Compare commits
7 commits
7d05189ecd
...
b6bf3fe01f
Author | SHA1 | Date | |
---|---|---|---|
b6bf3fe01f | |||
f09891ef0d | |||
671c296a5d | |||
4f7ed75840 | |||
d9b5abd3cb | |||
52dad1944b | |||
89ff8aa84c |
42 changed files with 844 additions and 175 deletions
17
README.md
17
README.md
|
@ -1,20 +1,3 @@
|
|||
# Home server configuration
|
||||
|
||||
Available at [comfycamp.space](https://comfycamp.space).
|
||||
|
||||
## Ports
|
||||
|
||||
| Number | Protocol | Service | Public URL |
|
||||
| --- | --- | --- | --- |
|
||||
| 3000 | | Mastodon | [m.comfycamp.space](https://m.comfycamp.space) |
|
||||
| 3001 | | Mastodon streaming | |
|
||||
| 3002 | | Vaultwarden | |
|
||||
| 3003 | | Minio console | |
|
||||
| 3004 | | Forgejo | [git.comfycamp.space](https://git.comfycamp.space) |
|
||||
| 3005 | | Synapse | |
|
||||
| 3006 | | Comfycamp | [comfycamp.space](https://comfycamp.space) |
|
||||
| 3478 | tcp/udp | Coturn | |
|
||||
| 8022 | | Forgejo SSH | |
|
||||
| 8448 | | Synapse/Haproxy | |
|
||||
| 9000 | | Minio | |
|
||||
| 49152 - 65535 | udp | Coturn | |
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- name: comfycamp
|
||||
postgresql_password: "{{ comfycamp_postgresql_password }}"
|
||||
postgresql_password: "{{ postgresql_users.comfycamp }}"
|
||||
jwt_secret: "{{ comfycamp_jwt_secret }}"
|
||||
secret_key_base: "{{ comfycamp_secret_key_base }}"
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- role: forgejo
|
||||
postgresql_password: "{{ forgejo_postgresql_password }}"
|
||||
smtp_password: "{{ forgejo_smtp_password }}"
|
||||
postgresql_password: "{{ postgresql_users.forgejo }}"
|
||||
smtp_password: "{{ mail_users['forgejo@comfycamp.space'] }}"
|
||||
oauth2_jwt_secret: "{{ forgejo_oauth2_jwt_secret }}"
|
||||
internal_token: "{{ forgejo_internal_token }}"
|
||||
secret_key: "{{ forgejo_secret_key }}"
|
||||
|
|
5
mail.yml
Normal file
5
mail.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: webservers
|
||||
roles:
|
||||
- role: mail
|
||||
users: "{{ mail_users }}"
|
17
mastodon.yml
17
mastodon.yml
|
@ -2,10 +2,13 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- role: mastodon
|
||||
vapid_public_key: "{{ mastodon_vapid_public_key }}"
|
||||
vapid_private_key: "{{ mastodon_vapid_private_key }}"
|
||||
db_pass: "{{ mastodon_postgresql_password }}"
|
||||
otp_secret: "{{ mastodon_otp_secret }}"
|
||||
secret_key_base: "{{ mastodon_secret_key_base }}"
|
||||
smtp_password: "{{ mastodon_smtp_password }}"
|
||||
aws_secret_access_key: "{{ mastodon_aws_secret_access_key }}"
|
||||
vapid_public_key: "{{ mastodon.vapid_public_key }}"
|
||||
vapid_private_key: "{{ mastodon.vapid_private_key }}"
|
||||
db_pass: "{{ postgresql_users.mastodon }}"
|
||||
otp_secret: "{{ mastodon.otp_secret }}"
|
||||
secret_key_base: "{{ mastodon.secret_key_base }}"
|
||||
smtp_password: "{{ mail_users['mastodon@comfycamp.space'] }}"
|
||||
aws_secret_access_key: "{{ mastodon.aws_secret_access_key }}"
|
||||
active_record_encryption_deterministic_key: "{{ mastodon.active_record_encryption_deterministic_key }}"
|
||||
active_record_encryption_key_derivation_salt: "{{ mastodon.active_record_encryption_key_derivation_salt }}"
|
||||
active_record_encryption_primary_key: "{{ mastodon.active_record_encryption_primary_key }}"
|
||||
|
|
|
@ -2,10 +2,5 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- role: postgresql
|
||||
postgres_password: "{{ postgres_password }}"
|
||||
users:
|
||||
mastodon: "{{ mastodon_postgresql_password }}"
|
||||
vaultwarden: "{{ vaultwarden_postgresql_password }}"
|
||||
forgejo: "{{ forgejo_postgresql_password }}"
|
||||
matrix-synapse: "{{ synapse_postgresql_password }}"
|
||||
comfycamp: "{{ comfycamp_postgresql_password }}"
|
||||
postgres_password: "{{ postgresql_users.postgres }}"
|
||||
users: "{{ postgresql_users }}"
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
env_file: /etc/comfycamp/.env
|
||||
networks:
|
||||
- name: postgresql
|
||||
- name: haproxy
|
||||
ports:
|
||||
- 127.0.0.1:3006:4000
|
||||
restart_policy: unless-stopped
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
- name: postgresql
|
||||
- name: redis-forgejo
|
||||
- name: minio
|
||||
- name: haproxy
|
||||
volumes:
|
||||
- forgejo:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
|
8
roles/haproxy/files/errors/400.http
Normal file
8
roles/haproxy/files/errors/400.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 400 Bad request
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>400 Bad request</h1>
|
||||
Your browser sent an invalid request.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/403.http
Normal file
8
roles/haproxy/files/errors/403.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 403 Forbidden
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>403 Forbidden</h1>
|
||||
Request forbidden by administrative rules.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/408.http
Normal file
8
roles/haproxy/files/errors/408.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 408 Request Time-out
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>408 Request Time-out</h1>
|
||||
Your browser didn't send a complete request in time.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/500.http
Normal file
8
roles/haproxy/files/errors/500.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 500 Internal Server Error
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>500 Internal Server Error</h1>
|
||||
An internal server error occurred.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/502.http
Normal file
8
roles/haproxy/files/errors/502.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 502 Bad Gateway
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>502 Bad Gateway</h1>
|
||||
The server returned an invalid or incomplete response.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/503.http
Normal file
8
roles/haproxy/files/errors/503.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 503 Service Unavailable
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>503 Service Unavailable</h1>
|
||||
No server is available to handle this request.
|
||||
</body></html>
|
8
roles/haproxy/files/errors/504.http
Normal file
8
roles/haproxy/files/errors/504.http
Normal file
|
@ -0,0 +1,8 @@
|
|||
HTTP/1.0 504 Gateway Time-out
|
||||
Cache-Control: no-cache
|
||||
Connection: close
|
||||
Content-Type: text/html
|
||||
|
||||
<html><body><h1>504 Gateway Time-out</h1>
|
||||
The server didn't respond in time.
