Compare commits
28 commits
update/aut
...
main
Author | SHA1 | Date | |
---|---|---|---|
3e07ead889 | |||
bd923e6894 | |||
439603a12e | |||
10750ffbe9 | |||
c37af9a00a | |||
4b8f5c03c5 | |||
a7e3208de2 | |||
bf62cba8e7 | |||
64f4773c01 | |||
d1ae38cb3d | |||
714706be71 | |||
333032f27b | |||
a8cc1fd810 | |||
9dcf7d7696 | |||
6148fab2cc | |||
779d4f1e3f | |||
11946d4dfe | |||
765b5f5557 | |||
233a4736f1 | |||
eb0d41debf | |||
a6b1b4c148 | |||
ccb4197aa0 | |||
058f5b7ca7 | |||
8ca4253e4b | |||
5099a7d2a2 | |||
2b1f01c94f | |||
1781c23774 | |||
fc26e177a8 |
44 changed files with 310 additions and 505 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -6,3 +6,4 @@ vault-password
|
||||||
tmp/
|
tmp/
|
||||||
.DS_store
|
.DS_store
|
||||||
UNHB_INFRA_UMBAU
|
UNHB_INFRA_UMBAU
|
||||||
|
authentik-api-invite.token
|
||||||
|
|
65
clean-synapse-db.yml
Normal file
65
clean-synapse-db.yml
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
|
||||||
|
- name: "Clean up the Synapse DB"
|
||||||
|
hosts: unhb4
|
||||||
|
remote_user: root
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Install jq"
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- jq
|
||||||
|
- python3-psycopg2
|
||||||
|
|
||||||
|
- name: "Get IP of DB container for the database synapse uses"
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
docker inspect {{ synapse_db_clean_container_db }} | jq -r '.[].NetworkSettings.Networks[].IPAddress'
|
||||||
|
register: docker_network_inspect_synapse_db
|
||||||
|
|
||||||
|
- ansible.builtin.set_fact:
|
||||||
|
postgres_ip_synapse_db: "{{ docker_network_inspect_synapse_db.stdout }}"
|
||||||
|
|
||||||
|
- name: "Ensure Synapse is disabled before accessing the database"
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: "docker compose stop {{ synapse_db_clean_container_synapse }}"
|
||||||
|
chdir: "{{ synapse_db_clean_compose_file_dir }}"
|
||||||
|
tags: molecule-notest
|
||||||
|
|
||||||
|
- name: "Delete orphan state_groups_state"
|
||||||
|
postgresql_query:
|
||||||
|
db: "{{ synapse_db_clean_db }}"
|
||||||
|
login_host: "{{ postgres_ip_synapse_db }}"
|
||||||
|
login_user: "{{ synapse_db_clean_user }}"
|
||||||
|
login_password: "{{ synapse_db_clean_password }}"
|
||||||
|
query: DELETE FROM state_groups_state WHERE room_id IN (SELECT DISTINCT(state_groups.room_id) AS room_id_gone FROM state_groups LEFT JOIN events USING(room_id) WHERE events.room_id IS NULL GROUP BY room_id_gone)
|
||||||
|
|
||||||
|
- name: "Delete orphan state_groups_state"
|
||||||
|
postgresql_query:
|
||||||
|
db: "{{ synapse_db_clean_db }}"
|
||||||
|
login_host: "{{ postgres_ip_synapse_db }}"
|
||||||
|
login_user: "{{ synapse_db_clean_user }}"
|
||||||
|
login_password: "{{ synapse_db_clean_password }}"
|
||||||
|
query: DELETE FROM state_groups WHERE room_id IN (SELECT DISTINCT(state_groups.room_id) AS room_id_gone FROM state_groups LEFT JOIN events USING(room_id) WHERE events.room_id IS NULL GROUP BY room_id_gone)
|
||||||
|
|
||||||
|
- name: "Reindex DB"
|
||||||
|
postgresql_query:
|
||||||
|
db: "{{ synapse_db_clean_db }}"
|
||||||
|
login_host: "{{ postgres_ip_synapse_db }}"
|
||||||
|
login_user: "{{ synapse_db_clean_user }}"
|
||||||
|
login_password: "{{ synapse_db_clean_password }}"
|
||||||
|
autocommit: yes
|
||||||
|
query: "REINDEX (VERBOSE) DATABASE {{ synapse_db_clean_db }}"
|
||||||
|
|
||||||
|
- name: "Vacuum DB"
|
||||||
|
postgresql_query:
|
||||||
|
db: "{{ synapse_db_clean_db }}"
|
||||||
|
login_host: "{{ postgres_ip_synapse_db }}"
|
||||||
|
login_user: "{{ synapse_db_clean_user }}"
|
||||||
|
login_password: "{{ synapse_db_clean_password }}"
|
||||||
|
autocommit: yes
|
||||||
|
query: VACUUM FULL VERBOSE
|
||||||
|
|
||||||
|
- name: "Ensure Synapse is re-enabled"
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: "docker compose up -d {{ synapse_db_clean_container_synapse }}"
|
||||||
|
chdir: "{{ synapse_db_clean_compose_file_dir }}"
|
||||||
|
tags: molecule-notest
|
2
clean_synapse_db.sh
Executable file
2
clean_synapse_db.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
ansible-playbook clean-synapse-db.yml -i inventory.ini
|
|
@ -6,4 +6,5 @@ APT_Periodic_AutocleanInterval: "7"
|
||||||
APT_Periodic_Unattended_Upgrade: "1"
|
APT_Periodic_Unattended_Upgrade: "1"
|
||||||
|
|
||||||
restic_repository_location: "sftp:restic_{{ inventory_hostname }}@proxmox.unhb.space:/storage/restic-backup/"
|
restic_repository_location: "sftp:restic_{{ inventory_hostname }}@proxmox.unhb.space:/storage/restic-backup/"
|
||||||
restic_start_time: "*-*-* 3:00:00"
|
restic_start_time: "*-*-* 1:00:00"
|
||||||
|
restic_prune_start_time: "*-*-* 11:00:00"
|
||||||
|
|
|
@ -16,6 +16,8 @@ firewall_services:
|
||||||
firewall_ports:
|
firewall_ports:
|
||||||
- "587/tcp"
|
- "587/tcp"
|
||||||
|
|
||||||
|
firewall_zone: "external"
|
||||||
|
|
||||||
pretix_container_name: "pretix_app.server2"
|
pretix_container_name: "pretix_app.server2"
|
||||||
pretix_currency: "EUR"
|
pretix_currency: "EUR"
|
||||||
pretix_db_backend: "postgresql"
|
pretix_db_backend: "postgresql"
|
||||||
|
@ -36,6 +38,9 @@ pretix_redis_container_name: "pretix_redis.server2"
|
||||||
pretix_registration: "off"
|
pretix_registration: "off"
|
||||||
pretix_redis_sessions: "true"
|
pretix_redis_sessions: "true"
|
||||||
|
|
||||||
|
traefik_container_name: "traefik"
|
||||||
|
traefik_dashboard_hostname: "traefik2.un-hack-bar.de"
|
||||||
|
|
||||||
watchtower_container_name: "watchtower.server2"
|
watchtower_container_name: "watchtower.server2"
|
||||||
watchtower_domainname: "unhb.de"
|
watchtower_domainname: "unhb.de"
|
||||||
watchtower_hostname: "neuromancer"
|
watchtower_hostname: "neuromancer"
|
||||||
|
|
|
@ -1,38 +1,42 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
36386661383262363762326636333638663039376235393062363831613537303533623564636330
|
34663134653636313763396465363236363138636632666439336236623535343137633332356439
|
||||||
3162653935633634336165316264373836383063336166620a366234356163643532643937613835
|
3764376137346635383238333438313239363263656534350a326665346331343736663334653933
|
||||||
64383262313039346165653136343037326639383434323235333834343931636235306134383431
|
39353535386230336631373964376462626363303632336166393135656532636162663633316461
|
||||||
6465616134653133660a363163323132343532656164356237616162656265663662656363643136
|
