Compare commits
7 Commits
1990413fbe
...
e7ffb1b56c
Author | SHA1 | Date | |
---|---|---|---|
e7ffb1b56c | |||
e1aefa2527 | |||
800c7f062c | |||
43370eb837 | |||
fd056ba0fa | |||
e0fc6ab1fa | |||
0016b318e2 |
5
en1.yml
5
en1.yml
@ -7,9 +7,6 @@ all:
|
||||
update: false
|
||||
clean: false
|
||||
|
||||
omni_host_swarm_controller: jupiter
|
||||
omni_host_webproxy: jupiter
|
||||
|
||||
children:
|
||||
|
||||
servers:
|
||||
@ -59,6 +56,7 @@ all:
|
||||
virtualization:
|
||||
hosts:
|
||||
jupiter:
|
||||
omni_docker_configs: /etc/omni/compose
|
||||
omni_docker_swarm_iface: eno2
|
||||
children:
|
||||
virtualization_worker:
|
||||
@ -73,6 +71,7 @@ all:
|
||||
datastore_arbiter:
|
||||
hosts:
|
||||
jupiter:
|
||||
omni_datastore_mount: /mnt/datastore
|
||||
omni_gluster_brick:
|
||||
mount: /mnt/brick0
|
||||
fs: xfs
|
||||
|
@ -10,14 +10,6 @@
|
||||
tasks:
|
||||
- import_tasks: tasks/nginx/install.yml
|
||||
|
||||
- name: Install configuration
|
||||
become: true
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
notify:
|
||||
- restart-nginx
|
||||
|
||||
- name: Set required SELinux options
|
||||
become: true
|
||||
seboolean:
|
||||
@ -26,3 +18,37 @@
|
||||
state: true
|
||||
notify:
|
||||
- restart-nginx
|
||||
|
||||
|
||||
- name: Configure Nginx
|
||||
hosts: jupiter
|
||||
vars_files:
|
||||
- vars/applications.yml
|
||||
vars:
|
||||
_letsencrypt_cert_dir: /etc/letsencrypt/live
|
||||
handlers:
|
||||
- name: restart-nginx
|
||||
import_tasks: tasks/nginx/services.yml
|
||||
tasks:
|
||||
- name: Install server configuration
|
||||
become: true
|
||||
copy:
|
||||
src: nginx/nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
notify:
|
||||
- restart-nginx
|
||||
|
||||
- name: Install application configurations
|
||||
when: item.value.published.host is defined
|
||||
become: true
|
||||
template:
|
||||
src: nginx/{{ item.key }}.nginx.conf.j2
|
||||
dest: /etc/nginx/conf.d/{{ item.key }}.conf
|
||||
owner: nginx
|
||||
group: "{{ ansible_user }}"
|
||||
mode: 0755
|
||||
loop: "{{ omni_compose_apps | dict2items }}"
|
||||
loop_control:
|
||||
label: "{{ item.key }} ({{ item.value.published.host | default('none') }})"
|
||||
notify:
|
||||
- restart-nginx
|
||||
|
71
playbooks/deploy-compose.yml
Normal file
71
playbooks/deploy-compose.yml
Normal file
@ -0,0 +1,71 @@
|
||||
---
|
||||
- name: Prompt for input
|
||||
hosts: all
|
||||
tags:
|
||||
- always
|
||||
gather_facts: false
|
||||
vars_prompt:
|
||||
- name: application
|
||||
prompt: Enter name of application stack to deploy
|
||||
private: false
|
||||
vars_files:
|
||||
- vars/applications.yml
|
||||
tasks:
|
||||
- name: Validate user input
|
||||
assert:
|
||||
that: application in omni_compose_apps.keys()
|
||||
|
||||
- name: Set facts for usage later
|
||||
set_fact:
|
||||
_runtime_application: "{{ application }}"
|
||||
|
||||
|
||||
- import_playbook: initialize.yml
|
||||
|
||||
|
||||
- name: Configure datastore
|
||||
hosts: jupiter
|
||||
vars_files:
|
||||
- vars/applications.yml
|
||||
- vars/secrets/applications.yml
|
||||
tasks:
|
||||
- name: Create application datastore directory
|
||||
become: true
|
||||
file:
|
||||
path: "{{ omni_datastore_mount }}{{ omni_compose_apps[_runtime_application].datastore }}"
|
||||
state: directory
|
||||
owner: "{{ omni_compose_apps[_runtime_application].account.name }}"
|
||||
group: "{{ omni_compose_apps[_runtime_application].account.name }}"
|
||||
mode: 0750
|
||||
|
||||
|
||||
- name: Configure docker stack
|
||||
hosts: jupiter
|
||||
vars_files:
|
||||
- vars/applications.yml
|
||||
