From 3dd4b897163a08eba243fcb689ea727eaca2ec04 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev <slavi@devture.com> Date: Fri, 27 Sep 2024 11:13:10 +0300 Subject: [PATCH] Relocate Postgres, Traefik and Woodpecker CI roles to the MASH organization --- CHANGELOG.md | 21 +- docs/developer-documentation.md | 14 +- docs/services/forgejo.md | 2 +- docs/services/postgres-backup.md | 20 +- docs/services/postgres.md | 16 +- docs/services/traefik.md | 24 +- docs/services/woodpecker-ci.md | 42 +- examples/vars.yml | 14 +- roles/mash/playbook_base/defaults/main.yml | 8 +- roles/mash/playbook_migration/tasks/main.yml | 6 + .../tasks/validate_config.yml | 67 ++ templates/group_vars_mash_servers | 740 +++++++++--------- templates/requirements.yml | 32 +- 13 files changed, 548 insertions(+), 458 deletions(-) create mode 100644 roles/mash/playbook_migration/tasks/validate_config.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b8d572..a13d34f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# 2024-09-27 + +## (BC Break) Postgres, Traefik & Woodpecker CI roles have been relocated and variable names need adjustments + +Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization. + +Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration. + +You need to do the following replacements: + +- `devture_postgres_` -> `postgres_` +- `devture_traefik_` -> `traefik_` +- `devture_woodpecker_ci_` -> `woodpecker_ci_` + +As always, the playbook would let you know about this and point out any variables you may have missed. + + # 2024-07-06 ## Traefik v3 and HTTP/3 are here now @@ -18,7 +35,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp). -You **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. +You **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. ### HTTP/3 is enabled by default @@ -35,7 +52,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a To **disable HTTP/3**, you can use the following configuration: ```yml -devture_traefik_config_entrypoint_web_secure_http3_enabled: false +traefik_config_entrypoint_web_secure_http3_enabled: false ``` diff --git a/docs/developer-documentation.md b/docs/developer-documentation.md index 5be38ce..5a16b10 100644 --- a/docs/developer-documentation.md +++ b/docs/developer-documentation.md @@ -94,7 +94,7 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: ######################################################################## [...] -mash_playbook_devture_postgres_managed_databases_auto_itemized: +mash_playbook_postgres_managed_databases_auto_itemized: [...] # role-specific:YOUR-SERVICE - |- @@ -106,7 +106,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: } if gYOUR-SERVICE_enabled else omit) }} # /role-specific:YOUR-SERVICE - + [...] ######################################################################## # # @@ -127,17 +127,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: [...] # role-specific:postgres -YOUR-SERVICE_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -YOUR-SERVICE_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +YOUR-SERVICE_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +YOUR-SERVICE_database_port: "{{ '5432' if postgres_enabled else '' }}" YOUR-SERVICE_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}" YOUR-SERVICE_database_username: "{{ authentik_identifier }}" # /role-specific:postgres YOUR-SERVICE_container_additional_networks_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and YOUR-SERVICE_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and YOUR-SERVICE_database_hostname == postgres_identifier else []) }} - + ######################################################################## # # # /YOUR-SERVICE # @@ -175,7 +175,7 @@ YOUR-SERVICE_config_mailer_smtp_port: 8025 YOUR-SERVICE_config_mailer_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" YOUR-SERVICE_config_mailer_protocol: "{{ 'smtp' if exim_relay_enabled else '' }}" # /role-specific:exim_relay - + ######################################################################## # # # /YOUR-SERVICE # diff --git a/docs/services/forgejo.md b/docs/services/forgejo.md index 63310c0..b2309b3 100644 --- a/docs/services/forgejo.md +++ b/docs/services/forgejo.md @@ -64,7 +64,7 @@ You may also wish to look into [Woodpecker CI](woodpecker-ci.md) and [Forgejo Ru If you want to integrate Forgejo with [Woodpecker CI](woodpecker-ci.md), and if you plan to serve Woodpecker CI under a subpath on the same host as Forgejo (e.g., Forgejo lives at `https://mash.example.com` and Woodpecker CI lives at `https://mash.example.com/ci`), then you need to configure Forgejo to use the host's external IP when invoking webhooks from Woodpecker CI. You can do it by setting the following variables: ```yaml -forgejo_container_add_host_domain_name: "{{ devture_woodpecker_ci_server_hostname }}" +forgejo_container_add_host_domain_name: "{{ woodpecker_ci_server_hostname }}" forgejo_container_add_host_domain_ip_address: "{{ ansible_host }}" # If ansible_host points to an internal IP address, you may need to allow Forgejo to make requests to it. diff --git a/docs/services/postgres-backup.md b/docs/services/postgres-backup.md index 5570f1d..11ee41f 100644 --- a/docs/services/postgres-backup.md +++ b/docs/services/postgres-backup.md @@ -12,15 +12,15 @@ To enable this service, add the following configuration to your `vars.yml` file ```yaml ######################################################################## # # -# devture-postgres-backup # +# postgres-backup # # # ######################################################################## -devture_postgres_backup_enabled: true +postgres_backup_enabled: true ######################################################################## # # -# /devture-postgres-backup # +# /postgres-backup # # # ######################################################################## ``` @@ -30,10 +30,10 @@ Refer to the table below for additional configuration variables and their defaul | Name | Default value | Description | | :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- | -|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| -|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| -|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep| -|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| -|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep| -|`devture_postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` | -|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | +|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups| +|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.| +|`postgres_backup_keep_days`|`7`|Number of daily backups to keep| +|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep| +|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep| +|`postgres_backup_base_path` | `"{{ mash_playbook_base_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` | +|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups | diff --git a/docs/services/postgres.md b/docs/services/postgres.md index d36a5fd..dbdf58f 100644 --- a/docs/services/postgres.md +++ b/docs/services/postgres.md @@ -14,18 +14,18 @@ To enable this service, add the following configuration to your `vars.yml` file ```yaml ######################################################################## # # -# devture-postgres # +# postgres # # # ######################################################################## -devture_postgres_enabled: true +postgres_enabled: true # Put a strong password below, generated with `pwgen -s 64 1` or in another way -devture_postgres_connection_password: '' +postgres_connection_password: '' ######################################################################## # # -# /devture-postgres # +# /postgres # # # ######################################################################## ``` @@ -165,15 +165,15 @@ Example: `--extra-vars="postgres_dump_name=mash-postgres-dump.sql"` PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process. The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/. -You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable. +You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable. Most users should be fine with the automatically-done tuning. However, you may wish to: -- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable +- **adjust the automatically-deterimned tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable -- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []` +- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []` -- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration +- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration ## Recommended other services diff --git a/docs/services/traefik.md b/docs/services/traefik.md index cf39df9..ca37f67 100644 --- a/docs/services/traefik.md +++ b/docs/services/traefik.md @@ -14,14 +14,14 @@ To enable this service, add the following configuration to your `vars.yml` file ```yaml ######################################################################## # # -# devture-traefik # +# traefik # # # ######################################################################## mash_playbook_reverse_proxy_type: playbook-managed-traefik # The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates -devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com +traefik_config_certificatesResolvers_acme_email: your-email@example.com # Or, if you'd like to install Traefik yourself: # @@ -30,7 +30,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com ######################################################################## # # -# /devture-traefik # +# /traefik # # # ######################################################################## ``` @@ -61,7 +61,7 @@ mash_playbook_reverse_proxyable_services_additional_network: traefik ## Increase logging verbosity ```yaml -devture_traefik_config_log_level: DEBUG +traefik_config_log_level: DEBUG ``` ## Disable access logs @@ -69,7 +69,7 @@ devture_traefik_config_log_level: DEBUG This will disable access logging. ```yaml -devture_traefik_config_accessLog_enabled: false +traefik_config_accessLog_enabled: false ``` ## Enable Traefik Dashboard @@ -77,23 +77,23 @@ devture_traefik_config_accessLog_enabled: false This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://traefik.mash.example.com/dashboard/` (note the trailing `/`). ```yaml -devture_traefik_dashboard_enabled: true -devture_traefik_dashboard_hostname: traefik.mash.example.com -devture_traefik_dashboard_basicauth_enabled: true -devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE -devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE +traefik_dashboard_enabled: true +traefik_dashboard_hostname: traefik.mash.example.com +traefik_dashboard_basicauth_enabled: true +traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE +traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE ``` **WARNING**: enabling the dashboard on a hostname you use for something else (like `mash.example.com` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. ## Additional configuration -Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. +Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists. ```yaml # This is a contrived example. # You can enable and secure the Dashboard using dedicated variables. See above. -devture_traefik_configuration_extension_yaml: | +traefik_configuration_extension_yaml: | api: dashboard: true ``` diff --git a/docs/services/woodpecker-ci.md b/docs/services/woodpecker-ci.md index ec334a1..058cc72 100644 --- a/docs/services/woodpecker-ci.md +++ b/docs/services/woodpecker-ci.md @@ -34,11 +34,11 @@ To enable this service, add the following configuration to your `vars.yml` file # # ######################################################################## -devture_woodpecker_ci_server_enabled: true +woodpecker_ci_server_enabled: true -devture_woodpecker_ci_server_hostname: mash.example.com +woodpecker_ci_server_hostname: mash.example.com -devture_woodpecker_ci_server_path_prefix: /ci +woodpecker_ci_server_path_prefix: /ci # Generate this secret with `openssl rand -hex 32` # @@ -47,20 +47,20 @@ devture_woodpecker_ci_server_path_prefix: /ci # server will register it as a non-persistent agent. # # See the definition of -# devture_woodpecker_ci_agent_config_agent_secret below for more details. -devture_woodpecker_ci_server_config_agent_secret: '' +# woodpecker_ci_agent_config_agent_secret below for more details. +woodpecker_ci_server_config_agent_secret: '' -devture_woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE] +woodpecker_ci_server_config_admins: [YOUR_USERNAME_HERE] # Add one or more usernames that match your version control system (e.g. Gitea) below. # These users will have admin privileges upon signup. -devture_woodpecker_ci_server_config_admins: +woodpecker_ci_server_config_admins: - YOUR_USERNAME_HERE - ANOTHER_USERNAME_HERE # Uncomment the line below if you'll be running Woodpecker CI agents on remote machines. # If you'll only run agents on the same machine as the server, you can keep gRPC expose disabled. -# devture_woodpecker_ci_server_container_labels_traefik_grpc_enabled: true +# woodpecker_ci_server_container_labels_traefik_grpc_enabled: true ######################################################################## # # @@ -71,32 +71,32 @@ devture_woodpecker_ci_server_config_admins: In the example configuration above, we configure the service to be hosted at `https://mash.example.com/ci`. -If you want to host the service at the root path, remove the `devture_woodpecker_ci_server_path_prefix` variable override. +If you want to host the service at the root path, remove the `woodpecker_ci_server_path_prefix` variable override. #### Gitea Integration The Woodpecker CI server can integrate with [Gitea](gitea.md) using the following **additional** `vars.yml` configuration: ```yaml -devture_woodpecker_ci_server_provider: gitea +woodpecker_ci_server_provider: gitea # We must use the public URL here, because it's also used for login redirects -devture_woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}" +woodpecker_ci_server_config_gitea_url: "{{ gitea_config_root_url }}" # Populate these with the OAuth 2 application information # (see the Gitea configuration section above) -devture_woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE -devture_woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE +woodpecker_ci_server_config_gitea_client: GITEA_OAUTH_CLIENT_ID_HERE +woodpecker_ci_server_config_gitea_secret: GITEA_OAUTH_CLIENT_SECRET_HERE -devture_woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}" -devture_woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}" +woodpecker_ci_server_container_add_host_domain_name: "{{ gitea_hostname }}" +woodpecker_ci_server_container_add_host_ip_address: "{{ ansible_host }}" ``` To integrate with version-control systems other than Gitea (e.g. [Forgejo](forgejo.md)), you'll need similar configuration. ### Usage -After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `devture_woodpecker_ci_server_hostname` and `devture_woodpecker_ci_server_path_prefix` values configured in `vars.yml`). +After installation, you should be able to access the Woodpecker CI server instance at `https://mash.DOMAIN/ci` (matching the `woodpecker_ci_server_hostname` and `woodpecker_ci_server_path_prefix` values configured in `vars.yml`). The **Log in** button should take you to Gitea, where you can authorize Woodpecker CI with the OAuth 2 application. @@ -122,7 +122,7 @@ This service requires the following other services: # # ######################################################################## -devture_woodpecker_ci_agent_enabled: true +woodpecker_ci_agent_enabled: true # If the agent runs on the same machine as the server, enabling the agent # is everything you need. The agent and server will be wired automatically. @@ -132,7 +132,7 @@ devture_woodpecker_ci_agent_enabled: true # This needs to point to the server's gRPC host:port. # If your Woodpecker CI Server is deployed using this playbook, its # gRPC port will likely be 443. E.g., ci.example.com:443. -devture_woodpecker_ci_agent_config_server: '' +woodpecker_ci_agent_config_server: '' # This playbook only supports agent-specific secrets, i.e., it is not recommended to use # a shared secret between Woodpecker CI Server and all of its agents. Please refer to @@ -142,15 +142,15 @@ devture_woodpecker_ci_agent_config_server: '' # https://woodpecker-ci.org/docs/administration/agent-config#using-agent-token # # then, when you have the agent secret, uncomment the following line. -#devture_woodpecker_ci_agent_config_agent_secret: '' +#woodpecker_ci_agent_config_agent_secret: '' # Uncomment the line below if you want the agent to connect to the # server over a secure gRPC channel (recommended). -#devture_woodpecker_ci_agent_config_grpc_secure: true +#woodpecker_ci_agent_config_grpc_secure: true # Uncomment the line below if you want the agent to verify the # server's TLS certificate when connecting over a secure gRPC channel. -#devture_woodpecker_ci_agent_config_grpc_verify: true +#woodpecker_ci_agent_config_grpc_verify: true ######################################################################## # # diff --git a/examples/vars.yml b/examples/vars.yml index 4677f23..fe05224 100644 --- a/examples/vars.yml +++ b/examples/vars.yml @@ -63,7 +63,7 @@ devture_timesync_installation_enabled: true ######################################################################## # # -# devture-traefik # +# traefik # # # ######################################################################## @@ -77,11 +77,11 @@ devture_timesync_installation_enabled: true mash_playbook_reverse_proxy_type: playbook-managed-traefik # The email address that Traefik will pass to Let's Encrypt when obtaining SSL certificates -devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com +traefik_config_certificatesResolvers_acme_email: your-email@example.com ######################################################################## # # -# /devture-traefik # +# /traefik # # # ######################################################################## @@ -89,7 +89,7 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com ######################################################################## # # -# devture-postgres # +# postgres # # # ######################################################################## @@ -97,14 +97,14 @@ devture_traefik_config_certificatesResolvers_acme_email: your-email@example.com # # Learn more about the Postgres service in docs/services/postgres.md -devture_postgres_enabled: true +postgres_enabled: true # Put a strong password below, generated with `pwgen -s 64 1` or in another way -devture_postgres_connection_password: '' +postgres_connection_password: '' ######################################################################## # # -# /devture-postgres # +# /postgres # # # ######################################################################## diff --git a/roles/mash/playbook_base/defaults/main.yml b/roles/mash/playbook_base/defaults/main.yml index ca7278a..152d524 100644 --- a/roles/mash/playbook_base/defaults/main.yml +++ b/roles/mash/playbook_base/defaults/main.yml @@ -46,8 +46,8 @@ mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else # # - `playbook-managed-traefik` # - the playbook will run a managed Traefik instance (mash-traefik) -# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`) -# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email` +# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`) +# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email` # # - `other-traefik-container` # - this playbook will not install Traefik @@ -74,12 +74,12 @@ mash_playbook_docker_installation_daemon_options_auto: mash_playbook_docker_installation_daemon_options_custom: {} # Controls whether to attach Traefik labels to services. -# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, +# This is separate from `traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # yet still use Traefik installed in another way. mash_playbook_traefik_labels_enabled: "{{ mash_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" # Controls the additional network that reverse-proxyable services will be connected to. -mash_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled | default(false) else '' }}" +mash_playbook_reverse_proxyable_services_additional_network: "{{ traefik_container_network if traefik_enabled | default(false) else '' }}" # Controls whether various services should expose metrics publicly. # If Prometheus is operating on the same machine, exposing metrics publicly is not necessary. diff --git a/roles/mash/playbook_migration/tasks/main.yml b/roles/mash/playbook_migration/tasks/main.yml index d3e0165..1c09044 100644 --- a/roles/mash/playbook_migration/tasks/main.yml +++ b/roles/mash/playbook_migration/tasks/main.yml @@ -1,5 +1,11 @@ --- +- tags: + - setup-all + - install-all + block: + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + - when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool tags: - setup-all diff --git a/roles/mash/playbook_migration/tasks/validate_config.yml b/roles/mash/playbook_migration/tasks/validate_config.yml new file mode 100644 index 0000000..17b6910 --- /dev/null +++ b/roles/mash/playbook_migration/tasks/validate_config.yml @@ -0,0 +1,67 @@ +--- + +- name: (Deprecation) Catch and report devture_postgres_backup variables + ansible.builtin.fail: + msg: |- + The postgres-backup role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_postgres_backup_`-prefixed variables (`devture_postgres_backup_*` -> `postgres_backup_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_backup_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_postgres variables + ansible.builtin.fail: + msg: |- + The postgres role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-postgres). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_postgres_`-prefixed variables (`devture_postgres_*` -> `devture_postgres_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_postgres_.*') | list | items2dict" + +- name: (Deprecation) Catch and report traefik_certs_dumper variables + ansible.builtin.fail: + msg: |- + The traefik-certs-dumper role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_certs_dumper_`-prefixed variables (`devture_traefik_certs_dumper_*` -> `traefik_certs_dumper_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_certs_dumper_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_traefik variables + ansible.builtin.fail: + msg: |- + The traefik role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-traefik). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_traefik_`-prefixed variables (`devture_traefik_*` -> `traefik_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_traefik_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_woodpecker_server variables + ansible.builtin.fail: + msg: |- + The woodpecker-ci-server role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_server_`-prefixed variables (`devture_woodpecker_ci_server_*` -> `woodpecker_ci_server_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_server_.*') | list | items2dict" + +- name: (Deprecation) Catch and report devture_woodpecker_agent variables + ansible.builtin.fail: + msg: |- + The woodpecker-ci-agent role in the playbook now lives under the MASH organization (https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent). + The new role is pretty much the same, but uses differently named variables. + + Please change your configuration (vars.yml) to rename all `devture_woodpecker_ci_agent_`-prefixed variables (`devture_woodpecker_ci_agent_*` -> `woodpecker_ci_agent_*`). + + The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | map (attribute='key') | join(', ') }} + when: "vars | dict2items | selectattr('key', 'match', 'devture_woodpecker_ci_agent_.*') | list | items2dict" diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 0e453ad..4b3bf55 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -39,20 +39,20 @@ authelia_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base authelia_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and authelia_config_storage_postgres_host == postgres_identifier else []) }} authelia_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier and authelia_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and authelia_config_storage_postgres_host == postgres_identifier and authelia_container_network != postgres_container_network else []) }} authelia_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" authelia_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -authelia_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -authelia_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +authelia_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +authelia_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" authelia_config_jwt_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jwt.authelia', rounds=655555) | to_uuid }}" @@ -61,15 +61,15 @@ authelia_config_session_secret: "{{ '%s' | format(mash_playbook_generic_secret_k authelia_config_identity_providers_oidc_hmac_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'hm.authelia', rounds=655555) | to_uuid }}" # role-specific:postgres -authelia_config_storage_postgres_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -authelia_config_storage_postgres_port: "{{ '5432' if devture_postgres_enabled else '' }}" +authelia_config_storage_postgres_host: "{{ postgres_identifier if postgres_enabled else '' }}" +authelia_config_storage_postgres_port: "{{ '5432' if postgres_enabled else '' }}" authelia_config_storage_postgres_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}" # /role-specific:postgres # role-specific:mariadb # If Postgres and MariaDB are not enabled, we favor Postgres. # We only enable MySQL if it's the only enabled component (that is, if Postgres is not enabled at the same time). -authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled | default(false) else '' }}" +authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not postgres_enabled | default(false) else '' }}" authelia_config_storage_mysql_port: "{{ '3306' if mariadb_enabled else '' }}" authelia_config_storage_mysql_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}" # /role-specific:mariadb @@ -225,12 +225,12 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: # role-specific:postgres - |- - {{ ({'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']} if devture_postgres_enabled else omit) }} + {{ ({'name': (postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']} if postgres_enabled else omit) }} # /role-specific:postgres # role-specific:postgres_backup - |- - {{ ({'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']} if devture_postgres_backup_enabled else omit) }} + {{ ({'name': (postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']} if postgres_backup_enabled else omit) }} # /role-specific:postgres_backup # role-specific:container_socket_proxy @@ -240,17 +240,17 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: # role-specific:traefik - |- - {{ ({'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['mash', 'traefik', 'reverse-proxies']} if devture_traefik_enabled else omit) }} + {{ ({'name': (traefik_identifier + '.service'), 'priority': 250, 'groups': ['mash', 'traefik', 'reverse-proxies']} if traefik_enabled else omit) }} # /role-specific:traefik # role-specific:woodpecker_ci_server - |- - {{ ({'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']} if devture_woodpecker_ci_server_enabled else omit) }} + {{ ({'name': (woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']} if woodpecker_ci_server_enabled else omit) }} # /role-specific:woodpecker_ci_server # role-specific:woodpecker_ci_agent - |- - {{ ({'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']} if devture_woodpecker_ci_agent_enabled else omit) }} + {{ ({'name': (woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']} if woodpecker_ci_agent_enabled else omit) }} # /role-specific:woodpecker_ci_agent # role-specific:docker_registry @@ -677,22 +677,22 @@ devture_systemd_service_manager_services_list_auto: "{{ mash_playbook_devture_sy # # ######################################################################## -devture_postgres_enabled: false +postgres_enabled: false -devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres" +postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres" -devture_postgres_architecture: "{{ mash_playbook_architecture }}" +postgres_architecture: "{{ mash_playbook_architecture }}" -devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres" +postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres" -devture_postgres_uid: "{{ mash_playbook_uid }}" -devture_postgres_gid: "{{ mash_playbook_gid }}" +postgres_uid: "{{ mash_playbook_uid }}" +postgres_gid: "{{ mash_playbook_gid }}" # This includes everything for maximum safety. # It may not be optimal though, because some services may not be dependant on Postgres at all, etc. -devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" +postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (postgres_identifier + '.service')) }}" -mash_playbook_devture_postgres_managed_databases_auto_itemized: +mash_playbook_postgres_managed_databases_auto_itemized: # Dummy entry, which is not role-specific. # Ensures there's at least one entry defined in the list. - "{{ omit }}" @@ -704,7 +704,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': authelia_config_storage_postgres_database, 'username': authelia_config_storage_postgres_username, 'password': authelia_config_storage_postgres_password, - } if authelia_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else omit) + } if authelia_enabled and authelia_config_storage_postgres_host == postgres_identifier else omit) }} # /role-specific:authelia @@ -715,7 +715,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': authentik_database_name, 'username': authentik_database_username, 'password': authentik_database_password, - } if authentik_enabled and authentik_database_hostname == devture_postgres_identifier else omit) + } if authentik_enabled and authentik_database_hostname == postgres_identifier else omit) }} # /role-specific:authentik @@ -726,7 +726,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': focalboard_database_name, 'username': focalboard_database_username, 'password': focalboard_database_password, - } if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else omit) + } if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == postgres_identifier else omit) }} # /role-specific:focalboard @@ -737,7 +737,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': freshrss_database_name, 'username': freshrss_database_username, 'password': freshrss_database_password, - } if freshrss_enabled and freshrss_database_hostname == devture_postgres_identifier else omit) + } if freshrss_enabled and freshrss_database_hostname == postgres_identifier else omit) }} # /role-specific:freshrss @@ -748,7 +748,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': funkwhale_database_name, 'username': funkwhale_database_username, 'password': funkwhale_database_password, - } if funkwhale_enabled and funkwhale_database_hostname == devture_postgres_identifier else omit) + } if funkwhale_enabled and funkwhale_database_hostname == postgres_identifier else omit) }} # /role-specific:funkwhale @@ -770,7 +770,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': healthchecks_database_name, 'username': healthchecks_database_username, 'password': healthchecks_database_password, - } if healthchecks_enabled and healthchecks_database_hostname == devture_postgres_identifier else omit) + } if healthchecks_enabled and healthchecks_database_hostname == postgres_identifier else omit) }} # /role-specific:healthchecks @@ -778,10 +778,10 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: - |- {{ ({ - 'name': devture_woodpecker_ci_server_database_datasource_db_name, - 'username': devture_woodpecker_ci_server_database_datasource_username, - 'password': devture_woodpecker_ci_server_database_datasource_password, - } if devture_woodpecker_ci_server_enabled else omit) + 'name': woodpecker_ci_server_database_datasource_db_name, + 'username': woodpecker_ci_server_database_datasource_username, + 'password': woodpecker_ci_server_database_datasource_password, + } if woodpecker_ci_server_enabled else omit) }} # /role-specific:woodpecker_ci_server @@ -814,7 +814,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': keycloak_database_name, 'username': keycloak_database_username, 'password': keycloak_database_password, - } if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else omit) + } if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == postgres_identifier else omit) }} # /role-specific:keycloak @@ -825,7 +825,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': lago_database_name, 'username': lago_database_username, 'password': lago_database_password, - } if lago_enabled and lago_database_hostname == devture_postgres_identifier else omit) + } if lago_enabled and lago_database_hostname == postgres_identifier else omit) }} # /role-specific:lago @@ -924,7 +924,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': outline_database_name, 'username': outline_database_username, 'password': outline_database_password, - } if outline_enabled and outline_database_hostname == devture_postgres_identifier else omit) + } if outline_enabled and outline_database_hostname == postgres_identifier else omit) }} # /role-specific:outline @@ -935,7 +935,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': oxitraffic_database_name, 'username': oxitraffic_database_username, 'password': oxitraffic_database_password, - } if oxitraffic_enabled and oxitraffic_database_hostname == devture_postgres_identifier else omit) + } if oxitraffic_enabled and oxitraffic_database_hostname == postgres_identifier else omit) }} # /role-specific:oxitraffic @@ -947,7 +947,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': paperless_database_name, 'username': paperless_database_username, 'password': paperless_database_password, - } if paperless_enabled and paperless_database_hostname == devture_postgres_identifier else omit) + } if paperless_enabled and paperless_database_hostname == postgres_identifier else omit) }} # /role-specific:paperless @@ -1024,7 +1024,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': roundcube_database_name, 'username': roundcube_database_username, 'password': roundcube_database_password, - } if roundcube_enabled and roundcube_database_hostname == devture_postgres_identifier else omit) + } if roundcube_enabled and roundcube_database_hostname == postgres_identifier else omit) }} # /role-specific:roundcube @@ -1035,7 +1035,7 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': semaphore_database_name, 'username': semaphore_database_username, 'password': semaphore_database_password, - } if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit) + } if semaphore_enabled and semaphore_database_host == postgres_identifier else omit) }} # /role-specific:semaphore @@ -1046,11 +1046,11 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: 'name': tandoor_database_name, 'username': tandoor_database_username, 'password': tandoor_database_password, - } if tandoor_enabled and tandoor_database_hostname == devture_postgres_identifier else omit) + } if tandoor_enabled and tandoor_database_hostname == postgres_identifier else omit) }} # /role-specific:tandoor -devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}" +postgres_managed_databases_auto: "{{ mash_playbook_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # @@ -1067,40 +1067,40 @@ devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_mana # # ######################################################################## -devture_postgres_backup_enabled: false +postgres_backup_enabled: false -devture_postgres_backup_postgres_role_include_name: galaxy/postgres +postgres_backup_postgres_role_include_name: galaxy/postgres -devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup" +postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup" -devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}" +postgres_backup_architecture: "{{ mash_playbook_architecture }}" -devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup" +postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup" -devture_postgres_backup_uid: "{{ mash_playbook_uid }}" -devture_postgres_backup_gid: "{{ mash_playbook_gid }}" +postgres_backup_uid: "{{ mash_playbook_uid }}" +postgres_backup_gid: "{{ mash_playbook_gid }}" # role-specific:postgres -devture_postgres_backup_systemd_required_services_list_auto: | +postgres_backup_systemd_required_services_list_auto: | {{ - ([(devture_postgres_identifier + '.service')] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else []) + ([(postgres_identifier + '.service')] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else []) }} -devture_postgres_backup_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else devture_postgres_backup_identifier) }}" +postgres_backup_container_network: "{{ (postgres_container_network if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname) else postgres_backup_identifier) }}" -devture_postgres_backup_container_additional_networks_auto: |- +postgres_backup_container_additional_networks_auto: |- {{ - ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname and devture_postgres_backup_container_network != devture_postgres_container_network) else []) + ([postgres_container_network] if (postgres_enabled and postgres_backup_connection_hostname == postgres_connection_hostname and postgres_backup_container_network != postgres_container_network) else []) }} -devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" -devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" -devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" +postgres_backup_connection_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +postgres_backup_connection_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}" +postgres_backup_connection_username: "{{ postgres_connection_username if postgres_enabled else '' }}" +postgres_backup_connection_password: "{{ postgres_connection_password if postgres_enabled else '' }}" -devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" +postgres_backup_postgres_data_path: "{{ postgres_data_path if postgres_enabled else '' }}" -devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" +postgres_backup_databases: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}" # /role-specific:postgres ######################################################################## @@ -1159,7 +1159,7 @@ docker_daemon_options: "{{ mash_playbook_docker_installation_daemon_options }}" # # ######################################################################## -devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}" +devture_container_socket_proxy_enabled: "{{ traefik_enabled }}" devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy" @@ -1187,25 +1187,25 @@ devture_container_socket_proxy_api_containers_enabled: true # # ######################################################################## -devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" +traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" -devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik" +traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik" -devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik" +traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik" -devture_traefik_uid: "{{ mash_playbook_uid }}" -devture_traefik_gid: "{{ mash_playbook_gid }}" +traefik_uid: "{{ mash_playbook_uid }}" +traefik_gid: "{{ mash_playbook_gid }}" # role-specific:container_socket_proxy -devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" +traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" # /role-specific:container_socket_proxy -devture_traefik_container_additional_networks_auto: | +traefik_container_additional_networks_auto: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled | default(false) else []) }} -devture_traefik_systemd_required_services_list: | +traefik_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + @@ -1284,8 +1284,8 @@ adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_ adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +adguard_home_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +adguard_home_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1320,8 +1320,8 @@ apisix_dashboard_container_additional_networks_auto: | apisix_dashboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" apisix_dashboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -apisix_dashboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +apisix_dashboard_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # role-specific:etcd apisix_dashboard_config_conf_etcd_endpoints: | @@ -1375,8 +1375,8 @@ apisix_gateway_container_additional_networks_auto: | apisix_gateway_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" apisix_gateway_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +apisix_gateway_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +apisix_gateway_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" apisix_gateway_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}" apisix_gateway_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" @@ -1438,8 +1438,8 @@ appsmith_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enab appsmith_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -appsmith_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -appsmith_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +appsmith_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +appsmith_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1468,30 +1468,30 @@ authentik_uid: "{{ mash_playbook_uid }}" authentik_gid: "{{ mash_playbook_gid }}" # role-specific:postgres -authentik_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -authentik_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +authentik_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +authentik_database_port: "{{ '5432' if postgres_enabled else '' }}" authentik_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}" authentik_database_username: "{{ authentik_identifier }}" # /role-specific:postgres authentik_server_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and authentik_database_hostname == postgres_identifier else []) }} authentik_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier and authentik_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and authentik_database_hostname == postgres_identifier and authentik_container_network != postgres_container_network else []) }} authentik_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" authentik_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -authentik_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -authentik_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +authentik_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +authentik_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1519,7 +1519,7 @@ backup_borg_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_b backup_borg_uid: "{{ mash_playbook_uid }}" backup_borg_gid: "{{ mash_playbook_gid }}" -backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}" +backup_borg_container_network: "{{ postgres_container_network if postgres_enabled else backup_borg_identifier }}" backup_borg_retention_prefix: "{{ mash_playbook_service_identifier_prefix }}" backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_prefix }}-{now:%Y-%m-%d-%H%M%S}" @@ -1527,12 +1527,12 @@ backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_pr backup_borg_container_image_self_build: "{{ mash_playbook_architecture not in ['amd64', 'arm32', 'arm64'] }}" # role-specific:postgres -backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}" -backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" -backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" -backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" +backup_borg_postgresql_enabled: "{{ postgres_enabled }}" +backup_borg_postgresql_databases_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +backup_borg_postgresql_databases_username: "{{ postgres_connection_username if postgres_enabled else '' }}" +backup_borg_postgresql_databases_password: "{{ postgres_connection_password if postgres_enabled else '' }}" +backup_borg_postgresql_databases_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}" +backup_borg_postgresql_databases: "{{ postgres_managed_databases | map(attribute='name') if postgres_enabled else [] }}" # /role-specific:postgres # role-specific:mariadb @@ -1549,7 +1549,7 @@ backup_borg_location_source_directories: backup_borg_location_exclude_patterns: | {{ - ([devture_postgres_data_path] if devture_postgres_enabled | default(false) else []) + ([postgres_data_path] if postgres_enabled | default(false) else []) + ([mariadb_data_path] if mariadb_enabled | default(false) else []) }} @@ -1558,7 +1558,7 @@ backup_borg_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) else []) + ([postgres_identifier ~ '.service'] if postgres_enabled | default(false) else []) + ([mariadb_identifier ~ '.service'] if mariadb_enabled | default(false) else []) }} @@ -1597,8 +1597,8 @@ changedetection_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labe changedetection_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -changedetection_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -changedetection_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +changedetection_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +changedetection_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1635,8 +1635,8 @@ wetty_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled wetty_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -wetty_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -wetty_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +wetty_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +wetty_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1671,8 +1671,8 @@ calibre_web_container_additional_networks_auto: | calibre_web_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" calibre_web_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -calibre_web_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -calibre_web_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +calibre_web_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +calibre_web_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -1706,8 +1706,8 @@ readeck_container_additional_networks_auto: | readeck_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" readeck_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -readeck_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -readeck_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +readeck_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +readeck_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -1787,8 +1787,8 @@ collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_lab collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +collabora_online_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +collabora_online_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1855,8 +1855,8 @@ docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labe docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +docker_registry_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +docker_registry_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1896,8 +1896,8 @@ docker_registry_proxy_container_labels_traefik_enabled: "{{ mash_playbook_traefi docker_registry_proxy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -docker_registry_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -docker_registry_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +docker_registry_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +docker_registry_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -1936,8 +1936,8 @@ docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_trae docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +docker_registry_browser_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -2002,8 +2002,8 @@ echoip_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enable echoip_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -echoip_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -echoip_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +echoip_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +echoip_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -2038,8 +2038,8 @@ endlessh_container_additional_networks_auto: | # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) endlessh_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and endlessh_hostname }}" endlessh_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -endlessh_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -endlessh_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +endlessh_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +endlessh_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" endlessh_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" endlessh_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" @@ -2119,30 +2119,30 @@ firezone_gid: "{{ mash_playbook_gid }}" firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}" # role-specific:postgres -firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +firezone_database_host: "{{ postgres_identifier if postgres_enabled else '' }}" +firezone_database_port: "{{ '5432' if postgres_enabled else '' }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_username: "{{ firezone_identifier }}" # /role-specific:postgres firezone_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled | default(false) and firezone_database_host == postgres_identifier else []) }} firezone_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled | default(false) and firezone_database_host == postgres_identifier and firezone_container_network != postgres_container_network else []) }} firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +firezone_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +firezone_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -2172,13 +2172,13 @@ focalboard_gid: "{{ mash_playbook_gid }}" focalboard_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and focalboard_database_hostname == postgres_identifier else []) }} # role-specific:postgres -focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}" -focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +focalboard_database_type: "{{ 'postgres' if postgres_enabled else '' }}" +focalboard_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +focalboard_database_port: "{{ '5432' if postgres_enabled else '' }}" focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}" # /role-specific:postgres @@ -2186,15 +2186,15 @@ focalboard_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled | default(false) and focalboard_database_hostname == devture_postgres_identifier else []) + ([postgres_container_network] if postgres_enabled | default(false) and focalboard_database_hostname == postgres_identifier else []) }} focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +focalboard_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +focalboard_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## @@ -2228,22 +2228,22 @@ freshrss_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and freshrss_database_hostname == postgres_identifier else []) }} freshrss_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier and freshrss_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and freshrss_database_hostname == postgres_identifier and freshrss_container_network != postgres_container_network else []) }} freshrss_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" freshrss_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +freshrss_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +freshrss_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +freshrss_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" # Intentionally not auto-generating freshrss_database_password. # It's meant to be explicitly defined, so that it can be used in the setup wizard after installation. @@ -2272,44 +2272,44 @@ funkwhale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas funkwhale_uid: "{{ mash_playbook_uid }}" funkwhale_gid: "{{ mash_playbook_gid }}" -funkwhale_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -funkwhale_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +funkwhale_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +funkwhale_database_port: "{{ '5432' if postgres_enabled else '' }}" funkwhale_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.funkwhale', rounds=655555) | to_uuid }}" funkwhale_database_username: "{{ funkwhale_identifier }}" funkwhale_api_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and funkwhale_database_hostname == postgres_identifier else []) }} funkwhale_frontend_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and funkwhale_database_hostname == postgres_identifier else []) }} funkwhale_api_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_api_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and funkwhale_database_hostname == postgres_identifier and funkwhale_api_container_network != postgres_container_network else []) }} funkwhale_frontend_container_additional_networks_auto: | {{ - ([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_frontend_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and funkwhale_database_hostname == postgres_identifier and funkwhale_frontend_container_network != postgres_container_network else []) + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} funkwhale_api_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" funkwhale_api_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -funkwhale_api_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -funkwhale_api_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +funkwhale_api_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +funkwhale_api_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" funkwhale_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" funkwhale_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -funkwhale_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -funkwhale_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +funkwhale_frontend_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +funkwhale_frontend_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -2337,25 +2337,25 @@ gitea_gid: "{{ mash_playbook_gid }}" gitea_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and gitea_config_database_hostname == postgres_identifier else []) }} gitea_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and gitea_config_database_hostname == postgres_identifier and gitea_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and gitea_config_mailer_smtp_addr == exim_relay_identifier | default('mash-exim-relay') and gitea_container_network != exim_relay_container_network) else []) }} gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +gitea_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +gitea_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +gitea_config_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +gitea_config_database_port: "{{ '5432' if postgres_enabled else '' }}" gitea_config_database_username: "gitea" gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}" @@ -2394,7 +2394,7 @@ gotosocial_gid: "{{ mash_playbook_gid }}" gotosocial_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and gotosocial_database_host == postgres_identifier else []) }} gotosocial_systemd_wanted_services_list_auto: | @@ -2406,18 +2406,18 @@ gotosocial_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and gotosocial_database_host == postgres_identifier and gotosocial_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and gotosocial_smtp_host == exim_relay_identifier | default('mash-exim-relay') and gotosocial_container_network != exim_relay_container_network) else []) }} gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +gotosocial_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +gotosocial_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +gotosocial_database_host: "{{ postgres_identifier if postgres_enabled else '' }}" +gotosocial_database_port: "{{ '5432' if postgres_enabled else '' }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_username: "{{ gotosocial_identifier }}" @@ -2469,8 +2469,8 @@ grafana_container_additional_networks_auto: | grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +grafana_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +grafana_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -2499,7 +2499,7 @@ healthchecks_gid: "{{ mash_playbook_gid }}" healthchecks_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and healthchecks_database_hostname == postgres_identifier else []) }} healthchecks_systemd_wanted_systemd_services_list_auto: | @@ -2511,17 +2511,17 @@ healthchecks_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier and healthchecks_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and healthchecks_database_hostname == postgres_identifier and healthchecks_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and healthchecks_environment_variable_email_host == exim_relay_identifier | default('mash-exim-relay') and healthchecks_container_network != exim_relay_container_network) else []) }} healthchecks_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" healthchecks_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -healthchecks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -healthchecks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +healthchecks_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +healthchecks_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -healthchecks_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +healthchecks_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" healthchecks_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks.db', rounds=655555) | to_uuid }}" healthchecks_environment_variable_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks', rounds=655555) | to_uuid }}" @@ -2571,8 +2571,8 @@ hubsite_container_additional_networks: | hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +hubsite_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +hubsite_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # Services ########## @@ -2830,9 +2830,9 @@ hubsite_service_vaultwarden_priority: 1000 # role-specific:woodpecker_ci_server # Woodpecker CI -hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}" +hubsite_service_woodpecker_ci_enabled: "{{ woodpecker_ci_server_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI -hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" +hubsite_service_woodpecker_ci_url: "https://{{ woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" hubsite_service_woodpecker_ci_description: "Check you CI" hubsite_service_woodpecker_ci_priority: 1000 @@ -3243,8 +3243,8 @@ ilmo_gid: "{{ mash_playbook_gid }}" ilmo_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.ilmo', rounds=655555) | to_uuid }}" -ilmo_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -ilmo_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +ilmo_database_host: "{{ postgres_identifier if postgres_enabled else '' }}" +ilmo_database_port: "{{ '5432' if postgres_enabled else '' }}" ilmo_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.ilmo', rounds=655555) | to_uuid }}" ilmo_database_username: "ilmo" @@ -3252,20 +3252,20 @@ ilmo_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and ilmo_database_host == postgres_identifier else []) }} ilmo_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier and ilmo_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and ilmo_database_host == postgres_identifier and ilmo_container_network != postgres_container_network else []) }} ilmo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" ilmo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -ilmo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -ilmo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +ilmo_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +ilmo_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -3308,8 +3308,8 @@ infisical_backend_container_additional_networks: | infisical_backend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" infisical_backend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -infisical_backend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -infisical_backend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +infisical_backend_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +infisical_backend_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # Intentionally not auto-generating infisical_backend_environment_variable_encryption_key here. # We prefer it to be explicit as it seems important that it remains stable. @@ -3326,8 +3326,8 @@ infisical_frontend_container_additional_networks: | infisical_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" infisical_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -infisical_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -infisical_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +infisical_frontend_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +infisical_frontend_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" infisical_mongodb_hostname: "{{ mongodb_identifier if mongodb_enabled else '' }}" infisical_mongodb_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'infisical.db', rounds=655555) | to_uuid }}" @@ -3366,8 +3366,8 @@ influxdb_container_additional_networks_auto: | influxdb_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" influxdb_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -influxdb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -influxdb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +influxdb_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +influxdb_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -3415,8 +3415,8 @@ jitsi_jvb_container_additional_networks_auto: | jitsi_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" jitsi_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +jitsi_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +jitsi_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" jitsi_jibri_xmpp_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}" jitsi_jicofo_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}" @@ -3449,20 +3449,20 @@ keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base keycloak_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and keycloak_database_hostname == postgres_identifier else []) }} keycloak_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and keycloak_database_hostname == postgres_identifier and keycloak_container_network != postgres_container_network else []) }} keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +keycloak_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +keycloak_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" keycloak_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" keycloak_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ keycloak_identifier }}" @@ -3471,8 +3471,8 @@ keycloak_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook keycloak_environment_variable_kc_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}" -keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +keycloak_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +keycloak_database_port: "{{ '5432' if postgres_enabled else '' }}" keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}" ######################################################################## @@ -3506,7 +3506,7 @@ lago_api_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and lago_database_hostname == devture_postgres_identifier and lago_api_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and lago_database_hostname == postgres_identifier and lago_api_container_network != postgres_container_network else []) }} lago_front_container_additional_networks_auto: | @@ -3516,11 +3516,11 @@ lago_front_container_additional_networks_auto: | lago_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" lago_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -lago_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -lago_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +lago_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +lago_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -lago_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -lago_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +lago_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +lago_database_port: "{{ '5432' if postgres_enabled else '' }}" lago_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.db', rounds=655555) | to_uuid }}" lago_api_environment_variable_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.sec.key', rounds=655555) | to_uuid }}" @@ -3555,8 +3555,8 @@ languagetool_gid: "{{ mash_playbook_gid }}" languagetool_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" languagetool_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -languagetool_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -languagetool_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +languagetool_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +languagetool_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" languagetool_container_additional_networks_auto: | {{ @@ -3591,8 +3591,8 @@ loki_gid: "{{ mash_playbook_gid }}" # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) loki_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and loki_hostname | length > 0 }}" loki_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -loki_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -loki_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +loki_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +loki_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" loki_container_additional_networks_auto: | {{ @@ -3628,24 +3628,24 @@ linkding_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and linkding_database_hostname == postgres_identifier else []) }} linkding_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier and linkding_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and linkding_database_hostname == postgres_identifier and linkding_container_network != postgres_container_network else []) }} linkding_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" linkding_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -linkding_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -linkding_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +linkding_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +linkding_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -linkding_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +linkding_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" linkding_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'linkding.db', rounds=655555) | to_uuid }}" -linkding_database_engine: "{{ 'postgres' if devture_postgres_enabled and linkding_database_hostname == devture_postgres_connection_hostname else 'sqlite' }}" +linkding_database_engine: "{{ 'postgres' if postgres_enabled and linkding_database_hostname == postgres_connection_hostname else 'sqlite' }}" ######################################################################## # # @@ -3673,22 +3673,22 @@ freescout_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and freescout_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and freescout_database_hostname == postgres_identifier else []) }} freescout_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and freescout_database_hostname == devture_postgres_identifier and freescout_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and freescout_database_hostname == postgres_identifier and freescout_container_network != postgres_container_network else []) }} freescout_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" freescout_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -freescout_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -freescout_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +freescout_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +freescout_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -freescout_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +freescout_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" freescout_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'freescout.db', rounds=655555) | to_uuid }}" ######################################################################## @@ -3720,22 +3720,22 @@ miniflux_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and miniflux_database_hostname == postgres_identifier else []) }} miniflux_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and miniflux_database_hostname == postgres_identifier and miniflux_container_network != postgres_container_network else []) }} miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +miniflux_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +miniflux_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +miniflux_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}" ######################################################################## @@ -3788,8 +3788,8 @@ mobilizon_container_additional_networks: | mobilizon_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" mobilizon_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -mobilizon_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -mobilizon_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +mobilizon_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +mobilizon_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -3880,8 +3880,8 @@ mrs_container_additional_networks: | mrs_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" mrs_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -mrs_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -mrs_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +mrs_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +mrs_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -3914,22 +3914,22 @@ n8n_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and n8n_database_hostname == postgres_identifier else []) }} n8n_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier and n8n_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and n8n_database_hostname == postgres_identifier and n8n_container_network != postgres_container_network else []) }} n8n_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" n8n_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -n8n_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -n8n_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +n8n_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +n8n_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -n8n_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +n8n_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" n8n_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'n8n.db', rounds=655555) | to_uuid }}" ######################################################################## @@ -3964,8 +3964,8 @@ navidrome_container_additional_networks_auto: | navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +navidrome_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +navidrome_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -3998,8 +3998,8 @@ neko_container_additional_networks_auto: | neko_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" neko_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -neko_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -neko_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +neko_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +neko_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -4028,7 +4028,7 @@ nextcloud_gid: "{{ mash_playbook_gid }}" nextcloud_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and nextcloud_database_hostname == postgres_identifier else []) }} nextcloud_systemd_wanted_services_list_auto: | @@ -4041,7 +4041,7 @@ nextcloud_container_additional_networks_auto: | ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and nextcloud_database_hostname == postgres_identifier and nextcloud_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and nextcloud_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay') and nextcloud_container_network != exim_relay_container_network) else []) ) | unique @@ -4049,11 +4049,11 @@ nextcloud_container_additional_networks_auto: | nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +nextcloud_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +nextcloud_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +nextcloud_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +nextcloud_database_port: "{{ '5432' if postgres_enabled else '' }}" nextcloud_database_username: "nextcloud" nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}" @@ -4093,7 +4093,7 @@ netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_d netbox_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and netbox_database_hostname == postgres_identifier else []) }} netbox_container_additional_networks_auto: | @@ -4101,17 +4101,17 @@ netbox_container_additional_networks_auto: | ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and netbox_database_hostname == postgres_identifier and netbox_container_network != postgres_container_network else []) ) | unique }} netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +netbox_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +netbox_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +netbox_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +netbox_database_port: "{{ '5432' if postgres_enabled else '' }}" netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}" ######################################################################## @@ -4195,8 +4195,8 @@ notfellchen_gid: "{{ mash_playbook_gid }}" notfellchen_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.nf', rounds=655555) | to_uuid }}" -notfellchen_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -notfellchen_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +notfellchen_database_host: "{{ postgres_identifier if postgres_enabled else '' }}" +notfellchen_database_port: "{{ '5432' if postgres_enabled else '' }}" notfellchen_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nf', rounds=655555) | to_uuid }}" notfellchen_database_username: "notfellchen" @@ -4204,20 +4204,20 @@ notfellchen_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and notfellchen_database_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and notfellchen_database_host == postgres_identifier else []) }} notfellchen_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and notfellchen_database_host == devture_postgres_identifier and notfellchen_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and notfellchen_database_host == postgres_identifier and notfellchen_container_network != postgres_container_network else []) }} notfellchen_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" notfellchen_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -notfellchen_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -notfellchen_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +notfellchen_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +notfellchen_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" notfellchen_sws_container_labels_traefik_enabled: "{{ notfellchen_container_labels_traefik_enabled }}" notfellchen_sws_container_labels_traefik_docker_network: "{{ notfellchen_container_labels_traefik_docker_network }}" @@ -4252,27 +4252,27 @@ outline_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_ outline_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and outline_database_hostname == postgres_identifier else []) }} outline_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier and outline_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and outline_database_hostname == postgres_identifier and outline_container_network != postgres_container_network else []) }} outline_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" outline_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -outline_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -outline_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +outline_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +outline_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" outline_environment_variable_utils_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'utils.out', rounds=655555) | to_uuid }}" -outline_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -outline_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +outline_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +outline_database_port: "{{ '5432' if postgres_enabled else '' }}" outline_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.out', rounds=655555) | to_uuid }}" -outline_database_sslmode: "{{ 'disable' if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else 'prefer' }}" +outline_database_sslmode: "{{ 'disable' if postgres_enabled and outline_database_hostname == postgres_identifier else 'prefer' }}" ######################################################################## # # @@ -4303,8 +4303,8 @@ oauth2_proxy_container_network: "{{ (mash_playbook_reverse_proxyable_services_ad oauth2_proxy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" oauth2_proxy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -oauth2_proxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -oauth2_proxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +oauth2_proxy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +oauth2_proxy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -4338,8 +4338,8 @@ owncast_container_additional_networks: | owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +owncast_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +owncast_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -4366,28 +4366,28 @@ oxitraffic_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_ba oxitraffic_uid: "{{ mash_playbook_uid }}" oxitraffic_gid: "{{ mash_playbook_gid }}" -oxitraffic_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -oxitraffic_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +oxitraffic_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +oxitraffic_database_port: "{{ '5432' if postgres_enabled else '' }}" oxitraffic_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.oxitraffic', rounds=655555) | to_uuid }}" oxitraffic_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and oxitraffic_database_hostname == postgres_identifier else []) }} oxitraffic_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier and oxitraffic_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and oxitraffic_database_hostname == postgres_identifier and oxitraffic_container_network != postgres_container_network else []) }} oxitraffic_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" oxitraffic_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -oxitraffic_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -oxitraffic_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +oxitraffic_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +oxitraffic_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -4415,31 +4415,31 @@ paperless_gid: "{{ mash_playbook_gid }}" paperless_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'paperless.secret', rounds=655555) | to_uuid }}" -paperless_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +paperless_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" paperless_database_username: "paperless" -paperless_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +paperless_database_port: "{{ '5432' if postgres_enabled else '' }}" paperless_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.paperless', rounds=655555) | to_uuid }}" paperless_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and paperless_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and paperless_database_hostname == postgres_identifier else []) }} paperless_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and paperless_database_hostname == devture_postgres_identifier and paperless_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and paperless_database_hostname == postgres_identifier and paperless_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and paperless_email_host == exim_relay_identifier | default('mash-exim-relay') and paperless_container_network != exim_relay_container_network) else []) }} paperless_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" paperless_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -paperless_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -paperless_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +paperless_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +paperless_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # role-specific:exim_relay paperless_email_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" @@ -4477,7 +4477,7 @@ peertube_container_additional_networks_auto: | ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and peertube_config_database_hostname == postgres_identifier and peertube_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and peertube_config_smtp_hostname == exim_relay_identifier | default('mash-exim-relay') and peertube_container_network != exim_relay_container_network) else []) ) | unique @@ -4485,17 +4485,17 @@ peertube_container_additional_networks_auto: | peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +peertube_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +peertube_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +peertube_config_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +peertube_config_database_port: "{{ '5432' if postgres_enabled else '' }}" peertube_config_database_username: peertube peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}" peertube_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and peertube_config_database_hostname == postgres_identifier else []) }} peertube_systemd_wanted_services_list_auto: | @@ -4535,7 +4535,7 @@ plausible_gid: "{{ mash_playbook_gid }}" plausible_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and plausible_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and plausible_database_hostname == postgres_identifier else []) + ([clickhouse_identifier ~ '.service'] if clickhouse_enabled | default(false) and plausible_clickhouse_database_hostname == clickhouse_identifier| default('mash-clickhouse') else []) }} @@ -4549,7 +4549,7 @@ plausible_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and plausible_database_hostname == devture_postgres_identifier and plausible_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and plausible_database_hostname == postgres_identifier and plausible_container_network != postgres_container_network else []) + ([clickhouse_container_network | default('mash-clickhouse')] if (clickhouse_enabled | default(false) and plausible_clickhouse_database_hostname == clickhouse_identifier | default('mash-clickhouse') and plausible_container_network != clickhouse_container_network | default('mash-clickhouse')) else []) + @@ -4558,11 +4558,11 @@ plausible_container_additional_networks_auto: | plausible_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" plausible_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -plausible_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -plausible_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +plausible_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +plausible_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -plausible_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -plausible_database_password: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'plausible.db', rounds=655555) | to_uuid) if devture_postgres_enabled else '' }}" +plausible_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" +plausible_database_password: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'plausible.db', rounds=655555) | to_uuid) if postgres_enabled else '' }}" # role-specific:clickhouse plausible_clickhouse_database_hostname: "{{ clickhouse_identifier if clickhouse_enabled else '' }}" @@ -4653,29 +4653,29 @@ prometheus_postgres_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_identifier and prometheus_postgres_exporter_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and prometheus_postgres_exporter_database_hostname == postgres_identifier and prometheus_postgres_exporter_container_network != postgres_container_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_postgres_exporter_hostname | length > 0 }}" prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" -prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +prometheus_postgres_exporter_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" prometheus_postgres_exporter_database_username: prometheus_postgres_exporter -prometheus_postgres_exporter_database_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" -prometheus_postgres_exporter_database_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" +prometheus_postgres_exporter_database_password: "{{ postgres_connection_password if postgres_enabled else '' }}" +prometheus_postgres_exporter_database_port: "{{ postgres_connection_port if postgres_enabled else 5432 }}" prometheus_postgres_exporter_database_ssl: false prometheus_postgres_exporter_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([postgres_identifier ~ '.service'] if postgres_enabled else []) }} ######################################################################## @@ -4706,8 +4706,8 @@ prometheus_gid: "{{ mash_playbook_gid }}" # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_hostname | length > 0 }}" prometheus_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -prometheus_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_container_additional_networks_auto: | {{ @@ -4751,8 +4751,8 @@ prometheus_blackbox_exporter_container_additional_networks: | # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}" prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" @@ -4793,8 +4793,8 @@ prometheus_ssh_exporter_container_additional_networks: | # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_ssh_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_ssh_exporter_hostname }}" prometheus_ssh_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -prometheus_ssh_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_ssh_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_ssh_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_ssh_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" @@ -4835,8 +4835,8 @@ prometheus_node_exporter_container_additional_networks: | # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}" prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" @@ -4891,8 +4891,8 @@ promtail_config_clients_auto: | # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) promtail_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" promtail_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -promtail_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -promtail_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +promtail_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +promtail_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" promtail_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}" promtail_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" @@ -4940,8 +4940,8 @@ radicale_container_additional_networks: | radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +radicale_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +radicale_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -4976,23 +4976,23 @@ redmine_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and redmine_database_hostname == postgres_identifier else []) }} redmine_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and redmine_database_hostname == postgres_identifier and redmine_container_network != postgres_container_network else []) }} redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +redmine_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +redmine_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}" -redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +redmine_database_type: "{{ 'postgresql' if postgres_enabled else 'sqlite3' }}" +redmine_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}" redmine_database_username: "redmine" redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}" @@ -5078,30 +5078,30 @@ roundcube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas roundcube_uid: "0" roundcube_gid: "0" -roundcube_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite' }}" -roundcube_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -roundcube_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" -roundcube_database_name: "{{ 'roundcube' if devture_postgres_enabled else '' }}" -roundcube_database_username: "{{ 'roundcube' if devture_postgres_enabled else '' }}" +roundcube_database_type: "{{ 'postgresql' if postgres_enabled else 'sqlite' }}" +roundcube_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +roundcube_database_port: "{{ '5432' if postgres_enabled else '' }}" +roundcube_database_name: "{{ 'roundcube' if postgres_enabled else '' }}" +roundcube_database_username: "{{ 'roundcube' if postgres_enabled else '' }}" roundcube_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.roundcube', rounds=655555) | to_uuid }}" roundcube_systemd_required_systemd_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and roundcube_database_hostname == postgres_identifier else []) }} roundcube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" roundcube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -roundcube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -roundcube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +roundcube_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +roundcube_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" roundcube_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier and roundcube_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and roundcube_database_hostname == postgres_identifier and roundcube_container_network != postgres_container_network else []) }} ######################################################################## @@ -5154,8 +5154,8 @@ semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas semaphore_uid: "{{ mash_playbook_uid }}" semaphore_gid: "{{ mash_playbook_gid }}" -semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +semaphore_database_host: "{{ postgres_identifier if postgres_enabled else '' }}" +semaphore_database_port: "{{ '5432' if postgres_enabled else '' }}" semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}" semaphore_database_username: "{{ semaphore_identifier }}" @@ -5163,20 +5163,20 @@ semaphore_systemd_required_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and semaphore_database_host == postgres_identifier else []) }} semaphore_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and semaphore_database_host == postgres_identifier and semaphore_container_network != postgres_container_network else []) }} semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +semaphore_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +semaphore_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5235,8 +5235,8 @@ stirling_pdf_container_additional_networks_auto: | stirling_pdf_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" stirling_pdf_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -stirling_pdf_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -stirling_pdf_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +stirling_pdf_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +stirling_pdf_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5270,8 +5270,8 @@ syncthing_container_additional_networks_auto: | syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +syncthing_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +syncthing_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5300,7 +5300,7 @@ tandoor_gid: "{{ mash_playbook_gid }}" tandoor_systemd_required_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and tandoor_database_hostname == postgres_identifier else []) }} tandoor_systemd_wanted_services_list_auto: | @@ -5311,7 +5311,7 @@ tandoor_systemd_wanted_services_list_auto: | tandoor_api_container_additional_networks_auto: | {{ ( - ([devture_postgres_container_network] if devture_postgres_enabled and tandoor_database_hostname == devture_postgres_identifier and tandoor_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and tandoor_database_hostname == postgres_identifier and tandoor_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and tandoor_email_host == exim_relay_identifier | default('mash-exim-relay') and tandoor_container_network != exim_relay_container_network) else []) ) | unique @@ -5324,11 +5324,11 @@ tandoor_frontend_container_additional_networks_auto: | tandoor_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" tandoor_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -tandoor_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -tandoor_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +tandoor_frontend_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +tandoor_frontend_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -tandoor_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -tandoor_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +tandoor_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +tandoor_database_port: "{{ '5432' if postgres_enabled else '' }}" tandoor_database_username: "tandoor" tandoor_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.tandoor', rounds=655555) | to_uuid }}" @@ -5400,7 +5400,7 @@ vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_b vaultwarden_systemd_required_systemd_services_list_auto: | {{ - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and vaultwarden_database_hostname == postgres_identifier else []) }} vaultwarden_systemd_wanted_systemd_services_list_auto: | @@ -5412,18 +5412,18 @@ vaultwarden_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and vaultwarden_database_hostname == postgres_identifier and vaultwarden_container_network != postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and vaultwarden_config_smtp_host == exim_relay_identifier | default('mash-exim-relay') and vaultwarden_container_network != exim_relay_container_network) else []) }} vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +vaultwarden_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +vaultwarden_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +vaultwarden_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +vaultwarden_database_port: "{{ '5432' if postgres_enabled else '' }}" vaultwarden_database_username: "vaultwarden" vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}" @@ -5466,8 +5466,8 @@ uptime_kuma_container_additional_networks: | uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +uptime_kuma_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +uptime_kuma_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5501,8 +5501,8 @@ wg_easy_container_additional_networks_auto: | wg_easy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" wg_easy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -wg_easy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -wg_easy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +wg_easy_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +wg_easy_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" ######################################################################## # # @@ -5533,23 +5533,23 @@ forgejo_systemd_required_systemd_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and forgejo_config_database_hostname == postgres_identifier else []) }} forgejo_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier and forgejo_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and forgejo_config_database_hostname == postgres_identifier and forgejo_container_network != postgres_container_network else []) }} forgejo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" forgejo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -forgejo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -forgejo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +forgejo_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +forgejo_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" -forgejo_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -forgejo_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +forgejo_config_database_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +forgejo_config_database_port: "{{ '5432' if postgres_enabled else '' }}" forgejo_config_database_username: "forgejo" forgejo_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.forgejo', rounds=655555) | to_uuid }}" @@ -5599,42 +5599,42 @@ forgejo_runner_systemd_required_systemd_services_list: | # # ######################################################################## -devture_woodpecker_ci_server_enabled: false +woodpecker_ci_server_enabled: false -devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server" +woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server" -devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}" -devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}" +woodpecker_ci_server_uid: "{{ mash_playbook_uid }}" +woodpecker_ci_server_gid: "{{ mash_playbook_gid }}" -devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server" +woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server" -devture_woodpecker_ci_server_systemd_required_systemd_services_list: | +woodpecker_ci_server_systemd_required_systemd_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else []) + ([postgres_identifier ~ '.service'] if postgres_enabled and woodpecker_ci_server_database_datasource_hostname == postgres_identifier else []) }} -devture_woodpecker_ci_server_container_additional_networks: | +woodpecker_ci_server_container_additional_networks: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + - ([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else []) + ([postgres_container_network] if postgres_enabled and woodpecker_ci_server_database_datasource_hostname == postgres_identifier and woodpecker_ci_server_container_network != postgres_container_network else []) ) | unique }} -devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" -devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -devture_woodpecker_ci_server_database_driver: postgres -devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable" +woodpecker_ci_server_database_driver: postgres +woodpecker_ci_server_database_datasource: "postgres://{{ woodpecker_ci_server_database_datasource_username }}:{{ woodpecker_ci_server_database_datasource_password }}@{{ woodpecker_ci_server_database_datasource_hostname }}:{{ woodpecker_ci_server_database_datasource_port }}/{{ woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable" -devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" -devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}" -devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server -devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}" -devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server +woodpecker_ci_server_database_datasource_hostname: "{{ postgres_identifier if postgres_enabled else '' }}" +woodpecker_ci_server_database_datasource_port: "{{ '5432' if postgres_enabled else '' }}" +woodpecker_ci_server_database_datasource_username: woodpecker_ci_server +woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}" +woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server ######################################################################## # # @@ -5652,32 +5652,32 @@ devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server # # ######################################################################## -devture_woodpecker_ci_agent_enabled: false +woodpecker_ci_agent_enabled: false -devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent" +woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent" -devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}" -devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}" +woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}" +woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}" -devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent" +woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent" -devture_woodpecker_ci_agent_systemd_required_systemd_services_list: | +woodpecker_ci_agent_systemd_required_systemd_services_list: | {{ ([devture_systemd_docker_base_docker_service_name] if devture_systemd_docker_base_docker_service_name else []) + - ([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else []) + ([woodpecker_ci_server_identifier ~ '.service'] if woodpecker_ci_server_enabled else []) }} -devture_woodpecker_ci_agent_container_additional_networks: | +woodpecker_ci_agent_container_additional_networks: | {{ ( - ([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else []) + ([woodpecker_ci_server_container_network] if woodpecker_ci_server_enabled and woodpecker_ci_server_container_network != woodpecker_ci_agent_container_network else []) ) | unique }} -devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}" +woodpecker_ci_agent_config_server: "{{ (woodpecker_ci_server_identifier + ':' + woodpecker_ci_server_config_grpc_addr_port | string) if woodpecker_ci_agent_enabled else '' }}" -devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}" +woodpecker_ci_agent_config_agent_secret: "{{ woodpecker_ci_server_config_agent_secret if woodpecker_ci_agent_enabled else '' }}" ######################################################################## # # @@ -5719,8 +5719,8 @@ wordpress_container_additional_networks_auto: | wordpress_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" wordpress_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" -wordpress_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -wordpress_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +wordpress_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +wordpress_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" wordpress_database_hostname: "{{ mariadb_identifier if mariadb_enabled | default(false) else '' }}" @@ -5761,8 +5761,8 @@ writefreely_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_e writefreely_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" # role-specific:traefik -writefreely_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" -writefreely_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +writefreely_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}" +writefreely_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## diff --git a/templates/requirements.yml b/templates/requirements.yml index 146cef2..ddc007d 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -55,7 +55,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.2.0-0 name: container_socket_proxy - activation_prefix: devture_traefik_ + activation_prefix: traefik_ - src: git+https://github.com/Bergruebe/ansible-role-couchdb.git version: v3.3.3-1 name: couchdb @@ -283,14 +283,14 @@ version: v15-3.3-0 name: postgis activation_prefix: postgis_ -- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: v16.4-0 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git + version: v17.0-0 name: postgres - activation_prefix: devture_postgres_ -- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git - version: ccfd8db07fd8725119f0e06ba5144b8f58a67890 + activation_prefix: postgres_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git + version: v16-0 name: postgres_backup - activation_prefix: devture_postgres_backup_ + activation_prefix: postgres_backup_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.54.1-1 name: prometheus @@ -383,10 +383,10 @@ version: v1.0.0-0 name: timesync activation_prefix: devture_timesync_ -- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v3.1.3-1 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git + version: v3.1.3-2 name: traefik - activation_prefix: devture_traefik_ + activation_prefix: traefik_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-uptime_kuma.git version: v1.23.13-0 name: uptime_kuma @@ -403,14 +403,14 @@ version: v14-1 name: wg_easy activation_prefix: wg_easy_ -- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_agent.git - version: v2.7.1-0 +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-agent.git + version: v2.7.1-1 name: woodpecker_ci_agent - activation_prefix: devture_woodpecker_ci_agent_ -- src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git - version: v2.7.1-0 + activation_prefix: woodpecker_ci_agent_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-woodpecker-ci-server.git + version: v2.7.1-1 name: woodpecker_ci_server - activation_prefix: devture_woodpecker_ci_server_ + activation_prefix: woodpecker_ci_server_ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-wordpress version: v6.5.5-2 name: wordpress