Compare commits
19 Commits
gandi-dns
...
renovate/p
| Author | SHA1 | Date | |
|---|---|---|---|
| e5c87e4f1a | |||
| df43e412f3 | |||
| 94b229abd0 | |||
| 4e07e1c8dc | |||
| 3e355e6715 | |||
| 7ff8c46c0c | |||
| 1e25a56cc5 | |||
| 0e5c8104e2 | |||
| 3baf591a46 | |||
| d10e1c7534 | |||
| 3111c69814 | |||
| 3ca2b50307 | |||
| d5a7a61171 | |||
| 25cd394f08 | |||
| b50840a2ee | |||
| cdaa626068 | |||
| 66036cd301 | |||
| 5706a97b4d | |||
| e57f1ea13b |
@ -5,8 +5,11 @@ retry_files_enabled = False
|
|||||||
roles_path = $PWD/galaxy_roles:$PWD/roles
|
roles_path = $PWD/galaxy_roles:$PWD/roles
|
||||||
collections_path = $PWD/galaxy_collections
|
collections_path = $PWD/galaxy_collections
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
become_ask_pass = True
|
|
||||||
interpreter_python = auto_silent
|
interpreter_python = auto_silent
|
||||||
|
|
||||||
|
[privilege_escalation]
|
||||||
|
become = True
|
||||||
|
become_ask_pass = True
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
|||||||
@ -8,4 +8,4 @@ tailscale_port: 41641
|
|||||||
|
|
||||||
tailscale_nodes:
|
tailscale_nodes:
|
||||||
casey:
|
casey:
|
||||||
ip: 100.64.0.1
|
ip: 100.64.0.6
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
private_ip: "{{ ansible_tailscale0.ipv4.address }}"
|
||||||
nginx_https_redirect: true
|
nginx_https_redirect: true
|
||||||
|
|
||||||
certbot_certs:
|
certbot_certs:
|
||||||
|
|||||||
@ -1 +1,2 @@
|
|||||||
|
private_ip: "{{ ansible_tailscale0.ipv4.address }}"
|
||||||
nginx_https_redirect: true
|
nginx_https_redirect: true
|
||||||
|
|||||||
@ -9,12 +9,10 @@
|
|||||||
- hosts: casey
|
- hosts: casey
|
||||||
roles:
|
roles:
|
||||||
- nginx
|
- nginx
|
||||||
- role: geerlingguy.certbot
|
- geerlingguy.certbot
|
||||||
become: true
|
|
||||||
- gateway
|
- gateway
|
||||||
- headscale
|
- headscale
|
||||||
- restic
|
- restic
|
||||||
- artis3n.tailscale
|
|
||||||
- glinet_vpn
|
- glinet_vpn
|
||||||
|
|
||||||
- hosts:
|
- hosts:
|
||||||
@ -25,7 +23,6 @@
|
|||||||
- tang
|
- tang
|
||||||
roles:
|
roles:
|
||||||
- role: geerlingguy.ntp
|
- role: geerlingguy.ntp
|
||||||
become: true
|
|
||||||
vars:
|
vars:
|
||||||
ntp_timezone: "{{ timezone }}"
|
ntp_timezone: "{{ timezone }}"
|
||||||
ntp_manage_config: true
|
ntp_manage_config: true
|
||||||
@ -37,8 +34,7 @@
|
|||||||
- renovate
|
- renovate
|
||||||
- gitea-runner
|
- gitea-runner
|
||||||
roles:
|
roles:
|
||||||
- role: geerlingguy.docker
|
- geerlingguy.docker
|
||||||
become: true
|
|
||||||
- docker_cleanup
|
- docker_cleanup
|
||||||
|
|
||||||
- hosts:
|
- hosts:
|
||||||
@ -53,6 +49,14 @@
|
|||||||
roles:
|
roles:
|
||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- ingress
|
||||||
|
- walker
|
||||||
|
- casey
|
||||||
|
become: false # Forcefully run as current user
|
||||||
|
roles:
|
||||||
|
- artis3n.tailscale
|
||||||
|
|
||||||
- hosts: pve-docker
|
- hosts: pve-docker
|
||||||
roles:
|
roles:
|
||||||
- pve_docker
|
- pve_docker
|
||||||
@ -71,17 +75,13 @@
|
|||||||
roles:
|
roles:
|
||||||
- nginx
|
- nginx
|
||||||
- ingress
|
- ingress
|
||||||
- artis3n.tailscale
|
|
||||||
|
|
||||||
- hosts: pve
|
- hosts: pve
|
||||||
roles:
|
roles:
|
||||||
- role: ironicbadger.proxmox_nag_removal
|
- ironicbadger.proxmox_nag_removal
|
||||||
become: true
|
|
||||||
- zfs
|
- zfs
|
||||||
- role: ironicbadger.snapraid
|
- ironicbadger.snapraid
|
||||||
become: true
|
- prometheus.prometheus.node_exporter
|
||||||
- role: prometheus.prometheus.node_exporter
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- hosts: forrest
|
- hosts: forrest
|
||||||
roles:
|
roles:
|
||||||
@ -98,13 +98,11 @@
|
|||||||
- hosts: walker
|
- hosts: walker
|
||||||
roles:
|
roles:
|
||||||
- nginx
|
- nginx
|
||||||
- role: geerlingguy.certbot
|
- geerlingguy.certbot
|
||||||
become: true
|
|
||||||
- coredns_docker_proxy
|
- coredns_docker_proxy
|
||||||
- plausible
|
- plausible
|
||||||
- restic
|
- restic
|
||||||
- website
|
- website
|
||||||
- artis3n.tailscale
|
|
||||||
- slides
|
- slides
|
||||||
- comentario
|
- comentario
|
||||||
|
|
||||||
@ -128,6 +126,5 @@
|
|||||||
- hosts: tang
|
- hosts: tang
|
||||||
roles:
|
roles:
|
||||||
- adguardhome
|
- adguardhome
|
||||||
- role: prometheus.prometheus.node_exporter
|
- prometheus.prometheus.node_exporter
|
||||||
become: true
|
|
||||||
- restic
|
- restic
|
||||||
|
|||||||
@ -3,11 +3,9 @@
|
|||||||
name: coredns
|
name: coredns
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart systemd-resolved
|
- name: restart systemd-resolved
|
||||||
service:
|
service:
|
||||||
name: systemd-resolved
|
name: systemd-resolved
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install adguardhome
|
- name: Install adguardhome
|
||||||
kewlfft.aur.aur:
|
kewlfft.aur.aur:
|
||||||
name: adguardhome-bin
|
name: adguardhome-bin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Disable resolved stub
|
- name: Disable resolved stub
|
||||||
template:
|
template:
|
||||||
@ -10,7 +9,6 @@
|
|||||||
owner: root
|
owner: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart systemd-resolved
|
notify: restart systemd-resolved
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Use resolved resolv.conf
|
- name: Use resolved resolv.conf
|
||||||
file:
|
file:
|
||||||
@ -18,12 +16,10 @@
|
|||||||
dest: /etc/resolv.conf
|
dest: /etc/resolv.conf
|
||||||
state: link
|
state: link
|
||||||
notify: restart systemd-resolved
|
notify: restart systemd-resolved
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install coredns
|
- name: Install coredns
|
||||||
kewlfft.aur.aur:
|
kewlfft.aur.aur:
|
||||||
name: coredns
|
name: coredns
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install coredns config file
|
- name: Install coredns config file
|
||||||
template:
|
template:
|
||||||
@ -32,4 +28,3 @@
|
|||||||
owner: coredns
|
owner: coredns
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart coredns
|
notify: restart coredns
|
||||||
become: true
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@ x-env: &env
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
server:
|
server:
|
||||||
image: ghcr.io/goauthentik/server:2024.6
|
image: ghcr.io/goauthentik/server:2024.8
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: server
|
command: server
|
||||||
user: "{{ docker_user.id }}"
|
user: "{{ docker_user.id }}"
|
||||||
@ -42,7 +42,7 @@ services:
|
|||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: ghcr.io/goauthentik/server:2024.6
|
image: ghcr.io/goauthentik/server:2024.8
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: worker
|
command: worker
|
||||||
user: "{{ docker_user.id }}"
|
user: "{{ docker_user.id }}"
|
||||||
@ -57,7 +57,7 @@ services:
|
|||||||
- server
|
- server
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:15-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/authentik:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,4 +16,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart authentik
|
notify: restart authentik
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,25 +1,21 @@
|
|||||||
- name: Install fail2ban
|
- name: Install fail2ban
|
||||||
package:
|
package:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Enable fail2ban
|
- name: Enable fail2ban
|
||||||
service:
|
service:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: fail2ban SSH jail
|
- name: fail2ban SSH jail
|
||||||
template:
|
template:
|
||||||
src: files/ssh-jail.conf
|
src: files/ssh-jail.conf
|
||||||
dest: /etc/fail2ban/jail.d/ssh.conf
|
dest: /etc/fail2ban/jail.d/ssh.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
register: fail2ban_jail
|
register: fail2ban_jail
|
||||||
|
|
||||||
- name: Restart fail2ban
|
- name: Restart fail2ban
|
||||||
service:
|
service:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
when: fail2ban_jail.changed
|
when: fail2ban_jail.changed
|
||||||
|
|||||||
@ -1,13 +1,11 @@
|
|||||||
- name: Install logrotate
|
- name: Install logrotate
|
||||||
package:
|
package:
|
||||||
name: logrotate
|
name: logrotate
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Enable logrotate timer
|
- name: Enable logrotate timer
|
||||||
service:
|
service:
|
||||||
name: logrotate.timer
|
name: logrotate.timer
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
- name: logrotate fail2ban config
|
- name: logrotate fail2ban config
|
||||||
@ -15,4 +13,3 @@
|
|||||||
src: files/fail2ban-logrotate
|
src: files/fail2ban-logrotate
|
||||||
dest: /etc/logrotate.d/fail2ban
|
dest: /etc/logrotate.d/fail2ban
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install Base Packages
|
- name: Install Base Packages
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
become: true
|
|
||||||
loop:
|
loop:
|
||||||
- htop
|
- htop
|
||||||
- neofetch
|
- neofetch
|
||||||
|
|||||||
@ -1,13 +1,11 @@
|
|||||||
- name: Install OpenSSH for Debian
|
- name: Install OpenSSH for Debian
|
||||||
package:
|
package:
|
||||||
name: openssh-server
|
name: openssh-server
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Debian'
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
- name: Install OpenSSH for Arch
|
- name: Install OpenSSH for Arch
|
||||||
package:
|
package:
|
||||||
name: openssh
|
name: openssh
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
- name: Define context
|
- name: Define context
|
||||||
@ -22,7 +20,6 @@
|
|||||||
validate: /usr/sbin/sshd -t -f %s
|
validate: /usr/sbin/sshd -t -f %s
|
||||||
backup: true
|
backup: true
|
||||||
mode: "644"
|
mode: "644"
|
||||||
become: true
|
|
||||||
register: sshd_config
|
register: sshd_config
|
||||||
|
|
||||||
- name: Set up authorized keys
|
- name: Set up authorized keys
|
||||||
@ -38,11 +35,9 @@
|
|||||||
service:
|
service:
|
||||||
name: sshd
|
name: sshd
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Restart SSH Daemon
|
- name: Restart SSH Daemon
|
||||||
service:
|
service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: reloaded
|
state: reloaded
|
||||||
when: sshd_config.changed
|
when: sshd_config.changed
|
||||||
become: true
|
|
||||||
|
|||||||
@ -5,11 +5,9 @@
|
|||||||
comment: "{{ me.name }}"
|
