├── .ansible-lint
├── .gitattributes
├── .github
└── workflows
│ └── ansible-lint.yml
├── .gitignore
├── .pre-commit-config.yaml
├── LICENSE
├── README.md
├── ansible.cfg
├── assets
├── dodger_logo.png
└── dodger_logo.svg
├── dodger_deploy.yml
├── inventory.example.yml
├── requirements.txt
├── requirements.yml
├── roles
├── crowdsec
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── config.yaml
│ │ ├── nginx.yml
│ │ ├── traefik.yml
│ │ └── whitelist-de.yml
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ │ ├── firewall_bouncer.yml
│ │ └── main.yml
├── default
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ ├── hardening.yml
│ │ └── main.yml
├── docker
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── gitlab
│ ├── LICENSE
│ ├── README.md
│ ├── defaults
│ │ └── main.yml
│ ├── gitlab-runner-register.sh
│ └── tasks
│ │ ├── install_gitlab_runner.yml
│ │ └── main.yml
├── homer
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ │ └── config.yml.j2
├── hugo
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── matrix
│ ├── LICENSE
│ ├── README.md
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ ├── install_signal_bridge.yml
│ │ ├── install_telegram_bridge.yml
│ │ ├── install_whatsapp_bridge.yml
│ │ └── main.yml
│ └── templates
│ │ ├── homeserver.yaml.j2
│ │ ├── matrix.log.config
│ │ └── nginx
│ │ ├── matrix.conf.j2
│ │ └── www
│ │ └── .well-known
│ │ └── matrix
│ │ ├── client.j2
│ │ └── server.j2
├── nextcloud
│ ├── LICENSE
│ ├── README.md
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── openldap
│ ├── LICENSE
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── traefik
│ ├── LICENSE
│ ├── README.md
│ ├── defaults
│ │ └── main.yml
│ └── tasks
│ │ └── main.yml
├── watchtower
│ ├── LICENSE
│ └── tasks
│ │ └── main.yml
└── wazuh
│ └── README.md
└── vars
├── macos.yml
└── users.yml
/.ansible-lint:
--------------------------------------------------------------------------------
1 | ---
2 | exclude_paths:
3 | - .cache/
4 | - .github/
5 | - inventory.yml
6 | - ${HOME}/.ansible/
7 | - .pre-commit-config.yaml
8 | - pre-commit-config.yaml
9 | - "**/files"
10 | - files
11 | - .yamllint
12 | - inventories/*
13 | - "*/.ansible/*"
14 |
15 | skip_list:
16 | - "command-instead-of-module"
17 | - "name[template]"
18 | - "jinja[invalid]"
19 | - "role-name[path]"
20 | - "var-naming[no-role-prefix]"
21 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.zip filter=lfs diff=lfs merge=lfs -text
2 |
--------------------------------------------------------------------------------
/.github/workflows/ansible-lint.yml:
--------------------------------------------------------------------------------
1 | name: ansible-lint
2 | on:
3 | pull_request:
4 | branches: ["main", "stable", "release/v*"]
5 | jobs:
6 | build:
7 | name: Ansible Lint # Naming the build is important to use it as a status check
8 | runs-on: ubuntu-latest
9 | steps:
10 | - uses: actions/checkout@v4
11 | - name: Run ansible-lint
12 | uses: ansible/ansible-lint@main # or version tag instead of 'main'
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ftb/world/
2 | *.zip
3 | db
4 | wordpress
5 | ./**/.venv
6 | .venv
7 | .vscode
8 | .DS_Store
9 | pw_vault.txt
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | repos:
2 | # Docker hooks
3 | - repo: https://github.com/IamTheFij/docker-pre-commit
4 | rev: v3.0.1
5 | hooks:
6 | - id: docker-compose-check
7 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 Stefan Machmeier
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 
5 |
6 | Be sure to :star: my configuration repo so you can keep up to date on any daily progress!
7 |
8 |
9 | 
10 | 
11 | 
12 |
13 |
Created with ❤️ with bulma, vuejs & font awesome // Fork me on
' # set false if you want to hide it.
9 |
10 | # Optional theme customization
11 | theme: default
12 | colors:
13 | light:
14 | highlight-primary: "#ff6d3e"
15 | highlight-secondary: "#4285f4"
16 | highlight-hover: "#5a95f5"
17 | background: "#f5f5f5"
18 | card-background: "#ffffff"
19 | text: "#363636"
20 | text-header: "#ffffff"
21 | text-title: "#303030"
22 | text-subtitle: "#424242"
23 | card-shadow: rgba(0, 0, 0, 0.1)
24 | link-hover: "#363636"
25 | dark:
26 | highlight-primary: "#ff6d3e"
27 | highlight-secondary: "#4285f4"
28 | highlight-hover: "#5a95f5"
29 | background: "#131313"
30 | card-background: "#2b2b2b"
31 | text: "#eaeaea"
32 | text-header: "#ffffff"
33 | text-title: "#fafafa"
34 | text-subtitle: "#f5f5f5"
35 | card-shadow: rgba(0, 0, 0, 0.4)
36 | link-hover: "#ffdd57"
37 |
38 | # Optional message
39 | message:
40 | #url: https://b4bz.io
41 | style: "is-dark" # See https://bulma.io/documentation/components/message/#colors for styling options.
42 | title: "Tips & Tricks"
43 | icon: "fa fa-grin"
44 | content: "This is a quick link page to all runing applications.
