updated config

2025-07-20 19:55:49 +02:00 · 2025-07-20 19:55:49 +02:00 · 8db5309048
commit 8db5309048
parent 1fb6c3d60a
3 changed files with 130 additions and 3 deletions
--- a/playbooks/lehmann-webserver.yml
+++ b/playbooks/lehmann-webserver.yml
@ -0,0 +1,99 @@
+#
+#
+# Automated webserver installation with plesk for captica Webservers
+#
+# Project: playbooks
+# Author: Marc Böhm <marc.boehm@captica.de>
+# License: MIT License (see LICENSE.md)
+#
+# Copyright (c) captica GmbH est. 2021
+#
+- hosts: "srvleh01web01"
+  vars:
+    hostname: leh01
+    tools_install_users:
+      - root
+      - ansible
+    ssh_pubkeys_root:
+      - "../files/ssh/root.pub"
+    ssh_pubkeys_ansible:
+      - "../files/ssh/ansible.pub"
+    bitwarden_version: 2025.7.0
+    bitwarden_url: https://vault.captica.de
+    bitwarden_domain: vault.captica.de
+    bitwarden_admins: marc.boehm@captica.de
+    bitwarden_reply_to_mail: no-reply@vault.captica.de
+    bitwarden_smtp_host: captica.de
+    bitwarden_smtp_port: 465
+    rclone_version: "1.65.0"
+    rclone_configs:
+      - name: strato-captica
+        entries:
+          type: s3
+          provider: Other
+          env_auth: false
+          access_key_id: "{{ rclone_hidrive_access_key_id }}"
+          secret_access_key: "{{ rclone_hidrive_access_key_secret }}"
+          region: eu-central-1
+          endpoint: https://s3.hidrive.strato.com
+          acl: private
+      - name: backup-captica
+        entries:
+          type: crypt
+          remote: strato-captica:backup-srvweb01
+          filename_encryption: standard
+          directory_name_encryption: true
+          password: "{{ rclone_backup_password }}"
+          password2: "{{ rclone_backup_password2 }}"
+    rclone_sync_cronjobs:
+      - name: backup-nextcloud
+        source: /datapool/docker-nextcloud/nextcloud
+        target: backup-lehmann:nextcloud
+        cron:
+          minute: '0'
+          hour: '6'
+          day: '*/5'
+        disabled: false
+      - name: backup-frigate-nvr
+        source: /rpool/vmpool/frigate-nvr
+        target: backup-lehmann:frigate-nvr
+        cron:
+          minute: '0'
+          hour: '2'
+          day: '*/5'
+        disabled: false      
+      - name: backup-gitea
+        source: /datapool/subvol-107-disk-0
+        target: backup-lehmann:gitea
+        cron:
+          minute: '30'
+          hour: '2'
+          day: '*/5'
+        disabled: false      
+      - name: backup-nginx-proxy-manager
+        source: /datapool/docker-nginx-proxy-manager
+        target: backup-lehmann:nginx-proxy-manager
+        cron:
+          minute: '30'
+          hour: '5'
+          day: '*/5'
+        disabled: false
+      - name: backup-harvester-data
+        source: /datapool/subvol-1035-disk-1
+        target: backup-lehmann:harvester-data
+        cron:
+          minute: '45'
+          hour: '5'
+          day: '*/5'
+        disabled: false
+  roles:
+    - linux-base-install
+    - zsh
+    - vim
+    - fzf
+    - linux-docker
+    - rclone
+    - plesk
+    - nextcloud-hpb
+    - wireguard
+    - bitwarden
--- a/requirements.yml
+++ b/requirements.yml
@ -59,11 +59,18 @@ roles:
    src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.open-webui.git
    scm: git
    version: main
+  
  - name: n8n
    src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.n8n.git
    scm: git
    version: main

+  - name: photoprism
+    src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.photoprism
+    scm: git
+    version: main 
+
+
 # Collections requirements
 collections:
  - name: community.general
--- a/templates/nextcloud/docker-compose.yml.j2
+++ b/templates/nextcloud/docker-compose.yml.j2
@ -1,6 +1,6 @@
 services:
  db:
-    image: postgres:14    
+    image: postgres:17    
    restart: always
    volumes:
      - {{ service_directory }}/data/db:/var/lib/postgresql/data
@ -62,8 +62,27 @@ services:
      - db
      - redis

+  documentserver:
+    image: onlyoffice/documentserver
+    restart: always
+    environment:
+      - TZ
+      - JWT_SECRET
+    volumes:
+      - /opt/nextcloud/data/onlyoffice/data:/var/www/onlyoffice/Data
+      - /opt/nextcloud/data/onlyoffice/db:/var/lib/postgresql
+      - /opt/nextcloud/data/onlyoffice/fonts:/usr/share/fonts/truetype/custom
+      - /opt/nextcloud/data/onlyoffice/log:/var/log/onlyoffice
+      - /opt/nextcloud/data/onlyoffice/app:/var/lib/onlyoffice
+      - /opt/nextcloud/data/onlyoffice/rabbitmq:/var/lib/rabbitmq
+      - /opt/nextcloud/data/onlyoffice/redis:/var/lib/redis
+    ports:
+      - 127.0.0.1:10081:80      
+    networks:
+      default:
+
  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.1
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.18.2
    container_name: elasticsearch
    restart: always
    volumes:
@ -115,6 +134,8 @@ services:
    networks:
      default:

+  
+
 networks:
  default:
    ipam: