home/max
Archived
2
1
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity

move from pizzapim.nl to pim.kunis.nl

Browse source
This commit is contained in:
Pim Kunis 2023-02-08 08:27:30 +01:00
parent 4d8f9e816c
commit 1bd61091a1
26 changed files with 66 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/homeserver.yml
View file

@ -1,6 +1,10 @@
base_data_dir: /data base_data_dir: /data
base_service_dir: /srv base_service_dir: /srv
# Additional open ports
jitsi_videobridge_port: 54562 jitsi_videobridge_port: 54562
git_ssh_port: 56287 git_ssh_port: 56287
prometheus_port: 8081 prometheus_port: 8081
traefik_api_port: 8080 traefik_api_port: 8080
domain_name_pim: pim.kunis.nl

4
roles/blog/tasks/main.yml
View file

@ -22,8 +22,8 @@
src: "{{ role_path }}/templates/docker-compose.yml.j2" src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml" dest: "{{ service_dir }}/docker-compose.yml"
- name: Copy nginx config - name: Copy nginx config
copy: template:
src: "{{ role_path }}/files/nginx.conf" src: "{{ role_path }}/templates/nginx.conf.j2"
dest: "{{ service_dir }}/nginx.conf" dest: "{{ service_dir }}/nginx.conf"
register: nginx_conf register: nginx_conf
- name: Start docker compose - name: Start docker compose

4
roles/blog/templates/docker-compose.yml.j2
View file

@ -14,9 +14,9 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.blog.entrypoints=websecure - traefik.http.routers.blog.entrypoints=websecure
- traefik.http.routers.blog.rule=Host(`pizzapim.nl`) - traefik.http.routers.blog.rule=Host(`{{ domain_name_pim }}`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=pizzapim - traefik.http.routers.blog.tls.certresolver=letsencrypt
- traefik.http.routers.blog.service=blog - traefik.http.routers.blog.service=blog
- traefik.http.services.blog.loadbalancer.server.port=80 - traefik.http.services.blog.loadbalancer.server.port=80

2
roles/blog/files/nginx.conf → roles/blog/templates/nginx.conf.j2
View file

@ -1,6 +1,6 @@
server { server {
listen 80; listen 80;
server_name pizzapim.nl; server_name {{ domain_name_pim }};
index index.html index.htm; index index.html index.htm;
root /var/www/blog; root /var/www/blog;

2
roles/blog/vars/main.yml
View file

@ -1,3 +1,3 @@
service_name: blog service_name: blog
service_dir: "{{ base_service_dir }}/{{ service_name }}" service_dir: "{{ base_service_dir }}/{{ service_name }}"
git_origin: https://git.pizzapim.nl/pim/blog.git git_origin: https://git.pim.kunis.nl/pim/blog.git

4
roles/forgejo/templates/app.ini.j2
View file

@ -13,8 +13,8 @@ TEMP_PATH = /data/gitea/uploads
[server] [server]
APP_DATA_PATH = /data/gitea APP_DATA_PATH = /data/gitea
DOMAIN = git.pizzapim.nl DOMAIN = {{ git_domain }}
SSH_DOMAIN = git.pizzapim.nl SSH_DOMAIN = {{ git_domain }}
HTTP_PORT = 3000 HTTP_PORT = 3000
ROOT_URL = {{ forgejo.root_url }} ROOT_URL = {{ forgejo.root_url }}
DISABLE_SSH = false DISABLE_SSH = false

4
roles/forgejo/templates/docker-compose.yml.j2
View file

@ -22,9 +22,9 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.forgejo.entrypoints=websecure - traefik.http.routers.forgejo.entrypoints=websecure
- traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`) - traefik.http.routers.forgejo.rule=Host(`{{ git_domain }}`)
- traefik.http.routers.forgejo.tls=true - traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=pizzapim - traefik.http.routers.forgejo.tls.certresolver=letsencrypt
- traefik.http.routers.forgejo.service=forgejo - traefik.http.routers.forgejo.service=forgejo
- traefik.http.services.forgejo.loadbalancer.server.port=3000 - traefik.http.services.forgejo.loadbalancer.server.port=3000

