From 2d64c76397eff17f6fd10ec19148bf3a20c06962 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 17:25:58 +0300 Subject: [PATCH 01/23] Add support for MongoDB --- docs/services/mongodb.md | 98 ++++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + group_vars/mash_servers | 27 +++++++++++ requirements.yml | 3 ++ setup.yml | 2 + 5 files changed, 131 insertions(+) create mode 100644 docs/services/mongodb.md diff --git a/docs/services/mongodb.md b/docs/services/mongodb.md new file mode 100644 index 0000000..f11af40 --- /dev/null +++ b/docs/services/mongodb.md @@ -0,0 +1,98 @@ +# MongoDB + +[MongoDB](https://www.mongodb.com/) is a source-available cross-platform document-oriented (NoSQL) database program. + +Some of the services installed by this playbook require a MongoDB database. + +Enabling the MongoDB database service will automatically wire all other services which require such a database to use it. + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# mongodb # +# # +######################################################################## + +mongodb_enabled: true + +# Put a strong password below, generated with `pwgen -s 64 1` or in another way +mongodb_root_password: '' + +######################################################################## +# # +# /mongodb # +# # +######################################################################## +``` + +## Importing + +### Importing an existing MongoDB database from another installation (optional) + +Follow this section if you'd like to import your database from a previous installation. + +### Prerequisites + +The playbook supports importing **gzipped** MongoDB database dumps (created with `mongodump --gzip -o /directory`). + +Before doing the actual import, **you need to upload your MongoDB dump file to the server** (any path is okay). + + +### Importing a dump + +To import, run this command (make sure to replace `SERVER_PATH_TO_POSTGRES_DUMP_FILE` with a file path on your server): + +```sh +just run-tags import-mongodb \ +--extra-vars=mongodb_server_path_dump=SERVER_PATH_TO_MONGODB_DUMP_DIRECTORY +``` + +**Note** that `SERVER_PATH_TO_MONGODB_DUMP_DIRECTORY` must be a path to a **gzipped** MongoDB dump directory on the server (not on your local machine!) + + +## Maintenance + +This section shows you how to perform various maintenance tasks related to the MongoDB database server used by various components of this playbook. + +Table of contents: + +- [Getting a database terminal](#getting-a-database-terminal), for when you wish to execute SQL queries + +### Getting a database terminal + +You can use the `/mash/mongodb/bin/cli` tool to get interactive terminal access using the MongoDB Shell [mongosh](https://www.mongodb.com/docs/mongodb-shell/). + +By default, this tool puts you in the `admin` database, which contains nothing. + +To see the available databases, run `show dbs`. + +To change to another database (for example `infisical`), run `use infisical`. + +To see the available tables in the current database, run `show tables`. + +You can then proceed to write queries. Example: `db.users.find()` + +**Be careful**. Modifying the database directly (especially as services are running) is dangerous and may lead to irreversible database corruption. +When in doubt, consider [making a backup](#backing-up-mongodb). + + +### Backing up MongoDB + +To make a one-off back up of the current MongoDB database, make sure it's running and then execute a command like this on the server: + +```bash +# Prepare the backup directory +mkdir /path-to-some-directory +chown mash:mash /path-to-some-directory + +# Back up +/mash/mongodb/bin/dump-all /path-to-some-directory +``` + +Restoring a backup made this way can be done by [importing it](#importing). + diff --git a/docs/supported-services.md b/docs/supported-services.md index 1097380..25025a0 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -24,6 +24,7 @@ | [Lago](https://www.getlago.com/) | Open-source metering and usage-based billing | [Link](services/lago.md) | | [MariaDB](https://mariadb.org/) | A powerful, open source object-relational database system | [Link](services/mariadb.md) | | [Matrix Rooms Search API](https://gitlab.com/etke.cc/mrs/api) | A fully-featured, standalone, matrix rooms search service. | [Link](services/mrs.md) | +| [MongoDB](https://www.mongodb.com/) | A source-available cross-platform document-oriented (NoSQL) database program. | [Link](services/mongodb.