mash-playbook/group_vars/mash_servers

1455 lines
76 KiB
Text
Raw Normal View History

2023-03-15 09:58:12 +01:00
---
2023-03-20 10:03:59 +01:00
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ mash_playbook_user_username }}"
aux_directory_default_group: "{{ mash_playbook_user_groupname }}"
aux_file_default_owner: "{{ mash_playbook_user_username }}"
aux_file_default_group: "{{ mash_playbook_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
2023-03-18 21:08:28 +01:00
########################################################################
# #
# system/security #
# #
########################################################################
system_security_ssh_enabled: false
system_security_fail2ban_enabled: false
########################################################################
# #
# /system/security #
# #
########################################################################
2023-03-18 12:24:46 +01:00
########################################################################
# #
# system/swap #
# #
########################################################################
system_swap_enabled: false
########################################################################
# #
2023-03-18 21:08:28 +01:00
# /system/swap #
2023-03-18 12:24:46 +01:00
# #
########################################################################
2023-03-15 09:58:12 +01:00
########################################################################
# #
# com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
devture_systemd_service_manager_services_list_auto: |
{{
2023-03-24 17:01:21 +01:00
([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else [])
+
2023-03-17 13:25:31 +01:00
([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else [])
+
2023-03-17 15:40:08 +01:00
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
+
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['mash', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
+
2023-03-16 17:26:06 +01:00
([{'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']}] if devture_woodpecker_ci_server_enabled else [])
+
([{'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']}] if devture_woodpecker_ci_agent_enabled else [])
+
2023-03-18 18:27:24 +01:00
([{'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']}] if docker_registry_enabled else [])
+
2023-03-19 09:04:10 +01:00
([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']}] if docker_registry_enabled else [])
2023-03-18 18:27:24 +01:00
+
2023-03-19 08:14:12 +01:00
([{'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']}] if docker_registry_browser_enabled else [])
+
2023-03-19 09:04:10 +01:00
([{'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']}] if docker_registry_purger_enabled else [])
+
([{'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']}] if firezone_enabled else [])
+
2023-03-20 07:40:15 +01:00
([{'name': (focalboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'focalboard']}] if focalboard_enabled else [])
+
2023-03-17 15:02:21 +01:00
([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else [])
2023-03-16 17:26:06 +01:00
+
2023-03-20 18:14:45 +01:00
([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else [])
+
2023-03-17 13:25:31 +01:00
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
2023-03-17 10:39:04 +01:00
+
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
+
2023-03-17 14:43:45 +01:00
([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else [])
+
2023-03-20 16:54:01 +01:00
([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else [])
+
2023-03-19 21:34:43 +01:00
([{'name': (prometheus_blackbox_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-blackbox-exporter']}] if prometheus_blackbox_exporter_enabled else [])
+
2023-03-18 18:27:24 +01:00
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']}] if radicale_enabled else [])
+
2023-03-17 22:27:52 +01:00
([{'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled else [])
+
2023-03-17 14:43:45 +01:00
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else [])
+
2023-03-23 10:32:59 +01:00
([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else [])
+
2023-03-17 13:25:31 +01:00
([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
+
([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else [])
2023-03-15 09:58:12 +01:00
}}
########################################################################
# #
# /com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.postgres #
# #
########################################################################
devture_postgres_enabled: false
2023-03-16 13:41:37 +01:00
devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres"
2023-03-15 09:58:12 +01:00
devture_postgres_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres"
2023-03-15 09:58:12 +01:00
devture_postgres_uid: "{{ mash_playbook_uid }}"
devture_postgres_gid: "{{ mash_playbook_gid }}"
devture_postgres_systemd_services_to_stop_for_maintenance_list: |
{{
([(miniflux_identifier + '.service')] if miniflux_enabled else [])
2023-03-17 22:27:52 +01:00
+
([(redmine_identifier + '.service')] if redmine_enabled else [])
2023-03-15 09:58:12 +01:00
}}
devture_postgres_managed_databases_auto: |
{{
2023-03-20 07:40:15 +01:00
([{
'name': focalboard_database_name,
'username': focalboard_database_username,
'password': focalboard_database_password,
}] if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else [])
+
2023-03-16 17:26:06 +01:00
([{
'name': gitea_config_database_name,
'username': gitea_config_database_username,
'password': gitea_config_database_password,
}] if gitea_enabled else [])
+
([{
'name': devture_woodpecker_ci_server_database_datasource_db_name,
'username': devture_woodpecker_ci_server_database_datasource_username,
'password': devture_woodpecker_ci_server_database_datasource_password,
}] if devture_woodpecker_ci_server_enabled else [])
+
2023-03-15 09:58:12 +01:00
([{
'name': miniflux_database_name,
'username': miniflux_database_username,