4
roles/forgejo/vars/main.yml
View file

@ -1,9 +1,11 @@
service_name: forgejo service_name: forgejo
data_dir: "{{ base_data_dir }}/{{ service_name }}" data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}" service_dir: "{{ base_service_dir }}/{{ service_name }}"
git_domain: "git.{{ domain_name_pim }}"
forgejo: forgejo:
root_url: "https://git.pizzapim.nl" root_url: "https://{{ git_domain }}"
mailer_host: "smtp.tweak.nl" mailer_host: "smtp.tweak.nl"
mailer_from: "git@kunis.nl" mailer_from: "git@kunis.nl"
lfs_jwt_secret: !vault | lfs_jwt_secret: !vault |

0
roles/miniflux/meta/main.yml → roles/freshrss/meta/main.yml
View file

5
roles/freshrss/templates/docker-compose.yml.j2
View file

@ -26,10 +26,11 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.freshrss.entrypoints=websecure - traefik.http.routers.freshrss.entrypoints=websecure
- traefik.http.routers.freshrss.rule=Host(`rss.pizzapim.nl`) - traefik.http.routers.freshrss.rule=Host(`{{ rss_domain }}`)
- traefik.http.routers.freshrss.tls=true - traefik.http.routers.freshrss.tls=true
- traefik.http.routers.freshrss.tls.certresolver=pizzapim - traefik.http.routers.freshrss.tls.certresolver=letsencrypt
- traefik.http.routers.freshrss.service=freshrss - traefik.http.routers.freshrss.service=freshrss
- traefik.http.services.freshrss.loadbalancer.server.port=80
networks: networks:
traefik: traefik:

1
roles/freshrss/vars/main.yml
View file

@ -1,6 +1,7 @@
service_name: freshrss service_name: freshrss
service_dir: "{{ base_service_dir }}/{{ service_name }}" service_dir: "{{ base_service_dir }}/{{ service_name }}"
data_dir: "{{ base_data_dir }}/{{ service_name }}" data_dir: "{{ base_data_dir }}/{{ service_name }}"
rss_domain: "rss.{{ domain_name_pim }}"
admin_password: !vault | admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
38363734333534376665616439306566613632303739373661333338356533653334323366326130 38363734333534376665616439306566613632303739373661333338356533653334323366326130

2
roles/jitsi/templates/docker-compose.yml.j2
View file

@ -25,7 +25,7 @@ services:
- traefik.http.routers.jitsi-web.entrypoints=websecure - traefik.http.routers.jitsi-web.entrypoints=websecure
- traefik.http.routers.jitsi-web.rule=Host(`{{ public_domain }}`) - traefik.http.routers.jitsi-web.rule=Host(`{{ public_domain }}`)
- traefik.http.routers.jitsi-web.tls=true - traefik.http.routers.jitsi-web.tls=true
- traefik.http.routers.jitsi-web.tls.certresolver=pizzapim - traefik.http.routers.jitsi-web.tls.certresolver=letsencrypt
- traefik.http.services.jitsi-web.loadbalancer.server.port=80 - traefik.http.services.jitsi-web.loadbalancer.server.port=80
- traefik.http.routers.jitsi-web.service=jitsi-web - traefik.http.routers.jitsi-web.service=jitsi-web
- traefik.docker.network=traefik - traefik.docker.network=traefik

2
roles/jitsi/vars/main.yml
View file

@ -2,7 +2,7 @@ service_name: jitsi
service_dir: "{{ base_service_dir }}/{{ service_name }}" service_dir: "{{ base_service_dir }}/{{ service_name }}"
data_dir: "{{ base_data_dir }}/{{ service_name }}" data_dir: "{{ base_data_dir }}/{{ service_name }}"
public_domain: "meet.pizzapim.nl" public_domain: "meet.{{ domain_name_pim }}"
jvb_advertise_ips: "84.245.14.149,192.168.30.3" jvb_advertise_ips: "84.245.14.149,192.168.30.3"
jvb_auth_password: !vault | jvb_auth_password: !vault |

2
roles/mastodon/templates/docker-compose.yml.j2
View file

@ -53,7 +53,7 @@ services:
- traefik.http.routers.mastodon.entrypoints=websecure - traefik.http.routers.mastodon.entrypoints=websecure
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
- traefik.http.routers.mastodon.tls=true - traefik.http.routers.mastodon.tls=true
- traefik.http.routers.mastodon.tls.certresolver=pizzapim - traefik.http.routers.mastodon.tls.certresolver=letsencrypt
- traefik.http.services.mastodon.loadbalancer.server.port=3000 - traefik.http.services.mastodon.loadbalancer.server.port=3000
- traefik.http.routers.mastodon.service=mastodon - traefik.http.routers.mastodon.service=mastodon
- traefik.docker.network=traefik - traefik.docker.network=traefik