6364303032636230380a393739353836623730353866626633333232306464613430383366326234
|
||||||
63383739316639383733623964666132663139646437343036633038393335653338663432366234
|
62393931653331353263343963633365383831323164396238323535346535343438643032616463
|
||||||
66386564393133303865353433333063623238353964303236373763613137663264336337353737
|
32383534393534633662623966653566643730393961663731376366643034366335643130623265
|
||||||
38333536366235383333306434323432326163396461313861663764613961393161306363646466
|
66333130303866366565613735346131333262393234346166303266336264343332646534656634
|
||||||
39613833643330616530653065373934633563313137643666316531643066373834363537336638
|
31386634333766333062653166396262613262623738343135653139653934306362613365653835
|
||||||
63363662393038346230313434326134353866306665643235326161306332316531323238316430
|
37303437346363303039653861663033323966306437623961396265386536646433643836373439
|
||||||
39646138656637636266643864653735613632383365623032346565623135666533316665303732
|
64316665383361646531343237303036356362653635393330383061383939376161336661383961
|
||||||
39336462326437303730343865303962653932326138336232646234323561303463326432663337
|
38666335353166613735666565373136653064643734616130633137663731613237323433613536
|
||||||
34333066666462363638323536326464663633653864386666343533313231326639376234633565
|
38613033626137393435353931616233363930343761616431386564356237383761613333386630
|
||||||
32353636376431303735386365393033636235323365333832333339653132623965663737616138
|
31656237616135653135306639336264656666343163633531653961633833623863633436663033
|
||||||
61393130653432373361623936656635343935666332303064343763656338656433663063386137
|
32646465343262333562656436353234386663356134353637393431613561303435303633633765
|
||||||
63613865313733393264386638613966306634643036643139393934616237363663353938363461
|
39316435623066613764323064636239313332663463353065303461396133666239636231333835
|
||||||
66343739653262313963383363326339336361333430643263306131316231643935653835653437
|
36356331643663366230323230363963383233353738363635653963363137343039336632363933
|
||||||
63333239353362396261636438346236623966623666666634663965306630333138333138666632
|
35353733633730626562653038343035393133316166356138343537363834343834373761336539
|
||||||
31663066393336643033383535626635373762656333363166316661646464313937616365646234
|
62333633373339346161333866366136343830326363343131313838643864653635643465363861
|
||||||
62383564656534623164333166363937626139393137663965646232326532396536356437383563
|
38653131306433306638666464613363613331616430613234323736343231306230396330323733
|
||||||
63343261383538343335653861383530323837613938623036356630653937653237333739323433
|
65353231336131353434663063333237366433373731323432653530313434663563656432313764
|
||||||
31396464333733333630656363623761383032353732316235363462623131366634343539653938
|
36656662303039383236323135313465663139346138396665376336323336386230626631643037
|
||||||
34353234376266333364363264303531356631363030303961343134366133666432323866343537
|
35643832373139373063653136306365313233613238623034336261383866306632636339356439
|
||||||
31383066636664346230633035393739623339393231313661666435363337316431353364666464
|
34346132393832643832356434313331343536396333343437646337383133333361663861646633
|
||||||
65333935653936626230333161353133653231323139393335393636663533346563663433666431
|
32393732613331613635626537333765366261656361363634303737653939396636363861316531
|
||||||
38653965376335656639373435343439393664326262376235386337623034386636336661303934
|
62653333306462356333373861373139373363393531633466663531646130653130376266653334
|
||||||
66653565663965306664376133616664313437306137616536346432353738383964616461313139
|
37666534363566643863613536313839396139383535666463626562363563336537353235316133
|
||||||
38383263313539323063363439663734383861336364653962316665376362383035356335616630
|
64623664396166616433313532663930623232383339306534303234326536303932346131663564
|
||||||
39383337636366633232313262303364343931316462633932346162646262373932373864333866
|
64373936623964646436646465336365373965663863306663663061613363343037656463306635
|
||||||
31336461643032313933356237343966633138663934643765646431306637653439633536303961
|
39336635323365303935633965343733653531646261376638643161373937303138316664313563
|
||||||
34636366396330303135386630393537653538663638653034633262373463383430643839656563
|
39353939373335363963383764316262643734656537356462616335353831323561336266656238
|
||||||
39323463373637393230383130656362303030623365383638333363303430373231393866643236
|
63323230323933663236356438363735326364333662613262323561333262356366343639656562
|
||||||
61653736363134303437626233653966353266636438636335633734613533613263656466366163
|
37396332393033383531303062376539326130396466343635663333666232343334653965633931
|
||||||
64653437333662656235636437636266343565663837343461646163326238366165326135373363
|
38626435303366333365623537373761333838333037303562343437633363386333623662323639
|
||||||
61366131336665656661356433376262663836356230323063373766313437646630626535303935
|
63363731303163383135363961376231633162626234393535333835363462373431376365343333
|
||||||
31616331323132663665636162353331346631353636613964396635323766383334343566643938
|
30303236383365323836613133383830613233326464366163613230656264643833376136363963
|
||||||
33313739396361616265313134333564353633646531383666363031376238626465383735666636
|
38633765333238656166646563303930373366313931333733616238333230353131356431613533
|
||||||
3236
|
65653265356338393766373266613433323765623233666465666361393631666532336335386638
|
||||||
|
66373465656364656564336138333033376562373566396636633735363864363761393062303635
|
||||||
|
39323134303831383638313239633664383463343938373765613061306163663561343863313134
|
||||||
|
33336666633164656639636466303566666263346662653662383235326265626330373931346461
|
||||||
|
6533
|
||||||
|
|
|
@ -10,7 +10,7 @@ container_names:
|
||||||
element_web: "element_web.server4"
|
element_web: "element_web.server4"
|
||||||
|
|
||||||
authentik_error_reporting: "false"
|
authentik_error_reporting: "false"
|
||||||
authentik_email_host: "mail.un-hack-bar.de"
|
authentik_email_host: "imehl.un-hack-bar.de"
|
||||||
authentik_email_port: "587"
|
authentik_email_port: "587"
|
||||||
authentik_email_use_tls: "true"
