mash-playbook/templates/group_vars_mash_servers

4911 lines
230 KiB
Text
Raw Normal View History

2023-03-15 09:58:12 +01:00
---
# role-specific:auxiliary
2023-03-20 10:03:59 +01:00
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ mash_playbook_user_username }}"
aux_directory_default_group: "{{ mash_playbook_user_groupname }}"
aux_file_default_owner: "{{ mash_playbook_user_username }}"
aux_file_default_group: "{{ mash_playbook_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
# /role-specific:auxiliary
2023-03-20 10:03:59 +01:00
# role-specific:authelia
2023-09-12 12:26:38 +02:00
########################################################################
# #
# authelia #
# #
########################################################################
authelia_enabled: false
authelia_identifier: "{{ mash_playbook_service_identifier_prefix }}authelia"
authelia_uid: "{{ mash_playbook_uid }}"
authelia_gid: "{{ mash_playbook_gid }}"
authelia_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authelia"
authelia_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else [])
}}
authelia_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier and authelia_container_network != devture_postgres_container_network else [])
}}
authelia_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
authelia_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
authelia_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
authelia_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
authelia_config_jwt_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jwt.authelia', rounds=655555) | to_uuid }}"
authelia_config_session_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'ses.authelia', rounds=655555) | to_uuid }}"
authelia_config_identity_providers_oidc_hmac_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'hm.authelia', rounds=655555) | to_uuid }}"
# role-specific:postgres
2023-09-12 12:26:38 +02:00
authelia_config_storage_postgres_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
# /role-specific:postgres
2023-09-12 12:26:38 +02:00
# role-specific:mariadb
2023-11-19 08:09:25 +01:00
# If Postgres and MariaDB are not enabled, we favor Postgres.
2023-09-12 12:26:38 +02:00
# We only enable MySQL if it's the only enabled component (that is, if Postgres is not enabled at the same time).
authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled | default(false) else '' }}"
2023-09-12 12:26:38 +02:00
authelia_config_storage_mysql_port: "{{ '3306' if mariadb_enabled else '' }}"
authelia_config_storage_mysql_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
# /role-specific:mariadb
2023-09-12 12:26:38 +02:00
########################################################################
# #
# /authelia #
# #
########################################################################
# /role-specific:authelia
2023-09-12 12:26:38 +02:00
2023-03-20 10:03:59 +01:00
# role-specific:ssh
2023-03-18 21:08:28 +01:00
########################################################################
# #
# ssh #
2023-03-18 21:08:28 +01:00
# #
########################################################################
system_security_ssh_enabled: false
########################################################################
# #
# /ssh #
2023-03-18 21:08:28 +01:00
# #
########################################################################
# /role-specific:ssh
2023-03-18 21:08:28 +01:00
# role-specific:fail2ban
########################################################################
# #
# fail2ban #
# #
########################################################################
2023-03-18 21:08:28 +01:00
system_security_fail2ban_enabled: false
2023-03-18 21:08:28 +01:00
2023-03-18 12:24:46 +01:00
########################################################################
# #
# /fail2ban #
2023-03-18 12:24:46 +01:00
# #
########################################################################
# /role-specific:fail2ban
2023-03-18 12:24:46 +01:00
# role-specific:swap
2023-03-18 12:24:46 +01:00
########################################################################
# #
# swap #
2023-03-18 12:24:46 +01:00
# #
########################################################################
system_swap_enabled: false
########################################################################
# #
# /swap #
# #
########################################################################
# /role-specific:swap
2023-03-18 12:24:46 +01:00
# role-specific:systemd_service_manager
2023-03-15 09:58:12 +01:00
########################################################################
# #
# systemd_service_manager #
2023-03-15 09:58:12 +01:00
# #
########################################################################
mash_playbook_devture_systemd_service_manager_services_list_auto_itemized:
# Dummy entry, which is not role-specific.
# Ensures there's at least one entry defined in the list.
- "{{ omit }}"
# role-specific:backup_borg
- |-
{{ ({'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['mash', 'backup', 'borg']} if backup_borg_enabled else omit) }}
# /role-specific:backup_borg
# role-specific:adguard_home
- |-
{{ ({'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']} if adguard_home_enabled else omit) }}
# /role-specific:adguard_home
2024-01-23 14:08:31 +01:00
# role-specific:apisix_dashboard
- |-
{{ ({'name': (apisix_dashboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-dashboard']} if apisix_dashboard_enabled else omit) }}
# /role-specific:apisix_dashboard
2024-01-23 13:57:19 +01:00
# role-specific:apisix_gateway
- |-
{{ ({'name': (apisix_gateway_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-gateway']} if apisix_gateway_enabled else omit) }}
# /role-specific:apisix_gateway
# role-specific:appsmith
- |-
{{ ({'name': (appsmith_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'appsmith']} if appsmith_enabled else omit) }}
# /role-specific:appsmith
# role-specific:authentik
- |-
{{ ({'name': (authentik_server_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']} if authentik_enabled else omit) }}
- |-
{{ ({'name': (authentik_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']} if authentik_enabled else omit) }}
# /role-specific:authentik
# role-specific:authelia
- |-
{{ ({'name': (authelia_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authelia']} if authelia_enabled else omit) }}
# /role-specific:authelia
# role-specific:changedetection
- |-
{{ ({'name': (changedetection_identifier + '.service'), 'priority': 2100, 'groups': ['mash', 'changedetection']} if changedetection_enabled else omit) }}
- |-
{{ ({'name': (changedetection_playwright_driver_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'changedetection']} if changedetection_playwright_driver_enabled else omit) }}
# /role-specific:changedetection
# role-specific:clickhouse
- |-
{{ ({'name': (clickhouse_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'clickhouse']} if clickhouse_enabled else omit) }}
# /role-specific:clickhouse
# role-specific:collabora_online
- |-
{{ ({'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']} if collabora_online_enabled else omit) }}
# /role-specific:collabora_online
# role-specific:postgres
- |-
{{ ({'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']} if devture_postgres_enabled else omit) }}
# /role-specific:postgres
# role-specific:postgres_backup
- |-
{{ ({'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']} if devture_postgres_backup_enabled else omit) }}
# /role-specific:postgres_backup
# role-specific:container_socket_proxy
- |-
{{ ({'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']} if devture_container_socket_proxy_enabled else omit) }}
# /role-specific:container_socket_proxy
# role-specific:traefik
- |-
{{ ({'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['mash', 'traefik', 'reverse-proxies']} if devture_traefik_enabled else omit) }}
# /role-specific:traefik
# role-specific:woodpecker_ci_server
- |-
{{ ({'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']} if devture_woodpecker_ci_server_enabled else omit) }}
# /role-specific:woodpecker_ci_server
# role-specific:woodpecker_ci_agent
- |-
{{ ({'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']} if devture_woodpecker_ci_agent_enabled else omit) }}
# /role-specific:woodpecker_ci_agent
# role-specific:docker_registry
- |-
{{ ({'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']} if docker_registry_enabled else omit) }}
- |-
{{ ({'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']} if docker_registry_enabled else omit) }}
# /role-specific:docker_registry
2024-03-06 23:03:16 +01:00
# role-specific:docker_registry_proxy
- |-
{{ ({'name': (docker_registry_proxy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-proxy']} if docker_registry_proxy_enabled else omit) }}
# /role-specific:docker_registry_proxy
# role-specific:docker_registry_browser
- |-
{{ ({'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']} if docker_registry_browser_enabled else omit) }}
# /role-specific:docker_registry_browser
# role-specific:docker_registry_purger
- |-
{{ ({'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']} if docker_registry_purger_enabled else omit) }}
# /role-specific:docker_registry_purger
# role-specific:echoip
- |-
{{ ({'name': (echoip_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'echoip']} if echoip_enabled else omit) }}
# /role-specific:echoip
2024-01-23 13:28:36 +01:00
# role-specific:etcd
- |-
{{ ({'name': (etcd_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'etcd']} if etcd_enabled else omit) }}
# /role-specific:etcd
2024-01-06 12:03:08 +01:00
# role-specific:exim_relay
- |-
{{ ({'name': (exim_relay_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'exim-relay']} if exim_relay_enabled else omit) }}
# /role-specific:exim_relay
# role-specific:firezone
- |-
{{ ({'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']} if firezone_enabled else omit) }}
# /role-specific:firezone
# role-specific:focalboard
- |-
{{ ({'name': (focalboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'focalboard']} if focalboard_enabled else omit) }}
# /role-specific:focalboard
# role-specific:freshrss
- |-
{{ ({'name': (freshrss_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'freshrss']} if freshrss_enabled else omit) }}
# /role-specific:freshrss
# role-specific:funkwhale
- |-
{{ ({'name': (funkwhale_api_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }}
- |-
{{ ({'name': (funkwhale_frontend_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }}
- |-
{{ ({'name': (funkwhale_celery_beat_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }}
- |-
{{ ({'name': (funkwhale_celery_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }}
# /role-specific:funkwhale
# role-specific:gitea
- |-
{{ ({'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']} if gitea_enabled else omit) }}
# /role-specific:gitea
# role-specific:gotosocial
- |-
{{ ({'name': (gotosocial_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gotosocial']} if gotosocial_enabled else omit) }}
# /role-specific:gotosocial
# role-specific:grafana
- |-
{{ ({'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']} if grafana_enabled else omit) }}
# /role-specific:grafana
# role-specific:hubsite
- |-
{{ ({'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']} if hubsite_enabled else omit) }}
# /role-specific:hubsite
# role-specific:healthchecks
- |-
{{ ({'name': (healthchecks_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'healthchecks']} if healthchecks_enabled else omit) }}
# /role-specific:healthchecks
# role-specific:ilmo
- |-
{{ ({'name': (ilmo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'ilmo']} if ilmo_enabled else omit) }}
# /role-specific:ilmo
# role-specific:infisical
- |-
{{ ({'name': (infisical_identifier + '-backend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-backend']} if infisical_enabled else omit) }}
- |-
{{ ({'name': (infisical_identifier + '-frontend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-frontend']} if infisical_enabled else omit) }}
# /role-specific:infisical
# role-specific:influxdb
- |-
{{ ({'name': (influxdb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'influxdb']} if influxdb_enabled else omit) }}
# /role-specific:influxdb
# role-specific:jitsi
- |-
{{ ({'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['mash', 'jitsi', 'jitsi-web']} if jitsi_enabled else omit) }}
- |-
{{ ({'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['mash', 'jitsi', 'jitsi-prosody']} if jitsi_enabled else omit) }}
- |-
{{ ({'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jicofo']} if jitsi_enabled else omit) }}
- |-
{{ ({'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jvb']} if jitsi_enabled else omit) }}
# /role-specific:jitsi
# role-specific:keycloak
- |-
{{ ({'name': (keycloak_identifier + '.service'), 'priority': 1000, 'groups': ['mash', 'keycloak']} if keycloak_enabled else omit) }}
# /role-specific:keycloak
# role-specific:lago
- |-
{{ ({'name': (lago_identifier + '-api.service'), 'priority': 2000, 'groups': ['mash', 'lago', 'lago-api']} if lago_enabled else omit) }}
- |-
{{ ({'name': (lago_identifier + '-api-worker.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-worker']} if lago_enabled else omit) }}
- |-
{{ ({'name': (lago_identifier + '-api-clock.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-clock']} if lago_enabled else omit) }}
- |-
{{ ({'name': (lago_identifier + '-front.service'), 'priority': 2200, 'groups': ['mash', 'lago', 'lago-front']} if lago_enabled else omit) }}
- |-
{{ ({'name': (lago_identifier + '-pdf.service'), 'priority': 1900, 'groups': ['mash', 'lago', 'lago-pdf']} if lago_enabled else omit) }}
# /role-specific:lago
# role-specific:languagetool
- |-
{{ ({'name': (languagetool_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'languagetool']} if languagetool_enabled else omit) }}
# /role-specific:languagetool
# role-specific:loki
- |-
{{ ({'name': (loki_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'loki']} if loki_enabled else omit) }}
# /role-specific:loki
# role-specific:linkding
- |-
{{ ({'name': (linkding_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'linkding']} if linkding_enabled else omit) }}
# /role-specific:linkding
# role-specific:miniflux
- |-
{{ ({'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']} if miniflux_enabled else omit) }}
# /role-specific:miniflux
# role-specific:mobilizon
- |-
{{ ({'name': (mobilizon_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mobilizon']} if mobilizon_enabled else omit) }}
# /role-specific:mobilizon
# role-specific:mongodb
- |-
{{ ({'name': (mongodb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mongodb']} if mongodb_enabled else omit) }}
# /role-specific:mongodb
# role-specific:mosquitto
- |-
{{ ({'name': (mosquitto_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mosquitto']} if mosquitto_enabled else omit) }}
# /role-specific:mosquitto
# role-specific:mrs
- |-
{{ ({'name': (mrs_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mrs']} if mrs_enabled else omit) }}
# /role-specific:mrs
# role-specific:n8n
- |-
{{ ({'name': (n8n_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'n8n']} if n8n_enabled else omit) }}
# /role-specific:n8n
# role-specific:navidrome
- |-
{{ ({'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']} if navidrome_enabled else omit) }}
# /role-specific:navidrome
# role-specific:netbox
- |-
{{ ({'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']} if netbox_enabled else omit) }}
- |-
{{ ({'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']} if netbox_enabled else omit) }}
- |-
{{ ({'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']} if netbox_enabled else omit) }}
# /role-specific:netbox
# role-specific:nextcloud
- |-
{{ ({'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']} if nextcloud_enabled else omit) }}
- |-
{{ ({'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']} if nextcloud_enabled else omit) }}
# /role-specific:nextcloud
# role-specific:mariadb
- |-
{{ ({'name': (mariadb_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'mariadb']} if mariadb_enabled else omit) }}
# /role-specific:mariadb
# role-specific:outline
- |-
{{ ({'name': (outline_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'outline']} if outline_enabled else omit) }}
# /role-specific:outline
# role-specific:owncast
- |-
{{ ({'name': (owncast_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'owncast']} if owncast_enabled else omit) }}
# /role-specific:owncast
# role-specific:oxitraffic
- |-
{{ ({'name': (oxitraffic_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'oxitraffic']} if oxitraffic_enabled else omit) }}
# /role-specific:oxitraffic
# role-specific:peertube
- |-
{{ ({'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']} if peertube_enabled else omit) }}
# /role-specific:peertube
# role-specific:postgis
- |-
{{ ({'name': (postgis_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'postgis']} if postgis_enabled else omit) }}
# /role-specific:postgis
# role-specific:prometheus
- |-
{{ ({'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']} if prometheus_enabled else omit) }}
# /role-specific:prometheus
# role-specific:prometheus_blackbox_exporter
- |-
{{ ({'name': (prometheus_blackbox_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-blackbox-exporter']} if prometheus_blackbox_exporter_enabled else omit) }}
# /role-specific:prometheus_blackbox_exporter
# role-specific:prometheus_ssh_exporter
- |-
{{ ({'name': (prometheus_ssh_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-ssh-exporter']} if prometheus_ssh_exporter_enabled else omit) }}
# /role-specific:prometheus_ssh_exporter
# role-specific:prometheus_node_exporter
- |-
{{ ({'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']} if prometheus_node_exporter_enabled else omit) }}
# /role-specific:prometheus_node_exporter
# role-specific:prometheus_postgres_exporter
- |-
{{ ({'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-postgres-exporter']} if prometheus_postgres_exporter_enabled else omit) }}
# /role-specific:prometheus_postgres_exporter
# role-specific:promtail
- |-
{{ ({'name': (promtail_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'logs', 'promtail']} if promtail_enabled else omit) }}
# /role-specific:promtail
# role-specific:radicale
- |-
{{ ({'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']} if radicale_enabled else omit) }}
# /role-specific:radicale
# role-specific:redmine
- |-
{{ ({'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled else omit) }}
- |-
{{ ({'name': (redmine_identifier + '-send-reminders.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled else omit) }}
- |-
{{ ({'name': (redmine_identifier + '-recurring-tasks.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled and redmine_recurring_tasks_enabled else omit) }}
# /role-specific:redmine
# role-specific:redis
- |-
{{ ({'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']} if redis_enabled else omit) }}
# /role-specific:redis
# role-specific:roundcube
- |-
{{ ({'name': (roundcube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'roundcube']} if roundcube_enabled else omit) }}
# /role-specific:roundcube
# role-specific:rumqttd
- |-
{{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }}
# /role-specific:rumqttd
# role-specific:semaphore
- |-
2023-12-06 16:25:48 +01:00
{{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'semaphore']} if semaphore_enabled else omit) }}
# /role-specific:semaphore
# role-specific:soft_serve
- |-
{{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }}
# /role-specific:soft_serve
# role-specific:syncthing
- |-
{{ ({'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']} if syncthing_enabled else omit) }}
# /role-specific:syncthing
# role-specific:tandoor
- |-
{{ ({'name': (tandoor_api_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'tandoor']} if tandoor_enabled else omit) }}
- |-
{{ ({'name': (tandoor_frontend_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'tandoor']} if tandoor_enabled else omit) }}
# /role-specific:tandoor
# role-specific:telegraf
- |-
{{ ({'name': (telegraf_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'telegraf']} if telegraf_enabled else omit) }}
# /role-specific:telegraf
# role-specific:vaultwarden
- |-
{{ ({'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']} if vaultwarden_enabled else omit) }}
# /role-specific:vaultwarden
# role-specific:uptime_kuma
- |-
{{ ({'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']} if uptime_kuma_enabled else omit) }}
# /role-specific:uptime_kuma
# role-specific:wg_easy
- |-
{{ ({'name': (wg_easy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'wg-easy']} if wg_easy_enabled else omit) }}
# /role-specific:wg_easy
# role-specific:forgejo
- |-
{{ ({'name': (forgejo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'forgejo', 'forgejo-server']} if forgejo_enabled else omit) }}
# /role-specific:forgejo
devture_systemd_service_manager_services_list_auto: "{{ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized | reject('equalto', omit) }}"
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /systemd_service_manager #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:systemd_service_manager
2023-03-15 09:58:12 +01:00
# role-specific:postgres
2023-03-15 09:58:12 +01:00
########################################################################
# #
# postgres #
2023-03-15 09:58:12 +01:00
# #
########################################################################
devture_postgres_enabled: false
2023-03-16 13:41:37 +01:00
devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres"
2023-03-15 09:58:12 +01:00
devture_postgres_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres"
2023-03-15 09:58:12 +01:00
devture_postgres_uid: "{{ mash_playbook_uid }}"
devture_postgres_gid: "{{ mash_playbook_gid }}"