|
||||
</body></html>
|
|
@ -1,16 +1,8 @@
|
|||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
chroot /var/lib/haproxy
|
||||
stats socket /run/haproxy/admin.sock mode 660 level admin
|
||||
stats timeout 30s
|
||||
log /dev/stderr local0
|
||||
log /dev/stderr local1 notice
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
|
||||
# Default SSL material locations
|
||||
ca-base /etc/ssl/certs
|
||||
crt-base /etc/ssl/private
|
||||
|
||||
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
|
||||
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
|
@ -25,23 +17,26 @@ defaults
|
|||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
errorfile 400 /etc/haproxy/errors/400.http
|
||||
errorfile 403 /etc/haproxy/errors/403.http
|
||||
errorfile 408 /etc/haproxy/errors/408.http
|
||||
errorfile 500 /etc/haproxy/errors/500.http
|
||||
errorfile 502 /etc/haproxy/errors/502.http
|
||||
errorfile 503 /etc/haproxy/errors/503.http
|
||||
errorfile 504 /etc/haproxy/errors/504.http
|
||||
errorfile 400 /usr/local/etc/haproxy/errors/400.http
|
||||
errorfile 403 /usr/local/etc/haproxy/errors/403.http
|
||||
errorfile 408 /usr/local/etc/haproxy/errors/408.http
|
||||
errorfile 500 /usr/local/etc/haproxy/errors/500.http
|
||||
errorfile 502 /usr/local/etc/haproxy/errors/502.http
|
||||
errorfile 503 /usr/local/etc/haproxy/errors/503.http
|
||||
errorfile 504 /usr/local/etc/haproxy/errors/504.http
|
||||
|
||||
frontend www
|
||||
mode http
|
||||
bind :80
|
||||
bind :443 ssl crt /etc/haproxy/certs
|
||||
http-request redirect scheme https unless { ssl_fc }
|
||||
bind :443 ssl crt /usr/local/etc/haproxy/certs
|
||||
|
||||
acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
|
||||
|
||||
http-request redirect scheme https if !{ ssl_fc } !host_mastodon_tor
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||||
|
||||
acl acl_mastodon hdr(host) -i m.comfycamp.space
|
||||
acl host_mastodon hdr(host) -i m.comfycamp.space
|
||||
acl acl_s3 hdr(host) -i s3.comfycamp.space
|
||||
acl acl_comfycamp hdr(host) -i comfycamp.space
|
||||
acl acl_vaultwarden hdr(host) -i vault.comfycamp.space
|
||||
|
@ -52,8 +47,9 @@ frontend www
|
|||
acl matrix-path path_beg /_matrix
|
||||
acl matrix-path path_beg /_synapse/client
|
||||
|
||||
use_backend mastodon_streaming if acl_mastodon { path_beg /api/v1/streaming }
|
||||
use_backend mastodon if acl_mastodon
|
||||
use_backend mastodon_streaming if host_mastodon { path_beg /api/v1/streaming }
|
||||
use_backend mastodon_streaming if host_mastodon_tor { path_beg /api/v1/streaming }
|
||||
use_backend mastodon if host_mastodon || host_mastodon_tor
|
||||
use_backend minio if acl_s3
|
||||
use_backend matrix if matrix-host matrix-path
|
||||
use_backend minio_console if acl_minio
|
||||
|
@ -62,7 +58,7 @@ frontend www
|
|||
use_backend forgejo if acl_git
|
||||
|
||||
frontend matrix-federation
|
||||
bind *:8448 ssl crt /etc/haproxy/certs
|
||||
bind *:8448 ssl crt /usr/local/etc/haproxy/certs
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||||
|
||||
|
@ -70,42 +66,44 @@ frontend matrix-federation
|
|||
|
||||
backend comfycamp
|
||||
mode http
|
||||
server green 127.0.0.1:3006 check
|
||||
server green comfycamp:4000 check
|
||||
|
||||
backend mastodon
|
||||
mode http
|
||||
option forwardfor
|
||||
server green 127.0.0.1:3000 check
|
||||
http-response set-header Referrer-Policy same-origin
|
||||
http-response set-header Onion-Location http://mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion%[capture.req.uri]
|
||||
server green mastodon-web:3000 check
|
||||
|
||||
backend mastodon_streaming
|
||||
mode http
|
||||
option forwardfor
|
||||
option http-server-close
|
||||
timeout tunnel 1h
|
||||
server green 127.0.0.1:3001 check
|
||||
server green mastodon-streaming:4000 check
|
||||
|
||||
backend vaultwarden
|
||||
mode http
|
||||
option forwardfor
|
||||
server green 127.0.0.1:3002 check
|
||||
server green vaultwarden:80 check
|
||||
|
||||
backend minio_console
|
||||
mode http
|
||||
option forwardfor
|
||||
server green 127.0.0.1:3003 check
|
||||
server green minio:9001 check
|
||||
|
||||
backend minio
|
||||
mode http
|
||||
http-response set-header Access-Control-Allow-Origin https://m.comfycamp.space
|
||||
option forwardfor
|
||||
server green 127.0.0.1:9000 check
|
||||
server green minio:9000 check
|
||||
|
||||
backend forgejo
|
||||
mode http
|
||||
option forwardfor
|
||||
server green 127.0.0.1:3004 check
|
||||
server green forgejo:3000 check
|
||||
|
||||
backend matrix
|
||||
mode http
|
||||
option forwardfor
|
||||
server matrix 127.0.0.1:3005
|
||||
server matrix synapse:8008
|
||||
|
|
|
@ -1,18 +1,69 @@
|
|||
---
|
||||
- name: Install haproxy
|
||||
- name: Create haproxy docker network
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
community.docker.docker_network:
|
||||
name: haproxy
|
||||
- name: Create haproxy dirs
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: "1755"
|
||||
owner: root
|
||||
group: root
|
||||
loop:
|
||||
- /etc/haproxy
|
||||
- /etc/haproxy/errors
|
||||
- name: Copy haproxy config to a temporary location
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: haproxy.cfg
|
||||
dest: /tmp/haproxy.cfg
|
||||
- name: Validate haproxy config
|
||||
become: true
|
||||
community.docker.docker_container:
|
||||
name: haproxy-config-test
|
||||
image: "{{ haproxy_image }}"
|
||||
command: haproxy -c -f /tmp/haproxy.cfg
|
||||
networks:
|
||||
- name: haproxy
|
||||
volumes:
|
||||
- /tmp/haproxy.cfg:/tmp/haproxy.cfg
|
||||
- /etc/haproxy/certs:/usr/local/etc/haproxy/certs:ro
|
||||
detach: no
|
||||
- name: Remove temporary container
|
||||
become: true
|
||||
community.docker.docker_container:
|
||||
name: haproxy-config-test
|
||||
state: absent
|
||||
- name: Copy haproxy config
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: haproxy.cfg
|
||||
dest: /etc/haproxy/haproxy.cfg
|
||||
validate: /usr/sbin/haproxy -f %s -c
|
||||
register: haproxy
|
||||
- name: Copy errors
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: errors/{{ item }}.http
|
||||
dest: /etc/haproxy/errors/{{ item }}.http
|
||||
loop: [400, 403, 408, 500, 502, 503, 504]
|
||||
- name: Create haproxy container
|
||||
become: true
|
||||
community.docker.docker_container:
|
||||
name: haproxy
|
||||
image: "{{ haproxy_image }}"
|
||||
networks:
|
||||
- name: haproxy
|
||||
volumes:
|
||||
- /etc/haproxy:/usr/local/etc/haproxy:ro
|
||||
sysctls:
|
||||
net.ipv4.ip_unprivileged_port_start: 0
