home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

remove migrated docker stacks

Browse source
This commit is contained in:
Pim Kunis 2024-04-06 16:46:28 +02:00
parent 6361b06a5a
commit babb7ff5b7
30 changed files with 0 additions and 796 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
docker_swarm/roles/cyberchef/docker-stack.yml.j2
View file

@ -1,21 +0,0 @@
# vi: ft=yaml
version: "3.7"
networks:
traefik:
external: true
services:
cyberchef:
image: mpepping/cyberchef
networks:
- traefik
deploy:
replicas: 3
labels:
- traefik.enable=true
- traefik.http.routers.cyberchef.entrypoints=websecure
- traefik.http.services.cyberchef.loadbalancer.server.port=8000
- traefik.http.routers.cyberchef.rule=Host(`cyberchef.kun.is`)
- traefik.http.routers.cyberchef.tls=true
- traefik.http.routers.cyberchef.tls.certresolver=letsencrypt

5
docker_swarm/roles/cyberchef/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: cyberchef
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

109
docker_swarm/roles/forgejo/app.ini.j2
View file

@ -1,109 +0,0 @@
APP_NAME = Forgejo: Beyond coding. We forge.
RUN_MODE = prod
RUN_USER = git
WORK_PATH=/data/gitea
[repository]
ROOT = /data/git/repositories
DEFAULT_BRANCH = master
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = {{ git_domain }}
SSH_DOMAIN = {{ git_domain }}
HTTP_PORT = 3000
ROOT_URL = {{ root_url }}
DISABLE_SSH = false
SSH_PORT = {{ git_ssh_port }}
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
OFFLINE_MODE = false
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
ISSUE_INDEXER_TYPE = db
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
ENABLE_FEDERATED_AVATAR = false
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
logger.router.MODE = console
ROOT_PATH = /data/gitea/log
logger.access.MODE=console
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = {{ internal_token }}
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[lfs]
PATH = /data/git/lfs
[mailer]
ENABLED = true
SMTP_ADDR = {{ mailer_host }}
SMTP_PORT = 587
FROM = {{ mailer_from }}
USER =
PASSWD =
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[ui]
DEFAULT_THEME = forgejo-light
[oauth2]
ENABLE=false

57
docker_swarm/roles/forgejo/docker-stack.yml.j2
View file

@ -1,57 +0,0 @@
# vi: ft=yaml
version: "3"
networks:
traefik:
external: true
configs:
config:
external: true
name: "{{ config.config_name }}"
volumes:
forgejo:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/forgejo"
services:
forgejo:
image: codeberg.org/forgejo/forgejo:1.20
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- traefik
ports:
- "{{ git_ssh_port }}:22"
volumes:
- type: volume
source: forgejo
target: /data
volume:
nocopy: true
# TODO: fix this
# - /etc/timezone:/etc/timezone:ro
# - /etc/localtime:/etc/localtime:ro
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.port=443
- traefik.enable=true
- traefik.http.routers.forgejo.entrypoints=websecure
- traefik.http.routers.forgejo.rule=Host(`{{ git_domain }}`)
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver=letsencrypt
- traefik.http.routers.forgejo.service=forgejo
- traefik.http.services.forgejo.loadbalancer.server.port=3000
- traefik.docker.network=traefik
- traefik.http.middlewares.set-forwarded-for.headers.hostsProxyHeaders=X-Forwarded-For
- traefik.http.routers.forgejo.middlewares=set-forwarded-for
configs:
- source: config
target: /data/gitea/conf/app.ini

13
docker_swarm/roles/forgejo/tasks/main.yml
View file

@ -1,13 +0,0 @@
- name: Create Docker config
docker_config:
name: forgejo_config
data: "{{ lookup('template', '{{ role_path }}/app.ini.j2') }}"
use_ssh_client: true
rolling_versions: true
register: config
- name: Deploy Docker stack
docker_stack:
name: forgejo
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

