From 0d0724245e3a0b2d97dc7bf2c83359cc291b76f6 Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 12 Dec 2020 10:26:25 -0800 Subject: [PATCH 01/12] Account for adjusted variable nomenclature in roles. --- group_vars/vagrant.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/group_vars/vagrant.yml b/group_vars/vagrant.yml index 0f1a093..22c31a5 100644 --- a/group_vars/vagrant.yml +++ b/group_vars/vagrant.yml @@ -16,11 +16,14 @@ firewall_allowed_udp_ports: users: - deploy sudoers: [] +docker_user: deploy +cryptpad_install_user: "{{ docker_user }}" cryptpad_virtual_host: pad.satt.local cryptpad_safe_virtual_host: pad-sandbox.satt.local cryptpad_admin_email: admin@example.tld cryptpad_block_daily_check: yes -mariadb_root_password: password +nextcloud_install_user: "{{ docker_user }}" +nextcloud_mariadb_root_password: password nextcloud_mariadb_user: nextcloud nextcloud_mariadb_password: password nextcloud_admin_user: admin @@ -31,15 +34,18 @@ nextcloud_overwrite_host: nextcloud.satt.local nextcloud_overwrite_protocol: http nextcloud_enable_restic_compose_backup: False nextcloud_virtual_host: nextcloud.satt.local +collabora_install_user: "{{ docker_user }}" collabora_virtual_host: collabora.satt.local collabora_domain_regex_pattern: nextcloud\.satt\.local collabora_admin_user: admin collabora_admin_password: password +onlyoffice_install_user: "{{ docker_user }}" onlyoffice_virtual_host: documentserver.satt.local onlyoffice_allow_origin_list: "{{ nextcloud_overwrite_cli_url }}" onlyoffice_jwt_enabled: "true" onlyoffice_jwt_secret: topsecrettoken onlyoffice_jwt_header: Authorization +jitsi_install_user: "{{ docker_user }}" jitsi_public_url: https://jitsi.satt.local jitsi_docker_host_address: "{{ ansible_host }}" jitsi_exposed_http_port: 8000 @@ -49,11 +55,10 @@ jitsi_enable_letsencrypt: False jitsi_virtual_host: jitsi.satt.local jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_web_channel_last_n: 2 -docker_user: deploy -traefik: - expose_internally: True - expose_externally: False - enable_acme: False - use_acme_staging: False - dns_challenge_provider: False +traefik_install_user: "{{ docker_user }}" +traefik_expose_internally: True +traefik_expose_externally: False +traefik_enable_acme: False +traefik_use_acme_staging: False +traefik_dns_challenge_provider: False From 689bf0860e9371a735ec0c4685e740e1bb618ccc Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sat, 12 Dec 2020 11:13:01 -0800 Subject: [PATCH 02/12] Added documentation and examples for multitenancy setups. --- README.md | 17 +++++++++ examples/multitenancy/group_vars/all.yml | 8 +++++ .../host_vars/server1/firewall.yml | 16 +++++++++ .../host_vars/server1/server1.yml | 6 ++++ .../host_vars/server1/traefik.yml | 8 +++++ .../server1_tenant_a/jitsi_docker.yml | 26 ++++++++++++++ .../server1_tenant_a/server1_tenant_a.yml | 3 ++ .../server1_tenant_b/jitsi_docker.yml | 26 ++++++++++++++ .../server1_tenant_b/server1_tenant_b.yml | 3 ++ examples/multitenancy/inventory.ini.sample | 35 +++++++++++++++++++ .../simple/inventory.ini.sample | 0 11 files changed, 148 insertions(+) create mode 100644 examples/multitenancy/group_vars/all.yml create mode 100644 examples/multitenancy/host_vars/server1/firewall.yml create mode 100644 examples/multitenancy/host_vars/server1/server1.yml create mode 100644 examples/multitenancy/host_vars/server1/traefik.yml create mode 100644 examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml create mode 100644 examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml create mode 100644 examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml create mode 100644 examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml create mode 100644 examples/multitenancy/inventory.ini.sample rename inventory.ini.sample => examples/simple/inventory.ini.sample (100%) diff --git a/README.md b/README.md index c83cc0d..277bb25 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ The main goals of this project are: - [Collabora Online Development Edition](https://www.collaboraoffice.com/code/) (integrates with Nextcloud) - [Cryptpad](https://cryptpad.fr/) +For hosting several isolated instances of these services on the same server, see the section on [multitenancy](#multitenancy). + ### WIP - [BigBlueButton](https://bigbluebutton.org/) @@ -157,6 +159,21 @@ Restic assumes untrusted environments, hence backups are always encrypted using The `common` role comes with a [firewall](https://galaxy.ansible.com/geerlingguy/firewall) based on iptables. If you don't allow SSH (usually port 22) then you might lock yourself out. Have a look at `group_vars/vagrant.yml` for an example config. Add the corresponding [firewall parameters](https://galaxy.ansible.com/geerlingguy/firewall) to your `host_vars` and adapt them according to your needs. +## Multitenancy + +The roles used to provide the above services support multitenancy setups by offering the possibility to specify the installation path and further variables for proper routing of requests to the individual instances. +Note that in this setup, Traefik serves as the central entry point (and is not running multiple times!) and routes the request by the domain they were issued from. + +An example how to structure variables related to the individual instances and how to write an according inventory can be found under [examples/multitenancy](examples/multitenancy). +The main idea is to define **multiple hosts targeting the same machine** and providing a different set of service variables for each. + +Most importantly, to configure multiple instances for the same service, a unique `_install_path` and `_multitenant_label` need to be specified identifying the instance towards Traefik. +Also, exposed ports **must** differ per instance as docker maps container port to the host's network (even if the containers reside in a user-defined network). + +In the examples you'll find additional `group_vars` that can be used to ease up setting up individual install paths by introducting `tenant_name`s and deploying services into a unified directory structure depending on that. +For each individual host, all variables will be concatenated so that they are available in the service roles. + + ## Alternatives - [HomelabOS](https://gitlab.com/NickBusey/HomelabOS) diff --git a/examples/multitenancy/group_vars/all.yml b/examples/multitenancy/group_vars/all.yml new file mode 100644 index 0000000..1ab73f9 --- /dev/null +++ b/examples/multitenancy/group_vars/all.yml @@ -0,0 +1,8 @@ +# Deployment users and paths +default_user: '{{ ansible_user }}' +default_install_path: "/home/{{ default_user }}" +default_services_path: "{{ default_install_path }}/services" + +# Defaults for multitenant setups +tenant_name: '' +tenant_install_path: "{{ default_services_path }}{{ '/' + tenant_name if (tenant_name) else '' }}" \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1/firewall.yml b/examples/multitenancy/host_vars/server1/firewall.yml new file mode 100644 index 0000000..c1131ed --- /dev/null +++ b/examples/multitenancy/host_vars/server1/firewall.yml @@ -0,0 +1,16 @@ +# Firewall +firewall_disable_ufw: true +firewall_flush_rules_and_chains: true +firewall_additional_rules: + - "iptables --policy INPUT DENY" +firewall_allowed_tcp_ports: + - "22" + - "80" + - "443" + # Jitsi + - "4443" # tenant_a + - "4543" # tenant_b +firewall_allowed_udp_ports: + # Jitsi + - "10000" # tenant_a + - "11000" # tenant_b \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1/server1.yml b/examples/multitenancy/host_vars/server1/server1.yml new file mode 100644 index 0000000..c22e72b --- /dev/null +++ b/examples/multitenancy/host_vars/server1/server1.yml @@ -0,0 +1,6 @@ +# General settings +ansible_user: deploy +update_hostname: yes +hostname: "multitenant-server1" +users: [] +sudoers: [] diff --git a/examples/multitenancy/host_vars/server1/traefik.yml b/examples/multitenancy/host_vars/server1/traefik.yml new file mode 100644 index 0000000..f841885 --- /dev/null +++ b/examples/multitenancy/host_vars/server1/traefik.yml @@ -0,0 +1,8 @@ +# Traefik proxy +traefik_letsencrypt_email: max@example.com +traefik_install_user: "{{ default_user }}" +traefik_expose_internally: True +traefik_expose_externally: False +traefik_enable_acme: True +traefik_use_acme_staging: False +traefik_dns_challenge_provider: False \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml b/examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml new file mode 100644 index 0000000..fd9387f --- /dev/null +++ b/examples/multitenancy/host_vars/server1_tenant_a/jitsi_docker.yml @@ -0,0 +1,26 @@ +jitsi_install_user: "{{ default_user }}" +jitsi_install_path: "{{ tenant_install_path }}" +jitsi_multitenant_label: "tenant_a" +jitsi_docker_image_tag: 'latest' +jitsi_public_url: https://tenant-a.example.com +jitsi_docker_host_address: "{{ ansible_host }}" +jitsi_exposed_http_port: 