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
restart_policy: unless-stopped
|
||||
- name: Reload haproxy
|
||||
become: true
|
||||
when: haproxy.changed
|
||||
ansible.builtin.systemd_service:
|
||||
name: haproxy
|
||||
state: reloaded
|
||||
ansible.builtin.shell: docker kill -s HUP haproxy
|
||||
|
|
1
roles/haproxy/vars/main.yml
Normal file
1
roles/haproxy/vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
haproxy_image: haproxy:3.0-bookworm
|
71
roles/mail/tasks/main.yml
Normal file
71
roles/mail/tasks/main.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
- name: Create mail network
|
||||
become: true
|
||||
community.docker.docker_network:
|
||||
name: mail
|
||||
- name: Create maddy volume
|
||||
become: true
|
||||
community.docker.docker_volume:
|
||||
name: maddy
|
||||
- name: Copy maddy config
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: maddy.conf.j2
|
||||
dest: /var/lib/docker/volumes/maddy/_data/maddy.conf
|
||||
register: maddy_conf
|
||||
- name: Run maddy
|
||||
become: true
|
||||
community.docker.docker_container:
|
||||
name: maddy
|
||||
image: foxcpp/maddy:0.7.1
|
||||
networks:
|
||||
- name: mail
|
||||
env:
|
||||
MADDY_HOSTNAME: mail.comfycamp.space
|
||||
MADDY_DOMAIN: comfycamp.space
|
||||
ports:
|
||||
- 25:25
|
||||
- 143:143
|
||||
- 465:465
|
||||
- 587:587
|
||||
- 993:993
|
||||
volumes:
|
||||
- maddy:/data
|
||||
- /etc/letsencrypt/live/comfycamp.space/fullchain.pem:/etc/tls/fullchain.pem:ro
|
||||
- /etc/letsencrypt/live/comfycamp.space/privkey.pem:/etc/tls/privkey.pem:ro
|
||||
recreate: "{{ maddy_conf.changed }}"
|
||||
- name: Get users
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: maddy
|
||||
argv: ["maddy", "creds", "list"]
|
||||
register: maddy_users
|
||||
- name: Create users
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: maddy
|
||||
argv: ["sh", "-c", "echo '{{ item.value }}' | maddy creds create {{ item.key }}"]
|
||||
when: not item.key in maddy_users.stdout
|
||||
no_log: True
|
||||
loop: "{{ users | dict2items }}"
|
||||
- name: Update passwords
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: maddy
|
||||
argv: ["sh", "-c", "echo '{{ item.value }}' | maddy creds password {{ item.key }}"]
|
||||
no_log: True
|
||||
loop: "{{ users | dict2items }}"
|
||||
- name: Get imap accounts
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: maddy
|
||||
argv: ["maddy", "imap-acct", "list"]
|
||||
register: maddy_imap_accounts
|
||||
- name: Create imap accounts
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: maddy
|
||||
argv: ["maddy", "imap-acct", "create", "{{ item.key }}"]
|
||||
when: not item.key in maddy_imap_accounts.stdout
|
||||
no_log: True
|
||||
loop: "{{ users | dict2items }}"
|
175
roles/mail/templates/maddy.conf.j2
Normal file
175
roles/mail/templates/maddy.conf.j2
Normal file
|
@ -0,0 +1,175 @@
|
|||
## Maddy Mail Server
|
||||
|
||||
# Base variables
|
||||
|
||||
$(hostname) = {env:MADDY_HOSTNAME}
|
||||
$(primary_domain) = {env:MADDY_DOMAIN}
|
||||
$(local_domains) = $(primary_domain)
|
||||
|
||||
# public private
|
||||
tls file /etc/tls/fullchain.pem /etc/tls/privkey.pem
|
||||
|
||||
# Local storage & authentication
|
||||
|
||||
# pass_table provides local hashed passwords storage for authentication of
|
||||
# users. It can be configured to use any "table" module, in default
|
||||
# configuration a table in SQLite DB is used.
|
||||
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
|
||||
# can be replaced altogether to use some external source of credentials (e.g.
|
||||
# PAM, /etc/shadow file).
|
||||
#
|
||||
# If table module supports it (sql_table does) - credentials can be managed
|
||||
# using 'maddy creds' command.
|
||||
|
||||
auth.pass_table local_authdb {
|
||||
table sql_table {
|
||||
driver sqlite3
|
||||
dsn credentials.db
|
||||
table_name passwords
|
||||
}
|
||||
}
|
||||
|
||||
# imapsql module stores all indexes and metadata necessary for IMAP using a
|
||||
# relational database. It is used by IMAP endpoint for mailbox access and
|
||||
# also by SMTP & Submission endpoints for delivery of local messages.
|
||||
#
|
||||
# IMAP accounts, mailboxes and all message metadata can be inspected using
|
||||
# imap-* subcommands of maddy.
|
||||
|
||||
storage.imapsql local_mailboxes {
|
||||
driver sqlite3
|
||||
dsn imapsql.db
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# SMTP endpoints + message routing
|
||||
|
||||
hostname $(hostname)
|
||||
|
||||
table.chain local_rewrites {
|
||||
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
|
||||
optional_step static {
|
||||
entry postmaster postmaster@$(primary_domain)
|
||||
}
|
||||
optional_step file /etc/maddy/aliases
|
||||
}
|
||||
|
||||
msgpipeline local_routing {
|
||||
# Insert handling for special-purpose local domains here.
|
||||
# e.g.
|
||||
# destination lists.example.org {
|
||||
# deliver_to lmtp tcp://127.0.0.1:8024
|
||||
# }
|
||||
|
||||
destination postmaster $(local_domains) {
|
||||
modify {
|
||||
replace_rcpt &local_rewrites
|
||||
}
|
||||
|
||||
deliver_to &local_mailboxes
|
||||
}
|
||||
|
||||
default_destination {
|
||||
reject 550 5.1.1 "User doesn't exist"
|
||||
}
|
||||
}
|
||||
|
||||
smtp tcp://0.0.0.0:25 {
|
||||
limits {
|
||||
# Up to 20 msgs/sec across max. 10 SMTP connections.
|
||||
all rate 20 1s
|
||||
all concurrency 10
|
||||
}
|
||||
|
||||
dmarc yes
|
||||
check {
|
||||
require_mx_record
|
||||
dkim
|
||||
spf
|
||||
}
|
||||
|
||||
source $(local_domains) {
|
||||
reject 501 5.1.8 "Use Submission for outgoing SMTP"
|
||||
}
|
||||
default_source {
|
||||
destination postmaster $(local_domains) {
|
||||
deliver_to &local_routing
|
||||
}
|
||||
default_destination {
|
||||
reject 550 5.1.1 "User doesn't exist"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
|
||||
limits {
|
||||
# Up to 50 msgs/sec across any amount of SMTP connections.
|
||||
all rate 50 1s
|
||||
}
|
||||
|
||||
auth &local_authdb
|
||||
|
||||
source $(local_domains) {
|
||||
check {
|
||||
authorize_sender {
|
||||
prepare_email &local_rewrites
|
||||
user_to_email identity
|
||||
}
|
||||
}
|
||||
|
||||
destination postmaster $(local_domains) {
|
||||
deliver_to &local_routing
|
||||
}
|
||||
default_destination {
|
||||
modify {
|
||||
dkim $(primary_domain) $(local_domains) default
|
||||
}
|
||||
deliver_to &remote_queue
|
||||
}
|
||||
}
|
||||
default_source {
|
||||
reject 501 5.1.8 "Non-local sender domain"