"
45 |
46 | # Optional navbar
47 | links:
48 | - name: "Contribute"
49 | icon: "fab fa-github"
50 | url: "https://github.com/stefanDeveloper"
51 | target: "_blank" # optional html a tag target attribute
52 |
53 | # Services
54 | services:
55 | - name: "Cloud"
56 | icon: "fas fa-cloud"
57 | items:
58 | - name: "NextCloud"
59 | subtitle: "Cloud like OneDrive, supports chats and video calls"
60 | tag: "cloud"
61 | url: "https://{{ nextcloud_domain }}"
62 | target: "_blank"
63 | - name: "Monitoring"
64 | icon: "fas fa-server"
65 | items:
66 | - name: "GitLab"
67 | subtitle: "Git repository with runner"
68 | tag: "git"
69 | url: "https://{{ gitlab_domain }}/"
70 | target: "_blank"
71 | - name: "Monitoring"
72 | icon: "fas fa-cloud"
73 | items:
74 | - name: "Traefik"
75 | subtitle: "Reverse proxy"
76 | tag: "reverse-proxy"
77 | url: "https://{{ traefik_domain }}/"
78 | target: "_blank"
79 | - name: "Wazuh"
80 | subtitle: "Docker container maintaining and monitoring"
81 | tag: "docker"
82 | url: "https://{{ wazuh_domain }}/"
83 | target: "_blank"
84 |
--------------------------------------------------------------------------------
/roles/hugo/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/hugo/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | hugo_docker_path: "{{ dodger_dir }}/hugo"
4 |
5 | # code: language=ansible
6 |
--------------------------------------------------------------------------------
/roles/hugo/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Download Gitlab repository
4 | delegate_to: "localhost"
5 | become_user: "{{ hugo_local_user }}"
6 | ansible.builtin.git:
7 | repo: "{{ hugo_git_reposity }}"
8 | dest: "/tmp/{{ hugo_git_folder }}"
9 | force: true
10 | changed_when: false
11 |
12 | - name: Build repository
13 | delegate_to: "localhost"
14 | become_user: "{{ hugo_local_user }}"
15 | ansible.builtin.command:
16 | chdir: "/tmp/{{ hugo_git_folder }}"
17 | cmd: "{{ item }}"
18 | changed_when: false
19 | with_items:
20 | - npm install
21 | - npm run build
22 |
23 | - name: Create folder for hugo
24 | ansible.builtin.file:
25 | path: "{{ item }}"
26 | state: directory
27 | mode: 0700
28 | owner: "{{ dodger_user }}"
29 | group: "{{ dodger_group }}"
30 | with_items:
31 | - "{{ hugo_docker_path }}"
32 | - "{{ hugo_docker_path }}/{{ hugo_git_folder }}"
33 |
34 | - name: Copy files
35 | ansible.builtin.copy:
36 | src: "/tmp/{{ hugo_git_folder }}/public"
37 | dest: "{{ hugo_docker_path }}/{{ hugo_git_folder }}"
38 | mode: 0755
39 | owner: 101
40 | group: 101
41 |
42 | - name: Start docker container
43 | community.docker.docker_container:
44 | name: "hugo-website"
45 | hostname: "hugo-website"
46 | image: "nginx:alpine"
47 | networks:
48 | - name: proxy
49 | volumes:
50 | - "{{ hugo_docker_path }}/{{ hugo_git_folder }}/public:/usr/share/nginx/html"
51 | labels:
52 | traefik.enable: "true"
53 | traefik.http.routers.hugo_private.rule: "Host(`{{ hugo_domain }}`)"
54 | traefik.http.routers.hugo_private.entrypoints: "websecure"
55 | traefik.http.routers.hugo_private.tls.certresolver: "mytlschallenge"
56 |
57 |
58 |
59 |
60 | # code: language=ansible
61 |
--------------------------------------------------------------------------------
/roles/matrix/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/matrix/README.md:
--------------------------------------------------------------------------------
1 | # Synapse Matrix Server
2 |
3 | ## Bridges
4 |
5 | > For more information, please read the official documentation of Mautrix https://docs.mau.fi/bridges/index.html
6 |
7 | Supported bridges in this setting
8 |
9 | - [Signal](tasks/install_signal_bridge.yml)
10 | - [Telegram](tasks/install_telegram_bridge.yml)
11 | - [WhatsApp](tasks/install_whatsapp_bridge.yml)
12 |
--------------------------------------------------------------------------------
/roles/matrix/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | matrix_docker_path: "{{ dodger_dir }}/matrix"
4 |
5 | matrix_db_name: "synapse"
6 | matrix_db_user: "synapse"
7 |
8 | mautrix_whatsapp_db_name: "synapse"
9 | mautrix_whatsapp_db_user: "synapse"
10 |
11 | mautrix_telegram_db_name: "synapse"
12 | mautrix_telegram_db_user: "synapse"
13 |
14 | mautrix_signal_db_name: "mautrixsignal"
15 | mautrix_signal_db_user: "mautrixsignal"
16 |
17 | # code: language=ansible
18 |
--------------------------------------------------------------------------------
/roles/matrix/tasks/install_signal_bridge.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install Mautrix Signal container
4 | community.docker.docker_container:
5 | name: "mautrix-signal"
6 | hostname: "mautrix-signal"
7 | image: "dock.mau.dev/mautrix/signal:latest"
8 | restart_policy: unless-stopped
9 | networks:
10 | - name: proxy
11 | volumes:
12 | - "{{ matrix_docker_path }}/matrix-synapse-files/matrix-signal:/data"
13 |
14 | - name: Install Signald container
15 | community.docker.docker_container:
16 | name: "signald"
17 | hostname: "signald"
18 | image: "docker.io/signald/signald"
19 | restart_policy: unless-stopped
20 | networks:
21 | - name: proxy
22 | volumes:
23 | - "{{ matrix_docker_path }}/signald:/signald"
24 |
25 | - name: Install Postgresql for Matrix container
26 | community.docker.docker_container:
27 | name: "mautrix-signal-db"
28 | hostname: "mautrix-signal-db"
29 | image: postgres:13-alpine
30 | restart_policy: unless-stopped
31 | env:
32 | POSTGRES_DB: "{{ mautrix_signal_db_name }}"
33 | POSTGRES_USER: "{{ mautrix_signal_db_user }}"
34 | POSTGRES_PASSWORD: "{{ mautrix_signal_db_password }}"
35 | POSTGRES_INITDB_ARG: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
36 | networks:
37 | - name: proxy
38 | volumes:
39 | - "{{ matrix_docker_path }}/matrix-signal-schemas:/var/lib/postgresql/data"
40 |
41 | # code: language=ansible
42 |
--------------------------------------------------------------------------------
/roles/matrix/tasks/install_telegram_bridge.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install Mautrix Telegram container
4 | community.docker.docker_container:
5 | name: "mautrix-telegram"
6 | hostname: "mautrix-telegram"
7 | image: "dock.mau.dev/mautrix/telegram:latest"
8 | restart_policy: unless-stopped
9 | networks:
10 | - name: proxy
11 | volumes:
12 | - "{{ matrix_docker_path }}/matrix-synapse-files/matrix-telegram:/data"
13 |
14 | - name: Install Postgresql for Matrix container
15 | community.docker.docker_container:
16 | name: "mautrix-telegram-db"
17 | hostname: "mautrix-telegram-db"
18 | image: postgres:12-alpine
19 | restart_policy: unless-stopped
20 | env:
21 | POSTGRES_DB: "{{ mautrix_telegram_db_name }}"
22 | POSTGRES_USER: "{{ mautrix_telegram_db_user }}"
23 | POSTGRES_PASSWORD: "{{ mautrix_telegram_db_password }}"
24 | POSTGRES_INITDB_ARG: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
25 | networks:
26 | - name: proxy
27 | volumes:
28 | - "{{ matrix_docker_path }}/matrix-telegram-schemas:/var/lib/postgresql/data"
29 |
30 | # code: language=ansible
31 |
--------------------------------------------------------------------------------
/roles/matrix/tasks/install_whatsapp_bridge.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Install Mautrix WhatsApp container
4 | community.docker.docker_container:
5 | name: "mautrix-whatsapp"
6 | hostname: "mautrix-whatsapp"
7 | image: "dock.mau.dev/mautrix/whatsapp:latest"
8 | restart_policy: unless-stopped
9 | networks:
10 | - name: proxy
11 | volumes:
12 | - "{{ matrix_docker_path }}/matrix-synapse-files/matrix-whatsapp:/data"
13 |
14 | - name: Install Postgresql for Matrix container
15 | community.docker.docker_container:
16 | name: "mautrix-whatsapp-db"
17 | hostname: "mautrix-whatsapp-db"
18 | image: postgres:12-alpine
19 | restart_policy: unless-stopped
20 | env:
21 | POSTGRES_DB: "{{ mautrix_whatsapp_db_name }}"
22 | POSTGRES_USER: "{{ mautrix_whatsapp_db_user }}"
23 | POSTGRES_PASSWORD: "{{ mautrix_whatsapp_db_password }}"
24 | POSTGRES_INITDB_ARG: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
25 | networks:
26 | - name: proxy
27 | volumes:
28 | - "{{ matrix_docker_path }}/matrix-whatsapp-schemas:/var/lib/postgresql/data"
29 |
30 | # code: language=ansible
31 |
--------------------------------------------------------------------------------
/roles/matrix/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # - name: Create folder for Matrix
4 | # ansible.builtin.file:
5 | # path: "{{ item.path }}"
6 | # state: directory
7 | # mode: "{{ item.mode }}"
8 | # owner: "{{ item.owner }}"
9 | # group: "{{ item.group }}"
10 | # recurse: true
11 | # with_items:
12 | # - { path: "{{ matrix_docker_path }}", group: root, owner: root, mode: "0700" }
13 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-files", group: "991", owner: "991", mode: "0700" }
14 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-schemas", group: "70", owner: "70", mode: "0700" }
15 | # - { path: "{{ matrix_docker_path }}/matrix-signal-schemas", group: "70", owner: "70", mode: "0700" }
16 | # - { path: "{{ matrix_docker_path }}/matrix-telegram-schemas", group: "70", owner: "70", mode: "0700" }
17 | # - { path: "{{ matrix_docker_path }}/matrix-whatsapp-schemas", group: "70", owner: "70", mode: "0700" }
18 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-nginx", group: root, owner: root, mode: "0700" }
19 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-nginx/www", group: root, owner: root, mode: "0755" }
20 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-nginx/www/.well-known", group: root, owner: root, mode: "0755" }
21 | # - { path: "{{ matrix_docker_path }}/matrix-synapse-nginx/www/.well-known/matrix", group: root, owner: root, mode: "0755" }
22 |
23 | # - name: Copy homeserver configuration
24 | # ansible.builtin.template:
25 | # src: homeserver.yaml.j2
26 | # dest: "{{ matrix_docker_path }}/matrix-synapse-files/homeserver.yaml"
27 | # mode: 0700
28 | # owner: 991
29 | # group: 991
30 |
31 | # - name: Copy NGINX configuration
32 | # ansible.builtin.template:
33 | # src: nginx/matrix.conf.j2
34 | # dest: "{{ matrix_docker_path }}/matrix-synapse-nginx/matrix.conf"
35 | # mode: 0700
36 | # owner: root
37 | # group: root
38 |
39 | # - name: Copy NGINX configuration
40 | # ansible.builtin.template:
41 | # src: nginx/www/.well-known/matrix/{{ item }}.j2
42 | # dest: "{{ matrix_docker_path }}/matrix-synapse-nginx/www/.well-known/matrix/{{ item }}"
43 | # mode: 0755
44 | # owner: root
45 | # group: root
46 | # with_items:
47 | # - client
48 | # - server
49 |
50 | - name: Install Matrix container
51 | community.docker.docker_container:
52 | name: "matrix-synapse"
53 | hostname: "matrix-synapse"
54 | image: matrixdotorg/synapse:latest
55 | restart_policy: unless-stopped
56 | env:
57 | SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
58 | ports:
59 | - "8448:8448/tcp"
60 | labels:
61 | traefik.enable: "true"
62 | traefik.http.routers.synapse.rule: "Host(`{{ matrix_synapse_domain }}`)"
63 | traefik.http.routers.synapse.entrypoints: "websecure"
64 | traefik.http.routers.synapse.tls.certresolver: "mytlschallenge"
65 | traefik.http.services.synapse.loadbalancer.server.port: "8008"
66 | networks:
67 | - name: proxy
68 | volumes:
69 | - "{{ matrix_docker_path }}/matrix-synapse-files:/data"
70 |
71 | - name: Install NGINX container
72 | community.docker.docker_container:
73 | name: "matrix-synapse-nginx"
74 | hostname: "matrix-synapse-nginx"
75 | image: nginx:latest
76 | restart_policy: unless-stopped
77 | labels:
78 | traefik.enable: "true"
79 | traefik.http.routers.nginx.rule: "Host(`{{ matrix_domain }}`)"
80 | traefik.http.routers.nginx.entrypoints: "websecure"
81 | traefik.http.routers.nginx.tls.certresolver: "mytlschallenge"
82 | traefik.http.services.nginx.loadbalancer.server.port: "80"
83 | networks:
84 | - name: proxy
85 | volumes:
86 | - "{{ matrix_docker_path }}/matrix-synapse-nginx/matrix.conf:/etc/nginx/conf.d/default.conf"
87 | - "{{ matrix_docker_path }}/matrix-synapse-nginx/www:/var/www/"
88 | - "/var/log/nginx:/var/log/nginx/"
89 |
90 | - name: Install Postgresql for Matrix container
91 | community.docker.docker_container:
92 | name: "matrix-synapse-db"
93 | hostname: "matrix-synapse-db"
94 | image: postgres:12-alpine
95 | restart_policy: unless-stopped
96 | env:
97 | POSTGRES_DB: "{{ matrix_db_name }}"
98 | POSTGRES_USER: "{{ matrix_db_user }}"
99 | POSTGRES_PASSWORD: "{{ matrix_db_password }}"
100 | POSTGRES_INITDB_ARG: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
101 | networks:
102 | - name: proxy
103 | volumes:
104 | - "{{ matrix_docker_path }}/matrix-synapse-schemas:/var/lib/postgresql/data"
105 |
106 | - name: Include bridges
107 | ansible.builtin.include_tasks:
108 | file: "{{ item }}"
109 | with_items:
110 | - "install_signal_bridge.yml"
111 | - "install_telegram_bridge.yml"
112 | - "install_whatsapp_bridge.yml"
113 |
114 |
115 | # code: language=ansible
116 |
--------------------------------------------------------------------------------
/roles/matrix/templates/homeserver.yaml.j2:
--------------------------------------------------------------------------------
1 | # Configuration file for Synapse.
