home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

remove obsolete code

Browse source
This commit is contained in:
Pim Kunis 2024-01-02 08:33:21 +01:00
parent 837ddf14e1
commit 70d068b9ae
37 changed files with 0 additions and 1282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
legacy/projects/docker_swarm/ansible/roles/ampache/docker-stack.yml.j2
View file

@ -1,56 +0,0 @@
# vi: ft=yaml
version: '3.7'
networks:
traefik:
external: true
volumes:
ampache_mysql:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/ampache/mysql"
ampache_config:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/ampache/config"
music:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nextcloud/data/data/pim/files/Music"
services:
ampache:
image: ampache/ampache:6
volumes:
- type: volume
source: ampache_mysql
target: /var/lib/mysql
volume:
nocopy: true
- type: volume
source: ampache_config
target: /var/www/config
volume:
nocopy: true
- type: volume
source: music
target: /media
read_only: true
volume:
nocopy: true
networks:
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.ampache.entrypoints=websecure
- traefik.http.routers.ampache.rule=Host(`music.kun.is`)
- traefik.http.routers.ampache.tls=true
- traefik.http.routers.ampache.tls.certresolver=letsencrypt
- traefik.http.routers.ampache.service=ampache
- traefik.http.services.ampache.loadbalancer.server.port=80
- traefik.docker.network=traefik

5
legacy/projects/docker_swarm/ansible/roles/ampache/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: ampache
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

106
legacy/projects/docker_swarm/ansible/roles/discourse/docker-stack.yml.j2
View file

@ -1,106 +0,0 @@
# vi: ft=yaml
version: '3'
networks:
traefik:
external: true
discourse:
services:
discourse-app:
image: tiredofit/discourse:latest
deploy:
placement:
constraints:
- "node.labels.discourse == true"
labels:
- traefik.enable=true
- traefik.http.routers.discourse.entrypoints=localsecure
- traefik.http.routers.discourse.rule=Host(`tuindersweijde.geokunis2.nl`)
- traefik.http.services.discourse.loadbalancer.server.port=3000
- traefik.http.routers.discourse.tls=true
- traefik.http.routers.discourse.tls.certresolver=letsencrypt
volumes:
- type: bind
source: /mnt/data/discourse/logs
target: /data/logs
- type: bind
source: /mnt/data/discourse/uploads
target: /data/uploads
- type: bind
source: /mnt/data/discourse/backups
target: /data/backups
environment:
- TIMEZONE=Europe/Amsterdam
- CONTAINER_NAME=discourse-app
- DB_HOST=discourse-db
- DB_NAME=discourse
- DB_USER=discourse
- DB_PASS={{ database_password }}
- REDIS_HOST=discourse-redis
- SITE_HOSTNAME=discourse.pim.kunis.nl
- SMTP_PORT=25
- SMTP_HOST=smtp.tweak.nl
- DEVELOPER_EMAILS=niels@kunis.nl
networks:
- traefik
- discourse
discourse-db:
image: tiredofit/postgres:15-latest
deploy:
placement:
constraints:
- "node.labels.discourse == true"
volumes:
- type: bind
source: /mnt/data/discourse/database
target: /var/lib/postgresql/data
environment:
- TIMEZONE=Europe/Amsterdam
- CONTAINER_NAME=discourse-db
- POSTGRES_DB=discourse
- POSTGRES_USER=discourse
- POSTGRES_PASSWORD={{ database_password }}
- SUPERUSER_PASS={{ database_password }}
networks:
- discourse
discourse-redis:
image: tiredofit/redis:7
deploy:
placement:
constraints:
- "node.labels.discourse == true"
volumes:
- type: bind
source: /mnt/data/discourse/redis
target: /var/lib/redis
environment:
- TIMEZONE=Europe/Amsterdam
- CONTAINER_NAME=discourse-redis
networks:
- discourse
# discourse-db-backup:
# image: tiredofit/db-backup
# volumes:
# - ./dbbackup:/backup
# environment:
# - TIMEZONE=America/Vancouver
# - CONTAINER_NAME=discourse-db-backup
# - DB_HOST=discourse-db
# - DB_TYPE=postgres
# - DB_NAME=discourse
# - DB_USER=discourse
# - DB_PASS=password
# - DB_DUMP_FREQ=1440
# - DB_DUMP_BEGIN=0000
# - DB_CLEANUP_TIME=8640
# networks:
# - discourse

5
legacy/projects/docker_swarm/ansible/roles/discourse/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: discourse
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