'password': miniflux_database_password,
}] if miniflux_enabled else [])
+
2023-03-17 22:27:52 +01:00
([{
'name': redmine_database_name,
'username': redmine_database_username,
'password': redmine_database_password,
}] if redmine_enabled else [])
+
2023-03-17 10:39:04 +01:00
([{
'name': nextcloud_database_name,
'username': nextcloud_database_username,
'password': nextcloud_database_password,
}] if nextcloud_enabled else [])
+
2023-03-17 14:43:45 +01:00
([{
'name': peertube_config_database_name,
'username': peertube_config_database_username,
'password': peertube_config_database_password,
}] if peertube_enabled else [])
+
2023-03-24 09:58:39 +01:00
([{
'name': firezone_database_name,
'username': firezone_database_user,
'password': firezone_database_password,
}] if firezone_enabled else [])
+
([{
'name': vaultwarden_database_name,
'username': vaultwarden_database_username,
'password': vaultwarden_database_password,
}] if vaultwarden_enabled else [])
2023-03-15 09:58:12 +01:00
}}
########################################################################
# #
# /com.devture.ansible.role.postgres #
# #
########################################################################
2023-03-17 15:40:08 +01:00
########################################################################
# #
# com.devture.ansible.role.postgres_backup #
# #
########################################################################
devture_postgres_backup_enabled: false
devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup"
devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup"
2023-03-17 15:40:08 +01:00
devture_postgres_backup_systemd_required_services_list: |
{{
(['docker.service'])
+
([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else [])
}}
devture_postgres_backup_container_network: "{{ devture_postgres_container_network }}"
devture_postgres_backup_uid: "{{ mash_playbook_uid }}"
devture_postgres_backup_gid: "{{ mash_playbook_gid }}"
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
########################################################################
# #
# /com.devture.ansible.role.postgres_backup #
# #
########################################################################
2023-03-15 09:58:12 +01:00
########################################################################
# #
# com.devture.ansible.role.playbook_state_preserver #
# #
########################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}"
devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml"
2023-03-15 09:58:12 +01:00
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml"
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /com.devture.ansible.role.playbook_state_preserver #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}"
2023-03-16 13:41:37 +01:00
devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy"
2023-03-15 09:58:12 +01:00
devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy"
2023-03-15 09:58:12 +01:00
devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}"
devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.traefik #
# #
########################################################################
devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
2023-03-16 13:41:37 +01:00
devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik"
2023-03-15 09:58:12 +01:00
devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik"
2023-03-15 09:58:12 +01:00
devture_traefik_uid: "{{ mash_playbook_uid }}"
devture_traefik_gid: "{{ mash_playbook_gid }}"
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
devture_traefik_container_additional_networks: |
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.traefik #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.docker_sdk_for_python #
# #
########################################################################
2023-03-25 09:02:03 +01:00
devture_docker_sdk_for_python_installation_enabled: false
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /com.devture.ansible.role.docker_sdk_for_python #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
devture_timesync_installation_enabled: false
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
2023-03-24 17:01:21 +01:00
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: false
adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home"
adguard_home_uid: "{{ mash_playbook_uid }}"
adguard_home_gid: "{{ mash_playbook_gid }}"
adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home"
2023-03-24 17:01:21 +01:00
adguard_home_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /adguard-home #
# #
########################################################################
2023-03-17 13:25:31 +01:00
########################################################################
# #
# collabora-online #
# #
########################################################################
collabora_online_enabled: false
collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online"
collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online"
2023-03-17 13:25:31 +01:00
collabora_online_uid: "{{ mash_playbook_uid }}"
collabora_online_gid: "{{ mash_playbook_gid }}"
collabora_online_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /collabora-online #
# #
########################################################################
2023-03-15 09:58:12 +01:00
2023-03-18 18:27:24 +01:00
########################################################################
# #
# docker-registry #
# #
########################################################################
docker_registry_enabled: false
docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry"
docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry"
2023-03-18 18:27:24 +01:00
docker_registry_uid: "{{ mash_playbook_uid }}"
docker_registry_gid: "{{ mash_playbook_gid }}"
docker_registry_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /docker-registry #
# #
########################################################################
2023-03-19 08:14:12 +01:00
