mirror of
https://github.com/Crocmagnon/ansible.git
synced 2024-11-26 01:08:02 +01:00
Compare commits
No commits in common. "26fd453ce4af816b72e0d3dc507a134f7b0cda8b" and "63b419020100f29f2aa07610bf04db0dfa564869" have entirely different histories.
26fd453ce4
...
63b4190201
13 changed files with 185 additions and 41 deletions
|
@ -14,7 +14,7 @@
|
||||||
- import_playbook: manuels.yaml # noqa: name[play]
|
- import_playbook: manuels.yaml # noqa: name[play]
|
||||||
- import_playbook: media.yaml # noqa: name[play]
|
- import_playbook: media.yaml # noqa: name[play]
|
||||||
- import_playbook: miniflux.yaml # noqa: name[play]
|
- import_playbook: miniflux.yaml # noqa: name[play]
|
||||||
- import_playbook: nextcloud-aio.yaml # noqa: name[play]
|
- import_playbook: nextcloud.yaml # noqa: name[play]
|
||||||
- import_playbook: portainer.yaml # noqa: name[play]
|
- import_playbook: portainer.yaml # noqa: name[play]
|
||||||
- import_playbook: privatebin.yaml # noqa: name[play]
|
- import_playbook: privatebin.yaml # noqa: name[play]
|
||||||
- import_playbook: shortener.yaml # noqa: name[play]
|
- import_playbook: shortener.yaml # noqa: name[play]
|
||||||
|
|
|
@ -68,6 +68,14 @@ checkout.augendre.info {
|
||||||
|
|
||||||
cloud.augendre.info {
|
cloud.augendre.info {
|
||||||
import common_headers
|
import common_headers
|
||||||
|
route /push/* {
|
||||||
|
uri strip_prefix /push
|
||||||
|
reverse_proxy localhost:8004
|
||||||
|
}
|
||||||
|
# rewrite to suppress carddav/caldav warning
|
||||||
|
# in nextcloud settings
|
||||||
|
rewrite /.well-known/carddav /remote.php/dav/
|
||||||
|
rewrite /.well-known/caldav /remote.php/dav/
|
||||||
reverse_proxy localhost:8003
|
reverse_proxy localhost:8003
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,6 +129,19 @@ tcl.augendre.info {
|
||||||
reverse_proxy localhost:8013
|
reverse_proxy localhost:8013
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cloud-aio.augendre.info {
|
||||||
|
import common_headers
|
||||||
|
reverse_proxy localhost:8014
|
||||||
|
}
|
||||||
|
aio.augendre.info {
|
||||||
|
import common_headers
|
||||||
|
reverse_proxy https://localhost:8015 {
|
||||||
|
transport http {
|
||||||
|
tls_insecure_skip_verify
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
## Ghost blogs (ports >=2368)
|
## Ghost blogs (ports >=2368)
|
||||||
#########################################################
|
#########################################################
|
||||||
|
|
||||||
|
@ -257,22 +278,6 @@ display.augendre.info {
|
||||||
reverse_proxy localhost:9010
|
reverse_proxy localhost:9010
|
||||||
}
|
}
|
||||||
|
|
||||||
aio.augendre.info {
|
|
||||||
import common_headers
|
|
||||||
import internal
|
|
||||||
reverse_proxy https://localhost:9011 {
|
|
||||||
transport http {
|
|
||||||
tls_insecure_skip_verify
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
cloud-old.augendre.info {
|
|
||||||
import common_headers
|
|
||||||
import internal
|
|
||||||
reverse_proxy localhost:9999
|
|
||||||
}
|
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
# REDIRECTS
|
# REDIRECTS
|
||||||
#########################################################
|
#########################################################
|
||||||
|
|
|
@ -22,4 +22,3 @@ prometheus_data
|
||||||
.es_temp_file
|
.es_temp_file
|
||||||
timemachine
|
timemachine
|
||||||
elastic_data
|
elastic_data
|
||||||
nextcloud-aio
|
|
||||||
|
|
|
@ -5,28 +5,11 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
|
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
|
||||||
environment:
|
environment:
|
||||||
APACHE_PORT: 8003
|
APACHE_PORT: 8014
|
