Rename role for intersect docker applications

ansible/roles/intersect-docker/files/calibre/docker-compose.yml

@@ -0,0 +1,18 @@
+version: "2.3"
+services:
+  calibre:
+    image: linuxserver/calibre-web:0.6.6-ls58
+    container_name: calibre
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    restart: unless-stopped
+    volumes:
+      - ./config:/config
+      - /srv/nextcloud-data/data/jake/files/EBooks:/books:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`)"
+      - "traefik.http.routers.calibre.tls=true"
+      - "traefik.http.routers.calibre.tls.certresolver=le"

ansible/roles/intersect-docker/files/duplicati/docker-compose.yml

@@ -0,0 +1,22 @@
+version: "2.3"
+services:
+  duplicati:
+    image: linuxserver/duplicati:v2.0.5.1-2.0.5.1_beta_2020-01-18-ls56
+    container_name: duplicati
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    volumes:
+      - ./config:/config
+      - ./backups:/backups
+      - /srv/nextcloud-data/data/:/source/nextcloud:ro
+      - /opt/gitea/repos/repositories:/source/repositories:ro
+      - /scratch/db-backups:/source/db-backups:ro
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.duplicati.rule=Host(`duplicati.jakehoward.tech`)"
+      - "traefik.http.routers.duplicati.tls=true"
+      - "traefik.http.routers.duplicati.tls.certresolver=le"
+      - "traefik.http.routers.duplicati.middlewares=internal-only@file"

ansible/roles/intersect-docker/files/emby/docker-compose.yml

@@ -0,0 +1,22 @@
+version: "2.3"
+
+services:
+  emby:
+    image: linuxserver/emby:4.4.2.0-ls41
+    container_name: emby
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    volumes:
+      - ./config:/config
+      - /mnt/media/TV:/mnt/TV
+      - /mnt/media/Movies:/mnt/Movies
+    ports:
+      - 8096:8096
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.emby.rule=Host(`media.jakehoward.tech`)"
+      - "traefik.http.routers.emby.tls=true"
+      - "traefik.http.routers.emby.tls.certresolver=le"

ansible/roles/intersect-docker/files/folding-at-home/docker-compose.yml

@@ -0,0 +1,17 @@
+version: "2.3"
+
+services:
+  folding-at-home:
+    image: linuxserver/foldingathome:latest
+    container_name: folding-at-home
+    cpus: 1.5
+    environment:
+      - TZ=Europe/London
+      - PUID={{ docker_user.id }}
+      - GUID={{ docker_user.id }}
+    volumes:
+      - ./config:/config
+    ports:
+      - 7396:7396
+      - 36330:36330
+    restart: unless-stopped

ansible/roles/intersect-docker/files/gitea/app.ini

@@ -0,0 +1,98 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+SSH_DOMAIN       = git.0rng.one
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.0rng.one/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 3022
+START_SSH_SERVER = true
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = /data/git/lfs
+DOMAIN           = git.0rng.one
+LFS_JWT_SECRET   = {{ gitea.lfs_jwt_secret }}
+OFFLINE_MODE     = false
+LANDING_PAGE     = explore
+ENABLE_GZIP      = true
+
+[ui]
+DEFAULT_THEME    = arc-green
+THEMES           = gitea,arc-green
+
+[database]
+DB_TYPE  = postgres
+HOST     = db:5432
+NAME     = gitea
+USER     = gitea
+PASSWD   = gitea
+SSL_MODE = disable
+CHARSET  = utf8
+LOG_SQL  = false
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER        = file
+COOKIE_NAME     = session
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR              = false
+ENABLE_FEDERATED_AVATAR       = true
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+MODE      = file
+LEVEL     = info
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ gitea.secret_key }}
+INTERNAL_TOKEN = {{ gitea.internal_token }}
+COOKIE_USERNAME = gitea_username
+COOKIE_REMEMBER_NAME = gitea_remember
+
+[service]
+DISABLE_REGISTRATION              = true
+REQUIRE_SIGNIN_VIEW               = false
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.example.org
+
+[oauth2]
+JWT_SECRET = {{ gitea.jwt_secret }}
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cache]
+ADAPTER         = memory
+INTERVAL        = 60