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [Mobilizon](https://joinmobilizon.org/en/) | An ActivityPub/Fediverse server to create and share events. | [Link](services/mobilizon.md) | | [Navidrome](https://www.navidrome.org/) | [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server | [Link](services/navidrome.md) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index aa55f7e..c03411c 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -141,6 +141,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) + + ([{'name': (mongodb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mongodb']}] if mongodb_enabled else []) + + ([{'name': (mrs_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mrs']}] if mrs_enabled else []) + ([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else []) @@ -1620,6 +1622,31 @@ mobilizon_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certRes +######################################################################## +# # +# mongodb # +# # +######################################################################## + +mongodb_enabled: false + +mongodb_identifier: "{{ mash_playbook_service_identifier_prefix }}mongodb" + +mongodb_uid: "{{ mash_playbook_uid }}" +mongodb_gid: "{{ mash_playbook_gid }}" + +mongodb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mongodb" + +mongodb_managed_databases_auto: [] + +######################################################################## +# # +# /mongodb # +# # +######################################################################## + + + ######################################################################## # # diff --git a/requirements.yml b/requirements.yml index 0ca95d1..20c57b7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -97,6 +97,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-mobilizon.git version: v3.1.0-1 name: mobilizon +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-mongodb.git + version: v6.0.6-0 + name: mongodb - src: git+https://gitlab.com/etke.cc/mrs/ansible-role-mrs.git version: v0.0.0-9 name: mrs diff --git a/setup.yml b/setup.yml index 4f2a316..0239eea 100644 --- a/setup.yml +++ b/setup.yml @@ -50,6 +50,8 @@ - role: galaxy/com.devture.ansible.role.postgres_backup + - role: galaxy/mongodb + - role: galaxy/com.devture.ansible.role.container_socket_proxy - role: galaxy/com.devture.ansible.role.traefik From 244b1b5fb7d6637fbf810c4b01dee55c3ca94c2b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 17:27:17 +0300 Subject: [PATCH 02/23] Fix variable name typo --- docs/services/mongodb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/services/mongodb.md b/docs/services/mongodb.md index f11af40..d27d022 100644 --- a/docs/services/mongodb.md +++ b/docs/services/mongodb.md @@ -45,7 +45,7 @@ Before doing the actual import, **you need to upload your MongoDB dump file to t ### Importing a dump -To import, run this command (make sure to replace `SERVER_PATH_TO_POSTGRES_DUMP_FILE` with a file path on your server): +To import, run this command (make sure to replace `SERVER_PATH_TO_MONGODB_DUMP_DIRECTORY` with a file path on your server): ```sh just run-tags import-mongodb \ From ab033ac3ec0143dbb88d46fc08bc5d9f8175e9b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 17:28:23 +0300 Subject: [PATCH 03/23] Add missing entry to ToC --- docs/services/mongodb.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/services/mongodb.md b/docs/services/mongodb.md index d27d022..b0544f6 100644 --- a/docs/services/mongodb.md +++ b/docs/services/mongodb.md @@ -63,6 +63,8 @@ Table of contents: - [Getting a database terminal](#getting-a-database-terminal), for when you wish to execute SQL queries +- [Backing up MongoDB](#backing-up-mongodb), for when you wish to make a backup + ### Getting a database terminal You can use the `/mash/mongodb/bin/cli` tool to get interactive terminal access using the MongoDB Shell [mongosh](https://www.mongodb.com/docs/mongodb-shell/). From c8bdc1f74425e008231e6faaa0ea824c93f1ce5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 17:50:15 +0300 Subject: [PATCH 04/23] Add support for Infisical --- docs/services/infisical.md | 64 +++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + group_vars/mash_servers | 77 +++++++++++++++++++++++++++++++++++++- requirements.yml | 3 ++ setup.yml | 2 + 5 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 docs/services/infisical.md diff --git a/docs/services/infisical.md b/docs/services/infisical.md new file mode 100644 index 0000000..aac4486 --- /dev/null +++ b/docs/services/infisical.md @@ -0,0 +1,64 @@ +# Infisical + +[Infisical](https://infisical.com/) is an open-source end-to-end encrypted platform for securely managing secrets and configs across your team, devices, and infrastructure. + + +## Dependencies + +This service requires the following other services: + +- a [MongoDB](mongodb.md) document-oriented database server +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# infisical # +# # +######################################################################## + +infisical_enabled: true + +infisical_hostname: infisical.example.com + +# Generate this with: `openssl rand -hex 16` +infisical_backend_environment_variable_encryption_key: '' + +# WARNING: uncomment this after creating your first user account, +# unless you'd like to run a server with public registration enabled. +# infisical_backend_environment_variable_invite_only_signup: true + +######################################################################## +# # +# /infisical # +# # +######################################################################## +``` + + +### URL + +In the example configuration above, we configure the service to be hosted at `https://infisical.example.com`. + +Hosting Infisical under a subpath (by configuring the `infisical_path_prefix` variable) does not seem to be possible right now, due to Infisical limitations. + + +### Authentication + +Public registration can be enabled/disabled using the `infisical_backend_environment_variable_invite_only_signup` variable. + +We recommend installing with public registration enabled at first (which is the default value for this variable), creating your first user account, and then disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` to `true`. + + +## Usage + +After installation, you can go to the Infisical URL, as defined in `infisical_hostname`. + +As mentioned in [Authentication](#authentication) above, you can create the first user from the web interface. + +If you'd like to prevent other users from registering, consider disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` variable to `true` in your configuration and re-running the playbook (`just install-service infisical`). diff --git a/docs/supported-services.md b/docs/supported-services.md index 25025a0..26222eb 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -19,6 +19,7 @@ | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Healthchecks](https://healthchecks.io/) | A simple and Effective Cron Job Monitoring solution | [Link](services/healthchecks.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | +| [Infisical](https://infisical.com/) | An open-source end-to-end encrypted platform for securely managing secrets and configs across your team, devices, and infrastructure. | [Link](services/infisical.md) | | [Jitsi](https://jitsi.org/) | A fully encrypted, 100% Open Source video conferencing solution | [Link](services/jitsi.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Lago](https://www.getlago.com/) | Open-source metering and usage-based billing | [Link](services/lago.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index c03411c..ece9d0b 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -119,6 +119,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (healthchecks_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'healthchecks']}] if healthchecks_enabled else []) + + ([{'name': (infisical_identifier + '-backend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-backend']}] if infisical_enabled else []) + + + ([{'name': (infisical_identifier + '-frontend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-frontend']}] if infisical_enabled else []) + + ([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['mash', 'jitsi', 'jitsi-web']}] if jitsi_enabled else []) + ([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['mash', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else []) @@ -1384,6 +1388,70 @@ hubsite_service_list_auto: | +######################################################################## +# # +# infisical # +# # +######################################################################## + +infisical_enabled: false + +infisical_identifier: "{{ mash_playbook_service_identifier_prefix }}infisical" + +infisical_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}infisical" + +infisical_uid: "{{ mash_playbook_uid }}" +infisical_gid: "{{ mash_playbook_gid }}" + +infisical_backend_systemd_required_services_list: | + {{ + (['docker.service']) + + + ([mongodb_identifier ~ '.service'] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier else []) + }} + +infisical_backend_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([mongodb_container_network] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier and infisical_backend_container_network != mongodb_container_network else []) + }} + +infisical_backend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +infisical_backend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +infisical_backend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +infisical_backend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +# Intentionally not auto-generating