diff --git a/README.md b/README.md
index 48ba78e..4888ae3 100644
--- a/README.md
+++ b/README.md
@@ -1,69 +1,23 @@
# Max
-This repository contains Ansible scripts to setup our main home server `max`.
-The `common` role executes some common OS tasks.
-The `docker` role installs Docker.
-The other roles are specifically for the various services we run.
+Max is our VM running all of our web servers, provisioned with Terraform and configured with Ansible.
## Running services
-All services below are running under Docker, except NSD and Borg.
+All services below are implemented using Docker:
- Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
-- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
-- Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl))
+- Git server using [Forgejo](https://forgejo.org/) ([git.pim.kunis.nl](https://git.pim.kunis.nl))
+- Static website using [Jekyll](https://jekyllrb.com/) ([pim.kunis.nl](https://pim.kunis.nl))
- File sychronisation using [Syncthing](https://syncthing.net/)
- Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
-- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
+- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pim.kunis.nl](https://dav.pim.kunis.nl))
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
- Cloud file storage using [Seafile](https://www.seafile.com)
-- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
-- Cyberchef (https://cyberchef.geokunis2.nl)
+- Disposable mail server using [Inbucket](https://inbucket.org)
+- Digital toolbox using [Cyberchef](https://cyberchef.geokunis2.nl)
- Jitsi Meet (https://meet.jit.si)
- RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
-
-## Virtualization
-
-Currently this repository is ran as a physical server, but we intend to virtualize it.
-First, the whole server should be virtualized on a single virtual machine.
-After that, it will be split up into several virtual machines.
-The services on each virtual machine should have similar services/security properties.
-
-Provisional split of services on virtual machines:
-- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket
-- "data" VM: seafile, radicale, syncthing, freshrss
-- "management" VM: reverse proxy, prometheus, kms
-- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM.
-
-## Possible future services
-
-- matrix
-- peertube?
-- Pixelfed?
-- Prometheus
-- Concourse CI?
-
-## TODO
-
-- Clear view of what services + which versions we are running. This way, we can track security updates better.
-- Host tobb website?
-- Move from Ubuntu to Debian
-- move Mastodon to pim.kunis.nl
-- Podman
-- Replace watchtower with Podman features
-
-### NSD
-
-#### ZSK Rollover
-
-Could make automatic key rollovers with cron or some other tool.
-
-#### Idempotency
-
-Currently I always resign zones.
-But for idempotency I should probably only do it if the zone has changed or the keys have changed.
-
-### Firewall
-
-A little more difficult because of docker networking but probably doable.
+- Latex editor using [Overleaf](https://www.overleaf.com/) ([latex.pim.kunis.nl](https://latex.pim.kunis.nl))
+- Markdown editor using [Hedgedoc](https://hedgedoc.org/)
diff --git a/ansible.cfg b/ansible/ansible.cfg
similarity index 100%
rename from ansible.cfg
rename to ansible/ansible.cfg
diff --git a/inventory/host_vars/max.yml b/ansible/inventory/host_vars/max.yml
similarity index 77%
rename from inventory/host_vars/max.yml
rename to ansible/inventory/host_vars/max.yml
index 55ff4c3..d77112b 100644
--- a/inventory/host_vars/max.yml
+++ b/ansible/inventory/host_vars/max.yml
@@ -1,5 +1,6 @@
base_data_dir: /mnt/data
base_service_dir: /srv
+domain_name_pim: pim.kunis.nl
# Additional open ports
jitsi_videobridge_port: 54562
@@ -8,4 +9,7 @@ prometheus_port: 8081
traefik_api_port: 8080
internal_forgejo_port: 3000 # Needed to pull from a repository from another docker container.
-domain_name_pim: pim.kunis.nl
+docker_daemon_config:
+ default-address-pools:
+ - base: "10.204.0.0/16"
+ size: 24
diff --git a/inventory/hosts.yml b/ansible/inventory/hosts.yml
similarity index 62%
rename from inventory/hosts.yml
rename to ansible/inventory/hosts.yml
index 5a70e6a..bf163f0 100644
--- a/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -2,4 +2,4 @@ all:
hosts:
max:
ansible_user: root
- ansible_host: max2.dmz
+ ansible_host: max.dmz
diff --git a/ansible/max.yml b/ansible/max.yml
new file mode 100644
index 0000000..b45bdd2
--- /dev/null
+++ b/ansible/max.yml
@@ -0,0 +1,36 @@
+- name: Wait for servers to come up
+ hosts: max
+ gather_facts: no
+ roles:
+ - 'cloudinit-wait'
+
+- name: Start services
+ hosts: max
+ pre_tasks:
+ - name: Create base service directory
+ file:
+ path: "{{ base_service_dir }}"
+ state: directory
+ - name: Delete externally managed environment file
+ shell:
+ cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+ register: rm
+ changed_when: "rm.rc == 0"
+ failed_when: "false"
+ roles:
+ - {role: 'setup-apt', tags: 'setup-apt'}
+ - {role: 'watchtower', tags: 'watchtower'}
+ - {role: 'forgejo', tags: 'forgejo'}
+ - {role: 'syncthing', tags: 'syncthing'}
+ - {role: 'kms', tags: 'kms'}
+ - {role: 'cyberchef', tags: 'cyberchef'}
+ - {role: 'radicale', tags: 'radicale'}
+ - {role: 'mastodon', tags: 'mastodon'}
+ - {role: 'seafile', tags: 'seafile'}
+ - {role: 'jitsi', tags: 'jitsi'}
+ - {role: 'freshrss', tags: 'freshrss'}
+ - {role: 'static', tags: 'static'}
+ - {role: 'inbucket', tags: 'inbucket'}
+ - {role: 'prometheus', tags: 'prometheus'}
+ - {role: 'overleaf', tags: 'overleaf'}
+ - {role: 'hedgedoc', tags: 'hedgedoc'}
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
