Skip to content
Snippets Groups Projects
Commit 2fadb8a1 authored by Jens Sandmann's avatar Jens Sandmann
Browse files

alle docker_service auskommentiert damit aktuelles ansible (>2.9) läuft

nodered auf docker_compose umgebaut
parent aca64ba5
No related branches found
No related tags found
No related merge requests found
Showing
with 83 additions and 414 deletions
--- ---
# Get secrets # Get secrets
- include: ../functions/get_secret.yml - include: ../functions/get_secret.yml
with_items: with_items:
- { path: /srv/mysql/mysql_root_pw, length: 24 } - { path: /srv/mysql/mysql_root_pw, length: 24 }
- { path: /srv/mysql/mysql_user_pw, length: 12 } - { path: /srv/mysql/mysql_user_pw, length: 12 }
- name: create folder struct for mysql - name: create folder struct for mysql
file: file:
path: "/srv/mysql/db/" path: "/srv/mysql/db/"
state: "directory" state: "directory"
- name: Konfig-Dateien erstellen - name: Konfig-Dateien erstellen
template: template:
src: "{{item}}" src: "{{item}}"
dest: "/srv/mysql/{{item}}" dest: "/srv/mysql/{{item}}"
with_items: with_items:
- "docker-compose.yml" - "docker-compose.yml"
- "tuning.cnf" - "tuning.cnf"
- name: start mysql docker # - name: start mysql docker
docker_service: # docker_service:
project_src: /srv/mysql/ # project_src: /srv/mysql/
state: present # state: present
--- ---
# Get secrets # Get secrets
- include_tasks: ../functions/get_secret.yml - include_tasks: ../functions/get_secret.yml
with_items: with_items:
- { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 }
...@@ -26,13 +26,13 @@ ...@@ -26,13 +26,13 @@
src: "docker-compose.yml" src: "docker-compose.yml"
dest: "/srv/grafana/docker-compose.yml" dest: "/srv/grafana/docker-compose.yml"
- name: start grafana docker # - name: start grafana docker
docker_service: # docker_service:
project_src: /srv/grafana/ # project_src: /srv/grafana/
state: absent # state: absent
when: config.changed # when: config.changed
- name: start grafana docker # - name: start grafana docker
docker_service: # docker_service:
project_src: /srv/grafana/ # project_src: /srv/grafana/
state: present # state: present
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
- "/srv/l4z0r" - "/srv/l4z0r"
- "/srv/l4z0r/db" - "/srv/l4z0r/db"
# Get secrets # Get secrets
- include_tasks: ../functions/get_secret.yml - include_tasks: ../functions/get_secret.yml
with_items: with_items:
- { path: /srv/l4z0r/mysql_root_pw, length: 24 } - { path: /srv/l4z0r/mysql_root_pw, length: 24 }
...@@ -21,8 +21,8 @@ ...@@ -21,8 +21,8 @@
src: "docker-compose.yml" src: "docker-compose.yml"
dest: "/srv/l4z0r/docker-compose.yml" dest: "/srv/l4z0r/docker-compose.yml"
# Start containers # # Start containers
- name: start l4z0r docker # - name: start l4z0r docker
docker_service: # docker_service:
project_src: /srv/l4z0r/ # project_src: /srv/l4z0r/
state: present # state: present
...@@ -14,12 +14,3 @@ ...@@ -14,12 +14,3 @@
community.docker.docker_compose: community.docker.docker_compose:
state: present state: present
project_src: /srv/nodered project_src: /srv/nodered
- name: install nodered modules
command: docker exec nodered-app /bin/bash -c 'npm install node-red-dashboard'
register: nodered_install
- debug: msg="{{ nodered_install.stdout | default('check run') }}"
- name: restart nodered container
command: docker restart nodered-app
################################################################################
# Node-RED Stack or Compose
################################################################################
# docker stack deploy node-red --compose-file docker-compose-node-red.yml
# docker-compose -f docker-compose-node-red.yml -p myNoderedProject up
################################################################################
version: "3"
services:
node-red:
image: nodered/node-red:1.3.5
environment:
- TZ=Europe/Amsterdam
ports:
- "1880:1880"
networks:
- node-red-net
volumes:
- /srv/nodered/data:/data
networks:
node-red-net:
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
- mysql-utf8.cnf - mysql-utf8.cnf
# TODO: [DEPRECATION WARNING]: The 'docker_service' module has been renamed to 'docker_compose'.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. # TODO: [DEPRECATION WARNING]: The 'docker_service' module has been renamed to 'docker_compose'.. This feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
- name: start hackmd docker # - name: start hackmd docker