infisical_backend_environment_variable_encryption_key here. +# We prefer it to be explicit as it seems important that it remains stable. + +infisical_backend_environment_variable_jwt_signup_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.signup', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" +infisical_backend_environment_variable_jwt_refresh_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.r', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" +infisical_backend_environment_variable_jwt_auth_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.a', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" +infisical_backend_environment_variable_jwt_service_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.svc', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" + +infisical_frontend_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + }} + +infisical_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +infisical_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +infisical_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +infisical_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +infisical_mongodb_hostname: "{{ mongodb_identifier if mongodb_enabled else '' }}" +infisical_mongodb_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'infisical.db', rounds=655555) | to_uuid }}" +infisical_mongodb_auth_source: "{{ infisical_mongodb_db_name }}" + +######################################################################## +# # +# /infisical # +# # +######################################################################## + + + ######################################################################## # # # jitsi # @@ -1637,7 +1705,14 @@ mongodb_gid: "{{ mash_playbook_gid }}" mongodb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mongodb" -mongodb_managed_databases_auto: [] +mongodb_managed_databases_auto: | + {{ + ([{ + 'name': infisical_mongodb_db_name, + 'username': infisical_mongodb_username, + 'password': infisical_mongodb_password, + }] if infisical_enabled and infisical_mongodb_hostname == mongodb_identifier else []) + }} ######################################################################## # # diff --git a/requirements.yml b/requirements.yml index 20c57b7..08b094c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -80,6 +80,9 @@ - src: git+https://github.com/moan0s/hubsite.git version: v1.23.3-2 name: hubsite +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git + version: v0.3.8-0 + name: infisical - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 name: jitsi diff --git a/setup.yml b/setup.yml index 0239eea..8534cbf 100644 --- a/setup.yml +++ b/setup.yml @@ -90,6 +90,8 @@ - role: galaxy/healthchecks + - role: galaxy/infisical + - role: galaxy/hubsite - role: galaxy/jitsi From 2c202ecceab34696788a7d9f6dbcc66ca29b8b00 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 17:52:30 +0300 Subject: [PATCH 05/23] Remove SQL reference from MongoDB docs --- docs/services/mongodb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/services/mongodb.md b/docs/services/mongodb.md index b0544f6..429fa2a 100644 --- a/docs/services/mongodb.md +++ b/docs/services/mongodb.md @@ -61,7 +61,7 @@ This section shows you how to perform various maintenance tasks related to the M Table of contents: -- [Getting a database terminal](#getting-a-database-terminal), for when you wish to execute SQL queries +- [Getting a database terminal](#getting-a-database-terminal), for when you wish to execute queries - [Backing up MongoDB](#backing-up-mongodb), for when you wish to make a backup From 6dd15a626ff7b4947cc705c27daab56bf64c726f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 18:20:33 +0300 Subject: [PATCH 06/23] Upgrade Infisical (v0.3.8-0 -> v0.3.8-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 08b094c..17eded9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -81,7 +81,7 @@ version: v1.23.3-2 name: hubsite - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git - version: v0.3.8-0 + version: v0.3.8-1 name: infisical - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 From 5156a87233ea76be724d556927892b21b7225288 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 18:29:27 +0300 Subject: [PATCH 07/23] Add "Email configuration" section to Infisical docs --- docs/services/infisical.