||||||
APACHE_IP_BINDING: 127.0.0.1
|
APACHE_IP_BINDING: 127.0.0.1
|
||||||
NEXTCLOUD_DATADIR: /mnt/data/nextcloud-aio/nextcloud_data
|
NEXTCLOUD_DATADIR: /mnt/data/nextcloud-aio/nextcloud_data
|
||||||
NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
|
|
||||||
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
|
|
||||||
# BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
|
|
||||||
# COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
|
|
||||||
# NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
|
|
||||||
# NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
|
|
||||||
# NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
|
|
||||||
# NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
|
|
||||||
# NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
|
|
||||||
# NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
|
|
||||||
# NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
|
|
||||||
# NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
|
|
||||||
# NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
|
|
||||||
# TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
|
|
||||||
# WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
|
|
||||||
# security_opt: ["label:disable"] # Is needed when using SELinux
|
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
- "9011:8080"
|
- "8015:8080"
|
||||||
restart: always
|
restart: always
|
||||||
container_name: nextcloud-aio-mastercontainer
|
container_name: nextcloud-aio-mastercontainer
|
||||||
init: true
|
init: true
|
||||||
|
|
12
playbooks/apps/files/nextcloud/README.md
Normal file
12
playbooks/apps/files/nextcloud/README.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
To get help: `occ help <command>`
|
||||||
|
To list commands: `occ list`
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
Rescan file for modifications that happened outside nextcloud (e.g. on the filesystem directly).
|
||||||
|
|
||||||
|
```bash
|
||||||
|
/usr/bin/docker-compose -f /home/gaugendre/nextcloud/docker-compose.yaml exec --user www-data nextcloud php occ files:scan -p gaugendre/files/Photos
|
||||||
|
```
|
||||||
|
|
||||||
|
Calling `files:scan` without arguments will scan all files for all users. This may take a very long time.
|
||||||
|
Scope to a user or a path instead.
|
89
playbooks/apps/files/nextcloud/docker-compose.yaml
Normal file
89
playbooks/apps/files/nextcloud/docker-compose.yaml
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
services:
|
||||||
|
nextcloud:
|
||||||
|
build:
|
||||||
|
context: nextcloud_build
|
||||||
|
pull: true
|
||||||
|
image: nextcloud_local
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- "8003:80"
|
||||||
|
volumes:
|
||||||
|
- ./nextcloud_data:/var/www/html
|
||||||
|
env_file: nextcloud.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
mem_limit: 1g
|
||||||
|
cpus: 3
|
||||||
|
fulltextsearchindex:
|
||||||
|
build:
|
||||||
|
context: nextcloud_build
|
||||||
|
pull: true
|
||||||
|
image: nextcloud_local
|
||||||
|
restart: always
|
||||||
|
working_dir: /var/www/html
|
||||||
|
command: /var/www/html/occ fulltextsearch:live -q
|
||||||
|
user: '33:33'
|
||||||
|
volumes:
|
||||||
|
- ./nextcloud_data:/var/www/html
|
||||||
|
env_file: nextcloud.env
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- elasticsearch
|
||||||
|
mem_limit: 100m
|
||||||
|
cpus: 1
|
||||||
|
notify_push:
|
||||||
|
build:
|
||||||
|
context: nextcloud_build
|
||||||
|
pull: true
|
||||||
|
image: nextcloud_local
|
||||||
|
working_dir: /var/www/html/config
|
||||||
|
command: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push config.php