- vars/secrets/applications.yml
|
||||
tasks:
|
||||
- name: Create compose configuration directory
|
||||
become: true
|
||||
file:
|
||||
path: "{{ omni_docker_configs }}/{{ _runtime_application }}"
|
||||
state: directory
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: 0750
|
||||
|
||||
- name: Install docker-compose file
|
||||
become: true
|
||||
template:
|
||||
src: docker-compose/{{ _runtime_application }}.yaml.j2
|
||||
dest: "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"
|
||||
owner: "{{ ansible_user }}"
|
||||
group: docker
|
||||
mode: 0640
|
||||
|
||||
- name: Deploy the stack
|
||||
docker_stack:
|
||||
name: "{{ _runtime_application }}"
|
||||
state: present
|
||||
compose:
|
||||
- "{{ omni_docker_configs }}/{{ _runtime_application }}/docker-compose.yaml"
|
33
poetry.lock
generated
33
poetry.lock
generated
@ -84,7 +84,7 @@ cffi = ">=1.1"
|
||||
six = ">=1.4.1"
|
||||
|
||||
[package.extras]
|
||||
tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)"]
|
||||
tests = ["pytest (>=3.2.1,!=3.3.0)"]
|
||||
typecheck = ["mypy"]
|
||||
|
||||
[[package]]
|
||||
@ -209,7 +209,7 @@ optional = false
|
||||
python-versions = "*"
|
||||
|
||||
[package.extras]
|
||||
test = ["flake8 (3.7.8)", "hypothesis (3.55.3)"]
|
||||
test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"]
|
||||
|
||||
[[package]]
|
||||
name = "crashtest"
|
||||
@ -232,11 +232,11 @@ cffi = ">=1.8,<1.11.3 || >1.11.3"
|
||||
six = ">=1.4.1"
|
||||
|
||||
[package.extras]
|
||||
docs = ["sphinx (>=1.6.5,<1.8.0 || >1.8.0,<3.1.0 || >3.1.0,<3.1.1 || >3.1.1)", "sphinx-rtd-theme"]
|
||||
docs = ["sphinx (>=1.6.5,!=1.8.0,!=3.1.0,!=3.1.1)", "sphinx-rtd-theme"]
|
||||
docstest = ["doc8", "pyenchant (>=1.6.11)", "twine (>=1.12.0)", "sphinxcontrib-spelling (>=4.0.1)"]
|
||||
pep8test = ["black", "flake8", "flake8-import-order", "pep8-naming"]
|
||||
ssh = ["bcrypt (>=3.1.5)"]
|
||||
test = ["pytest (>=3.6.0,<3.9.0 || >3.9.0,<3.9.1 || >3.9.1,<3.9.2 || >3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,<3.79.2 || >3.79.2)"]
|
||||
test = ["pytest (>=3.6.0,!=3.9.0,!=3.9.1,!=3.9.2)", "pretend", "iso8601", "pytz", "hypothesis (>=1.11.4,!=3.79.2)"]
|
||||
|
||||
[[package]]
|
||||
name = "distlib"
|
||||
@ -296,7 +296,7 @@ texttable = ">=0.9.0,<2"
|
||||
websocket-client = ">=0.32.0,<1"
|
||||
|
||||
[package.extras]
|
||||
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2)"]
|
||||
socks = ["PySocks (>=1.5.6,!=1.5.7,<2)"]
|
||||
tests = ["ddt (>=1.2.2,<2)", "pytest (<6)"]
|
||||
|
||||
[[package]]
|
||||
@ -419,6 +419,14 @@ MarkupSafe = ">=0.23"
|
||||
[package.extras]
|
||||
i18n = ["Babel (>=0.8)"]
|
||||
|
||||
[[package]]
|
||||
name = "jsondiff"
|
||||
version = "1.2.0"
|
||||
description = "Diff JSON and JSON-like structures in Python"
|
||||
category = "main"
|
||||
optional = false
|
||||
python-versions = "*"
|
||||
|
||||
[[package]]
|
||||
name = "jsonschema"
|
||||
version = "3.2.0"
|
||||
@ -453,7 +461,7 @@ SecretStorage = {version = ">=3.2", markers = "sys_platform == \"linux\""}
|
||||
|
||||
[package.extras]
|
||||
docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
|
||||
testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
|
||||
testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "pytest-black (>=0.3.7)", "pytest-mypy"]
|
||||
|
||||
[[package]]
|
||||
name = "lockfile"
|
||||
@ -690,7 +698,7 @@ six = "*"
|
||||
|
||||
[package.extras]
|
||||
docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"]
|
||||
tests = ["pytest (>=3.2.1,<3.3.0 || >3.3.0)", "hypothesis (>=3.27.0)"]
|
||||
