Project to manage my services. https://viyurz.fr
Find a file
Viyurz 06a963ed38
Synapse: Change PostgreSQL datadir chmod from 770 to 700.
PostgreSQL datadir permissions are changed to 700 by the container.
Set to 700 from the start to stop the task displaying "changed"
everytime the synaspe role is run.
2024-03-17 14:50:22 +01:00
playbooks Move nftables to its own playbook. 2024-03-02 12:03:14 +01:00
roles Synapse: Change PostgreSQL datadir chmod from 770 to 700. 2024-03-17 14:50:22 +01:00
.gitignore The Great Ansible Update. 2024-02-17 19:01:04 +01:00
ansible-playbook-selector.sh The Great Ansible Update. 2024-02-17 19:01:04 +01:00
ansible.cfg The Great Ansible Update. 2024-02-17 19:01:04 +01:00
env.yml Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00
README.md Add Stalwart mailserver. 2024-03-16 13:49:47 +01:00
secrets.yml.example Add email support for Matrix/Synapse. 2024-03-16 20:34:38 +01:00

vps

This repository contains all the files I use to manage services hosted on viyurz.fr.

Requirements

Ansible

Install Ansible:

sudo apt install -y ansible

SSL certificates

Install Certbot:

sudo apt install -y certbot python3-certbot-dns-ovh python3-certbot-nginx

Request certificates:

# For the NGINX reverse proxy
sudo certbot certonly --nginx -d viyurz.fr,*.viyurz.fr

# For Coturn
bash <(wget -q -O - https://github.com/zerossl/zerossl-bot/raw/master/get-zerosslbot.sh)
sudo zerossl-bot certonly --nginx -m viyurz@viyurz.fr -d turn.viyurz.fr

# For the mailserver
sudo certbot certonly --nginx -d mail.viyurz.fr

Secrets

Copy the existing secrets.yml.example to secrets.yml, run ansible-vault encrypt secrets.yml to encrypt the file with a password, and finally edit the newly encrypted file with ansible-vault edit secrets.yml.

If you want to change the vault password run ansible-vault rekey secrets.yml.

Backups

Run the backup-services.yml playbook once to setup the passphrase file.

After that, you can create a root cronjob to run this playbook without requiring interactivity:

0 4 * * * export ANSIBLE_ROLES_PATH=/home/viyurz/vps/roles/; /usr/bin/ansible-playbook /home/viyurz/vps/playbooks/backup-services.yml -e include_secrets=false -e selected_projects=''

Here we leave selected_projects empty to backup all projects.

Mailserver

When starting the container for the first time, run the initial setup:

docker exec -it mailserver /bin/sh /usr/local/bin/configure.sh

After that you need to tell Stalwart where the SSL certificate files are in:

/opt/stalwart-mail/etc/common/tls.toml

[certificate."default"]
cert = "file:///etc/fullchain.pem"
private-key = "file:///etc/privkey.pem"

And configure the user Stalwart will run as:

/opt/stalwart-mail/etc/common/server.toml

[server.run-as]
user = "mail"
group = "mail"

Then follow the end of the Official Installation Guide.