From 890f3c5ea81aca5c4c2a0868f52ef277608d50d8 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Mon, 6 May 2024 15:51:16 -0700 Subject: [PATCH] attempt to fix shit --- group_vars/all.yml | 2 +- playbooks/roles/borg/tasks/main.yml | 1 + .../roles/docker/files/docker-compose@.service | 2 +- .../roles/mail/templates/docker-compose.yml.j2 | 13 ++++++++++++- .../roles/wireguard-mesh/templates/mmtmesh.conf.j2 | 3 --- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 8e21681..e89e9f1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -4,7 +4,7 @@ dns_servers: - 1.1.1.1 - 1.0.0.1 dns_domains: - - ["mistymountainstherapy.com"] + - mistymountainstherapy.com dns_dnssec: true dns_stub_listener: false diff --git a/playbooks/roles/borg/tasks/main.yml b/playbooks/roles/borg/tasks/main.yml index fd3be99..037ecdd 100644 --- a/playbooks/roles/borg/tasks/main.yml +++ b/playbooks/roles/borg/tasks/main.yml @@ -16,6 +16,7 @@ borg_group: "{{ borg_my_group }}" borgmatic_timer: cron borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}" + borgmatic_relocated_repo_access_is_ok: true borg_source_directories: "{{ base_files + (extra_files[inventory_hostname] | default([])) }}" borg_retention_policy: diff --git a/playbooks/roles/docker/files/docker-compose@.service b/playbooks/roles/docker/files/docker-compose@.service index bd8dedb..6a6314c 100644 --- a/playbooks/roles/docker/files/docker-compose@.service +++ b/playbooks/roles/docker/files/docker-compose@.service @@ -6,7 +6,7 @@ After=docker.service [Service] RemainAfterExit=true WorkingDirectory=/etc/docker/compose/%i -ExecStartPre=/usr/bin/docker compose pull +ExecStartPre=/bin/bash -c "/usr/bin/docker compose pull || /bin/test" ExecStart=/usr/bin/docker compose up --detach --remove-orphans ExecStop=/usr/bin/docker compose down Restart=always diff --git a/playbooks/roles/mail/templates/docker-compose.yml.j2 b/playbooks/roles/mail/templates/docker-compose.yml.j2 index f122185..8f5d3ab 100644 --- a/playbooks/roles/mail/templates/docker-compose.yml.j2 +++ b/playbooks/roles/mail/templates/docker-compose.yml.j2 @@ -4,6 +4,10 @@ services: roundcube: image: roundcube/roundcubemail:latest restart: always + logging: + driver: "json-file" + options: + max-size: "200m" volumes: - ./docker-data/roundcube/www:/var/www/html - ./docker-data/roundcube/db/sqlite:/var/roundcube/db @@ -21,8 +25,14 @@ services: mailserver: image: ghcr.io/docker-mailserver/docker-mailserver:latest - hostname: {{ mail_domain }} + hostname: {{ domain }} + logging: + driver: "json-file" + options: + max-size: "200m" restart: always + cap_add: + - NET_ADMIN ports: - 0.0.0.0:25:25 - 0.0.0.0:465:465 @@ -67,5 +77,6 @@ services: - ENABLE_OAUTH2=1 - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }} + - PERMIT_DOCKER=host #fix SPF fail by copying the IPv4 of the docker container into the postfix cfg extra_hosts: - {{ ldap_server }}:{{ ldap_intranet }} diff --git a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 index 634b20a..c206e2e 100644 --- a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 +++ b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 @@ -3,9 +3,6 @@ Address={{ wireguard_node_ips[inventory_hostname] }}/32 ListenPort={{ wireguard_listen_port }} PrivateKey={{ wireguard_private_key.stdout }} SaveConfig=true -{% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %} -PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh -{% endif %} {% for peer in groups['wireguard-mesh'] %} {% if peer != inventory_hostname %}