########################################################################
# #
# docker-registry-browser #
# #
########################################################################
docker_registry_browser_enabled: false
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser"
2023-03-19 08:14:12 +01:00
docker_registry_browser_uid: "{{ mash_playbook_uid }}"
docker_registry_browser_gid: "{{ mash_playbook_gid }}"
docker_registry_browser_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /docker-registry-browser #
# #
########################################################################
2023-03-19 09:04:10 +01:00
########################################################################
# #
# docker-registry-purger #
# #
########################################################################
docker_registry_purger_enabled: false
docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger"
docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger"
2023-03-19 09:04:10 +01:00
docker_registry_purger_uid: "{{ mash_playbook_uid }}"
docker_registry_purger_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /docker-registry-purger #
# #
########################################################################
2023-03-20 07:40:15 +01:00
########################################################################
# #
# focalboard #
# #
########################################################################
focalboard_enabled: false
focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard"
focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard"
2023-03-20 07:40:15 +01:00
focalboard_uid: "{{ mash_playbook_uid }}"
focalboard_gid: "{{ mash_playbook_gid }}"
focalboard_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}"
focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}"
focalboard_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /focalboard #
# #
########################################################################
2023-03-16 17:26:06 +01:00
########################################################################
# #
# gitea #
# #
########################################################################
gitea_enabled: false
gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea"
gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea"
2023-03-16 17:26:06 +01:00
gitea_uid: "{{ mash_playbook_uid }}"
gitea_gid: "{{ mash_playbook_gid }}"
gitea_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else [])
}}
gitea_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else [])
}}
gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gitea_config_database_username: "gitea"
gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}"
########################################################################
# #
# /gitea #
# #
########################################################################
2023-03-20 18:14:45 +01:00
########################################################################
# #
# grafana #
# #
########################################################################
grafana_enabled: false
grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana"
grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana"
2023-03-20 18:14:45 +01:00
grafana_uid: "{{ mash_playbook_uid }}"
grafana_gid: "{{ mash_playbook_gid }}"
grafana_container_additional_networks: "{{ grafana_container_additional_networks_reverse_proxy + grafana_container_additional_networks_additional }}"
grafana_container_additional_networks_reverse_proxy: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
grafana_container_additional_networks_additional: []
grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /grafana #
# #
########################################################################
2023-03-15 09:58:12 +01:00
########################################################################
# #
2023-03-17 10:39:04 +01:00
# miniflux #
2023-03-15 09:58:12 +01:00
# #
########################################################################
miniflux_enabled: false
2023-03-16 13:41:37 +01:00
miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux"
2023-03-15 09:58:12 +01:00
miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux"
2023-03-15 09:58:12 +01:00
miniflux_uid: "{{ mash_playbook_uid }}"
miniflux_gid: "{{ mash_playbook_gid }}"
miniflux_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else [])
}}
2023-03-15 09:58:12 +01:00
miniflux_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else [])
2023-03-15 09:58:12 +01:00
}}
miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
2023-03-15 09:58:12 +01:00
miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}"
########################################################################
# #
2023-03-17 22:27:52 +01:00
# /miniflux #
2023-03-17 10:39:04 +01:00
# #
########################################################################
########################################################################
# #
# nextcloud #
# #
########################################################################
nextcloud_enabled: false
nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud"
nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud"
2023-03-17 10:39:04 +01:00
nextcloud_uid: "{{ mash_playbook_uid }}"
nextcloud_gid: "{{ mash_playbook_gid }}"
nextcloud_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
}}
nextcloud_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else [])
}}
nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
nextcloud_database_username: "nextcloud"
nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}"
########################################################################
# #
# /nextcloud #
2023-03-15 09:58:12 +01:00
# #
########################################################################
2023-03-17 14:43:45 +01:00
########################################################################
# #
# peertube #
# #
########################################################################
peertube_enabled: false