23
docker_swarm/roles/forgejo/vars/main.yml
View file

@ -1,23 +0,0 @@
git_domain: "git.kun.is"
root_url: "https://{{ git_domain }}"
mailer_host: "smtp.tweak.nl"
mailer_from: "git@kunis.nl"
lfs_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
66613032363837346461326131303839646332646233633736623865346135623739343233396165
6530326162323466623939393133623336366466343837620a613532616365646137326138383235
32313264653262656564336531646662323039623865393366616536633531306430336137313862
3361373539373561390a653236306433393737616561306236343362396438366134313032656233
35626364373961613361366138383566353463626136393861383934326263383336393766623063
3434656437663165376635326139383065383861386133623765
internal_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
62633334656235613035343830326237633637626639363465313861323734393766636464303862
3936306561343863316630616164616537323537333262650a336337303232623832636666353038
64313134383330646537356432383332386238373835656663313431373939373630373566396339
6561643037383666340a643464326531623731303564646464376239613263643761643766623930
37623362326561346262306331376663313661633635323435333339396138383134303364306532
37353264363737643965643932356336633734316534303262336461313038626538396536333964
36353635323731353061393430656166363263366437313434336139616666326335633037663336
37353665613938613731316330396461343632643039643864343164303937613263343262623964
33366364636339623633653035313736653563363064646233383437373431373232

42
docker_swarm/roles/freshrss/docker-stack.yml.j2
View file

@ -1,42 +0,0 @@
# vi: ft=yaml
version: "3"
networks:
traefik:
external: true
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/freshrss/data"
services:
freshrss:
image: freshrss/freshrss:edge
networks:
- traefik
volumes:
- type: volume
source: data
target: /var/www/FreshRSS/data
volume:
nocopy: true
environment:
TZ: Europe/Amsterdam
CRON_MIN: '2,32'
ADMIN_EMAIL: pim@kunis.nl
ADMIN_PASSWORD: {{ admin_password }}
ADMIN_API_PASSWORD: {{ admin_password }}
PUBLISHED_PORT: 443
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.freshrss.entrypoints=websecure
- traefik.http.routers.freshrss.rule=Host(`rss.kun.is`)
- traefik.http.routers.freshrss.tls=true
- traefik.http.routers.freshrss.tls.certresolver=letsencrypt
- traefik.http.routers.freshrss.service=freshrss
- traefik.http.services.freshrss.loadbalancer.server.port=80
- traefik.docker.network=traefik

5
docker_swarm/roles/freshrss/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: freshrss
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

8
docker_swarm/roles/freshrss/vars/main.yml
View file

@ -1,8 +0,0 @@
admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
38363734333534376665616439306566613632303739373661333338356533653334323366326130
3031316133383432366639613565656134666338326639360a633263363066613964643665316334
63373830663239393137653131326630326465343333346430376536393162383836333130353562
3336306561636134650a646433633063316431643466326161303666313765323034343233646566
66613330616463346561343561616438643763643465373839303861356133313831303338356430
6634653635383833303265316662663631376163636134666565

24
docker_swarm/roles/inbucket/docker-stack.yml.j2
View file

@ -1,24 +0,0 @@
# vi: ft=yaml
version: "3.7"
networks:
traefik:
external: true
services:
inbucket:
image: inbucket/inbucket:edge
networks:
- traefik
ports:
- 2500:2500
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.inbucket.entrypoints=localsecure
- traefik.http.routers.inbucket.rule=Host(`inbucket.kun.is`)
- traefik.http.routers.inbucket.service=inbucket
- traefik.http.routers.inbucket.tls=true
- traefik.http.routers.inbucket.tls.certresolver=letsencrypt
- traefik.docker.network=traefik
- traefik.http.services.inbucket.loadbalancer.server.port=9000

5
docker_swarm/roles/inbucket/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: inbucket
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