|
||||
}
|
||||
}
|
||||
|
||||
target.remote outbound_delivery {
|
||||
limits {
|
||||
# Up to 20 msgs/sec across max. 10 SMTP connections
|
||||
# for each recipient domain.
|
||||
destination rate 20 1s
|
||||
destination concurrency 10
|
||||
}
|
||||
mx_auth {
|
||||
dane
|
||||
mtasts {
|
||||
cache fs
|
||||
fs_dir mtasts_cache/
|
||||
}
|
||||
local_policy {
|
||||
min_tls_level encrypted
|
||||
min_mx_level none
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
target.queue remote_queue {
|
||||
target &outbound_delivery
|
||||
|
||||
autogenerated_msg_domain $(primary_domain)
|
||||
bounce {
|
||||
destination postmaster $(local_domains) {
|
||||
deliver_to &local_routing
|
||||
}
|
||||
default_destination {
|
||||
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# IMAP endpoints
|
||||
|
||||
imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
|
||||
auth &local_authdb
|
||||
storage &local_mailboxes
|
||||
}
|
1
roles/mail/vars/main.yml
Normal file
1
roles/mail/vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
users: {}
|
|
@ -23,13 +23,14 @@
|
|||
become: true
|
||||
community.docker.docker_container:
|
||||
name: mastodon-web
|
||||
image: ghcr.io/mastodon/mastodon:v4.2.12
|
||||
image: ghcr.io/mastodon/mastodon:{{ version }}
|
||||
env_file: /etc/mastodon/.env
|
||||
command: ["bundle", "exec", "puma", "-C", "config/puma.rb"]
|
||||
networks:
|
||||
- name: redis-mastodon
|
||||
- name: postgresql
|
||||
- name: minio
|
||||
- name: haproxy
|
||||
ports:
|
||||
- 127.0.0.1:3000:3000
|
||||
volumes:
|
||||
|
@ -39,12 +40,13 @@
|
|||
become: true
|
||||
community.docker.docker_container:
|
||||
name: mastodon-streaming
|
||||
image: ghcr.io/mastodon/mastodon-streaming:nightly.2024-08-19
|
||||
image: ghcr.io/mastodon/mastodon-streaming:{{ version }}
|
||||
env_file: /etc/mastodon/.env
|
||||
command: ["node", "./streaming/index.js"]
|
||||
networks:
|
||||
- name: redis-mastodon
|
||||
- name: postgresql
|
||||
- name: haproxy
|
||||
ports:
|
||||
- 127.0.0.1:3001:4000
|
||||
restart_policy: unless-stopped
|
||||
|
@ -52,7 +54,7 @@
|
|||
become: true
|
||||
community.docker.docker_container:
|
||||
name: mastodon-sidekiq
|
||||
image: ghcr.io/mastodon/mastodon:v4.2.12
|
||||
image: ghcr.io/mastodon/mastodon:{{ version }}
|
||||
env_file: /etc/mastodon/.env
|
||||
command: ["bundle", "exec", "sidekiq"]
|
||||
networks:
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
LOCAL_DOMAIN={{ local_domain }}
|
||||
ALTERNATE_DOMAINS=mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
|
||||
|
||||
REDIS_HOST=redis-mastodon
|
||||
REDIS_PORT=6379
|
||||
|
@ -32,3 +33,7 @@ AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
|
|||
|
||||
S3_PROTOCOL=https
|
||||
S3_HOSTNAME={{ s3_hostname }}
|
||||
|
||||
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY={{ active_record_encryption_deterministic_key }}
|
||||
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{ active_record_encryption_key_derivation_salt }}
|
||||
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY={{ active_record_encryption_primary_key }}
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
version: v4.3.0
|
||||
|
||||
local_domain: m.comfycamp.space
|
||||
|
||||
vapid_public_key: change_me
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
command: ["minio", "server", "--console-address", ":9001"]
|
||||
networks:
|
||||
- name: minio
|
||||
- name: haproxy
|
||||
volumes:
|
||||
- minio:/data
|
||||
ports:
|
||||
|
|
|
@ -4,7 +4,7 @@ BEGIN
|
|||
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = username) THEN
|
||||
EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', username, passwd);
|
||||
ELSE
|
||||
RAISE NOTICE 'User % already exists.', username;
|
||||
EXECUTE format('ALTER ROLE %I WITH PASSWORD %L', username, passwd);
|
||||
END IF;
|
||||
END;
|
||||
\$\$ LANGUAGE plpgsql;
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
env:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_DB: postgres
|
||||
POSTGRES_PASSWORD: "{{ postgres_password }}"
|
||||
POSTGRES_PASSWORD: "{{ users.postgres }}"
|
||||
restart_policy: unless-stopped
|
||||
recreate: "{{ pgconf.changed }}"
|
||||
- name: Create a function to manage users
|
||||
|
@ -50,3 +50,10 @@
|
|||
no_log: True
|
||||
loop:
|
||||
"{{ users | dict2items }}"
|
||||
- name: Create databases
|
||||
become: true
|
||||
community.docker.docker_container_exec:
|
||||
container: postgresql
|
||||
argv: ["sh", "-c", "createdb {{ item.key }} -O {{ item.key }} -U postgres || exit 0"]
|
||||
no_log: True
|
||||
loop: "{{ users | dict2items }}"
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
postgres_password: change_me
|
||||
users: []
|
||||
users: {}
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
SYNAPSE_CONFIG_PATH: /etc/synapse/homeserver.yaml
|
||||
networks:
|
||||
- name: postgresql
|
||||
- name: haproxy
|
||||
ports:
|
||||
- 127.0.0.1:3005:8008/tcp
|
||||
restart_policy: unless-stopped
|
||||
|
|
|
@ -32,7 +32,9 @@
|
|||
ansible.builtin.file:
|
||||
path: /etc/haproxy/certs
|
||||
state: directory
|
||||
mode: '1750'
|
||||
mode: '1700'
|
||||
owner: "99"
|
||||
group: "99"
|
||||
- name: Combine certificate and private key
|
||||
become: true
|
||||
ansible.builtin.shell:
|
||||
|
|
9
roles/tor/docker/Dockerfile
Normal file
9
roles/tor/docker/Dockerfile
Normal file
|
@ -0,0 +1,9 @@
|
|||
FROM alpine:3.20.3
|
||||
|
||||
RUN apk update && apk add tor
|
||||
RUN apk add lyrebird --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing
|
||||
|
||||
USER tor
|
||||
|
||||
ENTRYPOINT ["tor"]
|
||||
CMD ["-f", "/etc/tor/torrc"]
|
1
roles/tor/files/mastodon/hostname
Normal file
1
roles/tor/files/mastodon/hostname
Normal file
|
@ -0,0 +1 @@
|
|||
mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
|
BIN
roles/tor/files/mastodon/hs_ed25519_public_key
Normal file
BIN
roles/tor/files/mastodon/hs_ed25519_public_key
Normal file
Binary file not shown.