tests = ["pytest (>=3.2.1,!=3.3.0)", "hypothesis (>=3.27.0)"]
|
||||
|
||||
[[package]]
|
||||
name = "pyparsing"
|
||||
@ -759,7 +767,7 @@ urllib3 = ">=1.21.1,<1.27"
|
||||
|
||||
[package.extras]
|
||||
security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"]
|
||||
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7)", "win-inet-pton"]
|
||||
socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
|
||||
|
||||
[[package]]
|
||||
name = "requests-toolbelt"
|
||||
@ -933,7 +941,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
|
||||
[package.extras]
|
||||
brotli = ["brotlipy (>=0.6.0)"]
|
||||
secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"]
|
||||
socks = ["PySocks (>=1.5.6,<1.5.7 || >1.5.7,<2.0)"]
|
||||
socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
|
||||
|
||||
[[package]]
|
||||
name = "virtualenv"
|
||||
@ -995,12 +1003,12 @@ python-versions = ">=3.6"
|
||||
|
||||
[package.extras]
|
||||
docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
|
||||
testing = ["pytest (>=3.5,<3.7.3 || >3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
|
||||
testing = ["pytest (>=3.5,!=3.7.3)", "pytest-checkdocs (>=1.2.3)", "pytest-flake8", "pytest-cov", "jaraco.test (>=3.2.0)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"]
|
||||
|
||||
[metadata]
|
||||
lock-version = "1.1"
|
||||
python-versions = "^3.7"
|
||||
content-hash = "8b7b0693f9b950cdd1b324b3a949fee237711b6db378b291df158baf0c8c83d5"
|
||||
content-hash = "fab3171105b575ad1762097ee732aba6b81555636d32cb4d3cf6f48326149396"
|
||||
|
||||
[metadata.files]
|
||||
ansible = [
|
||||
@ -1196,6 +1204,9 @@ jinja2 = [
|
||||
{file = "Jinja2-2.11.2-py2.py3-none-any.whl", hash = "sha256:f0a4641d3cf955324a89c04f3d94663aa4d638abe8f733ecd3582848e1c37035"},
|
||||
{file = "Jinja2-2.11.2.tar.gz", hash = "sha256:89aab215427ef59c34ad58735269eb58b1a5808103067f7bb9d5836c651b3bb0"},
|
||||
]
|
||||
jsondiff = [
|
||||
{file = "jsondiff-1.2.0.tar.gz", hash = "sha256:34941bc431d10aa15828afe1cbb644977a114e75eef6cc74fb58951312326303"},
|
||||
]
|
||||
jsonschema = [
|
||||
{file = "jsonschema-3.2.0-py2.py3-none-any.whl", hash = "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163"},
|
||||
{file = "jsonschema-3.2.0.tar.gz", hash = "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"},
|
||||
|
@ -11,6 +11,7 @@ ansible = "^2.9.4"
|
||||
docker = "^4.2.0"
|
||||
docker-compose = "^1.25.4"
|
||||
paramiko = "^2.7.1"
|
||||
jsondiff = "^1.2.0"
|
||||
|
||||
[tool.poetry.dev-dependencies]
|
||||
ansible-lint = "^4.2.0"
|
||||
|
257
resources/docker-compose/bitwarden.yaml.j2
Normal file
257
resources/docker-compose/bitwarden.yaml.j2
Normal file
@ -0,0 +1,257 @@
|
||||
---
|
||||
version: "{{ omni_compose_version | string }}"
|
||||
|
||||
|
||||
x-global-env: &globalenv
|
||||
LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
|
||||
LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string}}"
|
||||
ASPNETCORE_ENVIRONMENT: Production
|
||||
globalSettings__selfHosted: "true"
|
||||
globalSettings__baseServiceUri__vault: https://{{ omni_compose_apps.bitwarden.published.host }}
|
||||
globalSettings__baseServiceUri__api: https://{{ omni_compose_apps.bitwarden.published.host }}/api
|
||||
globalSettings__baseServiceUri__identity: https://{{ omni_compose_apps.bitwarden.published.host }}/identity
|
||||
globalSettings__baseServiceUri__admin: https://{{ omni_compose_apps.bitwarden.published.host }}/admin
|
||||
globalSettings__baseServiceUri__notifications: https://{{ omni_compose_apps.bitwarden.published.host }}/notifications
|
||||