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube"
2023-03-17 14:43:45 +01:00
peertube_uid: "{{ mash_playbook_uid }}"
peertube_gid: "{{ mash_playbook_gid }}"
peertube_container_additional_networks: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
+
([redis_container_network] if peertube_config_redis_hostname == redis_identifier else [])
) | unique
}}
peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
peertube_config_database_username: peertube
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}"
peertube_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
+
([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else [])
}}
########################################################################
# #
# /peertube #
# #
########################################################################
2023-03-20 16:54:01 +01:00
########################################################################
# #
# prometheus #
# #
########################################################################
prometheus_enabled: false
prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus"
prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus"
2023-03-20 16:54:01 +01:00
prometheus_uid: "{{ mash_playbook_uid }}"
prometheus_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /prometheus #
# #
########################################################################
2023-03-19 21:34:43 +01:00
########################################################################
# #
# prometheus_blackbox_exporter #
# #
########################################################################
prometheus_blackbox_exporter_enabled: false
prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter"
2023-03-19 21:34:43 +01:00
prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_blackbox_exporter_basicauth_enabled: "{{ prometheus_blackbox_exporter_container_labels_traefik_enabled }}"
2023-03-19 21:34:43 +01:00
prometheus_blackbox_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.user', rounds=655555) | to_uuid }}"
prometheus_blackbox_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.password', rounds=655555) | to_uuid }}"
prometheus_blackbox_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}"
2023-03-19 21:34:43 +01:00
prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /prometheus_blackbox_exporter #
# #
########################################################################
2023-03-20 16:54:01 +01:00
2023-03-17 23:13:30 +01:00
########################################################################
# #
# prometheus_node_exporter #
# #
########################################################################
prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_node_exporter_basicauth_enabled: "{{ prometheus_node_exporter_container_labels_traefik_enabled }}"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}"
prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}"
prometheus_node_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_node_exporter_process_extra_arguments:
- "--collector.disable-defaults"
- "--collector.cpu"
- "--collector.filesystem"
- "--collector.meminfo"
- "--collector.systemd"
- "--collector.uname"
prometheus_node_exporter_container_extra_arguments:
- "--security-opt apparmor=unconfined"
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"
########################################################################
# #
# /prometheus_node_exporter #
# #
########################################################################
2023-03-17 14:43:45 +01:00
2023-03-15 09:58:12 +01:00
########################################################################
# #
2023-03-17 10:39:04 +01:00
# radicale #
2023-03-15 09:58:12 +01:00
# #
########################################################################
radicale_enabled: false
2023-03-16 13:41:37 +01:00
radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale"
2023-03-15 09:58:12 +01:00
radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale"
2023-03-15 09:58:12 +01:00
radicale_uid: "{{ mash_playbook_uid }}"
radicale_gid: "{{ mash_playbook_gid }}"
radicale_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
2023-03-15 09:58:12 +01:00
radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
2023-03-17 22:27:52 +01:00
# /radicale #
2023-03-17 14:43:45 +01:00
# #
########################################################################
2023-03-17 22:27:52 +01:00
########################################################################
# #
# redmine #
# #
########################################################################
redmine_enabled: false
redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine"
redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine"
2023-03-17 22:27:52 +01:00
redmine_uid: "{{ mash_playbook_uid }}"
redmine_gid: "{{ mash_playbook_gid }}"
redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}"
redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}"
redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}"
redmine_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else [])
}}
redmine_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else [])
}}
redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}"
redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
2023-03-19 08:39:44 +01:00
redmine_database_username: "redmine"
2023-03-17 22:27:52 +01:00
redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /redmine #
# #
########################################################################
2023-03-17 14:43:45 +01:00
########################################################################
# #
# redis #
# #
########################################################################
redis_enabled: false
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis"
2023-03-17 14:43:45 +01:00
redis_uid: "{{ mash_playbook_uid }}"
redis_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /redis #
2023-03-23 10:32:59 +01:00
# #
########################################################################