10
roles/tor/files/mastodon/hs_ed25519_secret_key
Normal file
10
roles/tor/files/mastodon/hs_ed25519_secret_key
Normal file
|
@ -0,0 +1,10 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
61396332323030333966396133656338343630386661646431393233313061633436656138356264
|
||||
3666343065366430303331333733383535646133373964370a353666666535386261346632313838
|
||||
39393637333937383934393131636432653730373639653737623066633737323665326530366334
|
||||
3235663166373338320a616365626364306333396263396462633334663037626538646333643439
|
||||
38383632373537626537646134663532323633616638636166393335303130666565636234373266
|
||||
65343932316465306139336365373539356161616166323930383466353430366465376336393535
|
||||
61363863386436393530373434656435626430366263346262386439336263323765313333396137
|
||||
32326334383364653838326436386561623264626335643434626663663236633730306437373766
|
||||
65613939666433383732363634656437346432323339396161386630313562336332
|
49
roles/tor/tasks/main.yml
Normal file
49
roles/tor/tasks/main.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
---
|
||||
- name: Create tor directories
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: "1700"
|
||||
owner: 100
|
||||
loop:
|
||||
- /etc/tor
|
||||
- /var/lib/tor
|
||||
- /var/lib/tor/mastodon
|
||||
- name: Copy tor config
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: torrc.j2
|
||||
dest: /etc/tor/torrc
|
||||
owner: 100
|
||||
mode: "0600"
|
||||
register: torrc
|
||||
- name: Copy tor files
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: /var/lib/tor/{{ item }}
|
||||
owner: 100
|
||||
mode: "0600"
|
||||
loop:
|
||||
- mastodon/hostname
|
||||
- mastodon/hs_ed25519_public_key
|
||||
- mastodon/hs_ed25519_secret_key
|
||||
register: tor_files
|
||||
- name: Create tor network
|
||||
become: true
|
||||
community.docker.docker_network:
|
||||
name: tor
|
||||
- name: Run tor container
|
||||
become: true
|
||||
community.docker.docker_container:
|
||||
name: tor
|
||||
image: git.comfycamp.space/lumin/homelab-tor:v0.0.2
|
||||
networks:
|
||||
- name: tor
|
||||
- name: haproxy
|
||||
volumes:
|
||||
- /etc/tor:/etc/tor:ro
|
||||
- /var/lib/tor:/var/lib/tor
|
||||
restart_policy: unless-stopped
|
||||
recreate: "{{ torrc.changed or tor_files.changed }}"
|
192
roles/tor/templates/torrc.j2
Normal file
192
roles/tor/templates/torrc.j2
Normal file
|
@ -0,0 +1,192 @@
|
|||
## Configuration file for a typical Tor user
|
||||
##
|
||||
## Lines that begin with "## " try to explain what's going on. Lines
|
||||
## that begin with just "#" are disabled commands: you can enable them
|
||||
## by removing the "#" symbol.
|
||||
##
|
||||
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
|
||||
## for more options you can use in this file.
|
||||
##
|
||||
## Tor will look for this file in various places based on your platform:
|
||||
## https://www.torproject.org/docs/faq#torrc
|
||||
|
||||
## Tor opens a socks proxy on port 9050 by default -- even if you don't
|
||||
## configure one below. Set "SocksPort 0" if you plan to run Tor only
|
||||
## as a relay, and not make any local application connections yourself.
|
||||
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
|
||||
SocksPort 0.0.0.0:9100 # Bind to this address:port too.
|
||||
|
||||
## Entry policies to allow/deny SOCKS requests based on IP address.
|
||||
## First entry that matches wins. If no SocksPolicy is set, we accept
|
||||
## all (and only) requests that reach a SocksPort. Untrusted users who
|
||||
## can access your SocksPort may be able to learn about the connections
|
||||
## you make.
|
||||
#SocksPolicy accept 192.168.0.0/16
|
||||
#SocksPolicy reject *
|
||||
|
||||
## Logs go to stdout at level "notice" unless redirected by something
|
||||
## else, like one of the below lines. You can have as many Log lines as
|
||||
## you want.
|
||||
##
|
||||
## We advise using "notice" in most cases, since anything more verbose
|
||||
## may provide sensitive information to an attacker who obtains the logs.
|
||||
##
|
||||
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
|
||||
#Log notice file /var/log/tor/notices.log
|
||||
## Send every possible message to /var/log/tor/debug.log
|
||||
#Log debug file /var/log/tor/debug.log
|
||||
## Use the system log instead of Tor's logfiles
|
||||
#Log notice syslog
|
||||
## To send all messages to stderr:
|
||||
Log notice stderr
|
||||
|
||||
## Uncomment this to start the process in the background... or use
|
||||
## --runasdaemon 1 on the command line. This is ignored on Windows;
|
||||
## see the FAQ entry if you want Tor to run as an NT service.
|
||||
#RunAsDaemon 1
|
||||
|
||||
## The directory for keeping all the keys/etc. By default, we store
|
||||
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
|
||||
DataDirectory /var/lib/tor
|
||||
|
||||
## The port on which Tor will listen for local connections from Tor
|
||||
## controller applications, as documented in control-spec.txt.
|
||||
#ControlPort 9051
|
||||
## If you enable the controlport, be sure to enable one of these
|
||||
## authentication methods, to prevent attackers from accessing it.
|
||||
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
|
||||
#CookieAuthentication 1
|
||||
|
||||
############### This section is just for location-hidden services ###
|
||||
|
||||
## Once you have configured a hidden service, you can look at the
|
||||
## contents of the file ".../hidden_service/hostname" for the address
|
||||
## to tell people.
|
||||
##
|
||||
## HiddenServicePort x y:z says to redirect requests on port x to the
|
||||
## address y:z.
|
||||
|
||||
HiddenServiceDir /var/lib/tor/mastodon/
|
||||
HiddenServicePort 80 haproxy:80
|
||||
|
||||
################ This section is just for relays #####################
|
||||
#
|
||||
## See https://www.torproject.org/docs/tor-doc-relay for details.
|
||||
|
||||
## Required: what port to advertise for incoming Tor connections.
|
||||
#ORPort 9001
|
||||
## If you want to listen on a port other than the one advertised in
|
||||
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
|
||||
## follows. You'll need to do ipchains or other port forwarding
|
||||
## yourself to make this work.
|
||||
#ORPort 443 NoListen
|
||||
#ORPort 127.0.0.1:9090 NoAdvertise
|
||||
|
||||
## The IP address or full DNS name for incoming connections to your
|
||||
## relay. Leave commented out and Tor will guess.
|
||||
#Address noname.example.com
|
||||
|
||||
## If you have multiple network interfaces, you can specify one for
|
||||
## outgoing traffic to use.
|
||||
# OutboundBindAddress 10.0.0.5
|
||||
|
||||
## A handle for your relay, so people don't have to refer to it by key.
|
||||
#Nickname ididnteditheconfig
|
||||
|
||||
## Define these to limit how much relayed traffic you will allow. Your
|
||||
## own traffic is still unthrottled. Note that RelayBandwidthRate must
|
||||
## be at least 20 KB.
|
||||
## Note that units for these config options are bytes per second, not bits
|
||||
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
|
||||
#RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
|
||||
#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
|
||||
|
||||
## Use these to restrict the maximum traffic per day, week, or month.
|
||||
## Note that this threshold applies separately to sent and received bytes,
|
||||
## not to their sum: setting "4 GB" may allow up to 8 GB total before
|
||||
## hibernating.
|
||||
##
|
||||
## Set a maximum of 4 gigabytes each way per period.
|
||||
#AccountingMax 4 GB
|
||||
## Each period starts daily at midnight (AccountingMax is per day)
|
||||
#AccountingStart day 00:00
|
||||
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
|
||||
## is per month)
|
||||
#AccountingStart month 3 15:00
|
||||
|
||||
## Administrative contact information for this relay or bridge. This line
|
||||
## can be used to contact you if your relay or bridge is misconfigured or
|
||||
## something else goes wrong. Note that we archive and publish all
|
||||
## descriptors containing these lines and that Google indexes them, so
|
||||
## spammers might also collect them. You may want to obscure the fact that
|
||||
## it's an email address and/or generate a new address for this purpose.
|
||||
#ContactInfo Random Person <nobody AT example dot com>
|
||||
## You might also include your PGP or GPG fingerprint if you have one:
|
||||
#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
|
||||
|
||||
## Uncomment this to mirror directory information for others. Please do
|
||||
## if you have enough bandwidth.
|
||||
#DirPort 9030 # what port to advertise for directory connections
|
||||
## If you want to listen on a port other than the one advertised in
|
||||
## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
|
||||
## follows. below too. You'll need to do ipchains or other port
|
||||
## forwarding yourself to make this work.
|
||||
#DirPort 80 NoListen
|
||||
#DirPort 127.0.0.1:9091 NoAdvertise
|
||||
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
|
||||
## can explain what Tor is if anybody wonders why your IP address is
|
||||
## contacting them. See contrib/tor-exit-notice.html in Tor's source
|
||||
## distribution for a sample.
|
||||
#DirPortFrontPage /etc/tor/tor-exit-notice.html
|
||||
|
||||
## Uncomment this if you run more than one Tor relay, and add the identity
|
||||
## key fingerprint of each Tor relay you control, even if they're on
|
||||
## different networks. You declare it here so Tor clients can avoid
|
||||
## using more than one of your relays in a single circuit. See
|
||||
## https://www.torproject.org/docs/faq#MultipleRelays
|
||||
## However, you should never include a bridge's fingerprint here, as it would
|
||||
## break its concealability and potentionally reveal its IP/TCP address.
|
||||
#MyFamily $keyid,$keyid,...
|
||||
|
||||
## A comma-separated list of exit policies. They're considered first
|
||||
## to last, and the first match wins. If you want to _replace_
|
||||
## the default exit policy, end this with either a reject *:* or an
|
||||
## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
|
||||
## default exit policy. Leave commented to just use the default, which is
|
||||
## described in the man page or at
|
||||
## https://www.torproject.org/documentation.html
|
||||
##
|
||||
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
|
||||
## for issues you might encounter if you use the default exit policy.
|
||||
##
|
||||
## If certain IPs and ports are blocked externally, e.g. by your firewall,
|
||||
## you should update your exit policy to reflect this -- otherwise Tor
|
||||
## users will be told that those destinations are down.
|
||||
##
|
||||
## For security, by default Tor rejects connections to private (local)
|
||||
## networks, including to your public IP address. See the man page entry
|
||||
## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
|
||||
##
|
||||
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
|
||||
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
|
||||
#ExitPolicy reject *:* # no exits allowed
|
||||
|
||||
## Bridge relays (or "bridges") are Tor relays that aren't listed in the
|
||||
## main directory. Since there is no complete public list of them, even an
|
||||
## ISP that filters connections to all the known Tor relays probably
|
||||
## won't be able to block all the bridges. Also, websites won't treat you
|
||||
## differently because they won't know you're running Tor. If you can
|
||||
## be a real relay, please do; but if not, be a bridge!
|
||||
#BridgeRelay 1
|
||||
## By default, Tor will advertise your bridge to users through various
|
||||
## mechanisms like https://bridges.torproject.org/. If you want to run
|
||||
## a private bridge, for example because you'll give out your bridge
|
||||
## address manually to your friends, uncomment this line:
|
||||
#PublishServerDescriptor 0
|
||||
|
||||
UseBridges 1
|
||||
ClientTransportPlugin obfs4 exec /usr/bin/lyrebird managed
|
||||
|
||||
{% for bridge in bridges %}
|
||||
Bridge {{ bridge }}
|
||||
{% endfor %}
|
1
roles/tor/vars/main.yml
Normal file
1
roles/tor/vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
bridges: []
|
|
@ -14,6 +14,7 @@
|
|||
DATABASE_URL: "{{ db_url }}"
|
||||
networks:
|
||||
- name: postgresql
|
||||
- name: haproxy
|
||||
ports:
|
||||
- 127.0.0.1:3002:80
|
||||
volumes:
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- role: synapse
|
||||
postgresql_password: "{{ synapse_postgresql_password }}"
|
||||
postgresql_password: "{{ postgresql_users['matrix-synapse'] }}"
|
||||
turn_shared_secret: "{{ coturn_static_auth_secret }}"
|
||||
|
|
5
tor.yml
Normal file
5
tor.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: webservers
|
||||
roles:
|
||||
- role: tor
|
||||
bridges: "{{ tor.bridges }}"
|
230
vaulted_vars.yml
230
vaulted_vars.yml
|
@ -1,96 +1,136 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63343761613930653938356262623436643464393561623536613262636539373936393535616432
|
||||
6237316564613462613061353465613939666134633961640a316436353566353339626266373161
|
||||
63666530323933613361613033623134383433336634343661303537316336366632316337356430
|
||||
3164303839376564320a356664363932383965303564616264646633643162616330346538336433
|
||||
32313039616332363966393730653738306433323730656434653335356265316233633261616534
|
||||
39323439353562343631336430646238336232663062373965636266353862323230363563636634
|
||||
39376363376431326362386561393234656462653363383962363862376430636462306161656338
|
||||
37396338356138383334396664666238613834633861656533356631643338323937656462313761
|
||||
64316363653366613165646337336537336132333631396439356262323034353265663334353033
|
||||
66663939323533373836343365643762383737306566396430323762373235663765623238356231
|
||||
61336232636663353764336139653931343064623566373435653836396434316431303065373332
|
||||
65353838333265666431643130313939323331643064393662663739363430363636356231643838
|
||||
35613336383334326533616637613839656161303664313761356533373538303964396231386430
|
||||
62306364646337356265666432323464343265613233343162313031353665306332306437656437
|
||||
33613834643839353639646637646433326665366530616362386130613734383937303933653463
|
||||
33333336316534616266663035363834336430303965623936653363373465663332393333646135
|
||||
61643766626339616632343739376633393335383535313463313434333336323134376437366637
|
||||
66656336663634316631616233663964646263626337626261373032386131363330653035373034
|
||||
63303035333434343839666534343563653761353064343035323634646564663236363365313366
|
||||
66336434313866633432393030656235383466376435373061616663663863306239656235653037
|
||||
65366361616366326163383733623666613065316463353863663365653530636432303932313235
|
||||
35656432333833363934666164326634646631346137663731613737313564333836393632323839
|
||||
36386563666465616561343961376266623533316461366431366433663330363932656231373434
|
||||
64623530373164323436393636383862373936633938646565616536383865616165623132383635
|
||||
30393262386438343634313937313865643832353939316539646662383166323966336231653139
|
||||
30363535323363353263613633373231623866646338656538383163613731643631623061366363
|
||||
32656332616433383463373334356538613365383632336532333939333863633033333339333265
|
||||
30336135373539353633393532363965663765353734366665336537393435616233306533373430
|
||||
34666236386430613831643836626136396233306634383561316664633831336535653562326338
|
||||
34666336343963616666343937653665666634653332353839373531383231393863316130353365
|
||||
61383465326564646333303861616337656636643032623732383565396331663430356139323835
|
||||
65396333666436643236353531353732373537306365323566366437653331616661316463393064
|
||||
32653736333037313438653432666237336435646565343239613434643437396535646532356538
|
||||
62643962353637313363376665376634346136633036366662303434613437326233613634373463
|
||||
65336266343631663639343031653761323665353734346565303065656132653265383634386665
|
||||
31666634303565363963336266653561343166333634383835383839616438363434373765396462
|
||||
34656364663564346430323436623636663034613936613831393634346262356137646364633537
|
||||
62643634366639663763613030653339626633373433346437613833643337303831613738356665
|
||||
34653237393231636665666233663833656436356163393163316439373532313664326336386563
|
||||
30383661616433663264613065343430393230373037363966383866353636316337656166373034
|
||||
33316232393834326163613230653830383064653831633936303939643331396535373633646532
|
||||
31303232626132353830316261353131636637343538363662343530396339646535653231343038
|
||||
34393333393839356538343838663330323961656233663466326132326363396131393964633639
|
||||
34306534653766343039363862373366613731303137613533636230306463366434663862633938
|
||||
37353334313562646563366339386330333462646533666561613536653434306135616464383436
|
||||
30633735636665346233623361373133623663663836323536396561346333383530386564613663
|
||||
30376639653330636161616462376462336238613235363762356232623863666638316561383034
|
||||
63323330626331623032363035646263396438336466356265656430366338336266663463616334
|
||||
61626163656133613562373432393066323839303333343261616564343761303130303064373265
|
||||
39633862656139383966636333613632376261323364633264343434353765346331313761356533
|
||||
66346662656261623161356332393733313862666330663666326463366230653435373032393461
|
||||
36333935393236343164323862346265303630373561613164663038653665313265613133303638
|
||||
31353038386537313064623838346262363266313763636661626535663337393235333635366462
|
||||
35663565666661373131323138393034613236373530333034636330353364623536643635626137
|
||||