7
legacy/projects/docker_swarm/ansible/roles/discourse/vars/main.yml
View file

@ -1,7 +0,0 @@
database_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
32323538323136633363393961343364363933396431376437633361333232383938336531396537
3730306164303364363739376633633431383534646135380a326663396338396461623037613637
37666630333433393764373864346262383536656664343631386234386438333263626166363633
3735633562323361330a353735366562663631363634343438326562646533663839383932343263
38366538336466373733313130616330326238653966623037343336326132356565

87
legacy/projects/docker_swarm/ansible/roles/jitsi/docker-stack.yml.j2
View file

@ -1,87 +0,0 @@
# vi: ft=yaml
version: '3.5'
networks:
traefik:
external: true
jitsi:
services:
web:
image: jitsi/web:stable-8218
environment:
- DISABLE_HTTPS=1
- ENABLE_AUTH=0
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LETSENCRYPT=0
- PUBLIC_URL=https://meet.pim.kunis.nl
- TZ=Europe/Amsterdam
networks:
- jitsi
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.jitsi-web.entrypoints=websecure
- traefik.http.routers.jitsi-web.rule=Host(`meet.pim.kunis.nl`)
- traefik.http.routers.jitsi-web.tls=true
- traefik.http.routers.jitsi-web.tls.certresolver=letsencrypt
- traefik.http.services.jitsi-web.loadbalancer.server.port=80
- traefik.http.routers.jitsi-web.service=jitsi-web
- traefik.docker.network=traefik
prosody:
image: jitsi/prosody:stable-8218
expose:
- '5222'
- '5347'
- '5280'
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=0
- ENABLE_GUESTS=1
- ENABLE_IPV6=1
- ENABLE_LOBBY=1
- JIBRI_RECORDER_PASSWORD={{ jitsi_password }}
- JIBRI_XMPP_PASSWORD={{ jitsi_password }}
- JICOFO_AUTH_PASSWORD={{ jitsi_password }}
- JIGASI_XMPP_PASSWORD={{ jitsi_password }}
- JVB_AUTH_PASSWORD={{ jitsi_password }}
- PUBLIC_URL=https://meet.pim.kunis.nl
- TZ=Europe/Amsterdam
networks:
jitsi:
aliases:
- xmpp.meet.jitsi
jicofo:
image: jitsi/jicofo:stable-8218
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=0
- JICOFO_AUTH_PASSWORD={{ jitsi_password }}
- SENTRY_DSN=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
- jitsi
jvb:
image: jitsi/jvb:stable-8218
ports:
- '54562:54562/udp'
environment:
- JVB_ADVERTISE_IPS=84.245.14.149,192.168.30.8
- JVB_AUTH_PASSWORD={{ jitsi_password }}
- JVB_PORT=54562
- PUBLIC_URL=https://meet.pim.kunis.nl
- SENTRY_DSN=0
- COLIBRI_REST_ENABLED=0
- TZ=Europe/Amsterdam
depends_on:
- prosody
networks:
- jitsi
- traefik

5
legacy/projects/docker_swarm/ansible/roles/jitsi/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: jitsi
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

8
legacy/projects/docker_swarm/ansible/roles/jitsi/vars/main.yml
View file

@ -1,8 +0,0 @@
jitsi_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66633139653639396435333239316536326366613338646531373063306333383562613462316561
6630373435326631376362643961343936626238663332630a623631613532366539633637333032
35383031306566613466643066366361663039633864643733356366386339366265326237653739
3062313832313638330a636131393130646564366563626430346436656236333961306363633435
39353934386631633132306562396430303738393235656363356666663934626161363365343162
6130346338333734653961633037386133396332643831363939

131
legacy/projects/docker_swarm/ansible/roles/mastodon/docker-stack.yml.j2
View file