new file mode 100644
index 0000000..b799430
--- /dev/null
+++ b/ansible/requirements.yml
@@ -0,0 +1,9 @@
+- name: setup-apt
+ src: https://github.com/sunscrapers/ansible-role-apt.git
+ scm: git
+- name: cloudinit-wait
+ src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+ scm: git
+- name: docker
+ src: https://git.pim.kunis.nl/pim/ansible-role-docker
+ scm: git
diff --git a/roles/cyberchef/files/docker-compose.yml b/ansible/roles/cyberchef/files/docker-compose.yml
similarity index 100%
rename from roles/cyberchef/files/docker-compose.yml
rename to ansible/roles/cyberchef/files/docker-compose.yml
diff --git a/ansible/roles/cyberchef/meta/main.yml b/ansible/roles/cyberchef/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/cyberchef/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/watchtower/tasks/main.yml b/ansible/roles/cyberchef/tasks/main.yml
similarity index 99%
rename from roles/watchtower/tasks/main.yml
rename to ansible/roles/cyberchef/tasks/main.yml
index 2518ba7..34ec717 100644
--- a/roles/watchtower/tasks/main.yml
+++ b/ansible/roles/cyberchef/tasks/main.yml
@@ -11,4 +11,3 @@
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true
-
diff --git a/roles/cyberchef/vars/main.yml b/ansible/roles/cyberchef/vars/main.yml
similarity index 100%
rename from roles/cyberchef/vars/main.yml
rename to ansible/roles/cyberchef/vars/main.yml
diff --git a/ansible/roles/forgejo/meta/main.yml b/ansible/roles/forgejo/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/forgejo/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml
similarity index 100%
rename from roles/forgejo/tasks/main.yml
rename to ansible/roles/forgejo/tasks/main.yml
diff --git a/roles/forgejo/templates/app.ini.j2 b/ansible/roles/forgejo/templates/app.ini.j2
similarity index 98%
rename from roles/forgejo/templates/app.ini.j2
rename to ansible/roles/forgejo/templates/app.ini.j2
index 3220c38..b427df5 100644
--- a/roles/forgejo/templates/app.ini.j2
+++ b/ansible/roles/forgejo/templates/app.ini.j2
@@ -39,6 +39,7 @@ CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+ISSUE_INDEXER_TYPE = db
[session]
PROVIDER_CONFIG = /data/gitea/sessions
diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/ansible/roles/forgejo/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/forgejo/templates/docker-compose.yml.j2
rename to ansible/roles/forgejo/templates/docker-compose.yml.j2
diff --git a/roles/forgejo/vars/main.yml b/ansible/roles/forgejo/vars/main.yml
similarity index 99%
rename from roles/forgejo/vars/main.yml
rename to ansible/roles/forgejo/vars/main.yml
index 38d58cc..7cad12e 100644
--- a/roles/forgejo/vars/main.yml
+++ b/ansible/roles/forgejo/vars/main.yml
@@ -3,7 +3,6 @@ data_dir: "{{ base_data_dir }}/{{ service_name }}"
service_dir: "{{ base_service_dir }}/{{ service_name }}"
git_domain: "git.{{ domain_name_pim }}"
-
forgejo:
root_url: "https://{{ git_domain }}"
mailer_host: "smtp.tweak.nl"
diff --git a/ansible/roles/freshrss/meta/main.yml b/ansible/roles/freshrss/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/freshrss/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/freshrss/tasks/main.yml b/ansible/roles/freshrss/tasks/main.yml
similarity index 100%
rename from roles/freshrss/tasks/main.yml
rename to ansible/roles/freshrss/tasks/main.yml
diff --git a/roles/freshrss/templates/docker-compose.yml.j2 b/ansible/roles/freshrss/templates/docker-compose.yml.j2
similarity index 77%
rename from roles/freshrss/templates/docker-compose.yml.j2
rename to ansible/roles/freshrss/templates/docker-compose.yml.j2
index 8876319..5c15b8f 100644
--- a/roles/freshrss/templates/docker-compose.yml.j2
+++ b/ansible/roles/freshrss/templates/docker-compose.yml.j2
@@ -11,10 +11,8 @@ services:
options:
max-size: 10m
volumes:
- # Recommended volume for FreshRSS persistent data such as configuration and SQLite databases
- - /data/freshrss/data:/var/www/FreshRSS/data
- # Optional volume for storing third-party extensions
- - /data/freshrss/extensions:/var/www/FreshRSS/extensions
+ - {{ data_dir }}/data:/var/www/FreshRSS/data
+ - {{ data_dir }}/extensions:/var/www/FreshRSS/extensions
environment:
TZ: Europe/Amsterdam
CRON_MIN: '2,32'
diff --git a/roles/freshrss/vars/main.yml b/ansible/roles/freshrss/vars/main.yml
similarity index 100%
rename from roles/freshrss/vars/main.yml
rename to ansible/roles/freshrss/vars/main.yml
diff --git a/ansible/roles/hedgedoc/meta/main.yml b/ansible/roles/hedgedoc/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/hedgedoc/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/ansible/roles/hedgedoc/tasks/main.yml b/ansible/roles/hedgedoc/tasks/main.yml
new file mode 100644
index 0000000..aa5d846
--- /dev/null
+++ b/ansible/roles/hedgedoc/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Create service directory
+ file:
+ path: "{{ service_dir }}"
+ state: directory
+- name: Copy Docker Compose script
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
+- name: Create data directory
+ file:
+ path: "{{ data_dir }}"
+ state: directory
+- name: Create uploads directory
+ file:
+ path: "{{ data_dir }}/uploads"
+ state: directory
+ mode: 0777
+- name: Start the Docker Compose
+ docker_compose:
+ project_src: "{{ service_dir }}"
+ pull: true
+ remove_orphans: true
diff --git a/ansible/roles/hedgedoc/templates/docker-compose.yml.j2 b/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..2926b4a
--- /dev/null
+++ b/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
@@ -0,0 +1,51 @@
+version: '3'
+
+networks:
+ traefik:
+ external: true
+ internal:
+ external: false
+
+services:
+ database:
+ image: postgres:13.4-alpine
+ container_name: hedgedoc-database