|
authentik_email_use_tls: "true"
|
||||||
authentik_email_use_ssl: "false"
|
authentik_email_use_ssl: "false"
|
||||||
|
@ -64,9 +64,11 @@ firewall_ports:
|
||||||
- 64738/udp # Mumble
|
- 64738/udp # Mumble
|
||||||
- 21117/tcp # Rustdesk
|
- 21117/tcp # Rustdesk
|
||||||
|
|
||||||
|
firewall_zone: "external"
|
||||||
|
|
||||||
traefik_container_name: "traefik"
|
traefik_container_name: "traefik"
|
||||||
traefik_dashboard_hostname: "traefik.un-hack-bar.de"
|
traefik_dashboard_hostname: "traefik.un-hack-bar.de"
|
||||||
|
|
||||||
version:
|
version:
|
||||||
authentik: "2023.10.7"
|
authentik: "2024.8.3"
|
||||||
element_web: "latest"
|
element_web: "latest"
|
||||||
|
|
|
@ -1,50 +1,65 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
39663531646261623063306461623531383931653762613831656461313064376561336138663733
|
36666365343065316630613363313965396532623165336164353162316430623436363830366664
|
||||||
6434313637646163656637323234613335323031363933330a373661353061373033333063336331
|
3133313530303132353661336534616338663666306632620a663461346230353038646635303031
|
||||||
31646266353135336237386163623861306463613733633964656462366634306361646365313566
|
66333830666564316262636239643035353836313137393063376131333730343365313061333831
|
||||||
6239323762343662630a626336326137346261306363643862376636323266393362353437623161
|
3435363164666463350a373839336464666133346561333332386439393938336365636336343464
|
||||||
33356635303231346363613537396631643130313033646332323565666434373066613662353161
|
66623136323930303133333931623738333235313130663935383639373839366265633133633735
|
||||||
37346366666663336639663664616134366264383061643336356135343631626332656466373638
|
31316331613864633662346662346262346136633161333566623332666530393861306464393834
|
||||||
38666363336139343739353931313062613430653735376532613866313062663032613432346330
|
32306265656562326462306232633236313335646231306662323966363265393535633039656335
|
||||||
34653139316539373131393363303736386433363734616432326430346636653762363935363032
|
62313936653463643134363961376464373765313838363631366364633832396437353132386361
|
||||||
63633861333663626566323539366362633665666537653765313361353963343133326638643538
|
32613563316438383033333735643634356530336264356139356230366165626364353233373061
|
||||||
62643035383936666637333135616662343436303864373665613463363834623363623366613164
|
63326462383862373232663030326462346537353837643164663937306335653538343031343733
|
||||||
61633536613438636433653935333437653432656232633936346438323439353662373165626630
|
37303339393337663235663362646164643135643437626466303630633732636366366538333665
|
||||||
37356333646166303837373738643465353635376531623231623937666633613165643434356535
|
64646436343362643139323131393466653835623331393735346361653230663533353132306132
|
||||||
39353833366435396639646331666433353431353137393531653539303538313064313534376330
|
31316435353666393537373231306361353137343236383132653163313336353332346339386630
|
||||||
32376131386530373032373235323765663836663962663262363532303866323331663130623864
|
31393238353039323032376265366331346235346430623766663566663762356130363232336437
|
||||||
66313631646234323639613362653230363363326564633033623136643439653461373439376331
|
32356664353330623334343130393532646465666137346162353437396162353062636335333166
|
||||||
64303162613235333639613663373833643632376238316130333764373334616531303761393861
|
61633939663336346335383339653761343962336465666161306166646465316238666632336532
|
||||||
63303464653436393062343164306631646161333064303230366264313332303365326235383931
|
38316532376339666539636335636230373430643464663663383939303865376665366663656263
|
||||||
34666466626266333761373837373730633030356163333538313434666238623432623965383262
|
66633864373132653337656531623839313132303332303737623633623731613336363432616234
|
||||||
64626661323464323465643761356332343365316535343964353836346339313132333937333939
|
37343738373461623038363535313666373032613132326163646433326164636230656563393532
|
||||||
31656338613739363633373838363862343763613061373463306161643131653264646664323966
|
35663864323239363765373162303933363238353831363037306431656666643136313731643238
|
||||||
62653638646438336531633534336663326631303461613661383830353564363862373966343862
|
34323635633464633266623232356364303239633933613261323864336165316538323161383037
|
||||||
61373366326366366137333765376566663638366366303264363366363838646136306330313361
|
64333161613461333863333035626130346431663764666165383864346331323561366263363964
|
||||||
39306430333234363664383039373764636431303934323664646430303863383131623237356433
|
63633333643162643664356365366466366233643233353434633732313335363361363564333533
|
||||||
66316434323161653764363361383563643734366635356539386561316135663736303831353264
|
35323164633739346333623864646464623539363139396239316663333334356363373631343331
|
||||||
61346131633831613365313966626363393765376639326263643237346333363033313763376533
|
34653730363466326632333337373531646332386438383732613832333935323833313565373139
|
||||||
32396132666164396338653439626436396661366131623234646564356232353764303931313337
|
61323763646636373437333839623935626632663934303666306131383738633139663635643562
|
||||||
64636365313739343864346333396235623963303061396262653230353533613564636163656262
|
65643039313637306663616266623435383733333336623261643761363030613234343030363162
|
||||||
33376663663231343266336131613634623233633733343130636133316336363433666134393166
|
61646337346362303866336464316438316565666166666630336539663137326630383532333930
|
||||||
36633831373762373464376633613430633839333061303531376462626432333264333232356238
|
37393662653334616263623566653836343034323962346132333834666331316139303637646534
|
||||||
30663461653461626236633865346639363536666264663036653961623737343434306133663735
|
66353564353961343963393164643135383833666663336562353966323033356265323730343931
|
||||||
30356464343831623463393262646131336538376232323366316666386462653939336365613663
|
39663932613261323465373837656430323265373936613561323136663263636261346638383735
|
||||||
63613264623861386332663534313562636134373736396263653336393365323665666161336634
|
33636133396237303034373739663039663465376265356263313633386234333465316135306537
|
||||||
31656536393161653866363933356266323566666438353237656531356162636234323865386437
|