ansible/roles/intersect-docker/files/gitea/docker-compose.yml

@@ -0,0 +1,47 @@
+version: "2.3"
+
+services:
+  gitea:
+    image: gitea/gitea:1.11.4
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID={{ docker_user.id }}
+      - USER_GID={{ docker_user.id }}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=(Host(`git.theorangeone.net`) || Host(`git.0rng.one`))"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=le"
+      - "traefik.http.services.gitea-gitea.loadbalancer.server.port=3000"
+    ports:
+      - "{{ wireguard.clients.intersect.ip }}:3022:3022"
+    volumes:
+      - ./gitea:/data
+      - ./repos:/data/git
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_USER=gitea
+
+  db-backups:
+    image: prodrigestivill/postgres-backup-local:12-alpine
+    restart: unless-stopped
+    volumes:
+      - /scratch/db-backups:/backups
+    depends_on:
+      - db
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_PASSWORD=gitea
+      - POSTGRES_USER=gitea
+      - POSTGRES_DB=gitea
+      - BACKUP_KEEP_MONTHS=1
+      - BACKUP_KEEP_WEEKS=1

ansible/roles/intersect-docker/files/gotify/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "2.3"
+services:
+  duplicati:
+    image: gotify/server:2.0.14
+    container_name: gotify
+    environment:
+      - TZ=Europe/London
+    volumes:
+      - ./data:/app/data
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gotify.rule=Host(`gotify.jakehoward.tech`)"
+      - "traefik.http.routers.gotify.tls=true"
+      - "traefik.http.routers.gotify.tls.certresolver=le"

ansible/roles/intersect-docker/files/librespeed/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "2.3"
+services:
+  librespeed:
+    image: linuxserver/librespeed:5.2-ls11
+    container_name: librespeed
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)"
+      - "traefik.http.routers.librespeed.tls=true"
+      - "traefik.http.routers.librespeed.tls.certresolver=le"
+      - "traefik.http.routers.librespeed.middlewares=internal-only@file"

ansible/roles/intersect-docker/files/nextcloud/config.php

@@ -0,0 +1,39 @@
+<?php
+$CONFIG = array (
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  'memcache.distributed' => '\\OC\\Memcache\\Redis',
+  'filelocking.enabled' => true,
+  'redis' =>
+  array (
+    'host' => 'redis',
+    'port' => 6379,
+    'timeout' => 0.0,
+  ),
+  'datadirectory' => '/data',
+  'instanceid' => '{{ nextcloud.instance_id }}',
+  'passwordsalt' => '{{ nextcloud.passwordsalt }}',
+  'secret' => '{{ nextcloud.secret }}',
+  'trusted_domains' =>
+  array (
+    0 => 'intersect.jakehoward.tech',
+  ),
+  'dbtype' => 'pgsql',
+  'version' => '18.0.4.2',
+  'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
+  'dbname' => 'nextcloud',
+  'dbhost' => 'db',
+  'dbport' => '5432',
+  'dbtableprefix' => 'oc_',
+  'mysql.utf8mb4' => true,
+  'dbuser' => 'nextcloud',
+  'dbpassword' => 'nextcloud',
+  'installed' => true,
+  'trusted_proxies' =>
+  array (
+    0 => '10.23.0.1/24',
+  ),
+  'maintenance' => false,
+  'theme' => '',
+  'loglevel' => 2,
+);