@ -1,131 +0,0 @@
# vi: ft=yaml
version: '3'
networks:
traefik:
external: true
mastodon:
volumes:
system:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/mastodon/system"
redis:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/mastodon/redis"
services:
redis:
image: redis:7-alpine
networks:
mastodon:
aliases:
- redis
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- type: volume
source: redis
target: /data
volume:
nocopy: true
web:
image: tootsuite/mastodon:v4.1
environment:
- 'OTP_SECRET={{ otp_secret }}'
- 'SECRET_KEY_BASE={{ secret_key_base }}'
- 'REDIS_HOST=redis'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
- 'VAPID_PRIVATE_KEY={{ vapid_private_key }}'
- 'VAPID_PUBLIC_KEY=BDcpOP2ThgD13i2ENjnlVXG7QH-m3xuNE4rySx6_NBYQz34UxSM3N4nT7GUxN5zBF-Kehlv0CpqBDDa78QFiS0g='
- 'SMTP_SERVER=smtp.tweak.nl'
- 'SMTP_PORT=587'
- 'SMTP_LOGIN='
- 'SMTP_PASSWORD='
- 'SMTP_FROM_ADDRESS=mastodon@kunis.nl'
- 'LOCAL_DOMAIN=social.pizzapim.nl'
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- mastodon
- traefik
healthcheck:
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
volumes:
- type: volume
source: system
target: /mastodon/public/system
volume:
nocopy: true
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon.entrypoints=websecure
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
- traefik.http.routers.mastodon.tls=true
- traefik.http.routers.mastodon.tls.certresolver=letsencrypt
- traefik.http.services.mastodon.loadbalancer.server.port=3000
- traefik.http.routers.mastodon.service=mastodon
- traefik.docker.network=traefik
depends_on:
- redis
streaming:
image: tootsuite/mastodon:v4.1
command: node ./streaming
environment:
- 'REDIS_HOST=redis'
- 'LOCAL_DOMAIN=social.pizzapim.nl'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
networks:
- mastodon
- traefik
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-streaming.entrypoints=websecure
- "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
- traefik.http.routers.mastodon-streaming.service=mastodon-streaming
- traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
- traefik.http.routers.mastodon-streaming.tls=true
- traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt
- traefik.docker.network=traefik
depends_on:
- redis
sidekiq:
image: tootsuite/mastodon:v4.1
command: bundle exec sidekiq
environment:
- 'OTP_SECRET={{ otp_secret }}'
- 'SECRET_KEY_BASE={{ secret_key_base }}'
- 'REDIS_HOST=redis'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
networks:
- mastodon
volumes:
- type: volume
source: system
target: /mastodon/public/system
volume:
nocopy: true
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
depends_on:
- redis

5
legacy/projects/docker_swarm/ansible/roles/mastodon/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: mastodon
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

42
legacy/projects/docker_swarm/ansible/roles/mastodon/vars/main.yml
View file

@ -1,42 +0,0 @@
mastodon_postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34643131323762373635383736636432643161646130373565333432323337646435656233383131
3066353734373938353162656335666536323265643162620a663562303636383737393061396331
30353538326333393031373736363933666636383866373763303237376561333061323131303062
3532316632613062310a343566393237363364613931353062636537663864383839623930383836
32613634616335616462336261303632646266326663383166366236643438616538626263343835
6539616439636364626466333163316164633631616132623665
otp_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
33303436663063313039636335623937343530323636346363306234333135306138653337313034
3337363432363734353363623738653630373536653433350a356336383235383430613934623937
36316638343439376134383635336630313065623138326630303131333136626636386361313661
6134613862366463300a313765366136343431343838363230363134613164373931623564626466
32623137666364326234383264396336636561313132313930383964656434656535663861343337
65316331323335626464626231653236313932663334316134633837646330303563633162373036
66326135656531393839343138376666623337616162653137393764306265323065356431343162
36373135303339356366356263623334373361326561396562353332323363623738626132303738
38383638616363386536386461353465353765366234353862653765376330663661326138626266
30633134643632393630323834323538326339373361363235666133303761323261336637663862
326633383933663530653230336364653461
secret_key_base: !vault |
$ANSIBLE_VAULT;1.1;AES256
32373731376166613238303535646633326162613137366165643037643966643637316265653832
3035393061616431666162373133393666653634386338350a376136653961646239656534336230
33366235343365653234333866393965643131306636373566623665646562353234323065393262
6264313430333262390a626338333932363137356338636132636133613239633537623064666438
32343063653664393530353536643963353364373830303563346163613862653161343165363062
61396630353036333634313033663962613930336637323461313731633136366365623732306337
37646265613639306133373736353365366461373264356665623236313836633565343764626238
38353637613064306162393430323662616231623965643933383339616561353963663366396363
33346332343336386266636165616135343732353365336630653334383533633831636138623733
34396266643166386130383334666565303865396135613863336261656135343564376537383634
353635336365613765363931373636363465
vapid_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
33376430313539346137343237313061653164343861623563656638306539373837393364326235
3435396264613533633138346231303137663763323361360a356137306330343939353732356535
33396336633966623266396265356435343633373766363637616635326563623130653039343665
3465306562306261660a303131666436333137306139366636646232333061383935353263396534
63376635393966653636316236316538656361393631626465383233386136313366363531363663
3436326431353435653666356266333835303061616436323061

132
legacy/projects/docker_swarm/ansible/roles/monitoring/docker-stack.yml.j2
View file

