192 lines
5.8 KiB
YAML
192 lines
5.8 KiB
YAML
---
|
|
- hosts: all
|
|
|
|
vars_files:
|
|
- vars/ports.yml
|
|
- vars/vars.yml
|
|
|
|
tasks:
|
|
|
|
- name: 'Ensure networkd service is started (required by Caddy).'
|
|
systemd:
|
|
name: systemd-networkd
|
|
state: started
|
|
enabled: true
|
|
tags:
|
|
- webserver
|
|
|
|
- import_role:
|
|
name: caddy_ansible.caddy_ansible
|
|
vars:
|
|
caddy_github_token: '{{ caddy_vars.github_token }}'
|
|
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
|
|
caddy_update: False
|
|
caddy_setcap: True
|
|
caddy_systemd_capabilities_enabled: True
|
|
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
|
|
tags:
|
|
- webserver
|
|
|
|
# Applications
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: homepage
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
DOCKER_PREFIX: homepage
|
|
PROJECT_NAME: homepage
|
|
IMAGE_PREFIX: homepage
|
|
CONTAINER_PREFIX: homepage
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ homepage_port }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: dayoff
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
- '{{ lookup("file", "files/dayoff_id_rsa.pub") }}'
|
|
env:
|
|
DOCKER_PREFIX: dayoff
|
|
PROJECT_NAME: dayoff
|
|
IMAGE_PREFIX: dayoff
|
|
CONTAINER_PREFIX: dayoff
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ dayoff_port }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: wiki
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
PROJECT_NAME: wiki
|
|
DOCKER_PREFIX: wiki
|
|
IMAGE_PREFIX: wiki
|
|
CONTAINER_PREFIX: wiki
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ wiki_port }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: nomie
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
PROJECT_NAME: nomie
|
|
DOCKER_PREFIX: nomie
|
|
IMAGE_PREFIX: nomie
|
|
CONTAINER_PREFIX: nomie
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ nomie_port }}'
|
|
COUCH_DB_PORT: '127.0.0.1:{{ nomie_db_port }}'
|
|
COUCH_DB_USER: 'couch-admin'
|
|
COUCH_DB_PASSWORD: '{{ nomie.couch_db_password }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: gitea
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
PROJECT_NAME: gitea
|
|
DOCKER_PREFIX: gitea
|
|
IMAGE_PREFIX: gitea
|
|
CONTAINER_PREFIX: gitea
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ gitea_port }}'
|
|
USER_UID: '{{ uc_result.uid }}'
|
|
USER_GID: '{{ uc_result.group }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: keycloak
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
PROJECT_NAME: keycloak
|
|
DOCKER_PREFIX: keycloak
|
|
IMAGE_PREFIX: keycloak
|
|
CONTAINER_PREFIX: keycloak
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ keycloak_port }}'
|
|
KEYCLOAK_ADMIN: '{{ keycloak.admin_login }}'
|
|
KEYCLOAK_ADMIN_PASSWORD: '{{ keycloak.admin_password }}'
|
|
USER_UID: '{{ uc_result.uid }}'
|
|
USER_GID: '{{ uc_result.group }}'
|
|
tags:
|
|
- apps
|
|
|
|
- import_role:
|
|
name: docker-app
|
|
vars:
|
|
username: outline
|
|
extra_groups:
|
|
- docker
|
|
ssh_keys:
|
|
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
|
|
env:
|
|
PROJECT_NAME: outline
|
|
DOCKER_PREFIX: outline
|
|
IMAGE_PREFIX: outline
|
|
CONTAINER_PREFIX: outline
|
|
WEB_SERVER_PORT: '127.0.0.1:{{ outline_port }}'
|
|
USER_UID: '{{ uc_result.uid }}'
|
|
USER_GID: '{{ uc_result.group }}'
|
|
# Postgres
|
|
POSTGRES_USER: '{{ outline.postgres_user }}'
|
|
POSTGRES_PASSWORD: '{{ outline.postgres_password }}'
|
|
POSTGRES_DB: 'outline'
|
|
# See sample https://github.com/outline/outline/blob/main/.env.sample
|
|
NODE_ENV: 'production'
|
|
SECRET_KEY: '{{ outline.secret_key }}'
|
|
UTILS_SECRET: '{{ outline.utils_secret }}'
|
|
DATABASE_URL: 'postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline'
|
|
PGSSLMODE: 'disable'
|
|
REDIS_URL: 'redis://redis:6379'
|
|
URL: 'https://outline.vakhrushev.me'
|
|
FILE_STORAGE: 's3'
|
|
AWS_ACCESS_KEY_ID: '{{ outline.s3_access_key }}'
|
|
AWS_SECRET_ACCESS_KEY: '{{ outline.s3_secret_key }}'
|
|
AWS_REGION: 'ru-central1'
|
|
AWS_S3_ACCELERATE_URL: ''
|
|
AWS_S3_UPLOAD_BUCKET_URL: 'https://storage.yandexcloud.net'
|
|
AWS_S3_UPLOAD_BUCKET_NAME: 'av-outline-wiki'
|
|
AWS_S3_FORCE_PATH_STYLE: 'true'
|
|
AWS_S3_ACL: 'private'
|
|
OIDC_CLIENT_ID: '{{ outline.oidc_client_id }}'
|
|
OIDC_CLIENT_SECRET: '{{ outline.oidc_client_secret }}'
|
|
OIDC_AUTH_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth'
|
|
OIDC_TOKEN_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token'
|
|
OIDC_USERINFO_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo'
|
|
OIDC_LOGOUT_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout'
|
|
OIDC_USERNAME_CLAIM: 'email'
|
|
OIDC_DISPLAY_NAME: 'KK'
|
|
|
|
tags:
|
|
- apps
|