# This includes everything for maximum safety.
# It may not be optimal though, because some services may not be dependant on Postgres at all, etc.
devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}"
2023-03-15 09:58:12 +01:00
mash_playbook_devture_postgres_managed_databases_auto_itemized:
# Dummy entry, which is not role-specific.
# Ensures there's at least one entry defined in the list.
- "{{ omit }}"
# role-specific:authelia
- |-
{{
({
'name': authelia_config_storage_postgres_database,
'username': authelia_config_storage_postgres_username,
'password': authelia_config_storage_postgres_password,
} if authelia_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else omit)
}}
# /role-specific:authelia
# role-specific:authentik
- |-
{{
({
'name': authentik_database_name,
'username': authentik_database_username,
'password': authentik_database_password,
} if authentik_enabled and authentik_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:authentik
# role-specific:focalboard
- |-
{{
({
'name': focalboard_database_name,
'username': focalboard_database_username,
'password': focalboard_database_password,
} if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:focalboard
# role-specific:freshrss
- |-
{{
({
'name': freshrss_database_name,
'username': freshrss_database_username,
'password': freshrss_database_password,
} if freshrss_enabled and freshrss_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:freshrss
# role-specific:funkwhale
- |-
{{
({
'name': funkwhale_database_name,
'username': funkwhale_database_username,
'password': funkwhale_database_password,
} if funkwhale_enabled and funkwhale_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:funkwhale
# role-specific:gitea
- |-
{{
({
'name': gitea_config_database_name,
'username': gitea_config_database_username,
'password': gitea_config_database_password,
} if gitea_enabled else omit)
}}
# /role-specific:gitea
# role-specific:healthchecks
- |-
{{
({
'name': healthchecks_database_name,
'username': healthchecks_database_username,
'password': healthchecks_database_password,
} if healthchecks_enabled and healthchecks_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:healthchecks
# role-specific:woodpecker_ci_server
- |-
{{
({
'name': devture_woodpecker_ci_server_database_datasource_db_name,
'username': devture_woodpecker_ci_server_database_datasource_username,
'password': devture_woodpecker_ci_server_database_datasource_password,
} if devture_woodpecker_ci_server_enabled else omit)
}}
# /role-specific:woodpecker_ci_server
# role-specific:gotosocial
- |-
{{
({
'name': gotosocial_database_name,
'username': gotosocial_database_username,
'password': gotosocial_database_password,
} if gotosocial_enabled else omit)
}}
# /role-specific:gotosocial
# role-specific:ilmo
- |-
{{
({
'name': ilmo_database_name,
'username': ilmo_database_username,
'password': ilmo_database_password,
} if ilmo_enabled else omit)
}}
# /role-specific:ilmo
# role-specific:keycloak
- |-
{{
({
'name': keycloak_database_name,
'username': keycloak_database_username,
'password': keycloak_database_password,
} if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:keycloak
# role-specific:lago
- |-
{{
({
'name': lago_database_name,
'username': lago_database_username,
'password': lago_database_password,
} if lago_enabled and lago_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:lago
# role-specific:linkding
- |-
{{
({
'name': linkding_database_name,
'username': linkding_database_username,
'password': linkding_database_password,
} if linkding_enabled and linkding_database_engine == 'postgres' else omit)
}}
# /role-specific:linkding
# role-specific:miniflux
- |-
{{
({
'name': miniflux_database_name,
'username': miniflux_database_username,
'password': miniflux_database_password,
} if miniflux_enabled else omit)
}}
# /role-specific:miniflux
# role-specific:redmine
- |-
{{
({
'name': redmine_database_name,
'username': redmine_database_username,
'password': redmine_database_password,
} if redmine_enabled else omit)
}}
# /role-specific:redmine
# role-specific:n8n
- |-
{{
({
'name': n8n_database_name,
'username': n8n_database_username,
'password': n8n_database_password,
} if n8n_enabled else omit)
}}
# /role-specific:n8n
# role-specific:netbox
- |-
{{
({
'name': netbox_database_name,
'username': netbox_database_username,
'password': netbox_database_password,
} if netbox_enabled else omit)
}}
# /role-specific:netbox
# role-specific:nextcloud
- |-
{{
({
'name': nextcloud_database_name,
'username': nextcloud_database_username,
'password': nextcloud_database_password,
} if nextcloud_enabled else omit)
}}
# /role-specific:nextcloud
# role-specific:outline
- |-
{{
({
'name': outline_database_name,
'username': outline_database_username,
'password': outline_database_password,
} if outline_enabled and outline_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:outline
# role-specific:oxitraffic
- |-
{{
({
'name': oxitraffic_database_name,
'username': oxitraffic_database_username,
'password': oxitraffic_database_password,
} if oxitraffic_enabled and oxitraffic_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:oxitraffic
# role-specific:peertube
- |-
{{
({
'name': peertube_config_database_name,
'username': peertube_config_database_username,
'password': peertube_config_database_password,
} if peertube_enabled else omit)
}}
# /role-specific:peertube
# role-specific:prometheus_postgres_exporter
- |-
{{
({
'name': prometheus_postgres_exporter_database_name,
'username': prometheus_postgres_exporter_database_username,
'password': prometheus_postgres_exporter_database_password,
} if prometheus_postgres_exporter_enabled else omit)
}}
# /role-specific:prometheus_postgres_exporter
# role-specific:firezone
- |-
{{
({
'name': firezone_database_name,
2023-12-19 17:03:12 +01:00
'username': firezone_database_username,
'password': firezone_database_password,
} if firezone_enabled else omit)
}}
# /role-specific:firezone
# role-specific:vaultwarden
- |-
{{
({
'name': vaultwarden_database_name,
'username': vaultwarden_database_username,
'password': vaultwarden_database_password,
} if vaultwarden_enabled else omit)
}}
# /role-specific:vaultwarden
# role-specific:forgejo
- |-
{{
({
'name': forgejo_config_database_name,
'username': forgejo_config_database_username,
'password': forgejo_config_database_password,
} if forgejo_enabled else omit)
}}
# /role-specific:forgejo
# role-specific:roundcube
- |-
{{
({
'name': roundcube_database_name,
'username': roundcube_database_username,
'password': roundcube_database_password,
} if roundcube_enabled and roundcube_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:roundcube
# role-specific:semaphore
- |-
{{
({
'name': semaphore_database_name,
'username': semaphore_database_username,
'password': semaphore_database_password,
2023-12-06 16:31:24 +01:00
} if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit)
}}
# /role-specific:semaphore
# role-specific:tandoor
- |-
{{
({
'name': tandoor_database_name,
'username': tandoor_database_username,
'password': tandoor_database_password,
} if tandoor_enabled and tandoor_database_hostname == devture_postgres_identifier else omit)
}}
# /role-specific:tandoor
devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}"
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /postgres #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:postgres
2023-03-15 09:58:12 +01:00
# role-specific:postgres_backup
2023-03-17 15:40:08 +01:00
########################################################################
# #
# postgres_backup #
2023-03-17 15:40:08 +01:00
# #
########################################################################
devture_postgres_backup_enabled: false
devture_postgres_backup_postgres_role_include_name: galaxy/postgres
2023-03-17 15:40:08 +01:00
devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup"
devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup"
2023-03-17 15:40:08 +01:00
devture_postgres_backup_uid: "{{ mash_playbook_uid }}"
devture_postgres_backup_gid: "{{ mash_playbook_gid }}"
# role-specific:postgres
devture_postgres_backup_systemd_required_services_list_auto: |
{{
([(devture_postgres_identifier + '.service')] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else [])
}}
devture_postgres_backup_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else devture_postgres_backup_identifier) }}"
devture_postgres_backup_container_additional_networks_auto: |-
{{
([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname and devture_postgres_backup_container_network != devture_postgres_container_network) else [])
}}
2023-03-17 15:40:08 +01:00
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
# /role-specific:postgres
2023-03-17 15:40:08 +01:00
########################################################################
# #
# /postgres_backup #
2023-03-17 15:40:08 +01:00
# #
########################################################################
# /role-specific:postgres_backup
2023-03-17 15:40:08 +01:00
# role-specific:playbook_state_preserver
2023-03-15 09:58:12 +01:00
########################################################################
# #
# playbook_state_preserver #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}"
devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml"
2023-03-15 09:58:12 +01:00
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml"
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /playbook_state_preserver #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:playbook_state_preserver
2023-03-15 09:58:12 +01:00
########################################################################
# #
# geerlingguy/ansible-role-docker #
# #
########################################################################
docker_daemon_options: |
{{
{
'experimental': devture_systemd_docker_base_ipv6_enabled,
'ip6tables': devture_systemd_docker_base_ipv6_enabled,
}
}}
########################################################################
# #
# /geerlingguy/ansible-role-docker #
# #
########################################################################
# role-specific:container_socket_proxy
2023-03-15 09:58:12 +01:00
########################################################################
# #
# container_socket_proxy #
2023-03-15 09:58:12 +01:00
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}"
2023-03-16 13:41:37 +01:00
devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy"
2023-03-15 09:58:12 +01:00
devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy"
2023-03-15 09:58:12 +01:00
devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}"
devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /container_socket_proxy #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:container_socket_proxy
2023-03-15 09:58:12 +01:00
# role-specific:traefik
2023-03-15 09:58:12 +01:00
########################################################################
# #
# traefik #
2023-03-15 09:58:12 +01:00
# #
########################################################################
devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
2023-03-16 13:41:37 +01:00
devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik"
2023-03-15 09:58:12 +01:00
devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik"
2023-03-15 09:58:12 +01:00
devture_traefik_uid: "{{ mash_playbook_uid }}"
devture_traefik_gid: "{{ mash_playbook_gid }}"
# role-specific:container_socket_proxy
2023-03-15 09:58:12 +01:00
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
# /role-specific:container_socket_proxy
2023-03-15 09:58:12 +01:00
devture_traefik_container_additional_networks_auto: |
2023-03-15 09:58:12 +01:00
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled | default(false) else [])
2023-03-15 09:58:12 +01:00
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled | default(false) else [])
2023-03-15 09:58:12 +01:00
}}
########################################################################
# #
# /traefik #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:traefik
2023-03-15 09:58:12 +01:00
# role-specific:docker_sdk_for_python
2023-03-15 09:58:12 +01:00
########################################################################
# #
# docker_sdk_for_python #
2023-03-15 09:58:12 +01:00
# #
########################################################################
2023-03-25 09:02:03 +01:00
devture_docker_sdk_for_python_installation_enabled: false
2023-03-15 09:58:12 +01:00
########################################################################
# #
# /docker_sdk_for_python #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:docker_sdk_for_python
2023-03-15 09:58:12 +01:00
# role-specific:timesync
2023-03-15 09:58:12 +01:00
########################################################################
# #
# timesync #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
devture_timesync_installation_enabled: false
########################################################################
# #
# /timesync #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:timesync
2023-03-15 09:58:12 +01:00
2023-03-24 17:01:21 +01:00
# role-specific:adguard_home
2023-03-24 17:01:21 +01:00
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: false
adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home"
adguard_home_uid: "{{ mash_playbook_uid }}"
adguard_home_gid: "{{ mash_playbook_gid }}"
adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home"
2023-03-24 17:01:21 +01:00
adguard_home_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-03-24 17:01:21 +01:00
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-03-24 17:01:21 +01:00
########################################################################
# #
# /adguard-home #
# #
########################################################################
# /role-specific:adguard_home
2023-03-24 17:01:21 +01:00
2024-01-23 14:08:31 +01:00
# role-specific:apisix_dashboard
########################################################################
# #
# apisix_dashboard #
# #
########################################################################
apisix_dashboard_enabled: false
apisix_dashboard_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-dashboard"
apisix_dashboard_uid: "{{ mash_playbook_uid }}"
apisix_dashboard_gid: "{{ mash_playbook_gid }}"
apisix_dashboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-dashboard"
apisix_dashboard_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_dashboard_container_labels_traefik_enabled) else [])
}}
apisix_dashboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
apisix_dashboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
apisix_dashboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# role-specific:etcd
apisix_dashboard_config_conf_etcd_endpoints: |
{{
([(etcd_identifier + ':2379')] if etcd_enabled else [])
}}
apisix_dashboard_config_conf_etcd_username: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_dashboard_config_conf_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_dashboard_container_additional_networks_custom: |
{{
([etcd_container_network] if etcd_enabled else [])
}}
apisix_dashboard_systemd_required_systemd_services_list_auto: |
{{
([(etcd_identifier + '.service')] if etcd_enabled else [])
}}
# /role-specific:etcd
########################################################################
# #
# /apisix_dashboard #
# #
########################################################################
# /role-specific:apisix_dashboard
2024-01-23 13:57:19 +01:00
# role-specific:apisix_gateway
########################################################################
# #
# apisix_gateway #
# #
########################################################################
apisix_gateway_enabled: false
apisix_gateway_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-gateway"
apisix_gateway_uid: "{{ mash_playbook_uid }}"
apisix_gateway_gid: "{{ mash_playbook_gid }}"
apisix_gateway_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-gateway"
apisix_gateway_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_gateway_container_labels_traefik_enabled) else [])
}}
apisix_gateway_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
apisix_gateway_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
apisix_gateway_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}"
apisix_gateway_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
apisix_gateway_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ apisix_gateway_identifier }}"
apisix_gateway_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
apisix_gateway_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
2024-01-23 13:57:19 +01:00
# role-specific:etcd
apisix_gateway_config_deployment_etcd_host: |
{{
([('http://' + etcd_identifier + ':2379')] if etcd_enabled else [])
}}
apisix_gateway_config_deployment_etcd_user: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_gateway_config_deployment_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}"
apisix_gateway_container_additional_networks_custom: |
{{
([etcd_container_network] if etcd_enabled else [])
}}
apisix_gateway_systemd_required_systemd_services_list_auto: |
{{
([(etcd_identifier + '.service')] if etcd_enabled else [])
}}
# /role-specific:etcd
########################################################################
# #
# /apisix_gateway #
# #
########################################################################