+ environment:
+ - POSTGRES_USER=hedgedoc
+ - POSTGRES_PASSWORD=password
+ - POSTGRES_DB=hedgedoc
+ volumes:
+ - {{ data_dir }}/database:/var/lib/postgresql/data
+ restart: always
+ networks:
+ - internal
+
+ app:
+ image: quay.io/hedgedoc/hedgedoc:1.9.7
+ container_name: hedgedoc
+ environment:
+ - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
+ - CMD_DOMAIN={{ hedgedoc_domain }}
+ - CMD_PORT=3000
+ - CMD_URL_ADDPORT=false
+ - CMD_ALLOW_ANONYMOUS=true
+ - CMD_ALLOW_EMAIL_REGISTER=false
+ - CMD_PROTOCOL_USESSL=true
+ - CMD_SESSION_SECRET={{ session_secret }}
+ volumes:
+ - {{ data_dir }}/uploads:/hedgedoc/public/uploads
+ restart: always
+ depends_on:
+ - database
+ networks:
+ - traefik
+ - internal
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.hedgedoc.entrypoints=websecure
+ - traefik.http.routers.hedgedoc.rule=Host(`{{ hedgedoc_domain }}`)
+ - traefik.http.routers.hedgedoc.tls=true
+ - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
+ - treafik.http.routers.hedgedoc.service=hedgedoc
+ - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
+ - traefik.docker.network=traefik
diff --git a/ansible/roles/hedgedoc/vars/main.yml b/ansible/roles/hedgedoc/vars/main.yml
new file mode 100644
index 0000000..10f93d8
--- /dev/null
+++ b/ansible/roles/hedgedoc/vars/main.yml
@@ -0,0 +1,14 @@
+service_name: hedgedoc
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+hedgedoc_domain: "md.{{ domain_name_pim }}"
+session_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 30633835386265643561343033326536653166343630396139303137613138383233666565666330
+ 3032613865333836656566626435383165396539323837350a376331306464643766373839386638
+ 65653865343539633636323833343964636332636461386434386432306230343833343431363134
+ 6563373138626637650a633932313862326231666330343662343765666166373961376237396434
+ 33396131353830323063326266623862353731653665626466653335656434303033353333353164
+ 61613535373037646565386131383631366338616565373261396136616433393462313537313861
+ 35313661616365373231373963323865393635626132343138363230313431636333363130346239
+ 32656335333635613736
diff --git a/roles/inbucket/files/docker-compose.yml b/ansible/roles/inbucket/files/docker-compose.yml
similarity index 100%
rename from roles/inbucket/files/docker-compose.yml
rename to ansible/roles/inbucket/files/docker-compose.yml
diff --git a/roles/syncthing/meta/main.yml b/ansible/roles/inbucket/meta/main.yml
similarity index 64%
rename from roles/syncthing/meta/main.yml
rename to ansible/roles/inbucket/meta/main.yml
index 090690b..6ad37f8 100644
--- a/roles/syncthing/meta/main.yml
+++ b/ansible/roles/inbucket/meta/main.yml
@@ -1,3 +1,2 @@
dependencies:
- - role: common
- role: docker
diff --git a/roles/cyberchef/tasks/main.yml b/ansible/roles/inbucket/tasks/main.yml
similarity index 100%
rename from roles/cyberchef/tasks/main.yml
rename to ansible/roles/inbucket/tasks/main.yml
diff --git a/roles/inbucket/vars/main.yml b/ansible/roles/inbucket/vars/main.yml
similarity index 100%
rename from roles/inbucket/vars/main.yml
rename to ansible/roles/inbucket/vars/main.yml
diff --git a/ansible/roles/jitsi/meta/main.yml b/ansible/roles/jitsi/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/jitsi/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/jitsi/tasks/main.yml b/ansible/roles/jitsi/tasks/main.yml
similarity index 100%
rename from roles/jitsi/tasks/main.yml
rename to ansible/roles/jitsi/tasks/main.yml
diff --git a/roles/jitsi/templates/docker-compose.yml.j2 b/ansible/roles/jitsi/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/jitsi/templates/docker-compose.yml.j2
rename to ansible/roles/jitsi/templates/docker-compose.yml.j2
diff --git a/roles/jitsi/vars/main.yml b/ansible/roles/jitsi/vars/main.yml
similarity index 100%
rename from roles/jitsi/vars/main.yml
rename to ansible/roles/jitsi/vars/main.yml
diff --git a/roles/kms/files/docker-compose.yml b/ansible/roles/kms/files/docker-compose.yml
similarity index 100%
rename from roles/kms/files/docker-compose.yml
rename to ansible/roles/kms/files/docker-compose.yml
diff --git a/roles/traefik/meta/main.yml b/ansible/roles/kms/meta/main.yml
similarity index 64%
rename from roles/traefik/meta/main.yml
rename to ansible/roles/kms/meta/main.yml
index 090690b..6ad37f8 100644
--- a/roles/traefik/meta/main.yml
+++ b/ansible/roles/kms/meta/main.yml
@@ -1,3 +1,2 @@
dependencies:
- - role: common
- role: docker
diff --git a/roles/inbucket/tasks/main.yml b/ansible/roles/kms/tasks/main.yml
similarity index 100%
rename from roles/inbucket/tasks/main.yml
rename to ansible/roles/kms/tasks/main.yml
diff --git a/roles/kms/vars/main.yml b/ansible/roles/kms/vars/main.yml
similarity index 100%
rename from roles/kms/vars/main.yml
rename to ansible/roles/kms/vars/main.yml
diff --git a/roles/mastodon/files/.env.production b/ansible/roles/mastodon/files/.env.production
similarity index 100%
rename from roles/mastodon/files/.env.production
rename to ansible/roles/mastodon/files/.env.production
diff --git a/ansible/roles/mastodon/meta/main.yml b/ansible/roles/mastodon/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/mastodon/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/mastodon/tasks/main.yml b/ansible/roles/mastodon/tasks/main.yml
similarity index 100%
rename from roles/mastodon/tasks/main.yml
rename to ansible/roles/mastodon/tasks/main.yml
diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/ansible/roles/mastodon/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/mastodon/templates/docker-compose.yml.j2
rename to ansible/roles/mastodon/templates/docker-compose.yml.j2
diff --git a/roles/mastodon/vars/main.yml b/ansible/roles/mastodon/vars/main.yml
