Docker Services Catalog

This role includes various services that run on a Docker Swarm, with each service using its own set of networks. All data is stored persistently by bind-mounting it into the containers, enabling the use of shared storage like NFS or GlusterFS.

The catalog currently features:

• Drone: A CI/CD controller with agents (GitHub)
• Drawio: Free self-hosted software for creating diagrams like flowcharts, process diagrams, and more.
• Gitea: Git server built with Go and a web interface (GitHub)
• Portainer: Interface for managing Docker (GitHub)
• AWX: Upstream version of Ansible Tower (GitHub)
• Traefik: Reverse proxy integrated with Docker (GitHub)
• Docker registry: Local storage for Docker images
• Janitor: A Docker that periodically cleans up unused and outdated items
• Mediawiki: The wiki engine used by Wikipedia
• DB_backup: A Docker that regularly tells mariadb containers to save their databases to shared storage
• Kanboard: A Kanban board with a web interface
• Factorio Server: A game for managing an automated factory
• Minecraft Server: A game for building and fighting dragons
• Teamspeak Server: VOIP server
• Rocket Chat: A self-hosted alternative to Slack
• PeerTube: A free, decentralized video platform
• VaultWarden: A free alternative server for the Bitwarden password manager

Some essential services must be provisioned, as they are required by most other services:

• Portainer
• Janitor
• Traefik

Deployment

To use the services in this catalog, follow these steps:

• Install the community.docker collection on your Ansible controller.
• Install Docker (Tip: Use Jeff Geerlings' Docker role).
• Create the {{ docker_data_dir }}, ideally on shared storage.
• Copy defaults/main.yml and configure it.
• Run the role with a playbook like this:

---
- hosts: 'docker'
  roles:
    - 'docker_services'

Accessing Services

After setting everything up, you can access the services using the following format:

https://{{ service_app_name }}.{{ traefik_domain }}

For example: https://portainer.dckr.example.com

Additional Actions

Some services need extra steps before they work. Here are the instructions for those services.

MediaWiki

Make sure to create a local copy of LocalSettings.php in {{ docker_data_dir }}/mediawiki_data. This file will be mounted inside the container. The playbook checks for its presence but does not modify its content.

DB Backup

This service will back up any containers with names ending in mariadb. It creates a backup.sql file in {{ docker_data_dir }}/{{ app_name }}_db and will overwrite it each time.

PeerTube

If you place another reverse proxy in front of the Docker host, ensure you set extra headers. Here's a sample NginX configuration:

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name peertube.example.com;
   ssl_certificate /etc/ssl/peertube.example.com_fullchain.cer;
   ssl_certificate_key /etc/ssl/peertube.example.com.key;

   location / {
      proxy_pass https://peertube.int.example.com;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Upgrade $http_upgrade;
   }
}

Matomo

Setting up Matomo for the first time can be a bit tricky. It needs a persistent config.ini.php file to work after reboots. You can't leave this file empty or incomplete.

Here's how to deploy it successfully:

• Deploy Matomo using the matomo_setup task list.
• Access the Docker container to retrieve the configuration:

docker exec -it containerid /bin/bash
cat /var/www/html/config/config.ini.php
# Save the contents of this file in {{ docker_data_dir }}/matomo_data/config.ini.php

• Then, deploy Matomo using the regular matomo task list.