# /role-specific:apisix_gateway
# role-specific:appsmith
2023-04-22 13:30:57 +02:00
########################################################################
2023-04-17 08:42:47 +02:00
# #
# appsmith #
# #
########################################################################
appsmith_enabled: false
appsmith_identifier: "{{ mash_playbook_service_identifier_prefix }}appsmith"
appsmith_uid: "{{ mash_playbook_uid }}"
appsmith_gid: "{{ mash_playbook_gid }}"
appsmith_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}appsmith"
appsmith_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-04-17 08:42:47 +02:00
appsmith_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
appsmith_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
appsmith_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
appsmith_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-04-17 08:42:47 +02:00
########################################################################
# #
# /appsmith #
# #
########################################################################
# /role-specific:appsmith
# role-specific:authentik
2023-04-19 12:29:15 +02:00
########################################################################
# #
# authentik #
# #
########################################################################
authentik_enabled: false
authentik_identifier: "{{ mash_playbook_service_identifier_prefix }}authentik"
authentik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authentik"
authentik_uid: "{{ mash_playbook_uid }}"
authentik_gid: "{{ mash_playbook_gid }}"
# role-specific:postgres
2023-04-19 12:29:15 +02:00
authentik_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authentik_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authentik_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
authentik_database_username: "{{ authentik_identifier }}"
# /role-specific:postgres
2023-04-19 12:29:15 +02:00
authentik_server_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier else [])
}}
2023-04-23 16:24:13 +02:00
authentik_container_additional_networks_auto: |
2023-04-19 12:29:15 +02:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
2023-04-23 16:24:13 +02:00
([devture_postgres_container_network] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier and authentik_container_network != devture_postgres_container_network else [])
2023-04-19 12:29:15 +02:00
}}
# role-specific:traefik
2023-04-23 16:24:13 +02:00
authentik_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
authentik_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
authentik_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
authentik_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-04-19 12:29:15 +02:00
########################################################################
# #
# /authentik #
2023-04-19 12:29:15 +02:00
# #
########################################################################
# /role-specific:authentik
2023-03-24 17:01:21 +01:00
# role-specific:backup_borg
2023-05-01 09:12:29 +02:00
########################################################################
# #
# backup-borg #
# #
########################################################################
backup_borg_enabled: false
backup_borg_identifier: "{{ mash_playbook_service_identifier_prefix }}backup-borg"
backup_borg_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}borg-backup"
backup_borg_uid: "{{ mash_playbook_uid }}"
backup_borg_gid: "{{ mash_playbook_gid }}"
backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}"
backup_borg_retention_prefix: "{{ mash_playbook_service_identifier_prefix }}"
backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_prefix }}-{now:%Y-%m-%d-%H%M%S}"
backup_borg_container_image_self_build: "{{ mash_playbook_architecture not in ['amd64', 'arm32', 'arm64'] }}"
# role-specific:postgres
2023-05-01 09:12:29 +02:00
backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
# /role-specific:postgres
2023-05-01 09:12:29 +02:00
# role-specific:mariadb
backup_borg_mysql_enabled: "{{ mariadb_enabled }}"
backup_borg_mysql_databases_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}"
backup_borg_mysql_databases_username: "root"
backup_borg_mysql_databases_password: "{{ mariadb_root_passsword if mariadb_enabled else '' }}"
2023-05-30 18:51:42 +02:00
backup_borg_mysql_databases_port: 3306
backup_borg_mysql_databases: "{{ mariadb_managed_databases | map(attribute='name') if mariadb_enabled else [] }}"
# /role-specific:mariadb
2023-05-01 09:12:29 +02:00
backup_borg_location_source_directories:
- "{{ mash_playbook_base_path }}"
backup_borg_location_exclude_patterns: |
{{
([devture_postgres_data_path] if devture_postgres_enabled | default(false) else [])
+
([mariadb_data_path] if mariadb_enabled | default(false) else [])
}}
2023-05-01 09:12:29 +02:00
backup_borg_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) else [])
+
([mariadb_identifier ~ '.service'] if mariadb_enabled | default(false) else [])
2023-05-01 09:12:29 +02:00
}}
########################################################################
# #
# /backup-borg #
# #
########################################################################
# /role-specific:backup_borg
2023-05-01 09:12:29 +02:00
2023-09-19 10:15:33 +02:00
# role-specific:changedetection
2023-07-31 16:32:00 +02:00
########################################################################
# #
# Changedetection.io #
# #
########################################################################
changedetection_enabled: false
changedetection_identifier: "{{ mash_playbook_service_identifier_prefix }}changedetection"
changedetection_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}changedetection"
changedetection_uid: "{{ mash_playbook_uid }}"
changedetection_gid: "{{ mash_playbook_gid }}"
changedetection_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-07-31 16:32:00 +02:00
changedetection_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
changedetection_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
changedetection_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
changedetection_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-07-31 16:32:00 +02:00
########################################################################
# #
# /Changedetection.io #
# #
########################################################################
# /role-specific:changedetection
2023-05-01 09:12:29 +02:00
2023-09-19 10:15:33 +02:00
# role-specific:clickhouse
2023-07-07 13:43:28 +02:00
########################################################################
# #
# clickhouse #
# #
########################################################################
clickhouse_enabled: false
clickhouse_identifier: "{{ mash_playbook_service_identifier_prefix }}clickhouse"
clickhouse_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}clickhouse"
clickhouse_uid: "{{ mash_playbook_uid }}"
clickhouse_gid: "{{ mash_playbook_gid }}"
# This will be extended in the future, to auto-create databases for services which depend on MariaDB.
# See `devture_postgres_managed_databases_auto`
# TODO
# clickhouse_managed_databases_auto: []
########################################################################
# #
# /clickhouse #
# #
########################################################################
# /role-specific:clickhouse
2023-07-07 13:43:28 +02:00
# role-specific:collabora_online
2023-03-17 13:25:31 +01:00
########################################################################
# #
# collabora-online #
# #
########################################################################
collabora_online_enabled: false
collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online"
collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online"
2023-03-17 13:25:31 +01:00
collabora_online_uid: "{{ mash_playbook_uid }}"
collabora_online_gid: "{{ mash_playbook_gid }}"
collabora_online_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-03-17 13:25:31 +01:00
collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-03-17 13:25:31 +01:00
########################################################################
# #
# /collabora-online #
# #
########################################################################
# /role-specific:collabora_online
2023-03-17 13:25:31 +01:00
2023-03-15 09:58:12 +01:00
# role-specific:docker_registry
2023-03-18 18:27:24 +01:00
########################################################################
# #
# docker-registry #
# #
########################################################################
docker_registry_enabled: false
docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry"
docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry"
2023-03-18 18:27:24 +01:00
docker_registry_uid: "{{ mash_playbook_uid }}"
docker_registry_gid: "{{ mash_playbook_gid }}"
docker_registry_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-03-18 18:27:24 +01:00
docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-03-18 18:27:24 +01:00
########################################################################
# #
# /docker-registry #
# #
########################################################################
# /role-specific:docker_registry
2023-03-18 18:27:24 +01:00
2024-03-06 23:03:16 +01:00
# role-specific:docker_registry_proxy
########################################################################
# #
# docker-registry-proxy #
# #
########################################################################
docker_registry_proxy_enabled: false
docker_registry_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-proxy"
docker_registry_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-proxy"
docker_registry_proxy_uid: "{{ mash_playbook_uid }}"
docker_registry_proxy_gid: "{{ mash_playbook_gid }}"
docker_registry_proxy_target_scheme: "{{ 'http' if docker_registry_enabled else '' }}"
docker_registry_proxy_target_host: "{{ docker_registry_identifier+':5000' if docker_registry_enabled else '' }}"
docker_registry_proxy_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
docker_registry_proxy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_proxy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
# /docker-registry-proxy #
# #
########################################################################
# /role-specific:docker_registry_proxy
# role-specific:docker_registry_browser
2023-03-19 08:14:12 +01:00
########################################################################
# #
# docker-registry-browser #
# #
########################################################################
docker_registry_browser_enabled: false
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser"
2023-03-19 08:14:12 +01:00
docker_registry_browser_uid: "{{ mash_playbook_uid }}"
docker_registry_browser_gid: "{{ mash_playbook_gid }}"
docker_registry_browser_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
2023-03-19 08:14:12 +01:00
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-03-19 08:14:12 +01:00
########################################################################
# #
# /docker-registry-browser #
# #
########################################################################
# /role-specific:docker_registry_browser
2023-03-19 08:14:12 +01:00
# role-specific:docker_registry_purger
2023-03-19 09:04:10 +01:00
########################################################################
# #
# docker-registry-purger #
# #
########################################################################
docker_registry_purger_enabled: false
docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger"
docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger"
2023-03-19 09:04:10 +01:00
docker_registry_purger_uid: "{{ mash_playbook_uid }}"
docker_registry_purger_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /docker-registry-purger #
# #
########################################################################
# /role-specific:docker_registry_purger
# role-specific:echoip
########################################################################
# #
# echoip #
# #
########################################################################
echoip_enabled: false
echoip_identifier: "{{ mash_playbook_service_identifier_prefix }}echoip"
echoip_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}echoip"
echoip_uid: "{{ mash_playbook_uid }}"
echoip_gid: "{{ mash_playbook_gid }}"
echoip_systemd_required_services_list: |
{{
(['docker.service'])
}}
echoip_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# role-specific:traefik
echoip_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
echoip_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
echoip_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
echoip_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
# /echoip #
2023-03-19 09:04:10 +01:00
# #
########################################################################
# /role-specific:echoip
2023-03-19 09:04:10 +01:00
2024-01-23 13:28:36 +01:00
# role-specific:etcd
########################################################################
# #
# etcd #
# #
########################################################################
etcd_enabled: false
etcd_identifier: "{{ mash_playbook_service_identifier_prefix }}etcd"
etcd_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}etcd"
etcd_uid: "{{ mash_playbook_uid }}"
etcd_gid: "{{ mash_playbook_gid }}"
etcd_environment_variable_etcd_root_password: "{{ '' if etcd_environment_variable_allow_none_authentication else ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'etcd', rounds=655555) | to_uuid) }}"
########################################################################
# #
# /etcd #
# #
########################################################################
# /role-specific:etcd
2024-01-06 12:03:08 +01:00
# role-specific:exim_relay
########################################################################
# #
# exim_relay #
# #
########################################################################
exim_relay_enabled: false
exim_relay_identifier: "{{ mash_playbook_service_identifier_prefix }}exim-relay"
exim_relay_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}exim-relay"
exim_relay_uid: "{{ mash_playbook_uid }}"
exim_relay_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /exim_relay #
# #
########################################################################
# /role-specific:exim_relay
2023-03-19 09:04:10 +01:00
# role-specific:firezone
########################################################################
# #
# firezone #
# #
########################################################################
firezone_enabled: false
firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone"
firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone"
firezone_uid: "{{ mash_playbook_uid }}"
firezone_gid: "{{ mash_playbook_gid }}"
firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
# role-specific:postgres
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
2023-12-19 17:03:12 +01:00
firezone_database_username: "{{ firezone_identifier }}"
# /role-specific:postgres
firezone_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier else [])
}}
firezone_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
}}
# role-specific:traefik
firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
########################################################################
# #
# /firezone #
# #
########################################################################
# /role-specific:firezone
# role-specific:focalboard
2023-03-20 07:40:15 +01:00
########################################################################
# #
# focalboard #
# #
########################################################################
focalboard_enabled: false
focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard"
focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard"
2023-03-20 07:40:15 +01:00
focalboard_uid: "{{ mash_playbook_uid }}"
focalboard_gid: "{{ mash_playbook_gid }}"
focalboard_systemd_required_systemd_services_list_auto: |
2023-03-20 07:40:15 +01:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
# role-specific:postgres
2023-03-20 07:40:15 +01:00
focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}"
focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}"
# /role-specific:postgres
2023-03-20 07:40:15 +01:00
focalboard_container_additional_networks_auto: |
2023-03-20 07:40:15 +01:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled | default(false) and focalboard_database_hostname == devture_postgres_identifier else [])
2023-03-20 07:40:15 +01:00
}}
# role-specific:traefik
2023-03-20 07:40:15 +01:00
focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# /role-specific:traefik
2023-03-20 07:40:15 +01:00
########################################################################
# #
# /focalboard #
# #
########################################################################
# /role-specific:focalboard
2023-03-20 07:40:15 +01:00
# role-specific:freshrss
########################################################################
# #
# freshrss #
# #
########################################################################
freshrss_enabled: false
freshrss_identifier: "{{ mash_playbook_service_identifier_prefix }}freshrss"
freshrss_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}freshrss"
# freshrss_uid and freshrss_gid are intentionally not being set here.
# FreshRSS can only work with a specific user and group, as hardcoded in the role defaults.
freshrss_uid: "0"
freshrss_gid: "33"
freshrss_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier else [])
}}
freshrss_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier and freshrss_container_network != devture_postgres_container_network else [])
}}
freshrss_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
freshrss_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
# Intentionally not auto-generating freshrss_database_password.
# It's meant to be explicitly defined, so that it can be used in the setup wizard after installation.
########################################################################
# #
# /freshrss #
# #
########################################################################
# /role-specific:freshrss
# role-specific:funkwhale
2023-04-02 20:00:52 +02:00
########################################################################
# #
# funkwhale #
# #
########################################################################
funkwhale_enabled: false
funkwhale_identifier: "{{ mash_playbook_service_identifier_prefix }}funkwhale"
funkwhale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}funkwhale"
funkwhale_uid: "{{ mash_playbook_uid }}"
funkwhale_gid: "{{ mash_playbook_gid }}"
funkwhale_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
funkwhale_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
funkwhale_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.funkwhale', rounds=655555) | to_uuid }}"
funkwhale_database_username: "{{ funkwhale_identifier }}"
2023-04-03 15:02:08 +02:00
funkwhale_api_systemd_required_services_list_auto: |
2023-04-02 20:00:52 +02:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else [])
}}
2023-04-03 15:02:08 +02:00
funkwhale_frontend_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else [])
}}
2023-04-02 20:00:52 +02:00
funkwhale_api_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_api_container_network != devture_postgres_container_network else [])
}}
funkwhale_frontend_container_additional_networks_auto: |
{{
([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_frontend_container_network != devture_postgres_container_network else [])
+
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
funkwhale_api_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
funkwhale_api_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
funkwhale_api_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
funkwhale_api_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
funkwhale_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
funkwhale_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
funkwhale_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
funkwhale_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /funkwhale #
# #
########################################################################
# /role-specific:funkwhale
2023-04-02 20:00:52 +02:00
# role-specific:gitea
2023-03-16 17:26:06 +01:00
########################################################################
# #
# gitea #
# #
########################################################################
gitea_enabled: false
gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea"
gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea"
2023-03-16 17:26:06 +01:00
gitea_uid: "{{ mash_playbook_uid }}"
gitea_gid: "{{ mash_playbook_gid }}"
gitea_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else [])
}}
gitea_container_additional_networks_auto: |
2023-03-16 17:26:06 +01:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else [])
2024-03-24 19:03:30 +01:00
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and gitea_config_mailer_smtp_addr == exim_relay_identifier | default('mash-exim-relay') and gitea_container_network != exim_relay_container_network) else [])
2023-03-16 17:26:06 +01:00
}}
gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gitea_config_database_username: "gitea"
gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}"
2024-03-24 19:03:30 +01:00
# role-specific:exim_relay
gitea_config_mailer_enabled: "{{ 'true' if exim_relay_enabled else '' }}"
gitea_config_mailer_smtp_addr: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
gitea_config_mailer_smtp_port: 8025
gitea_config_mailer_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
gitea_config_mailer_protocol: "{{ 'smtp' if exim_relay_enabled else '' }}"
# /role-specific:exim_relay
2023-03-16 17:26:06 +01:00
########################################################################
# #
# /gitea #
# #
########################################################################
# /role-specific:gitea
2023-03-16 17:26:06 +01:00
# role-specific:gotosocial
2023-03-20 18:14:45 +01:00
########################################################################
# #
# gotosocial #
2023-03-20 18:14:45 +01:00
# #
########################################################################
gotosocial_enabled: false
2023-03-20 18:14:45 +01:00
gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial"
2023-03-20 18:14:45 +01:00
gotosocial_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gotosocial"
2023-03-20 18:14:45 +01:00
gotosocial_uid: "{{ mash_playbook_uid }}"
gotosocial_gid: "{{ mash_playbook_gid }}"
2023-03-20 18:14:45 +01:00
gotosocial_systemd_required_services_list_auto: |
2023-03-20 18:14:45 +01:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else [])
2023-03-20 18:14:45 +01:00
}}
2024-01-06 12:03:08 +01:00
gotosocial_systemd_wanted_services_list_auto: |
{{
([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and gotosocial_smtp_host == exim_relay_identifier | default('mash-exim-relay')) else [])
}}
gotosocial_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else [])
2024-01-06 12:03:08 +01:00
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and gotosocial_smtp_host == exim_relay_identifier | default('mash-exim-relay') and gotosocial_container_network != exim_relay_container_network) else [])
}}
2023-03-20 18:14:45 +01:00
gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-03-20 18:14:45 +01:00
2024-01-06 12:03:08 +01:00
gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}"
gotosocial_database_username: "{{ gotosocial_identifier }}"
# role-specific:exim_relay
gotosocial_smtp_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
gotosocial_smtp_port: 8025
gotosocial_smtp_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
# /role-specific:exim_relay
2023-03-20 18:14:45 +01:00
########################################################################
# #
# /gotosocial #
2023-03-20 18:14:45 +01:00
# #
########################################################################
# /role-specific:gotosocial
2023-03-20 18:14:45 +01:00
# role-specific:grafana
2023-03-28 09:27:36 +02:00
########################################################################
# #
# grafana #
2023-03-28 09:27:36 +02:00
# #
########################################################################
grafana_enabled: false
2023-03-28 09:27:36 +02:00
grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana"
2023-03-28 09:27:36 +02:00
grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana"
2023-03-28 09:27:36 +02:00
grafana_uid: "{{ mash_playbook_uid }}"
grafana_gid: "{{ mash_playbook_gid }}"
2023-03-28 09:27:36 +02:00
grafana_container_additional_networks_auto: |
2023-03-28 09:27:36 +02:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if (grafana_container_labels_traefik_enabled and mash_playbook_reverse_proxyable_services_additional_network) else [])
2023-03-28 09:27:36 +02:00
}}
grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-03-28 09:27:36 +02:00
########################################################################
# #
# /grafana #
2023-03-28 09:27:36 +02:00
# #
2023-03-20 18:14:45 +01:00
########################################################################
# /role-specific:grafana
2023-03-20 18:14:45 +01:00
# role-specific:healthchecks
2023-04-11 16:39:02 +02:00
########################################################################
# #
# healthchecks #
# #
########################################################################
healthchecks_enabled: false
healthchecks_identifier: "{{ mash_playbook_service_identifier_prefix }}healthchecks"
healthchecks_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}healthchecks"
healthchecks_uid: "{{ mash_playbook_uid }}"
healthchecks_gid: "{{ mash_playbook_gid }}"
2024-01-06 17:16:05 +01:00
healthchecks_systemd_required_systemd_services_list_auto: |
2023-04-11 16:39:02 +02:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier else [])
}}
2024-01-06 17:16:05 +01:00
healthchecks_systemd_wanted_systemd_services_list_auto: |
{{
([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and healthchecks_environment_variable_email_host == exim_relay_identifier | default('mash-exim-relay')) else [])
}}
healthchecks_container_additional_networks_auto: |
2023-04-11 16:39:02 +02:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier and healthchecks_container_network != devture_postgres_container_network else [])
2024-01-06 17:16:05 +01:00
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and healthchecks_environment_variable_email_host == exim_relay_identifier | default('mash-exim-relay') and healthchecks_container_network != exim_relay_container_network) else [])
2023-04-11 16:39:02 +02:00
}}
healthchecks_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
healthchecks_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
healthchecks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
healthchecks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
healthchecks_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
healthchecks_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks.db', rounds=655555) | to_uuid }}"
healthchecks_environment_variable_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks', rounds=655555) | to_uuid }}"
2024-01-06 17:16:05 +01:00
# role-specific:exim_relay
healthchecks_environment_variable_default_from_email: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
healthchecks_environment_variable_email_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
healthchecks_environment_variable_email_port: "{{ 8025 if exim_relay_enabled else '587' }}"
healthchecks_environment_variable_email_use_tls: "{{ false if exim_relay_enabled else true }}"
healthchecks_environment_variable_email_use_verification: "{{ false if exim_relay_enabled else true }}"
# /role-specific:exim_relay
2023-04-11 16:39:02 +02:00
########################################################################
# #
# /healthchecks #
# #
########################################################################
# /role-specific:healthchecks
2023-04-11 16:39:02 +02:00
# role-specific:hubsite
2023-03-15 09:58:12 +01:00
########################################################################
# #
# hubsite #
2023-03-15 09:58:12 +01:00
# #
########################################################################
hubsite_enabled: false
2023-03-15 09:58:12 +01:00
hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite"
2023-03-15 09:58:12 +01:00
hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite"
2023-03-15 09:58:12 +01:00
hubsite_uid: "{{ mash_playbook_uid }}"
hubsite_gid: "{{ mash_playbook_gid }}"
2023-03-15 09:58:12 +01:00
hubsite_systemd_required_services_list: |
{{
(['docker.service'])
}}
hubsite_container_additional_networks: |
2023-03-15 09:58:12 +01:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
2023-03-17 10:39:04 +01:00
# Services
##########
2023-03-17 10:39:04 +01:00
# role-specific:adguard_home
# Adguard home
hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}"
hubsite_service_adguard_home_name: Adguard Home
hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}"
hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png"
hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking"
hubsite_service_adguard_home_priority: 1000
# /role-specific:adguard_home
2023-03-29 10:42:39 +02:00
# role-specific:authentik
2023-04-22 17:49:31 +02:00
# authentik
hubsite_service_authentik_enabled: "{{ authentik_enabled }}"
hubsite_service_authentik_name: Authentik
2023-04-23 12:27:36 +02:00
hubsite_service_authentik_url: "https://{{ authentik_hostname }}"
2023-04-22 17:49:31 +02:00
hubsite_service_authentik_logo_location: "{{ role_path }}/assets/authentik.png"
hubsite_service_authentik_description: "An open source identity provider"
hubsite_service_authentik_priority: 1000
# /role-specific:authentik
2023-04-22 17:49:31 +02:00
# role-specific:appsmith
2023-04-22 17:49:31 +02:00
# Appsmith
hubsite_service_appsmith_enabled: "{{ appsmith_enabled }}"
hubsite_service_appsmith_name: Appsmith
hubsite_service_appsmith_url: "https://{{ appsmith_hostname }}{{ appsmith_path_prefix }}"
hubsite_service_appsmith_logo_location: "{{ role_path }}/assets/appsmith.png"
hubsite_service_appsmith_description: "Platform for building and deploying custom internal tools and applications without writing code"
hubsite_service_appsmith_priority: 1000
# /role-specific:appsmith
2023-04-22 17:49:31 +02:00
# role-specific:docker_registry_browser
# Docker Registry Browser
hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}"
hubsite_service_docker_registry_browser_name: Docker Registry Browser
hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}"
hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png"
hubsite_service_docker_registry_browser_description: "Browse docker images"
hubsite_service_docker_registry_browser_priority: 1000
# /role-specific:docker_registry_browser
2023-03-29 10:42:39 +02:00
# role-specific:firezone
2023-04-22 17:49:31 +02:00
# Firezone
hubsite_service_firezone_enabled: "{{ firezone_enabled }}"
hubsite_service_firezone_name: Firezone
hubsite_service_firezone_url: "https://{{ firezone_hostname }}"
hubsite_service_firezone_logo_location: "{{ role_path }}/assets/firezone.png"
hubsite_service_firezone_description: "A self-hosted VPN server, based on Wireguard"
hubsite_service_firezone_priority: 1000
# /role-specific:firezone
2023-04-22 17:49:31 +02:00
# role-specific:focalboard
# Focalboard
hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}"
hubsite_service_focalboard_name: Focalboard
hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}"
hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png"
hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana."
hubsite_service_focalboard_priority: 1000
# /role-specific:focalboard
2023-03-29 10:42:39 +02:00
# role-specific:freshrss
# FreshRSS
hubsite_service_freshrss_enabled: "{{ freshrss_enabled }}"
hubsite_service_freshrss_name: FreshRSS
hubsite_service_freshrss_url: "https://{{ freshrss_hostname }}{{ freshrss_path_prefix }}"
hubsite_service_freshrss_logo_location: "{{ role_path }}/assets/freshrss.png"
hubsite_service_freshrss_description: "RSS and Atom feed aggregator."