2 | #
3 | # This is a YAML file: see [1] for a quick introduction. Note in particular
4 | # that *indentation is important*: all the elements of a list or dictionary
5 | # should have the same indentation.
6 | #
7 | # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
8 | #
9 | # For more information on how to configure Synapse, including a complete accounting of
10 | # each option, go to docs/usage/configuration/config_documentation.md or
11 | # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
12 | server_name: "{{ matrix_domain }}"
13 | public_baseurl: https://{{ matrix_synapse_domain }}/
14 | pid_file: /data/homeserver.pid
15 | listeners:
16 | - port: 8008
17 | tls: false
18 | type: http
19 | x_forwarded: true
20 | resources:
21 | - names: [client, federation]
22 | compress: false
23 | database:
24 | name: psycopg2
25 | args:
26 | user: {{ matrix_db_user }}
27 | password: {{ matrix_db_password }}
28 | database: {{ matrix_db_name }}
29 | host: matrix-synapse-db
30 | cp_min: 5
31 | cp_max: 10
32 | log_config: "/data/matrix.log.config"
33 | media_store_path: /data/media_store
34 | registration_shared_secret: "{{ matrix_registration_shared_secret }}"
35 | report_stats: true
36 | macaroon_secret_key: "{{ matrix_macaroon_secret_key }}"
37 | form_secret: "{{ matrix_form_secret }}"
38 | signing_key_path: "/data/matrix.signing.key"
39 | public_baseurl: https://{{ matrix_synapse_domain }}/
40 | app_service_config_files:
41 | - "/data/registration-signal.yaml"
42 | - "/data/registration-whatsapp.yaml"
43 | - "/data/registration-telegram.yaml"
44 | trusted_key_servers:
45 | - server_name: "{{ matrix_domain }}"
46 | enable_search: true
47 |
48 | user_directory:
49 | enabled: true
50 | search_all_users: true
51 |
52 | modules:
53 | - module: "ldap_auth_provider.LdapAuthProviderModule"
54 | config:
55 | enabled: true
56 | uri: "ldap://{{ openldap_hostname }}:{{ openldap_port}}"
57 | start_tls: false
58 | base: "{{ openldap_base_dn }}"
59 | mode: "search"
60 | attributes:
61 | uid: "uid"
62 | mail: "mail"
63 | name: "cn"
64 | bind_dn: "cn=admin,{{ openldap_base_dn }}"
65 | bind_password: "{{ openldap_password }}"
66 | filter: "(memberof=cn=matrix,ou=groups,{{ openldap_base_dn }})"
67 | tls_options:
68 | validate: false
69 |
--------------------------------------------------------------------------------
/roles/matrix/templates/matrix.log.config:
--------------------------------------------------------------------------------
1 | # Log configuration for Synapse.
2 | #
3 | # This is a YAML file containing a standard Python logging configuration
4 | # dictionary. See [1] for details on the valid settings.
5 | #
6 | # Synapse also supports structured logging for machine readable logs which can
7 | # be ingested by ELK stacks. See [2] for details.
8 | #
9 | # [1]: https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema
10 | # [2]: https://matrix-org.github.io/synapse/latest/structured_logging.html
11 |
12 | version: 1
13 |
14 | formatters:
15 | precise:
16 | format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
17 |
18 | handlers:
19 | file:
20 | class: logging.handlers.TimedRotatingFileHandler
21 | formatter: precise
22 | filename: /data/homeserver.log
23 | when: midnight
24 | backupCount: 3 # Does not include the current log file.
25 | encoding: utf8
26 |
27 | # Default to buffering writes to log file for efficiency.
28 | # WARNING/ERROR logs will still be flushed immediately, but there will be a
29 | # delay (of up to `period` seconds, or until the buffer is full with
30 | # `capacity` messages) before INFO/DEBUG logs get written.
31 | buffer:
32 | class: synapse.logging.handlers.PeriodicallyFlushingMemoryHandler
33 | target: file
34 |
35 | # The capacity is the maximum number of log lines that are buffered
36 | # before being written to disk. Increasing this will lead to better
37 | # performance, at the expensive of it taking longer for log lines to
38 | # be written to disk.
39 | # This parameter is required.
40 | capacity: 10
41 |
42 | # Logs with a level at or above the flush level will cause the buffer to
43 | # be flushed immediately.
44 | # Default value: 40 (ERROR)
45 | # Other values: 50 (CRITICAL), 30 (WARNING), 20 (INFO), 10 (DEBUG)
46 | flushLevel: 30 # Flush immediately for WARNING logs and higher
47 |
48 | # The period of time, in seconds, between forced flushes.