50
docker_swarm/roles/kitchenowl/docker-stack.yml.j2
View file

@ -1,50 +0,0 @@
# vi: ft=yaml
version: '3.7'
networks:
traefik:
external: true
kitchenowl:
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/kitchenowl/data"
services:
kitchenowl-front:
image: tombursch/kitchenowl-web:v0.4.20
depends_on:
- kitchenowl
networks:
- traefik
- kitchenowl
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.kitchenowl.entrypoints=websecure
- traefik.http.routers.kitchenowl.rule=Host(`boodschappen.kun.is`)
- traefik.http.routers.kitchenowl.tls=true
- traefik.http.routers.kitchenowl.tls.certresolver=letsencrypt
- traefik.http.routers.kitchenowl.service=kitchenowl
- traefik.http.services.kitchenowl.loadbalancer.server.port=80
- traefik.docker.network=traefik
environment:
BACK_URL: 'kitchenowl:5000'
kitchenowl:
image: tombursch/kitchenowl:v92
networks:
kitchenowl:
aliases:
- kitchenowl
environment:
- JWT_SECRET_KEY={{ jwt_secret_key }}
volumes:
- type: volume
source: data
target: /data
volume:
nocopy: true
hostname: kitchenowl

5
docker_swarm/roles/kitchenowl/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: kitchenowl
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

7
docker_swarm/roles/kitchenowl/vars/main.yml
View file

@ -1,7 +0,0 @@
jwt_secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
37376338663532376135613331303737626633666138643132316336306164393134633639303865
3134613830323335663466373262316262353464323535300a636163633439323035643033623363
36316361656133663235333834343233363134313938656664356538366166653336656562623664
3332393330616636630a646139393937313932373963623764346134323635336539346562346635
36613637396133383664323561666464346336386233363434653765356334633831

8
docker_swarm/roles/kms/docker-stack.yml.j2
View file

@ -1,8 +0,0 @@
# vi: ft=yaml
version: '3.7'
services:
kms:
image: teddysun/kms
ports:
- 1688:1688

5
docker_swarm/roles/kms/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: kms
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

40
docker_swarm/roles/nextcloud/docker-stack.yml.j2
View file

@ -1,40 +0,0 @@
# vi: ft=yaml
version: '3.8'
networks:
traefik:
external: true
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/nextcloud/data"
services:
nextcloud:
image: nextcloud:27
volumes:
- type: volume
source: data
target: /var/www/html
volume:
nocopy: true
environment:
- POSTGRES_USER=nextcloud
- POSTGRES_DB=nextcloud
- POSTGRES_PASSWORD={{ database_passwords.nextcloud }}
- POSTGRES_HOST=lewis.dmz
networks:
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.nextcloud.entrypoints=websecure
- traefik.http.routers.nextcloud.rule=Host(`cloud.kun.is`)
- traefik.http.routers.nextcloud.tls=true
- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
- traefik.http.routers.nextcloud.service=nextcloud
- traefik.http.services.nextcloud.loadbalancer.server.port=80
- traefik.docker.network=traefik

5
docker_swarm/roles/nextcloud/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: nextcloud
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