similarity index 100%
rename from roles/mastodon/vars/main.yml
rename to ansible/roles/mastodon/vars/main.yml
diff --git a/ansible/roles/overleaf/meta/main.yml b/ansible/roles/overleaf/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/overleaf/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/ansible/roles/overleaf/tasks/main.yml b/ansible/roles/overleaf/tasks/main.yml
new file mode 100644
index 0000000..84256ce
--- /dev/null
+++ b/ansible/roles/overleaf/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: Create service directory
+ file:
+ path: "{{ service_dir }}"
+ state: directory
+- name: Copy Docker Compose script
+ template:
+ src: "{{ role_path }}/templates/docker-compose.yml.j2"
+ dest: "{{ service_dir }}/docker-compose.yml"
+- name: Start the Docker Compose
+ docker_compose:
+ project_src: "{{ service_dir }}"
+ pull: true
+ remove_orphans: true
diff --git a/ansible/roles/overleaf/templates/docker-compose.yml.j2 b/ansible/roles/overleaf/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..d4c9546
--- /dev/null
+++ b/ansible/roles/overleaf/templates/docker-compose.yml.j2
@@ -0,0 +1,107 @@
+version: '2.2'
+
+networks:
+ traefik:
+ external: true
+ internal:
+ external: false
+
+services:
+ sharelatex:
+ restart: always
+ image: sharelatex/sharelatex
+ container_name: overleaf
+ networks:
+ - traefik
+ - internal
+ depends_on:
+ overleaf-mongodb:
+ condition: service_healthy
+ overleaf-redis:
+ condition: service_started
+ links:
+ - overleaf-mongodb
+ - overleaf-redis
+ stop_grace_period: 60s
+ volumes:
+ - {{ data_dir }}/overleaf/sharelatex_data:/var/lib/sharelatex
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.overleaf.entrypoints=websecure
+ - traefik.http.routers.overleaf.rule=Host(`latex.pim.kunis.nl`)
+ - traefik.http.routers.overleaf.tls=true
+ - traefik.http.routers.overleaf.tls.certresolver=letsencrypt
+ - treafik.http.routers.overleaf.service=overleaf
+ - traefik.http.services.overleaf.loadbalancer.server.port=80
+ - traefik.docker.network=traefik
+ environment:
+ SHARELATEX_APP_NAME: Overleaf Community Edition
+
+ SHARELATEX_MONGO_URL: mongodb://overleaf-mongodb:27017/sharelatex
+
+ # Same property, unfortunately with different names in
+ # different locations
+ SHARELATEX_REDIS_HOST: overleaf-redis
+ REDIS_HOST: overleaf-redis
+
+ ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
+
+ # Enables Thumbnail generation using ImageMagick
+ ENABLE_CONVERSIONS: 'true'
+
+ # Disables email confirmation requirement
+ EMAIL_CONFIRMATION_DISABLED: 'true'
+
+ # temporary fix for LuaLaTex compiles
+ # see https://github.com/overleaf/overleaf/issues/695
+ TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var
+
+ ## Set for SSL via nginx-proxy
+ #VIRTUAL_HOST: 103.112.212.22
+
+ SHARELATEX_SITE_URL: https://latex.pim.kunis.nl
+ # SHARELATEX_NAV_TITLE: Our ShareLaTeX Instance
+ # SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png
+ SHARELATEX_ADMIN_EMAIL: pim@kunis.nl
+
+ # SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by ShareLaTeX 2016"},{"text": "Another page I want to link to can be found here"} ]'
+ # SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
+
+ SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@kunis.nl"
+
+ SHARELATEX_EMAIL_SMTP_HOST: "smtp.tweak.nl"
+ SHARELATEX_EMAIL_SMTP_PORT: 587
+ SHARELATEX_EMAIL_SMTP_USER: ""
+ SHARELATEX_EMAIL_SMTP_PASS: ""
+ # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
+ # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
+ # SHARELATEX_EMAIL_SMTP_NAME: '127.0.0.1'
+ # SHARELATEX_EMAIL_SMTP_LOGGER: true
+ # SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
+
+ overleaf-mongodb:
+ restart: always
+ image: mongo:4.4
+ container_name: overleaf-mongodb
+ networks:
+ - internal
+ expose:
+ - 27017
+ volumes:
+ - {{ data_dir }}/overleaf/mongo_data:/data/db
+ healthcheck:
+ test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
+ interval: 10s
+ timeout: 10s
+ retries: 5
+
+ overleaf-redis:
+ restart: always
+ image: redis:5
+ container_name: overleaf-redis
+ networks:
+ - internal
+ expose:
+ - 6379
+ volumes:
+ - {{ data_dir }}/overleaf/redis_data:/data
diff --git a/ansible/roles/overleaf/vars/main.yml b/ansible/roles/overleaf/vars/main.yml
new file mode 100644
index 0000000..927a1e8
--- /dev/null
+++ b/ansible/roles/overleaf/vars/main.yml
@@ -0,0 +1,3 @@
+service_name: overleaf
+data_dir: "{{ base_data_dir}}/{{service_name}}"
+service_dir: "{{ base_service_dir}}/{{service_name}}"
diff --git a/roles/prometheus/meta/main.yml b/ansible/roles/prometheus/meta/main.yml
similarity index 64%
rename from roles/prometheus/meta/main.yml
rename to ansible/roles/prometheus/meta/main.yml
index 090690b..6ad37f8 100644
--- a/roles/prometheus/meta/main.yml
+++ b/ansible/roles/prometheus/meta/main.yml
@@ -1,3 +1,2 @@
dependencies:
- - role: common
- role: docker
diff --git a/roles/prometheus/tasks/main.yml b/ansible/roles/prometheus/tasks/main.yml
similarity index 100%
rename from roles/prometheus/tasks/main.yml
rename to ansible/roles/prometheus/tasks/main.yml
diff --git a/roles/prometheus/templates/docker-compose.yml.j2 b/ansible/roles/prometheus/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/prometheus/templates/docker-compose.yml.j2
rename to ansible/roles/prometheus/templates/docker-compose.yml.j2
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/ansible/roles/prometheus/templates/prometheus.yml.j2
similarity index 100%
rename from roles/prometheus/templates/prometheus.yml.j2
rename to ansible/roles/prometheus/templates/prometheus.yml.j2
diff --git a/roles/prometheus/vars/main.yml b/ansible/roles/prometheus/vars/main.yml