hubsite_service_freshrss_priority: 1000
# /role-specific:freshrss
# role-specific:funkwhale
2023-04-22 17:49:31 +02:00
# Funkwhale
hubsite_service_funkwhale_enabled: "{{ funkwhale_enabled }}"
hubsite_service_funkwhale_name: Funkwhale
hubsite_service_funkwhale_url: "https://{{ funkwhale_hostname }}"
hubsite_service_funkwhale_logo_location: "{{ role_path }}/assets/funkwhale.png"
hubsite_service_funkwhale_description: "Listen and share music with a selfhosted streaming server"
hubsite_service_funkwhale_priority: 1000
# /role-specific:funkwhale
2023-04-22 17:49:31 +02:00
# role-specific:gitea
# Gitea
hubsite_service_gitea_enabled: "{{ gitea_enabled }}"
hubsite_service_gitea_name: Gitea
hubsite_service_gitea_url: "https://{{ gitea_hostname }}{{ gitea_path_prefix }}"
hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png"
hubsite_service_gitea_description: "A git service"
hubsite_service_gitea_priority: 1000
# /role-specific:gitea
2023-03-29 10:42:39 +02:00
# role-specific:gotosocial
# GoToSocial
hubsite_service_gotosocial_enabled: "{{ gotosocial_enabled }}"
hubsite_service_gotosocial_name: GoToSocial
hubsite_service_gotosocial_url: "https://{{ gotosocial_hostname }}"
hubsite_service_gotosocial_logo_location: "{{ role_path }}/assets/gotosocial.png"
hubsite_service_gotosocial_description: "A fediverse server"
hubsite_service_gotosocial_priority: 1000
# /role-specific:gotosocial
2023-03-29 10:42:39 +02:00
# role-specific:grafana
# Grafana
hubsite_service_grafana_enabled: "{{ grafana_enabled }}"
hubsite_service_grafana_name: Grafana
hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}"
hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png"
hubsite_service_grafana_description: "Check how your server is doing"
hubsite_service_grafana_priority: 1000
# /role-specific:grafana
2023-03-29 10:42:39 +02:00
# role-specific:healthchecks
2023-04-22 17:49:31 +02:00
# Healthchecks
hubsite_service_healthchecks_enabled: "{{ healthchecks_enabled }}"
hubsite_service_healthchecks_name: Healthchecks
hubsite_service_healthchecks_url: "https://{{ healthchecks_hostname }}{{ healthchecks_path_prefix }}"
hubsite_service_healthchecks_logo_location: "{{ role_path }}/assets/healthchecks.png"
hubsite_service_healthchecks_description: "A simple and Effective Cron Job Monitoring solution"
hubsite_service_healthchecks_priority: 1000
# /role-specific:healthchecks
2023-04-22 17:49:31 +02:00
# role-specific:keycloak
2023-04-22 17:49:31 +02:00
# Keycloak
hubsite_service_keycloak_enabled: "{{ keycloak_enabled }}"
hubsite_service_keycloak_name: Keycloak
hubsite_service_keycloak_url: "https://{{ keycloak_hostname }}{{ keycloak_path_prefix }}"
hubsite_service_keycloak_logo_location: "{{ role_path }}/assets/keycloak.png"
hubsite_service_keycloak_description: "An open source identity and access management solution."
hubsite_service_keycloak_priority: 1000
# /role-specific:keycloak
2023-04-22 17:49:31 +02:00
# role-specific:languagetool
# LanguageTool
hubsite_service_languagetool_enabled: "{{ languagetool_enabled }}"
hubsite_service_languagetool_name: LanguageTool
hubsite_service_languagetool_url: "https://{{ languagetool_hostname }}{{ languagetool_path_prefix }}"
hubsite_service_languagetool_logo_location: "{{ role_path }}/assets/languagetool.png"
hubsite_service_languagetool_description: "An open source online grammar, style and spell checker"
hubsite_service_languagetool_priority: 1000
# /role-specific:languagetool
# role-specific:miniflux
# Miniflux
hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}"
hubsite_service_miniflux_name: Miniflux
hubsite_service_miniflux_url: "https://{{ miniflux_hostname }}{{ miniflux_path_prefix }}"
hubsite_service_miniflux_logo_location: "{{ role_path }}/assets/miniflux.png"
hubsite_service_miniflux_description: "An opinionated feed reader"
hubsite_service_miniflux_priority: 1000
# /role-specific:miniflux
2023-03-29 10:42:39 +02:00
# role-specific:n8n
2023-07-19 12:08:59 +02:00
# n8n
hubsite_service_n8n_enabled: "{{ n8n_enabled }}"
hubsite_service_n8n_name: n8n
hubsite_service_n8n_url: "https://{{ n8n_hostname }}{{ n8n_path_prefix }}"
hubsite_service_n8n_logo_location: "{{ role_path }}/assets/n8n.png"
hubsite_service_n8n_description: "Workflow automation for technical people."
hubsite_service_n8n_priority: 1000
# /role-specific:n8n
2023-07-19 12:08:59 +02:00
# role-specific:linkding
2023-07-20 22:29:50 +02:00
# Linkding
hubsite_service_linkding_enabled: "{{ linkding_enabled }}"
hubsite_service_linkding_name: Linkding
hubsite_service_linkding_url: "https://{{ linkding_hostname }}{{ linkding_path_prefix }}"
hubsite_service_linkding_logo_location: "{{ role_path }}/assets/linkding.png"
hubsite_service_linkding_description: "Bookmark manager that is designed be to be minimal and fast."
hubsite_service_linkding_priority: 1000
# /role-specific:linkding
2023-07-20 22:29:50 +02:00
# role-specific:nextcloud
# Nextcloud
hubsite_service_nextcloud_enabled: "{{ nextcloud_enabled }}"
hubsite_service_nextcloud_name: Nextcloud
hubsite_service_nextcloud_url: "https://{{ nextcloud_hostname }}{{ nextcloud_path_prefix }}"
hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png"
hubsite_service_nextcloud_description: "Sync your files & much more"
hubsite_service_nextcloud_priority: 1000
# /role-specific:nextcloud
2023-03-29 10:42:39 +02:00
# role-specific:owncast
# Owncast
hubsite_service_owncast_enabled: "{{ owncast_enabled }}"
2023-04-22 17:49:31 +02:00
hubsite_service_owncast_name: Owncast
2023-04-02 20:10:13 +02:00
hubsite_service_owncast_url: "https://{{ owncast_hostname }}"
hubsite_service_owncast_logo_location: "{{ role_path }}/assets/owncast.png"
hubsite_service_owncast_description: "Livestream & Chat"
hubsite_service_owncast_priority: 1000
# /role-specific:owncast
2023-03-29 10:42:39 +02:00
# role-specific:peertube
# Peertube
hubsite_service_peertube_enabled: "{{ peertube_enabled }}"
hubsite_service_peertube_name: Peertube
hubsite_service_peertube_url: "https://{{ peertube_hostname }}{{ peertube_path_prefix }}"
hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png"
hubsite_service_peertube_description: "Watch and upload videos"
hubsite_service_peertube_priority: 1000
# /role-specific:peertube
2023-03-29 10:42:39 +02:00
# role-specific:radicale
# Radicale
hubsite_service_radicale_enabled: "{{ radicale_enabled }}"
hubsite_service_radicale_name: Radicale
hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}"
hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png"
hubsite_service_radicale_description: "Sync contacts and calendars"
hubsite_service_radicale_priority: 1000
# /role-specific:radicale
# role-specific:syncthing
# Syncthing
hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}"
hubsite_service_syncthing_name: Syncthing
hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}"
hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png"
hubsite_service_syncthing_description: "Sync your files"
hubsite_service_syncthing_priority: 1000
# /role-specific:syncthing
# role-specific:tandoor
# tandoor
hubsite_service_tandoor_enabled: "{{ tandoor_enabled }}"
hubsite_service_tandoor_name: tandoor
hubsite_service_tandoor_url: "https://{{ tandoor_hostname }}{{ tandoor_path_prefix }}"
hubsite_service_tandoor_logo_location: "{{ role_path }}/assets/tandoor.png"
hubsite_service_tandoor_description: "The recipe manager that allows you to manage your ever growing collection of digital recipes."
hubsite_service_tandoor_priority: 1000
# /role-specific:tandoor
# role-specific:uptime_kuma
# Uptime Kuma
hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}"
hubsite_service_uptime_kuma_name: Uptime Kuma
hubsite_service_uptime_kuma_url: "https://{{ uptime_kuma_hostname }}{{ uptime_kuma_path_prefix }}"
hubsite_service_uptime_kuma_logo_location: "{{ role_path }}/assets/uptime-kuma.png"
hubsite_service_uptime_kuma_description: "Check the status of the services"
hubsite_service_uptime_kuma_priority: 1000
# /role-specific:uptime_kuma
# role-specific:vaultwarden
# Vaultwarden
# The vaultwarden service link is deactivated by default for security reasons, see: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#hiding-under-a-subdir
hubsite_service_vaultwarden_enabled: false
hubsite_service_vaultwarden_name: Vaultwarden
hubsite_service_vaultwarden_url: "https://{{ vaultwarden_hostname }}{{ vaultwarden_path_prefix }}"
hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.png"
hubsite_service_vaultwarden_description: "Securely access your passwords"
hubsite_service_vaultwarden_priority: 1000
# /role-specific:vaultwarden
# role-specific:woodpecker_ci_server
# Woodpecker CI
hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}"
hubsite_service_woodpecker_ci_name: Woodpecker CI
hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}"
hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png"
hubsite_service_woodpecker_ci_description: "Check you CI"
hubsite_service_woodpecker_ci_priority: 1000
# /role-specific:woodpecker_ci_server
# role-specific:forgejo
# Forgejo
hubsite_service_forgejo_enabled: "{{ forgejo_enabled }}"
hubsite_service_forgejo_name: Forgejo
hubsite_service_forgejo_url: "https://{{ forgejo_hostname }}{{ forgejo_path_prefix }}"
hubsite_service_forgejo_logo_location: "{{ role_path }}/assets/forgejo.png"
hubsite_service_forgejo_description: "Another git service"
hubsite_service_forgejo_priority: 1000
# /role-specific:forgejo
mash_playbook_hubsite_service_list_auto_itemized:
# Dummy entry, which is not role-specific.
# Ensures there's at least one entry defined in the list.
- "{{ omit }}"
# role-specific:adguard_home
- |-
{{
({
'name': hubsite_service_adguard_home_name,
'url': hubsite_service_adguard_home_url,
'logo_location': hubsite_service_adguard_home_logo_location,
'description': hubsite_service_adguard_home_description,
'priority': hubsite_service_adguard_home_priority,
} if hubsite_service_adguard_home_enabled else omit)
}}
# /role-specific:adguard_home
# role-specific:authentik
- |-
{{
({
'name': hubsite_service_authentik_name,
'url': hubsite_service_authentik_url,
'logo_location': hubsite_service_authentik_logo_location,
'description': hubsite_service_authentik_description,
'priority': hubsite_service_adguard_home_priority,
} if hubsite_service_authentik_enabled else omit)
}}
# /role-specific:authentik
# role-specific:appsmith
- |-
{{
({
'name': hubsite_service_appsmith_name,
'url': hubsite_service_appsmith_url,
'logo_location': hubsite_service_appsmith_logo_location,
'description': hubsite_service_appsmith_description,
'priority': hubsite_service_appsmith_priority,
} if hubsite_service_appsmith_enabled else omit)
}}
# /role-specific:appsmith
# role-specific:docker_registry_browser
- |-
{{
({
'name': hubsite_service_docker_registry_browser_name,
'url': hubsite_service_docker_registry_browser_url,
'logo_location': hubsite_service_docker_registry_browser_logo_location,
'description': hubsite_service_docker_registry_browser_description,
'priority': hubsite_service_docker_registry_browser_priority,
} if hubsite_service_docker_registry_browser_enabled else omit)
}}
# /role-specific:docker_registry_browser
# role-specific:firezone
- |-
{{
({
'name': hubsite_service_firezone_name,
'url': hubsite_service_firezone_url,
'logo_location': hubsite_service_firezone_logo_location,
'description': hubsite_service_firezone_description,
'priority': hubsite_service_firezone_priority,
} if hubsite_service_firezone_enabled else omit)
}}
# /role-specific:firezone
# role-specific:focalboard
- |-
{{
({
'name': hubsite_service_focalboard_name,
'url': hubsite_service_focalboard_url,
'logo_location': hubsite_service_focalboard_logo_location,
'description': hubsite_service_focalboard_description,
'priority': hubsite_service_focalboard_priority,
} if hubsite_service_focalboard_enabled else omit)
}}
# /role-specific:focalboard
# role-specific:freshrss
- |-
{{
({
'name': hubsite_service_freshrss_name,
'url': hubsite_service_freshrss_url,
'logo_location': hubsite_service_freshrss_logo_location,
'description': hubsite_service_freshrss_description,
'priority': hubsite_service_freshrss_priority,
} if hubsite_service_freshrss_enabled else omit)
}}
# /role-specific:freshrss
# role-specific:funkwhale
- |-
{{
({
'name': hubsite_service_funkwhale_name,
'url': hubsite_service_funkwhale_url,
'logo_location': hubsite_service_funkwhale_logo_location,
'description': hubsite_service_funkwhale_description,
'priority': hubsite_service_funkwhale_priority,
} if hubsite_service_funkwhale_enabled else omit)
}}
# /role-specific:funkwhale
# role-specific:gitea
- |-
{{
({
'name': hubsite_service_gitea_name,
'url': hubsite_service_gitea_url,
'logo_location': hubsite_service_gitea_logo_location,
'description': hubsite_service_gitea_description,
'priority': hubsite_service_gitea_priority,
} if hubsite_service_gitea_enabled else omit)
}}
# /role-specific:gitea
# role-specific:gotosocial
- |-
{{
({
'name': hubsite_service_gotosocial_name,
'url': hubsite_service_gotosocial_url,
'logo_location': hubsite_service_gotosocial_logo_location,
'description': hubsite_service_gotosocial_description,
'priority': hubsite_service_gotosocial_priority,
} if hubsite_service_gotosocial_enabled else omit)
}}
# /role-specific:gotosocial
# role-specific:grafana
- |-
{{
({
'name': hubsite_service_grafana_name,
'url': hubsite_service_grafana_url,
'logo_location': hubsite_service_grafana_logo_location,
'description': hubsite_service_grafana_description,
'priority': hubsite_service_grafana_priority,
} if hubsite_service_grafana_enabled else omit)
}}
# /role-specific:grafana
# role-specific:healthchecks
- |-
{{
({
'name': hubsite_service_healthchecks_name,
'url': hubsite_service_healthchecks_url,
'logo_location': hubsite_service_healthchecks_logo_location,
'description': hubsite_service_healthchecks_description,
'priority': hubsite_service_healthchecks_priority,
} if hubsite_service_healthchecks_enabled else omit)
}}
# /role-specific:healthchecks
# role-specific:keycloak
- |-
{{
({
'name': hubsite_service_keycloak_name,
'url': hubsite_service_keycloak_url,
'logo_location': hubsite_service_keycloak_logo_location,
'description': hubsite_service_keycloak_description,
'priority': hubsite_service_keycloak_priority,
} if hubsite_service_keycloak_enabled else omit)
}}
# /role-specific:keycloak
# role-specific:languagetool
- |-
{{
({
'name': hubsite_service_languagetool_name,
'url': hubsite_service_languagetool_url,
'logo_location': hubsite_service_languagetool_logo_location,
'description': hubsite_service_languagetool_description,
'priority': hubsite_service_languagetool_priority,
} if hubsite_service_languagetool_enabled else omit)
}}
# /role-specific:languagetool
# role-specific:miniflux
- |-
{{
({
'name': hubsite_service_miniflux_name,
'url': hubsite_service_miniflux_url,
'logo_location': hubsite_service_miniflux_logo_location,
'description': hubsite_service_miniflux_description,
'priority': hubsite_service_miniflux_priority,
} if hubsite_service_miniflux_enabled else omit)
}}
# /role-specific:miniflux
# role-specific:n8n
- |-
{{
({
'name': hubsite_service_n8n_name,
'url': hubsite_service_n8n_url,
'logo_location': hubsite_service_n8n_logo_location,
'description': hubsite_service_n8n_description,
'priority': hubsite_service_n8n_priority,
} if hubsite_service_n8n_enabled else omit)
}}
# /role-specific:n8n
# role-specific:nextcloud
- |-
{{
({
'name': hubsite_service_nextcloud_name,
'url': hubsite_service_nextcloud_url,
'logo_location': hubsite_service_nextcloud_logo_location,
'description': hubsite_service_nextcloud_description,
'priority': hubsite_service_nextcloud_priority,
} if hubsite_service_nextcloud_enabled else omit)
}}
# /role-specific:nextcloud
# role-specific:linkding
- |-
{{
({
'name': hubsite_service_linkding_name,
'url': hubsite_service_linkding_url,
'logo_location': hubsite_service_linkding_logo_location,
'description': hubsite_service_linkding_description,
'priority': hubsite_service_linkding_priority,
} if hubsite_service_linkding_enabled else omit)
}}
# /role-specific:linkding
# role-specific:owncast
- |-
{{
({
'name': hubsite_service_owncast_name,
'url': hubsite_service_owncast_url,
'logo_location': hubsite_service_owncast_logo_location,
'description': hubsite_service_owncast_description,
'priority': hubsite_service_owncast_priority,
} if hubsite_service_owncast_enabled else omit)
}}
# /role-specific:owncast
# role-specific:peertube
- |-
{{
({
'name': hubsite_service_peertube_name,
'url': hubsite_service_peertube_url,
'logo_location': hubsite_service_peertube_logo_location,
'description': hubsite_service_peertube_description,
'priority': hubsite_service_peertube_priority,
} if hubsite_service_peertube_enabled else omit)
}}
# /role-specific:peertube
# role-specific:radicale
- |-
{{
({
'name': hubsite_service_radicale_name,
'url': hubsite_service_radicale_url,
'logo_location': hubsite_service_radicale_logo_location,
'description': hubsite_service_radicale_description,
'priority': hubsite_service_radicale_priority,
} if hubsite_service_radicale_enabled else omit)
}}
# /role-specific:radicale
# role-specific:uptime_kuma
- |-
{{
({
'name': hubsite_service_uptime_kuma_name,
'url': hubsite_service_uptime_kuma_url,
'logo_location': hubsite_service_uptime_kuma_logo_location,
'description': hubsite_service_uptime_kuma_description,
'priority': hubsite_service_uptime_kuma_priority,
} if hubsite_service_uptime_kuma_enabled else omit)
}}
# /role-specific:uptime_kuma
# role-specific:syncthing
- |-
{{
({
'name': hubsite_service_syncthing_name,
'url': hubsite_service_syncthing_url,
'logo_location': hubsite_service_syncthing_logo_location,
'description': hubsite_service_syncthing_description,
'priority': hubsite_service_syncthing_priority
} if hubsite_service_syncthing_enabled else omit)
}}
# /role-specific:syncthing
# role-specific:tandoor
- |-
{{
({
'name': hubsite_service_tandoor_name,
'url': hubsite_service_tandoor_url,
'logo_location': hubsite_service_tandoor_logo_location,
'description': hubsite_service_tandoor_description,
'priority': hubsite_service_tandoor_priority,
} if hubsite_service_tandoor_enabled else omit)
}}
# /role-specific:tandoor
# role-specific:vaultwarden
- |-
{{
({
'name': hubsite_service_vaultwarden_name,
'url': hubsite_service_vaultwarden_url,
'logo_location': hubsite_service_vaultwarden_logo_location,
'description': hubsite_service_vaultwarden_description,
'priority': hubsite_service_vaultwarden_priority
} if hubsite_service_vaultwarden_enabled else omit)
}}
# /role-specific:vaultwarden
# role-specific:woodpecker_ci_server
- |-
{{
({
'name': hubsite_service_woodpecker_ci_name,
'url': hubsite_service_woodpecker_ci_url,
'logo_location': hubsite_service_woodpecker_ci_logo_location,
'description': hubsite_service_woodpecker_ci_description,
'priority': hubsite_service_woodpecker_ci_priority
} if hubsite_service_woodpecker_ci_enabled else omit)
}}
# /role-specific:woodpecker_ci_server
hubsite_service_list_auto: "{{ mash_playbook_hubsite_service_list_auto_itemized | reject('equalto', omit) }}"
########################################################################