17
roles/miniflux/tasks/main.yml
View file

@ -1,17 +0,0 @@
- name: Create app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
template:
src: "{{ role_path }}/templates/docker-compose.yml.j2"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Create data directory
file:
path: "{{ data_dir }}"
state: directory
- name: Start the Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true

40
roles/miniflux/templates/docker-compose.yml.j2
View file

@ -1,40 +0,0 @@
version: '3.4'
services:
miniflux:
image: miniflux/miniflux:latest
container_name: miniflux-web
depends_on:
- db
environment:
- DATABASE_URL=postgres://{{ database_user }}:{{ database_password }}@db/miniflux?sslmode=disable
networks:
- default
- traefik
labels:
- traefik.enable=true
- traefik.http.routers.miniflux.entrypoints=websecure
- traefik.http.routers.miniflux.rule=Host(`rss.pizzapim.nl`)
- traefik.http.routers.miniflux.tls=true
- traefik.http.routers.miniflux.tls.certresolver=pizzapim
- traefik.tcp.routers.miniflux.service=miniflux
- traefik.http.services.miniflux.loadbalancer.server.port=8080
db:
image: postgres:15
container_name: miniflux_db
environment:
- POSTGRES_USER={{ database_user }}
- POSTGRES_PASSWORD={{ database_password }}
volumes:
- {{ data_dir }}:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "miniflux"]
interval: 10s
start_period: 30s
networks:
- default
networks:
traefik:
external: true

13
roles/miniflux/vars/main.yml
View file

@ -1,13 +0,0 @@
service_name: miniflux
service_dir: "{{ base_service_dir }}/{{ service_name }}"
data_dir: "{{ base_data_dir }}/{{ service_name }}"
database_user: miniflux
database_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61306531373964613837363565376137363538626632613564313266396231346233356130383531
3030336565333663643233303034336366326632386666650a303232373838353065333930643633
34326663363833303666666538386165613734303939343062376230366666346134626533396165
3837383263353264640a633865653865383866303431383762653363656133656135626238366539
64633732333230303339626234623534656463353232373234366161356364313566336637316339
6634373066326536393064643162663139323835303233333131

4
roles/nsd/files/nsd.conf
View file

@ -18,3 +18,7 @@ zone:
zonefile: geokunis2.nl.signed zonefile: geokunis2.nl.signed
provide-xfr: 87.253.155.96/27 NOKEY provide-xfr: 87.253.155.96/27 NOKEY
provide-xfr: 157.97.168.160/27 NOKEY provide-xfr: 157.97.168.160/27 NOKEY
zone:
name: pim.kunis.nl
zonefile: pim.kunis.nl

22
roles/nsd/files/zones/pim.kunis.nl Normal file
View file

@ -0,0 +1,22 @@
$ORIGIN pim.kunis.nl.
$TTL 60
pim.kunis.nl. IN SOA ns.pim.kunis.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600
NS ns.pim.kunis.nl.
A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all"
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
www IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
social IN CNAME www.pim.kunis.nl.
dav IN CNAME www.pim.kunis.nl.
git IN CNAME www.pim.kunis.nl.
meet IN CNAME www.pim.kunis.nl.
rss IN CNAME www.pim.kunis.nl.

7
roles/nsd/tasks/main.yml
View file

@ -42,24 +42,25 @@
cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
chdir: /etc/nsd/keys chdir: /etc/nsd/keys
register: create_zsk register: create_zsk
when: not item.stat.exists when: not item.stat.exists and (item.item | basename) in sign_zones
with_items: "{{ zsks_exists.results }}" with_items: "{{ zsks_exists.results }}"
- name: Rename ZSK key - name: Rename ZSK key
command: command:
cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
chdir: /etc/nsd/keys chdir: /etc/nsd/keys
when: item.changed when: item.changed and (item.item | basename) in sign_zones
with_items: "{{ create_zsk.results }}" with_items: "{{ create_zsk.results }}"
- name: Rename ZSK private key - name: Rename ZSK private key
command: command:
cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
chdir: /etc/nsd/keys chdir: /etc/nsd/keys
when: item.changed when: item.changed and (item.item | basename) in sign_zones
with_items: "{{ create_zsk.results }}" with_items: "{{ create_zsk.results }}"
- name: Sign zones - name: Sign zones
command: command:
cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
chdir: /etc/nsd/zones chdir: /etc/nsd/zones
when: (item | basename) in sign_zones
with_fileglob: with_fileglob:
- "{{ role_path }}/files/zones/*" - "{{ role_path }}/files/zones/*"
- name: Restart NSD - name: Restart NSD