similarity index 100%
rename from roles/prometheus/vars/main.yml
rename to ansible/roles/prometheus/vars/main.yml
diff --git a/roles/radicale/files/radicale.conf b/ansible/roles/radicale/files/radicale.conf
similarity index 89%
rename from roles/radicale/files/radicale.conf
rename to ansible/roles/radicale/files/radicale.conf
index 360d314..eb9df16 100644
--- a/roles/radicale/files/radicale.conf
+++ b/ansible/roles/radicale/files/radicale.conf
@@ -9,7 +9,7 @@ stock = utf-8
[auth]
realm = Radicale - Password Required
type = htpasswd
-htpasswd_filename = /radicale/users
+htpasswd_filename = /config/users
htpasswd_encryption = md5
[rights]
diff --git a/roles/radicale/files/users b/ansible/roles/radicale/files/users
similarity index 100%
rename from roles/radicale/files/users
rename to ansible/roles/radicale/files/users
diff --git a/ansible/roles/radicale/meta/main.yml b/ansible/roles/radicale/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/radicale/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/radicale/tasks/main.yml b/ansible/roles/radicale/tasks/main.yml
similarity index 93%
rename from roles/radicale/tasks/main.yml
rename to ansible/roles/radicale/tasks/main.yml
index 48afa89..5ac19d6 100644
--- a/roles/radicale/tasks/main.yml
+++ b/ansible/roles/radicale/tasks/main.yml
@@ -13,7 +13,7 @@
- name: Copy radicale.conf
copy:
src: "{{ role_path }}/files/radicale.conf"
- dest: "{{ service_dir }}/config/radicale.conf"
+ dest: "{{ service_dir }}/config/config"
- name: Copy users file
copy:
src: "{{ role_path }}/files/users"
diff --git a/roles/radicale/templates/docker-compose.yml.j2 b/ansible/roles/radicale/templates/docker-compose.yml.j2
similarity index 58%
rename from roles/radicale/templates/docker-compose.yml.j2
rename to ansible/roles/radicale/templates/docker-compose.yml.j2
index e8a51fd..70e0b29 100644
--- a/roles/radicale/templates/docker-compose.yml.j2
+++ b/ansible/roles/radicale/templates/docker-compose.yml.j2
@@ -1,18 +1,28 @@
-version: '3'
-
-networks:
- traefik:
- external: true
+version: '3.7'
services:
radicale:
- restart: always
- image: mailu/radicale:1.9
+ image: tomsquest/docker-radicale
container_name: radicale
+ init: true
+ read_only: true
+ security_opt:
+ - no-new-privileges:true
+ cap_drop:
+ - ALL
+ cap_add:
+ - SETUID
+ - SETGID
+ - CHOWN
+ - KILL
+ healthcheck:
+ test: curl -f http://127.0.0.1:5232 || exit 1
+ interval: 30s
+ retries: 3
+ restart: unless-stopped
volumes:
- {{ data_dir }}:/data
- - {{ service_dir }}/config:/radicale
- command: radicale -S -C /radicale/radicale.conf
+ - {{ service_dir }}/config:/config:ro
networks:
- traefik
labels:
@@ -23,3 +33,7 @@ services:
- traefik.http.routers.radicale.tls.certresolver=letsencrypt
- traefik.http.routers.radicale.service=radicale
- traefik.http.services.radicale.loadbalancer.server.port=5232
+
+networks:
+ traefik:
+ external: true
diff --git a/roles/radicale/vars/main.yml b/ansible/roles/radicale/vars/main.yml
similarity index 100%
rename from roles/radicale/vars/main.yml
rename to ansible/roles/radicale/vars/main.yml
diff --git a/ansible/roles/seafile/meta/main.yml b/ansible/roles/seafile/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/seafile/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/seafile/tasks/main.yml b/ansible/roles/seafile/tasks/main.yml
similarity index 100%
rename from roles/seafile/tasks/main.yml
rename to ansible/roles/seafile/tasks/main.yml
diff --git a/roles/seafile/templates/docker-compose.yml.j2 b/ansible/roles/seafile/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/seafile/templates/docker-compose.yml.j2
rename to ansible/roles/seafile/templates/docker-compose.yml.j2
diff --git a/roles/seafile/vars/main.yml b/ansible/roles/seafile/vars/main.yml
similarity index 100%
rename from roles/seafile/vars/main.yml
rename to ansible/roles/seafile/vars/main.yml
diff --git a/roles/static/files/security.txt b/ansible/roles/static/files/security.txt
similarity index 100%
rename from roles/static/files/security.txt
rename to ansible/roles/static/files/security.txt
diff --git a/ansible/roles/static/meta/main.yml b/ansible/roles/static/meta/main.yml
new file mode 100644
index 0000000..cb0cd84
--- /dev/null
+++ b/ansible/roles/static/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: traefik
diff --git a/roles/static/tasks/main.yml b/ansible/roles/static/tasks/main.yml
similarity index 100%
rename from roles/static/tasks/main.yml
rename to ansible/roles/static/tasks/main.yml
diff --git a/roles/static/templates/docker-compose.yml.j2 b/ansible/roles/static/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/static/templates/docker-compose.yml.j2
rename to ansible/roles/static/templates/docker-compose.yml.j2
diff --git a/roles/static/templates/nginx.conf.j2 b/ansible/roles/static/templates/nginx.conf.j2
similarity index 100%
rename from roles/static/templates/nginx.conf.j2
rename to ansible/roles/static/templates/nginx.conf.j2
diff --git a/roles/static/vars/main.yml b/ansible/roles/static/vars/main.yml
similarity index 100%
rename from roles/static/vars/main.yml
rename to ansible/roles/static/vars/main.yml
diff --git a/roles/syncthing/files/cert.pem b/ansible/roles/syncthing/files/cert.pem
similarity index 100%
rename from roles/syncthing/files/cert.pem
rename to ansible/roles/syncthing/files/cert.pem
diff --git a/roles/syncthing/files/key.pem b/ansible/roles/syncthing/files/key.pem
similarity index 100%
rename from roles/syncthing/files/key.pem
rename to ansible/roles/syncthing/files/key.pem
diff --git a/roles/kms/meta/main.yml b/ansible/roles/syncthing/meta/main.yml
similarity index 62%