ansible/roles/intersect-docker/files/nextcloud/default.conf

@@ -0,0 +1,89 @@
+upstream php-handler {
+    server 127.0.0.1:9000;
+}
+#server {
+#    listen 80;
+#    listen [::]:80;
+#    server_name _;
+#    return 301 https://$host$request_uri;
+#}
+server {
+    #listen 443 ssl http2;
+    #listen [::]:443 ssl http2;
+    listen 80;
+    server_name _;
+    #ssl_certificate /config/keys/cert.crt;
+    #ssl_certificate_key /config/keys/cert.key;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy no-referrer;
+    add_header Strict-Transport-Security "max-age=15768000;";
+    fastcgi_hide_header X-Powered-By;
+    root /config/www/nextcloud/;
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+    location = /.well-known/carddav {
+      return 301 https://$host/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 https://$host/remote.php/dav;
+    }
+    client_max_body_size 10G;
+    fastcgi_buffers 64 4K;
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+    location / {
+        rewrite ^ /index.php;
+    }
+    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+        deny all;
+    }
+    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        try_files $fastcgi_script_name =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param HTTPS on;
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|ocs-provider|ocm-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
+        access_log off;
+    }
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+        try_files $uri /index.php$request_uri;
+        access_log off;
+    }
+}

ansible/roles/intersect-docker/files/nextcloud/docker-compose.yml

@@ -0,0 +1,70 @@
+version: "2.3"
+
+services:
+  nextcloud:
+    image: linuxserver/nextcloud:18.0.4-ls76
+    container_name: nextcloud
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    volumes:
+      - ./nextcloud/config:/config/www/nextcloud/config
+      - ./nextcloud/apps:/config/www/nextcloud/apps
+      - ./nextcloud/nginx-default.conf:/config/nginx/site-confs/default
+      - /srv/nextcloud-data/data:/data
+      - /opt/gitea/repos:/repos:ro
+      - /mnt/media:/content:ro
+    restart: unless-stopped
+    tmpfs:
+      - /config/log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`)"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=le"
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=nextcloud
+      - POSTGRES_USER=nextcloud
+
+  db-backups:
+    image: prodrigestivill/postgres-backup-local:12-alpine
+    restart: unless-stopped
+    volumes:
+      - /scratch/db-backups:/backups
+    depends_on:
+      - db
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_PASSWORD=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_DB=nextcloud
+      - BACKUP_KEEP_MONTHS=1
+      - BACKUP_KEEP_WEEKS=1
+
+  redis:
+    image: redis:5-alpine
+    restart: unless-stopped
+    volumes:
+      - ./redis:/data
+
+  onlyoffice:
+    image: onlyoffice/documentserver
+    container_name: onlyoffice
+    restart: unless-stopped
+    environment:
+      - JWT_ENABLED=true
+      - JWT_SECRET={{ nextcloud.onlyoffice_jwt_secret }}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.jakehoward.tech`)"
+      - "traefik.http.routers.onlyoffice.tls=true"
+      - "traefik.http.routers.onlyoffice.tls.certresolver=le"
+      - "traefik.http.routers.onlyoffice.middlewares=oo-header"
+      - "traefik.http.middlewares.oo-header.headers.customRequestHeaders.X-Forwarded-Proto=https"

ansible/roles/intersect-docker/files/pihole/dnsmasq-vpn.conf

@@ -0,0 +1,5 @@
+localise-queries
+
+{% for host in internal_hostnames %}
+host-record={{ host }},{{ wireguard.clients.intersect.ip }}
+{% endfor %}

ansible/roles/intersect-docker/files/pihole/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "2.3"
+
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:v4.4
+    ports:
+      - "{{ wireguard.clients.intersect.ip }}:53:53/tcp"
+      - "{{ wireguard.clients.intersect.ip }}:53:53/udp"
+    environment:
+      - TZ=Europe/London
+      - VIRTUAL_HOST=pihole.jakehoward.tech
+    volumes:
+      - ./pihole/:/etc/pihole/
+      - ./dnsmasq.d/:/etc/dnsmasq.d/
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pihole.rule=Host(`pihole.jakehoward.tech`)"
+      - "traefik.http.routers.pihole.tls=true"
+      - "traefik.http.routers.pihole.tls.certresolver=le"
+      - "traefik.http.routers.pihole.middlewares=internal-only@file"
+      - "traefik.http.services.pihole-pihole.loadbalancer.server.port=80"