39376634643230353466383664626565333137616330393030663338633931646535343266636537
|
||||
30363937396133333862396130393338306133626133663436303933313661356566323861316239
|
||||
33653433643438303565663263326362633039656433663333623565313235303630383466353862
|
||||
37303937646430626163353634323861613437336137346335636666633939396637633864353261
|
||||
65343831373735326435633461346436613732346639363338306133343332336239376539626137
|
||||
30633332353238323335363832643630373737613964666632333431366133663761316134303238
|
||||
31363165366637363933393835666636623430303832356563653738316364316635313434643434
|
||||
31336539323833386165343365383833383634643830323435393062373636646337333737323063
|
||||
30663435656165393331633166633738373963346161323137333035363766393539343635306330
|
||||
62323638636663373134313064623564656332386531396663653832316435633665316235616438
|
||||
31323766326164663736626333633031653865626566616464396231366639303338633835363163
|
||||
30353032353237363966363836653839393833373361383266666631356561303762356362613266
|
||||
39386161313236323431303237646164663431663730343164363766386433383631303230613462
|
||||
61613063653661396662313734383431303039393566306533376531363164653231316234623236
|
||||
32373333346332383663383433353234663565386361356333656634643539616230623162323939
|
||||
36646163303130323932326237346664346433623466396661323437626263353437336665636334
|
||||
35376633386532313830346661666365623566376161316430613139333430363732396665666437
|
||||
30356362613638366138326431643332386534653963316362656538363739653036356535353763
|
||||
38643635333136386536613663653133623339613330666263636362623165356339383735393162
|
||||
38633234333932343234613565373264363839323130363730323436306638306634356266653731
|
||||
30333238313361616338666334656130656639393830383633363035393131343863373162336464
|
||||
35386134656339306266633438636333333439336535306238393962376134633064376637383064
|
||||
32633565646230346533636339653466396338663936313734626265373232306230346434626533
|
||||
38613539646334303661633365643562613266303735666663356366383539666564616231366264
|
||||
66323533613131646631333864343238316166643631323633623339313861306163623363663034
|
||||
30656530316639646662653438636131393338323931386533313163393530633835623663353861
|
||||
30396665326539333964333333313833663762373463313930623033386362376135623732663330
|
||||
64323232613338353237303932623637353963633735636131356238623130616537366233303932
|
||||
34626565353963386533393936333636666337323737623738663537616464333032373930363761
|
||||
31303035623636633537633739316135396661326330653366666562633835326565663563653662
|
||||
66643634346263336530303936393030313063623962306664613465636630613265363834613766
|
||||
39383130313031636437343662393932633033393638323664376265343765666465326238616634
|
||||
38366433306232313461346661396230636164383932383031653631663164383462633132363330
|
||||
30333237383435346566336463353439663932653036323736316630366465323734616435343737
|
||||
66613935323434306334323733313838356635396166616133633036343330656665333535373030
|
||||
36306632346239333832616434373361303465663232393732636338663764386666356335663734
|
||||
64376230666339363763373637333033663232323466356538653738393931316337653566336664
|
||||
61653931626464623935663630613262366633383934393535303565343239383139386461613237
|
||||
34363735306136323338643731316336343866373032343964376630663765383334653262333532
|
||||
62313136326562353463623161353538336436663330303361333763353365623333383830353736
|
||||
353834646363363865643138663131653333
|
||||
30373832336334383031646564333333653031653261353835306230386636653566316661303737
|
||||
6364386435343864386361393466663839663563363430370a303030613533363830626134363862
|
||||
37376436353530383662643338373936313566313165376134656532356139666136313635383635
|
||||
3961666334376565640a646130383664323466616566316539636663643338306162353162393065
|
||||
33663031643362323434623836336664643762303139303031613065346661323262383938623764
|
||||
35323862623835623037343537313533333362306666396237333839313835303665306130623933
|
||||
63333038666232643936353062353562316263306338623161636463376132343665393139333434
|
||||
38373165343465343131616130613739633437636361663563373730643631663534383735663266
|
||||
35383535383732636236383831626130633333633535386430356666393533386562636633333365
|
||||
61666136353163396462346535326631626238356430636465636464373634313765653735666436
|
||||
38313435326330346131376332663161323061323633636363336662333135623265366139653831
|
||||
64616333303464373331323562613433343935343731393531333063346130653462616535396562
|
||||
66653935313339373339626139376139623335353761656638653666333632383037366665623739
|
||||
37666539346165616165653633643661356638326333396364626465373662343134386336373637
|
||||
31356531363062346533323835343666623062373239313435363863373133366131326430363963
|
||||
61343438366532346631313532643363343932636566336338383138623138363761663533306463
|
||||
33386333663261633464333264616161366164376262646265366431346330363834626138656662
|
||||
35613063303735653039303664343065386663616335343433386264346635343639636432653633
|
||||
30393137663230323764376434383966363335663831633634613564626366646563343937386435
|
||||
31303237356332313432306163356531656364323032636338636264356636393137383066353961
|
||||
36363266393166306439663764326339373037303063653036383733656237653930376262623963
|
||||
64663462306161366530343232336436353237303565323939353534653863653736373033633132
|
||||
38323736663961373938363862663262623030643532623761303036616438373665646263613730
|
||||
66393436623339333035393237343734636561656363643938373539316435313337363531333335
|
||||
61656139643035366361316630623630646664323438346466353234396233376634376230313638
|
||||
30646630623362333334656533326164343831646463623965383461336336303362386134366463
|
||||
37633030363636636161303735333734323939323534313131343837663634643830383836653864
|
||||
63313834623439636439643734376134316334326337316337623437333566303537303030373662
|
||||
63383630633564393164356534646562656139653063306438646164383437356635616337333234
|
||||
61633066323636666135303761373863373934623135323163356434323231363965346264373363
|
||||
65356139396636326538326166636338353536623432626363643566333165376331666131393061
|
||||
30666436306137643333616365333165346363633061363534313662306430613433623461393439
|
||||
38353037303064306631303461386163316135663636613534313037666361363935613763373835
|
||||
64666465383238366335383635363962313534313937326338663134316439346638393164363463
|
||||
62393835383734316232623039656231303234613132373634363564346635663938613762623733
|
||||
64353437623031643066643832313039623763663238393933326563646637623333356661313336
|
||||
63616462333261316130666365336261343639353737346438666237653430326531323437626664
|
||||
61623863613336333232666139343534636433653333336661626436343332373363306337666466
|
||||
61353532613630626564666437363766343834646632333266396630393261343965336537333632
|
||||
33653934646265663833366562343331363763653961326132353530636166363135336436303362
|
||||
64373262666666633961393537623036363763323262303435333036633362623366383765333764
|
||||
66656338636634636265343066386332643332653433623838386630373930363065386433316630
|
||||
39653834326533306161616366333761626165653233646462336566633664663836376337663961
|
||||
62366335626132323661356362643564633634366331303663336336643535383039663964393330
|
||||
30353966373862643038626532313539373666646161373437656635633033666166323664316162
|
||||
64363632366337356234376265333164393261656634313133343966643364666535383532663931
|
||||
65643764393363383732313637333734323137383830643533383330373465363861653138356563
|
||||
63356338653066623630333639336535613939313663663865616562653038356661356539373439
|
||||
38656337613835613939623736623234356234623932643130613437643333356333306166623835
|
||||