docker_service: # docker_service:
project_src: /srv/hackmd/ # project_src: /srv/hackmd/
state: present # state: present
[warpzone-member]
0xf02d@jabber.warpzone.ms=0xf02d
bIGmAC@jabber.warpzone.ms=bIGmAC
CanisLupus@jabber.warpzone.ms=CanisLupus
citeq@jabber.warpzone.ms=citeq
commander1024@jabber.warpzone.ms=commander1024
crnf87@jabber.warpzone.ms=crnf87
da1l6@jabber.warpzone.ms=da1l6
drops@jabber.warpzone.ms=drops
Dunstkreis@jabber.warpzone.ms=Dunstkreis
ennox@jabber.warpzone.ms=ennox
fanlin@jabber.warpzone.ms=fanlin
fusselkater@jabber.warpzone.ms=fusselkater
Gregor@jabber.warpzone.ms=Gregor
heliotto@jabber.warpzone.ms=heliotto
janhenrik@jabber.warpzone.ms=janhenrik
julian@jabber.warpzone.ms=julian
larsm@jabber.warpzone.ms=larsm
MacGoever@jabber.warpzone.ms=MacGoever
marius@jabber.warpzone.ms=marius
MissInformation@jabber.warpzone.ms=MissInformation
nicowde@jabber.warpzone.ms=nicowde
ole@jabber.warpzone.ms=ole
philipp@jabber.warpzone.ms=philipp
sandzwerg@jabber.warpzone.ms=sandzwerg
Schneemann@jabber.warpzone.ms=Schneemann
shell@jabber.warpzone.ms=shell
StuC@jabber.warpzone.ms=StuC
supervirus@jabber.warpzone.ms=supervirus
tappser@jabber.warpzone.ms=tappser
user_51@jabber.warpzone.ms=user_51
void@jabber.warpzone.ms=void
dray@jabber.warpzone.ms=dray
pkirchner@jabber.warpzone.ms=pkirchner
alucardo@jabber.warpzone.ms=alucardo
3d@jabber.warpzone.ms=3d
frednet@jabber.warpzone.ms=frednet
kgbvax@jabber.warpzone.ms=kgbvax
orgun@jabber.warpzone.ms=orgun
Bahnpirat@jabber.warpzone.ms=Bahnpirat
Nick@jabber.warpzone.ms=Nick
Thunfisch@jabber.warpzone.ms=Thunfisch
do2jha@jabber.warpzone.ms=do2jha
---
# Create folders
- name: create folder struct for jabber_test
file:
path: "{{ item }}"
state: "directory"
with_items:
- "/srv/jabber_test/"
- "/srv/jabber_test/etc"
- name: create folder struct for jabber_test 2
file:
path: "{{ item }}"
state: "directory"
owner: 102
group: 106
with_items:
- "/srv/jabber_test/logs"
- "/srv/jabber_test/data"
- "/srv/jabber_test/saslauthd"
# Get secrets
- import_playbook: ../functions/get_secret.yml
with_items:
- { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 }
# create files
- name: Docker Konfig-Datei erstellen
template:
src: "docker-compose.yml"
dest: "/srv/jabber_test/docker-compose.yml"
- name: SASL Configs anlegen
template:
src: "{{item}}"
dest: "/srv/jabber_test/{{item}}"
with_items:
- "saslauthd.conf"
- "prosody.conf"
- name: Prosody Config anlegen
template:
src: "prosody.cfg.lua"
dest: "/srv/jabber_test/etc/prosody.cfg.lua"
# start docker
- name: start jabber-test docker
docker_service:
project_src: /srv/jabber_test/
state: present
version: "3"
services:
auth:
image: dweomer/saslauthd
restart: always
volumes:
- /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro
- /srv/jabber_test/saslauthd:/var/run/saslauthd
app:
image: prosody/prosody:0.11.7
restart: always
ports:
- 25222:5222
- 25269:5269
volumes:
- /srv/jabber_test/etc:/etc/prosody
- /srv/jabber_test/logs:/var/log/prosody
- /srv/jabber_test/data:/var/lib/prosody
# mount the certificates created by lets encrypt
- /etc/letsencrypt/live/jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/jabber-test.warpzone.ms.key
- /etc/letsencrypt/live/jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/jabber-test.warpzone.ms.crt
- /etc/letsencrypt/live/muc.jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.key
- /etc/letsencrypt/live/muc.jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt
- /etc/letsencrypt/live/proxy.jabber-test.warpzone.ms/privkey.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key
- /etc/letsencrypt/live/proxy.jabber-test.warpzone.ms/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt
# sasl2 auth mounts
- /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf
- /srv/jabber_test/saslauthd:/var/run/saslauthd
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { "sandzwerg@jabber.warpzone.ms", "void@jabber.warpzone.ms" }
-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
-- use_libevent = true
-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
--plugin_paths = {}
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"carbons"; -- Keep multiple clients in sync
"pep"; -- Enables users to publish their mood, activity, playing music and more
"private"; -- Private XML storage (for room bookmarks, etc.)