globalSettings__baseServiceUri__internalNotifications: http://bitwarden_notifications:5000
|
||||
globalSettings__baseServiceUri__internalAdmin: http://bitwarden_admin:5000
|
||||
globalSettings__baseServiceUri__internalIdentity: http://bitwarden_identity:5000
|
||||
globalSettings__baseServiceUri__internalApi: http://bitwarden_api:5000
|
||||
globalSettings__baseServiceUri__internalVault: http://bitwarden_web:5000
|
||||
globalSettings__pushRelayBaseUri: https://push.bitwarden.com
|
||||
globalSettings__installation__identityUri: https://identity.bitwarden.com
|
||||
globalSettings__sqlServer__connectionString: "Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=e934c0bb-3b5a-4e6b-b525-cd6d83004e1a;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
|
||||
globalSettings__identityServer__certificatePassword: {{ omni_compose_app_secrets.bitwarden.identity_server_certificate_password }}
|
||||
globalSettings__attachment__baseDirectory: /etc/bitwarden/core/attachments
|
||||
globalSettings__attachment__baseUrl: https://{{ omni_compose_apps.bitwarden.published.host }}/attachments
|
||||
globalSettings__dataProtection__directory: /etc/bitwarden/core/aspnet-dataprotection
|
||||
globalSettings__logDirectory: /etc/bitwarden/logs
|
||||
globalSettings__licenseDirectory: /etc/bitwarden/core/licenses
|
||||
globalSettings__internalIdentityKey: {{ omni_compose_app_secrets.bitwarden.internal_identity_key }}
|
||||
globalSettings__duo__aKey: {{ omni_compose_app_secrets.bitwarden.duo_akey }}
|
||||
globalSettings__installation__id: {{ omni_compose_app_secrets.bitwarden.installation_id }}
|
||||
globalSettings__installation__key: {{ omni_compose_app_secrets.bitwarden.installation_key }}
|
||||
globalSettings__yubico__clientId: REPLACE
|
||||
globalSettings__yubico__key: REPLACE
|
||||
globalSettings__mail__replyToEmail: noreply@enp.one
|
||||
globalSettings__mail__smtp__host: REPLACE
|
||||
globalSettings__mail__smtp__port: "587"
|
||||
globalSettings__mail__smtp__ssl: "false"
|
||||
globalSettings__mail__smtp__username: REPLACE
|
||||
globalSettings__mail__smtp__password: REPLACE
|
||||
globalSettings__disableUserRegistration: "false"
|
||||
globalSettings__hibpApiKey: REPLACE
|
||||
adminSettings__admins: ""
|
||||
|
||||
|
||||
volumes:
|
||||
bitwarden-db-data:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/data
|
||||
driver: glusterfs
|
||||
bitwarden-db-backup:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/mssql/backup
|
||||
bitwarden-nginx-data:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/nginx
|
||||
driver: glusterfs
|
||||
bitwarden-web:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/web
|
||||
driver: glusterfs
|
||||
bitwarden-ssl:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ssl
|
||||
driver: glusterfs
|
||||
bitwarden-ca-certs:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/ca-certificates
|
||||
driver: glusterfs
|
||||
bitwarden-core:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/core
|
||||
driver: glusterfs
|
||||
bitwarden-identity:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/identity
|
||||
driver: glusterfs
|
||||
bitwarden-logs-api:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/api
|
||||
driver: glusterfs
|
||||
bitwarden-logs-db:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/mssql
|
||||
driver: glusterfs
|
||||
bitwarden-logs-identity:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/identity
|
||||
driver: glusterfs
|
||||
bitwarden-logs-nginx:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/nginx
|
||||
driver: glusterfs
|
||||
