diff --git a/verwaltung/docker_mysql/tasks/main.yml b/verwaltung/docker_mysql/tasks/main.yml index 72ab895fd7edfb1175cbffaef9aeed739f2e4fc9..d121017341e81c8107210d265fc20cee1261dc74 100644 --- a/verwaltung/docker_mysql/tasks/main.yml +++ b/verwaltung/docker_mysql/tasks/main.yml @@ -1,25 +1,24 @@ --- -# Get secrets +# Get secrets - include: ../functions/get_secret.yml with_items: - { path: /srv/mysql/mysql_root_pw, length: 24 } - { path: /srv/mysql/mysql_user_pw, length: 12 } - name: create folder struct for mysql - file: - path: "/srv/mysql/db/" + file: + path: "/srv/mysql/db/" state: "directory" - + - name: Konfig-Dateien erstellen - template: - src: "{{item}}" + template: + src: "{{item}}" dest: "/srv/mysql/{{item}}" with_items: - "docker-compose.yml" - "tuning.cnf" -- name: start mysql docker - docker_service: - project_src: /srv/mysql/ - state: present - +# - name: start mysql docker +# docker_service: +# project_src: /srv/mysql/ +# state: present diff --git a/warpsrvint/docker_grafana/tasks/main.yml b/warpsrvint/docker_grafana/tasks/main.yml index ad7b0bf6ca6017c1594c13ea055f7a7de6739aaa..036f5cf42c9b131c2ca1b54b66487bd86e9349b3 100644 --- a/warpsrvint/docker_grafana/tasks/main.yml +++ b/warpsrvint/docker_grafana/tasks/main.yml @@ -1,5 +1,5 @@ --- -# Get secrets +# Get secrets - include_tasks: ../functions/get_secret.yml with_items: - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } @@ -26,13 +26,13 @@ src: "docker-compose.yml" dest: "/srv/grafana/docker-compose.yml" -- name: start grafana docker - docker_service: - project_src: /srv/grafana/ - state: absent - when: config.changed +# - name: start grafana docker +# docker_service: +# project_src: /srv/grafana/ +# state: absent +# when: config.changed -- name: start grafana docker - docker_service: - project_src: /srv/grafana/ - state: present +# - name: start grafana docker +# docker_service: +# project_src: /srv/grafana/ +# state: present diff --git a/warpsrvint/docker_l4z0r/tasks/main.yml b/warpsrvint/docker_l4z0r/tasks/main.yml index 429fe058dd5f9d0355d2068b44471be9c92c134a..78ce8b1146ed5a3fdf1fbf01deadb6f5284e0327 100644 --- a/warpsrvint/docker_l4z0r/tasks/main.yml +++ b/warpsrvint/docker_l4z0r/tasks/main.yml @@ -9,7 +9,7 @@ - "/srv/l4z0r" - "/srv/l4z0r/db" -# Get secrets +# Get secrets - include_tasks: ../functions/get_secret.yml with_items: - { path: /srv/l4z0r/mysql_root_pw, length: 24 } @@ -21,8 +21,8 @@ src: "docker-compose.yml" dest: "/srv/l4z0r/docker-compose.yml" -# Start containers -- name: start l4z0r docker - docker_service: - project_src: /srv/l4z0r/ - state: present +# # Start containers +# - name: start l4z0r docker +# docker_service: +# project_src: /srv/l4z0r/ +# state: present diff --git a/warpsrvint/docker_nodered/tasks/main.yml b/warpsrvint/docker_nodered/tasks/main.yml index 3e8bbb68223fcf4092d581b27f568328ae528e77..819b5e7195da4027bdf203f57ee8ce3e0189c383 100644 --- a/warpsrvint/docker_nodered/tasks/main.yml +++ b/warpsrvint/docker_nodered/tasks/main.yml @@ -14,12 +14,3 @@ community.docker.docker_compose: state: present project_src: /srv/nodered - -- name: install nodered modules - command: docker exec nodered-app /bin/bash -c 'npm install node-red-dashboard' - register: nodered_install - -- debug: msg="{{ nodered_install.stdout | default('check run') }}" - -- name: restart nodered container - command: docker restart nodered-app diff --git a/warpsrvint/docker_nodered/templates/docker-compose.yml b/warpsrvint/docker_nodered/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..849a080c5fe72ce215e4f5017af83f71bbc98211 --- /dev/null +++ b/warpsrvint/docker_nodered/templates/docker-compose.yml @@ -0,0 +1,22 @@ +################################################################################ +# Node-RED Stack or Compose +################################################################################ +# docker stack deploy node-red --compose-file docker-compose-node-red.yml +# docker-compose -f docker-compose-node-red.yml -p myNoderedProject up +################################################################################ +version: "3" + +services: + node-red: + image: nodered/node-red:1.3.5 + environment: + - TZ=Europe/Amsterdam + ports: + - "1880:1880" + networks: + - node-red-net + volumes: + - /srv/nodered/data:/data + +networks: + node-red-net: diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml index 0d69e3f2a4d2de7f46f4abf3f1c0ce20171d9fa3..e9f686dfc493b69d1f9da9b3df261902ca76af57 100644 --- a/webserver/docker_hackmd/tasks/main.yml +++ b/webserver/docker_hackmd/tasks/main.yml @@ -26,7 +26,7 @@ - mysql-utf8.cnf # TODO: [DEPRECATION WARNING]: The 'docker_service' module has been renamed to 'docker_compose'.