49 | # Messages will not be delayed for longer than this time.
50 | # Default value: 5 seconds
51 | period: 5
52 |
53 | # A handler that writes logs to stderr. Unused by default, but can be used
54 | # instead of "buffer" and "file" in the logger handlers.
55 | console:
56 | class: logging.StreamHandler
57 | formatter: precise
58 |
59 | loggers:
60 | synapse.storage.SQL:
61 | # beware: increasing this to DEBUG will make synapse log sensitive
62 | # information such as access tokens.
63 | level: INFO
64 | ldap3:
65 | level: DEBUG
66 | ldap_auth_provider:
67 | level: DEBUG
68 | root:
69 | level: DEBUG
70 |
71 | # Write logs to the `buffer` handler, which will buffer them together in memory,
72 | # then write them to a file.
73 | #
74 | # Replace "buffer" with "console" to log to stderr instead.
75 | #
76 | handlers: [buffer]
77 |
78 | disable_existing_loggers: false
--------------------------------------------------------------------------------
/roles/matrix/templates/nginx/matrix.conf.j2:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | server_name {{ matrix_domain }};
4 |
5 | # Traefik -> nginx -> synapse
6 | location /_matrix {
7 | proxy_pass http://matrix-synapse:8008; # If your nginx is in the same docker-compose file as mine you can leave this as is
8 | proxy_set_header X-Forwarded-For $remote_addr;
9 | client_max_body_size 128m;
10 | }
11 |
12 | location /.well-known/matrix/ {
13 | root /var/www/;
14 | types {}
15 | default_type application/json;
16 | add_header 'Access-Control-Allow-Origin' '*' always;
17 | }
18 | }
--------------------------------------------------------------------------------
/roles/matrix/templates/nginx/www/.well-known/matrix/client.j2:
--------------------------------------------------------------------------------
1 | {
2 | "m.homeserver": {
3 | "base_url": "https://{{ matrix_domain }}"
4 | }
5 | }
--------------------------------------------------------------------------------
/roles/matrix/templates/nginx/www/.well-known/matrix/server.j2:
--------------------------------------------------------------------------------
1 | {
2 | "m.server": "{{ matrix_synapse_domain }}:443"
3 | }
--------------------------------------------------------------------------------
/roles/nextcloud/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/nextcloud/README.md:
--------------------------------------------------------------------------------
1 | # Nextcloud
2 |
3 | ## Useful
4 |
5 | This is a summary of useful commands to maintain your Nextcloud instance. I covered some basics, so do not expect a hollistic list of useful commands
6 |
7 | ### Backup
8 |
9 | ```sh
10 | #!/bin/bash
11 | cd PATH_TO_YOUR_NEXTCLOUD
12 |
13 | # Set maintenance mode on
14 | docker exec --user www-data nextcloud_nextcloud_1 php occ maintenance:mode --on
15 |
16 | tar -czvg PATH_TO_YOUR_NEXTCLOUD/snapshot.file -f PATH_TO_YOUR_NEXTCLOUD/nextcloud-`date +%d-%m-%Y_%H-%M-%S`.tar.gz ./nextcloud-db ./redis ./nextcloud-www
17 |
18 | # Set maintenance mode off
19 | docker exec --user www-data nextcloud_nextcloud_1 php occ maintenance:mode --off
20 | ```
21 |
--------------------------------------------------------------------------------
/roles/nextcloud/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | nextcloud_docker_path: "{{ dodger_dir }}/nextcloud"
4 |
5 | nextcloud_postgres_username: nextcloud
6 | nextcloud_postgres_db: nextcloud
7 |
8 | # code: language=ansible
9 |
--------------------------------------------------------------------------------
/roles/nextcloud/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Create folder for nextcloud
4 | ansible.builtin.file:
5 | path: "{{ nextcloud_docker_path }}"
6 | state: directory
7 | mode: 0700
8 | owner: "{{ dodger_user }}"
9 | group: "{{ dodger_group }}"
10 |
11 | - name: Create Postgres DB Container
12 | community.docker.docker_container:
13 | name: nextcloud_postgres
14 | hostname: nextcloud_postgres
15 | image: postgres:13
16 | restart_policy: unless-stopped
17 | recreate: True
18 | tty: true
19 | interactive: true
20 | command: "postgres -c 'max_connections=999'"
21 | networks:
22 | - name: proxy
23 | env:
24 | POSTGRES_USER: "{{ nextcloud_postgres_username }}"
25 | POSTGRES_PASSWORD: "{{ nextcloud_postgres_password }}"
26 | POSTGRES_DB: "{{ nextcloud_postgres_db }}"
27 | volumes:
28 | - "{{ nextcloud_docker_path }}/nextcloud-db:/var/lib/postgresql/data"
29 |
30 | - name: Create Redis Container
31 | community.docker.docker_container:
32 | name: nextcloud_redis
33 | hostname: nextcloud_redis
34 | restart_policy: unless-stopped
35 | image: redis:latest
36 | command: "redis-server --requirepass {{ nextcloud_redis_password }}"
37 | networks:
38 | - name: proxy
39 | volumes:
40 | - "{{ nextcloud_docker_path }}/redis:/var/lib/redis"
41 |
42 | - name: Create ClamAV Container
43 | community.docker.docker_container:
44 | name: "nextcloud_clamav"
45 | hostname: "nextcloud_clamav"
46 | image: "clamav/clamav:stable_base"
47 | networks:
48 | - name: proxy
49 | volumes:
50 | - "{{ nextcloud_docker_path }}/clamav/virus_db/:/var/lib/clamav/"
51 | restart_policy: unless-stopped
52 |
53 | - name: Create Nextcloud container
54 | community.docker.docker_container:
55 | name: "nextcloud"
56 | hostname: "nextcloud"
57 | image: "nextcloud:latest"
58 | restart_policy: unless-stopped
59 | networks:
60 | - name: proxy
61 | labels:
62 | traefik.enable: "true"