########################################################################
# #
# syncthing #
# #
########################################################################
syncthing_enabled: false
syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing"
syncthing_uid: "{{ mash_playbook_uid }}"
syncthing_gid: "{{ mash_playbook_gid }}"
syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing"
2023-03-23 10:32:59 +01:00
syncthing_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /syncthing #
2023-03-15 09:58:12 +01:00
# #
########################################################################
########################################################################
# #
# vaultwarden #
# #
########################################################################
2023-03-16 17:35:34 +01:00
vaultwarden_enabled: false
2023-03-16 13:41:37 +01:00
vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden"
vaultwarden_uid: "{{ mash_playbook_uid }}"
vaultwarden_gid: "{{ mash_playbook_gid }}"
vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden"
vaultwarden_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else [])
}}
vaultwarden_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else [])
}}
vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
vaultwarden_database_username: "vaultwarden"
vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}"
########################################################################
# #
# /vaultwarden #
# #
########################################################################
2023-03-15 09:58:12 +01:00
########################################################################
# #
# etke/uptime_kuma #
# #
########################################################################
uptime_kuma_enabled: false
2023-03-16 13:41:37 +01:00
uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma"
2023-03-15 09:58:12 +01:00
uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma"
2023-03-15 09:58:12 +01:00
uptime_kuma_uid: "{{ mash_playbook_uid }}"
uptime_kuma_gid: "{{ mash_playbook_gid }}"
uptime_kuma_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
2023-03-15 09:58:12 +01:00
uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /etke/uptime_kuma #
# #
########################################################################
2023-03-16 17:26:06 +01:00
########################################################################
# #
# woodpecker-ci-server #
# #
########################################################################
devture_woodpecker_ci_server_enabled: false
devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server"
devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server"
2023-03-16 17:26:06 +01:00
devture_woodpecker_ci_server_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else [])
}}
devture_woodpecker_ci_server_container_additional_networks: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else [])
) | unique
}}
devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
devture_woodpecker_ci_server_database_driver: postgres
devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable"
devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server
devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}"
devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server
########################################################################
# #
# /woodpecker-ci-server #
# #
########################################################################
########################################################################
# #
# woodpecker-ci-agent #
# #
########################################################################
devture_woodpecker_ci_agent_enabled: false
devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent"
devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent"
2023-03-16 17:26:06 +01:00
devture_woodpecker_ci_agent_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else [])
}}
devture_woodpecker_ci_agent_container_additional_networks: |
{{
(
([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else [])
) | unique
}}
devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}"
devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}"
########################################################################
# #
# /woodpecker-ci-agent #
# #
########################################################################
########################################################################
# #
# hubsite #
# #
########################################################################
hubsite_enabled: false
hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite"
hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite"
hubsite_uid: "{{ mash_playbook_uid }}"
hubsite_gid: "{{ mash_playbook_gid }}"
hubsite_systemd_required_services_list: |
{{
(['docker.service'])
}}
hubsite_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Services
##########
# Adguard home
hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}"
hubsite_service_adguard_home_name: Adguard Home
hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}"
hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png"
2023-03-25 15:10:31 +01:00
hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking"
hubsite_service_adguard_home_priority: 1000
# Docker Registry Browser
hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}"
hubsite_service_docker_registry_browser_name: Docker Registry Browser
hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}"
hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png"
hubsite_service_docker_registry_browser_description: "Browse docker images"
hubsite_service_docker_registry_browser_priority: 1000
# Focalboard
hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}"
hubsite_service_focalboard_name: Focalboard
hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}"
hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png"
2023-03-25 15:10:31 +01:00
hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana."