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/docs/services/infisical.md b/docs/services/infisical.md index aac4486..29c5e7c 100644 --- a/docs/services/infisical.md +++ b/docs/services/infisical.md @@ -52,7 +52,28 @@ Hosting Infisical under a subpath (by configuring the `infisical_path_prefix` va Public registration can be enabled/disabled using the `infisical_backend_environment_variable_invite_only_signup` variable. -We recommend installing with public registration enabled at first (which is the default value for this variable), creating your first user account, and then disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` to `true`. +We recommend installing with public registration enabled at first (which is the default value for this variable), creating your first user account, and then disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` to `true`. Enabling invite-only signup requires that you configure [Email configuration](#email-configuration) + + +### Email configuration + +As described in the Infisical documentation about [Email](https://infisical.com/docs/self-hosting/configuration/email), some important functionality requires email-sending to be configured. + +Here are some additional variables you can add to your `vars.yml` file: + +```yaml +infisical_backend_environment_variable_smtp_host: smtp.example.com +infisical_backend_environment_variable_smtp_port: 587 +infisical_backend_environment_variable_smtp_secure: false + +infisical_backend_environment_variable_smtp_username: infisical@example.com +infisical_backend_environment_variable_smtp_password: '' + +infisical_backend_environment_variable_smtp_address: infisical@example.com +infisical_backend_environment_variable_smtp_name: Infisical +``` + +For additional SMTP-related variables, consult the [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-infisical/blob/main/defaults/main.yml) in the [ansible-role-infisical](https://github.com/mother-of-all-self-hosting/ansible-role-infisical) Ansible role. ## Usage @@ -61,4 +82,4 @@ After installation, you can go to the Infisical URL, as defined in `infisical_ho As mentioned in [Authentication](#authentication) above, you can create the first user from the web interface. -If you'd like to prevent other users from registering, consider disabling public registration by explicitly setting `infisical_backend_environment_variable_invite_only_signup` variable to `true` in your configuration and re-running the playbook (`just install-service infisical`). +If you'd like to prevent other users from registering, consider disabling public registration as described in the [Authentication](#authentication) section and re-running the playbook (`just install-service infisical`). From ea4f648a03f1b8abed7f5225d93cac403e7d980d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 18:30:34 +0300 Subject: [PATCH 08/23] Upgrade Authentik (v2023.5.2-1 -> v2023.5.3-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 17eded9..2aa9255 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,7 +7,7 @@ version: v1.9.20.4-0 name: appsmith - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-authentik.git - version: v2023.5.2-1 + version: v2023.5.3-0 name: authentik - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git version: v1.0.0-1 From 4064d489e9cca120ae3d9856abce2f4b3650a6cb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 18:44:13 +0300 Subject: [PATCH 09/23] Upgrade Infisical (v0.3.8-1 -> v0.3.8-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2aa9255..bc606dc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -81,7 +81,7 @@ version: v1.23.3-2 name: hubsite - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git - version: v0.3.8-1 + version: v0.3.8-2 name: infisical - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 From cd90449e8d671caa97794857d4d0d78a7479e315 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Jun 2023 21:33:54 +0300 Subject: [PATCH 10/23] Upgrade Lago (v0.34.3-0 -> v0.35.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index bc606dc..5721559 100644 --- a/requirements.yml +++ b/requirements.yml @@ -90,7 +90,7 @@ version: v21.1.1-0 name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-lago.git - version: v0.34.3-0 + version: v0.35.0-0 name: lago - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-mariadb.git version: v10.11.2-0 From f27d720b8b8a51ffb95bd35a98e38e67ab5b2147 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Jun 2023 17:26:03 +0300 Subject: [PATCH 11/23] Upgrade Healthchecks (v2.8.1-0 -> v2.9.1-0) --- docs/services/healthchecks.md | 6 +----- requirements.yml | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/services/healthchecks.md b/docs/services/healthchecks.md index 746a807..a4305dc 100644 --- a/docs/services/healthchecks.md +++ b/docs/services/healthchecks.md @@ -25,7 +25,7 @@ To enable this service, add the following configuration to your `vars.yml` file healthchecks_enabled: true healthchecks_hostname: mash.example.com -# Note: hosting under a path prefix is somewhat problematic. See below. + healthchecks_path_prefix: /healthchecks ######################################################################## @@ -41,10 +41,6 @@ In the example configuration above, we configure the service to be hosted at `ht You can remove the `healthchecks_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. -**Note**: there are minor quirks when hosting under a subpath, such as: - -- [Fonts not loading, because it attempts to load them from `/static` instead of `/path-prefix/static`](https://github.com/healthchecks/healthchecks/issues/822) - ### Authentication The first superuser account is created after installation. See [Usage](#usage). diff --git a/requirements.yml b/requirements.yml index 5721559..85af4d7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -75,7 +75,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v9.5.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-healthchecks.git - version: v2.8.1-0 + version: v2.9.1-0 name: healthchecks - src: git+https://github.com/moan0s/hubsite.git version: v1.23.3-2 From ea1d0c6981542f9d30bc95f2b6f77f9ebf612a4a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Jun 2023 09:59:51 +0300 Subject: [PATCH 12/23] Upgrade Healthchecks (v2.9.1-0 -> v2.9.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 85af4d7..9b8b5e2 100644 --- a/requirements.yml +++ b/requirements.yml @@ -75,7 +75,7 @@ - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v9.5.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-healthchecks.git - version: v2.9.1-0 + version: v2.9.2-0 name: healthchecks - src: git+https://github.com/moan0s/hubsite.git version: v1.23.3-2 From fea103440ae40ec1c1e7b5a862acaf92b5af0695 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Jun 2023 12:00:17 +0300 Subject: [PATCH 13/23] Upgrade Infisical (v0.3.8-2 -> v0.3.8-3) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 9b8b5e2..d4582c0 100644 --- a/requirements.yml +++ b/requirements.yml @@ -81,7 +81,7 @@ version: v1.23.3-2 name: hubsite - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git - version: v0.3.8-2 + version: v0.3.8-3 name: infisical - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 From fa037aca745094b06d5adcc2dd4bd4b2af94b2b3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Jun 2023 12:09:16 +0300 Subject: [PATCH 14/23] Upgrade Syncthing (v1.23.4-1 -> v1.23.5-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d4582c0..e58db67 100644 --- a/requirements.yml +++ b/requirements.yml @@ -147,7 +147,7 @@ - src: git+https://gitlab.com/etke.cc/roles/swap.git version: abfb18b6862108bbf24347500446203170324d7f - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-syncthing.git - version: v1.23.4-1 + version: v1.23.5-0 name: syncthing - src: git+https://gitlab.com/etke.cc/roles/uptime_kuma.git version: v1.21.3-0 From 36f46410e9788a9a7182eadb4346622d8d0626a5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Jun 2023 14:37:29 +0300 Subject: [PATCH 15/23] Upgrade Infisical (v0.3.8-3 -> v0.3.8-4) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e58db67..cf19de3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -81,7 +81,7 @@ version: v1.23.3-2 name: hubsite - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-infisical.git - version: v0.3.8-3 + version: v0.3.8-4 name: infisical - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-0 From b0adfcff97b051a48c4b2862125d4c6b55301112 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 7 Jun 2023 09:44:29 +0300 Subject: [PATCH 16/23] update grafana 9.5.2 -> 9.5.3; update borgmatic 1.7.13 -> 1.7.14 --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index cf19de3..ac10bf9 100644 --- a/requirements.yml +++ b/requirements.yml @@ -13,7 +13,7 @@ version: v1.0.0-1 name: aux - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.13-0 + version: v1.2.4-1.7.14-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-collabora-online.git version: v22.05.13.1.1-0 name: collabora_online @@ -73,7 +73,7 @@ version: v0.9.0-0 name: gotosocial - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v9.5.2-0 + version: v9.5.3-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-healthchecks.git version: v2.9.2-0 name: healthchecks From 3a9bb70d814a3768df0e535133e1bb9945d3cc20 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 8 Jun 2023 11:03:56 +0300 Subject: [PATCH 17/23] Upgrade Nextcloud (v26.0.1-0 -> v26.0.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ac10bf9..96cf0b3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -113,7 +113,7 @@ version: v3.4.7-2.5.2-2 name: netbox - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git - version: v26.0.1-0 + version: v26.0.2-0 name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-owncast.git version: v0.1.0-0 From 2176f0b551d25ef69d53fdbf1a337a79a1185ac5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Jun 2023 11:15:41 +0300 Subject: [PATCH 18/23] Upgrade Lago (v0.35.0-0 -> v0.36.