63 | traefik.http.routers.nextcloud.middlewares: "nextcloud,nextcloud-dav"
64 | # traefik.http.routers.nextcloud.tls.certresolver: "mytlschallenge"
65 | traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
66 | traefik.http.routers.nextcloud.tls: "true"
67 | traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue: "ALLOW-FROM https://{{ domain }}"
68 | traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy: "frame-ancestors 'self' {{ domain }} *.{{ domain }}"
69 | traefik.http.middlewares.nextcloud.headers.customresponseheaders.X-Frame-Options: "SAMEORIGIN"
70 | traefik.http.middlewares.nextcloud.headers.stsSeconds: "155520011"
71 | traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains: "true"
72 | traefik.http.middlewares.nextcloud.headers.stsPreload: "true"
73 |
74 | traefik.http.middlewares.nextcloud-dav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
75 | traefik.http.middlewares.nextcloud-dav.redirectregex.replacement: "https://{{ nextcloud_domain }}/remote.php/dav/"
76 | env:
77 | POSTGRES_DB: "{{ nextcloud_postgres_db }}"
78 | POSTGRES_USER: "{{ nextcloud_postgres_username }}"
79 | POSTGRES_PASSWORD: "{{ nextcloud_postgres_password }}"
80 | POSTGRES_HOST: "nextcloud_postgres"
81 | NEXTCLOUD_ADMIN_USER: "admin"
82 | NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin_password }}"
83 | REDIS_HOST: "nextcloud_redis"
84 | REDIS_HOST_PASSWORD: "{{ nextcloud_redis_password }}"
85 | NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domain }}"
86 | TRUSTED_PROXIES: "172.18.0.0/16"
87 | OVERWRITEPROTOCOL: "https"
88 | volumes:
89 | - "{{ nextcloud_docker_path }}/nextcloud-www:/var/www/html"
90 |
91 | - name: Write nextcloud background job
92 | ansible.builtin.cron:
93 | name: nextcloud_background_job
94 | user: root
95 | job: /usr/local/bin/docker exec -u www-data nextcloud php /var/www/html/cron.php >/var/logs/cron.log 2>/var/log/cron_error.log
96 | # */5 * * * *
97 | minute: "*/5"
98 |
99 | # code: language=ansible
100 |
--------------------------------------------------------------------------------
/roles/openldap/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/openldap/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | openldap_docker_path: "{{ dodger_dir }}/openldap"
4 |
5 | # code: language=ansible
6 |
--------------------------------------------------------------------------------
/roles/openldap/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create folder for openldap
3 | ansible.builtin.file:
4 | path: "{{ openldap_docker_path }}"
5 | state: directory
6 | mode: 0700
7 | owner: "{{ dodger_user }}"
8 | group: "{{ dodger_group }}"
9 |
10 | - name: Create OpenLDAP container
11 | community.docker.docker_container:
12 | name: "openldap"
13 | hostname: "openldap"
14 | image: "osixia/openldap:latest"
15 | restart_policy: "unless-stopped"
16 | env:
17 | LDAP_BASE_DN: "{{ openldap_base_dn }}"
18 | LDAP_ORGANISATION: "Machmeier-IT"
19 | LDAP_DOMAIN: "{{ openldap_domain }}"
20 | LDAP_ADMIN_PASSWORD: "{{ openldap_password }}"
21 | LDAP_REPLICATION: "false"
22 | LDAP_READONLY_USER: "false"
23 | LDAP_TLS_VERIFY_CLIENT: never
24 | LDAP_RFC2307BIS_SCHEMA: "true"
25 | LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
26 | volumes:
27 | - "{{ openldap_docker_path }}/openldap_data:/var/lib/ldap"
28 | - "{{ openldap_docker_path }}/slapd_data:/etc/ldap/slapd.d"
29 | networks:
30 | - name: proxy
31 |
32 | - name: Create OpenLDAP Manager container
33 | community.docker.docker_container:
34 | name: openldap-manager
35 | hostname: "openldap-manager"
36 | image: wheelybird/ldap-user-manager:latest
37 | restart_policy: "unless-stopped"
38 | env:
39 | LDAP_REQUIRE_STARTTLS: "false"
40 | LDAP_TLS_VERIFY_CLIENT: "never"
41 | LDAP_URI: "ldap://{{ openldap_hostname }}"
42 | LDAP_BASE_DN: "{{ openldap_base_dn }}"
43 | LDAP_ADMINS_GROUP: "admins"
44 | LDAP_ADMIN_BIND_PWD: "{{ openldap_password }}"
45 | LDAP_ADMIN_BIND_DN: "cn=admin,{{ openldap_base_dn }}"
46 | SITE_NAME: "Machmeier-IT"
47 | SERVER_HOSTNAME: "https://{{ openldap_domain }}"
48 | NO_HTTPS: "true"
49 |
50 | SMTP_HOSTNAME: "{{ gitlab_smtp_address }}"
51 | SMTP_HOST_PORT: "{{ gitlab_smtp_port | string }}"
52 | SMTP_USERNAME: "{{ gitlab_smtp_mail }}"
53 | SMTP_PASSWORD: "{{ gitlab_smtp_password }}"
54 | SMTP_USE_TLS: "true"
55 | EMAIL_FROM_ADDRESS: "{{ gitlab_smtp_mail }}"
56 | EMAIL_FROM_NAME: "OpenLDAP Machmeier-IT"
57 | labels:
58 | traefik.enable: "true"
59 | traefik.http.routers.ldapmanager.rule: "Host(`{{ openldap_domain }}`)"
60 | traefik.http.routers.ldapmanager.entrypoints: "websecure"
61 | traefik.http.routers.ldapmanager.tls.certresolver: "mytlschallenge"
62 | traefik.http.services.ldapmanager.loadbalancer.server.port: "80"
63 | traefik.http.routers.ldapmanager.middlewares: "ldapmanager-auth"
64 | traefik.http.middlewares.ldapmanager-auth.basicauth.users: "admin:{SHA}{{ traefik_dashboard_password }}"
65 | networks:
66 | - name: proxy
67 |
68 | # code: language=ansible
69 |
70 |
--------------------------------------------------------------------------------
/roles/traefik/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/traefik/README.md:
--------------------------------------------------------------------------------
1 | # Traefik
2 |
3 | ## Prerequisite
4 |
5 | > Traefik is reverse proxy. It automically fetchs certificates from LetsEncrypt with EC384 encryption. This is just a default setting and can be adjusted anytime.
