From 7c222835be5eb22561affe3cae77f020d6afd53f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 13:11:13 +0100 Subject: [PATCH 01/61] Lay foundation for GoToSocial --- docs/services/gotosocial.md | 42 +++++++++++++++++++++++++++++++++ group_vars/mash_servers | 47 +++++++++++++++++++++++++++++++++++++ setup.yml | 2 ++ 3 files changed, 91 insertions(+) create mode 100644 docs/services/gotosocial.md diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md new file mode 100644 index 0000000..f149942 --- /dev/null +++ b/docs/services/gotosocial.md @@ -0,0 +1,42 @@ +# GoToSocial + +[GoToSocial](https://gotosocial.org/) is a self-hosted [ActivityPub](https://activitypub.rocks/) social network server, that this playbook can install, powered by the [moan0s/role-gotosocial](https://github.com/moan0s/role-gotosocial) Ansible role. + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# gotosocial # +# # +######################################################################## + +gotosocial_enabled: true +gotosocial_hostname: 'social.example.org' + +######################################################################## +# # +# /gotosocial # +# # +######################################################################## +``` + +After installation, you can use `just run-tags firezone-create-or-reset-admin` any time to: +- create the configured admin account +- or, reset the password to the current password configured in `vars.yml` + +### Networking + +By default, the following ports will be exposed by the container on **all network interfaces**: + +- `51820` over **UDP**, controlled by `firezone_wireguard_bind_port` - used for [Wireguard](https://en.wikipedia.org/wiki/WireGuard) connections + +Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it. + +### Usage + +After [installing](../installing.md), you can login at the URL specified in `firezone_hostname`, with the credentials set in `firezone_default_admin_email` and `firezone_default_admin_password`. + +Refer to the [official documentation](https://www.firezone.dev/docs/user-guides/add-devices/) to figure out how to add devices, etc. diff --git a/group_vars/mash_servers b/group_vars/mash_servers index bf4d12b..9e1c469 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1348,3 +1348,50 @@ firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certReso # /firezone # # # ######################################################################## + + +######################################################################## +# # +# gotsocial # +# # +######################################################################## + +gotosocial_enabled: false + +gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial" + +gotosocial_base_path: "{{ mash_playbook_base_path }}/gotosocial" + +gotosocial_uid: "{{ mash_playbook_uid }}" +gotosocial_gid: "{{ mash_playbook_gid }}" + +gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +gotosocial_database_name: "{{ gotosocial_identifier }}" +gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" +gotosocial_database_user: "{{ gotosocial_identifier }}" + +gotosocial_systemd_required_services_list: | + {{ + (['docker.service']) + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else []) + }} + +gotosocial_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else []) + }} + +gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /gotosocial # +# # +######################################################################## diff --git a/setup.yml b/setup.yml index 4413310..14173b7 100644 --- a/setup.yml +++ b/setup.yml @@ -66,6 +66,8 @@ - role: galaxy/gitea + - role: galaxy/gotosocial + - role: galaxy/grafana - role: galaxy/miniflux From 1b5d5bfeeb36e8de6a0b9b19b80a01d386afef1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 15:35:53 +0100 Subject: [PATCH 02/61] Add GotoSocial --- docs/services/gotosocial.md | 24 +++++++++++------------- group_vars/mash_servers | 8 +++++++- requirements.yml | 4 ++++ 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index f149942..195c81c 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -23,20 +23,18 @@ gotosocial_hostname: 'social.example.org' ######################################################################## ``` -After installation, you can use `just run-tags firezone-create-or-reset-admin` any time to: -- create the configured admin account -- or, reset the password to the current password configured in `vars.yml` - -### Networking - -By default, the following ports will be exposed by the container on **all network interfaces**: - -- `51820` over **UDP**, controlled by `firezone_wireguard_bind_port` - used for [Wireguard](https://en.wikipedia.org/wiki/WireGuard) connections - -Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it. +After installation, you can use `ansible-playbook -i inventory/hosts setup.yml --tags=gotosocial-add-user --extra-vars "username= email= password="` +to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account. ### Usage -After [installing](../installing.md), you can login at the URL specified in `firezone_hostname`, with the credentials set in `firezone_default_admin_email` and `firezone_default_admin_password`. +After [installing](../installing.md), you can visti at the URL specified in `firezone_hostname` and should see your instance. +Start to customize it at `social.example.org/admin`. -Refer to the [official documentation](https://www.firezone.dev/docs/user-guides/add-devices/) to figure out how to add devices, etc. +Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use +```bash +docker exec -it mash-gotosocial /gotosocial/gotosocial admin account demote --username +``` +to demote a user from admin to normal user. + +Refer to the [great official documentation](https://docs.gotosocial.org/en/latest/) for more information on GoToSocial. diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 9e1c469..41af26a 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -174,6 +174,12 @@ devture_postgres_managed_databases_auto: | 'password': devture_woodpecker_ci_server_database_datasource_password, }] if devture_woodpecker_ci_server_enabled else []) + + ([{ + 'name': gotosocial_database_name, + 'username': gotosocial_database_username, + 