113
docker_swarm/roles/paperless-ngx/docker-stack.yml.j2
View file

@ -1,113 +0,0 @@
# vi: ft=yaml
# Docker Compose file for running paperless from the Docker Hub.
# This file contains everything paperless needs to run.
# Paperless supports amd64, arm and arm64 hardware.
#
# All compose files of paperless configure paperless in the following way:
#
# - Paperless is (re)started on system boot, if it was running before shutdown.
# - Docker volumes for storing data are managed by Docker.
# - Folders for importing and exporting files are created in the same directory
# as this file and mounted to the correct folders inside the container.
# - Paperless listens on port 8000.
#
# In addition to that, this Docker Compose file adds the following optional
# configurations:
#
# - Instead of SQLite (default), PostgreSQL is used as the database server.
#
# To install and update paperless with this file, do the following:
#
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
# and '.env' into a folder.
# - Run 'docker compose pull'.
# - Run 'docker compose run --rm webserver createsuperuser' to create a user.
# - Run 'docker compose up -d'.
#
# For more extensive installation and update instructions, refer to the
# documentation.
version: "3.7"
networks:
traefik:
external: true
paperless-ngx:
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/paperless-ngx/data"
redisdata:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/paperless-ngx/redisdata"
nextcloud:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/nextcloud/data"
services:
broker:
image: docker.io/library/redis:7
volumes:
- type: volume
source: redisdata
target: /data
volume:
nocopy: true
networks:
- paperless-ngx
webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:2.3
depends_on:
- broker
volumes:
- type: volume
source: data
target: /data
volume:
nocopy: true
# TODO: what does this directory even do?
# - ./export:/usr/src/paperless/export
- type: volume
source: nextcloud
target: /nextcloud
volume:
nocopy: true
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_DBENGINE: postgresql
PAPERLESS_DBHOST: lewis.dmz
PAPERLESS_DBNAME: paperless
PAPERLESS_DBUSER: paperless
PAPERLESS_DBPASS: "{{ paperless_db_password }}"
PAPERLESS_CONSUMPTION_DIR: /nextcloud/data/pim/files/paperless-ngx/consumption/
PAPERLESS_DATA_DIR: /data/
PAPERLESS_MEDIA_ROOT: /data/
PAPERLESS_CONSUMER_POLLING: 10
PAPERLESS_OCR_LANGUAGES: nld eng
PAPERLESS_URL: https://paperless.kun.is
PAPERLESS_TIME_ZONE: Europe/Amsterdam
PAPERLESS_OCR_LANGUAGE: nld
PAPERLESS_SECRET_KEY: "{{ paperless_secret_key }}"
USERMAP_UID: "33"
USERMAP_GID: "33"
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.paperless-ngx.entrypoints=websecure
- traefik.http.routers.paperless-ngx.rule=Host(`paperless.kun.is`)
- traefik.http.routers.paperless-ngx.tls=true
- traefik.http.routers.paperless-ngx.tls.certresolver=letsencrypt
- traefik.http.routers.paperless-ngx.service=paperless-ngx
- traefik.http.services.paperless-ngx.loadbalancer.server.port=8000
- traefik.docker.network=traefik
networks:
- traefik
- paperless-ngx

5
docker_swarm/roles/paperless-ngx/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: paperless-ngx
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

14
docker_swarm/roles/paperless-ngx/vars/main.yml
View file

@ -1,14 +0,0 @@
paperless_secret_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
63306337643736303137376130613866353330633632633233376463626366316562623836613065
6337353539323238643739323964613464666163333161350a323532333239303161383164616535
38343534663664356131653838626139653838393437633461333035323933356262366232643635
6165373765653132360a346132653262316232306237336337393861646466613831323837636138
61373633653562363636373835656665643537313864313266626638343063643039
paperless_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66366431303231626232303861383735373733373035663864326235623731643561336333626536
6135316437376361656636386337373637343237613139640a393232373136323466363465393562
61383963353931353931306261366566656264303034373936336539346337316639626538616661
6438383134366333360a616538373533373533326264666463396666353532333864343832333239
62343237653431633030366230373137343564313334363736363232346238646361

57
docker_swarm/roles/pihole/docker-stack.yml.j2
View file

@ -1,57 +0,0 @@
# vi: ft=yaml
version: "3.8"
networks:
traefik:
external: true
pihole:
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/pihole/data"
dnsmasq:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/pihole/dnsmasq"
services:
pihole:
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
network_mode: "host"
environment:
TZ: 'Europe/Amsterdam'
WEBPASSWORD: {{ pihole_password }}
PIHOLE_DNS_: '192.168.30.1'
volumes:
- type: volume
source: data
target: /etc/pihole
volume:
nocopy: true
- type: volume
source: dnsmasq
target: /etc/dnsmasq.d
volume:
nocopy: true
networks:
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.pihole.entrypoints=localsecure
- traefik.http.routers.pihole.rule=Host(`pihole.kun.is`)
- traefik.http.routers.pihole.tls=true
- traefik.http.routers.pihole.tls.certresolver=letsencrypt
- traefik.http.routers.pihole.service=pihole
- traefik.http.services.pihole.loadbalancer.server.port=80
- traefik.docker.network=traefik
placement:
constraints:
- node.role == manager

5
docker_swarm/roles/pihole/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: pihole
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