bitwarden-logs-admin:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/admin
|
||||
driver: glusterfs
|
||||
bitwarden-logs-icons:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/icons
|
||||
driver: glusterfs
|
||||
bitwarden-logs-notifications:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/notifications
|
||||
driver: glusterfs
|
||||
bitwarden-logs-events:
|
||||
name: datastore{{ omni_compose_apps.bitwarden.datastore }}/logs/events
|
||||
driver: glusterfs
|
||||
|
||||
|
||||
networks:
|
||||
bitwarden_internal:
|
||||
internal: true
|
||||
name: bitwarden_internal
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.bitwarden.networks.internal }}
|
||||
bitwarden_external:
|
||||
internal: false
|
||||
name: bitwarden_external
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.bitwarden.networks.external }}
|
||||
|
||||
|
||||
services:
|
||||
mssql:
|
||||
image: bitwarden/mssql:{{ omni_compose_apps.bitwarden.versions.mssql | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
stop_grace_period: 60s
|
||||
networks:
|
||||
- bitwarden_internal
|
||||
volumes:
|
||||
- bitwarden-db-data:/var/opt/mssql/data
|
||||
- bitwarden-db-backup:/etc/bitwarden/mssql/backups
|
||||
- bitwarden-logs-db:/var/opt/mssql/log
|
||||
environment:
|
||||
LOCAL_UID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
|
||||
LOCAL_GID: "{{ omni_compose_apps.bitwarden.account.uid | string }}"
|
||||
ACCEPT_EULA: "Y"
|
||||
MSSQL_PID: Express
|
||||
SA_PASSWORD: {{ omni_compose_app_secrets.bitwarden.mssql_sa_password }}
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
web:
|
||||
image: bitwarden/web:{{ omni_compose_apps.bitwarden.versions.web | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
networks:
|
||||
- bitwarden_internal
|
||||
volumes:
|
||||
- bitwarden-web:/etc/bitwarden/web
|
||||
environment: *globalenv
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
attachments:
|
||||
image: bitwarden/attachments:{{ omni_compose_apps.bitwarden.versions.attachments | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
networks:
|
||||
- bitwarden_internal
|
||||
volumes:
|
||||
- bitwarden-core:/etc/bitwarden/core
|
||||
environment: *globalenv
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
api:
|
||||
image: bitwarden/api:{{ omni_compose_apps.bitwarden.versions.api | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
volumes:
|
||||
- bitwarden-core:/etc/bitwarden/core
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-api:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
identity:
|
||||
image: bitwarden/identity:{{ omni_compose_apps.bitwarden.versions.identity | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
volumes:
|
||||
- bitwarden-identity:/etc/bitwarden/identity
|
||||
- bitwarden-core:/etc/bitwarden/core
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-identity:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
admin:
|
||||
image: bitwarden/admin:{{ omni_compose_apps.bitwarden.versions.admin | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
depends_on:
|
||||
- mssql
|
||||
volumes:
|
||||
- bitwarden-core:/etc/bitwarden/core
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-admin:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
icons:
|
||||
image: bitwarden/icons:{{ omni_compose_apps.bitwarden.versions.icons | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
volumes:
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-icons:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
notifications:
|
||||
image: bitwarden/notifications:{{ omni_compose_apps.bitwarden.versions.notifications | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