# #
# /hubsite #
# #
########################################################################
# /role-specific:hubsite
# role-specific:ilmo
2023-07-17 14:45:18 +02:00
########################################################################
# #
# ilmo #
# #
########################################################################
ilmo_enabled: false
ilmo_identifier: "{{ mash_playbook_service_identifier_prefix }}ilmo"
ilmo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}ilmo"
ilmo_uid: "{{ mash_playbook_uid }}"
ilmo_gid: "{{ mash_playbook_gid }}"
ilmo_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.ilmo', rounds=655555) | to_uuid }}"
ilmo_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
ilmo_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
ilmo_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.ilmo', rounds=655555) | to_uuid }}"
ilmo_database_username: "ilmo"
ilmo_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier else [])
}}
ilmo_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier and ilmo_container_network != devture_postgres_container_network else [])
}}
ilmo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
ilmo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
ilmo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
ilmo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /ilmo #
# #
########################################################################
# /role-specific:ilmo
2023-07-17 14:45:18 +02:00
# role-specific:infisical
2023-06-02 16:50:15 +02:00
########################################################################
# #
# infisical #
# #
########################################################################
infisical_enabled: false
infisical_identifier: "{{ mash_playbook_service_identifier_prefix }}infisical"
infisical_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}infisical"
infisical_uid: "{{ mash_playbook_uid }}"
infisical_gid: "{{ mash_playbook_gid }}"
infisical_backend_systemd_required_services_list: |
{{
(['docker.service'])
+
([mongodb_identifier ~ '.service'] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier else [])
}}
infisical_backend_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([mongodb_container_network] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier and infisical_backend_container_network != mongodb_container_network else [])
}}
infisical_backend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
infisical_backend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
infisical_backend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
infisical_backend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Intentionally not auto-generating infisical_backend_environment_variable_encryption_key here.
# We prefer it to be explicit as it seems important that it remains stable.
infisical_backend_environment_variable_jwt_signup_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.signup', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_refresh_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.r', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_auth_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.a', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_service_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.svc', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_frontend_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
infisical_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
infisical_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
infisical_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
infisical_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
infisical_mongodb_hostname: "{{ mongodb_identifier if mongodb_enabled else '' }}"
infisical_mongodb_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'infisical.db', rounds=655555) | to_uuid }}"
infisical_mongodb_auth_source: "{{ infisical_mongodb_db_name }}"
########################################################################
# #
# /infisical #
# #
2023-06-29 00:51:46 +02:00
########################################################################
# /role-specific:infisical
2023-06-29 00:51:46 +02:00
# role-specific:influxdb
2023-06-29 00:51:46 +02:00
########################################################################
# #
# influxdb #
# #
########################################################################
influxdb_enabled: false
influxdb_identifier: "{{ mash_playbook_service_identifier_prefix }}influxdb"
influxdb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}influxdb"
influxdb_uid: "{{ mash_playbook_uid }}"
influxdb_gid: "{{ mash_playbook_gid }}"
influxdb_container_additional_networks_auto: |
2023-06-29 00:51:46 +02:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if (influxdb_container_labels_traefik_enabled and mash_playbook_reverse_proxyable_services_additional_network) else [])
2023-06-29 00:51:46 +02:00
}}
influxdb_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
influxdb_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
influxdb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
influxdb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /influxdb #
# #
2023-06-02 16:50:15 +02:00
########################################################################
# /role-specific:influxdb
2023-06-02 16:50:15 +02:00
# role-specific:jitsi
########################################################################
# #
# jitsi #
# #
########################################################################
jitsi_enabled: false
jitsi_architecture: "{{ mash_playbook_architecture }}"
jitsi_identifier: "{{ mash_playbook_service_identifier_prefix }}jitsi"
jitsi_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}jitsi"
jitsi_uid: "{{ mash_playbook_uid }}"
jitsi_gid: "{{ mash_playbook_gid }}"
2023-10-31 08:45:18 +01:00
jitsi_user_username: "{{ mash_playbook_user_username }}"
jitsi_web_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_prosody_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_jvb_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
jitsi_jibri_xmpp_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
########################################################################
# #
# /jitsi #
# #
########################################################################
# /role-specific:jitsi
# role-specific:keycloak
########################################################################
# #
# keycloak #
# #
########################################################################
keycloak_enabled: false
keycloak_identifier: "{{ mash_playbook_service_identifier_prefix }}keycloak"
keycloak_uid: "{{ mash_playbook_uid }}"
keycloak_gid: "{{ mash_playbook_gid }}"
keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keycloak"
keycloak_systemd_required_systemd_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else [])
}}
keycloak_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else [])
}}
keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
keycloak_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
keycloak_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ keycloak_identifier }}"
keycloak_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
keycloak_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
keycloak_environment_variable_kc_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}"
keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}"
########################################################################
# #
# /keycloak #
# #
########################################################################
# /role-specific:keycloak
# role-specific:lago
2023-04-14 07:58:46 +02:00
########################################################################
# #
# lago #
# #
########################################################################
lago_enabled: false
lago_architecture: "{{ mash_playbook_architecture }}"
lago_identifier: "{{ mash_playbook_service_identifier_prefix }}lago"
lago_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}lago"
lago_uid: "{{ mash_playbook_uid }}"
lago_gid: "{{ mash_playbook_gid }}"
lago_api_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and lago_database_hostname == devture_postgres_identifier and lago_api_container_network != devture_postgres_container_network else [])
}}
lago_front_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
lago_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
lago_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
lago_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
lago_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
lago_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
lago_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
lago_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.db', rounds=655555) | to_uuid }}"
lago_api_environment_variable_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.sec.key', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_primary_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.enc.primary', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_deterministic_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deter.key', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_key_derivation_salt: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deriv.salt', rounds=655555) | to_uuid }}"
########################################################################
# #
# /lago #
# #
########################################################################
# /role-specific:lago
2023-04-14 07:58:46 +02:00
# role-specific:languagetool
########################################################################
# #
# languagetool #
# #
########################################################################
languagetool_enabled: false
languagetool_identifier: "{{ mash_playbook_service_identifier_prefix }}languagetool"
languagetool_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}languagetool"
languagetool_uid: "{{ mash_playbook_uid }}"
languagetool_gid: "{{ mash_playbook_gid }}"
languagetool_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
languagetool_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
languagetool_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
languagetool_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
languagetool_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
########################################################################
# #
# /languagetool #
# #
########################################################################
# /role-specific:languagetool
# role-specific:loki
########################################################################
# #
# loki #
# #
########################################################################
loki_enabled: false
loki_identifier: "{{ mash_playbook_service_identifier_prefix }}loki"
loki_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}loki"
loki_uid: "{{ mash_playbook_uid }}"
loki_gid: "{{ mash_playbook_gid }}"
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
loki_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and loki_hostname | length > 0 }}"
loki_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
loki_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
loki_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
loki_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
########################################################################
# #
# /loki #
# #
########################################################################
# /role-specific:loki
# role-specific:linkding
2023-07-20 22:29:50 +02:00
########################################################################
# #
# linkding #
# #
########################################################################
linkding_enabled: false
linkding_identifier: "{{ mash_playbook_service_identifier_prefix }}linkding"
linkding_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}linkding"
linkding_uid: "{{ mash_playbook_uid }}"
linkding_gid: "{{ mash_playbook_gid }}"
linkding_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier else [])
}}
linkding_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier and linkding_container_network != devture_postgres_container_network else [])
}}
linkding_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
linkding_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
linkding_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
linkding_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
linkding_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
linkding_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'linkding.db', rounds=655555) | to_uuid }}"
linkding_database_engine: "{{ 'postgres' if devture_postgres_enabled and linkding_database_hostname == devture_postgres_connection_hostname else 'sqlite' }}"
2023-07-20 22:29:50 +02:00
########################################################################
# #
# /linkding #
# #
########################################################################
# /role-specific:linkding
2023-04-14 07:58:46 +02:00
# role-specific:miniflux
########################################################################
# #
# miniflux #
# #
########################################################################
miniflux_enabled: false
miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux"
miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux"
miniflux_uid: "{{ mash_playbook_uid }}"
miniflux_gid: "{{ mash_playbook_gid }}"
miniflux_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else [])
}}
miniflux_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else [])
}}
miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /miniflux #
# #
########################################################################
# /role-specific:miniflux
# role-specific:mobilizon
2023-04-05 17:01:58 +02:00
########################################################################
# #
# mobilizon #
2023-04-05 17:01:58 +02:00
# #
########################################################################
mobilizon_enabled: false
mobilizon_identifier: "{{ mash_playbook_service_identifier_prefix }}mobilizon"
mobilizon_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mobilizon"
mobilizon_uid: "{{ mash_playbook_uid }}"
mobilizon_gid: "{{ mash_playbook_gid }}"
mobilizon_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'sk.mobilizon', rounds=655555) | to_uuid }}"
mobilizon_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'skb.mobilizon', rounds=655555) | to_uuid }}"
mobilizon_database_hostname: "{{ postgis_identifier if postgis_enabled else '' }}"
2023-07-19 14:14:54 +02:00
mobilizon_database_name: "mobilizon"
2023-04-05 17:01:58 +02:00
mobilizon_database_port: "{{ '5432' if postgis_enabled else '' }}"
mobilizon_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.mobilizon', rounds=655555) | to_uuid }}"
2023-07-19 14:14:54 +02:00
mobilizon_database_username: "mobilizon"
2023-04-05 17:01:58 +02:00
mobilizon_systemd_required_services_list: |
{{
(['docker.service'])
+
2023-04-05 18:24:53 +02:00
([postgis_identifier ~ '.service'] if postgis_enabled and mobilizon_database_hostname == postgis_identifier else [])
2023-04-05 17:01:58 +02:00
}}
mobilizon_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
2023-04-05 18:24:53 +02:00
([postgis_container_network] if postgis_enabled and mobilizon_database_hostname == postgis_identifier and mobilizon_container_network != postgis_container_network else [])
2023-04-05 17:01:58 +02:00
}}
mobilizon_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
mobilizon_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
mobilizon_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
mobilizon_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /mobilizon #
2023-04-05 17:01:58 +02:00
# #
########################################################################
# /role-specific:mobilizon
2023-06-02 16:25:58 +02:00
# role-specific:mongodb
2023-06-02 16:25:58 +02:00
########################################################################
# #
# mongodb #
# #
########################################################################
mongodb_enabled: false
mongodb_identifier: "{{ mash_playbook_service_identifier_prefix }}mongodb"
mongodb_uid: "{{ mash_playbook_uid }}"
mongodb_gid: "{{ mash_playbook_gid }}"
mongodb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mongodb"
2023-06-02 16:50:15 +02:00
mongodb_managed_databases_auto: |
{{
([{
'name': infisical_mongodb_db_name,
'username': infisical_mongodb_username,
'password': infisical_mongodb_password,
}] if infisical_enabled and infisical_mongodb_hostname == mongodb_identifier else [])
}}
2023-06-02 16:25:58 +02:00
########################################################################
# #
# /mongodb #
# #
########################################################################
# /role-specific:mongodb
2023-04-05 17:01:58 +02:00
# role-specific:mosquitto
2023-07-03 13:10:38 +02:00
########################################################################
# #
# mosquitto #
2023-07-03 13:10:38 +02:00
# #
########################################################################
mosquitto_enabled: false
mosquitto_identifier: "{{ mash_playbook_service_identifier_prefix }}mosquitto"
mosquitto_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mosquitto"
2023-04-05 17:01:58 +02:00
2023-07-03 13:10:38 +02:00
mosquitto_uid: "{{ mash_playbook_uid }}"
mosquitto_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /mosquitto #
2023-07-03 13:10:38 +02:00
# #
########################################################################
# /role-specific:mosquitto
2023-04-12 12:49:51 +02:00
# role-specific:mrs
2023-04-12 12:49:51 +02:00
########################################################################
# #
# mrs #
# #
########################################################################
mrs_enabled: false
mrs_identifier: "{{ mash_playbook_service_identifier_prefix }}mrs"
mrs_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mrs"
mrs_uid: "{{ mash_playbook_uid }}"
mrs_gid: "{{ mash_playbook_gid }}"
mrs_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
mrs_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
mrs_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
mrs_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
mrs_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /mrs #
# #
########################################################################
# /role-specific:mrs
2023-04-12 12:49:51 +02:00
# role-specific:n8n
2023-07-19 12:08:59 +02:00
########################################################################
# #
# n8n #
# #
########################################################################
n8n_enabled: false
n8n_identifier: "{{ mash_playbook_service_identifier_prefix }}n8n"
n8n_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}n8n"
2023-07-19 16:03:47 +02:00
# Please see the note attached to this comment on why we can't use mash's playbook uid and gid
# https://github.com/kinduff/ansible-docker-n8n/blob/v1.4.2/defaults/main.yml
n8n_uid: "1000"