"blocklist"; -- Allow users to block communications with other users
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
--"mam"; -- Store messages in an archive and allow users to access it
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"websocket"; -- XMPP over WebSockets
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
--"limits"; -- Enable bandwidth limiting for XMPP connections
"groups"; -- Shared roster support
--"server_contact_info"; -- Publish contact information for this service
"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}
-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
c2s_require_encryption = true
-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.
-- Note that this is different from authentication
s2s_require_encryption = true
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see https://prosody.im/doc/s2s#security
s2s_secure_auth = false
-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.
--s2s_insecure_domains = { "insecure.example" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
-- authentication = "internal_hashed"
authentication = "cyrus"
cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.
--storage = "sql" -- Default is "internal"
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.
archive_expires_after = "1w" -- Remove archived messages after 1 week
-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam
-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
-- info = "*console"; -- Log to the console
"*console"; -- Log to the console, useful for debugging with daemonize=false
-- "*syslog"; -- Uncomment this for logging to syslog
}
-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"
-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates
-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
VirtualHost "jabber-test.warpzone.ms"
--VirtualHost "example.com"
-- certificate = "/path/to/example.crt"
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components
--- Set up a MUC (multi-user chat) room server on conference.example.com:
Component "muc.jabber-test.warpzone.ms" "muc"
--- Configure the proxy65 component which allows file transfers
Component "proxy.jabber-test.warpzone.ms" "proxy65"
--- Configure where the groups are stated
groups_file = "/etc/prosody/groups.txt"
--- Configure the posix module so it works with docker
-- daemonize = false
-- pidfile = "/tmp/prosody.pid"
---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
-- component_secret = "password"
pwcheck_method: saslauthd
mech_list: PLAIN
\ No newline at end of file
ldap_servers: ldap://{{ ldap_ip_ext }}
ldap_search_base: {{ ldap_base_dn }}
ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u))
ldap_bind_dn: {{ ldap_readonly_bind_dn }}
ldap_password: {{ ldap_readonly_pass }}
--- ---
- name: create folder struct for warpapi - name: create folder struct for warpapi
file: file:
path: "/srv/warpapi" path: "/srv/warpapi"
state: "directory" state: "directory"
- name: clone repo - name: clone repo
git: git:
repo: "https://gitlab.warpzone.ms/infrastruktur/warpapi.git" repo: "https://gitlab.warpzone.ms/infrastruktur/warpapi.git"
version: "0.8" version: "0.8"
dest: "/srv/warpapi" dest: "/srv/warpapi"
force: "yes" force: "yes"
register: gitclone register: gitclone
- name: clone repo status - name: clone repo status
debug: debug:
msg: "{{gitclone}}" msg: "{{gitclone}}"
- name: Helper-Scripte erstellen - name: Helper-Scripte erstellen
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/warpapi/{{ item }}" dest: "/srv/warpapi/{{ item }}"
mode: "u=+x" mode: "u=+x"
with_items: with_items:
- set_status_open.sh - set_status_open.sh
- set_status_closed.sh - set_status_closed.sh
- name: Konfig-Datei erstellen - name: Konfig-Datei erstellen
template: template:
src: "docker-compose.yml" src: "docker-compose.yml"
dest: "/srv/warpapi/docker-compose.yml" dest: "/srv/warpapi/docker-compose.yml"
- name: start warpapi docker
docker_service:
project_src: /srv/warpapi/
state: present
# - name: start warpapi docker
# docker_service:
# project_src: /srv/warpapi/
# state: present
...@@ -4,9 +4,9 @@ ...@@ -4,9 +4,9 @@
with_items: with_items:
- { path: /srv/wordpress/mysql_root_pass, length: 24 } - { path: /srv/wordpress/mysql_root_pass, length: 24 }
- { path: /srv/wordpress/mysql_user_pass, length: 12 } - { path: /srv/wordpress/mysql_user_pass, length: 12 }
- name: create folder struct for wordpress - name: create folder struct for wordpress
file: file:
path: "{{ item }}" path: "{{ item }}"
state: "directory" state: "directory"
owner: www-data owner: www-data
...@@ -18,21 +18,21 @@ ...@@ -18,21 +18,21 @@
- "/srv/wordpress/db/" - "/srv/wordpress/db/"
- name: create config files - name: create config files
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/wordpress/config/{{ item }}" dest: "/srv/wordpress/config/{{ item }}"
with_items: with_items:
- uploads.ini - uploads.ini
- name: create config file - name: create config file
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "/srv/wordpress/{{ item }}" dest: "/srv/wordpress/{{ item }}"
with_items: with_items:
- Dockerfile - Dockerfile
- docker-compose.yml - docker-compose.yml
- name: start wordpress docker # - name: start wordpress docker
docker_service: # docker_service:
project_src: /srv/wordpress/ # project_src: /srv/wordpress/
state: present # state: present
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment