Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • infrastruktur/ansible-warpzone
  • specki/ansible-warpzone
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 903 additions and 44 deletions
webserver/docker_privatebin/templates/docker-compose.yml 0 → 100644
View file @ b7acad3f
services:
app:
image: privatebin/nginx-fpm-alpine:stable
volumes:
- "{{ basedir }}/data:/srv/data"
- "{{ basedir }}/cfg:/srv/cfg"
networks:
- web
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
restart:
always
networks:
web:
external: true
\ No newline at end of file
webserver/docker_tandoor/Documentation.md 0 → 100644
View file @ b7acad3f
# Overview
* Authentication to Tandoor is only possible with an account in uffd, regular authentication is disabled
* All users with group 'tandoor_access' can access the Application
# Setup OIDC Authentication via uffd
Uffd Reference: https://git.cccv.de/uffd
## Setup in Tandoor
All setup is done in the docker-compose.yml
References:
* https://docs.tandoor.dev/features/authentication/
## Setup in uffd
Create Groups:
- tandoor_access: General Access to Tandoor
Create a Service / OAuth Client:
Only Users with goup grafana_access can access Tandoor
Client-ID: tandoor
Client-Secret: from file openid_client_secret on the server
Redirect-URIs:
* https://tandoor.test-warpzone.de/accounts/oidc/uffd/login/callback/
webserver/docker_tandoor/tasks/main.yml 0 → 100644
View file @ b7acad3f
---
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/secret_key", length: 32 }
- { path: "{{ basedir }}/secrets/postgres_user_pass", length: 24 }
- { path: "{{ basedir }}/secrets/tandooradmin_user_pass", length: 24 }
- { path: "{{ basedir }}/secrets/openid_client_secret", length: 32 }
- name: "create folder struct for {{ servicename }}"
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}"
- "{{ basedir }}/secrets"
- "{{ basedir }}/db"
- "{{ basedir }}/staticfiles"
- "{{ basedir }}/mediafiles"
- name: "deploy {{ servicename }} config files"
template:
dest: "{{ basedir }}/{{ item }}"
src: "{{ item }}"
with_items:
- docker-compose.yml
register: config
- name: "stop {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: absent
when: config.changed
- name: "start {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: present
webserver/docker_tandoor/templates/docker-compose.yml 0 → 100644
View file @ b7acad3f
services:
db:
image: postgres:16-alpine
restart: always
volumes:
- "{{ basedir }}/db:/var/lib/postgresql/data"
environment:
POSTGRES_DB: tandoor
POSTGRES_PORT: 5432
POSTGRES_USER: tandoor
POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
networks:
- default
app:
restart: always
image: vabene1111/recipes:latest
depends_on:
- db
volumes:
- "{{ basedir }}/staticfiles:/opt/recipes/staticfiles"
- "{{ basedir }}/mediafiles:/opt/recipes/mediafiles"
environment:
SECRET_KEY: {{ secret_key }}
DB_ENGINE: django.db.backends.postgresql
POSTGRES_HOST: db
POSTGRES_DB: tandoor
POSTGRES_PORT: 5432
POSTGRES_USER: tandoor
POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"APPS":[{"provider_id":"uffd","name":"uffd","client_id":"tandoor","secret":"{{ openid_client_secret }}","settings":{"server_url":"{{ oidc_global.provider_url }}/.well-known/openid-configuration"}}]}}'
SOCIAL_DEFAULT_GROUP: "warpzone"
ENABLE_SIGNUP: "False"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
networks:
- default
- web
networks:
web:
external: true
webserver/docker_uffd/tasks/main.yml 0 → 100644
View file @ b7acad3f
---
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/mysql_admin_pass", length: 32 }
- { path: "{{ basedir }}/secrets/mysql_user_pass", length: 32 }
- { path: "{{ basedir }}/secrets/uffd_admin_pass", length: 32 }
- { path: "{{ basedir }}/secrets/uffd_secret_key", length: 32 }
- { path: "{{ basedir }}/secrets/uffd_mail_pass", length: 12 }
- name: create folder struct for {{servicename}}
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}"
- "{{ basedir }}/secrets"
- "{{ basedir }}/db/"
- name: create config files
template:
src: "{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- "Dockerfile"
- "entrypoint.sh"
- "docker-compose.yml"
- "uffd.cfg"
register: config
- name: stop {{ servicename }} docker
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: absent
when: config.changed
- name: start {{servicename}} docker
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: present
\ No newline at end of file
webserver/docker_uffd/templates/Dockerfile 0 → 100644
View file @ b7acad3f
FROM debian:bookworm AS build-stage
ENV DEBIAN_FRONTEND=noninteractive
ENV PYBUILD_INSTALL_ARGS="--install-lib=/usr/share/uffd/ --install-scripts=/usr/share/uffd/"
ENV PACKAGE_VERSION=v2.3.1.r21
RUN set -x && \
apt update && \
apt install -y --no-install-recommends \
lsb-release \
curl \
ca-certificates \
locales-all \
git \
python3 \
python3-venv \
python3-coverage \
python3-ldap3 \
python3-flask \
python3-flask-sqlalchemy \
python3-flask-migrate \
python3-pip \
python3-qrcode \
python3-fido2 \
python3-oauthlib \
python3-flask-babel \
python3-argon2 \
python3-pytest \
python3-all \
python3-pip \
git-buildpackage \
debhelper \
build-essential \
dh-python \
python3-mysqldb \
python3-requests-oauthlib \
python3-git \
python3-prometheus-client \
libffi-dev \
python3-build \
twine && \
apt -qq clean
RUN git clone https://git.cccv.de/uffd/uffd.git
WORKDIR /uffd
# Checkout Git, Current version 31.05.2024
RUN git checkout 89f1ecdda1149c2d9585135a7186114b645396e1
RUN set -x && \
./debian/create_changelog.py uffd > debian/changelog && \
dpkg-buildpackage -us -uc && \
dpkg-deb -I /*.deb && \
dpkg-deb -c /*.deb && \
mv /*.deb /uffd/uffd.deb
FROM debian:bookworm as app-stage
COPY --from=build-stage /uffd/uffd.deb /uffd.deb
RUN set -x && \
apt update && \
apt install -y --no-install-recommends /uffd.deb python3-psycopg2 python3-pymysql && \
rm -rf /var/lib/apt/lists/* && \
rm /uffd.deb && \
cat /etc/uffd/uffd.cfg | grep -v "SECRET_KEY=" > /etc/uffd/uffd.cfg.tmp && \
mv /etc/uffd/uffd.cfg.tmp /etc/uffd/uffd.cfg && \
mkdir --parents /var/www/uffd && \
chown root:uffd /var/www/uffd
COPY entrypoint.sh /entrypoint.sh
USER uffd
USER root
EXPOSE 3031/tcp
EXPOSE 9191/tcp
CMD bash /entrypoint.sh
webserver/docker_uffd/templates/Dockerfile-release 0 → 100644
View file @ b7acad3f
FROM debian:bullseye
ENV DEBIAN_FRONTEND=noninteractive
# Install depandencies
RUN set -x && \
apt update && \
apt install -y --no-install-recommends \
ca-certificates \
curl \
gnupg2 \
python3 \
python3-argon2 \
python3-cryptography \
python3-fido2 \
python3-flask \
python3-flask-babel \
python3-flask-sqlalchemy \
python3-flask-migrate \
python3-itsdangerous \
python3-jwt \
python3-qrcode \
python3-prometheus-client \
python3-pymysql \
python3-oauthlib \
python3-uaparser \
wget && \
rm -rf /var/lib/apt/lists/*
# Install uffd from CCCV Repo
RUN set -x && \
echo "deb https://packages.cccv.de/uffd bullseye main" > /etc/apt/sources.list.d/cccv-archive-bullseye.list && \
curl -sS https://packages.cccv.de/docs/cccv-archive-key.gpg | gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg && \
apt update && \
apt install -y --no-install-recommends uffd=2.3.2 && \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh /entrypoint.sh
USER uffd
USER root
EXPOSE 3031/tcp
EXPOSE 9191/tcp
CMD bash /entrypoint.sh
webserver/docker_uffd/templates/docker-compose.yml 0 → 100644
View file @ b7acad3f
services:
db:
image: mariadb:11
restart: always
command: ['mariadbd', '--character-set-server=utf8mb4', '--collation-server=utf8mb4_nopad_bin']
volumes:
- "{{ basedir }}/db/:/var/lib/mysql"
environment:
MYSQL_ROOT_PASSWORD: "{{ mysql_admin_pass }}"
MYSQL_PASSWORD: "{{ mysql_user_pass }}"
MYSQL_DATABASE: "uffd"
MYSQL_USER: "uffd"
MARIADB_AUTO_UPGRADE: "1"
networks:
- default
app:
build: .
image: uffd:v2.3.1.r21
restart: always
depends_on:
- db
volumes:
- "{{ basedir }}/uffd.cfg/:/etc/uffd/uffd.cfg"
environment:
TZ: "Europe/Berlin"
UFFD_INITIAL_ADMIN_USER: "uffdadmin"
UFFD_INITIAL_ADMIN_PW: "{{ uffd_admin_pass }}"
UFFD_INITIAL_ADMIN_MAIL: "admin@{{ mail_domains.warpzonems.mxserver }}"
labels:
- com.centurylinklabs.watchtower.enable=false
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=3031
networks:
- default
- web
networks:
web:
external: true
webserver/docker_uffd/templates/entrypoint.sh 0 → 100644
View file @ b7acad3f
#!/bin/bash
# Modded to Dockerfile
#echo "Copying static files ..."
#cp -r /usr/share/uffd/uffd/static /var/www/uffd
db_ready="false"
count=0
while [ $count -lt 32 ] && [ "$db_ready" != "true" ] ;do
if [ -z "$(uffd-admin db current 2>&1 | grep -o "Error")" ] ;then
db_ready="true"
else
echo "Waiting for db to become ready..."
((duration=2**$count))
sleep $duration
((count=$count+1))
fi
done
if [ "$db_ready" == "true" ] ;then
echo "Running datbase migrations ..."
uffd-admin db upgrade
if [ -n "$UFFD_INITIAL_ADMIN_PW" ] && [ "$(uffd-admin user list)" == "" ]; then
echo "Creating groups and roles for initial admin user ..."
if ! uffd-admin group show 'uffd_admin' >> /dev/null 2>&1 ;then
uffd-admin group create 'uffd_admin' --description 'Admin access to uffd'
fi
if ! uffd-admin group show 'uffd_access' >> /dev/null 2>&1 ;then
uffd-admin group create 'uffd_access' --description 'Access to Single-Sign-On and Selfservice'
fi
if ! uffd-admin role show 'uffd_admin' >> /dev/null 2>&1 ;then
uffd-admin role create 'uffd_admin' --add-group 'uffd_admin' --add-group 'uffd_access'
fi
if [ -z "$UFFD_INITIAL_ADMIN_USER" ] ;then
UFFD_INITIAL_ADMIN_USER='uffd_admin'
fi
if [ -z "$UFFD_INITIAL_ADMIN_MAIL" ] ;then
UFFD_INITIAL_ADMIN_MAIL='uffd_admin@localhost'
fi
echo "Creating initial admin user ..."
uffd-admin user create "$UFFD_INITIAL_ADMIN_USER" --password "$UFFD_INITIAL_ADMIN_PW" --mail "$UFFD_INITIAL_ADMIN_MAIL" --displayname 'uffd Admin' --add-role 'uffd_admin'
fi
else
echo "WARNING: Database is not ready yet, skipping migration and initialization"
fi
echo "Starting server ..."
runuser --preserve-environment -u uffd -- \
uwsgi --ini /etc/uwsgi/apps-enabled/uffd.ini --http-socket 0.0.0.0:3031 --master --stats 0.0.0.0:9191
webserver/docker_uffd/templates/uffd.cfg 0 → 100644
View file @ b7acad3f
LANGUAGES={
# Language identifier (see Accept-Language HTTP header) -> Display Name
"en": "EN",
"de": "DE",
}
# Uffd Admins Group
ACL_ADMIN_GROUP="uffd_admin"
# Group required to access selfservice functions (view selfservice, change profile/password/roles)
ACL_SELFSERVICE_GROUP="uffd_access"
# Group required to login
ACL_ACCESS_GROUP="uffd_access"
# Members can create invite links for signup
ACL_SIGNUP_GROUP="uffd_signup"
MAIL_SERVER='{{ mail_domains.warpzonems.mxserver }}'
MAIL_PORT=587
MAIL_USERNAME='noreply-uffd@{{ mail_domains.warpzonems.maildomain }}'
MAIL_PASSWORD='{{ uffd_mail_pass }}'
MAIL_USE_STARTTLS=True
MAIL_FROM_ADDRESS='noreply-uffd@{{ mail_domains.warpzonems.maildomain }}'
# Do not enable this on a public service! There is no spam protection implemented at the moment.
SELF_SIGNUP=False
# Max Lifetime for invites
INVITE_MAX_VALID_DAYS=21
# Blocked Loginnames
LOGINNAME_BLOCKLIST=['^admin$', '^root$']
#MFA_ICON_URL = 'https://example.com/logo.png'
#MFA_RP_ID = 'example.com' # If unset, hostname from current request is used
MFA_RP_NAME = 'Warpzone Uffd' # Service name passed to U2F/FIDO2 authenticators
FOOTER_LINKS=[{"url": "https://{{ global_domains.warpzonems.domain }}", "title": "warpzone"}]
# The default page after login or clicking the top left home button is the self-service
# page. If you would like it to be the services list instead, set this to True.
DEFAULT_PAGE_SERVICES=True
# Service overview page (disabled if empty)
SERVICES=[
# # Title is mandatory, all other fields are optional.
# # For permission_levels/groups/infos/links all fields are mandatory aside from required_group.
# {
# 'title': 'Service Title',
# 'subtitle': 'Service Subtitle',
# 'description': 'Short description of the service as plain text',
# 'url': 'https://example.com/',
# 'logo_url': 'https://example.com/logo.png',
# # Basic access group name, service is accessible to everyone if empty
# 'required_group': 'users',
# # Non-basic permission levels, the last matching entry is selected.
# # Users with a matching permission level are considered to have
# # access to the service (as if they have the basic access group).
# 'permission_levels': [
# {'name': 'Moderator', 'required_group': 'moderators'},
# {'name': 'Admin', 'required_group': 'uffd_admin'},
# ],
# # Per default all services are listed publicly (but grayed out for
# # guests/users without access). Confidential services are only visible
# # to users with access rights to the service.
# 'confidential': True,
# # In-service groups, all matching items are visible
# 'groups': [
# {'name': 'Group "crew_crew"', 'required_group': 'users'},
# {'name': 'Group "crew_logistik"', 'required_group': 'uffd_admin'},
# ],
# # Infos are small/medium amounts of information displayed in a modal
# # dialog. All matching items are visible.
# 'infos': [
# {
# 'title': 'uffd',
# 'button_text': 'Documentation', # Defaults to the title if not set
# 'html': '<p>Some information about the service as html</p>',
# 'required_group': 'users',
# },
# ],
# # Links to external sites, all matching items are visible
# 'links': [
# {'title': 'Link to an external site', 'url': '#', 'required_group': 'users'},
# ]
# },
# {
# 'title': 'Grafana',
# 'url': 'https://grafana.{{ global_domains.warpzonems.domain }}',
# 'logo_url': 'https://grafana.{{ global_domains.warpzonems.domain }}/public/img/fav32.png'
# },
{
'title': 'Dokuwiki',
'description': 'warpzone Wiki',
'url': 'https://wiki.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://wiki.{{ global_domains.warpzonems.domain }}/_media/wiki:dokuwiki.svg',
'required_group': 'dokuwiki_access',
'confidential': True
},
{
'title': 'Gitea (Verwaltung)',
'description': 'Gitea für Verwaltungsdaten',
'url': 'https://verwaltung-git.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://verwaltung-git.{{ global_domains.warpzonems.domain }}/assets/img/favicon.svg',
'required_group': 'gitea_access',
'confidential': True
},
{
'title': 'Gitlab',
'description': 'Gitlab Server',
'url': 'https://gitlab.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://gitlab.{{ global_domains.warpzonems.domain }}/assets/apple-touch-icon-b049d4bc0dd9626f31db825d61880737befc7835982586d015bded10b4435460.png',
'required_group': 'gitlab_access',
'confidential': True
},
{
'title': 'HedgeDoc',
'description': 'HedgeDoc, ehemals: CodiMD / HackMD',
'url': 'https://md.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://md.{{ global_domains.warpzonems.domain }}/icons/apple-touch-icon.png',
'required_group': 'hackmd_access',
'confidential': True
},
{
'title': 'Icinga',
'description': 'Icinga Monitoring',
'url': 'https://icinga.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://icinga.{{ global_domains.warpzonems.domain }}/icingaweb2/img/touch-icon.png',
'required_group': 'icinga_access',
'confidential': True
},
{
'title': 'JVerein / Jameica (Verwaltung)',
'description': 'JVerein / Jameica VNC Zugriff',
'url': 'https://verwaltung-jameica.{{ global_domains.warpzonems.domain }}/vnc.html',
'logo_url': 'https://verwaltung-jameica.{{ global_domains.warpzonems.domain }}/app/images/icons/novnc-192x192.png',
'required_group': 'jverein_access',
'confidential': True
},
# {
# 'title': 'Mailu (Mailserver)',
# 'description': 'Mailu Mailserver - Administration und Webmail',
# 'url': 'https://mailserver.{{ global_domains.warpzonems.domain }}',
# 'logo_url': 'https://avatars.githubusercontent.com/u/23010996?s=280&v=4',
# 'confidential': True
# },
{
'title': 'Mailman (Mailinglisten)',
'description': 'Mailman Mailinglistenverwaltung',
'url': 'https://listserver.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://list.org/images/logo2010-2.jpg',
'required_group': 'mailman_access',
'confidential': True
},
{
'title': 'Nextcloud',
'description': 'Nextcloud Cloud Storage',
'url': 'https://verwaltung.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://verwaltung.{{ global_domains.warpzonems.domain }}/core/img/favicon-touch.png',
'required_group': 'nextcloud_access',
'confidential': True
},
{
'title': 'VPN (Administration)',
'description': 'VPN Server für Administratoren',
'url': 'https://vpn.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://www.wireguard.com/img/icons/favicon-512.png',
'required_group': 'vpnserver_access',
'confidential': True
},
{
'title': 'Vaultwarden',
'description': 'Vaultwarden Passwortverwaltung',
'url': 'https://vault.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://vault.{{ global_domains.warpzonems.domain }}/images/apple-touch-icon.png',
'required_group': 'verwaltung',
'confidential': True
},
{
'title': 'Warpapi',
'description': 'API für Services wie SpaceAPI etc.',
'url': 'https://api.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://gitlab.warpzone.ms/presse/media/-/raw/master/Logo/WZ_Blume_3c.svg'
},
{
'title': 'Wordpress',
'description': 'Wordpress Webseiten Verwaltung',
'url': 'https://www.{{ global_domains.warpzonems.domain }}/wp-login.php',
'logo_url': 'https://www.{{ global_domains.warpzonems.domain }}/favicon.ico',
'required_group': 'wordpress_access',
'confidential': True
}
]
# A banner text that will be displayed above the services list
SERVICES_BANNER='Available Services'
# If the banner should be shown to users who are not logged in
SERVICES_BANNER_PUBLIC=False
# Enable the service overview page for users who are not logged in
SERVICES_PUBLIC=False
# An optional banner that will be displayed above the login form
LOGIN_BANNER='Wichtig: Wenn ihr vorher bereits einen warpzone-Account (Keycloak oder warpinfra) hattet, dan müsst Ihr euch hier einen Account neu anlegen. Bitte verwendet hierbei den gleichen Login-Namen. <br> Always check the URL. Never enter your SSO password on any other site.'
BRANDING_LOGO_URL='https://gitlab.warpzone.ms/presse/media/-/raw/master/Logo/WZ_Blume_3c.svg?ref_type=heads'
SITE_TITLE='uffd @ {{ global_domains.warpzonems.domain }}'
# Name and contact mail address are displayed to users in a few places (plain text only!)
ORGANISATION_NAME='Warpzone'
ORGANISATION_CONTACT='admin@{{ mail_domains.warpzonems.maildomain }}'
# Optional text included in account registration mails (plain text only!)
WELCOME_TEXT='Wenn ihr Hilfe braucht meldet euch beim admin team unter admin@warpzone.ms oder sprecht uns an.'
# DO set in production
FLASK_ENV="production"
SQLALCHEMY_DATABASE_URI="mysql+pymysql://uffd:{{ mysql_user_pass }}@db/uffd?charset=utf8mb4"
SECRET_KEY="{{ uffd_secret_key }}"
DEBUG=False
webserver/docker_vpnserver/tasks/main.yml 0 → 100644
View file @ b7acad3f
---
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/wg_admin_pass", length: 32 }
- { path: "{{ basedir }}/wg_private_key", length: -1 } # 'wg genkey'
- name: create folder struct for keycloak
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}"
- "{{ basedir }}/data"
- name: "copy {{ servicename }} config files"
template:
src: "{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- docker-compose.yml
register: config
- name: "stop {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: absent
when: config.changed
- name: "start {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: present
webserver/docker_vpnserver/templates/docker-compose.yml 0 → 100644
View file @ b7acad3f
services:
app:
image: ghcr.io/freifunkmuc/wg-access-server:latest
restart: always
cap_add:
- NET_ADMIN
sysctls:
net.ipv6.conf.all.disable_ipv6: 0
net.ipv6.conf.all.forwarding: 1
volumes:
- "{{ basedir }}/data:/data"
# - "{{ basedir }}/config.yaml:/config.yaml" # if you have a custom config file
ports:
# - "8000:8000/tcp"
- "51820:51820/udp"
devices:
- "/dev/net/tun:/dev/net/tun"
environment:
- "WG_ADMIN_USERNAME=vpnadmin"
- "WG_ADMIN_PASSWORD={{ wg_admin_pass }}"
- "WG_WIREGUARD_PRIVATE_KEY={{ wg_private_key }}"
- "WG_VPN_CIDRV6=0" # to disable IPv6
- "WG_EXTERNAL_HOST={{ domain }}"
- "WG_DNS_ENABLED=true"
- "WG_DNS_UPSTREAM=192.168.0.201"
- "WG_LOG_LEVEL=info"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8000
networks:
- default
- web
networks:
web:
external: true
webserver/docker_warpapi/tasks/main.yml
View file @ b7acad3f
---
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/warpapi/update_key, length: 32 }
- name: create folder struct for warpapi
file:
path: "/srv/warpapi"
state: "directory"
- name: clone repo
git:
repo: "https://gitlab.warpzone.ms/infrastruktur/warpapi.git"
version: "232c44ed365998acf70f5c28510bcc663adc5686"
dest: "/srv/warpapi"
force: "yes"
register: gitclone
- name: clone repo status
debug:
msg: "{{gitclone}}"
- name: Helper-Scripte erstellen
template:
src: "{{ item }}"
......@@ -32,6 +24,6 @@
dest: "/srv/warpapi/docker-compose.yml"
- name: start warpapi docker
docker_compose:
community.docker.docker_compose_v2:
project_src: /srv/warpapi/
state: present
webserver/docker_warpapi/templates/docker-compose.yml
View file @ b7acad3f
version: "3"
services:
app:
build: .
image: warpapi:{{ gitclone.after }}
image: gitlab-registry.warpzone.ms/infrastruktur/warpapi:latest
restart: always
ports:
- 127.0.0.1:42010:5000
volumes:
- /srv/warpapi/warpapi/:/opt/warpapi
environment:
UPDATE_KEY: "{{ update_key }}"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=5000
networks:
- default
- web
- default
- web
networks:
web:
external: true
external: true
webserver/docker_warpapi/templates/set_status_closed.sh
View file @ b7acad3f
#!/bin/sh
docker run --rm -it ruimarinho/mosquitto mosquitto_pub -h 192.168.0.201 -t warpzone/door/status -m "CLOSED" --retain
curl "https://{{ domain }}/setstatus?newstatus=CLOSED&update_key={{ update_key }}"
webserver/docker_warpapi/templates/set_status_open.sh
View file @ b7acad3f
#!/bin/sh
docker run --rm -it ruimarinho/mosquitto mosquitto_pub -h 192.168.0.201 -t warpzone/door/status -m "OPEN" --retain
curl "https://{{ domain }}/setstatus?newstatus=OPEN&update_key={{ update_key }}"
webserver/docker_wordpress/tasks/main.yml
View file @ b7acad3f
......@@ -2,8 +2,9 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/wordpress/mysql_root_pass, length: 24 }
- { path: /srv/wordpress/mysql_user_pass, length: 12 }
- { path: "/srv/shared/noreply_email_pass", length: -1 }
- { path: "{{ basedir }}/mysql_root_pass", length: 24 }
- { path: "{{ basedir }}/mysql_user_pass", length: 12 }
- name: create folder struct for wordpress
file:
......@@ -12,27 +13,32 @@
owner: www-data
group: www-data
with_items:
- "/srv/wordpress/"
- "/srv/wordpress/config"
- "/srv/wordpress/data/"
- "/srv/wordpress/db/"
- name: create config files
template:
src: "{{ item }}"
dest: "/srv/wordpress/config/{{ item }}"
with_items:
- uploads.ini
- "{{ basedir }}/"
- "{{ basedir }}/db/"
- "{{ basedir }}/config"
- "{{ basedir }}/data/"
- "{{ basedir }}/data/wp-content/"
- "{{ basedir }}/data/wp-content/plugins/"
- "{{ basedir }}/data/wp-content/plugins/wz-status/"
- name: create config file
template:
src: "{{ item }}"
dest: "/srv/wordpress/{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- Dockerfile
- docker-compose.yml
- config/uploads.ini
- data/wp-content/plugins/wz-status/wz-status.php
register: config_files
- name: "stop {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: absent
when: config_files.changed
# - name: start wordpress docker
# docker_service:
# project_src: /srv/wordpress/
# state: present
- name: "start {{ servicename }} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: present
webserver/docker_wordpress/templates/Dockerfile
View file @ b7acad3f
FROM wordpress:6.1.1-php8.2-apache
FROM wordpress:6.4.2-apache
# install the PHP extensions we need
RUN set -x \
......
webserver/docker_wordpress/templates/config/uploads.ini 0 → 100644
View file @ b7acad3f
file_uploads = On
memory_limit = 64M
upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 600
webserver/docker_wordpress/templates/data/wp-content/plugins/wz-status/wz-status.php 0 → 100644
View file @ b7acad3f
<?php
/*
Plugin Name: WZ Status
Plugin URI: http://www.warpzone.ms
Description: This plugin adds a custom widget.