3
roles/nsd/vars/main.yml Normal file
View file

@ -0,0 +1,3 @@
sign_zones:
- geokunis2.nl
- pizzapim.nl

5
roles/radicale/templates/docker-compose.yml.j2
View file

@ -18,7 +18,8 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.radicale.entrypoints=websecure - traefik.http.routers.radicale.entrypoints=websecure
- traefik.http.routers.radicale.rule=Host(`dav.pizzapim.nl`) - traefik.http.routers.radicale.rule=Host(`{{ dav_domain }}`)
- traefik.http.routers.radicale.tls=true - traefik.http.routers.radicale.tls=true
- traefik.http.routers.radicale.tls.certresolver=pizzapim - traefik.http.routers.radicale.tls.certresolver=letsencrypt
- traefik.http.routers.radicale.service=radicale - traefik.http.routers.radicale.service=radicale
- traefik.http.services.radicale.loadbalancer.server.port=5232

2
roles/radicale/vars/main.yml
View file

@ -1,3 +1,5 @@
service_name: radicale service_name: radicale
data_dir: "{{ base_data_dir }}/{{ service_name }}" data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}" service_dir: "{{ base_service_dir }}/{{ service_name }}"
dav_domain: "dav.{{ domain_name_pim }}"

2
roles/seafile/templates/docker-compose.yml.j2
View file

@ -39,7 +39,7 @@ services:
- traefik.http.routers.seafile.entrypoints=websecure - traefik.http.routers.seafile.entrypoints=websecure
- traefik.http.routers.seafile.rule=Host(`files.geokunis2.nl`) - traefik.http.routers.seafile.rule=Host(`files.geokunis2.nl`)
- traefik.http.routers.seafile.tls=true - traefik.http.routers.seafile.tls=true
- traefik.http.routers.seafile.tls.certresolver=geokunis - traefik.http.routers.seafile.tls.certresolver=letsencrypt
- traefik.http.services.seafile.loadbalancer.server.port=80 - traefik.http.services.seafile.loadbalancer.server.port=80
- traefik.http.routers.seafile.service=seafile - traefik.http.routers.seafile.service=seafile
- traefik.docker.network=traefik - traefik.docker.network=traefik

2
roles/traefik/templates/docker-compose.yml.j2
View file

@ -28,7 +28,7 @@ services:
- traefik.http.routers.esrom.service=esrom@file - traefik.http.routers.esrom.service=esrom@file
- traefik.http.routers.esrom.rule=Host(`geokunis2.nl`) - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
- traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=geokunis - traefik.http.routers.esrom.tls.certresolver=letsencrypt
- traefik.http.routers.traefik.rule=Host(`max.lan`) - traefik.http.routers.traefik.rule=Host(`max.lan`)
- traefik.http.routers.traefik.entrypoints=internal - traefik.http.routers.traefik.entrypoints=internal

10
roles/traefik/templates/traefik.toml.j2
View file

@ -31,14 +31,8 @@ loglevel = "DEBUG"
[providers.file] [providers.file]
filename = "/etc/traefik/services.toml" filename = "/etc/traefik/services.toml"
[certificatesResolvers.geokunis.acme] [certificatesResolvers.letsencrypt.acme]
email = "pim@kunis.nl" email = "pim@kunis.nl"
storage = "acme.json" storage = "acme.json"
[certificatesResolvers.geokunis.acme.httpChallenge] [certificatesResolvers.letsencrypt.acme.httpChallenge]
entryPoint = "web"
[certificatesResolvers.pizzapim.acme]
email = "pim@kunis.nl"
storage = "acme.json"
[certificatesResolvers.pizzapim.acme.httpChallenge]
entryPoint = "web" entryPoint = "web"