hubsite_service_focalboard_priority: 1000
# Gitea
hubsite_service_gitea_enabled: "{{ gitea_enabled }}"
hubsite_service_gitea_name: Gitea
2023-03-23 06:58:46 +01:00
hubsite_service_gitea_url: "https://{{ gitea_hostname }}{{ gitea_path_prefix }}"
hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png"
hubsite_service_gitea_description: "A git service"
hubsite_service_gitea_priority: 1000
# Grafana
hubsite_service_grafana_enabled: "{{ grafana_enabled }}"
hubsite_service_grafana_name: Grafana
hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}"
hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png"
hubsite_service_grafana_description: "Check how your server is doing"
hubsite_service_grafana_priority: 1000
# Miniflux
hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}"
hubsite_service_miniflux_name: Miniflux
2023-03-23 06:58:46 +01:00
hubsite_service_miniflux_url: "https://{{ miniflux_hostname }}{{ miniflux_path_prefix }}"
hubsite_service_miniflux_logo_location: "{{ role_path }}/assets/miniflux.png"
hubsite_service_miniflux_description: "An opinionated feed reader"
hubsite_service_miniflux_priority: 1000
# Nextcloud
hubsite_service_nextcloud_enabled: "{{ nextcloud_enabled }}"
hubsite_service_nextcloud_name: Nextcloud
2023-03-23 06:58:46 +01:00
hubsite_service_nextcloud_url: "https://{{ nextcloud_hostname }}{{ nextcloud_path_prefix }}"
hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png"
hubsite_service_nextcloud_description: "Sync your files & much more"
hubsite_service_nextcloud_priority: 1000
# Peertube
hubsite_service_peertube_enabled: "{{ peertube_enabled }}"
hubsite_service_peertube_name: Peertube
2023-03-23 06:58:46 +01:00
hubsite_service_peertube_url: "https://{{ peertube_hostname }}{{ peertube_path_prefix }}"
hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png"
hubsite_service_peertube_description: "Watch and upload videos"
hubsite_service_peertube_priority: 1000
# Radicale
hubsite_service_radicale_enabled: "{{ radicale_enabled }}"
hubsite_service_radicale_name: Radicale
hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}"
hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png"
2023-03-25 15:10:31 +01:00
hubsite_service_radicale_description: "Sync contacts and calendars"
hubsite_service_radicale_priority: 1000
# Syncthing
hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}"
hubsite_service_syncthing_name: Syncthing
hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}"
hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png"
2023-03-25 15:10:31 +01:00
hubsite_service_syncthing_description: "Sync your files"
hubsite_service_syncthing_priority: 1000
# Uptime Kuma
hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}"
hubsite_service_uptime_kuma_name: Uptime Kuma
2023-03-23 06:58:46 +01:00
hubsite_service_uptime_kuma_url: "https://{{ uptime_kuma_hostname }}{{ uptime_kuma_path_prefix }}"
hubsite_service_uptime_kuma_logo_location: "{{ role_path }}/assets/uptime-kuma.png"
2023-03-24 07:13:33 +01:00
hubsite_service_uptime_kuma_description: "Check the status of the services"
hubsite_service_uptime_kuma_priority: 1000
# Vaultwarden
2023-03-22 09:09:26 +01:00
# The vaultwarden service link is deactivated by default for security reasons, see: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#hiding-under-a-subdir
hubsite_service_vaultwarden_enabled: false
hubsite_service_vaultwarden_name: Vaultwarden
2023-03-23 06:58:46 +01:00
hubsite_service_vaultwarden_url: "https://{{ vaultwarden_hostname }}{{ vaultwarden_path_prefix }}"
hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.png"
hubsite_service_vaultwarden_description: "Securely access your passwords"
hubsite_service_vaultwarden_priority: 1000
# Woodpecker CI
hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}"