rename from roles/kms/meta/main.yml
rename to ansible/roles/syncthing/meta/main.yml
index 7f5b1d3..6ad37f8 100644
--- a/roles/kms/meta/main.yml
+++ b/ansible/roles/syncthing/meta/main.yml
@@ -1,4 +1,2 @@
dependencies:
- - role: common
- role: docker
-
\ No newline at end of file
diff --git a/roles/syncthing/tasks/main.yml b/ansible/roles/syncthing/tasks/main.yml
similarity index 100%
rename from roles/syncthing/tasks/main.yml
rename to ansible/roles/syncthing/tasks/main.yml
diff --git a/roles/syncthing/templates/config.xml.j2 b/ansible/roles/syncthing/templates/config.xml.j2
similarity index 100%
rename from roles/syncthing/templates/config.xml.j2
rename to ansible/roles/syncthing/templates/config.xml.j2
diff --git a/roles/syncthing/templates/docker-compose.yml.j2 b/ansible/roles/syncthing/templates/docker-compose.yml.j2
similarity index 100%
rename from roles/syncthing/templates/docker-compose.yml.j2
rename to ansible/roles/syncthing/templates/docker-compose.yml.j2
diff --git a/roles/syncthing/vars/main.yml b/ansible/roles/syncthing/vars/main.yml
similarity index 100%
rename from roles/syncthing/vars/main.yml
rename to ansible/roles/syncthing/vars/main.yml
diff --git a/roles/traefik/files/services.toml b/ansible/roles/traefik/files/services.toml
similarity index 100%
rename from roles/traefik/files/services.toml
rename to ansible/roles/traefik/files/services.toml
diff --git a/ansible/roles/traefik/meta/main.yml b/ansible/roles/traefik/meta/main.yml
new file mode 100644
index 0000000..6ad37f8
--- /dev/null
+++ b/ansible/roles/traefik/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: docker
diff --git a/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml
similarity index 87%
rename from roles/traefik/tasks/main.yml
rename to ansible/roles/traefik/tasks/main.yml
index 9ba3f0f..0341de3 100644
--- a/roles/traefik/tasks/main.yml
+++ b/ansible/roles/traefik/tasks/main.yml
@@ -2,10 +2,14 @@
file:
path: "{{ service_dir }}"
state: directory
+- name: Create data directory
+ file:
+ path: "{{ data_dir }}"
+ state: directory
- name: Create acme file
copy:
content: ""
- dest: "{{ service_dir }}/acme.json"
+ dest: "{{ data_dir }}/acme.json"
force: no
mode: 0600
- name: Copy Docker Compose script
diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/ansible/roles/traefik/templates/docker-compose.yml.j2
similarity index 95%
rename from roles/traefik/templates/docker-compose.yml.j2
rename to ansible/roles/traefik/templates/docker-compose.yml.j2
index 9b18732..6306437 100644
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/ansible/roles/traefik/templates/docker-compose.yml.j2
@@ -18,7 +18,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
- {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
- {{ service_dir }}/services.toml:/etc/traefik/services.toml
- - {{ service_dir }}/acme.json:/acme.json
+ - {{ data_dir }}/acme.json:/acme.json
networks:
- traefik
labels:
diff --git a/roles/traefik/templates/traefik.toml.j2 b/ansible/roles/traefik/templates/traefik.toml.j2
similarity index 100%
rename from roles/traefik/templates/traefik.toml.j2
rename to ansible/roles/traefik/templates/traefik.toml.j2
diff --git a/roles/traefik/vars/main.yml b/ansible/roles/traefik/vars/main.yml
similarity index 60%
rename from roles/traefik/vars/main.yml
rename to ansible/roles/traefik/vars/main.yml
index 2e1116f..0569770 100644
--- a/roles/traefik/vars/main.yml
+++ b/ansible/roles/traefik/vars/main.yml
@@ -1,2 +1,3 @@
service_name: traefik
service_dir: "{{ base_service_dir }}/{{ service_name }}"
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
diff --git a/roles/watchtower/files/docker-compose.yml b/ansible/roles/watchtower/files/docker-compose.yml
similarity index 100%
rename from roles/watchtower/files/docker-compose.yml
rename to ansible/roles/watchtower/files/docker-compose.yml
diff --git a/ansible/roles/watchtower/meta/main.yml b/ansible/roles/watchtower/meta/main.yml
new file mode 100644
index 0000000..6ad37f8
--- /dev/null
+++ b/ansible/roles/watchtower/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - role: docker
diff --git a/roles/kms/tasks/main.yml b/ansible/roles/watchtower/tasks/main.yml
similarity index 100%
rename from roles/kms/tasks/main.yml
rename to ansible/roles/watchtower/tasks/main.yml
diff --git a/roles/watchtower/vars/main.yml b/ansible/roles/watchtower/vars/main.yml
similarity index 100%
rename from roles/watchtower/vars/main.yml
rename to ansible/roles/watchtower/vars/main.yml
diff --git a/util/secret-service-client.sh b/ansible/util/secret-service-client.sh
similarity index 100%
rename from util/secret-service-client.sh
rename to ansible/util/secret-service-client.sh
diff --git a/data/main.tf b/data/main.tf
deleted file mode 100644
index 1961de5..0000000
--- a/data/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-terraform {
- backend "pg" {
- schema_name = "max-data"
- conn_str = "postgres://terraform@10.42.0.1/terraform_state"
- }
-
- required_providers {
- libvirt = {
- source = "dmacvicar/libvirt"
- }
- }
-}
-
-provider "libvirt" {
- uri = "qemu+ssh://root@atlas.lan/system"
-}
-
-resource "libvirt_volume" "data" {
- name = "max-data"
- pool = "data"
- size = 1024 * 1024 * 1024 * 65
-
- lifecycle {
- prevent_destroy = true
- }
-}
-
-output "data_disk_id" {
- value = libvirt_volume.data.id
-}
diff --git a/main.tf b/main.tf
deleted file mode 100644
index 3743886..0000000
--- a/main.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-terraform {
- backend "pg" {
- schema_name = "max"
- conn_str = "postgres://terraform@10.42.0.1/terraform_state"
- }
-
- required_providers {
- libvirt = {
- source = "dmacvicar/libvirt"