62363865383764613062613762616339336632643938663333636661666236303138626633623637
|
||||||
62653333623738323264313331303565646533663037633837366632303136633330643132613039
|
30363235323532383336633633626538386439663437323231353661353665346437613237643432
|
||||||
35393933613161363431643565353234393861636535643463636362306533353961656636383366
|
37333563616139663935613863313937303865383732313835386635623036636630303562393862
|
||||||
61323366663765373339646363383435306537376336633833393238633238623338303161336332
|
35636666393339333537373434306161366435373537353338356161633266386539326564643562
|
||||||
39656463303134623461383761613431653439343038623661363765333166363239316435646631
|
38616332363638343338623232643461633339656164383130303037653038326365373864373166
|
||||||
37346237346466313439653263326262616130613664613332343065636130353661633662393666
|
31303039663038396333306634653534383336626630613163373037316333373263376334383037
|
||||||
66306234346661303334383363333831323763336663383030633164623230343530383365316565
|
64306536626333353566346261393033336430363062623530643261353065313462616166383230
|
||||||
64323732653165653535643838376264313930376632373835623866356462626630333833663366
|
33633933643763613364653131306437653065663833663932326334613639613664333336613265
|
||||||
32623335333435333437653063393633323732636531353334613333353233633536373533326636
|
66313539303761343336303363646463366666333465303432383031653766613935343362343536
|
||||||
33646264363136343238626133663231653238396539326462326362633839333031383432656465
|
33306261646532643766626339333738613932616661376562383435623434613566336366306438
|
||||||
38353735623133386564626133663261643030626365303139613832306130613337663062613834
|
37373138396538353465393536643566333135623237303663343932313962383865353233323966
|
||||||
33653962636431356534653036326434386466616438666131363834353235343762643365323330
|
62306333383638383362666463343238333064303633623037333138646362643763623536383334
|
||||||
62383933623461383437633631633761616633653430326636393635666533373339336266383338
|
31646334356164353731353366393039663663383939643537383663663938613735303533613235
|
||||||
64316361656330306233343330613335373164656138353964646535323762323835333265636435
|
39333666663861373730323061313032656161323034376434363630393164353037383338346435
|
||||||
37376338653238333863383664373064323331363334353765636265663334363739363363636463
|
61636366323562646264643663346463303535636234366130336431363538656630653534346431
|
||||||
30656331366463353639383065363234653661346330346131353838626362373634353661326163
|
38656639633035323764623563663031333139336139353063663266343265393466373565306236
|
||||||
63623762383639633264353466323837383434653536343931653231656535343064
|
36366337393164653264303066363533346532313030313766666637663933363036666632303663
|
||||||
|
64346134316138616239396334623466323663623933656662626138363462653730373639643261
|
||||||
|
39323331386164326365313365333836396636336334663865666431343736643161323561623433
|
||||||
|
32326233653365653734326136303066323966643263313164306466303930666436383564323936
|
||||||
|
36363261363963353938666532373264616532623733393033366230323965613432346134613462
|
||||||
|
65646664383838376332653662393031313739343438666538376164666332653962333134306135
|
||||||
|
65656634663766316365386366363639336430663666303935303033343039326164656166373837
|
||||||
|
38663337373132316662663334383737643732653338373435383064316266396434623463623565
|
||||||
|
36363134363039626232643936353631343866633931353530656234616562626330636638303537
|
||||||
|
65363633366230633635366132656437623962396538363836316235633465383262623030353533
|
||||||
|
61353631336465313265353363313239363538653231383336343738656635383837363665336338
|
||||||
|
38646162393461313066666235376434303861366437353433313464323030636463396363333364
|
||||||
|
34646333366564633034343833643562373366643263316263626363363838653563633065396633
|
||||||
|
63616239343665326432643735313765306461333032663934393639303263303662393064353664
|
||||||
|
32383537383338376661393638383831313263346236343635333638333666333430373936303964
|
||||||
|
63653664356435306266
|
||||||
|
|
|
@ -8,10 +8,14 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
|
||||||
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
|
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
|
||||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
||||||
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
||||||
--label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`)" \
|
--label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \
|
||||||
|
--label "traefik.http.routers.authentik.middlewares=authentik_redirect" \
|
||||||
--label "traefik.http.routers.authentik.entrypoints=websecure" \
|
--label "traefik.http.routers.authentik.entrypoints=websecure" \
|
||||||
--label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
|
--label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
|
||||||
--label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
|
--label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
|
||||||
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \
|
||||||
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \
|
||||||
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \
|
||||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
|
zone: "{{ firewall_zone }}"
|
||||||
#this is seperate so you don't accidentally remove it
|
#this is seperate so you don't accidentally remove it
|
||||||
|
|
||||||
- name: Open services in firewall
|
- name: Open services in firewall
|
||||||
|
@ -25,6 +26,7 @@
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
|
zone: "{{ firewall_zone }}"
|
||||||
with_items: "{{ firewall_services }}"
|
with_items: "{{ firewall_services }}"
|
||||||
|
|
||||||
- name: Open ports in firewall
|
- name: Open ports in firewall
|
||||||
|
@ -33,5 +35,6 @@
|
||||||
permanent: yes
|
permanent: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: yes
|
||||||
|
zone: "{{ firewall_zone }}"
|
||||||
with_items: "{{ firewall_ports }}"
|
with_items: "{{ firewall_ports }}"
|
||||||
when: firewall_ports is defined
|
when: firewall_ports is defined
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- name: "Install dependencies"
|
- name: "Install dependencies"
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
pkg:
|
pkg:
|
||||||
- docker.io
|
- docker-ce
|
||||||
|
|
||||||