n8n_gid: "1000"
2023-07-19 12:08:59 +02:00
n8n_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier else [])
}}
n8n_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier and n8n_container_network != devture_postgres_container_network else [])
}}
n8n_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
n8n_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
n8n_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
n8n_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
n8n_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
n8n_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'n8n.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /n8n #
# #
########################################################################
# /role-specific:n8n
2023-07-19 12:08:59 +02:00
# role-specific:navidrome
########################################################################
# #
# navidrome #
# #
########################################################################
navidrome_enabled: false
navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome"
navidrome_uid: "{{ mash_playbook_uid }}"
navidrome_gid: "{{ mash_playbook_gid }}"
navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome"
navidrome_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /navidrome #
# #
########################################################################
# /role-specific:navidrome
# role-specific:nextcloud
########################################################################
# #
# nextcloud #
2023-03-17 10:39:04 +01:00
# #
########################################################################
nextcloud_enabled: false
nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud"
nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud"
2023-03-17 10:39:04 +01:00
nextcloud_uid: "{{ mash_playbook_uid }}"
nextcloud_gid: "{{ mash_playbook_gid }}"
2023-03-29 13:23:59 +02:00
nextcloud_systemd_required_services_list_auto: |
2023-03-17 10:39:04 +01:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
}}
2024-01-06 12:03:08 +01:00
nextcloud_systemd_wanted_services_list_auto: |
{{
([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and nextcloud_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay')) else [])
}}
nextcloud_container_additional_networks_auto: |
2023-03-17 10:39:04 +01:00
{{
2023-04-01 06:55:56 +02:00
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else [])
2024-01-06 12:03:08 +01:00
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and nextcloud_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay') and nextcloud_container_network != exim_relay_container_network) else [])
) | unique
2023-03-17 10:39:04 +01:00
}}
nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
nextcloud_database_username: "nextcloud"
nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}"
2024-01-06 12:03:08 +01:00
# role-specific:exim_relay
nextcloud_config_parameter_mail_smtphost: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
nextcloud_config_parameter_mail_smtpport: "{{ 8025 if exim_relay_enabled else '' }}"
nextcloud_config_parameter_mail_smtpsecure: ''
nextcloud_config_parameter_mail_smtpauth: false
nextcloud_config_parameter_mail_from_address: "{{ (exim_relay_sender_address | split('@'))[0] if exim_relay_enabled else '' }}"
nextcloud_config_parameter_mail_domain: "{{ (exim_relay_sender_address | split('@'))[1] if exim_relay_enabled else '' }}"
# /role-specific:exim_relay
2023-03-17 10:39:04 +01:00
########################################################################
# #
# /nextcloud #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:nextcloud
2023-03-15 09:58:12 +01:00
# role-specific:netbox
########################################################################
# #
# netbox #
# #
########################################################################
netbox_enabled: false
netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox"
netbox_uid: "{{ mash_playbook_uid }}"
netbox_gid: "{{ mash_playbook_gid }}"
netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox"
netbox_systemd_required_services_list_auto: |
{{
2023-12-01 18:52:36 +01:00
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier else [])
}}
netbox_container_additional_networks_auto: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else [])
) | unique
}}
netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}"
########################################################################
# #
# /netbox #
# #
########################################################################
# /role-specific:netbox
# role-specific:mariadb
2023-04-10 12:44:48 +02:00
########################################################################
# #
# mariadb #
# #
########################################################################
mariadb_enabled: false
mariadb_identifier: "{{ mash_playbook_service_identifier_prefix }}mariadb"
mariadb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mariadb"
mariadb_uid: "{{ mash_playbook_uid }}"
mariadb_gid: "{{ mash_playbook_gid }}"
mash_playbook_mariadb_managed_databases_auto_itemized:
# Dummy entry, which is not role-specific.
# Ensures there's at least one entry defined in the list.
- "{{ omit }}"
# role-specific:authelia
- |-
{{
({
'name': authelia_config_storage_mysql_database,
'username': authelia_config_storage_mysql_username,
'password': authelia_config_storage_mysql_password,
} if authelia_enabled and authelia_config_storage_mysql_host == mariadb_identifier else omit)
}}
# /role-specific:authelia
mariadb_managed_databases_auto: "{{ mash_playbook_mariadb_managed_databases_auto_itemized | reject('equalto', omit) }}"
2023-04-10 12:44:48 +02:00
########################################################################
# #
# /mariadb #
# #
########################################################################
# /role-specific:mariadb
# role-specific:outline
2023-09-19 10:15:33 +02:00
########################################################################
# #
# outline #
# #
########################################################################
outline_enabled: false
outline_identifier: "{{ mash_playbook_service_identifier_prefix }}outline"
outline_uid: "{{ mash_playbook_uid }}"
outline_gid: "{{ mash_playbook_gid }}"
outline_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}outline"
outline_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else [])
}}
outline_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier and outline_container_network != devture_postgres_container_network else [])
}}
outline_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
outline_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
outline_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
outline_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
outline_environment_variable_utils_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'utils.out', rounds=655555) | to_uuid }}"
outline_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
outline_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
outline_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.out', rounds=655555) | to_uuid }}"
outline_database_sslmode: "{{ 'disable' if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else 'prefer' }}"
########################################################################
# #
# /outline #
# #
########################################################################
# /role-specific:outline
2023-09-19 10:15:33 +02:00
# role-specific:owncast
########################################################################
# #
# owncast #
# #
########################################################################
owncast_enabled: false
owncast_identifier: "{{ mash_playbook_service_identifier_prefix }}owncast"
owncast_uid: "{{ mash_playbook_uid }}"
owncast_gid: "{{ mash_playbook_gid }}"
owncast_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}owncast"
owncast_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /owncast #
# #
########################################################################
# /role-specific:owncast
# role-specific:oxitraffic
2023-11-08 11:55:32 +01:00
########################################################################
# #
# oxitraffic #
# #
########################################################################
oxitraffic_enabled: false
oxitraffic_identifier: "{{ mash_playbook_service_identifier_prefix }}oxitraffic"
oxitraffic_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}oxitraffic"
oxitraffic_uid: "{{ mash_playbook_uid }}"
oxitraffic_gid: "{{ mash_playbook_gid }}"
oxitraffic_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
oxitraffic_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
oxitraffic_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.oxitraffic', rounds=655555) | to_uuid }}"
oxitraffic_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier else [])
}}
oxitraffic_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier and oxitraffic_container_network != devture_postgres_container_network else [])
}}
oxitraffic_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
oxitraffic_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
oxitraffic_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
oxitraffic_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /oxitraffic #
# #
########################################################################
# /role-specific:oxitraffic
2023-11-08 11:55:32 +01:00
# role-specific:peertube
2023-03-17 14:43:45 +01:00
########################################################################
# #
# peertube #
# #
########################################################################
peertube_enabled: false
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube"
2023-03-17 14:43:45 +01:00
peertube_uid: "{{ mash_playbook_uid }}"
peertube_gid: "{{ mash_playbook_gid }}"
peertube_container_additional_networks_auto: |
2023-03-17 14:43:45 +01:00
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
) | unique
}}
peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
peertube_config_database_username: peertube
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
peertube_systemd_required_services_list_auto: |
2023-03-17 14:43:45 +01:00
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
}}
########################################################################
# #
# /peertube #
# #
########################################################################
# /role-specific:peertube
2023-03-17 14:43:45 +01:00
# role-specific:postgis
2023-04-05 17:01:58 +02:00
########################################################################
# #
# postgis #
# #
########################################################################
postgis_enabled: false
postgis_identifier: "{{ mash_playbook_service_identifier_prefix }}postgis"
postgis_architecture: "{{ mash_playbook_architecture }}"
postgis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgis"
postgis_uid: "{{ mash_playbook_uid }}"
postgis_gid: "{{ mash_playbook_gid }}"
postgis_systemd_services_to_stop_for_maintenance_list: |
{{
([(mobilizon_identifier + '.service')] if mobilizon_enabled else [])
2023-04-05 17:01:58 +02:00
}}
postgis_managed_databases_auto: |
{{
([{
'name': mobilizon_database_name,
'username': mobilizon_database_username,
'password': mobilizon_database_password,
}] if mobilizon_enabled and mobilizon_database_type == 'postgis' and mobilizon_database_hostname == postgis_identifier else [])
}}
########################################################################
# #
# /postgis #
# #
########################################################################
# /role-specific:postgis
2023-04-05 17:01:58 +02:00
2023-03-17 14:43:45 +01:00
# role-specific:prometheus_postgres_exporter
########################################################################
# #
# prometheus_postgres_exporter #
# #
########################################################################
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_enabled: false
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-postgres-exporter"
prometheus_postgres_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
prometheus_postgres_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_postgres_exporter_identifier }}"
2023-05-17 13:43:36 +02:00
prometheus_postgres_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-postgres-exporter"
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_postgres_exporter_gid: "{{ mash_playbook_gid }}"
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
2023-05-17 10:32:47 +02:00
([devture_postgres_container_network] if devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_identifier and prometheus_postgres_exporter_container_network != devture_postgres_container_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_postgres_exporter_hostname | length > 0 }}"
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
2023-05-17 10:32:47 +02:00
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: prometheus_postgres_exporter
prometheus_postgres_exporter_database_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
prometheus_postgres_exporter_database_ssl: false
prometheus_postgres_exporter_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
########################################################################
# #
# /prometheus_postgres_exporter #
# #
########################################################################
# /role-specific:prometheus_postgres_exporter
# role-specific:prometheus
2023-03-20 16:54:01 +01:00
########################################################################
# #
# prometheus #
# #
########################################################################
prometheus_enabled: false
prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus"
prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus"
2023-03-20 16:54:01 +01:00
prometheus_uid: "{{ mash_playbook_uid }}"
prometheus_gid: "{{ mash_playbook_gid }}"
2023-07-24 18:37:03 +02:00
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_hostname | length > 0 }}"
prometheus_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_container_additional_networks_auto: |
2023-07-24 18:37:03 +02:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
2023-03-20 16:54:01 +01:00
########################################################################
# #
# /prometheus #
# #
########################################################################
# /role-specific:prometheus
2023-03-20 16:54:01 +01:00
# role-specific:prometheus_blackbox_exporter
2023-03-19 21:34:43 +01:00
########################################################################
# #
# prometheus_blackbox_exporter #
# #
########################################################################
prometheus_blackbox_exporter_enabled: false
prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
prometheus_blackbox_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_blackbox_exporter_identifier }}"
prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter"
2023-03-19 21:34:43 +01:00
prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_blackbox_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}"
2023-03-19 21:34:43 +01:00
prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
2023-03-19 21:34:43 +01:00
########################################################################
# #
# /prometheus_blackbox_exporter #
# #
########################################################################
# /role-specific:prometheus_blackbox_exporter
2023-03-19 21:34:43 +01:00
2023-03-20 16:54:01 +01:00
# role-specific:prometheus_ssh_exporter
2023-09-05 22:44:04 +02:00
########################################################################
# #
# prometheus_ssh_exporter #
# #
########################################################################
prometheus_ssh_exporter_enabled: false
prometheus_ssh_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-ssh-exporter"
prometheus_ssh_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
prometheus_ssh_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_ssh_exporter_identifier }}"
2023-09-05 22:44:04 +02:00
prometheus_ssh_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-ssh-exporter"
prometheus_ssh_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_ssh_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_ssh_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_ssh_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_ssh_exporter_hostname }}"
prometheus_ssh_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_ssh_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_ssh_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
2023-09-05 22:44:04 +02:00
########################################################################
# #
# /prometheus_ssh_exporter #
# #
########################################################################
# /role-specific:prometheus_ssh_exporter
2023-09-05 22:44:04 +02:00
# role-specific:prometheus_node_exporter
2023-03-17 23:13:30 +01:00
########################################################################
# #
# prometheus_node_exporter #
# #
########################################################################
prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
prometheus_node_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
prometheus_node_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_node_exporter_identifier }}"
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_node_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_process_extra_arguments:
- "--collector.disable-defaults"
- "--collector.cpu"
- "--collector.filesystem"
- "--collector.meminfo"
- "--collector.systemd"
- "--collector.uname"
2023-03-17 23:13:30 +01:00
prometheus_node_exporter_container_extra_arguments:
- "--security-opt apparmor=unconfined"
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"
########################################################################
# #
# /prometheus_node_exporter #
# #
########################################################################
# /role-specific:prometheus_node_exporter
2023-03-17 23:13:30 +01:00
2023-03-17 14:43:45 +01:00
# role-specific:promtail
########################################################################
# #
# promtail #
# #
########################################################################
promtail_enabled: false
promtail_identifier: "{{ mash_playbook_service_identifier_prefix }}promtail"
promtail_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}promtail"
promtail_uid: "{{ mash_playbook_uid }}"
promtail_gid: "{{ mash_playbook_gid }}"
# role-specific:loki
promtail_config_clients_auto: |
{{
([{
'url': ('http://' + loki_identifier + ':' + (loki_server_http_listen_port | string) + '/loki/api/v1/push'),
'tenant_id': 'mash',
}] if loki_enabled else [])
}}
# /role-specific:loki
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
promtail_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
promtail_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