Version: 1.0
Author: Christian <void> Elberfeld
Author URI: http://www.warpzone.ms
License: GPL2
Original Source: https://github.com/wpexplorer/my-widget-plugin
*/
// The widget class
class WZ_Status_Widget extends WP_Widget {
// Main constructor
public function __construct() {
parent::__construct(
'wz_status_widget',
__( 'WZ Status Widget', 'text_domain' ),
array(
'customize_selective_refresh' => true,
)
);
}
// The widget form (for the backend )
public function form( $instance ) {
// Set widget defaults
$defaults = array(
'title' => '',
'api_url' => '',
);
// Parse current settings with defaults
extract( wp_parse_args( ( array ) $instance, $defaults ) ); ?>
<?php // Widget Title ?>
<p>
<label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Widget Title', 'text_domain' ); ?></label>
<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
</p>
<?php // Api Url ?>
<p>
<label for="<?php echo esc_attr( $this->get_field_id( 'api_url' ) ); ?>"><?php _e( 'Api Url:', 'api_url' ); ?></label>
<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'api_url' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'api_url' ) ); ?>" type="text" value="<?php echo esc_attr( $text ); ?>" />
</p>
<?php }
// Update widget settings
public function update( $new_instance, $old_instance ) {
$instance = $old_instance;
$instance['title'] = isset( $new_instance['title'] ) ? wp_strip_all_tags( $new_instance['title'] ) : '';
$instance['api_url'] = isset( $new_instance['api_url'] ) ? wp_strip_all_tags( $new_instance['api_url'] ) : '';
return $instance;
}
// Display the widget
public function widget( $args, $instance ) {
extract( $args );
// Check the widget options
$title = isset( $instance['title'] ) ? apply_filters( 'widget_title', $instance['title'] ) : '';
$api_url = isset( $instance['api_url'] ) ? $instance['api_url'] : '';
$zone_status = "UNBEKANNT";
$zone_status_text = "Unbekannt";
$zone_status_color = "#000000";
// WordPress core before_widget hook (always include )
echo $before_widget;
// Display the widget
echo '<div class="widget-text wp_widget_plugin_box">';
// Display widget title if defined
if ( $title ) {
echo $before_title . $title . $after_title;
}
// Zone Status abrufen
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.warpzone.ms/statuswidget",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 3,
CURLOPT_TIMEOUT => 5,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET"
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
$zone_status = $err;
} else {
$responseObj = json_decode($response,true);
$zone_status = $responseObj['zone_door_status'];
if ($zone_status == "OPEN") {
$zone_status_text = "Offen";
$zone_status_color = "#00cc00";
}
if ($zone_status == "CLOSED") {
$zone_status_text = "Geschlossen";
$zone_status_color = "#cc0000";
}
}
// Anzeige Status im Widget
echo "<span style='font-weight: bold; color:" . $zone_status_color . ";'>" . $zone_status_text . "</span>";
// Status mit in die Menueleiste fuer Mobilgeraete
echo "<script type='text/javascript'>jQuery(document).ready(function() { jQuery('#mainnav-toggle').text('MENU | Status: " . $zone_status_text . "'); });</script>";
echo '</div>';
// WordPress core after_widget hook (always include )
echo $after_widget;
}
}
// Register the widget
function my_register_wz_status_widget() {
register_widget( 'WZ_Status_Widget' );
}
add_action( 'widgets_init', 'my_register_wz_status_widget' );