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. -- name: start hackmd docker - docker_service: - project_src: /srv/hackmd/ - state: present +# - name: start hackmd docker +# docker_service: +# project_src: /srv/hackmd/ +# state: present diff --git a/webserver/docker_jabber_test/groups.txt b/webserver/docker_jabber_test/groups.txt deleted file mode 100644 index 94684f98f8f1402baf1f086a1393acc89b2cf20f..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/groups.txt +++ /dev/null @@ -1,43 +0,0 @@ -[warpzone-member] -0xf02d@jabber.warpzone.ms=0xf02d -bIGmAC@jabber.warpzone.ms=bIGmAC -CanisLupus@jabber.warpzone.ms=CanisLupus -citeq@jabber.warpzone.ms=citeq -commander1024@jabber.warpzone.ms=commander1024 -crnf87@jabber.warpzone.ms=crnf87 -da1l6@jabber.warpzone.ms=da1l6 -drops@jabber.warpzone.ms=drops -Dunstkreis@jabber.warpzone.ms=Dunstkreis -ennox@jabber.warpzone.ms=ennox -fanlin@jabber.warpzone.ms=fanlin -fusselkater@jabber.warpzone.ms=fusselkater -Gregor@jabber.warpzone.ms=Gregor -heliotto@jabber.warpzone.ms=heliotto -janhenrik@jabber.warpzone.ms=janhenrik -julian@jabber.warpzone.ms=julian -larsm@jabber.warpzone.ms=larsm -MacGoever@jabber.warpzone.ms=MacGoever -marius@jabber.warpzone.ms=marius -MissInformation@jabber.warpzone.ms=MissInformation -nicowde@jabber.warpzone.ms=nicowde -ole@jabber.warpzone.ms=ole -philipp@jabber.warpzone.ms=philipp -sandzwerg@jabber.warpzone.ms=sandzwerg -Schneemann@jabber.warpzone.ms=Schneemann -shell@jabber.warpzone.ms=shell -StuC@jabber.warpzone.ms=StuC -supervirus@jabber.warpzone.ms=supervirus -tappser@jabber.warpzone.ms=tappser -user_51@jabber.warpzone.ms=user_51 -void@jabber.warpzone.ms=void -dray@jabber.warpzone.ms=dray -pkirchner@jabber.warpzone.ms=pkirchner -alucardo@jabber.warpzone.ms=alucardo -3d@jabber.warpzone.ms=3d -frednet@jabber.warpzone.ms=frednet -kgbvax@jabber.warpzone.ms=kgbvax -orgun@jabber.warpzone.ms=orgun -Bahnpirat@jabber.warpzone.ms=Bahnpirat -Nick@jabber.warpzone.ms=Nick -Thunfisch@jabber.warpzone.ms=Thunfisch -do2jha@jabber.warpzone.ms=do2jha diff --git a/webserver/docker_jabber_test/tasks/main.yaml b/webserver/docker_jabber_test/tasks/main.yaml deleted file mode 100644 index de49fc58e36f77e5abcfd843b4e284a54e59ae27..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/tasks/main.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# Create folders -- name: create folder struct for jabber_test - file: - path: "{{ item }}" - state: "directory" - with_items: - - "/srv/jabber_test/" - - "/srv/jabber_test/etc" - -- name: create folder struct for jabber_test 2 - file: - path: "{{ item }}" - state: "directory" - owner: 102 - group: 106 - with_items: - - "/srv/jabber_test/logs" - - "/srv/jabber_test/data" - - "/srv/jabber_test/saslauthd" - -# Get secrets -- import_playbook: ../functions/get_secret.yml - with_items: - - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } - -# create files -- name: Docker Konfig-Datei erstellen - template: - src: "docker-compose.yml" - dest: "/srv/jabber_test/docker-compose.yml" - -- name: SASL Configs anlegen - template: - src: "{{item}}" - dest: "/srv/jabber_test/{{item}}" - with_items: - - "saslauthd.conf" - - "prosody.conf" - -- name: Prosody Config anlegen - template: - src: "prosody.cfg.lua" - dest: "/srv/jabber_test/etc/prosody.cfg.lua" - -# start docker -- name: start jabber-test docker - docker_service: - project_src: /srv/jabber_test/ - state: present diff --git a/webserver/docker_jabber_test/templates/docker-compose.yml b/webserver/docker_jabber_test/templates/docker-compose.yml deleted file mode 100644 index d8747006644a75d7979d15199cedce5e7ed3fd6d..