- }
- }
-}
-
-provider "libvirt" {
- uri = "qemu+ssh://root@atlas.lan/system"
-}
-
-module "tf-datatest" {
- source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
- name = "max2"
- domain_name = "tf-max"
- data_disk = "/kvm/data/max-data"
- fixed_address = "192.168.30.66/24"
- ansible_command = "ansible-playbook max.yml"
- insecure_password = true
- memory = 1024 * 8
-}
diff --git a/max.yml b/max.yml
deleted file mode 100644
index bd06bd8..0000000
--- a/max.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-- name: Setup homeserver
- hosts: max
- gather_facts: no
-
- pre_tasks:
- - name: Wait for host to come up
- wait_for:
- state: started
- port: 22
- host: max2.dmz
- timeout: 300
- connect_timeout: 300
- search_regex: OpenSSH
- delegate_to: localhost
- - name: Wait for cloud-init to finish
- shell:
- cmd: "cloud-init status --wait"
- register: cloudinit
- changed_when: "'..' in cloudinit.stdout"
- - name: Gather facts
- setup:
-
- roles:
- - {role: 'watchtower', tags: 'watchtower'}
- - {role: 'forgejo', tags: 'forgejo'}
- # - {role: 'syncthing', tags: 'syncthing'}
- - {role: 'kms', tags: 'kms'}
- - {role: 'cyberchef', tags: 'cyberchef'}
- #- {role: 'radicale', tags: 'radicale'}
- - {role: 'mastodon', tags: 'mastodon'}
- - {role: 'seafile', tags: 'seafile'}
- - {role: 'jitsi', tags: 'jitsi'}
- - {role: 'freshrss', tags: 'freshrss'}
- - {role: 'static', tags: 'static'}
- - {role: 'inbucket', tags: 'inbucket'}
- - {role: 'prometheus', tags: 'prometheus'}
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
deleted file mode 100644
index b8f79d0..0000000
--- a/roles/common/tasks/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-- name: APT upgrade
- apt:
- autoremove: true
- upgrade: yes
- state: latest
- update_cache: yes
- cache_valid_time: 86400 # One day
-- name: Create base service directory
- file:
- path: "{{ base_service_dir }}"
- state: directory
-- name: Delete externally managed environment file
- shell:
- cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
- register: rm
- changed_when: "rm.rc == 0"
- failed_when: "false"
diff --git a/roles/cyberchef/meta/main.yml b/roles/cyberchef/meta/main.yml
deleted file mode 100644
index 7f5b1d3..0000000
--- a/roles/cyberchef/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
-
\ No newline at end of file
diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
deleted file mode 100644
index 10fc298..0000000
--- a/roles/docker/files/daemon.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-"default-address-pools":
-[
-{"base":"10.204.0.0/16","size":24}
-
-]
-}
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
deleted file mode 100644
index 7b7b88b..0000000
--- a/roles/docker/tasks/main.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-- name: Install Docker prerequisites
- apt:
- pkg:
- - ca-certificates
- - curl
- - gnupg
- - lsb-release
- - python3-pip
-- name: Add Docker APT key
- apt_key:
- url: https://download.docker.com/linux/ubuntu/gpg
- keyring: /etc/apt/keyrings/docker.gpg
-- name: Add Docker repository
- apt_repository:
- repo: "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
- register: apt_repository
-- name: Update APT cache
- apt:
- update_cache: true
- when: apt_repository.changed
-- name: Install Docker packages
- apt:
- pkg:
- - docker-ce
- - docker-ce-cli
- - containerd.io
- - docker-compose-plugin
-- name: Install Docker modules for Python
- pip:
- name:
- - docker
- - docker-compose
-- name: Copy daemon.json
- copy:
- src: "{{ role_path }}/files/daemon.json"
- dest: /etc/docker/daemon.json
-- name: Start Docker
- systemd:
- name: docker
- enabled: true
- state: started
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
deleted file mode 100644
index 6b6bcb4..0000000
--- a/roles/firewall/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-- name: Install firewalld
- apt:
- pkg:
- - firewalld
- state: latest
- update_cache: true
-- name: Allow SSH
- firewalld:
- service: ssh
- permanent: yes
- state: enabled
-- name: Start firewalld
- systemd:
- enabled: true
- name: sshd
- state: started
diff --git a/roles/forgejo/meta/main.yml b/roles/forgejo/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/forgejo/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/freshrss/meta/main.yml b/roles/freshrss/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/freshrss/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/inbucket/meta/main.yml b/roles/inbucket/meta/main.yml
deleted file mode 100644
index 7f5b1d3..0000000
--- a/roles/inbucket/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
-
\ No newline at end of file
diff --git a/roles/jitsi/meta/main.yml b/roles/jitsi/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/jitsi/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/mastodon/meta/main.yml b/roles/mastodon/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/mastodon/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/radicale/meta/main.yml b/roles/radicale/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/radicale/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/seafile/meta/main.yml b/roles/seafile/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/seafile/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/ssh/files/ssh_config b/roles/ssh/files/ssh_config
deleted file mode 100644
index 9ea50e1..0000000
--- a/roles/ssh/files/ssh_config
+++ /dev/null
@@ -1,54 +0,0 @@
-# This is the ssh client system-wide configuration file. See
-# ssh_config(5) for more information. This file provides defaults for
-# users, and the values can be changed in per-user configuration files
-# or on the command line.