ansible/roles/intersect-docker/files/quassel/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "2.3"
+services:
+  quassel-core:
+    image: linuxserver/quassel-core:0.13.1-ls50
+    container_name: quassel
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+      - DB_BACKEND=PostgreSQL
+      - DB_PGSQL_USERNAME=quassel
+      - DB_PGSQL_PASSWORD=quassel
+      - DB_PGSQL_HOSTNAME=db
+      - DB_PGSQL_PORT=5432
+      - AUTH_AUTHENTICATOR=Database
+      - RUN_OPTS=--config-from-environment
+    restart: unless-stopped
+    depends_on:
+      - db
+    ports:
+      - "{{ wireguard.clients.intersect.ip }}:4242:4242"
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=quassel
+      - POSTGRES_PASSWORD=quassel
+    volumes:
+      - ./postgresql:/var/lib/postgresql/data
+
+  tor-socks-proxy:
+    image: peterdavehello/tor-socks-proxy:latest
+    restart: unless-stopped

ansible/roles/intersect-docker/files/statping/docker-compose.yml

@@ -0,0 +1,38 @@
+version: "2.3"
+
+services:
+  statping:
+    image: hunterlong/statping:v0.80.70
+    container_name: statping
+    restart: unless-stopped
+    volumes:
+      - ./statping:/app
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.statping.rule=Host(`stats.theorangeone.net`)"
+      - "traefik.http.routers.statping.tls=true"
+      - "traefik.http.routers.statping.tls.certresolver=le"
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=statping
+      - POSTGRES_USER=statping
+
+  db-backups:
+    image: prodrigestivill/postgres-backup-local:12-alpine
+    restart: unless-stopped
+    volumes:
+      - /scratch/db-backups:/backups
+    depends_on:
+      - db
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_PASSWORD=statping
+      - POSTGRES_USER=statping
+      - POSTGRES_DB=statping
+      - BACKUP_KEEP_MONTHS=1
+      - BACKUP_KEEP_WEEKS=1

ansible/roles/intersect-docker/files/synapse/docker-compose.yml

@@ -0,0 +1,33 @@
+version: "2.3"
+
+services:
+
+  synapse:
+    image: matrixdotorg/synapse:v1.12.4
+    restart: unless-stopped
+    environment:
+      - SYNAPSE_CONFIG_PATH=/etc/homeserver.yaml
+      - SYNAPSE_REPORT_STATS=yes
+      - UID=0
+      - GID=0
+    volumes:
+      - ./homeserver.yaml:/etc/homeserver.yaml
+      - ./files:/data
+    expose:
+      - 8008
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`)"
+      - "traefik.http.routers.synapse.tls=true"
+      - "traefik.http.routers.synapse.tls.certresolver=le"
+      - "traefik.http.routers.synapse.entrypoints=web-secure,matrix"
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=synapse
+      - POSTGRES_PASSWORD=synapse
+    volumes:
+      - ./postgresql:/var/lib/postgresql/data
+      - ./synapse_scripts:/opt/synapse_scripts:ro

ansible/roles/intersect-docker/files/theorangeone.net/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "2.3"
+services:
+  website:
+    image: docker.pkg.github.com/realorangeone/theorangeone.net/theorangeone.net:latest
+    container_name: theorangeone.net
+    environment:
+      - TZ=Europe/London
+    restart: unless-stopped
+    volumes:
+      - ./access.log:/var/log/nginx/access.log
+      - ./report.html:/usr/share/nginx/html/stats/index.html:ro
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.website.rule=Host(`theorangeone.net`) || Host(`www.theorangeone.net`)"
+      - "traefik.http.routers.website.tls=true"
+      - "traefik.http.routers.website.tls.certresolver=le"
+
+  stats:
+    image: theorangeone/goaccess-static:latest
+    restart: unless-stopped
+    volumes:
+      - ./report.html:/var/www/goaccess/report.html
+      - ./access.log:/goaccess/access.log:ro