@ -1,132 +0,0 @@
# vi: ft=yaml
version: "3.8"
networks:
traefik:
external: true
grafana:
configs:
esdatasource:
external: true
name: "{{ esdatasource.config_name }}"
fluentconf:
external: true
name: "{{ fluentconf.config_name }}"
volumes:
escerts:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/elasticsearch/certs"
esdata:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/elasticsearch/data"
grafanadata:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/grafana/data"
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.8.1
volumes:
- type: volume
source: escerts
target: /usr/share/elasticsearch/config/certs
volume:
nocopy: true
- type: volume
source: esdata
target: /usr/share/elasticsearch/data
volume:
nocopy: true
ports:
- {{ elasticsearch_port }}:9200
environment:
- node.name=es01
- cluster.name=shoarma
- discovery.type=single-node
- bootstrap.memory_lock=true
- xpack.security.enabled=false
- xpack.security.http.ssl.enabled=false
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=false
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=basic
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl http://localhost:9200 | grep -q 'You Know, for Search'",
]
interval: 10s
timeout: 10s
retries: 120
grafana:
image: grafana/grafana-oss
depends_on:
- elasticsearch
networks:
- traefik
- grafana
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.grafana.entrypoints=localsecure
- traefik.http.routers.grafana.rule=Host(`grafana.kun.is`)
- traefik.http.routers.grafana.tls=true
- traefik.http.routers.grafana.tls.certresolver=letsencrypt
- traefik.http.routers.grafana.service=grafana
- traefik.http.services.grafana.loadbalancer.server.port=3000
- traefik.docker.network=traefik
volumes:
- type: volume
source: grafanadata
target: /var/lib/grafana
volume:
nocopy: true
configs:
- source: esdatasource
target: /etc/grafana/provisioning/datasources/elasticsearch.yaml
grafana-ntfy:
image: kittyandrew/grafana-to-ntfy:master
depends_on:
- grafana
ports:
- 8080:8080
networks:
grafana:
aliases:
- grafana-ntfy
environment:
- NTFY_URL=https://ntfy.kun.is/alerts
- NTFY_BAUTH_USER=pim
- NTFY_BAUTH_PASS={{ ntfy_password }}
- BAUTH_USER=admin
- BAUTH_PASS=test
fluentd:
image: git.kun.is/pim/fluentd:1.0.3
depends_on:
- elasticsearch
ports:
- {{ fluent_forward_port }}:24224
configs:
- source: fluentconf
target: /fluentd/etc/fluent.conf

35
legacy/projects/docker_swarm/ansible/roles/monitoring/elasticsearch.yml.j2
View file

@ -1,35 +0,0 @@
# vi: ft=yaml
apiVersion: 1
datasources:
- name: cpu
type: elasticsearch
access: proxy
url: http://maestro.dmz:{{ elasticsearch_port }}
jsonData:
index: 'fluentd.cpu-*'
timeField: '@timestamp'
- name: memory
type: elasticsearch
access: proxy
url: http://maestro.dmz:{{ elasticsearch_port }}
jsonData:
index: 'fluentd.memory-*'
timeField: '@timestamp'
- name: diskfree
type: elasticsearch
access: proxy
url: http://maestro.dmz:{{ elasticsearch_port }}
jsonData:
index: 'fluentd.diskfree-*'
timeField: '@timestamp'
- name: traefik_access
type: elasticsearch
access: proxy
url: http://maestro.dmz:{{ elasticsearch_port }}
jsonData:
index: 'fluentd.access.traefik-*'
timeField: '@timestamp'

35
legacy/projects/docker_swarm/ansible/roles/monitoring/fluent.conf.j2
View file

@ -1,35 +0,0 @@
# vi: ft=yaml
# Receive events from 24224/tcp
# This is used by log forwarding and the fluent-cat command
<source>
@type forward
port {{ fluent_forward_port }}
</source>
<filter access.**>
@type geoip
geoip_lookup_keys host
backend_library geoip2_c
<record>
latitude ${location.latitude["host"]}
longitude ${location.longitude["host"]}
</record>
skip_adding_null_record true
</filter>
<match cpu memory diskfree access.**>
@type elasticsearch
host maestro.dmz
port {{ elasticsearch_port }}
include_timestamp true
logstash_format true
logstash_prefix fluentd.${tag}
</match>
<match **>
@type null
</match>
<system>
log_level info
</system>

21
legacy/projects/docker_swarm/ansible/roles/monitoring/tasks/main.yml
View file

@ -1,21 +0,0 @@
- name: Create fluentd config
docker_config:
name: fluentconf
data: "{{ lookup('template', '{{ role_path }}/fluent.conf.j2') }}"
use_ssh_client: true
rolling_versions: true
register: fluentconf
- name: Create elasticsearch data source config
docker_config:
name: esdatasource
data: "{{ lookup('template', '{{ role_path }}/elasticsearch.yml.j2') }}"
use_ssh_client: true
rolling_versions: true
register: esdatasource
- name: Deploy Docker stack
docker_stack:
name: monitoring
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

8
legacy/projects/docker_swarm/ansible/roles/monitoring/vars/main.yml
View file

@ -1,8 +0,0 @@
ntfy_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36333232393635383732336630626463633038353862333430396437333733376239343531663339
6364643930636566326463393963316263323061613032350a383930376537373437633333623639
66613439636531393761366534333134383231303637643063633537393535356536636530666665
6537653731666130610a346135373562333931646237396233613065353165623336373935386137
36313830623931313238333430346238626562353661616465333736346230396162386137363435
3362636565336639643832626165613236643466633537633236

112
legacy/projects/docker_swarm/ansible/roles/overleaf/docker-stack.yml.j2
View file

@ -1,112 +0,0 @@
# vi: ft=yaml
version: '3'
networks:
traefik:
external: true
overleaf:
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/overleaf/data"
redis:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/overleaf/redis"
mongodb:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/overleaf/mongodb"
services:
sharelatex:
image: sharelatex/sharelatex:3
networks:
- traefik
- overleaf
depends_on:
- overleaf-mongodb
- overleaf-redis
stop_grace_period: 60s
volumes:
- type: volume
source: data
target: /var/lib/sharelatex
volume:
nocopy: true
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.overleaf.entrypoints=websecure
- traefik.http.routers.overleaf.rule=Host(`latex.kun.is`)
- traefik.http.routers.overleaf.tls=true
- traefik.http.routers.overleaf.tls.certresolver=letsencrypt
- traefik.http.routers.overleaf.service=overleaf
- traefik.http.services.overleaf.loadbalancer.server.port=80
- traefik.docker.network=traefik
environment:
SHARELATEX_APP_NAME: Overleaf Community Edition
SHARELATEX_MONGO_URL: mongodb://overleaf-mongodb:27017/sharelatex
# Same property, unfortunately with different names in
# different locations
SHARELATEX_REDIS_HOST: overleaf-redis
REDIS_HOST: overleaf-redis
ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
# Enables Thumbnail generation using ImageMagick
ENABLE_CONVERSIONS: 'true'
# Disables email confirmation requirement
EMAIL_CONFIRMATION_DISABLED: 'true'
# temporary fix for LuaLaTex compiles
# see https://github.com/overleaf/overleaf/issues/695
TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var
SHARELATEX_SITE_URL: https://latex.kun.is
SHARELATEX_ADMIN_EMAIL: pim@kunis.nl
SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@kunis.nl"
SHARELATEX_EMAIL_SMTP_HOST: "smtp.tweak.nl"
SHARELATEX_EMAIL_SMTP_PORT: 587
SHARELATEX_EMAIL_SMTP_USER: ""
SHARELATEX_EMAIL_SMTP_PASS: ""
overleaf-mongodb:
image: mongo:4.4
networks:
- overleaf
expose:
- 27017
volumes:
- type: volume
source: mongodb
target: /data/db
volume:
nocopy: true
healthcheck:
test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
interval: 10s
timeout: 10s
retries: 5
overleaf-redis:
image: redis:5
networks:
- overleaf
expose:
- 6379
volumes:
- type: volume
source: redis
target: /data
volume:
nocopy: true

5
legacy/projects/docker_swarm/ansible/roles/overleaf/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: overleaf
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

73
legacy/projects/docker_swarm/ansible/roles/seafile/docker-stack.yml.j2
View file

@ -1,73 +0,0 @@
# vi: ft=yaml
version: '3'
networks:
traefik:
external: true
seafile:
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/seafile/data"
db:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/seafile/db"
services:
db:
image: mariadb:10.5
environment:
- MYSQL_ROOT_PASSWORD={{ db_root_passwd }}
- MYSQL_LOG_CONSOLE=true
volumes:
- type: volume
source: db
target: /var/lib/mysql
volume:
nocopy: true
networks:
- seafile
memcached:
image: memcached:1.6
entrypoint: memcached -m 256
networks:
- seafile
seafile:
image: seafileltd/seafile-mc:9.0.10
volumes:
- type: volume
source: data
target: /shared
volume:
nocopy: true
environment:
- DB_HOST=db
- DB_ROOT_PASSWD={{ db_root_passwd }}
- TIME_ZONE=Europe/Amsterdam
- SEAFILE_ADMIN_EMAIL={{ seafile_admin_email }}
- SEAFILE_ADMIN_PASSWORD={{ seafile_admin_password }}
- SEAFILE_SERVER_LETSENCRYPT=false
- SEAFILE_SERVER_HOSTNAME={{ seafile_domain }}
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.seafile.entrypoints=websecure
- traefik.http.routers.seafile.rule=Host(`{{ seafile_domain }}`)
- traefik.http.routers.seafile.tls=true
- traefik.http.routers.seafile.tls.certresolver=letsencrypt
- traefik.http.services.seafile.loadbalancer.server.port=80
- traefik.http.routers.seafile.service=seafile
- traefik.docker.network=traefik
depends_on:
- db
- memcached
networks:
- traefik
- seafile