comment: "{{ me.name }}"
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
system: true
|
system: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Give user sudo access
|
- name: Give user sudo access
|
||||||
user:
|
user:
|
||||||
name: "{{ me.user }}"
|
name: "{{ me.user }}"
|
||||||
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
|
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
|
||||||
append: true
|
append: true
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
comentario:
|
comentario:
|
||||||
image: registry.gitlab.com/comentario/comentario:v3.9.0
|
image: registry.gitlab.com/comentario/comentario:v3.10.0
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
user: "{{ docker_user.id }}:{{ docker_user.id }}"
|
user: "{{ docker_user.id }}:{{ docker_user.id }}"
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -14,7 +14,7 @@ services:
|
|||||||
- BASE_URL=https://comentario.theorangeone.net
|
- BASE_URL=https://comentario.theorangeone.net
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./postgres:/var/lib/postgresql/data
|
- ./postgres:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart comentario
|
notify: restart comentario
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install secrets
|
- name: Install secrets
|
||||||
copy:
|
copy:
|
||||||
@ -26,7 +24,6 @@
|
|||||||
mode: "600"
|
mode: "600"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart comentario
|
notify: restart comentario
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Install nginx config
|
||||||
template:
|
template:
|
||||||
@ -34,7 +31,6 @@
|
|||||||
dest: /etc/nginx/http.d/comentario.conf
|
dest: /etc/nginx/http.d/comentario.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
become: true
|
|
||||||
vars:
|
vars:
|
||||||
server_name: comentario.theorangeone.net
|
server_name: comentario.theorangeone.net
|
||||||
upstream: comentario-comentario-1.docker:80
|
upstream: comentario-comentario-1.docker:80
|
||||||
|
|||||||
@ -11,6 +11,9 @@ comentario_secrets:
|
|||||||
gitlab:
|
gitlab:
|
||||||
key: "{{ vault_comentario_gitlab_application_id }}"
|
key: "{{ vault_comentario_gitlab_application_id }}"
|
||||||
secret: "{{ vault_comentario_gitlab_application_secret }}"
|
secret: "{{ vault_comentario_gitlab_application_secret }}"
|
||||||
|
twitter:
|
||||||
|
key: "{{ vault_comentario_twitter_api_key }}"
|
||||||
|
secret: "{{ vault_comentario_twitter_api_secret }}"
|
||||||
smtpServer:
|
smtpServer:
|
||||||
host: smtp.eu.mailgun.org
|
host: smtp.eu.mailgun.org
|
||||||
port: 587
|
port: 587
|
||||||
|
|||||||
66
ansible/roles/comentario/vars/vault.yml
generated
66
ansible/roles/comentario/vars/vault.yml
generated
@ -1,30 +1,38 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
33656462373736356363313738643335333930343461366666663532653264363963653732656366
|
36376264363334643335646564636336613234393261326366386234663464633966666133383933
|
||||||
3034323730613334326462326332323763323665636165390a303639633036303831373966303037
|
3731363234333962306638323737336237343230653439650a343362336166626633666161313863
|
||||||
37376233383138323265396531303739316330396230333464383963333035343735303866626334
|
33623130623239626532663063633436616665653135343266336330353538306265323739326262
|
||||||
6562393435303264620a633139616164303337363863616138306531656365353964346638646165
|
3066643432643465350a643436366637623765663265316665386564663933663730383264396336
|
||||||
35346539326339623364343662643038336238613535623964666562383662613661616564646433
|
39396139396238653065366663333533343336363631616332616362386639313766656136666532
|
||||||
30653432666538616565373832353434303565386333643735313866396436393732303466376237
|
63336131346563323733333139636233353465643766643562643632653062373737353364336536
|
||||||
64383236373364383338613530353830353334326331636436323766353565656664356138386532
|
64653162656233383136363339623933643834363931663830656364396637333632613838323461
|
||||||
62366266656461663330396562316439393038666534663564633037623237363532363637356336
|
38666362663831363363636363346164343032376366346530393864306332326339323836643062
|
||||||
63336633393666343064383735363664643936333130636465623139393838373134636265366439
|
66346265643039663636616464383330366539343832373839663361393661353861643364633534
|
||||||
64326538653236306437346165333934303134313032383135313335626136626162363831613430
|
38383461323031626161663938326339386634363165303238333365323235303535333765613734
|
||||||
30636436343162376637616262393633306330663362396638393166643131343564646162616530
|
30363032386333353962306131373466356137666334303230343561616639363238633630386330
|
||||||
62343735343832636661326265396262643136346366663337636335656137393231646438633338
|
32383537646430666331313530343033376238646334313335343661313665626631663331656638
|
||||||
61613137366661333462363134343732666330373864393636643665396435653064623030626466
|
31303637343263343566386634623362373366323136663032663966313836353136616564646563
|
||||||
65633536346531383565616130626461376566316535316339326363646336626266376330393939
|
66653938326539343130346439666264663962323661386131643432663237643334633837376163
|
||||||
33653438656438316532393665333939613334666464656635323566326439363964316535623233
|
62393330336434393232646163353539303831336638663135393734393064353964623032616233
|
||||||
38636236616637336230363032396635613563313966353334313365663434653138303764393938
|
32393037313965313933363236653537306634613265633764636436653332623339316132373964
|
||||||
37643561346338323934663936356563363833383435373933396138663334616563666562653935
|
39313334653831366533663661653934633338393539326564396236373462623262333530346436
|
||||||
33666631373964396265393233636631336632386537663663366439313137656661653265323162
|
66646266623666333034346634613365356333343934363963366137303030646638373466643564
|
||||||
64656333336165326563323333653036386334386566386664306638656130323665366136373732
|
66356265363634623363646266633137363966666361366463383266663032316665373430383031
|
||||||
34383532303363646334356534316630363133303031343665353465656239306338386238313262
|
33303530323561366531356133363035353732333135303762316337626330333530303563643935
|
||||||
30363438383164343661343730386162633430373765313834313739393638333963393234613564
|
35303465633536373833386435336638386662353032383861633965393564303839666463616263
|
||||||
30356134646431353132316565346331613137353431383863383866306632626336633764393036
|
39353934343965316134663634363135616338353734656361343433313837313639303931356233
|
||||||
66626466623034666335356539653136633331636365623061613433393335303535333433616137
|
39643135353661306461393962646238613062356361386533316362633233353235666262653738
|
||||||
65383231373230653838316630303736353237666431366134353534366564656338646265396162
|
33616465653435303736636165343239336139383162616463613232656639393338363766396434
|
||||||
61663366663532636635663337363063306466626463396630636236363736303963353062376163
|
32353965363537666366623066313461316463373130653637343430366231366263616261393564
|
||||||
63653530346335393934656531386139663136383132306564383937396364626365373839613766
|
36323038383238633239323365326334393132643832373033643432653032613665646666336338
|
||||||
62633264336335313932396164373363623061363262616330343735633862623234643365353035
|
30316565346630396537363431366337656236363462646435393731323866313366373438386265
|
||||||
36616231636461323832663837323232396636363561376563386530306339333431613935613263
|
61373366383865336334356638653065333839303663636266393933663833313931333133663966
|
||||||
30366335393834643066343763636561346336383463333535323932326663633338
|
35306163373462613335616265316563313062623139343061306465656463336162396266636437
|
||||||
|
36646439613433306464383133636466383430363363393762646534343133333732613530626162
|
||||||
|
31633430313039643636666365613232373335336235633832666139643937373766336563303266
|
||||||
|
34396137656436373438383035316133343132313130636536393536393862386531386531303761
|
||||||
|
64613337353463383032636636643963636235346262646366366539646233313939633864306335
|
||||||
|
38373465373863383964633038373334386632666236303436376438666132623964396434626439
|
||||||
|
38356235353430323236623962396461346438633962333163393535373362373164313132356232
|
||||||
|
63313639333862313565396165613265623135626635373134626137633638333561353732313036
|
||||||
|
3837
|
||||||
|
|||||||
@ -2,7 +2,6 @@
|
|||||||
docker_network:
|
docker_network:
|
||||||
name: coredns
|
name: coredns
|
||||||
internal: true
|
internal: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create install directory
|
- name: Create install directory
|
||||||
file:
|
file:
|
||||||
@ -10,7 +9,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -20,4 +18,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart coredns
|
notify: restart coredns
|
||||||
become: true
|
|
||||||
|
|||||||
@ -9,6 +9,9 @@ services:
|
|||||||
- HEALTHCHECKS_ID={{ vault_db_auto_backup_healthchecks_id }}
|
- HEALTHCHECKS_ID={{ vault_db_auto_backup_healthchecks_id }}
|
||||||
depends_on:
|
depends_on:
|
||||||
- docker_proxy
|
- docker_proxy
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- backup_private
|
||||||
|
|
||||||
docker_proxy:
|
docker_proxy:
|
||||||
image: lscr.io/linuxserver/socket-proxy:latest
|
image: lscr.io/linuxserver/socket-proxy:latest
|
||||||
@ -20,5 +23,13 @@ services:
|
|||||||
- EXEC=1
|
- EXEC=1
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- backup_private
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
logging:
|
logging:
|
||||||
driver: none
|
driver: none
|
||||||
|
|
||||||
|
networks:
|
||||||
|
backup_private:
|
||||||
|
internal: true
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -14,4 +13,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart db-auto-backup
|
notify: restart db-auto-backup
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install docker-compose
|
- name: Install docker-compose
|
||||||
package:
|
package:
|
||||||
name: docker-compose
|
name: docker-compose
|
||||||
become: true
|
|
||||||
when: ansible_os_family != 'Debian'
|
when: ansible_os_family != 'Debian'
|