promtail_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
promtail_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
promtail_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}"
promtail_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}"
promtail_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ promtail_identifier }}"
promtail_container_labels_metrics_traefik_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}"
promtail_container_labels_metrics_traefik_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}"
promtail_container_additional_networks_auto: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([loki_container_network] if (loki_enabled | default(false) and loki_container_network | default('') != promtail_container_network) else [])
) | unique
}}
########################################################################
# #
# /promtail #
# #
########################################################################
# /role-specific:promtail
# role-specific:radicale
2023-03-15 09:58:12 +01:00
########################################################################
# #
2023-03-17 10:39:04 +01:00
# radicale #
2023-03-15 09:58:12 +01:00
# #
########################################################################
radicale_enabled: false
2023-03-16 13:41:37 +01:00
radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale"
2023-03-15 09:58:12 +01:00
radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale"
2023-03-15 09:58:12 +01:00
radicale_uid: "{{ mash_playbook_uid }}"
radicale_gid: "{{ mash_playbook_gid }}"
radicale_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
2023-03-15 09:58:12 +01:00
radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /radicale #
2023-03-17 14:43:45 +01:00
# #
########################################################################
# /role-specific:radicale
2023-03-17 14:43:45 +01:00
# role-specific:redmine
2023-03-17 22:27:52 +01:00
########################################################################
# #
# redmine #
2023-03-17 22:27:52 +01:00
# #
########################################################################
redmine_enabled: false
redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine"
redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine"
2023-03-17 22:27:52 +01:00
redmine_uid: "{{ mash_playbook_uid }}"
redmine_gid: "{{ mash_playbook_gid }}"
redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}"
redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}"
redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}"
redmine_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else [])
}}
redmine_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else [])
}}
redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}"
redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
2023-03-19 08:39:44 +01:00
redmine_database_username: "redmine"
2023-03-17 22:27:52 +01:00
redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /redmine #
# #
########################################################################
# /role-specific:redmine
2023-03-17 22:27:52 +01:00
2023-03-17 14:43:45 +01:00
# role-specific:redis
2023-03-17 14:43:45 +01:00
########################################################################
# #
# redis #
# #
########################################################################
redis_enabled: false
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis"
2023-03-17 14:43:45 +01:00
redis_uid: "{{ mash_playbook_uid }}"
redis_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /redis #
2023-03-23 10:32:59 +01:00
# #
########################################################################
# /role-specific:redis
2023-03-23 10:32:59 +01:00
# role-specific:roundcube
########################################################################
# #
# roundcube #
# #
########################################################################
roundcube_enabled: false
roundcube_identifier: "{{ mash_playbook_service_identifier_prefix }}roundcube"
roundcube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}roundcube"
roundcube_uid: "0"
roundcube_gid: "0"
roundcube_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite' }}"
roundcube_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
roundcube_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
roundcube_database_name: "{{ 'roundcube' if devture_postgres_enabled else '' }}"
roundcube_database_username: "{{ 'roundcube' if devture_postgres_enabled else '' }}"
roundcube_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.roundcube', rounds=655555) | to_uuid }}"
roundcube_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier else [])
}}
roundcube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
roundcube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
roundcube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
roundcube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
roundcube_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier and roundcube_container_network != devture_postgres_container_network else [])
}}
########################################################################
# #
# /roundcube #
# #
########################################################################
# /role-specific:roundcube
# role-specific:rumqttd
2023-06-28 22:41:48 +02:00
########################################################################
# #
# rumqttd #
# #
########################################################################
rumqttd_enabled: false
rumqttd_identifier: "{{ mash_playbook_service_identifier_prefix }}rumqttd"
2023-03-23 10:32:59 +01:00
2023-06-28 22:41:48 +02:00
rumqttd_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}rumqttd"
rumqttd_uid: "{{ mash_playbook_uid }}"
rumqttd_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /rumqttd #
# #
########################################################################
# /role-specific:rumqttd
2023-03-23 10:32:59 +01:00
2023-03-28 15:02:22 +02:00
# role-specific:semaphore
########################################################################
# #
# semaphore #
# #
########################################################################
semaphore_enabled: false
semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore"
semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore"
semaphore_uid: "{{ mash_playbook_uid }}"
semaphore_gid: "{{ mash_playbook_gid }}"
semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}"
semaphore_database_username: "{{ semaphore_identifier }}"
semaphore_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else [])
}}
semaphore_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else [])
}}
semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /semaphore #
# #
########################################################################
# /role-specific:semaphore
# role-specific:soft_serve
2023-03-28 15:02:22 +02:00
########################################################################
# #
# soft-serve #
# #
########################################################################
soft_serve_enabled: false
soft_serve_identifier: "{{ mash_playbook_service_identifier_prefix }}soft-serve"
soft_serve_uid: "{{ mash_playbook_uid }}"
soft_serve_gid: "{{ mash_playbook_gid }}"
soft_serve_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}soft-serve"
########################################################################
# #
# /soft-serve #
# #
2023-03-23 10:32:59 +01:00
########################################################################
# /role-specific:soft_serve
2023-03-23 10:32:59 +01:00
# role-specific:syncthing
2023-03-23 10:32:59 +01:00
########################################################################
# #
# syncthing #
# #
########################################################################
syncthing_enabled: false
syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing"
syncthing_uid: "{{ mash_playbook_uid }}"
syncthing_gid: "{{ mash_playbook_gid }}"
syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing"
2023-03-23 10:32:59 +01:00
syncthing_container_additional_networks_auto: |
2023-03-23 10:32:59 +01:00
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /syncthing #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:syncthing
2023-03-15 09:58:12 +01:00
########################################################################
# #
# tandoor #
# #
########################################################################
tandoor_enabled: false
tandoor_identifier: "{{ mash_playbook_service_identifier_prefix }}tandoor"
tandoor_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}tandoor"
tandoor_uid: "{{ mash_playbook_uid }}"
tandoor_gid: "{{ mash_playbook_gid }}"
tandoor_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier else [])
}}
tandoor_systemd_wanted_services_list_auto: |
{{
([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and tandoor_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay')) else [])
}}
tandoor_api_container_additional_networks_auto: |
{{
(
([devture_postgres_container_network] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier and tandoor_container_network != devture_postgres_container_network else [])
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and tandoor_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay') and tandoor_container_network != exim_relay_container_network) else [])
) | unique
}}
tandoor_frontend_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
tandoor_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
tandoor_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
tandoor_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
tandoor_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
tandoor_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
tandoor_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
tandoor_database_username: "tandoor"
tandoor_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.tandoor', rounds=655555) | to_uuid }}"
tandoor_environment_variable_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.tandoor', rounds=655555) | to_uuid }}"
# role-specific:exim_relay
tandoor_config_parameter_mail_smtphost: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
tandoor_config_parameter_mail_smtpport: "{{ 8025 if exim_relay_enabled else '' }}"
tandoor_config_parameter_mail_smtpsecure: ''
tandoor_config_parameter_mail_smtpauth: false
tandoor_config_parameter_mail_from_address: "{{ (exim_relay_sender_address | split('@'))[0] if exim_relay_enabled else '' }}"
tandoor_config_parameter_mail_domain: "{{ (exim_relay_sender_address | split('@'))[1] if exim_relay_enabled else '' }}"
# /role-specific:exim_relay
########################################################################
# #
# /tandoor #
# #
########################################################################
# role-specific:telegraf
2023-06-29 10:46:34 +02:00
########################################################################
# #
# telegraf #
# #
########################################################################
telegraf_enabled: false
telegraf_identifier: "{{ mash_playbook_service_identifier_prefix }}telegraf"
telegraf_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}telegraf"
telegraf_uid: "{{ mash_playbook_uid }}"
telegraf_gid: "{{ mash_playbook_gid }}"
telegraf_systemd_required_services_list: |
{{
(['docker.service'])
+
([(influxdb_identifier + '.service')] if influxdb_enabled else [])
}}
########################################################################
# #
# /telegraf #
# #
########################################################################
# /role-specific:telegraf
2023-03-15 09:58:12 +01:00
# role-specific:vaultwarden
########################################################################
# #
# vaultwarden #
# #
########################################################################
2023-03-16 17:35:34 +01:00
vaultwarden_enabled: false
2023-03-16 13:41:37 +01:00
vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden"
vaultwarden_uid: "{{ mash_playbook_uid }}"
vaultwarden_gid: "{{ mash_playbook_gid }}"
vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden"
vaultwarden_systemd_required_systemd_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else [])
}}
2024-01-06 12:03:08 +01:00
vaultwarden_systemd_wanted_systemd_services_list_auto: |
{{
([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and vaultwarden_config_smtp_host == exim_relay_identifier | default('mash-exim-relay')) else [])
}}
vaultwarden_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else [])
2024-01-06 12:03:08 +01:00
+
([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and vaultwarden_config_smtp_host == exim_relay_identifier | default('mash-exim-relay') and vaultwarden_container_network != exim_relay_container_network) else [])
}}
vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
vaultwarden_database_username: "vaultwarden"
vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}"
2024-01-06 12:03:08 +01:00
# role-specific:exim_relay
vaultwarden_config_smtp_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}"
vaultwarden_config_smtp_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}"
vaultwarden_config_smtp_port: "{{ 8025 if exim_relay_enabled else '587' }}"
vaultwarden_config_smtp_security: "{{ 'off' if exim_relay_enabled else 'starttls' }}"
# /role-specific:exim_relay
########################################################################
# #
# /vaultwarden #
# #
########################################################################
# /role-specific:vaultwarden
# role-specific:uptime_kuma
2023-03-15 09:58:12 +01:00
########################################################################
# #
# uptime_kuma #
2023-03-15 09:58:12 +01:00
# #
########################################################################
uptime_kuma_enabled: false
2023-03-16 13:41:37 +01:00
uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma"
2023-03-15 09:58:12 +01:00
uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma"
2023-03-15 09:58:12 +01:00
uptime_kuma_uid: "{{ mash_playbook_uid }}"
uptime_kuma_gid: "{{ mash_playbook_gid }}"
uptime_kuma_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
2023-03-15 09:58:12 +01:00
uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /uptime_kuma #
2023-03-15 09:58:12 +01:00
# #
########################################################################
# /role-specific:uptime_kuma
2023-03-16 17:26:06 +01:00
# role-specific:wg_easy
2023-04-29 08:30:26 +02:00
########################################################################
# #
# wg-easy #
# #
########################################################################
wg_easy_enabled: false
wg_easy_identifier: "{{ mash_playbook_service_identifier_prefix }}wg-easy"
wg_easy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}wg-easy"
wg_easy_uid: "{{ mash_playbook_uid }}"
wg_easy_gid: "{{ mash_playbook_gid }}"
wg_easy_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
wg_easy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
wg_easy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
wg_easy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
wg_easy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /wg-easy #
# #
########################################################################
# /role-specific:wg_easy
2023-04-29 08:30:26 +02:00
# role-specific:forgejo
########################################################################
# #
# forgejo #
# #
########################################################################
forgejo_enabled: false
forgejo_identifier: "{{ mash_playbook_service_identifier_prefix }}forgejo"
forgejo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}forgejo"
forgejo_uid: "{{ mash_playbook_uid }}"
forgejo_gid: "{{ mash_playbook_gid }}"
forgejo_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier else [])
}}
forgejo_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier and forgejo_container_network != devture_postgres_container_network else [])
}}
forgejo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
forgejo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
forgejo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
forgejo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
forgejo_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
forgejo_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
forgejo_config_database_username: "forgejo"
forgejo_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.forgejo', rounds=655555) | to_uuid }}"
########################################################################
# #
# /forgejo #
# #
########################################################################
# /role-specific:forgejo
2023-04-29 08:30:26 +02:00
# role-specific:woodpecker_ci_server
2023-03-16 17:26:06 +01:00
########################################################################
# #
# woodpecker-ci-server #
# #
########################################################################
devture_woodpecker_ci_server_enabled: false
devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server"
devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server"
2023-03-16 17:26:06 +01:00
devture_woodpecker_ci_server_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else [])
}}
devture_woodpecker_ci_server_container_additional_networks: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else [])
) | unique
}}
devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
devture_woodpecker_ci_server_database_driver: postgres
devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable"
devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server
devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}"
devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server
########################################################################
# #
# /woodpecker-ci-server #
# #
########################################################################
# /role-specific:woodpecker_ci_server
2023-03-16 17:26:06 +01:00
# role-specific:woodpecker_ci_agent
2023-03-16 17:26:06 +01:00
########################################################################
# #
# woodpecker-ci-agent #
# #
########################################################################
devture_woodpecker_ci_agent_enabled: false
devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent"
devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent"
2023-03-16 17:26:06 +01:00
devture_woodpecker_ci_agent_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else [])
}}
devture_woodpecker_ci_agent_container_additional_networks: |
{{
(
([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else [])
) | unique
}}
devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}"
devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}"
########################################################################
# #
# /woodpecker-ci-agent #
# #
########################################################################
# /role-specific:woodpecker_ci_agent