5
legacy/projects/docker_swarm/ansible/roles/seafile/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: seafile
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

18
legacy/projects/docker_swarm/ansible/roles/seafile/vars/main.yml
View file

@ -1,18 +0,0 @@
db_root_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
62376163363033396161363264613836623734623835316439666331356464636633393237313236
3731383961393939366165393537663435356166643966650a353132616166353630333733636639
63616163346566336461313264326562393964643661613831316233326165623463613865636637
6363363331333430320a366661356232393036383765353066623334656133313661636130666238
32336561323431303730373262343534326539383932613533623232376330646230363363636135
3266336663623037663838643936366437663831356634333930
seafile_admin_email: niels@kunis.nl
seafile_admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34366163396632343065636232363435633039373236363461383563363162626561653763383438
3263393539663030363532353238633262616339343436370a613631323064303637623266653832
64323834356664316265376132633863666136316239623862643962366637306238343933386134
6237396238383232360a386637303639646136653134643737393735383661626539386134643333
35313536323963303734353338636162666236343430623062373464653531353230366238326231
6661363038393534373861643261383561386536613337396539
seafile_domain: files.geokunis2.nl

60
legacy/projects/docker_swarm/ansible/roles/shephard/docker-stack.yml.j2
View file

@ -1,60 +0,0 @@
# vi: ft=yaml
version: "3"
networks:
shephard:
services:
app:
image: mazzolino/shepherd
networks:
- shephard
environment:
TZ: 'Europe/Amsterdam'
FILTER_SERVICES: ''
IGNORELIST_SERVICES: ""
RUN_ONCE_AND_EXIT: "true"
APPRISE_SIDECAR_URL: apprise:5000
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
deploy:
replicas: 0
restart_policy:
condition: none
labels:
- swarm.cronjob.enable=true
- "swarm.cronjob.schedule=0 2 * * *"
- swarm.cronjob.skip-running=true
placement:
constraints:
- node.role == manager
scheduler:
image: crazymax/swarm-cronjob:latest
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
environment:
- "TZ=Europe/Amsterdam"
- "LOG_LEVEL=info"
- "LOG_JSON=false"
deploy:
placement:
constraints:
- node.role == manager
apprise:
image: mazzolino/apprise-microservice:0.1
environment:
NOTIFICATION_URLS: {{ apprise_urls }}
networks:
- shephard
deploy:
placement:
constraints:
- node.role == manager

5
legacy/projects/docker_swarm/ansible/roles/shephard/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: shephard
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

1
legacy/projects/docker_swarm/ansible/roles/shephard/vars/main.yml
View file

@ -1 +0,0 @@
apprise_urls: "apprises://apprise.kun.is:444/shephard"

30
legacy/projects/docker_swarm/ansible/roles/traefik/docker-stack.yml.j2
View file

@ -54,36 +54,6 @@ services:
- traefik.http.routers.esrom.rule=Host(`geokunis2.nl`) - traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
- traefik.http.routers.esrom.tls=true - traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=letsencrypt - traefik.http.routers.esrom.tls.certresolver=letsencrypt
- traefik.http.routers.uptime.entrypoints=localsecure
- traefik.http.routers.uptime.rule=Host(`uptime.kun.is`)
- traefik.http.routers.uptime.service=uptime@file
- traefik.http.routers.uptime.tls=true
- traefik.http.routers.uptime.tls.certresolver=letsencrypt
- traefik.http.routers.ntfy.entrypoints=websecure
- traefik.http.routers.ntfy.rule=Host(`ntfy.kun.is`)
- traefik.http.routers.ntfy.service=ntfy@file
- traefik.http.routers.ntfy.tls=true
- traefik.http.routers.ntfy.tls.certresolver=letsencrypt
- traefik.http.routers.apprise.entrypoints=localsecure
- traefik.http.routers.apprise.rule=Host(`apprise.kun.is`)
- traefik.http.routers.apprise.service=apprise@file
- traefik.http.routers.apprise.tls=true
- traefik.http.routers.apprise.tls.certresolver=letsencrypt
- traefik.http.routers.concourse.entrypoints=websecure
- traefik.http.routers.concourse.rule=Host(`ci.kun.is`)
- traefik.http.routers.concourse.service=concourse@file
- traefik.http.routers.concourse.tls=true
- traefik.http.routers.concourse.tls.certresolver=letsencrypt
- traefik.http.routers.discourse.entrypoints=websecure
- traefik.http.routers.discourse.rule=Host(`tuindersweijde.geokunis2.nl`)
- traefik.http.routers.discourse.service=discourse@file
- traefik.http.routers.discourse.tls=true
- traefik.http.routers.discourse.tls.certresolver=letsencrypt
volumes: volumes:
- type: bind - type: bind
source: /var/run/docker.sock source: /var/run/docker.sock