||||||
|
|
||||||
- name: Install compose-switch
|
- name: Install compose-switch
|
||||||
@ -9,7 +8,6 @@
|
|||||||
url: "{{ docker_compose_url }}"
|
url: "{{ docker_compose_url }}"
|
||||||
dest: "{{ docker_compose_path }}"
|
dest: "{{ docker_compose_path }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Debian'
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
- name: Create docker group
|
- name: Create docker group
|
||||||
@ -17,7 +15,6 @@
|
|||||||
name: "{{ docker_user.name }}"
|
name: "{{ docker_user.name }}"
|
||||||
state: present
|
state: present
|
||||||
gid: "{{ docker_user.id }}"
|
gid: "{{ docker_user.id }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create docker user
|
- name: Create docker user
|
||||||
user:
|
user:
|
||||||
@ -25,21 +22,18 @@
|
|||||||
uid: "{{ docker_user.id }}"
|
uid: "{{ docker_user.id }}"
|
||||||
group: "{{ docker_user.name }}"
|
group: "{{ docker_user.name }}"
|
||||||
create_home: false
|
create_home: false
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Add user to docker user group
|
- name: Add user to docker user group
|
||||||
user:
|
user:
|
||||||
name: "{{ me.user }}"
|
name: "{{ me.user }}"
|
||||||
groups: "{{ docker_user.name }}"
|
groups: "{{ docker_user.name }}"
|
||||||
append: true
|
append: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Add user to docker group
|
- name: Add user to docker group
|
||||||
user:
|
user:
|
||||||
name: "{{ me.user }}"
|
name: "{{ me.user }}"
|
||||||
groups: docker
|
groups: docker
|
||||||
append: true
|
append: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Clean up docker containers
|
- name: Clean up docker containers
|
||||||
cron:
|
cron:
|
||||||
@ -47,6 +41,8 @@
|
|||||||
hour: 1
|
hour: 1
|
||||||
minute: 0
|
minute: 0
|
||||||
job: docker system prune -af --volumes
|
job: docker system prune -af --volumes
|
||||||
|
cron_file: docker_cleanup
|
||||||
|
user: root
|
||||||
|
|
||||||
- name: Install util scripts
|
- name: Install util scripts
|
||||||
copy:
|
copy:
|
||||||
@ -54,6 +50,7 @@
|
|||||||
dest: "{{ me.home }}"
|
dest: "{{ me.home }}"
|
||||||
mode: "755"
|
mode: "755"
|
||||||
directory_mode: "755"
|
directory_mode: "755"
|
||||||
|
owner: "{{ me.user }}"
|
||||||
|
|
||||||
- name: override docker service for zfs dependencies
|
- name: override docker service for zfs dependencies
|
||||||
include_tasks: zfs-override.yml
|
include_tasks: zfs-override.yml
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
path: /etc/systemd/system/docker.service.d
|
path: /etc/systemd/system/docker.service.d
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create override.conf
|
- name: Create override.conf
|
||||||
copy:
|
copy:
|
||||||
@ -12,4 +11,3 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
|
|||||||
@ -29,7 +29,7 @@ services:
|
|||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/gitea:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/gitea:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart gitea
|
notify: restart gitea
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config file
|
- name: Install config file
|
||||||
template:
|
template:
|
||||||
@ -26,7 +24,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart gitea
|
notify: restart gitea
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create custom templates directory
|
- name: Create custom templates directory
|
||||||
file:
|
file:
|
||||||
@ -35,7 +32,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
recurse: true
|
recurse: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install custom footer
|
- name: Install custom footer
|
||||||
copy:
|
copy:
|
||||||
@ -44,4 +40,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
notify: restart gitea
|
notify: restart gitea
|
||||||
become: true
|
|
||||||
|
|||||||
@ -4,17 +4,41 @@ services:
|
|||||||
user: "{{ docker_user.id }}"
|
user: "{{ docker_user.id }}"
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/data:/data
|
- /mnt/data:/data
|
||||||
|
- ./config.yml:/data/config.yml
|
||||||
environment:
|
environment:
|
||||||
- TZ={{ timezone }}
|
- TZ={{ timezone }}
|
||||||
- DOCKER_HOST=tcp://dind:2375
|
- DOCKER_HOST=tcp://docker_proxy:2375
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: forgejo-runner daemon
|
command: forgejo-runner daemon
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- forgejo_private
|
||||||
depends_on:
|
depends_on:
|
||||||
dind:
|
- docker_proxy
|
||||||
condition: service_started
|
|
||||||
|
|
||||||
dind:
|
docker_proxy:
|
||||||
image: docker:dind
|
image: lscr.io/linuxserver/socket-proxy:latest
|
||||||
privileged: true
|
|
||||||
command: [dockerd, -H, tcp://0.0.0.0:2375, --tls=false]
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- POST=1
|
||||||
|
- CONTAINERS=1
|
||||||
|
- INFO=1
|
||||||
|
- IMAGES=1
|
||||||
|
- VOLUMES=1
|
||||||
|
- NETWORKS=1
|
||||||
|
- ALLOW_START=1
|
||||||
|
- ALLOW_STOP=1
|
||||||
|
- ALLOW_RESTARTS=1
|
||||||
|
- EXEC=1
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- forgejo_private
|
||||||
|
logging:
|
||||||
|
driver: none
|
||||||
|
|
||||||
|
networks:
|
||||||
|
forgejo_private:
|
||||||
|
internal: true
|
||||||
|
|||||||
@ -4,24 +4,14 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create data directory
|
|
||||||
file:
|
|
||||||
path: /opt/forgejo-runner/data
|
|
||||||
state: directory
|
|
||||||
mode: "700"
|
|
||||||
owner: "{{ docker_user.name }}"
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config file
|
- name: Install config file
|
||||||
template:
|
template:
|
||||||
src: files/config.yml
|
src: files/config.yml
|
||||||
dest: /opt/forgejo-runner/data/config.yml
|
dest: /opt/forgejo-runner/config.yml
|
||||||
mode: "600"
|
mode: "600"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart forgejo-runner
|
notify: restart forgejo-runner
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -31,4 +21,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart forgejo-runner
|
notify: restart forgejo-runner
|
||||||
become: true
|
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
src: files/nginx-fail2ban-filter.conf
|
src: files/nginx-fail2ban-filter.conf
|
||||||
dest: /etc/fail2ban/filter.d/nginx-tcp.conf
|
dest: /etc/fail2ban/filter.d/nginx-tcp.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
register: fail2ban_filter
|
register: fail2ban_filter
|
||||||
|
|
||||||
- name: fail2ban jail
|
- name: fail2ban jail
|
||||||
@ -11,12 +10,10 @@
|
|||||||
src: files/nginx-fail2ban-jail.conf
|
src: files/nginx-fail2ban-jail.conf
|
||||||
dest: /etc/fail2ban/jail.d/nginx.conf
|
dest: /etc/fail2ban/jail.d/nginx.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
register: fail2ban_jail
|
register: fail2ban_jail
|
||||||
|
|
||||||
- name: Restart fail2ban
|
- name: Restart fail2ban
|
||||||
service:
|
service:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
when: fail2ban_filter.changed or fail2ban_jail.changed
|
when: fail2ban_filter.changed or fail2ban_jail.changed
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/stream.d/gateway.conf
|
dest: /etc/nginx/stream.d/gateway.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
register: nginx_config
|
register: nginx_config
|
||||||
|
|
||||||
- name: Install CDN config
|
- name: Install CDN config
|
||||||
@ -11,12 +10,10 @@
|
|||||||
src: files/nginx-cdn.conf
|
src: files/nginx-cdn.conf
|
||||||
dest: /etc/nginx/http.d/cdn.conf
|
dest: /etc/nginx/http.d/cdn.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
register: nginx_config
|
register: nginx_config
|
||||||
|
|
||||||
- name: Reload Nginx
|
- name: Reload Nginx
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
become: true
|
|
||||||
when: nginx_config.changed
|
when: nginx_config.changed
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install wireguard tools
|
- name: Install wireguard tools
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
become: true
|
|
||||||
loop:
|
loop:
|
||||||
- wireguard-tools
|
- wireguard-tools
|
||||||
- qrencode
|
- qrencode
|
||||||
@ -12,21 +11,18 @@
|
|||||||
dest: /etc/wireguard/wg0.conf
|
dest: /etc/wireguard/wg0.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
backup: true
|
backup: true
|
||||||
become: true
|
|
||||||
register: wireguard_conf
|
register: wireguard_conf
|
||||||
|
|
||||||
- name: Enable wireguard
|
- name: Enable wireguard
|
||||||
service:
|
service:
|
||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Restart wireguard
|
- name: Restart wireguard
|
||||||
service:
|
service:
|
||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
state: restarted
|
state: restarted
|
||||||
when: wireguard_conf.changed
|
when: wireguard_conf.changed
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create wireguard client directory
|
- name: Create wireguard client directory
|
||||||
file:
|
file:
|
||||||
|
|||||||
@ -2,4 +2,3 @@
|
|||||||
service:
|
service:
|
||||||
name: wg-quick@glinet
|
name: wg-quick@glinet
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
- name: Install wireguard tools
|
- name: Install wireguard tools
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
become: true
|
|
||||||
loop:
|
loop:
|
||||||
- wireguard-tools
|
- wireguard-tools
|
||||||
- qrencode
|
- qrencode
|
||||||
@ -15,7 +14,6 @@
|
|||||||
dest: /etc/wireguard/glinet.conf
|
dest: /etc/wireguard/glinet.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
backup: true
|
backup: true
|
||||||
become: true
|
|
||||||
notify: restart wireguard
|
notify: restart wireguard
|
||||||
|
|
||||||
- name: Wireguard client config
|
- name: Wireguard client config
|
||||||
@ -24,11 +22,9 @@
|
|||||||
dest: "{{ me.home }}/glinet-vpn.conf"
|
dest: "{{ me.home }}/glinet-vpn.conf"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
owner: "{{ me.user }}"
|
owner: "{{ me.user }}"
|
||||||
become: true
|
|
||||||
notify: restart wireguard
|
notify: restart wireguard
|
||||||
|
|
||||||
- name: Enable wireguard
|
- name: Enable wireguard
|
||||||
service:
|
service:
|
||||||
name: wg-quick@glinet
|
name: wg-quick@glinet
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|||||||
@ -63,9 +63,11 @@ noise:
|
|||||||
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
|
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
|
||||||
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
|
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
|
||||||
# Any other range is NOT supported, and it will cause unexpected issues.
|
# Any other range is NOT supported, and it will cause unexpected issues.
|
||||||
ip_prefixes:
|
prefixes:
|
||||||
- fd7a:115c:a1e0::/48
|
v6: fd7a:115c:a1e0::/48
|
||||||
- 100.64.0.0/10
|
v4: 100.64.0.0/10
|
||||||
|
|
||||||
|
allocation: sequential
|
||||||
|
|
||||||
# DERP is a relay system that Tailscale uses when a direct
|
# DERP is a relay system that Tailscale uses when a direct
|
||||||
# connection cannot be established.
|
# connection cannot be established.
|
||||||
@ -77,7 +79,7 @@ derp:
|
|||||||
server:
|
server:
|
||||||
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
|
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
|
||||||
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
|
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
|
||||||
enabled: true
|
enabled: false
|
||||||
|
|
||||||
# Region ID to use for the embedded DERP server.
|
# Region ID to use for the embedded DERP server.
|
||||||
# The local DERP prevails if the region ID collides with other region ID coming from
|
# The local DERP prevails if the region ID collides with other region ID coming from
|
||||||
@ -95,7 +97,8 @@ derp:
|
|||||||
stun_listen_addr: 0.0.0.0:3478
|
stun_listen_addr: 0.0.0.0:3478
|
||||||
|
|
||||||
# List of externally available DERP maps encoded in JSON
|
# List of externally available DERP maps encoded in JSON
|
||||||
urls: []
|
urls:
|
||||||
|
- https://controlplane.tailscale.com/derpmap/default
|
||||||
|
|
||||||
# Locally available DERP map files encoded in YAML
|
# Locally available DERP map files encoded in YAML
|
||||||
#
|
#
|
||||||
@ -128,10 +131,25 @@ ephemeral_node_inactivity_timeout: 30m
|
|||||||
node_update_check_interval: 20s
|
node_update_check_interval: 20s
|
||||||
|
|
||||||
# SQLite config
|
# SQLite config
|
||||||
db_type: sqlite3
|
database:
|
||||||
|
type: sqlite
|
||||||
|
|
||||||
# For production:
|
gorm:
|
||||||
db_path: /var/lib/headscale/db.sqlite
|
# Enable prepared statements.
|
||||||
|
prepare_stmt: true
|
||||||
|
|
||||||
|
# Enable parameterized queries.
|
||||||
|
parameterized_queries: true
|
||||||
|
|
||||||
|
# Skip logging "record not found" errors.
|
||||||
|
skip_err_record_not_found: true
|
||||||
|
|
||||||
|
# Threshold for slow queries in milliseconds.
|
||||||
|
slow_threshold: 3000
|
||||||
|
|
||||||
|
sqlite:
|
||||||
|
path: /var/lib/headscale/db.sqlite
|
||||||
|
write_ahead_log: true
|
||||||
|
|
||||||
# # Postgres config
|
# # Postgres config
|
||||||
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
||||||
@ -188,7 +206,9 @@ log:
|
|||||||
# Path to a file containg ACL policies.
|
# Path to a file containg ACL policies.
|
||||||
# ACLs can be defined as YAML or HUJSON.
|
# ACLs can be defined as YAML or HUJSON.
|
||||||
# https://tailscale.com/kb/1018/acls/
|
# https://tailscale.com/kb/1018/acls/
|
||||||
acl_policy_path: /etc/headscale/acls.json
|
policy:
|
||||||
|
mode: file
|
||||||
|
path: /etc/headscale/acls.json
|
||||||
|
|
||||||
## DNS
|
## DNS
|
||||||
#
|
#
|
||||||
@ -199,13 +219,13 @@ acl_policy_path: /etc/headscale/acls.json
|
|||||||
# - https://tailscale.com/kb/1081/magicdns/
|
# - https://tailscale.com/kb/1081/magicdns/
|
||||||
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
||||||
#
|
#
|
||||||
dns_config:
|
dns:
|
||||||
# Whether to prefer using Headscale provided DNS or use local.
|
# Whether to prefer using Headscale provided DNS or use local.
|
||||||
override_local_dns: false
|
override_local_dns: false
|
||||||
|
|
||||||
# List of DNS servers to expose to clients.
|
# List of DNS servers to expose to clients.
|
||||||
nameservers:
|
nameservers:
|
||||||
- 1.1.1.1
|
global: []
|
||||||
|
|
||||||
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
|
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
|
||||||
# "abc123" is example NextDNS ID, replace with yours.
|
# "abc123" is example NextDNS ID, replace with yours.
|
||||||
@ -251,7 +271,7 @@ dns_config:
|
|||||||
# `base_domain` must be a FQDNs, without the trailing dot.
|
# `base_domain` must be a FQDNs, without the trailing dot.
|
||||||
# The FQDN of the hosts will be
|
# The FQDN of the hosts will be
|
||||||
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
|
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
|
||||||
base_domain: headscale.jakehoward.tech
|
base_domain: hs.sys.theorangeone.net
|
||||||
|
|
||||||
# Unix socket used for the CLI to connect without authentication
|
# Unix socket used for the CLI to connect without authentication
|
||||||
# Note: for production you will want to set this to something like:
|
# Note: for production you will want to set this to something like:
|
||||||
|
|||||||
@ -3,4 +3,3 @@
|
|||||||
name: headscale
|
name: headscale
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
- name: Install Headscale
|
- name: Install Headscale
|
||||||
package:
|
package:
|
||||||
name: headscale
|
name: headscale
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install headscale config file
|
- name: Install headscale config file
|
||||||
template:
|
template:
|
||||||
@ -13,7 +12,6 @@
|
|||||||
owner: headscale
|
owner: headscale
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
notify: restart headscale
|
notify: restart headscale
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install ACLs
|
- name: Install ACLs
|
||||||
template:
|
template:
|
||||||
@ -22,12 +20,10 @@
|
|||||||
owner: headscale
|
owner: headscale
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
notify: restart headscale
|
notify: restart headscale
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Install nginx config
|
||||||
template:
|
template:
|
||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/http.d/headscale.conf
|
dest: /etc/nginx/http.d/headscale.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|||||||
@ -2,4 +2,3 @@
|
|||||||
service:
|
service:
|
||||||
name: squid
|
name: squid
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,18 +1,15 @@
|
|||||||
- name: Install squid
|
- name: Install squid
|
||||||
package:
|
package:
|
||||||
name: squid
|
name: squid
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Squid config
|
- name: Squid config
|
||||||
template:
|
template:
|
||||||
src: files/squid.conf
|
src: files/squid.conf
|
||||||
dest: /etc/squid/squid.conf
|
dest: /etc/squid/squid.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
notify: restart squid
|
notify: restart squid
|
||||||
|
|
||||||
- name: Enable squid
|
- name: Enable squid
|
||||||
service:
|
service:
|
||||||
name: squid
|
name: squid
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|||||||
@ -2,13 +2,11 @@
|
|||||||
service:
|
service:
|
||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: reload nginx
|
- name: reload nginx
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: reload nftables
|
- name: reload nftables
|
||||||
command:
|
command:
|
||||||
@ -16,4 +14,3 @@
|
|||||||
- nft
|
- nft
|
||||||
- -f
|
- -f
|
||||||
- /etc/nftables.conf
|
- /etc/nftables.conf
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install nftables
|
- name: Install nftables
|
||||||
package:
|
package:
|
||||||
name: nftables
|
name: nftables
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Copy firewall config
|
- name: Copy firewall config
|
||||||
template:
|
template:
|
||||||
@ -9,7 +8,6 @@
|
|||||||
dest: /etc/nftables.conf
|
dest: /etc/nftables.conf
|
||||||
validate: nft -c -f %s
|
validate: nft -c -f %s
|
||||||
mode: "644"
|
mode: "644"
|
||||||
become: true
|
|
||||||
notify: reload nftables
|
notify: reload nftables
|
||||||
|
|
||||||
- name: Enable nftables
|
- name: Enable nftables
|
||||||
@ -17,4 +15,3 @@
|
|||||||
name: nftables
|
name: nftables
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
become: true
|
|
||||||
|
|||||||
@ -3,5 +3,4 @@
|
|||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/stream.d/ingress.conf
|
dest: /etc/nginx/stream.d/ingress.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|||||||
@ -1,8 +1,6 @@
|
|||||||
- name: Install Wireguard
|
- name: Install Wireguard
|
||||||
package:
|
package:
|
||||||
name:
|
name: wireguard
|
||||||
- wireguard
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Get wireguard credentials
|
- name: Get wireguard credentials
|
||||||
set_fact:
|
set_fact:
|
||||||
@ -14,14 +12,12 @@
|
|||||||
dest: /etc/wireguard/wg0.conf
|
dest: /etc/wireguard/wg0.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
backup: true
|
backup: true
|
||||||
become: true
|
|
||||||
notify: restart wireguard
|
notify: restart wireguard
|
||||||
|
|
||||||
- name: Enable wireguard
|
- name: Enable wireguard
|
||||||
service:
|
service:
|
||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Enable p2p communication
|
- name: Enable p2p communication
|
||||||
sysctl:
|
sysctl:
|
||||||
@ -31,4 +27,3 @@
|
|||||||
state: present
|
state: present
|
||||||
reload: true
|
reload: true
|
||||||
sysctl_file: /etc/sysctl.d/99-sysctl.conf
|
sysctl_file: /etc/sysctl.d/99-sysctl.conf
|
||||||
become: true
|
|
||||||
|
|||||||
@ -2,23 +2,19 @@
|
|||||||
ansible.builtin.apt_key:
|
ansible.builtin.apt_key:
|
||||||
url: https://repo.jellyfin.org/jellyfin_team.gpg.key
|
url: https://repo.jellyfin.org/jellyfin_team.gpg.key
|
||||||
state: present
|
state: present
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Add Jellyfin repository
|
- name: Add Jellyfin repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main
|
repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main
|
||||||
filename: jellyfin
|
filename: jellyfin
|
||||||
state: present
|
state: present
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install jellyfin
|
- name: Install jellyfin
|
||||||
package:
|
package:
|
||||||
name: jellyfin
|
name: jellyfin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Set media dir permissions
|
- name: Set media dir permissions
|
||||||
cron:
|
cron:
|
||||||
name: Set media permissions
|
name: Set media permissions
|
||||||
special_time: daily
|
special_time: daily
|
||||||
job: chown -R jellyfin:jellyfin /mnt/media
|
job: chown -R jellyfin:jellyfin /mnt/media
|
||||||
become: true
|
|
||||||
|
|||||||
@ -41,7 +41,7 @@ services:
|
|||||||
- traefik.http.services.mastodon-mastodon.loadbalancer.server.scheme=https
|
- traefik.http.services.mastodon-mastodon.loadbalancer.server.scheme=https
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/mastodon:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/mastodon:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart mastodon
|
notify: restart mastodon
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install media cleanup script
|
- name: Install media cleanup script
|
||||||
template:
|
template:
|
||||||
@ -25,7 +23,6 @@
|
|||||||
dest: /opt/mastodon/purge-media.sh
|
dest: /opt/mastodon/purge-media.sh
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Schedule media cleanup
|
- name: Schedule media cleanup
|
||||||
cron:
|
cron:
|
||||||
@ -35,4 +32,3 @@
|
|||||||
weekday: 1
|
weekday: 1
|
||||||
job: /opt/mastodon/purge-media.sh
|
job: /opt/mastodon/purge-media.sh
|
||||||
user: "{{ me.user }}"
|
user: "{{ me.user }}"
|
||||||
become: true
|
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,4 +16,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart minio
|
notify: restart minio
|
||||||
become: true
|
|
||||||
|
|||||||
@ -2,4 +2,3 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
- name: Install nginx
|
- name: Install nginx
|
||||||
package:
|
package:
|
||||||
name: nginx
|
name: nginx
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx modules
|
- name: Install nginx modules
|
||||||
package:
|
package:
|
||||||
@ -11,7 +10,6 @@
|
|||||||
- libnginx-mod-http-brotli-filter
|
- libnginx-mod-http-brotli-filter
|
||||||
- libnginx-mod-stream
|
- libnginx-mod-stream
|
||||||
when: ansible_os_family != 'Archlinux'
|
when: ansible_os_family != 'Archlinux'
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx modules (on Arch)
|
- name: Install nginx modules (on Arch)
|
||||||
kewlfft.aur.aur:
|
kewlfft.aur.aur:
|
||||||
@ -20,12 +18,10 @@
|
|||||||
- nginx-mod-headers-more
|
- nginx-mod-headers-more
|
||||||
- nginx-mod-brotli
|
- nginx-mod-brotli
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Generate Diffie-Hellman parameters
|
- name: Generate Diffie-Hellman parameters
|
||||||
community.crypto.openssl_dhparam:
|
community.crypto.openssl_dhparam:
|
||||||
path: /etc/nginx/dhparams.pem
|
path: /etc/nginx/dhparams.pem
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create config directories
|
- name: Create config directories
|
||||||
file:
|
file:
|
||||||
@ -36,7 +32,6 @@
|
|||||||
- http.d
|
- http.d
|
||||||
- stream.d
|
- stream.d
|
||||||
- includes
|
- includes
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Copy config files
|
- name: Copy config files
|
||||||
template:
|
template:
|
||||||
@ -44,7 +39,6 @@
|
|||||||
dest: /etc/nginx/includes/{{ item | basename }}
|
dest: /etc/nginx/includes/{{ item | basename }}
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
with_fileglob: files/includes/*.conf
|
with_fileglob: files/includes/*.conf
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
- name: Install config
|
- name: Install config
|
||||||
@ -52,7 +46,6 @@
|
|||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/nginx.conf
|
dest: /etc/nginx/nginx.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
- name: Install HTTPS redirect
|
- name: Install HTTPS redirect
|
||||||
@ -60,6 +53,5 @@
|
|||||||
src: files/nginx-https-redirect.conf
|
src: files/nginx-https-redirect.conf
|
||||||
dest: /etc/nginx/http.d/https-redirect.conf
|
dest: /etc/nginx/http.d/https-redirect.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
when: nginx_https_redirect
|
when: nginx_https_redirect
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,4 +16,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart ntfy
|
notify: restart ntfy
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,18 +1,15 @@
|
|||||||
- name: Install Pacman utils
|
- name: Install Pacman utils
|
||||||
package:
|
package:
|
||||||
name: pacman-contrib
|
name: pacman-contrib
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create hooks directory
|
- name: Create hooks directory
|
||||||
file:
|
file:
|
||||||
path: /etc/pacman.d/hooks/
|
path: /etc/pacman.d/hooks/
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install pacman hook
|
- name: Install pacman hook
|
||||||
template:
|
template:
|
||||||
src: files/paccache.hook
|
src: files/paccache.hook
|
||||||
dest: /etc/pacman.d/hooks/clean_package_cache.hook
|
dest: /etc/pacman.d/hooks/clean_package_cache.hook
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
|
|||||||
@ -43,7 +43,7 @@ services:
|
|||||||
hard: 262144
|
hard: 262144
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./postgres:/var/lib/postgresql/data
|
- ./postgres:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install clickhouse config
|
- name: Install clickhouse config
|
||||||
template:
|
template:
|
||||||
@ -15,7 +14,6 @@
|
|||||||
dest: /opt/plausible/docker_related_config.xml
|
dest: /opt/plausible/docker_related_config.xml
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart plausible
|
notify: restart plausible
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install clickhouse user config
|
- name: Install clickhouse user config
|
||||||
template:
|
template:
|
||||||
@ -23,7 +21,6 @@
|
|||||||
dest: /opt/plausible/docker_related_user_config.xml
|
dest: /opt/plausible/docker_related_user_config.xml
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart plausible
|
notify: restart plausible
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -33,7 +30,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart plausible
|
notify: restart plausible
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Install nginx config
|
||||||
template:
|
template:
|
||||||
@ -41,7 +37,6 @@
|
|||||||
dest: /etc/nginx/http.d/plausible.conf
|
dest: /etc/nginx/http.d/plausible.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
become: true
|
|
||||||
vars:
|
vars:
|
||||||
server_name: plausible.theorangeone.net elbisualp.theorangeone.net
|
server_name: plausible.theorangeone.net elbisualp.theorangeone.net
|
||||||
upstream: plausible-plausible-1.docker:8000
|
upstream: plausible-plausible-1.docker:8000
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart privatebin
|
notify: restart privatebin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config file
|
- name: Install config file
|
||||||
template:
|
template:
|
||||||
@ -23,4 +21,3 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart privatebin
|
notify: restart privatebin
|
||||||
become: true
|
|
||||||
|
|||||||
@ -35,7 +35,7 @@ services:
|
|||||||
- renderer
|
- renderer
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/grafana/:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/grafana/:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -8,7 +8,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install grafana compose file
|
- name: Install grafana compose file
|
||||||
template:
|
template:
|
||||||
@ -18,4 +17,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart grafana
|
notify: restart grafana
|
||||||
become: true
|
|
||||||
|
|||||||
@ -17,7 +17,6 @@
|
|||||||
- "{{ vps_hosts.private_ipv6_range }}"
|
- "{{ vps_hosts.private_ipv6_range }}"
|
||||||
register: routes
|
register: routes
|
||||||
changed_when: false
|
changed_when: false
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Add route to private services via ingress
|
- name: Add route to private services via ingress
|
||||||
command:
|
command:
|
||||||
@ -31,5 +30,4 @@
|
|||||||
- "{{ pve_hosts.ingress.ipv6 }}"
|
- "{{ pve_hosts.ingress.ipv6 }}"
|
||||||
- dev
|
- dev
|
||||||
- eth0
|
- eth0
|
||||||
become: true
|
|
||||||
when: vps_hosts.private_ipv6_marker not in routes.stdout
|
when: vps_hosts.private_ipv6_marker not in routes.stdout
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install prometheus config
|
- name: Install prometheus config
|
||||||
template:
|
template:
|
||||||
@ -13,7 +12,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: reload prometheus
|
notify: reload prometheus
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install prometheus compose file
|
- name: Install prometheus compose file
|
||||||
template:
|
template:
|
||||||
@ -23,7 +21,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart prometheus
|
notify: restart prometheus
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install blackbox config
|
- name: Install blackbox config
|
||||||
template:
|
template:
|
||||||
@ -32,7 +29,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart prometheus
|
notify: restart prometheus
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install alertmanager config
|
- name: Install alertmanager config
|
||||||
template:
|
template:
|
||||||
@ -41,7 +37,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart prometheus
|
notify: restart prometheus
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install prometheus alert rules
|
- name: Install prometheus alert rules
|
||||||
copy:
|
copy:
|
||||||
@ -50,4 +45,3 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: reload prometheus
|
notify: reload prometheus
|
||||||
become: true
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@ $CONFIG = array (
|
|||||||
0 => 'intersect.jakehoward.tech',
|
0 => 'intersect.jakehoward.tech',
|
||||||
),
|
),
|
||||||
'dbtype' => 'mysql',
|
'dbtype' => 'mysql',
|
||||||
'version' => '29.0.4.1',
|
'version' => '29.0.6.1',
|
||||||
'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
|
'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
|