- name: "Create directories for Pretix and give it access"
|
- name: "Create directories for Pretix and give it access"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -95,9 +95,9 @@
|
||||||
- pretix-db.service
|
- pretix-db.service
|
||||||
- pretix-redis.service
|
- pretix-redis.service
|
||||||
|
|
||||||
- name: "Add Pretix to Docker network nginx_net"
|
- name: "Add Pretix to Docker network traefik"
|
||||||
docker_network:
|
docker_network:
|
||||||
name: nginx_net
|
name: traefik
|
||||||
connected:
|
connected:
|
||||||
- "{{ pretix_container_name }}"
|
- "{{ pretix_container_name }}"
|
||||||
appends: true
|
appends: true
|
||||||
|
|
|
@ -11,8 +11,13 @@ ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network
|
||||||
--label com.centurylinklabs.watchtower.enable=false --env-file {{ docker_volumes_dir }}/pretix/pretix.env \
|
--label com.centurylinklabs.watchtower.enable=false --env-file {{ docker_volumes_dir }}/pretix/pretix.env \
|
||||||
-v {{ docker_volumes_dir }}/pretix/data:/data \
|
-v {{ docker_volumes_dir }}/pretix/data:/data \
|
||||||
-v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
|
-v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
|
||||||
|
--label "traefik.enable=true" --label "traefik.http.routers.pretix.rule=Host(`pretix.un-hack-bar.de`)" \
|
||||||
|
--label "traefik.http.routers.pretix.entrypoints=websecure" \
|
||||||
|
--label "traefik.http.routers.pretix.tls.certresolver=letsencrypt" \
|
||||||
|
--label "traefik.http.services.pretix.loadbalancer.server.port=80" \
|
||||||
|
--label "traefik.docker.network=traefik" \
|
||||||
pretix/standalone:stable
|
pretix/standalone:stable
|
||||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ pretix_container_name }}"
|
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect traefik {{ pretix_container_name }}"
|
||||||
ExecStop=/usr/bin/docker stop {{ pretix_container_name }}
|
ExecStop=/usr/bin/docker stop {{ pretix_container_name }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=15s
|
RestartSec=15s
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ docker_volumes_dir }}/traefik"
|
- "{{ docker_volumes_dir }}/traefik"
|
||||||
|
|
||||||
- name: "Template Config for Pretix"
|
- name: "Template Config for Traefik"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: "{{ docker_volumes_dir }}/traefik/{{ item }}"
|
dest: "{{ docker_volumes_dir }}/traefik/{{ item }}"
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: unit.changed
|
when: unit.changed
|
||||||
|
|
||||||
- name: "Enable systemd units for Pretix"
|
- name: "Enable systemd units for Traefik"
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -8,7 +8,7 @@ ExecStartPre=-/usr/bin/docker rm --force {{ traefik_container_name }}
|
||||||
ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \
|
ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock -v {{ docker_volumes_dir }}/traefik/traefik.yml:/traefik.yml \
|
-v /var/run/docker.sock:/var/run/docker.sock -v {{ docker_volumes_dir }}/traefik/traefik.yml:/traefik.yml \
|
||||||
-v {{ docker_volumes_dir }}/traefik/traefik_dynamic.yml:/traefik_dynamic.yml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \
|
-v {{ docker_volumes_dir }}/traefik/traefik_dynamic.yml:/traefik_dynamic.yml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \
|
||||||
-p 80:80 -p 443:443 -p 8448:8448 --network traefik --label=com.centurylinklabs.watchtower.enable=false traefik:v2.10.5
|
-p 80:80 -p 443:443 -p 8448:8448 --network traefik --label=com.centurylinklabs.watchtower.enable=false traefik:v2.11
|
||||||
ExecStop=/usr/bin/docker stop {{ traefik_container_name }}
|
ExecStop=/usr/bin/docker stop {{ traefik_container_name }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=15s
|
RestartSec=15s
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
|
|
||||||
|
|
||||||
entryPoints:
|
entryPoints:
|
||||||
web:
|
web:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
|
@ -29,7 +28,7 @@ certificatesResolvers:
|
||||||
email: "{{ letsencrypt_email }}"
|
email: "{{ letsencrypt_email }}"
|
||||||
storage: "/letsencrypt/acme.json"
|
storage: "/letsencrypt/acme.json"
|
||||||
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
tlsChallenge:
|
tlsChallenge: true
|
||||||
|
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
# allow members of the sudo group to run backups, but without password
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup.sh
|
|
||||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-prune.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-mount.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-check-read-data.sh
|
|
||||||
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS.sh
|
|
||||||
#%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-PRUNE.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-MOUNT.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-CHECK.sh
|
|
||||||
%sudo ALL = NOPASSWD: /opt/scripts/restic/restic-backup-externe-4TB-HD-auf-NAS-READ-DATA.sh
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
|
|
||||||
restic check --read-data
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
|
|
||||||
restic check
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
|
|
||||||
restic mount /mnt/restic
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
restic unlock
|
|
||||||
echo "done! :)"
|
|
|
@ -1,111 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: "Install restic"
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- restic
|
|
||||||
state: latest
|
|
||||||
update_cache: true
|
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Debian'
|
|
||||||
|
|
||||||
- name: "Ensure /opt/scripts/ exists"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /opt/scripts
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: "Ensure /opt/db_dumps/ exists"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /opt/db_dumps/
|
|
||||||
state: directory
|
|
||||||
owner: postgres
|
|
||||||
group: postgres
|
|
||||||
mode: '0774'
|
|
||||||
ignore_errors: true #to do: auf mautrix-signal kein User "postgres" weil in Docker, muss gelöst werden
|
|
||||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names and 'mautrix-signal' not in inventory_hostname"
|
|
||||||
|
|
||||||
- name: "Copy restic backup scripts"
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "restic-backup-scripts/"
|
|
||||||
dest: /opt/scripts/restic/.