ansible/roles/intersect-docker/files/todoist-github/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "2.3"
+
+services:
+  todoist-github:
+    image: theorangeone/todoist-github:latest
+    container_name: todoist-github
+    restart: unless-stopped
+    command: python3 -m todoist_github --interval 900
+    environment:
+      - TODOIST_TOKEN={{ todoist_github.todoist_token }}
+      - GITHUB_TOKEN={{ todoist_github.github_token }}

ansible/roles/intersect-docker/files/torrent/docker-compose.yml

@@ -0,0 +1,26 @@
+version: "2.3"
+services:
+  deluge:
+    image: linuxserver/deluge:2.0.3-2201906121747ubuntu18.04.1-ls57
+    container_name: deluge
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+      - DELUGE_LOGLEVEL=debug
+    volumes:
+      - ./deluge:/config
+      - /scratch/deluge:/downloads
+    ports:
+      - 8112:8112
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.deluge.rule=Host(`deluge.jakehoward.tech`)"
+      - "traefik.http.routers.deluge.tls=true"
+      - "traefik.http.routers.deluge.tls.certresolver=le"
+      - "traefik.http.routers.deluge.middlewares=internal-only@file"
+
+  tor-socks-proxy:
+    image: peterdavehello/tor-socks-proxy:latest
+    restart: unless-stopped

ansible/roles/intersect-docker/files/tt-rss/config.php

@@ -0,0 +1,82 @@
+<?php
+  // *******************************************
+  // *** Database configuration (important!) ***
+  // *******************************************
+
+  define('DB_TYPE', 'pgsql');
+  define('DB_HOST', 'db');
+  define('DB_USER', 'tt-rss');
+  define('DB_NAME', 'tt-rss');
+  define('DB_PASS', 'tt-rss');
+  define('DB_PORT', '5432');
+  define('MYSQL_CHARSET', 'UTF8');
+
+  // ***********************************
+  // *** Basic settings (important!) ***
+  // ***********************************
+
+  define('SELF_URL_PATH', 'https://tt-rss.jakehoward.tech/');
+  define('SINGLE_USER_MODE', false);
+  define('SIMPLE_UPDATE_MODE', false);
+
+  // *****************************
+  // *** Files and directories ***
+  // *****************************
+
+  define('PHP_EXECUTABLE', '/usr/bin/php');
+  define('LOCK_DIRECTORY', 'lock');
+  define('CACHE_DIR', 'cache');
+  define('ICONS_DIR', "feed-icons");
+  define('ICONS_URL', "feed-icons");
+
+  // **********************
+  // *** Authentication ***
+  // **********************
+
+  define('AUTH_AUTO_CREATE', true);
+  define('AUTH_AUTO_LOGIN', true);
+
+  // *********************
+  // *** Feed settings ***
+  // *********************
+
+  define('FORCE_ARTICLE_PURGE', 0);
+
+  // ****************************
+  // *** Sphinx search plugin ***
+  // ****************************
+
+  define('SPHINX_SERVER', 'localhost:9312');
+  define('SPHINX_INDEX', 'ttrss, delta');
+
+  // ***********************************
+  // *** Self-registrations by users ***
+  // ***********************************
+
+  define('ENABLE_REGISTRATION', false);
+  define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
+  define('REG_MAX_USERS', 10);
+
+  // **********************************
+  // *** Cookies and login sessions ***
+  // **********************************
+
+  define('SESSION_COOKIE_LIFETIME', 864000);
+
+  // *********************************
+  // *** Email and digest settings ***
+  // *********************************
+
+  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+  define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
+  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+
+  // ************************
+  // *** General settings ***
+  // ************************
+
+  define('CHECK_FOR_UPDATES', false);
+  define('ENABLE_GZIP_OUTPUT', true);
+  define('PLUGINS', 'auth_internal, note');
+  define('LOG_DESTINATION', 'sql');
+  define('CONFIG_VERSION', 26);