volumes:
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-notifications:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
events:
|
||||
image: bitwarden/events:{{ omni_compose_apps.bitwarden.versions.events | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
volumes:
|
||||
- bitwarden-ca-certs:/etc/bitwarden/ca-certificates
|
||||
- bitwarden-logs-events:/etc/bitwarden/logs
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
nginx:
|
||||
image: bitwarden/nginx:{{ omni_compose_apps.bitwarden.versions.nginx | default(omni_compose_apps.bitwarden.versions.default) }}
|
||||
depends_on:
|
||||
- web
|
||||
- admin
|
||||
- api
|
||||
- identity
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.bitwarden.published.ports.8080 }}
|
||||
target: 8080
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.bitwarden.published.ports.8443 }}
|
||||
target: 8443
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- bitwarden-nginx-data:/etc/bitwarden/nginx
|
||||
- bitwarden-ssl:/etc/ssl
|
||||
- bitwarden-logs-nginx:/var/log/nginx
|
||||
environment: *globalenv
|
||||
networks:
|
||||
- bitwarden_external
|
||||
- bitwarden_internal
|
||||
deploy:
|
||||
replicas: 1
|
51
resources/docker-compose/gitea.yaml.j2
Normal file
51
resources/docker-compose/gitea.yaml.j2
Normal file
@ -0,0 +1,51 @@
|
||||
---
|
||||
version: "{{ omni_compose_version | string }}"
|
||||
|
||||
|
||||
networks:
|
||||
gitea:
|
||||
name: gitea
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.gitea.networks.main }}
|
||||
|
||||
|
||||
volumes:
|
||||
gitea-data:
|
||||
name: datastore{{ omni_compose_apps.gitea.datastore }}
|
||||
driver: glusterfs
|
||||
|
||||
|
||||
services:
|
||||
server:
|
||||
image: gitea/gitea:{{ omni_compose_apps.gitea.versions.gitea | default(omni_compose_apps.gitea.versions.default) }}
|
||||
hostname: gitea
|
||||
networks:
|
||||
- gitea
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.gitea.published.ports.3000 }}
|
||||
target: 3000
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.gitea.published.ports.22 }}
|
||||
target: 22
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- type: volume
|
||||
source: gitea-data
|
||||
target: /data
|
||||
read_only: false
|
||||
environment:
|
||||
USER_UID: "{{ omni_compose_apps.gitea.account.uid | string }}"
|
||||
USER_GID: "{{ omni_compose_apps.gitea.account.uid | string }}"
|
||||
APP_NAME: ENP VCS
|
||||
RUN_MODE: prod
|
||||
DOMAIN: jupiter.net.enp.one
|
||||
ROOT_URL: https://{{ omni_compose_apps.gitea.published.host }}/
|
||||
DB_TYPE: sqlite3
|
||||
DISABLE_REGISTRATION: "true"
|
||||
deploy:
|
||||
replicas: 1
|
53
resources/docker-compose/minecraft.yaml.j2
Normal file
53
resources/docker-compose/minecraft.yaml.j2
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
version: "{{ omni_compose_version | string }}"
|
||||
|
||||
|
||||
networks:
|
||||
minecraft:
|
||||
name: minecraft
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.minecraft.networks.main }}
|
||||
|
||||
|
||||
volumes:
|
||||
minecraft-data:
|
||||
name: datastore{{ omni_compose_apps.minecraft.datastore }}
|
||||
driver: glusterfs
|
||||
|
||||
|
||||
services:
|
||||
server:
|
||||
image: itzg/minecraft-server:{{ omni_compose_apps.minecraft.versions.main }}
|
||||
hostname: minecraft
|
||||
networks:
|
||||
- minecraft
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.minecraft.published.ports.25565 }}
|
||||
target: 25565
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- type: volume
|
||||
source: minecraft-data