6 |
--------------------------------------------------------------------------------
/roles/traefik/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | traefik_docker_path: "{{ dodger_dir }}/traefik"
4 |
5 | lp_logrotate_confd:
6 | - path: traefik
7 | conf: |
8 | /var/log/traefik/traefik.log {
9 | weekly
10 | rotate 3
11 | size 100M
12 | compress
13 | delaycompress
14 | }
15 |
16 | # code: language=ansible
17 |
--------------------------------------------------------------------------------
/roles/traefik/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create folder for traefik
3 | ansible.builtin.file:
4 | path: "{{ traefik_docker_path }}"
5 | state: directory
6 | mode: 0700
7 | owner: "{{ dodger_user }}"
8 | group: "{{ dodger_group }}"
9 |
10 | - name: Create Traefik network
11 | community.docker.docker_network:
12 | name: proxy
13 | ipam_config:
14 | - subnet: 172.18.0.0/16
15 |
16 | - name: Create logrotate for Traefik
17 | ansible.builtin.blockinfile:
18 | path: "/etc/logrotate.d/{{ item.path }}"
19 | block: "{{ item.conf }}"
20 | create: true
21 | loop: "{{ lp_logrotate_confd }}"
22 |
23 | - name: Start Traefik
24 | community.docker.docker_container:
25 | name: traefik
26 | hostname: traefik
27 | image: "traefik:latest"
28 | restart_policy: unless-stopped
29 | command:
30 | - "--api=true"
31 | - "--accesslog=true"
32 | # - "--accesslog.filepath=/var/log/traefik/traefik.log"
33 | - "--api.dashboard=true"
34 | - "--providers.docker=true"
35 | - "--providers.docker.exposedbydefault=false"
36 | - "--entrypoints.web.address=:80"
37 | - "--entrypoints.websecure.address=:443"
38 | # - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
39 | # - "--certificatesresolvers.mytlschallenge.acme.email={{ traefik_mail }}"
40 | # - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
41 | # - "--certificatesresolvers.mytlschallenge.acme.keytype=EC384"
42 | # - "--certificatesresolvers.mytlschallenge.acme.preferredchain='ISRG Root X1'"
43 | ports:
44 | # The HTTP port
45 | - "80:80"
46 | # The Web UI (enabled by --api.insecure=true)
47 | - "443:443"
48 | volumes:
49 | # - "{{ traefik_docker_path }}/letsencrypt:/letsencrypt"
50 | # - "/var/log/traefik/:/var/log/traefik/"
51 | - "/var/run/docker.sock:/var/run/docker.sock:ro"
52 | labels:
53 | traefik.enable: "true"
54 | # Dashboard
55 | traefik.http.routers.traefik.rule: "Host(`{{ traefik_domain }}`)"
56 | traefik.http.routers.traefik.service: "api@internal"
57 | # traefik.http.routers.traefik.tls.certresolver: "mytlschallenge"
58 | traefik.http.routers.traefik.entrypoints: "websecure"
59 | traefik.http.routers.traefik.tls: "true"
60 | # traefik.http.routers.traefik.middlewares: "dashboardauth"
61 | # traefik.http.middlewares.dashboardauth.basicauth.users: "admin:{SHA}{{ traefik_dashboard_password }}"
62 |
63 | # Global redirection: http to https
64 | traefik.http.routers.http-catchall.rule: "HostRegexp(`{host:(www.)?.+}`)"
65 | traefik.http.routers.http-catchall.entrypoints: "web"
66 | traefik.http.routers.http-catchall.middlewares: "wwwtohttps"
67 |
68 | # Global redirection: https (www.) to https
69 | traefik.http.routers.wwwsecure-catchall.rule: "HostRegexp(`{host:(www.).+}`)"
70 | traefik.http.routers.wwwsecure-catchall.entrypoints: "websecure"
71 | traefik.http.routers.wwwsecure-catchall.tls: "true"
72 | traefik.http.routers.wwwsecure-catchall.middlewares: "wwwtohttps"
73 |
74 | # middleware: http(s)://(www.) to https://
75 | traefik.http.middlewares.wwwtohttps.redirectregex.regex: "^https?:\/\/(?:www.)?(.+)"
76 | traefik.http.middlewares.wwwtohttps.redirectregex.replacement: "https://$${1}"
77 | traefik.http.middlewares.wwwtohttps.redirectregex.permanent: "true"
78 |
79 | networks:
80 | - name: proxy
81 |
82 | # code: language=ansible
83 |
--------------------------------------------------------------------------------
/roles/watchtower/LICENSE:
--------------------------------------------------------------------------------
1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2
2 | EUPL © the European Union 2007, 2016
3 |
4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the
5 | terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such
6 | use is covered by a right of the copyright holder of the Work).
7 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following
8 | notice immediately following the copyright notice for the Work:
9 | Licensed under the EUPL
10 | or has expressed by any other means his willingness to license under the EUPL.
11 |
12 | 1.Definitions
13 | In this Licence, the following terms have the following meaning:
14 | — ‘The Licence’:this Licence.
15 | — ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available
16 | as Source Code and also as Executable Code as the case may be.
17 | — ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or
18 | modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work
19 | required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in
20 | the country mentioned in Article 15.
21 | — ‘The Work’:the Original Work or its Derivative Works.
22 | — ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and
23 | modify.
24 | — ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by
25 | a computer as a program.
26 | — ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence.
27 | — ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to
28 | the creation of a Derivative Work.
29 | — ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the
30 | Licence.
31 | — ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating,
32 | transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential
33 | functionalities at the disposal of any other natural or legal person.
34 |
35 | 2.Scope of the rights granted by the Licence
36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for
37 | the duration of copyright vested in the Original Work:
38 | — use the Work in any circumstance and for all usage,
39 | — reproduce the Work,
40 | — modify the Work, and make Derivative Works based upon the Work,
41 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public
42 | and perform publicly, as the case may be, the Work,
43 | — distribute the Work or copies thereof,
44 | — lend and rent the Work or copies thereof,
45 | — sublicense rights in the Work or copies thereof.
46 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the
47 | applicable law permits so.