ansible/roles/intersect-docker/files/tt-rss/docker-compose.yml

@@ -0,0 +1,42 @@
+version: "2.3"
+
+services:
+  tt-rss:
+    image: lunik1/tt-rss:latest
+    container_name: tt-rss
+    environment:
+      - PUID={{ docker_user.id }}
+      - PGID={{ docker_user.id }}
+      - TZ=Europe/London
+    volumes:
+      - ./config:/config
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`)"
+      - "traefik.http.routers.tt-rss.tls=true"
+      - "traefik.http.routers.tt-rss.tls.certresolver=le"
+
+  db:
+    image: postgres:12-alpine
+    restart: unless-stopped
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=tt-rss
+      - POSTGRES_USER=tt-rss
+
+  db-backups:
+    image: prodrigestivill/postgres-backup-local:12-alpine
+    restart: unless-stopped
+    volumes:
+      - /scratch/db-backups:/backups
+    depends_on:
+      - db
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_PASSWORD=tt-rss
+      - POSTGRES_USER=tt-rss
+      - POSTGRES_DB=tt-rss
+      - BACKUP_KEEP_MONTHS=1
+      - BACKUP_KEEP_WEEKS=1

ansible/roles/intersect-docker/files/wallabag/docker-compose.yml

@@ -0,0 +1,24 @@
+version: "2.3"
+
+services:
+  wallabag:
+    image: wallabag/wallabag:2.3.8
+    container_name: wallabag
+    restart: unless-stopped
+    environment:
+      - SYMFONY__ENV__SECRET={{ wallabag_secret }}
+      - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.jakehoward.tech
+    volumes:
+      - ./data:/var/www/wallabag/data
+      - ./images:/var/www/wallabag/images
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`)"
+      - "traefik.http.routers.wallabag.tls=true"
+      - "traefik.http.routers.wallabag.tls.certresolver=le"
+
+  redis:
+    image: redis:5-alpine
+    restart: unless-stopped
+    volumes:
+      - ./redis:/data

ansible/roles/intersect-docker/files/whoami/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "2.3"
+
+services:
+  whoami:
+    image: containous/whoami:latest
+    container_name: whoami
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)"
+      - "traefik.http.routers.whoami.tls=true"
+      - "traefik.http.routers.whoami.tls.certresolver=le"

ansible/roles/intersect-docker/files/yourls/docker-compose.yml

@@ -0,0 +1,33 @@
+version: "2.3"
+
+services:
+  yourls:
+    image: yourls:1.7.9-apache
+    container_name: yourls
+    restart: unless-stopped
+    depends_on:
+      - mysql
+    environment:
+      - YOURLS_DB_PASS=yourls
+      - YOURLS_DB_USER=yourls
+      - YOURLS_USER=jake
+      - YOURLS_PASS={{ yourls.user_password }}
+      - YOURLS_SITE=https://0rng.one
+    volumes:
+      - ./index.html:/var/www/html/index.html
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.yourls.rule=Host(`go.theorangeone.net`) || Host(`0rng.one`)"
+      - "traefik.http.routers.yourls.tls=true"
+      - "traefik.http.routers.yourls.tls.certresolver=le"
+
+  mysql:
+    image: mariadb:10.4
+    environment:
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=yourls
+      - MYSQL_USER=yourls
+      - MYSQL_PASSWORD=yourls
+    volumes:
+      - ./mariadb:/config
+    restart: unless-stopped

ansible/roles/intersect-docker/files/yourls/index.html

@@ -0,0 +1,8 @@
+<html>
+  <head>
+    <meta http-equiv="refresh" content="0; url=/admin/" />
+  </head>
+  <body>
+    <h1>Redirecting to admin...</h1>
+  </body>
+</html>