STB docker-compose
   copy:
     src: docker-compose.yml
     dest: "{{docker_compose_files_folder}}/stb/"
+
 - name: Copy php upload config
   copy:
     src: uploads.ini
     dest: "{{docker_compose_files_folder}}/stb/"
+
 - name: Create .env
   template:
     src: .env
     dest: "{{docker_compose_files_folder}}/stb/.env"
+
 - name: Pull and start docker project
-  docker_service:
+  docker_compose:
     project_src: "{{docker_compose_files_folder}}/stb"
     state: present
+
 - name: Check if database tables exist
   command: docker-compose exec -T db mysql -u stb -p{{stb_mysql_password}} stb -e "show tables;"
   args:
@@ -28,6 +33,7 @@
   delay: 10
   until: db_tables_exist.rc == 0
   changed_when: no
+
 - name: Restore STB database
   command: docker-compose exec -T db sh -c "mysql -u stb -p{{stb_mysql_password}} stb < /backups/database.dmp"
   args:

roles/torrent-docker/tasks/main.yml

@@ -8,6 +8,6 @@
     src: torrent/.env
     dest: "{{docker_compose_files_folder}}/torrent/.env"
 - name: Start torrent docker project
-  docker_service:
+  docker_compose:
     project_src: "{{docker_compose_files_folder}}/torrent"
     state: present

roles/traefik-proxy-docker/tasks/main.yml

@@ -1,12 +1,16 @@
 ---
-- name: Copy traefik config
+- name: Copy traefik files
-  copy: src=traefik dest={{docker_compose_files_folder}}
-- name: Create traefik .env
   template:
-    src: traefik/.env
+   src: "{{item}}"
-    dest: "{{docker_compose_files_folder}}/traefik/.env"
+   dest: "{{docker_compose_files_folder}}/traefik/{{item}}"
+  loop:
+    - .env
+    - docker-compose.yml
+    - data/traefik.toml
 - name: Create web docker network
   docker_network:
     name: web
 - name: Start traefik docker project
-  docker_compose: project_src={{docker_compose_files_folder}}/traefik state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/traefik"
+    state: present

roles/traefik-proxy-docker/templates/data/traefik.toml

@@ -23,7 +23,11 @@ dashboard = true
 
 [docker]
 endpoint = "unix:///var/run/docker.sock"
+{% if inventory_hostname in (groups['mail']) %}
+domain = "mail1.banditlair.com"
+{% else %}
 domain = "banditlair.com"
+{% endif %}
 watch = true
 exposedbydefault = false
 
@@ -37,8 +41,13 @@ KeyType = "RSA4096"
 entryPoint = "http"
 
 [[acme.domains]]
+{% if inventory_hostname in (groups['mail']) %}
+main = "mail1.banditlair.com"
+{% else %}
 main = "banditlair.com"
 sans = ["mail.banditlair.com"]
+{% endif %}
+
 
 [accessLog]
 filePath = "/var/log/traefik/access.log"

roles/traefik-proxy-docker/templates/docker-compose.yml

@@ -15,7 +15,7 @@ services:
     labels:
       - "traefik.backend=traefik"
       - "traefik.docker.network=web"
-      - "traefik.frontend.rule=Host:traefik.banditlair.com"
+      - "traefik.frontend.rule=Host:traefik.{{inventory_hostname}}.banditlair.com"
       - "traefik.enable=true"
       - "traefik.port=8080"
       - "traefik.default.protocol=http"

roles/wiki-docker/tasks/main.yml

@@ -1,5 +1,10 @@
 ---
 - name: Copy wiki config
-  copy: src=wiki dest={{docker_compose_files_folder}}
+  copy:
+    src: wiki
+    dest: "{{docker_compose_files_folder}}"
+
 - name: Start wiki docker project
-  docker_service: project_src={{docker_compose_files_folder}}/wiki state=present
+  docker_compose:
+    project_src: "{{docker_compose_files_folder}}/wiki"
+    state: present