20
legacy/projects/docker_swarm/ansible/roles/traefik/services.yml
View file

@ -4,23 +4,3 @@ http:
loadBalancer: loadBalancer:
servers: servers:
- url: http://esrom.dmz:80/ - url: http://esrom.dmz:80/
uptime:
loadBalancer:
servers:
- url: http://iris.dmz:3001
ntfy:
loadBalancer:
servers:
- url: http://iris.dmz:3002
apprise:
loadBalancer:
servers:
- url: http://iris.dmz:3003
concourse:
loadBalancer:
servers:
- url: http://concourse.dmz:3000
discourse:
loadBalancer:
servers:
- url: http://forum.dmz:80

5
legacy/projects/thecloud/README.md
View file

@ -1,5 +0,0 @@
# thecloud
Thecloud is a Debian VM that provides network availability to all our persistent data:
- NFS for network files
- Postgresql for databases

8
legacy/projects/thecloud/ansible/ansible.cfg
View file

@ -1,8 +0,0 @@
[defaults]
roles_path=../../../ansible_roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
inventory=inventory
vault_password_file=$HOME/.config/home/ansible-vault-secret
interpreter_python=/usr/bin/python3
[diff]
always = True

97
legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml
View file

@ -1,97 +0,0 @@
apt_install_packages:
- postgresql
- python3-psycopg2
- nfs-kernel-server
- qemu-guest-agent
nfs_exports: []
redis_bind_interface: 0.0.0.0
redis_requirepass: !vault |
$ANSIBLE_VAULT;1.1;AES256
37323965303638333264653936616563323235363463396330363836653865393835346263383838
3030386166316365633538353539623066626434313332390a616131303434373264633934356361
30356335643638656433326230363462373533396533366261346630353163353137333865303132
3536636165366631310a643538353331366130663464386565343331653031333061333330613532
34663932653734336239303536323331396435386332666133343033373566386562326136656330
63393766353063646361643565323238376334333637363232626139333664643065613237666532
31623032613763303136353232323837376637336431306534306336356165363039666634336433
30376464323862373833
nfs_shares:
- name: nextcloud_data
path: /mnt/data/nextcloud/data
- name: radicale
path: /mnt/data/radicale
- name: freshrss_data
path: /mnt/data/freshrss/data
- name: freshrss_extensions
path: /mnt/data/freshrss/extensions
- name: pihole_data
path: /mnt/data/pihole/data
- name: pihole_dnsmasq
path: /mnt/data/pihole/dnsmasq
- name: hedgedoc_uploads
path: /mnt/data/hedgedoc/uploads
- name: traefik_acme
path: /mnt/data/traefik/acme
- name: seafile_data
path: /mnt/data/seafile/data
- name: seafile_db
path: /mnt/data/seafile/db
- name: mastodon_system
path: /mnt/data/mastodon/system
- name: mastodon_redis
path: /mnt/data/mastodon/redis
- name: forgejo
path: /mnt/data/forgejo
- name: overleaf
path: /mnt/data/overleaf/data
- name: overleaf_redis
path: /mnt/data/overleaf/redis
- name: overleaf_mongodb
path: /mnt/data/overleaf/mongodb
- name: prometheus_data
path: /mnt/data/prometheus/data
- name: elasticsearch_certs
path: /mnt/data/elasticsearch/certs
- name: elasticsearch_data
path: /mnt/data/elasticsearch/data
- name: grafana_data
path: /mnt/data/grafana/data
- name: kitchenowl_data
path: /mnt/data/kitchenowl/data
- name: ampache_mysql
path: /mnt/data/ampache/mysql
- name: ampache_config
path: /mnt/data/ampache/config
- name: music
path: /mnt/data/nextcloud/data/data/pim/files/Music
- name: syncthing_config
path: /mnt/data/syncthing/config
database_passwords:
nextcloud: !vault |
$ANSIBLE_VAULT;1.1;AES256
66326230303135303930363761316534313439383365376231623661316635393839336431313262
3832626365376533646561653863316364313135343366330a356136343938666133356532613263
39663037623232363266376335643834353735363431636535386566643763386463353962663930
3466343563353162320a376437353933656166323364323166376663323531373338656563653463
33346263626430616164613937363836343430383233393061643231346661656539623938333631
3632373964346139316637663364646132636636373461613534
hedgedoc: !vault |
$ANSIBLE_VAULT;1.1;AES256
63363464666633663762393135333362613966636338623533393132376338343339653431396465
6634643863623163366235393434343662313735363438610a373065363361326565633766633835
38383637343230363031636634623930666365333739323162313937656239646166613738393965
3533666462303563360a313233306335396234393932396331313238376464363964363839396164
66366662356135343035363935616664613831626131376330643133313530636431613266636165
6265613666616164373637356235396165383662333561393939
mastodon: !vault |
$ANSIBLE_VAULT;1.1;AES256
63616366396665663161376161373735626466353464393963333136336335376662326232613639
6166333137376131633761623163306165386562666639640a313136386431373161306331626638
34643433396232383962643964386631313632393161316261353331346163333261336666646563
6232666231653732630a396638396462323464613033306662313463663262626430363432663465
63623935303861663565633739363539326435623561396535623034663735373232336633303037
6266323136316238343963613332396261346337646264646162