||||||
'dbname' => 'nextcloud',
|
'dbname' => 'nextcloud',
|
||||||
'dbhost' => 'mariadb',
|
'dbhost' => 'mariadb',
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
services:
|
services:
|
||||||
nextcloud:
|
nextcloud:
|
||||||
image: lscr.io/linuxserver/nextcloud:29.0.4
|
image: lscr.io/linuxserver/nextcloud:29.0.6
|
||||||
environment:
|
environment:
|
||||||
- PUID={{ docker_user.id }}
|
- PUID={{ docker_user.id }}
|
||||||
- PGID={{ docker_user.id }}
|
- PGID={{ docker_user.id }}
|
||||||
|
|||||||
@ -19,7 +19,7 @@ services:
|
|||||||
- 4242:4242
|
- 4242:4242
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=quassel
|
- POSTGRES_USER=quassel
|
||||||
|
|||||||
@ -22,7 +22,7 @@ services:
|
|||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=synapse
|
- POSTGRES_USER=synapse
|
||||||
|
|||||||
@ -53,7 +53,7 @@ services:
|
|||||||
- app
|
- app
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/tt-rss:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/tt-rss:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -35,7 +35,7 @@ services:
|
|||||||
- /mnt/speed/dbs/redis/wallabag:/data
|
- /mnt/speed/dbs/redis/wallabag:/data
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/wallabag/:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/wallabag/:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -4,7 +4,7 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`whoami-cdn.theorangeone.net`)
|
- traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`whoami-cdn.theorangeone.net`) || Host(`who.0rng.one`)
|
||||||
|
|
||||||
- traefik.http.routers.whoami-private.rule=Host(`whoami-private.theorangeone.net`)
|
- traefik.http.routers.whoami-private.rule=Host(`whoami-private.theorangeone.net`)
|
||||||
- traefik.http.routers.whoami-private.middlewares=tailscale-only@file
|
- traefik.http.routers.whoami-private.middlewares=tailscale-only@file
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install calibre compose file
|
- name: Install calibre compose file
|
||||||
template:
|
template:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart calibre
|
- name: restart calibre
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install librespeed compose file
|
- name: Install librespeed compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart librespeed
|
- name: restart librespeed
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nextcloud compose file
|
- name: Install nextcloud compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nextcloud config
|
- name: Install nextcloud config
|
||||||
template:
|
template:
|
||||||
@ -26,7 +24,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
register: config_file
|
register: config_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install occ script
|
- name: Install occ script
|
||||||
template:
|
template:
|
||||||
@ -34,7 +31,6 @@
|
|||||||
dest: /opt/nextcloud/occ
|
dest: /opt/nextcloud/occ
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart nextcloud
|
- name: restart nextcloud
|
||||||
shell:
|
shell:
|
||||||
@ -47,4 +43,3 @@
|
|||||||
name: Set nextcloud data permissions
|
name: Set nextcloud data permissions
|
||||||
special_time: daily
|
special_time: daily
|
||||||
job: chown -R {{ docker_user.name }}:{{ docker_user.name }} /mnt/tank/files/nextcloud
|
job: chown -R {{ docker_user.name }}:{{ docker_user.name }} /mnt/tank/files/nextcloud
|
||||||
become: true
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install quassel compose file
|
- name: Install quassel compose file
|
||||||
template:
|
template:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart quassel
|
- name: restart quassel
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install synapse compose file
|
- name: Install synapse compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install synapse config
|
- name: Install synapse config
|
||||||
template:
|
template:
|
||||||
@ -26,7 +24,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
register: homeserver_config
|
register: homeserver_config
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart synapse
|
- name: restart synapse
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create tt-rss plugins directory
|
- name: Create tt-rss plugins directory
|
||||||
file:
|
file:
|
||||||
@ -13,7 +12,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
register: plugins_dir
|
register: plugins_dir
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install tt-rss compose file
|
- name: Install tt-rss compose file
|
||||||
template:
|
template:
|
||||||
@ -23,7 +21,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install fever plugin
|
- name: Install fever plugin
|
||||||
git:
|
git:
|
||||||
@ -41,7 +38,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: u=rwX,g=rwX,o=rX
|
mode: u=rwX,g=rwX,o=rX
|
||||||
recurse: true
|
recurse: true
|
||||||
become: true
|
|
||||||
when: fever_plugin.changed
|
when: fever_plugin.changed
|
||||||
|
|
||||||
- name: restart tt-rss
|
- name: restart tt-rss
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install wallabag compose file
|
- name: Install wallabag compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart wallabag
|
- name: restart wallabag
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install whoami compose file
|
- name: Install whoami compose file
|
||||||
template:
|
template:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
register: compose_file
|
register: compose_file
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart whoami
|
- name: restart whoami
|
||||||
shell:
|
shell:
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
- "{{ tailscale_cidr }}"
|
- "{{ tailscale_cidr }}"
|
||||||
register: routes
|
register: routes
|
||||||
changed_when: false
|
changed_when: false
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Add route to tailscale hosts via ingress
|
- name: Add route to tailscale hosts via ingress
|
||||||
command:
|
command:
|
||||||
@ -18,5 +17,4 @@
|
|||||||
- "{{ tailscale_cidr }}"
|
- "{{ tailscale_cidr }}"
|
||||||
- via
|
- via
|
||||||
- "{{ pve_hosts.ingress.ip }}"
|
- "{{ pve_hosts.ingress.ip }}"
|
||||||
become: true
|
|
||||||
when: tailscale_cidr not in routes.stdout
|
when: tailscale_cidr not in routes.stdout
|
||||||
|
|||||||
@ -2,10 +2,8 @@
|
|||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: restart qbittorrent
|
- name: restart qbittorrent
|
||||||
service:
|
service:
|
||||||
name: qbittorrent-nox@{{ qbittorrent_user.name }}
|
name: qbittorrent-nox@{{ qbittorrent_user.name }}
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
|
||||||
|
|||||||
@ -3,5 +3,4 @@
|
|||||||
src: files/nginx.conf
|
src: files/nginx.conf
|
||||||
dest: /etc/nginx/http.d/downloads.conf
|
dest: /etc/nginx/http.d/downloads.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|||||||
@ -1,20 +1,17 @@
|
|||||||
- name: Install qbittorrent
|
- name: Install qbittorrent
|
||||||
package:
|
package:
|
||||||
name: qbittorrent-nox
|
name: qbittorrent-nox
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create user
|
- name: Create user
|
||||||
user:
|
user:
|
||||||
name: qbittorrent
|
name: qbittorrent
|
||||||
system: true
|
system: true
|
||||||
become: true
|
|
||||||
register: qbittorrent_user
|
register: qbittorrent_user
|
||||||
|
|
||||||
- name: Enable service
|
- name: Enable service
|
||||||
service:
|
service:
|
||||||
name: qbittorrent-nox@{{ qbittorrent_user.name }}
|
name: qbittorrent-nox@{{ qbittorrent_user.name }}
|
||||||
enabled: true
|
enabled: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Set configuration
|
- name: Set configuration
|
||||||
ini_file:
|
ini_file:
|
||||||
@ -42,5 +39,4 @@
|
|||||||
- {section: Preferences, option: Bittorrent\MaxConnecsPerTorrent, value: -1"}
|
- {section: Preferences, option: Bittorrent\MaxConnecsPerTorrent, value: -1"}
|
||||||
- {section: Preferences, option: Bittorrent\MaxUploads, value: -1"}
|
- {section: Preferences, option: Bittorrent\MaxUploads, value: -1"}
|
||||||
- {section: Preferences, option: Bittorrent\MaxUploadsPerTorrent, value: -1"}
|
- {section: Preferences, option: Bittorrent\MaxUploadsPerTorrent, value: -1"}
|
||||||
become: true
|
|
||||||
notify: restart qbittorrent
|
notify: restart qbittorrent
|
||||||
|
|||||||
@ -9,6 +9,9 @@ services:
|
|||||||
- DOCKER_HOST=tcp://docker_proxy:2375
|
- DOCKER_HOST=tcp://docker_proxy:2375
|
||||||
- LOG_LEVEL=debug # Noisy, but required for debugging
|
- LOG_LEVEL=debug # Noisy, but required for debugging
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- renovate_private
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
- docker_proxy
|
- docker_proxy
|
||||||
@ -33,5 +36,13 @@ services:
|
|||||||
- IMAGES=1
|
- IMAGES=1
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
networks:
|
||||||
|
- renovate_private
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
logging:
|
logging:
|
||||||
driver: none
|
driver: none
|
||||||
|
|
||||||
|
networks:
|
||||||
|
renovate_private:
|
||||||
|
internal: true
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart renovate
|
notify: restart renovate
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config file
|
- name: Install config file
|
||||||
template:
|
template:
|
||||||
@ -26,7 +24,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart renovate
|
notify: restart renovate
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install custom entrypoint
|
- name: Install custom entrypoint
|
||||||
template:
|
template:
|
||||||
@ -35,4 +32,3 @@
|
|||||||
mode: "0755"
|
mode: "0755"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart renovate
|
notify: restart renovate
|
||||||
become: true
|
|
||||||
|
|||||||
@ -1,21 +1,18 @@
|
|||||||
- name: Install CIFS utils
|
- name: Install CIFS utils
|
||||||
package:
|
package:
|
||||||
name: cifs-utils
|
name: cifs-utils
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create dir for CIFS mount
|
- name: Create dir for CIFS mount
|
||||||
file:
|
file:
|
||||||
path: /mnt/home-assistant
|
path: /mnt/home-assistant