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/templates/docker-compose.yml +++ /dev/null @@ -1,34 +0,0 @@ - -version: "3" - -services: - - auth: - - image: dweomer/saslauthd - restart: always - volumes: - - /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro - - /srv/jabber_test/saslauthd:/var/run/saslauthd - - app: - - image: prosody/prosody:0.11.7 - restart: always - ports: - - 25222:5222 - - 25269:5269 - volumes: - - /srv/jabber_test/etc:/etc/prosody - - /srv/jabber_test/logs:/var/log/prosody - - /srv/jabber_test/data:/var/lib/prosody - # mount the certificates created by lets encrypt - - /etc/letsencrypt/live/jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/jabber-test.warpzone.ms.key - - /etc/letsencrypt/live/jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/jabber-test.warpzone.ms.crt - - /etc/letsencrypt/live/muc.jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.key - - /etc/letsencrypt/live/muc.jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt - - /etc/letsencrypt/live/proxy.jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key - - /etc/letsencrypt/live/proxy.jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt - # sasl2 auth mounts - - /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf - - /srv/jabber_test/saslauthd:/var/run/saslauthd diff --git a/webserver/docker_jabber_test/templates/prosody.cfg.lua b/webserver/docker_jabber_test/templates/prosody.cfg.lua deleted file mode 100644 index e53d8a921b2152677f85825567bd94f81b67a5a9..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/templates/prosody.cfg.lua +++ /dev/null @@ -1,207 +0,0 @@ ----------- Server-wide settings ---------- --- Settings in this section apply to the whole server and are the default settings --- for any virtual hosts - --- This is a (by default, empty) list of accounts that are admins --- for the server. Note that you must create the accounts separately --- (see https://prosody.im/doc/creating_accounts for info) --- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { "sandzwerg@jabber.warpzone.ms", "void@jabber.warpzone.ms" } - --- Enable use of libevent for better performance under high load --- For more information see: https://prosody.im/doc/libevent --- use_libevent = true - --- Prosody will always look in its source directory for modules, but --- this option allows you to specify additional locations where Prosody --- will look for modules first. For community modules, see https://modules.prosody.im/ ---plugin_paths = {} - --- This is the list of modules Prosody will load on startup. --- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. --- Documentation for bundled modules can be found at: https://prosody.im/doc/modules -modules_enabled = { - - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - - -- Not essential, but recommended - "carbons"; -- Keep multiple clients in sync - "pep"; -- Enables users to publish their mood, activity, playing music and more - "private"; -- Private XML storage (for room bookmarks, etc.) - "blocklist"; -- Allow users to block communications with other users - "vcard"; -- Allow users to set vCards - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "register"; -- Allow users to register on this server using a client and change passwords - --"mam"; -- Store messages in an archive and allow users to access it - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websocket"; -- XMPP over WebSockets - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - --"limits"; -- Enable bandwidth limiting for XMPP connections - "groups"; -- Shared roster support - --"server_contact_info"; -- Publish contact information for this service - "announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use -} - --- These modules are auto-loaded, but should you want --- to disable them then uncomment them here: -modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. -} - --- Disable account creation by default, for security --- For more information see https://prosody.im/doc/creating_accounts -allow_registration = false - --- Force clients to use encrypted connections? This option will --- prevent clients from authenticating unless they are using encryption. - -c2s_require_encryption = true - --- Force servers