simponic/mmt-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

attempt to fix shit

Browse Source
This commit is contained in:
Elizabeth Hunt 2024-05-06 15:51:16 -07:00
parent 904657c27c
commit 890f3c5ea8
Signed by: simponic
GPG Key ID: 2909B9A7FF6213EE
5 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all.yml
View File

@ -4,7 +4,7 @@ dns_servers:
- 1.1.1.1 - 1.1.1.1
- 1.0.0.1 - 1.0.0.1
dns_domains: dns_domains:
- ["mistymountainstherapy.com"] - mistymountainstherapy.com
dns_dnssec: true dns_dnssec: true
dns_stub_listener: false dns_stub_listener: false

1
playbooks/roles/borg/tasks/main.yml
View File

@ -16,6 +16,7 @@
borg_group: "{{ borg_my_group }}" borg_group: "{{ borg_my_group }}"
borgmatic_timer: cron borgmatic_timer: cron
borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}" borg_ssh_command: "ssh -o StrictHostKeyChecking=no -i {{ borg_ssh_key }}"
borgmatic_relocated_repo_access_is_ok: true
borg_source_directories: borg_source_directories:
"{{ base_files + (extra_files[inventory_hostname] | default([])) }}" "{{ base_files + (extra_files[inventory_hostname] | default([])) }}"
borg_retention_policy: borg_retention_policy:

2
playbooks/roles/docker/files/docker-compose@.service
View File

@ -6,7 +6,7 @@ After=docker.service
[Service] [Service]
RemainAfterExit=true RemainAfterExit=true
WorkingDirectory=/etc/docker/compose/%i WorkingDirectory=/etc/docker/compose/%i
ExecStartPre=/usr/bin/docker compose pull ExecStartPre=/bin/bash -c "/usr/bin/docker compose pull || /bin/test"
ExecStart=/usr/bin/docker compose up --detach --remove-orphans ExecStart=/usr/bin/docker compose up --detach --remove-orphans
ExecStop=/usr/bin/docker compose down ExecStop=/usr/bin/docker compose down
Restart=always Restart=always

13
playbooks/roles/mail/templates/docker-compose.yml.j2
View File

@ -4,6 +4,10 @@ services:
roundcube: roundcube:
image: roundcube/roundcubemail:latest image: roundcube/roundcubemail:latest
restart: always restart: always
logging:
driver: "json-file"
options:
max-size: "200m"
volumes: volumes:
- ./docker-data/roundcube/www:/var/www/html - ./docker-data/roundcube/www:/var/www/html
- ./docker-data/roundcube/db/sqlite:/var/roundcube/db - ./docker-data/roundcube/db/sqlite:/var/roundcube/db
@ -21,8 +25,14 @@ services:
mailserver: mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest image: ghcr.io/docker-mailserver/docker-mailserver:latest
hostname: {{ mail_domain }} hostname: {{ domain }}
logging:
driver: "json-file"
options:
max-size: "200m"
restart: always restart: always
cap_add:
- NET_ADMIN
ports: ports:
- 0.0.0.0:25:25 - 0.0.0.0:25:25
- 0.0.0.0:465:465 - 0.0.0.0:465:465
@ -67,5 +77,6 @@ services:
- ENABLE_OAUTH2=1 - ENABLE_OAUTH2=1
- OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }} - OAUTH2_INTROSPECTION_URL={{ roundcube_oauth2_user_uri }}
- PERMIT_DOCKER=host #fix SPF fail by copying the IPv4 of the docker container into the postfix cfg
extra_hosts: extra_hosts:
- {{ ldap_server }}:{{ ldap_intranet }} - {{ ldap_server }}:{{ ldap_intranet }}

3
playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2
View File

@ -3,9 +3,6 @@ Address={{ wireguard_node_ips[inventory_hostname] }}/32
ListenPort={{ wireguard_listen_port }} ListenPort={{ wireguard_listen_port }}
PrivateKey={{ wireguard_private_key.stdout }} PrivateKey={{ wireguard_private_key.stdout }}
SaveConfig=true SaveConfig=true
{% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %}
PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh
{% endif %}
{% for peer in groups['wireguard-mesh'] %} {% for peer in groups['wireguard-mesh'] %}
{% if peer != inventory_hostname %} {% if peer != inventory_hostname %}