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create dir for each CIFS mount
|
- name: Create dir for each CIFS mount
|
||||||
file:
|
file:
|
||||||
path: /mnt/home-assistant/{{ item }}
|
path: /mnt/home-assistant/{{ item }}
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
loop: "{{ restic_homeassistant_mounts }}"
|
loop: "{{ restic_homeassistant_mounts }}"
|
||||||
|
|
||||||
- name: Create mounts
|
- name: Create mounts
|
||||||
@ -25,5 +22,4 @@
|
|||||||
opts: username=homeassistant,password={{ vault_homeassistant_smb_password }}
|
opts: username=homeassistant,password={{ vault_homeassistant_smb_password }}
|
||||||
src: //{{ pve_hosts.homeassistant.ip }}/{{ item }}
|
src: //{{ pve_hosts.homeassistant.ip }}/{{ item }}
|
||||||
state: mounted
|
state: mounted
|
||||||
become: true
|
|
||||||
loop: "{{ restic_homeassistant_mounts }}"
|
loop: "{{ restic_homeassistant_mounts }}"
|
||||||
|
|||||||
@ -1,19 +1,16 @@
|
|||||||
- name: Install restic
|
- name: Install restic
|
||||||
package:
|
package:
|
||||||
name: restic
|
name: restic
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install runitor
|
- name: Install runitor
|
||||||
kewlfft.aur.aur:
|
kewlfft.aur.aur:
|
||||||
name: runitor-bin
|
name: runitor-bin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Make user
|
- name: Make user
|
||||||
user:
|
user:
|
||||||
name: restic
|
name: restic
|
||||||
shell: /bin/nologin
|
shell: /bin/nologin
|
||||||
system: false
|
system: false
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install scripts
|
- name: Install scripts
|
||||||
template:
|
template:
|
||||||
@ -25,7 +22,6 @@
|
|||||||
- backrest.sh
|
- backrest.sh
|
||||||
- restic-backup.sh
|
- restic-backup.sh
|
||||||
- restic-forget.sh
|
- restic-forget.sh
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install includes files
|
- name: Install includes files
|
||||||
copy:
|
copy:
|
||||||
@ -33,7 +29,6 @@
|
|||||||
dest: /home/restic/restic-include.txt
|
dest: /home/restic/restic-include.txt
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: restic
|
owner: restic
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install excludes files
|
- name: Install excludes files
|
||||||
copy:
|
copy:
|
||||||
@ -41,7 +36,6 @@
|
|||||||
dest: /home/restic/restic-excludes.txt
|
dest: /home/restic/restic-excludes.txt
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: restic
|
owner: restic
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Set restic binary permissions
|
- name: Set restic binary permissions
|
||||||
file:
|
file:
|
||||||
@ -49,13 +43,11 @@
|
|||||||
mode: "0750"
|
mode: "0750"
|
||||||
owner: root
|
owner: root
|
||||||
group: restic
|
group: restic
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Set cap_sys_chroot=+ep on restic
|
- name: Set cap_sys_chroot=+ep on restic
|
||||||
community.general.capabilities:
|
community.general.capabilities:
|
||||||
path: /usr/bin/restic
|
path: /usr/bin/restic
|
||||||
capability: cap_dac_read_search=+ep
|
capability: cap_dac_read_search=+ep
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Schedule backup
|
- name: Schedule backup
|
||||||
cron:
|
cron:
|
||||||
@ -64,7 +56,6 @@
|
|||||||
minute: 0
|
minute: 0
|
||||||
job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh
|
job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh
|
||||||
user: restic
|
user: restic
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Schedule forget
|
- name: Schedule forget
|
||||||
cron:
|
cron:
|
||||||
@ -74,7 +65,6 @@
|
|||||||
weekday: 0
|
weekday: 0
|
||||||
job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh
|
job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh
|
||||||
user: restic
|
user: restic
|
||||||
become: true
|
|
||||||
when: restic_forget
|
when: restic_forget
|
||||||
|
|
||||||
- name: Install pacman post script
|
- name: Install pacman post script
|
||||||
@ -82,7 +72,6 @@
|
|||||||
src: files/restic-post.sh
|
src: files/restic-post.sh
|
||||||
dest: /usr/share/libalpm/scripts/restic-post.sh
|
dest: /usr/share/libalpm/scripts/restic-post.sh
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
- name: Install pacman post hook
|
- name: Install pacman post hook
|
||||||
@ -90,7 +79,6 @@
|
|||||||
src: files/restic-post.hook
|
src: files/restic-post.hook
|
||||||
dest: /usr/share/libalpm/hooks/restic-post.hook
|
dest: /usr/share/libalpm/hooks/restic-post.hook
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
|
|
||||||
- name: Install HomeAssistant mounts
|
- name: Install HomeAssistant mounts
|
||||||
|
|||||||
@ -4,12 +4,10 @@
|
|||||||
- name: Install rclone
|
- name: Install rclone
|
||||||
package:
|
package:
|
||||||
name: rclone
|
name: rclone
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install runitor
|
- name: Install runitor
|
||||||
kewlfft.aur.aur:
|
kewlfft.aur.aur:
|
||||||
name: runitor-bin
|
name: runitor-bin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Make user
|
- name: Make user
|
||||||
user:
|
user:
|
||||||
@ -17,7 +15,6 @@
|
|||||||
shell: /bin/nologin
|
shell: /bin/nologin
|
||||||
system: false
|
system: false
|
||||||
register: rclone_user
|
register: rclone_user
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create config directory
|
- name: Create config directory
|
||||||
file:
|
file:
|
||||||
@ -25,7 +22,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: rclone
|
owner: rclone
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install rclone config
|
- name: Install rclone config
|
||||||
template:
|
template:
|
||||||
@ -33,7 +29,6 @@
|
|||||||
dest: "{{ rclone_user.home }}/.config/rclone/rclone.conf"
|
dest: "{{ rclone_user.home }}/.config/rclone/rclone.conf"
|
||||||
owner: rclone
|
owner: rclone
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create config directory
|
- name: Create config directory
|
||||||
file:
|
file:
|
||||||
@ -41,7 +36,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: rclone
|
owner: rclone
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Schedule sync
|
- name: Schedule sync
|
||||||
cron:
|
cron:
|
||||||
@ -50,4 +44,3 @@
|
|||||||
minute: 0
|
minute: 0
|
||||||
job: CHECK_UUID={{ vault_healthchecks_id }} /usr/bin/runitor -- /usr/bin/rclone sync s3:0rng-terraform {{ rclone_user.home }}/sync/0rng-terraform
|
job: CHECK_UUID={{ vault_healthchecks_id }} /usr/bin/runitor -- /usr/bin/rclone sync s3:0rng-terraform {{ rclone_user.home }}/sync/0rng-terraform
|
||||||
user: rclone
|
user: rclone
|
||||||
become: true
|
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart slides
|
notify: restart slides
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create credentials
|
- name: Create credentials
|
||||||
htpasswd:
|
htpasswd:
|
||||||
@ -30,7 +28,6 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.user }}"
|
label: "{{ item.user }}"
|
||||||
notify: restart slides
|
notify: restart slides
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Install nginx config
|
||||||
template:
|
template:
|
||||||
@ -38,7 +35,6 @@
|
|||||||
dest: /etc/nginx/http.d/slides.conf
|
dest: /etc/nginx/http.d/slides.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
become: true
|
|
||||||
vars:
|
vars:
|
||||||
server_name: slides.jakehoward.tech
|
server_name: slides.jakehoward.tech
|
||||||
upstream: slides-slides-1.docker:80
|
upstream: slides-slides-1.docker:80
|
||||||
|
|||||||
@ -34,7 +34,7 @@ services:
|
|||||||
- /opt/recipes/staticfiles
|
- /opt/recipes/staticfiles
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/tandoor/:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/tandoor/:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,4 +16,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart tandoor
|
notify: restart tandoor
|
||||||
become: true
|
|
||||||
|
|||||||
@ -29,6 +29,8 @@ services:
|
|||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
networks:
|
networks:
|
||||||
- proxy_private
|
- proxy_private
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
logging:
|
logging:
|
||||||
driver: none
|
driver: none
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,6 @@
|
|||||||
docker_network:
|
docker_network:
|
||||||
name: traefik
|
name: traefik
|
||||||
internal: true
|
internal: true
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create install directory
|
- name: Create install directory
|
||||||
file:
|
file:
|
||||||
@ -13,7 +12,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create config directory
|
- name: Create config directory
|
||||||
file:
|
file:
|
||||||
@ -21,7 +19,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create file provider directory
|
- name: Create file provider directory
|
||||||
file:
|
file:
|
||||||
@ -29,7 +26,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -39,7 +35,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config
|
- name: Install config
|
||||||
template:
|
template:
|
||||||
@ -50,7 +45,6 @@
|
|||||||
lstrip_blocks: true
|
lstrip_blocks: true
|
||||||
trim_blocks: true
|
trim_blocks: true
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install file provider
|
- name: Install file provider
|
||||||
template:
|
template:
|
||||||
@ -59,7 +53,6 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install homeassistant provider
|
- name: Install homeassistant provider
|
||||||
template:
|
template:
|
||||||
@ -69,7 +62,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
when: traefik_provider_homeassistant
|
when: traefik_provider_homeassistant
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install jellyfin provider
|
- name: Install jellyfin provider
|
||||||
template:
|
template:
|
||||||
@ -79,7 +71,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
when: traefik_provider_jellyfin
|
when: traefik_provider_jellyfin
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install grafana provider
|
- name: Install grafana provider
|
||||||
template:
|
template:
|
||||||
@ -89,7 +80,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
when: traefik_provider_grafana
|