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u+rwx
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: "Template restic backup script restic-backup_{{ inventory_hostname }}.sh"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ../templates/restic-backup_{{ inventory_hostname }}.sh.j2
|
|
||||||
dest: /opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 'u+rwx'
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
|
||||||
|
|
||||||
#- name: "Template restic backup script ENTWURF"
|
|
||||||
# ansible.builtin.template:
|
|
||||||
# src: ../templates/restic-backup_ENTWURF.sh.j2
|
|
||||||
# dest: /opt/scripts/restic/restic-backup_ENTWURF.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
# mode: 'u+rwx'
|
|
||||||
|
|
||||||
- name: "Template restic backup script restic-backup_desktops.sh"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ../templates/restic-backup_desktops.sh.j2
|
|
||||||
dest: /opt/scripts/restic/restic-backup_desktops.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 'u+rwx'
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
|
||||||
|
|
||||||
- name: "Template restic prune script restic-prune.sh"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ../templates/restic-prune.sh.j2
|
|
||||||
dest: /opt/scripts/restic/restic-prune.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 'u+rwx'
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: "Template environment variable file restic.env"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ../templates/restic.env.j2
|
|
||||||
dest: /opt/scripts/restic/restic.env
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: "Template restic password file restic-password-repo"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ../templates/restic-password-repo.j2
|
|
||||||
dest: /opt/scripts/restic/restic-password-repo
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0440'
|
|
||||||
force: true
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: "Cronjob for Backups"
|
|
||||||
ansible.builtin.cron:
|
|
||||||
name: "Restic Backup"
|
|
||||||
minute: "0"
|
|
||||||
hour: "3"
|
|
||||||
job: "/opt/scripts/restic/restic-backup_{{ inventory_hostname }}.sh"
|
|
||||||
when: "ansible_os_family == 'Debian' and 'desktops' not in group_names"
|
|
||||||
|
|
||||||
- name: "Cronjob for Backups"
|
|
||||||
ansible.builtin.cron:
|
|
||||||
name: "Restic Backup"
|
|
||||||
minute: "0"
|
|
||||||
hour: "3"
|
|
||||||
job: "/opt/scripts/restic/restic-backup_desktops.sh"
|
|
||||||
when: "ansible_os_family == 'Debian' and 'desktops' in group_names"
|
|
|
@ -1,25 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source {{ restic_env_file }}
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
{% if restic_execute_before is defined %}
|
|
||||||
{{ restic_execute_before }}
|
|
||||||
{% else %}
|
|
||||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
|
||||||
{% endif %}
|
|
||||||
restic backup --verbose {{ restic_backup_paths }}
|
|
||||||
{% if restic_execute_after is defined %}
|
|
||||||
{{ restic_execute_after }}
|
|
||||||
{% else %}
|
|
||||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,25 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
{{ restic_env_file }}
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
{% if restic_execute_before is defined %}
|
|
||||||
{{ restic_execute_before }}
|
|
||||||
{% else %}
|
|
||||||
# restic_execute_before is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
|
||||||
{% endif %}
|
|
||||||
restic backup --verbose {{ restic_backup_paths }}
|
|
||||||
{% if restic_execute_after is defined %}
|
|
||||||
{{ restic_execute_after }}
|
|
||||||
{% else %}
|
|
||||||
# restic_execute_after is not defined, to insert commands to run before the actual backup, please define the variable in the Ansible Playbook
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,45 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
restic backup --verbose / \
|
|
||||||
--exclude /home/{{ user }}/.cache \
|
|
||||||
--exclude /home/{{ user }}/cache \
|
|
||||||
--exclude /home/{{ user }}/.config/Element/Cache/ \
|
|
||||||
--exclude /home/{{ user }}/.config/Element/GPUCache \
|
|
||||||
--exclude /home/{{ user }}/.config/Element/Code\ Cache/ \
|
|
||||||
--exclude /home/{{ user }}/.config/Signal/attachments.noindex \
|
|
||||||
--exclude /home/{{ user }}/.config/SchildiChat/Cache \
|
|
||||||
--exclude /home/{{ user }}/.config/SchildiChat/GPUCache \
|
|
||||||
--exclude /home/{{ user }}/.config/SchildiChat/Code\ Cache/ \
|
|
||||||
--exclude /home/{{ user }}/.config/Signal/Cache \
|
|
||||||
--exclude /home/{{ user }}/.config/Signal/GPUCache \
|
|
||||||
--exclude /home/{{ user }}/.config/Signal/Code\ Cache/ \
|
|
||||||
--exclude /home/{{ user }}/.local/share/Trash \
|
|
||||||
--exclude /home/{{ user }}/Bilder \
|
|
||||||
--exclude /home/{{ user }}/Downloads \
|
|
||||||
--exclude /home/{{ user }}/gPodder/Downloads/ \
|
|
||||||
--exclude /home/{{ user }}/Nextcloud \
|
|
||||||
--exclude /home/{{ user }}/no-backup \
|
|
||||||
--exclude /home/{{ user }}/synced_folders \
|
|
||||||
--exclude /home/{{ user }}/sync \
|
|
||||||
--exclude /home/{{ user }}/Signal_Backups \
|
|
||||||
--exclude /lost+found \
|
|
||||||
--exclude /media \
|
|
||||||
--exclude /mnt \
|
|
||||||
--exclude /proc \
|
|
||||||
--exclude /run \
|
|
||||||
--exclude /root/.cache \
|
|
||||||
--exclude /sys \
|
|
||||||
--exclude /tmp \
|
|
||||||
--exclude /var/cache \
|
|
||||||
--exclude /var/tmp
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,21 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
su - postgres --session-command 'pg_dump "{{ matrix_db_name }}" -f /opt/db_dumps/db-dump-{{ matrix_db_name }}.sql'
|
|
||||||
su - postgres --session-command 'pg_dump "mautrix_googlechat" -f /opt/db_dumps/db-dump-mautrix_googlechat.sql'
|
|
||||||
su - postgres --session-command 'pg_dump "mautrix_slack" -f /opt/db_dumps/db-dump-mautrix_slack.sql'
|
|
||||||
|
|
||||||
restic backup --verbose \
|
|
||||||
/etc/matrix-synapse \
|
|
||||||
/opt \
|
|
||||||
/var/lib/matrix-synapse
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,24 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
# systemctl disable --now mautrix-signal.service
|
|
||||||
|
|
||||||
su - postgres --session-command 'pg_dump "{{ database_vars.mautrix_signal.db }}" -f /opt/db_dumps/db-dump-mautrix-signal.sql'
|
|
||||||
|
|
||||||
restic backup --verbose \
|
|
||||||
/data-usb \
|
|
||||||
/etc/matrix-synapse \
|
|
||||||
/opt \
|
|
||||||
/var/lib/matrix-synapse
|
|
||||||
|
|
||||||
# systemctl enable --now mautrix-signal.service
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
restic backup --verbose \
|
|
||||||
/etc \
|
|
||||||
/home \
|
|
||||||
/opt \
|
|
||||||
/root \
|
|
||||||
/srv \
|
|
||||||
/var/www
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,29 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Now dumping databases, this might take a while..."
|
|
||||||
set -x
|
|
||||||
docker exec -t pretix_pg-sql.server2 pg_dumpall -c -U prtxdb > /opt/db_dumps/db-dump-pretix_db.sql
|
|
||||||
#docker exec docker-partkeepr-database-1 sh -c "exec mariadb-dump --all-databases -u{{ unhb4_mariadb_containers['partkeepr'].user }} --password=$MARIADB_PASSWORD_PARTKEEPR" > /opt/db_dumps/db-dump-partkeepr_db.sql
|
|
||||||
source /opt/scripts/restic/restic_db_passwords.env
|
|
||||||
docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -u{{ unhb4_mariadb_containers['engelsystem'].user }} --password=$MARIADB_PASSWORD_ENGELSYSTEM" > /opt/db_dumps/db-dump-engelsystem_db.sql
|
|
||||||
set +x
|
|
||||||
|
|
||||||
restic backup --verbose \
|
|
||||||
/etc \
|
|
||||||
/home \
|
|
||||||
/opt \
|
|
||||||
/root \
|
|
||||||
/srv \
|
|
||||||
/var/lib/docker/volumes/ \
|
|
||||||
/var/www
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,42 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# This file is managed via Ansible, do not edit manually. Changes might get overwitten.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
source /opt/scripts/restic/restic_db_passwords.env
|
|
||||||
#We will have to find out whether or not we need to initialize the repo. A non-zero exit code indicates that it has not yet been initialized.