|
||||
target: /data
|
||||
read_only: false
|
||||
environment:
|
||||
EULA: "TRUE"
|
||||
TZ: Americas/New_York
|
||||
VERSION: {{ omni_compose_apps.minecraft.versions.server }}
|
||||
MAX_MEMORY: "8G"
|
||||
MOTD: "A home for buttery companions"
|
||||
MODE: survival
|
||||
OPS: ScifiGeek42
|
||||
WHITELIST: "ScifiGeek42,fantasycat256,CoffeePug,Snowdude21325,KaiserSJR,glutenfreebean"
|
||||
MAX_BUILD_HEIGHT: "512"
|
||||
SNOOPER_ENABLED: "false"
|
||||
ICON: https://cdn.enp.one/img/logos/e-w-sm.png
|
||||
ENABLE_RCON: "false"
|
||||
UID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
|
||||
GID: "{{ omni_compose_apps.minecraft.account.uid | string }}"
|
||||
deploy:
|
||||
replicas: 1
|
83
resources/docker-compose/plex.yaml.j2
Normal file
83
resources/docker-compose/plex.yaml.j2
Normal file
@ -0,0 +1,83 @@
|
||||
---
|
||||
version: "{{ omni_compose_version | string }}"
|
||||
|
||||
|
||||
networks:
|
||||
plex:
|
||||
name: plex
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.plex.networks.main }}
|
||||
|
||||
|
||||
volumes:
|
||||
plex-config:
|
||||
name: datastore{{ omni_compose_apps.plex.datastore }}
|
||||
driver: glusterfs
|
||||
plex-data:
|
||||
name: plex-data
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: nfs
|
||||
o: "addr=plexistore.tre2.local,ro"
|
||||
device: ":/nfs/plex"
|
||||
|
||||
|
||||
services:
|
||||
server:
|
||||
image: plexinc/pms-docker:{{ omni_compose_apps.plex.versions.default }}
|
||||
hostname: plex-media-server
|
||||
networks:
|
||||
- plex
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.plex.published.ports.32400 }}
|
||||
target: 32400
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.3005 }}
|
||||
target: 3005
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.8324 }}
|
||||
target: 8324
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.32469 }}
|
||||
target: 32469
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.1900 }}
|
||||
target: 1900
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.32410 }}
|
||||
target: 32410
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.32413 }}
|
||||
target: 32413
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.plex.published.ports.32414 }}
|
||||
target: 32414
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- type: volume
|
||||
source: plex-config
|
||||
target: /config
|
||||
read_only: false
|
||||
- type: volume
|
||||
source: plex-data
|
||||
target: /data
|
||||
read_only: true
|
||||
environment:
|
||||
TZ: "Americas/New_York"
|
||||
ALLOWED_NETWORKS: 10.42.100.0/24,10.42.101.0/24
|
||||
PLEX_UID: "{{ omni_compose_apps.plex.account.uid }}"
|
||||
PLEX_GID: "{{ omni_compose_apps.plex.account.uid }}"
|
||||
ADVERTISE_IP: "http://10.42.101.10:32400/"
|
||||
deploy:
|
||||
replicas: 1
|
68
resources/docker-compose/unifi.yaml.j2
Normal file
68
resources/docker-compose/unifi.yaml.j2
Normal file
@ -0,0 +1,68 @@
|
||||
---
|
||||
version: "3.7"
|
||||
|
||||
|
||||
networks:
|
||||
unifi:
|
||||
name: unifi
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.unifi.networks.main }}
|
||||
|
||||
|
||||
volumes:
|
||||
unifi-data:
|
||||
name: datastore{{ omni_compose_apps.unifi.datastore }}
|
||||
driver: glusterfs
|
||||
|
||||
|
||||
services:
|
||||
wlc:
|
||||
image: jacobalberty/unifi:{{ omni_compose_apps.unifi.versions.default }}
|
||||
hostname: en1-unifi-wlc
|
||||
init: true
|
||||
networks:
|
||||
- unifi
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.8080 }}
|
||||
target: 8080
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.8443 }}
|
||||
target: 8443
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.8843 }}
|
||||
target: 8843
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.8880 }}
|
||||
target: 8880
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.3478 }}
|
||||
target: 3478
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.6789 }}
|
||||
target: 6789
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
- published: {{ omni_compose_apps.unifi.published.ports.10001 }}
|
||||
target: 10001
|
||||
protocol: udp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- type: volume
|
||||
source: unifi-data
|
||||
target: /unifi
|
||||
read_only: false
|
||||
environment:
|
||||
RUNAS_UID0: "false"
|
||||
UNIFI_UID: "{{ omni_compose_apps.unifi.account.uid }}"
|
||||
UNIFI_GID: "{{ omni_compose_apps.unifi.account.uid }}"
|
||||
TZ: "Americas/New_York"
|
||||
deploy:
|
||||
replicas: 1
|
31
resources/nginx/bitwarden.nginx.conf.j2
Normal file
31
resources/nginx/bitwarden.nginx.conf.j2
Normal file
@ -0,0 +1,31 @@
|
||||
# Ansible managed file
|
||||
# DO NOT MANUALLY EDIT
|
||||
#
|
||||
server {
|
||||
server_name {{ omni_compose_apps.bitwarden.published.host }};
|
||||
listen 443 ssl;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:{{ omni_compose_apps.bitwarden.published.8080 }}/;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ omni_compose_apps.bitwarden.published.host }}/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name {{ omni_compose_apps.bitwarden.published.host }};
|
||||
listen 80;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
if ($host = {{ omni_compose_apps.bitwarden.published.host }}) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
return 404;
|
||||
}
|
||||
#
|
||||
# EOF
|
86
vars/applications.yml
Normal file
86
vars/applications.yml
Normal file
@ -0,0 +1,86 @@
|
||||
---
|
||||
omni_compose_version: 3.7
|
||||
|
||||
omni_compose_apps:
|
||||
bitwarden:
|
||||
datastore: /appdata/bitwarden
|
||||
account:
|
||||
name: mech_bitwarden
|
||||
uid: 1294
|
||||
published:
|
||||
host: ssv.enp.one
|
||||
ports:
|
||||
8080: 8090
|
||||
8443: 8943
|
||||
networks:
|
||||
internal: 192.168.104.0/24
|
||||
external: 192.168.105.0/24
|
||||
versions:
|
||||
default: 1.36.1
|
||||
web: 2.15.1
|
||||
attachments: 1.34.0
|
||||
gitea:
|
||||
datastore: /appdata/gitea
|
||||
account:
|
||||
name: mech_gitea
|
||||
uid: 1295
|
||||
published:
|
||||
host: vcs.enp.one
|
||||
ports:
|
||||
3000: 3000
|
||||
22: 2222
|
||||
networks:
|
||||
main: 192.168.103.0/24
|
||||
versions:
|
||||
default: 1.11.5
|
||||
minecraft:
|
||||
datastore: /appdata/minecraft
|
||||
account:
|
||||
name: mech_minecraft
|
||||
uid: 1297
|
||||
published:
|
||||
ports:
|
||||
25565: 25565
|
||||
networks:
|
||||
main: 192.168.102.0/24
|
||||
versions:
|
||||
main: latest
|
||||
server: 1.15.2
|
||||
plex:
|
||||
datastore: /appdata/plex
|
||||
account:
|
||||
name: mech_plex
|
||||
uid: 1298
|
||||
published:
|
||||
host: pms.enp.one
|
||||
ports:
|
||||
32400: 32400
|
||||
3005: 3005
|
||||
8324: 8324
|
||||
32469: 32469
|
||||
1900: 1900
|
||||
32410: 32410
|
||||
32413: 32413
|
||||
32414: 32414
|
||||
networks:
|
||||
main: 192.168.101.0/24
|
||||
versions:
|
||||
default: latest
|
||||
unifi:
|
||||
datastore: /appdata/unifi
|
||||
account:
|
||||
name: mech_ubnt
|
||||
uid: 1296
|
||||
published:
|
||||
ports:
|
||||
8080: 8080
|
||||
8443: 8443
|
||||
8843: 8843
|
||||
8880: 8880
|
||||
3478: 3478
|
||||
6789: 6789
|
||||
10001: 10001
|
||||
networks:
|
||||
main: 192.168.100.0/24
|
||||
versions:
|
||||
default: "5.12"
|
Reference in New Issue
Block a user