when: traefik_provider_grafana
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install uptime-kuma provider
|
- name: Install uptime-kuma provider
|
||||||
template:
|
template:
|
||||||
@ -99,4 +89,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart traefik
|
notify: restart traefik
|
||||||
when: traefik_provider_uptime_kuma
|
when: traefik_provider_uptime_kuma
|
||||||
become: true
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -14,4 +13,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart uptime-kuma
|
notify: restart uptime-kuma
|
||||||
become: true
|
|
||||||
|
|||||||
@ -35,7 +35,7 @@ services:
|
|||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/vaultwarden/:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/vaultwarden/:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -14,4 +13,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart vaultwarden
|
notify: restart vaultwarden
|
||||||
become: true
|
|
||||||
|
|||||||
@ -38,7 +38,7 @@ services:
|
|||||||
- traefik
|
- traefik
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/speed/dbs/postgres/vikunja/:/var/lib/postgresql/data
|
- /mnt/speed/dbs/postgres/vikunja/:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,4 +16,3 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart vikunja
|
notify: restart vikunja
|
||||||
become: true
|
|
||||||
|
|||||||
@ -28,7 +28,7 @@ services:
|
|||||||
- redis
|
- redis
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: postgres:14-alpine
|
image: postgres:17-alpine
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./postgres:/var/lib/postgresql/data
|
- ./postgres:/var/lib/postgresql/data
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -17,7 +16,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart website
|
notify: restart website
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Install nginx config
|
||||||
template:
|
template:
|
||||||
@ -25,7 +23,6 @@
|
|||||||
dest: /etc/nginx/http.d/website.conf
|
dest: /etc/nginx/http.d/website.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
become: true
|
|
||||||
vars:
|
vars:
|
||||||
server_name: theorangeone.net
|
server_name: theorangeone.net
|
||||||
upstream: website-website-1.docker:8000
|
upstream: website-website-1.docker:8000
|
||||||
|
|||||||
@ -4,7 +4,6 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
mode: "{{ docker_compose_directory_mask }}"
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install compose file
|
- name: Install compose file
|
||||||
template:
|
template:
|
||||||
@ -14,7 +13,6 @@
|
|||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
validate: docker-compose -f %s config
|
validate: docker-compose -f %s config
|
||||||
notify: restart yourls
|
notify: restart yourls
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install redirect file
|
- name: Install redirect file
|
||||||
template:
|
template:
|
||||||
@ -23,4 +21,3 @@
|
|||||||
mode: "{{ docker_compose_file_mask }}"
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
owner: "{{ docker_user.name }}"
|
owner: "{{ docker_user.name }}"
|
||||||
notify: restart yourls
|
notify: restart yourls
|
||||||
become: true
|
|
||||||
|
|||||||
@ -3,7 +3,6 @@
|
|||||||
src: files/zfs-modprobe.conf
|
src: files/zfs-modprobe.conf
|
||||||
dest: /etc/modprobe.d/zfs.conf
|
dest: /etc/modprobe.d/zfs.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: ZFS Scrub
|
- name: ZFS Scrub
|
||||||
cron:
|
cron:
|
||||||
@ -12,14 +11,12 @@
|
|||||||
minute: 0
|
minute: 0
|
||||||
weekday: 5
|
weekday: 5
|
||||||
job: zpool scrub {{ item }}
|
job: zpool scrub {{ item }}
|
||||||
become: true
|
|
||||||
loop: "{{ zpools_to_scrub }}"
|
loop: "{{ zpools_to_scrub }}"
|
||||||
|
|
||||||
- name: Give user passwordless access to ZFS commands
|
- name: Give user passwordless access to ZFS commands
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/sudoers
|
path: /etc/sudoers
|
||||||
line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Sanoid
|
- name: Sanoid
|
||||||
include_tasks: sanoid.yml
|
include_tasks: sanoid.yml
|
||||||
|
|||||||
@ -8,7 +8,6 @@
|
|||||||
- pv
|
- pv
|
||||||
- lzop
|
- lzop
|
||||||
when: ansible_os_family == 'Archlinux'
|
when: ansible_os_family == 'Archlinux'
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install dependencies for Debian-based distros
|
- name: Install dependencies for Debian-based distros
|
||||||
package:
|
package:
|
||||||
@ -20,28 +19,24 @@
|
|||||||
- lzop
|
- lzop
|
||||||
- mbuffer
|
- mbuffer
|
||||||
when: ansible_os_family == 'Debian'
|
when: ansible_os_family == 'Debian'
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Download
|
- name: Download
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/jimsalterjrs/sanoid.git
|
repo: https://github.com/jimsalterjrs/sanoid.git
|
||||||
dest: /opt/sanoid
|
dest: /opt/sanoid
|
||||||
version: v2.1.0
|
version: v2.1.0
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create config directory
|
- name: Create config directory
|
||||||
file:
|
file:
|
||||||
path: /etc/sanoid
|
path: /etc/sanoid
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install default config
|
- name: Install default config
|
||||||
file:
|
file:
|
||||||
src: /opt/sanoid/sanoid.defaults.conf
|
src: /opt/sanoid/sanoid.defaults.conf
|
||||||
dest: /etc/sanoid/sanoid.defaults.conf
|
dest: /etc/sanoid/sanoid.defaults.conf
|
||||||
state: link
|
state: link
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install executables
|
- name: Install executables
|
||||||
file:
|
file:
|
||||||
@ -53,14 +48,12 @@
|
|||||||
- syncoid
|
- syncoid
|
||||||
- findoid
|
- findoid
|
||||||
- sleepymutex
|
- sleepymutex
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config
|
- name: Install config
|
||||||
template:
|
template:
|
||||||
src: files/sanoid.conf
|
src: files/sanoid.conf
|
||||||
dest: /etc/sanoid/sanoid.conf
|
dest: /etc/sanoid/sanoid.conf
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install systemd services
|
- name: Install systemd services
|
||||||
file:
|
file:
|
||||||
@ -68,7 +61,6 @@
|
|||||||
dest: /lib/systemd/system/{{ item }}
|
dest: /lib/systemd/system/{{ item }}
|
||||||
state: link
|
state: link
|
||||||
loop: "{{ sanoid_services }}"
|
loop: "{{ sanoid_services }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Enable systemd services
|
- name: Enable systemd services
|
||||||
systemd:
|
systemd:
|
||||||
@ -76,10 +68,8 @@
|
|||||||
enabled: true
|
enabled: true
|
||||||
masked: false
|
masked: false
|
||||||
loop: "{{ sanoid_services }}"
|
loop: "{{ sanoid_services }}"
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Start sanoid timer
|
- name: Start sanoid timer
|
||||||
systemd:
|
systemd:
|
||||||
name: sanoid.timer
|
name: sanoid.timer
|
||||||
state: started
|
state: started
|
||||||
become: true
|
|
||||||
|
|||||||
8
justfile
8
justfile
@ -5,9 +5,13 @@ export PATH := justfile_directory() + "/env/bin:" + env_var("PATH")
|
|||||||
@default:
|
@default:
|
||||||
just --list
|
just --list
|
||||||
|
|
||||||
ansible-setup:
|
ansible-setup: ansible-install ansible-galaxy-install
|
||||||
|
|
||||||
|
ansible-install:
|
||||||
python -m venv env
|
python -m venv env
|
||||||
pip install -r ansible/dev-requirements.txt
|
pip install -r ansible/dev-requirements.txt
|
||||||
|
|
||||||
|
ansible-galaxy-install: ansible-install
|
||||||
cd ansible/ && ansible-galaxy install -r galaxy-requirements.yml --force
|
cd ansible/ && ansible-galaxy install -r galaxy-requirements.yml --force
|
||||||
|
|
||||||
@ansible-facts HOST:
|
@ansible-facts HOST:
|
||||||
@ -30,7 +34,7 @@ update-secrets:
|
|||||||
bw sync
|
bw sync
|
||||||
cd terraform/ && bw get attachment .env --itemid c4f8b44e-ae62-442d-a9e0-02d0621c2454
|
cd terraform/ && bw get attachment .env --itemid c4f8b44e-ae62-442d-a9e0-02d0621c2454
|
||||||
|
|
||||||
ansible-deploy *ARGS:
|
ansible-deploy *ARGS: ansible-galaxy-install
|
||||||
cd ansible/ && ansible-playbook main.yml --vault-password-file=vault-pass.sh -K --diff {{ ARGS }}
|
cd ansible/ && ansible-playbook main.yml --vault-password-file=vault-pass.sh -K --diff {{ ARGS }}
|
||||||
|
|
||||||
ansible-vault ACTION *ARGS:
|
ansible-vault ACTION *ARGS:
|
||||||
|
|||||||
@ -21,3 +21,14 @@ resource "gandi_livedns_record" "orngone_caa" {
|
|||||||
"0 issue \"letsencrypt.org\""
|
"0 issue \"letsencrypt.org\""
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "gandi_livedns_record" "orngone_who" {
|
||||||
|
zone = gandi_livedns_domain.orngone.id
|
||||||
|
name = "who"
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 3600
|
||||||
|
values = [
|
||||||
|
"${cloudflare_record.sys_domain_pve.hostname}."
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|||||||
@ -76,22 +76,13 @@ resource "linode_firewall" "casey" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
inbound {
|
inbound {
|
||||||
label = "allow-inbound-headscale"
|
label = "allow-inbound-tailscale"
|
||||||
action = "ACCEPT"
|
action = "ACCEPT"
|
||||||
protocol = "UDP"
|
protocol = "UDP"
|
||||||
ports = "41641"
|
ports = "41641"
|
||||||
ipv4 = ["0.0.0.0/0"]
|
ipv4 = ["0.0.0.0/0"]
|
||||||
ipv6 = ["::/0"]
|
ipv6 = ["::/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
inbound {
|
|
||||||
label = "allow-inbound-stun"
|
|
||||||
action = "ACCEPT"
|
|
||||||
protocol = "UDP"
|
|
||||||
ports = "3478"
|
|
||||||
ipv4 = ["0.0.0.0/0"]
|
|
||||||
ipv6 = ["::/0"]
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "linode_rdns" "casey_reverse_ipv4" {
|
resource "linode_rdns" "casey_reverse_ipv4" {
|
||||||
|
|||||||
@ -216,8 +216,8 @@ resource "cloudflare_record" "theorangeonenet_mastodon" {
|
|||||||
resource "cloudflare_record" "theorangeonenet_comentario" {
|
resource "cloudflare_record" "theorangeonenet_comentario" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "comentario"
|
name = "comentario"
|
||||||
value = cloudflare_record.sys_domain_walker.value
|
value = cloudflare_record.sys_domain_walker.hostname
|
||||||
type = "A"
|
type = "CNAME"
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user