|
|
||||||
restic snapshots
|
|
||||||
if [ "$?" -eq "0" ]
|
|
||||||
then
|
|
||||||
echo "Repo is already initialized, no need to do that."
|
|
||||||
else
|
|
||||||
echo "We need to initialize the repo first." && restic init
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Now dumping databases, this might take a while..."
|
|
||||||
set -x
|
|
||||||
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
|
|
||||||
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
|
||||||
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
|
||||||
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
|
||||||
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
|
||||||
docker exec -t nextcloud_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_NEXTCLOUD" > /opt/db_dumps/db-dump-nextcloud_db.sql
|
|
||||||
docker exec -t etherpad_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_ETHERPAD" > /opt/db_dumps/db-dump-etherpad_db.sql
|
|
||||||
docker exec -t jverein_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_JVEREIN" > /opt/db_dumps/db-dump-jverein_db.sql
|
|
||||||
docker exec -t url-shortener_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_URLSHORTENER" > /opt/db_dumps/db-dump-urlshortener_db.sql
|
|
||||||
docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WIKI" > /opt/db_dumps/db-dump-wiki_db.sql
|
|
||||||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_ROOT_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
|
||||||
set +x
|
|
||||||
|
|
||||||
restic backup --verbose \
|
|
||||||
/etc \
|
|
||||||
/home \
|
|
||||||
/opt \
|
|
||||||
/root \
|
|
||||||
/srv \
|
|
||||||
/var/lib/docker/volumes/ \
|
|
||||||
/var/www
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1 +0,0 @@
|
||||||
{{ restic_password_repo[inventory_hostname]["password"] }}
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source /opt/scripts/restic/restic.env
|
|
||||||
|
|
||||||
restic forget --prune --keep-within 1m --host={{ ansible_hostname }}
|
|
||||||
|
|
||||||
echo "done! :)"
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
export RESTIC_REPOSITORY="{{ restic_repository_location }}{{ inventory_hostname }}"
|
|
||||||
export RESTIC_PASSWORD_FILE="/opt/scripts/restic/restic-password-repo"
|
|
|
@ -82,6 +82,18 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 'u+rw'
|
mode: 'u+rw'
|
||||||
|
force: true
|
||||||
|
register: unit
|
||||||
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
||||||
|
- name: "Template systemd units for restic"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "restic-prune.service.j2"
|
||||||
|
dest: "/etc/systemd/system/restic-prune.service"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 'u+rw'
|
||||||
|
force: true
|
||||||
register: unit
|
register: unit
|
||||||
when: "ansible_os_family == 'Debian'"
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
||||||
|
@ -92,6 +104,18 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 'u+rw'
|
mode: 'u+rw'
|
||||||
|
force: true
|
||||||
|
register: unit
|
||||||
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
||||||
|
- name: "Template systemd timers for restic"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "restic-prune.timer.j2"
|
||||||
|
dest: "/etc/systemd/system/restic-prune.timer"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 'u+rw'
|
||||||
|
force: true
|
||||||
register: unit
|
register: unit
|
||||||
when: "ansible_os_family == 'Debian'"
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
||||||
|
@ -107,6 +131,8 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "restic@{{ inventory_hostname }}.service"
|
- "restic@{{ inventory_hostname }}.service"
|
||||||
- "restic@{{ inventory_hostname }}.timer"
|
- "restic@{{ inventory_hostname }}.timer"
|
||||||
|
- "restic-prune.service"
|
||||||
|
- "restic-prune.timer"
|
||||||
when: unit.changed
|
when: unit.changed
|
||||||
|
|
||||||
#- name: "Enable systemd units for restic-wasabi"
|
#- name: "Enable systemd units for restic-wasabi"
|
||||||
|
|
|
@ -9,7 +9,7 @@ else
|
||||||
echo "We need to initialize the repo first." && restic init
|
echo "We need to initialize the repo first." && restic init
|
||||||
fi
|
fi
|
||||||
|
|
||||||
restic backup --verbose \
|
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||||
/etc \
|
/etc \
|
||||||
/home \
|
/home \
|
||||||
/opt \
|
/opt \
|
||||||
|
|
|
@ -19,7 +19,7 @@ docker exec -t engel_sql.server2 sh -c "exec mysqldump --all-databases -uroot --
|
||||||
|
|
||||||
set +x
|
set +x
|
||||||
|
|
||||||
restic backup --verbose \
|
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||||
/etc \
|
/etc \
|
||||||
/home \
|
/home \
|
||||||
/opt \
|
/opt \
|
||||||
|
|
|
@ -17,8 +17,8 @@ fi
|
||||||
|
|
||||||
echo "Now dumping databases, this might take a while..."
|
echo "Now dumping databases, this might take a while..."