5
legacy/projects/thecloud/ansible/inventory/hosts.yml
View file

@ -1,5 +0,0 @@
all:
hosts:
thecloud:
ansible_user: root
ansible_host: thecloud.dmz

3
legacy/projects/thecloud/ansible/requirements.yml
View file

@ -1,3 +0,0 @@
- name: apt
src: https://github.com/sunscrapers/ansible-role-apt.git
scm: git

4
legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml
View file

@ -1,4 +0,0 @@
- name: restart postgres
systemd:
name: postgresql
state: restarted

15
legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml
View file

@ -1,15 +0,0 @@
- name: Open postgres port
ini_file:
path: /etc/postgresql/15/main/postgresql.conf
section: null
option: listen_addresses
value: "'*'"
notify: restart postgres
- name: Change data directory
ini_file:
path: /etc/postgresql/15/main/postgresql.conf
section: null
option: data_directory
value: "'/mnt/data/postgresql'"
notify: restart postgres

25
legacy/projects/thecloud/ansible/share.yml
View file

@ -1,25 +0,0 @@
---
- name: Create databases and NFS shares
hosts: thecloud
handlers:
- name: reload nfs
systemd:
name: nfs-kernel-server
state: restarted
tasks:
- name: Create nfs shares
with_items: "{{ nfs_shares }}"
copy:
dest: "/etc/exports.d/{{ item.name }}.exports"
content: "{{ item.path }} *(rw,sync,no_subtree_check,no_root_squash)"
notify: reload nfs
- name: Create databases
with_items: "{{ database_passwords | dict2items }}"
include_role:
name: postgresql_database
vars:
database_name: "{{ item.key }}"
database_user: "{{ item.key }}"
database_password: "{{ item.value }}"

31
legacy/projects/thecloud/ansible/thecloud.yml
View file

@ -1,31 +0,0 @@
---
- name: Wait for Cloud-Init to finish
hosts: all
gather_facts: no
roles:
- cloudinit_wait
- name: Setup NFS
hosts: thecloud
roles:
- {role: apt, tags: apt}
- {role: postgresql, tags: postgresql}
post_tasks:
- name: Ensure NFS exports directory exists
file:
path: /etc/exports.d
state: directory
- name: Start NFS
systemd:
name: nfs-kernel-server
state: started
enabled: true
- name: Enable Qemu guest agent
systemd:
name: qemu-guest-agent
state: started
enabled: true

32
legacy/projects/thecloud/data/main.tf
View file

@ -1,32 +0,0 @@
terraform {
backend "pg" {
schema_name = "thecloud-data"
conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
}
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
}
}
}
# https://libvirt.org/uri.html#libssh-and-libssh2-transport
provider "libvirt" {
uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
}
module "data_pool" {
source = "../../../terraform_modules/setup/data"
}
resource "libvirt_volume" "data" {
name = "thecloud-data.qcow2"
pool = "data"
size = 1024 * 1024 * 1024 * 150
}
output "data_disk_id" {
value = libvirt_volume.data.id
}

40
legacy/projects/thecloud/vm/main.tf
View file

@ -1,40 +0,0 @@
terraform {
backend "pg" {
schema_name = "thecloud"
conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
}
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
}
}
}
# https://libvirt.org/uri.html#libssh-and-libssh2-transport
provider "libvirt" {
alias = "lewis"
uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
}
module "setup_lewis" {
source = "../../../terraform_modules/setup"
providers = {
libvirt = libvirt.lewis
}
}
module "thecloud" {
source = "../../../terraform_modules/debian"
name = "thecloud"
ram = 1024
storage = 25
mac = "CA:FE:C0:FF:EE:0A"
data_disk = "/mnt/data/volumes/thecloud-data.qcow2"
providers = {
libvirt = libvirt.lewis
}
depends_on = [ module.setup_lewis ]
}