to use encrypted connections? This option will --- prevent servers from authenticating unless they are using encryption. --- Note that this is different from authentication - -s2s_require_encryption = true - - --- Force certificate authentication for server-to-server connections? --- This provides ideal security, but requires servers you communicate --- with to support encryption AND present valid, trusted certificates. --- NOTE: Your version of LuaSec must support certificate verification! --- For more information see https://prosody.im/doc/s2s#security - -s2s_secure_auth = false - --- Some servers have invalid or self-signed certificates. You can list --- remote domains here that will not be required to authenticate using --- certificates. They will be authenticated using DNS instead, even --- when s2s_secure_auth is enabled. - ---s2s_insecure_domains = { "insecure.example" } - --- Even if you leave s2s_secure_auth disabled, you can still require valid --- certificates for some domains by specifying a list here. - ---s2s_secure_domains = { "jabber.org" } - --- Select the authentication backend to use. The 'internal' providers --- use Prosody's configured data storage to store the authentication data. --- To allow Prosody to offer secure authentication mechanisms to clients, the --- default provider stores passwords in plaintext. If you do not trust your --- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed --- for information about using the hashed backend. - --- authentication = "internal_hashed" - -authentication = "cyrus" -cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp" - --- Select the storage backend to use. By default Prosody uses flat files --- in its configured data directory, but it also supports more backends --- through modules. An "sql" backend is included by default, but requires --- additional dependencies. See https://prosody.im/doc/storage for more info. - ---storage = "sql" -- Default is "internal" - --- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - - --- Archiving configuration --- If mod_mam is enabled, Prosody will store a copy of every message. This --- is used to synchronize conversations between multiple clients, even if --- they are offline. This setting controls how long Prosody will keep --- messages in the archive before removing them. - -archive_expires_after = "1w" -- Remove archived messages after 1 week - --- You can also configure messages to be stored in-memory only. For more --- archiving options, see https://prosody.im/doc/modules/mod_mam - --- Logging configuration --- For advanced logging see https://prosody.im/doc/logging -log = { - info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging - error = "/var/log/prosody/prosody.err"; - -- info = "*console"; -- Log to the console - "*console"; -- Log to the console, useful for debugging with daemonize=false - -- "*syslog"; -- Uncomment this for logging to syslog -} - --- Uncomment to enable statistics --- For more info see https://prosody.im/doc/statistics --- statistics = "internal" - --- Certificates --- Every virtual host and component needs a certificate so that clients and --- servers can securely verify its identity. Prosody will automatically load --- certificates/keys from the directory specified here. --- For more information, including how to use 'prosodyctl' to auto-import certificates --- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates - --- Location of directory to find certificates in (relative to main config file): -certificates = "certs" - ------------ Virtual hosts ----------- --- You need to add a VirtualHost entry for each domain you wish Prosody to serve. --- Settings under each VirtualHost entry apply *only* to that host. - -VirtualHost "jabber-test.warpzone.ms" - ---VirtualHost "example.com" --- certificate = "/path/to/example.crt" - ------- Components ------ --- You can specify components to add hosts that provide special services, --- like multi-user conferences, and transports. --- For more information on components, see https://prosody.im/doc/components - ---- Set up a MUC (multi-user chat) room server on conference.example.com: -Component "muc.jabber-test.warpzone.ms" "muc" - ---- Configure the proxy65 component which allows file transfers - Component "proxy.jabber-test.warpzone.ms" "proxy65" - ---- Configure where the groups are stated - groups_file = "/etc/prosody/groups.txt" - ---- Configure the posix module so it works with docker --- daemonize = false --- pidfile = "/tmp/prosody.pid" - ----Set up an external component (default component port is 5347) --- --- External components allow adding various services, such as gateways/ --- transports to other networks like ICQ, MSN and Yahoo. For more info --- see: https://prosody.im/doc/components#adding_an_external_component --- ---Component "gateway.example.com" --- component_secret = "password" diff --git a/webserver/docker_jabber_test/templates/prosody.conf b/webserver/docker_jabber_test/templates/prosody.conf deleted file mode 100644 index f2e18cef6e57ddb93121af0aef43b49af6bc1092..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/templates/prosody.conf +++ /dev/null @@ -1,2 +0,0 @@ -pwcheck_method: saslauthd -mech_list: PLAIN \ No newline at end of file diff --git a/webserver/docker_jabber_test/templates/saslauthd.conf b/webserver/docker_jabber_test/templates/saslauthd.conf deleted file mode 100644 index 875362abd679e4c47f2bd965b1d745a45719db08..0000000000000000000000000000000000000000 --- a/webserver/docker_jabber_test/templates/saslauthd.conf +++ /dev/null @@ -1,6 +0,0 @@ - -ldap_servers: ldap://{{ ldap_ip_ext }} -ldap_search_base: {{ ldap_base_dn }} -ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u)) -ldap_bind_dn: {{ ldap_readonly_bind_dn }} -ldap_password: {{ ldap_readonly_pass }} diff --git a/webserver/docker_warpapi/tasks/main.yml b/webserver/docker_warpapi/tasks/main.yml index de826e163b54949de9086bf7e12e3086643775d1..296f89973e893962bc6c8e8c9f5896454b24bffc 100644 --- a/webserver/docker_warpapi/tasks/main.yml +++ b/webserver/docker_warpapi/tasks/main.yml @@ -1,38 +1,37 @@ --- -- name: create folder struct for warpapi - file: - path: "/srv/warpapi" +- name: create folder struct for warpapi + file: + path: "/srv/warpapi" state: "directory" - + - name: clone repo - git: - repo: "https://gitlab.warpzone.ms/infrastruktur/warpapi.git" + git: + repo: "https://gitlab.warpzone.ms/infrastruktur/warpapi.git" version: "0.8" - dest: "/srv/warpapi" + dest: "/srv/warpapi" force: "yes" - register: gitclone + register: gitclone -- name: clone repo status - debug: +- name: clone repo status + debug: msg: "{{gitclone}}" - name: Helper-Scripte erstellen - template: - src: "{{ item }}" + template: + src: "{{ item }}" dest: "/srv/warpapi/{{ item }}" mode: "u=+x" with_items: - set_status_open.sh - - set_status_closed.sh + - set_status_closed.sh - name: Konfig-Datei erstellen - template: - src: "docker-compose.yml" + template: + src: "docker-compose.yml" dest: "/srv/warpapi/docker-compose.yml" - -- name: start warpapi docker - docker_service: - project_src: /srv/warpapi/ - state: present +# - name: start warpapi docker +# docker_service: +# project_src: /srv/warpapi/ +# state: present diff --git a/webserver/docker_wordpress/tasks/main.yml b/webserver/docker_wordpress/tasks/main.yml index 169c73376d9d0589773b7973f1d4faaad7a848bf..7ec0b667928df40505c0451c8f35bdc5b611acd8 100644 --- a/webserver/docker_wordpress/tasks/main.yml +++ b/webserver/docker_wordpress/tasks/main.yml @@ -4,9 +4,9 @@ with_items: - { path: /srv/wordpress/mysql_root_pass, length: 24 } - { path: /srv/wordpress/mysql_user_pass, length: 12 } - + - name: create folder struct for wordpress - file: + file: path: "{{ item }}" state: "directory" owner: www-data @@ -18,21 +18,21 @@ - "/srv/wordpress/db/" - name: create config files - template: - src: "{{ item }}" + template: + src: "{{ item }}" dest: "/srv/wordpress/config/{{ item }}" - with_items: + with_items: - uploads.ini - name: create config file - template: - src: "{{ item }}" + template: + src: "{{ item }}" dest: "/srv/wordpress/{{ item }}" - with_items: + with_items: - Dockerfile - docker-compose.yml -- name: start wordpress docker - docker_service: - project_src: /srv/wordpress/ - state: present +# - name: start wordpress docker +# docker_service: +# project_src: /srv/wordpress/ +# state: present