|
||||||
set -x
|
set -x
|
||||||
docker exec -t matrix_sql.server4 pg_dumpall -c -U user_synapse_unhb > /opt/db_dumps/db-dump-synapse_db.sql
|
docker exec -t matrix_sql.server4 pg_dump -Z0 -c -U user_synapse_unhb -d synapse_db > /opt/db_dumps/db-dump-synapse_db.sql
|
||||||
docker exec -t authentik-postgresql-1 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
docker exec -t authentik-postgresql-1.server4 pg_dumpall -c -U authentik > /opt/db_dumps/db-dump-authentik_db.sql
|
||||||
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
docker exec -t hedgedoc_sql15.server4 pg_dumpall -c -U md > /opt/db_dumps/db-dump-hedgedoc_db.sql
|
||||||
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
docker exec -t tandoor-tandoor_recipes_db-1 pg_dumpall -c -U djangouser > /opt/db_dumps/db-dump-tandoor_db.sql
|
||||||
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
docker exec -t wikijs-wikijs-db-1 pg_dumpall -c -U wikijs > /opt/db_dumps/db-dump-wikijs_db.sql
|
||||||
|
@ -30,13 +30,12 @@ docker exec -t wiki_sql.server4 sh -c "exec mariadb-dump --all-databases -uroot
|
||||||
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
docker exec -t wordpress_sql.server4 sh -c "exec mysqldump --all-databases -uroot --password=$MARIADB_PASSWORD_WORDPRESS" > /opt/db_dumps/db-dump-wordpress_db.sql
|
||||||
set +x
|
set +x
|
||||||
|
|
||||||
restic backup --verbose \
|
restic backup --host="{{ inventory_hostname }}" --verbose \
|
||||||
/etc \
|
/etc \
|
||||||
/home \
|
/home \
|
||||||
/opt \
|
/opt \
|
||||||
/root \
|
/root \
|
||||||
/srv \
|
/srv
|
||||||
/var/lib/docker/volumes/ \
|
# /var/lib/docker/volumes/ \
|
||||||
/var/www
|
|
||||||
|
|
||||||
echo "done! :)"
|
echo "done! :)"
|
||||||
|
|
11
roles/unhb_backup_scripts/templates/restic-prune.service.j2
Normal file
11
roles/unhb_backup_scripts/templates/restic-prune.service.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=This unit will start pruning restic snapshots
|
||||||
|
After=
|
||||||
|
Wants=
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=no
|
||||||
|
Type=simple
|
||||||
|
ExecStart=/opt/scripts/restic/restic-prune.sh
|
||||||
|
|
||||||
|
[Install]
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
source /opt/scripts/restic/restic.env
|
source /opt/scripts/restic/restic.env
|
||||||
|
|
||||||
restic forget --prune --keep-within 1m --host={{ ansible_hostname }}
|
restic forget --prune --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --host={{ inventory_hostname }}
|
||||||
|
|
||||||
echo "done! :)"
|
echo "done! :)"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Timer starting restic-prune.service
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar={{ restic_prune_start_time }}
|
||||||
|
Unit=restic-prune.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,9 +1,9 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Timer starting restic-wasabi.service
|
Description=Timer starting restic.service
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
OnCalendar={{ restic_start_time }}
|
OnCalendar={{ restic_start_time }}
|
||||||
Unit=restic-wasabi@%i.service
|
Unit=restic@%i.service
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
WATCHTOWER_POLL_INTERVAL={{ watchtower_poll_interval }}
|
WATCHTOWER_POLL_INTERVAL={{ watchtower_poll_interval }}
|
||||||
WATCHTOWER_NOTIFICATIONS="{{ watchtower_notifications }}"
|
WATCHTOWER_NOTIFICATIONS={{ watchtower_notifications }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_FROM="{{ watchtower_notification_email_from }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_FROM={{ watchtower_notification_email_from }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_TO="{{ watchtower_notification_email_to }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_TO={{ watchtower_notification_email_to }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_SERVER="{{ watchtower_notification_email_server }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_SERVER={{ watchtower_notification_email_server }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT="{{ watchtower_notification_email_server_port }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT={{ watchtower_notification_email_server_port }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="{{ watchtower_notification_email_server_user }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER={{ watchtower_notification_email_server_user }}
|
||||||
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="{{ watchtower_notification_email_server_password }}"
|
WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD={{ watchtower_notification_email_server_password }}
|
||||||
WATCHTOWER_WARN_ON_HEAD_FAILURE="{{ watchtower_warn_on_head_failure }}"
|
WATCHTOWER_WARN_ON_HEAD_FAILURE={{ watchtower_warn_on_head_failure }}
|
||||||
|
|
17
scripts/unhb-authentik-invite.sh
Executable file
17
scripts/unhb-authentik-invite.sh
Executable file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
DATEINAMONTH=$(date --date='31 days' +%F)
|
||||||
|
|
||||||
|
if [ ! -f "authentik-api-invite.token" ]; then echo "ERROR - authentik-api.token does not exist, please save the API token to that file" && exit 1; fi
|
||||||
|
BEARERTOKEN=$(cat authentik-api-invite.token)
|
||||||
|
if [ -z ${1+x} ]; then echo "ERROR - Invite Token has no name. Spaces and special characters are not allowed. Example: ./unhb-authentik-invite.sh invite_for_jon_doe" && exit 1; fi
|
||||||
|
|
||||||
|
echo "INFO - Generating invite link for: $1"
|
||||||
|
|
||||||
|
LINK=$(curl --silent -X POST "https://auth.un-hack-bar.de/api/v3/stages/invitation/invitations/" \
|
||||||
|
-H "accept: application/json"\
|
||||||
|
-H "authorization: Bearer $BEARERTOKEN"\
|
||||||
|
-H "content-type: application/json" \
|
||||||
|
-d '{"name":"'$1'","expires":"'$DATEINAMONTH'T00:00:00.000Z","fixed_data":{},"single_use":true,"flow":"6a0afde87a4e40a3b3bb2215de9c34f0"}' | jq ".pk" -r 2>/dev/null | xargs -I {} -n 1 -0 echo 'https://auth.un-hack-bar.de/if/flow/unhb-invite-enrollment/?itoken={}')
|
||||||
|
|
||||||
|
echo $LINK | qrencode -m 2 -t utf8
|
||||||
|
echo $LINK
|
3
site.yml
3
site.yml
|
@ -18,8 +18,9 @@
|
||||||
remote_user: root
|
remote_user: root
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- watchtower_docker # Needs changes when migrating to Traefik
|
#- watchtower_docker # Needs changes when migrating to Traefik
|
||||||
- pretix_docker # Needs changes when migrating to Traefik
|
- pretix_docker # Needs changes when migrating to Traefik
|
||||||
|
- traefik_docker
|
||||||
|
|
||||||
- name: Set up roles on unhb4
|
- name: Set up roles on unhb4
|
||||||
hosts: unhb4
|
hosts: unhb4
|
||||||
|
|
22
useful_ressources/ssh_config.md
Normal file
22
useful_ressources/ssh_config.md
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
Add this to your SSH Config:
|
||||||
|
|
||||||
|
```
|
||||||
|
Host unhb4
|
||||||
|
#Key: SHA256:pgNNZwqtDY4rkx99svN+UMwZ1W30kS44CJNsRbuavvg (ed25519)
|
||||||
|
HostName server4.unhb.de
|
||||||
|
User root
|
||||||
|
LocalForward 9000 localhost:9000
|
||||||
|
Host unhb-proxmox-local
|
||||||
|
#Key: SHA256:VoFtWYe3YhGSEK0m3M2O4GHxRqk0X3QwtH5rhnUo7/I (ed25519)
|
||||||
|
HostName proxmox.unhb.space
|
||||||
|
User root
|
||||||
|
```
|
||||||
|
|
||||||
|
The door is currently not managed via Ansible, but here is its config anyway:
|
||||||
|
|
||||||
|
```
|
||||||
|
Host unhb-door
|
||||||
|
HostName 192.168.88.244
|
||||||
|
User keymaster
|
||||||
|
IdentityFile ~/.ssh/YOUR_IDENTITY_FILE_FOR_THE_DOOR
|
||||||
|
```
|
Loading…
Reference in a new issue