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 96cf0b3..0ffbd29 100644 --- a/requirements.yml +++ b/requirements.yml @@ -90,7 +90,7 @@ version: v21.1.1-0 name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-lago.git - version: v0.35.0-0 + version: v0.36.0-0 name: lago - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-mariadb.git version: v10.11.2-0 From 061314bbd0e96cb40ab5a2367d202fe3a7eb4a28 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 10 Jun 2023 09:51:18 +0300 Subject: [PATCH 19/23] Upgrade Lago (v0.36.0-0 -> v0.36.1-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0ffbd29..fde4003 100644 --- a/requirements.yml +++ b/requirements.yml @@ -90,7 +90,7 @@ version: v21.1.1-0 name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-lago.git - version: v0.36.0-0 + version: v0.36.1-0 name: lago - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-mariadb.git version: v10.11.2-0 From 5487251c08bb573d91d30cd950fe8413c13d7422 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 12 Jun 2023 07:16:35 +0300 Subject: [PATCH 20/23] Upgrade Traefik (v2.10.1-1 -> v2.10.1-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index fde4003..3fcbdd5 100644 --- a/requirements.yml +++ b/requirements.yml @@ -38,7 +38,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.1-1 + version: v2.10.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_agent.git version: v0.15.8-0 - src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git From f874c5d8571b57a0af4cd8eedc931ad5a2e579e0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 13 Jun 2023 17:33:07 +0300 Subject: [PATCH 21/23] Upgrade Appsmith (v1.9.20.4-0 -> v1.9.22-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 3fcbdd5..cdff650 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v0.107.26-1 name: adguard_home - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-appsmith.git - version: v1.9.20.4-0 + version: v1.9.22-0 name: appsmith - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-authentik.git version: v2023.5.3-0 From 92d1e4a5bd768a3f96bbe7a56b619a934fade94f Mon Sep 17 00:00:00 2001 From: ZenKyma <116916092+ZenKyma@users.noreply.github.com> Date: Thu, 15 Jun 2023 16:54:12 +0200 Subject: [PATCH 22/23] Update configuring-playbook.md Reference to where to find roles after just roles --- docs/configuring-playbook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index cb4c7a4..f27330d 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -11,7 +11,7 @@ You can then follow these steps inside the playbook directory: 2. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars//vars.yml`) -3. edit the configuration file (`inventory/host_vars//vars.yml`) to your liking. You should [enable one or more services](supported-services.md) in your `vars.yml` file. You may also take a look at the various `roles/**/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. +3. edit the configuration file (`inventory/host_vars//vars.yml`) to your liking. You should [enable one or more services](supported-services.md) in your `vars.yml` file. You may also take a look at the various `roles/**/ROLE_NAME_HERE/defaults/main.yml` files (after importing external roles with `just roles` into `roles/galaxy`) and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. 4. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) From 7e0a5cf306d98ebb3455f18b551fb1a9af773fec Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 Jun 2023 09:00:43 +0300 Subject: [PATCH 23/23] Rename aux role directory to auxiliary to work around problems on NTFS Related to: - https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2738 - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2739 - https://github.com/mother-of-all-self-hosting/mash-playbook/pull/40 --- requirements.yml | 2 +- setup.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index cdff650..11f4bc6 100644 --- a/requirements.yml +++ b/requirements.yml @@ -11,7 +11,7 @@ name: authentik - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git version: v1.0.0-1 - name: aux + name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git version: v1.2.4-1.7.14-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-collabora-online.git diff --git a/setup.yml b/setup.yml index 8534cbf..21f74ec 100644 --- a/setup.yml +++ b/setup.yml @@ -138,7 +138,7 @@ - role: galaxy/com.devture.ansible.role.woodpecker_ci_server - role: galaxy/com.devture.ansible.role.woodpecker_ci_agent - - role: galaxy/aux + - role: galaxy/auxiliary - when: devture_systemd_service_manager_enabled | bool role: galaxy/com.devture.ansible.role.systemd_service_manager