8010 +jitsi_exposed_https_port: 8453 +jitsi_bridge_udp_port: 11000 +jitsi_bridge_tcp_port: 4543 +jitsi_timezone: Europe/Amsterdam +jitsi_enable_letsencrypt: False +jitsi_virtual_host: tenant-a.example.com +jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 +# Passwords +jitsi_jibri_recorder_password: secret1-CHANGE-ME +jitsi_jibri_recorder_user: recorder +jitsi_jibri_xmpp_password: secret2-CHANGE-ME +jitsi_jibri_xmpp_user: jibri +jitsi_jicofo_auth_password: secret3-CHANGE-ME +jitsi_jicofo_auth_user: focus +jitsi_jicofo_component_secret: secret4-CHANGE-ME +jitsi_jigasi_xmpp_password: secret5-CHANGE-ME +jitsi_jigasi_xmpp_user: jigasi +jitsi_jvb_auth_user: jvb +jitsi_jvb_auth_password: secret6-CHANGE-ME \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml b/examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml new file mode 100644 index 0000000..89ab8ca --- /dev/null +++ b/examples/multitenancy/host_vars/server1_tenant_a/server1_tenant_a.yml @@ -0,0 +1,3 @@ +ansible_user: deploy +# Multitenant setup for tenant_a +tenant_name: "tenant_a" \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml b/examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml new file mode 100644 index 0000000..afbb2cc --- /dev/null +++ b/examples/multitenancy/host_vars/server1_tenant_b/jitsi_docker.yml @@ -0,0 +1,26 @@ +jitsi_install_user: "{{ default_user }}" +jitsi_install_path: "{{ tenant_install_path }}" +jitsi_multitenant_label: "tenant_b" +jitsi_docker_image_tag: 'latest' +jitsi_public_url: https://tenant-b.example.com +jitsi_docker_host_address: "{{ ansible_host }}" +jitsi_exposed_http_port: 8010 +jitsi_exposed_https_port: 8453 +jitsi_bridge_udp_port: 11000 +jitsi_bridge_tcp_port: 4543 +jitsi_timezone: Europe/Amsterdam +jitsi_enable_letsencrypt: False +jitsi_virtual_host: tenant-b.example.com +jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 +# Passwords +jitsi_jibri_recorder_password: secret1-CHANGE-ME +jitsi_jibri_recorder_user: recorder +jitsi_jibri_xmpp_password: secret2-CHANGE-ME +jitsi_jibri_xmpp_user: jibri +jitsi_jicofo_auth_password: secret3-CHANGE-ME +jitsi_jicofo_auth_user: focus +jitsi_jicofo_component_secret: secret4-CHANGE-ME +jitsi_jigasi_xmpp_password: secret5-CHANGE-ME +jitsi_jigasi_xmpp_user: jigasi +jitsi_jvb_auth_user: jvb +jitsi_jvb_auth_password: secret6-CHANGE-ME \ No newline at end of file diff --git a/examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml b/examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml new file mode 100644 index 0000000..d2fc1b8 --- /dev/null +++ b/examples/multitenancy/host_vars/server1_tenant_b/server1_tenant_b.yml @@ -0,0 +1,3 @@ +ansible_user: deploy +# Multitenant setup for tenant_b +tenant_name: "tenant_b" \ No newline at end of file diff --git a/examples/multitenancy/inventory.ini.sample b/examples/multitenancy/inventory.ini.sample new file mode 100644 index 0000000..0e749c1 --- /dev/null +++ b/examples/multitenancy/inventory.ini.sample @@ -0,0 +1,35 @@ +[server1_hosts] +# Main host +server1 +# Tenants +server1_tenant_a +server1_tenant_b + +[server1_hosts:vars] +ansible_host=1.2.3.4 +ansible_ssh_host=1.2.3.4 + +[common] +server1 + +[docker] +server1 + +[traefik] +server1 # Must only be running on the main host + +[nextcloud] +tenant_a + +[jitsi_docker] +tenant_a +tenant_b # Tenant B might only use Jitsi service + +[collabora] +tenant_a + +[onlyoffice] +tenant_a + +[cryptpad] +tenant_a \ No newline at end of file diff --git a/inventory.ini.sample b/examples/simple/inventory.ini.sample similarity index 100% rename from inventory.ini.sample rename to examples/simple/inventory.ini.sample From 5ef0b58131363a18e119139dcfadadb5a0adc9be Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Mon, 3 Oct 2022 21:56:46 +0200 Subject: [PATCH 03/12] Added coturn --- README.md | 1 + coturn.yml | 7 +++++++ requirements.yml | 2 ++ site.yml | 1 + 4 files changed, 11 insertions(+) create mode 100644 coturn.yml diff --git a/README.md b/README.md index c83cc0d..4a47c85 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ The main goals of this project are: - [ONLYOFFICE Document Server](https://www.onlyoffice.com/) (integrates with Nextcloud) - [Collabora Online Development Edition](https://www.collaboraoffice.com/code/) (integrates with Nextcloud) - [Cryptpad](https://cryptpad.fr/) +- [Coturn TURN/STUN server](https://github.com/coturn/coturn) ### WIP diff --git a/coturn.yml b/coturn.yml new file