-
-# Configuration data is parsed as follows:
-# 1. command line options
-# 2. user-specific file
-# 3. system-wide file
-# Any configuration value is only changed the first time it is set.
-# Thus, host-specific definitions should be at the beginning of the
-# configuration file, and defaults at the end.
-
-# Site-wide defaults for some commonly used options. For a comprehensive
-# list of available options, their meanings and defaults, please see the
-# ssh_config(5) man page.
-
-Include /etc/ssh/ssh_config.d/*.conf
-
-Host *
-# ForwardAgent no
-# ForwardX11 no
-# ForwardX11Trusted yes
-# PasswordAuthentication yes
-# HostbasedAuthentication no
-# GSSAPIAuthentication no
-# GSSAPIDelegateCredentials no
-# GSSAPIKeyExchange no
-# GSSAPITrustDNS no
-# BatchMode no
-# CheckHostIP yes
-# AddressFamily any
-# ConnectTimeout 0
-# StrictHostKeyChecking ask
-# IdentityFile ~/.ssh/id_rsa
-# IdentityFile ~/.ssh/id_dsa
-# IdentityFile ~/.ssh/id_ecdsa
-# IdentityFile ~/.ssh/id_ed25519
-# Port 22
-# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
-# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
-# EscapeChar ~
-# Tunnel no
-# TunnelDevice any:any
-# PermitLocalCommand no
-# VisualHostKey no
-# ProxyCommand ssh -q -W %h:%p gateway.example.com
-# RekeyLimit 1G 1h
-# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
- SendEnv LANG LC_*
-
-# set HashKnownHosts to no to make known_hosts human readable and reviewable.
-# HashKnownHosts yes
-# GSSAPIAuthentication yes
diff --git a/roles/ssh/files/sshd_config b/roles/ssh/files/sshd_config
deleted file mode 100644
index e532138..0000000
--- a/roles/ssh/files/sshd_config
+++ /dev/null
@@ -1,41 +0,0 @@
-Include /etc/ssh/sshd_config.d/*.conf
-
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-HostKeyAlgorithms ssh-ed25519
-CASignatureAlgorithms ssh-ed25519
-HostbasedAcceptedKeyTypes ssh-ed25519
-HostKeyAlgorithms ssh-ed25519
-KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
-Ciphers chacha20-poly1305@openssh.com
-MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-KbdInteractiveAuthentication no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the KbdInteractiveAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
-
-X11Forwarding yes
-PrintMotd no
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
diff --git a/roles/ssh/meta/main.yml b/roles/ssh/meta/main.yml
deleted file mode 100644
index 9711b33..0000000
--- a/roles/ssh/meta/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-dependencies:
- - role: common
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
deleted file mode 100644
index 9c7311c..0000000
--- a/roles/ssh/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-- name: Copy sshd config
- copy:
- src: "{{ role_path }}/files/sshd_config"
- dest: /etc/ssh/sshd_config
- register: sshd_config
-- name: Copy ssh config
- copy:
- src: "{{ role_path }}/files/ssh_config"
- dest: /etc/ssh/ssh_config
- register: ssh_config
-- name: Restart SSH service
- systemd:
- enabled: true
- name: sshd
- state: reloaded
- when: sshd_config.changed
diff --git a/roles/static/meta/main.yml b/roles/static/meta/main.yml
deleted file mode 100644
index 6b03734..0000000
--- a/roles/static/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
- - role: traefik
diff --git a/roles/watchtower/meta/main.yml b/roles/watchtower/meta/main.yml
deleted file mode 100644
index 7f5b1d3..0000000
--- a/roles/watchtower/meta/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-dependencies:
- - role: common
- - role: docker
-
\ No newline at end of file
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..9239f9d
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,25 @@
+terraform {
+ backend "pg" {
+ schema_name = "max"
+ conn_str = "postgres://terraform@10.42.0.1/terraform_state"
+ }
+
+ required_providers {
+ libvirt = {
+ source = "dmacvicar/libvirt"
+ }
+ }
+}
+
+provider "libvirt" {
+ uri = "qemu+ssh://root@atlas.hyp/system"
+}
+
+module "debian" {
+ source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+ name = "max"
+ domain_name = "tf-max"
+ memory = 1024 * 8
+ mac = "CA:FE:C0:FF:EE:03"
+ disk_size = 1024 * 1024 * 1024 * 30
+}