48 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed
49 | by law in order to make effective the licence of the economic rights here above listed.
50 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the
51 | extent necessary to make use of the rights granted on the Work under this Licence.
52 |
53 | 3.Communication of the Source Code
54 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as
55 | Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with
56 | each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to
57 | the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to
58 | distribute or communicate the Work.
59 |
60 | 4.Limitations on copyright
61 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the
62 | exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations
63 | thereto.
64 |
65 | 5.Obligations of the Licensee
66 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those
67 | obligations are the following:
68 |
69 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to
70 | the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the
71 | Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work
72 | to carry prominent notices stating that the Work has been modified and the date of modification.
73 |
74 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this
75 | Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless
76 | the Original Work is expressly distributed only under this version of the Licence — for example by communicating
77 | ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the
78 | Work or Derivative Work that alter or restrict the terms of the Licence.
79 |
80 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both
81 | the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done
82 | under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed
83 | in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with
84 | his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail.
85 |
86 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide
87 | a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available
88 | for as long as the Licensee continues to distribute or communicate the Work.
89 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names
90 | of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
91 | reproducing the content of the copyright notice.
92 |
93 | 6.Chain of Authorship
94 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or
95 | licensed to him/her and that he/she has the power and authority to grant the Licence.
96 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or
97 | licensed to him/her and that he/she has the power and authority to grant the Licence.
98 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions
99 | to the Work, under the terms of this Licence.
100 |
101 | 7.Disclaimer of Warranty
102 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work
103 | and may therefore contain defects or ‘bugs’ inherent to this type of development.
104 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind
105 | concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or
106 | errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this
107 | Licence.
108 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work.
109 |
110 | 8.Disclaimer of Liability
111 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be
112 | liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the
113 | Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss
114 | of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However,
115 | the Licensor will be liable under statutory product liability laws as far such laws apply to the Work.
116 |
117 | 9.Additional agreements
118 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services
119 | consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole
120 | responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify,
121 | defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by
122 | the fact You have accepted any warranty or additional liability.
123 |
124 | 10.Acceptance of the Licence
125 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window
126 | displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of
127 | applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms
128 | and conditions.
129 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You
130 | by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution
131 | or Communication by You of the Work or copies thereof.
132 |
133 | 11.Information to the public
134 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example,
135 | by offering to download the Work from a remote location) the distribution channel or media (for example, a website)
136 | must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence
137 | and the way it may be accessible, concluded, stored and reproduced by the Licensee.
138 |
139 | 12.Termination of the Licence
140 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms
141 | of the Licence.
142 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under
143 | the Licence, provided such persons remain in full compliance with the Licence.
144 |
145 | 13.Miscellaneous
146 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the
147 | Work.
148 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or
149 | enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid
150 | and enforceable.
151 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of
152 | the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence.
153 | New versions of the Licence will be published with a unique version number.
154 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take
155 | advantage of the linguistic version of their choice.
156 |
157 | 14.Jurisdiction
158 | Without prejudice to specific agreement between parties,
159 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions,
160 | bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice
161 | of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union,
162 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to
163 | the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business.
164 |
165 | 15.Applicable Law
166 | Without prejudice to specific agreement between parties,
167 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat,
168 | resides or has his registered office,
169 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside
170 | a European Union Member State.
171 |
172 |
173 | Appendix
174 |
175 | ‘Compatible Licences’ according to Article 5 EUPL are:
176 | — GNU General Public License (GPL) v. 2, v. 3
177 | — GNU Affero General Public License (AGPL) v. 3
178 | — Open Software License (OSL) v. 2.1, v. 3.0
179 | — Eclipse Public License (EPL) v. 1.0
180 | — CeCILL v. 2.0, v. 2.1
181 | — Mozilla Public Licence (MPL) v. 2
182 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3
183 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software
184 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2
185 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+).
186 |
187 | The European Commission may update this Appendix to later versions of the above licences without producing
188 | a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
189 | covered Source Code from exclusive appropriation.
190 | All other changes or additions to this Appendix require the production of a new EUPL version.
191 |
--------------------------------------------------------------------------------
/roles/watchtower/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Start watchtower
4 | community.docker.docker_container:
5 | name: watchtower
6 | image: "containrrr/watchtower"
7 | restart_policy: "unless-stopped"
8 | volumes:
9 | - "/var/run/docker.sock:/var/run/docker.sock"
10 |
11 | # code: language=ansible
12 |
--------------------------------------------------------------------------------
/roles/wazuh/README.md:
--------------------------------------------------------------------------------
1 | # Wazuh
2 |
3 | > Helps to monitor security events
4 |
5 | ## Usage
6 |
7 | Please refer to the official [Wazuh documentation](https://documentation.wazuh.com/current/deployment-options/docker/index.html) when setting up for the first time.
8 |
9 | If you plan to run Wazuh with Traefik as reverse proxy, you can apply the following patch to the Wazuh Docker single-node deployment.
10 |
11 | ```bach
12 | git apply docker-compose.yml.diff
13 | ```
14 |
15 | Remark: We set a static IP address to our Wazuh Manager container to reliably connect our agent (that usually runs on our host) to monitor events.
--------------------------------------------------------------------------------
/vars/macos.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dodger_dir: /Users/macau/dodger/docker
3 |
4 | dodger_user: macau
5 | dodger_group: wheel
--------------------------------------------------------------------------------
/vars/users.yml:
--------------------------------------------------------------------------------
1 | users:
2 | - username: root
3 | shell: /bin/bash
4 | oh_my_zsh:
5 | install: false
6 | - username: mrx8
7 | fullname: mrx8
8 | group: sudo
9 | key: "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAE9iXedWMkgEeMUd69tcZSe0E03TFZbd2Gno7k1KT5UvwGv8XjDVJGGjiVrCtIj9aFPZRE/T0oiE9s3f6Bsv9se6gB3ifSuvutr94/QM/WVj9JF/av474bsBUNYNUe4vX8hIqXk/WFnofE4RQEmq6/IkWEiRCjRi/414vNLn7UGQJzvyg== stefan@smachmeier-macbook.fritz.box"
10 | shell: /bin/bash
11 | oh_my_zsh:
12 | install: false
13 |
--------------------------------------------------------------------------------