mode 100644 index 0000000..fe633b5 --- /dev/null +++ b/coturn.yml @@ -0,0 +1,7 @@ +--- +# coturn TURN server + +- hosts: coturn + become: true + roles: + - jotbe.coturn-docker \ No newline at end of file diff --git a/requirements.yml b/requirements.yml index 37a6773..140f6cc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -11,6 +11,8 @@ - name: jotbe.nextcloud-docker src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git scm: git +- name: jotbe.coturn-docker + src: https://git.jotbe.io/jotbe/ansible-role-coturn-docker.git - name: jotbe.jitsi-docker src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git scm: git diff --git a/site.yml b/site.yml index ad6fc60..cc0265d 100644 --- a/site.yml +++ b/site.yml @@ -5,5 +5,6 @@ - import_playbook: docker.yml - import_playbook: nextcloud.yml - import_playbook: collabora-online.yml +- import_playbook: coturn.yml - import_playbook: jitsi.yml - import_playbook: cryptpad.yml From 3a89a87f084c138ded310dd56ee4b9f0d585d76c Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Mon, 3 Oct 2022 21:58:11 +0200 Subject: [PATCH 04/12] Added scm to coturn repo --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index 140f6cc..750669d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -13,6 +13,7 @@ scm: git - name: jotbe.coturn-docker src: https://git.jotbe.io/jotbe/ansible-role-coturn-docker.git + scm: git - name: jotbe.jitsi-docker src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git scm: git From 18b6ebd7aa3392a5ced5ea66342d954b59f9e2ad Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sun, 29 Oct 2023 11:42:03 +0100 Subject: [PATCH 05/12] Uses ansible-role-nextcloud-docker v1.0.0 --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index 750669d..18d0a47 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,6 +9,7 @@ src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git scm: git - name: jotbe.nextcloud-docker + version: v1.0.0 src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git scm: git - name: jotbe.coturn-docker From ff802c6f7197f5070cf6a4411e9aa5ea07afd20e Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sun, 29 Oct 2023 19:42:04 +0100 Subject: [PATCH 06/12] Use Ansible role Nextcloud v1.0.1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 18d0a47..2f5cd3d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,7 +9,7 @@ src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git scm: git - name: jotbe.nextcloud-docker - version: v1.0.0 + version: v1.0.1 src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git scm: git - name: jotbe.coturn-docker From 1217fc0fa4e9d3345e881f1fea92e0c5424e40f5 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sun, 29 Oct 2023 21:58:28 +0100 Subject: [PATCH 07/12] Use Ansible role Nextcloud 1.0.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2f5cd3d..5a774c2 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,7 +9,7 @@ src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git scm: git - name: jotbe.nextcloud-docker - version: v1.0.1 + version: v1.0.2 src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git scm: git - name: jotbe.coturn-docker From 0d65488f342bf40fe98ab801dc242d7c64499721 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sun, 29 Oct 2023 23:05:17 +0100 Subject: [PATCH 08/12] Use Ansible role Collabora v1.0.0 --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index 5a774c2..29d2322 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,6 +19,7 @@ src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git scm: git - name: jotbe.collabora-online-docker + version: v1.0.0 src: https://git.jotbe.io/jotbe/ansible-role-collabora-online-docker.git scm: git - name: jotbe.onlyoffice-document-server-docker From 44ebdef575450d34a16fe1194b963af09f91a932 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Mon, 30 Oct 2023 01:03:04 +0100 Subject: [PATCH 09/12] Use Ansible role Jitsi v1.0.0 --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index 29d2322..2486598 100644 --- a/requirements.yml +++ b/requirements.yml @@ -16,6 +16,7 @@ src: https://git.jotbe.io/jotbe/ansible-role-coturn-docker.git scm: git - name: jotbe.jitsi-docker + version: v1.0.0 src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git scm: git - name: jotbe.collabora-online-docker From f4877cea21491605b593edf8f79de25731f58686 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sat, 9 Dec 2023 19:11:43 +0100 Subject: [PATCH 10/12] Simplifies docker