8
docker_swarm/roles/pihole/vars/main.yml
View file

@ -1,8 +0,0 @@
pihole_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
38616134666661363535303137373633613063613731383766303633336533373233363736333263
3461336138663861623134633031663631633666393939340a396561643132333665373430343466
36626633366232376236383434336166353638653733666566336266373739663236636334373866
3261303962613966610a643765613762396335643233383432613737316361386234663365656566
30336535326437336437383336393838306161333662346165333262383735616137653766653165
3361333436346130376261316133323963393338633838303031

61
docker_swarm/roles/radicale/docker-stack.yml.j2
View file

@ -1,61 +0,0 @@
# vi: ft=yaml
version: '3.7'
networks:
traefik:
external: true
configs:
config:
external: true
name: "{{ config.config_name }}"
users:
external: true
name: "{{ users.config_name }}"
volumes:
data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/radicale"
services:
radicale:
image: tomsquest/docker-radicale
init: true
read_only: true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
- CHOWN
- KILL
healthcheck:
test: curl -f http://127.0.0.1:5232 || exit 1
interval: 30s
retries: 3
volumes:
- type: volume
source: data
target: /data
volume:
nocopy: true
networks:
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.radicale.entrypoints=websecure
- traefik.http.routers.radicale.rule=Host(`dav.kun.is`)
- traefik.http.routers.radicale.tls=true
- traefik.http.routers.radicale.tls.certresolver=letsencrypt
- traefik.http.routers.radicale.service=radicale
- traefik.http.services.radicale.loadbalancer.server.port=5232
- traefik.docker.network=traefik
configs:
- source: config
target: /config/config
- source: users
target: /config/users

24
docker_swarm/roles/radicale/radicale.conf
View file

@ -1,24 +0,0 @@
[server]
hosts = 0.0.0.0:5232, [::]:5232
ssl = False
[encoding]
request = utf-8
stock = utf-8
[auth]
realm = Radicale - Password Required
type = htpasswd
htpasswd_filename = /config/users
htpasswd_encryption = md5
[rights]
type = owner_only
[storage]
type = multifilesystem
filesystem_folder = /data
[logging]
[headers]

21
docker_swarm/roles/radicale/tasks/main.yml
View file

@ -1,21 +0,0 @@
- name: Create radicale config
docker_config:
name: radicale_config
data: "{{ lookup('file', '{{ role_path }}/radicale.conf') }}"
use_ssh_client: true
rolling_versions: true
register: config
- name: Create radicale users
docker_config:
name: radicale_users
data: "{{ lookup('file', '{{ role_path }}/users') }}"
use_ssh_client: true
rolling_versions: true
register: users
- name: Deploy Docker stack
docker_stack:
name: radicale
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

1
docker_swarm/roles/radicale/users
View file

@ -1 +0,0 @@
pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.

50
docker_swarm/roles/syncthing/docker-stack.yml.j2
View file

@ -1,50 +0,0 @@
# vi: ft=yaml
version: "3"
networks:
traefik:
external: true
volumes:
config:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/syncthing/config"
nextcloud_data:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/nfs/nextcloud/data"
services:
syncthing:
image: lscr.io/linuxserver/syncthing:1.23.6
networks:
- traefik
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.http.routers.syncthing.entrypoints=localsecure
- traefik.http.routers.syncthing.rule=Host(`sync.kun.is`)
- traefik.http.routers.syncthing.service=syncthing
- traefik.http.routers.syncthing.tls=true
- traefik.http.routers.syncthing.tls.certresolver=letsencrypt
- traefik.http.services.syncthing.loadbalancer.server.port=8384
environment:
- PUID=33
- PGID=33
- TZ=Europe/Amsterdam
volumes:
- type: volume
source: nextcloud_data
target: /data
volume:
nocopy: true
- type: volume
source: config
target: /config
volume:
nocopy: true

5
docker_swarm/roles/syncthing/tasks/main.yml
View file

@ -1,5 +0,0 @@
- name: Deploy Docker stack
docker_stack:
name: syncthing
compose:
- "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"