From d399d85dee9348cd01d289b6d16a383979a7d840 Mon Sep 17 00:00:00 2001 From: David Rotermund Date: Fri, 12 Apr 2024 02:30:56 +0200 Subject: [PATCH] Add files via upload --- install_ldap_389ds.yaml | 58 +++++++++ install_node_dev_container.yaml | 23 ++++ install_user_controller.yaml | 36 ++++++ useless/install_authentik.yaml | 210 ++++++++++++++++++++++++++++++++ 4 files changed, 327 insertions(+) create mode 100644 install_ldap_389ds.yaml create mode 100644 install_node_dev_container.yaml create mode 100644 install_user_controller.yaml create mode 100644 useless/install_authentik.yaml diff --git a/install_ldap_389ds.yaml b/install_ldap_389ds.yaml new file mode 100644 index 0000000..44841ec --- /dev/null +++ b/install_ldap_389ds.yaml @@ -0,0 +1,58 @@ +--- +- name: install ldap + hosts: all + become: true + + vars: + ldap_pwd: "{{ env_ldap_pw }}" + + tasks: + + - name: install sssd + dnf: + name: "sssd,sssd-client" + state: latest + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: install 389 + dnf: + name: "389-ds-base" + state: latest + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + + - name: set instance.inf + blockinfile: + path: /root/instance.inf + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + [general] + full_machine_name = overleaf.neuro.uni-bremen.de + start = True + strict_host_checking = False + + [slapd] + instance_name = localhost + root_dn = cn=admin + root_password = {{ ldap_pwd }} + port = 389 + secure_port = 636 + self_sign_cert = True + + [backend-userroot] + sample_entries = yes + suffix = dc=overleaf,dc=neuro,dc=uni-bremen,dc=de + +# cd /root ; dscreate from-file instance.inf + +# ldapsearch -x -H ldap://overleaf.neuro.uni-bremen.de -s base -b "" "objectclass=*" \ No newline at end of file diff --git a/install_node_dev_container.yaml b/install_node_dev_container.yaml new file mode 100644 index 0000000..26c8a71 --- /dev/null +++ b/install_node_dev_container.yaml @@ -0,0 +1,23 @@ +--- +- name: install node dev + hosts: all + become: true + + tasks: + + - name: Create a volume + community.docker.docker_volume: + name: node_data + state: present + + - name: Create portainer container + community.docker.docker_container: + name: nodedevcontainer + image: node:current-alpine + state: started + recreate: no + restart_policy: always + command: sleep infinity + + volumes: + - "node_data:/data" diff --git a/install_user_controller.yaml b/install_user_controller.yaml new file mode 100644 index 0000000..4736734 --- /dev/null +++ b/install_user_controller.yaml @@ -0,0 +1,36 @@ +--- + +- name: install overleaf fedora controller + hosts: all + become: true + + tasks: + + - name: Create a volume + community.docker.docker_volume: + name: overleaf_python + state: present + + - name: Create overleaf python container + community.docker.docker_container: + name: overleafpython + image: "python:3.11.9-alpine3.19" + state: started + recreate: no + restart_policy: always + command: sleep infinity + + volumes: + - "overleaf_python:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + + networks: + - name: OverleafNet + + comparisons: + networks: strict + + + + + diff --git a/useless/install_authentik.yaml b/useless/install_authentik.yaml new file mode 100644 index 0000000..96e203c --- /dev/null +++ b/useless/install_authentik.yaml @@ -0,0 +1,210 @@ +--- +- name: install authentik + hosts: all + become: true + vars: + PG_PASS: "{{ PPASS }}" + AUTHENTIK_PASS: "{{ APASS }}" + EMAIL__USERNAME: "{{ EUSER }}" + EMAIL__PASSWORD: "{{ EPASS }}" + + + tasks: + + - name: Create network AuthentikNet + community.docker.docker_network: + name: AuthentikNet + + - name: set smtpd_pre.conf + blockinfile: + path: /root/opensmtpd/smtpd_pre.conf + state: present + create: true + owner: "root" + group: "root" + mode: "0644" + block: | + listen on 0.0.0.0 + listen on :: + + table aliases file:/etc/smtpd/aliases + + queue ttl 4d + bounce warn-interval 1h, 6h, 2d + smtp max-message-size 35M + + table authinfo db:/etc/smtpd/authinfo.db + action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth tls no-verify + match from any for any action default + + - name: Create a volume authentiksmtpd_spool + community.docker.docker_volume: + name: authentiksmtpd_spool + state: present + + - name: Create OpenSMTPd + community.docker.docker_container: + name: authentiksmtpd + image: wodby/opensmtpd + state: started + recreate: no + restart_policy: always + networks: + - name: AuthentikNet + comparisons: + networks: strict + env: + RELAY_HOST: "XXX" + RELAY_PROTO: "smtps" + RELAY_PORT: "XXX" + RELAY_USER: "{{ EMAIL__USERNAME }}" + RELAY_PASSWORD: "{{ EMAIL__PASSWORD }}" + + volumes: + - "/root/opensmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl" + - "authentiksmtpd_spool:/var/spool/smtpd" + + + - name: Create a volume authentik_database + community.docker.docker_volume: + name: authentik_database + state: present + + - name: Create postgresql container + community.docker.docker_container: + name: authentikpostgresql + image: docker.io/library/postgres:12-alpine + state: started + recreate: no + restart_policy: always + volumes: + - authentik_database:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -d authentik -U authentik"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + networks: + - name: AuthentikNet + comparisons: + networks: strict + env: + POSTGRES_PASSWORD: "{{ PG_PASS }}" + POSTGRES_USER: authentik + POSTGRES_DB: authentik + + - name: Create a volume authentik_redis + community.docker.docker_volume: + name: authentik_redis + state: present + + - name: Create redis container + community.docker.docker_container: + name: authentikredis + image: docker.io/library/redis:alpine + state: started + recreate: no + restart_policy: always + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + command: --save 60 1 --loglevel warning + networks: + - name: AuthentikNet + comparisons: + networks: strict + volumes: + - authentik_redis:/data + + - name: Create a volume authentik_media + community.docker.docker_volume: + name: authentik_media + state: present + + - name: Create a volume authentik_custom_templates + community.docker.docker_volume: + name: authentik_custom_templates + state: present + + - name: Create authentikserver container + community.docker.docker_container: + name: authentikserver + image: ghcr.io/goauthentik/server:2024.2.2 + command: server + state: started + recreate: no + restart_policy: always + env: + AUTHENTIK_REDIS__HOST: authentikredis + AUTHENTIK_POSTGRESQL__HOST: authentikpostgresql + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: "{{ PG_PASS }}" + AUTHENTIK_SECRET_KEY: "{{ AUTHENTIK_PASS }}" + AUTHENTIK_EMAIL__HOST: "authentiksmtpd" + AUTHENTIK_EMAIL__PORT: "25" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USE_SSL: "false" + # AUTHENTIK_EMAIL__TIMEOUT: 10 + AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de" + AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + + networks: + - name: AuthentikNet + comparisons: + networks: strict + + volumes: + - authentik_media:/media + - authentik_custom_templates:/templates + ports: + - "10000:9000" + - "10443:9443" + + - name: Create a volume authentik_certs + community.docker.docker_volume: + name: authentik_certs + state: present + + - name: Create authentikworker container + community.docker.docker_container: + name: authentikworker + image: ghcr.io/goauthentik/server:2024.2.2 + command: worker + state: started + recreate: no + restart_policy: always + env: + AUTHENTIK_REDIS__HOST: authentikredis + AUTHENTIK_POSTGRESQL__HOST: authentikpostgresql + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: "{{ PG_PASS }}" + AUTHENTIK_SECRET_KEY: "{{ AUTHENTIK_PASS }}" + AUTHENTIK_EMAIL__HOST: "authentiksmtpd" + AUTHENTIK_EMAIL__PORT: "25" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USE_SSL: "false" + # AUTHENTIK_EMAIL__TIMEOUT: 10 + AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de" + AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + + networks: + - name: AuthentikNet + comparisons: + networks: strict + + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - authentik_media:/media + - authentik_custom_templates:/templates + - authentik_certs:/certs + user: root + + - name: Post install info + debug: + msg: "http://:10443/if/flow/initial-setup/"