provisioning, fixes issue with docker 7.0 pip packages through downgrade --- docker.yml | 6 ++-- group_vars/docker.yml | 11 ++------ requirements.yml | 64 +++++++++++++++++++++++-------------------- 3 files changed, 41 insertions(+), 40 deletions(-) diff --git a/docker.yml b/docker.yml index 1d0c86d..e701c63 100644 --- a/docker.yml +++ b/docker.yml @@ -3,7 +3,9 @@ - hosts: docker become: true + pre_tasks: + - name: Install pip packages for Docker + ansible.builtin.pip: + name: "{{ pip_install_packages }}" roles: - - geerlingguy.pip - - geerlingguy.docker - jotbe.traefik-docker \ No newline at end of file diff --git a/group_vars/docker.yml b/group_vars/docker.yml index 4067055..90dceef 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -1,11 +1,6 @@ -pip_package: python3-pip +#pip_package: python3-pip pip_install_packages: - - name: docker - - name: docker-compose -docker_edition: "ce" -docker_version: "19.03.5" -docker_package: "docker-{{ docker_edition }}" -docker_package_state: present -docker_compose_version: "1.25.0" + - docker==6.1.3 + - docker-compose docker_users: - deploy diff --git a/requirements.yml b/requirements.yml index 2486598..4b1a76d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,31 +1,35 @@ -- geerlingguy.firewall -- geerlingguy.pip -- geerlingguy.docker +collections: + - community.docker -- name: jotbe.common - src: https://git.jotbe.io/jotbe/ansible-role-common.git - scm: git -- name: jotbe.traefik-docker - src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git - scm: git -- name: jotbe.nextcloud-docker - version: v1.0.2 - src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git - scm: git -- name: jotbe.coturn-docker - src: https://git.jotbe.io/jotbe/ansible-role-coturn-docker.git - scm: git -- name: jotbe.jitsi-docker - version: v1.0.0 - src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git - scm: git -- name: jotbe.collabora-online-docker - version: v1.0.0 - src: https://git.jotbe.io/jotbe/ansible-role-collabora-online-docker.git - scm: git -- name: jotbe.onlyoffice-document-server-docker - src: https://git.jotbe.io/jotbe/ansible-role-onlyoffice-document-server-docker.git - scm: git -- name: jotbe.cryptpad-docker - src: https://git.jotbe.io/jotbe/ansible-role-cryptpad-docker.git - scm: git +roles: + - geerlingguy.firewall + - geerlingguy.pip + # - geerlingguy.docker + + - name: jotbe.common + src: https://git.jotbe.io/jotbe/ansible-role-common.git + scm: git + - name: jotbe.traefik-docker + src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git + scm: git + - name: jotbe.nextcloud-docker + version: v1.0.2 + src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git + scm: git + - name: jotbe.coturn-docker + src: https://git.jotbe.io/jotbe/ansible-role-coturn-docker.git + scm: git + - name: jotbe.jitsi-docker + version: v1.0.0 + src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git + scm: git + - name: jotbe.collabora-online-docker + version: v1.0.0 + src: https://git.jotbe.io/jotbe/ansible-role-collabora-online-docker.git + scm: git + - name: jotbe.onlyoffice-document-server-docker + src: https://git.jotbe.io/jotbe/ansible-role-onlyoffice-document-server-docker.git + scm: git + - name: jotbe.cryptpad-docker + src: https://git.jotbe.io/jotbe/ansible-role-cryptpad-docker.git + scm: git From 1026ff5c29bbe0ab2ca869ad1b400bcc4a491325 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sat, 14 Sep 2024 10:35:44 +0200 Subject: [PATCH 11/12] Removes pinned docker version to align with docker-compose --- group_vars/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/docker.yml b/group_vars/docker.yml index 90dceef..49e17de 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -1,6 +1,6 @@ #pip_package: python3-pip pip_install_packages: - - docker==6.1.3 + - docker - docker-compose docker_users: - deploy From b95aa3bc89d1bfe7b1056b8ad5c323552190ee82 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sat, 14 Sep 2024 10:50:14 +0200 Subject: [PATCH 12/12] Ansible should use libssh for persistent connections --- ansible.cfg | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible.cfg b/ansible.cfg index a5c6422..6057b45 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -19,3 +19,6 @@ ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ServerAliveInterval=6 control_path = %(directory)s/%%h-%%r pipelining = True timeout = 10 + +[persistent_connection] +ssh_type = libssh \ No newline at end of file