hubsite_service_woodpecker_ci_name: Woodpecker CI
2023-03-25 14:50:35 +01:00
hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}"
hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png"
2023-03-25 15:10:31 +01:00
hubsite_service_woodpecker_ci_description: "Check you CI"
hubsite_service_woodpecker_ci_priority: 1000
hubsite_service_list_auto: |
{{
([{'name': hubsite_service_adguard_home_name, 'url': hubsite_service_adguard_home_url, 'logo_location': hubsite_service_adguard_home_logo_location, 'description': hubsite_service_adguard_home_description, 'priority': hubsite_service_adguard_home_priority}] if hubsite_service_adguard_home_enabled else [])
+
([{'name': hubsite_service_focalboard_name, 'url': hubsite_service_focalboard_url, 'logo_location': hubsite_service_focalboard_logo_location, 'description': hubsite_service_focalboard_description, 'priority': hubsite_service_focalboard_priority}] if hubsite_service_focalboard_enabled else [])
+
([{'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority}] if hubsite_service_gitea_enabled else [])
+
([{'name': hubsite_service_grafana_name, 'url': hubsite_service_grafana_url, 'logo_location': hubsite_service_grafana_logo_location, 'description': hubsite_service_grafana_description, 'priority': hubsite_service_grafana_priority}] if hubsite_service_grafana_enabled else [])
+
([{'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority}] if hubsite_service_miniflux_enabled else [])
+
([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else [])
+
([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else [])
+
([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else [])
+
([{'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority}] if hubsite_service_uptime_kuma_enabled else [])
+
([{'name': hubsite_service_syncthing_name, 'url': hubsite_service_syncthing_url, 'logo_location': hubsite_service_syncthing_logo_location, 'description': hubsite_service_syncthing_description, 'priority': hubsite_service_syncthing_priority}] if hubsite_service_syncthing_enabled else [])
+
([{'name': hubsite_service_vaultwarden_name, 'url': hubsite_service_vaultwarden_url, 'logo_location': hubsite_service_vaultwarden_logo_location, 'description': hubsite_service_vaultwarden_description, 'priority': hubsite_service_vaultwarden_priority}] if hubsite_service_vaultwarden_enabled else [])
+
([{'name': hubsite_service_woodpecker_ci_name, 'url': hubsite_service_woodpecker_ci_url, 'logo_location': hubsite_service_woodpecker_ci_logo_location, 'description': hubsite_service_woodpecker_ci_description, 'priority': hubsite_service_woodpecker_ci_priority}] if hubsite_service_woodpecker_ci_enabled else [])
}}
########################################################################
# #
# /hubsite #
# #
########################################################################
2023-03-24 09:58:39 +01:00
########################################################################
# #
# firezone #
# #
########################################################################
firezone_enabled: false
firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone"
firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone"
2023-03-24 09:58:39 +01:00
firezone_uid: "{{ mash_playbook_uid }}"
firezone_gid: "{{ mash_playbook_gid }}"
firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
firezone_database_name: "{{ firezone_identifier }}"
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
firezone_database_user: "{{ firezone_identifier }}"
firezone_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier else [])
}}
firezone_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
}}
firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /firezone #
# #
########################################################################