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ./nextcloud_data:/var/www/html:ro
|
||||||
|
env_file: nextcloud.env
|
||||||
|
environment:
|
||||||
|
RUST_BACKTRACE: full
|
||||||
|
COLORBT_SHOW_HIDDEN: 1
|
||||||
|
# NEXTCLOUD_URL: http://nextcloud/
|
||||||
|
depends_on:
|
||||||
|
- nextcloud
|
||||||
|
ports:
|
||||||
|
- "8004:7867"
|
||||||
|
mem_limit: 150m
|
||||||
|
db:
|
||||||
|
image: postgres:15
|
||||||
|
restart: always
|
||||||
|
env_file: postgres.env
|
||||||
|
volumes:
|
||||||
|
- ./db_data:/var/lib/postgresql/data
|
||||||
|
mem_limit: 1g
|
||||||
|
redis:
|
||||||
|
image: redis:7
|
||||||
|
restart: always
|
||||||
|
mem_limit: 150m
|
||||||
|
elasticsearch:
|
||||||
|
image: custom-elastic
|
||||||
|
build:
|
||||||
|
context: ./elasticsearch/
|
||||||
|
pull: true
|
||||||
|
args:
|
||||||
|
ELASTIC_VERSION: "8.9.2"
|
||||||
|
restart: always
|
||||||
|
env_file: elasticsearch.env
|
||||||
|
mem_limit: 8g
|
||||||
|
volumes:
|
||||||
|
- ./elastic_data:/usr/share/elasticsearch/data
|
||||||
|
- ./elastic_backups:/backups
|
||||||
|
kibana:
|
||||||
|
image: docker.elastic.co/kibana/kibana:8.9.1
|
||||||
|
restart: always
|
||||||
|
env_file: kibana.env
|
||||||
|
ports:
|
||||||
|
- "9009:5601"
|
||||||
|
volumes:
|
||||||
|
- ./kibana_data:/usr/share/kibana/data
|
||||||
|
- ./elastic_backups:/backups
|
||||||
|
depends_on:
|
||||||
|
- elasticsearch
|
2
playbooks/apps/files/nextcloud/update
Executable file
2
playbooks/apps/files/nextcloud/update
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
docker compose build --pull elasticsearch nextcloud; docker compose pull kibana redis db; docker compose up -d
|
35
playbooks/apps/nextcloud.yaml
Normal file
35
playbooks/apps/nextcloud.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
- name: Nextcloud
|
||||||
|
hosts: servers
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Docker
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: docker
|
||||||
|
|
||||||
|
vars:
|
||||||
|
docker_app_name: nextcloud
|
||||||
|
elastic_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
64313934396132333838376166663339376237643937366632636637323330303933343166303536
|
||||||
|
3138643465363162666237663032663165313837643763620a346662613162353337313436346335
|
||||||
|
63323765626463613535326564643262646431616531396361393864356237383663646666643330
|
||||||
|
3230653437316139630a653362653732626565353636383965303235633536646331313938613539
|
||||||
|
61313532653930333564613461363937643930313334373665353066323737346664
|
||||||
|
kibana_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
66326232323830316662373432326633396462366365656232306330343531363935393835306263
|
||||||
|
3963323930343533353336386633313465386264366130610a376331643364363436306161373239
|
||||||
|
66333833373038393761626438646530373831666637366634643462343936386635633135663436
|
||||||
|
6435336238376132610a303230613730313164653633656432633433356465643839376434396339
|
||||||
|
37633034623438623561373634653737323963326137663964396362356339326461
|
||||||
|
postgres_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
33656534393864633765356638633666343931396439343133643966333534383430373561386539
|
||||||
|
3266316439626465386234636533656231333930356632390a336631376266653038383837613861
|
||||||
|
33666239333333363536363338343639653535666161643965643338363562333230646263303032
|
||||||
|
3861623231343265640a663030316336393230633734643036633738393837353735313335343535
|
||||||
|
63383663363366336236653361623732383135333037613432393466626632353830323063663838
|
||||||
|
61333133303962363931633637646237343433303361656232653038323935623932333836663535