35643133383466313861373236333435326633326232366233656538663261396663326563386437
|
||||
39663633653230343063663663373430333933353931313638346239626538386361343866353933
|
||||
32366439633137626239373938646264663537373135373031653062663465376332646561383431
|
||||
35386532303134323463633761323165333831626566393966376561303261373832313336623439
|
||||
39653631383638393364333061663839323632343638326330323064303036386162666334633066
|
||||
65356636366664373165383163316465383566646530633561376266356636306263653039613361
|
||||
36326165336135636438666132386366356230326435393234333862663432633364333430316266
|
||||
32373230323735623162353938373466623337303765366665316530323731316233643266633930
|
||||
62643737326661613961313430333763663035646262626264323639383635343264326535363263
|
||||
62393235326631343035346530613631316638643661653164356134663163383235613330353030
|
||||
63616532346363376361643334666233656664303837333237326366623136313937633961613434
|
||||
35393834313538353936383638303466316234366665353832386430616131326365613635303338
|
||||
65343130373032323538333364313633353966343561373366613831396463363961326561313366
|
||||
34323833363761386433633961636266326632356331613563306230663739613134623532626532
|
||||
38316531346636323361613331646332373661613665626338646161393332656434663139396164
|
||||
64613962363635396538343365616665626439623466316334356638653733303338363264633361
|
||||
31393237393964613062356566303361623933346537383032303530623232666166643436313164
|
||||
36373435656234313639303463663861653661323737343232386230303131613962353132633261
|
||||
61333739393831313630663864626535623832326535653437383932356163656533313231306566
|
||||
33663231336461323464316138366232346432333937613335623966353235646235346231636436
|
||||
30616533343330373263666136373234303061383632396530303734633361613133613735356162
|
||||
31643835313463623034393530373933386630393064306465336234373763646437376263306365
|
||||
39663436623430316362356261383064656530393330313662373731316135633937313432646630
|
||||
39646431653663386432323961663530643436663436313461663264656134353231386365323931
|
||||
34323438306363306537363137393830666463313462336631636438323365626334643162333466
|
||||
63626334623433666431316339383830336438666139383437383132613831343237376134346563
|
||||
63633337633262303561353862313137383563343336636366626238396636313765623334376432
|
||||
31336436383532646532663636333461343635363933313533613539626664393061646237376431
|
||||
39613337333730373263353836353731356264653131356535323532623862323262353862386535
|
||||
34323764646137353063303237396464303666643132313861633534616637323363663238653362
|
||||
62303336356237376534333534656262383433306266333663343535376664383034356662613663
|
||||
37343365363436346538646334363833323731636533316664316632366162346535633463306439
|
||||
36633336623632383736363761396331303239376535316230323339616163363230663030393761
|
||||
30623461646130326338613262373135656264393963326364373065663030366566383036396464
|
||||
66613130373435383236383430353262356537323038663665633631343838383433613062316432
|
||||
66616233343938326236323364623965643364356565316666663338306133643738393638393532
|
||||
32636662663066353132363065353939613161383765663538333233316165613537646162383136
|
||||
32313434663834396165336236333763646435643163393938346234646563386639386234303163
|
||||
35313537636564323366376337643465373162306138613561326462633035343638326533386330
|
||||
31646436356264393832313265663238363765313639336431346166356261356430366162396531
|
||||
61376234616631393435613837663036613663373334393066366366353966626266303562666134
|
||||
32333763373936376663343233663165313332336263656234346234356465653462316531313737
|
||||
34386566346132313639613465336634613737616331306164313866316530623832616565353936
|
||||
36383930306563336634383234356536633638303833636535386535343937383865386232626238
|
||||
31653235303336656466636363323333656333343037633935613964306664393931623938396537
|
||||
65346136626665653933346639613261313666633736323735633265633762356462353739363636
|
||||
31616333653831343631333736376433326135313963643363663766323065366538393437366631
|
||||
65363332643066666663316134613430613239383666313135663839643236346537303238316533
|
||||
34323432653863323966366461653361356232356466316162653739346563643138643965313363
|
||||
64663266376461383066613538613134333638316333646363333537646132643836363136303336
|
||||
64353431393133353666333865376139316664306434356464623563643733353763633738336261
|
||||
36626130366362393061626434333365373164373037303439316263316530323333663261346232
|
||||
39303463646364633562656565646235616637363464636631333138363663306531313464643535
|
||||
30353738636162373866356438356237343837623136366365613739383234633335306431646139
|
||||
65353565316530313461333863353161383464323439643132653136613962613133303731346162
|
||||
66653237323738333537356464323362383062326531613039386235633063336666316631326366
|
||||
32316233373237333163373532336633326565396237363432323236393231396435323365653139
|
||||
36313732353437656231373334613732613063306634666235643330386463653338306162663965
|
||||
34623933356231643861353733613933326332326539303036366431383937383132616138663965
|
||||
39393631313635653035636339663034373862376534663365333863393531346236373038653031
|
||||
35343065316533653639356366306230656362646239373138386439613161366162633361356563
|
||||
61356461356362613063346530356634333839376637383762353437666430653439613831303032
|
||||
31653564633362623232616330623134306638306262613135663861396338643363663266313732
|
||||
62373732323134303335383165323164393737376338636134313265383963343936303863336431
|
||||
38356337383537393630323939653063396366653735643437343261336362313765383833313337
|
||||
65306435326531306630623236643438356337636364636437396533663361336338316133306237
|
||||
34666561393730346132366339333361623631316636323263666462353533336161663731613434
|
||||
30643338653264643636373735353130396436613231303535323965656439393932366262313837
|
||||
33386333653534613763663133396430633938653737646132303566643863316666636238613864
|
||||
38646137346163643933363736626662343863636533323563343438646539376535626464393863
|
||||
63346435643138326134316638346139643635373064316631643265313437343466383536396265
|
||||
36643236323933626663366663396636343835623861653361653239643138366138373338353939
|
||||
65383836353334386432393132376433323831393461303133313631333634353938316166336539
|
||||
64626633386262346136386336313432636365333861643463613264393264643331336361626361
|
||||
37373333323935323663663561333630333565633665653836356632373337356165623166656538
|
||||
62336437356431393136303037633662663762306436373538323135316130356165616366366336
|
||||
34363235623133363961363462383934373830396133356232303938656131386632666133633062
|
||||
64323330633731616264393263326137353434373538623537646431646133646234353034326462
|
||||
64306139353834616639613638326238386632363232356338306337623136326563653334666564
|
||||
64353765343630306535653430376431343132396232303466393964383333613666626561333766
|
||||
34646430616231633061366332323337336462363437626166363561363232353563633563323332
|
||||
33616534643335343832393164646434636430363366333037666539626132376161303731386561
|
||||
36663830303433343932366661343536623865303438366132313832386637643063663439353038
|
||||
65643335353163316533306633363037616232383530393839616334663336306237303531613832
|
||||
65636663336239376235643036623032646331663962633430633161306539646464656131623163
|
||||
346539663562636361616135326237383664
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
- hosts: webservers
|
||||
roles:
|
||||
- role: vaultwarden
|
||||
db_url: postgresql://vaultwarden:{{ vaultwarden_postgresql_password }}@postgresql:5432/vaultwarden
|
||||
db_url: postgresql://vaultwarden:{{ postgresql_users.vaultwarden }}@postgresql:5432/vaultwarden
|
||||
|
|
Loading…
Reference in a new issue