|
||||||
|
38613534316332393364363034366535373037373861363736613639656362643564393932356465
|
||||||
|
65626462626363633930
|
6
playbooks/apps/templates/nextcloud/elasticsearch.env.j2
Normal file
6
playbooks/apps/templates/nextcloud/elasticsearch.env.j2
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
discovery.type=single-node
|
||||||
|
xpack.security.enabled=true
|
||||||
|
ES_JAVA_OPTS=-Xms2g -Xmx2g
|
||||||
|
ELASTIC_PASSWORD={{ elastic_password }}
|
||||||
|
KIBANA_PASSWORD={{ kibana_password }}
|
||||||
|
path.repo=/backups
|
3
playbooks/apps/templates/nextcloud/kibana.env.j2
Normal file
3
playbooks/apps/templates/nextcloud/kibana.env.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
ELASTICSEARCH_HOSTS=http://elasticsearch:9200
|
||||||
|
ELASTICSEARCH_USERNAME=kibana_system
|
||||||
|
ELASTICSEARCH_PASSWORD={{ kibana_password }}
|
12
playbooks/apps/templates/nextcloud/nextcloud.env.j2
Normal file
12
playbooks/apps/templates/nextcloud/nextcloud.env.j2
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
POSTGRES_DB=nextcloud
|
||||||
|
POSTGRES_USER=nextcloud
|
||||||
|
POSTGRES_PASSWORD={{ postgres_password }}
|
||||||
|
POSTGRES_HOST=db
|
||||||
|
|
||||||
|
NEXTCLOUD_TRUSTED_DOMAINS=cloud.augendre.info
|
||||||
|
|
||||||
|
REDIS_HOST=redis
|
||||||
|
OVERWRITEHOST=cloud.augendre.info
|
||||||
|
OVERWRITEPROTOCOL=https
|
||||||
|
TRUSTED_PROXIES=172.0.0.0/8
|
||||||
|
APACHE_DISABLE_REWRITE_IP=1
|
2
playbooks/apps/templates/nextcloud/postgres.env.j2
Normal file
2
playbooks/apps/templates/nextcloud/postgres.env.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
POSTGRES_USER=nextcloud
|
||||||
|
POSTGRES_PASSWORD={{ postgres_password }}
|
|
@ -28,19 +28,16 @@
|
||||||
name: Nextcloud cron
|
name: Nextcloud cron
|
||||||
minute: "*/5"
|
minute: "*/5"
|
||||||
job: /mnt/data/bin/healthcheck nextcloud-cron /mnt/data/bin/nextcloud-cron
|
job: /mnt/data/bin/healthcheck nextcloud-cron /mnt/data/bin/nextcloud-cron
|
||||||
disabled: true
|
|
||||||
- name: Cron - Nextcloud preview
|
- name: Cron - Nextcloud preview
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
name: Nextcloud preview
|
name: Nextcloud preview
|
||||||
minute: "*/7"
|
minute: "*/7"
|
||||||
job: /mnt/data/bin/healthcheck nextcloud-preview /mnt/data/bin/nextcloud-preview
|
job: /mnt/data/bin/healthcheck nextcloud-preview /mnt/data/bin/nextcloud-preview
|
||||||
disabled: true
|
|
||||||
- name: Cron - Nextcloud update apps
|
- name: Cron - Nextcloud update apps
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
name: Nextcloud update apps
|
name: Nextcloud update apps
|
||||||
special_time: daily
|
special_time: daily
|
||||||
job: /mnt/data/bin/healthcheck nextcloud-auto-update /mnt/data/bin/nextcloud-auto-update
|
job: /mnt/data/bin/healthcheck nextcloud-auto-update /mnt/data/bin/nextcloud-auto-update
|
||||||
disabled: true
|
|
||||||
- name: Cron - Dump manuels
|
- name: Cron - Dump manuels
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
name: Dump manuels
|
name: Dump manuels
|
||||||
|
@ -56,7 +53,6 @@
|
||||||
name: Dump nextcloud
|
name: Dump nextcloud
|
||||||
minute: 52
|
minute: 52
|
||||||
job: /mnt/data/bin/healthcheck dump-nextcloud /mnt/data/bin/dump-nextcloud
|
job: /mnt/data/bin/healthcheck dump-nextcloud /mnt/data/bin/dump-nextcloud
|
||||||
disabled: true
|
|
||||||
- name: Cron - Dump voyages.coccomagnard.fr
|
- name: Cron - Dump voyages.coccomagnard.fr
|
||||||
ansible.builtin.cron:
|
ansible.builtin.cron:
|
||||||
name: Dump voyages.coccomagnard.fr
|
name: Dump voyages.coccomagnard.fr
|
||||||
|
|
Loading…
Reference in a new issue