'password': gotosocial_database_password, + }] if gotosocial_enabled else []) + + ([{ 'name': miniflux_database_name, 'username': miniflux_database_username, @@ -1369,7 +1375,7 @@ gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_en gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gotosocial_database_name: "{{ gotosocial_identifier }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" -gotosocial_database_user: "{{ gotosocial_identifier }}" +gotosocial_database_username: "{{ gotosocial_identifier }}" gotosocial_systemd_required_services_list: | {{ diff --git a/requirements.yml b/requirements.yml index 5666498..214219a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -130,3 +130,7 @@ - src: git+https://github.com/moan0s/role-firezone.git name: firezone version: 260f0049ea07e1a39df7cf118b267c15477f70be + +- src: git+https://github.com/moan0s/role-gotosocial.git + name: gotosocial + version: 837b94371e6d8629a8c5a659c6362fc678f775ef From e3543beb1dfc9d9c6a37fbc16b7127a2e0d5c0d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 15:47:34 +0100 Subject: [PATCH 03/61] Add GotoSocial to systemd service list --- group_vars/mash_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 41af26a..d63667a 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -120,6 +120,8 @@ devture_systemd_service_manager_services_list_auto: | ([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else []) + ([{'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']}] if firezone_enabled else []) + + + ([{'name': (gotosocial_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gotosocial']}] if gotosocial_enabled else []) }} ######################################################################## From 5516c5769744b6f36ae0227550ec7a7fdbf07703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 15:54:43 +0100 Subject: [PATCH 04/61] docs: Add gotosocial to supported services --- docs/supported-services.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/supported-services.md b/docs/supported-services.md index ac2aa9b..c78d14a 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -11,6 +11,7 @@ | [Focalboard](https://www.focalboard.com/) | An open source, self-hosted alternative to [Trello](https://trello.com/), [Notion](https://www.notion.so/), and [Asana](https://asana.com/). | [Link](services/focalboard.md) | | [Firezone](https://www.firezone.dev/) | A self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with a Web UI | [Link](services/firezone.md) | | [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | +| [GotoSocial](https://gotosocial.org/) | [GoToSocial](https://gotosocial.org/) is a self-hosted [ActivityPub](https://activitypub.rocks/) social network server | [Link](services/gotosocial.md) | | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | From 1487e8ad17812ee637ae4a2ab8efd336ad906120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 17:10:22 +0100 Subject: [PATCH 05/61] chore: Bump gts role version, always creates label, change role location to mash --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index 9aef5be..ade7763 100644 --- a/requirements.yml +++ b/requirements.yml @@ -131,6 +131,6 @@ name: firezone version: ac8564d5e11a75107ba93aec6427b83be824c30a -- src: git+https://github.com/moan0s/role-gotosocial.git +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 837b94371e6d8629a8c5a659c6362fc678f775ef + version: 955e59bf610c4ab1de44240ea09fe4766d140ed7 From 2573c3c385f8e136f91988e10e4693fe18051d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 18:55:55 +0100 Subject: [PATCH 06/61] chore: Bump gts role version * Add gotosocial_container_http_port * Use var for docker base command * Add identifier to service * Remove hardcoded uid/gid * Add option to expose gotosocial 8080 port to host * Formatting: identation * Formatting: newline * Remove unused setting * Use identifier for traefik too * Remove uneccessary var (copy artifact) * Add container registry options --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index ade7763..2385f8c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -133,4 +133,4 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 955e59bf610c4ab1de44240ea09fe4766d140ed7 + version: 525a7a934711a57aa7aaccfa71fa27e1cc3f9fbf From 1605ca2539b37f325c21cff0ffdb75c967d23ede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 19:33:48 +0100 Subject: [PATCH 07/61] chore: Bump gts role version * Add http security headers * Extend traefik configuarability * Use port --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2385f8c..33757ce 100644 --- a/requirements.yml +++ b/requirements.yml @@ -133,4 +133,4 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 525a7a934711a57aa7aaccfa71fa27e1cc3f9fbf + version: 883bc23dcd0df782505a58f50c53c984e739ebbd From fc4f415d961c08ebf20cd9587121bf86bdadaa2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 20:55:22 +0100 Subject: [PATCH 08/61] Add GoToSocial to hubsite --- group_vars/mash_servers | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index adca8de..8f0edc6 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1248,6 +1248,14 @@ hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png" hubsite_service_gitea_description: "A git service" hubsite_service_gitea_priority: 1000 +# GoToSocial +hubsite_service_gotosocial_enabled: "{{ gotosocial_enabled }}" +hubsite_service_gotosocial_name: GoToSocial +hubsite_service_gotosocial_url: "https://{{ gotosocial_hostname }}" +hubsite_service_gotosocial_logo_location: "{{ role_path }}/assets/gotosocial.png" +hubsite_service_gotosocial_description: "A fediverse server" +hubsite_service_gotosocial_priority: 1000 + # Miniflux hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}" hubsite_service_miniflux_name: Miniflux @@ -1293,6 +1301,8 @@ hubsite_service_list_auto: | {{ ([{'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority}] if hubsite_service_gitea_enabled else []) + + ([{'name': hubsite_service_gotosocial_name, 'url': hubsite_service_gotosocial_url, 'logo_location': hubsite_service_gotosocial_logo_location, 'description': hubsite_service_gotosocial_description, 'priority': hubsite_service_gotosocial_priority}] if hubsite_service_gotosocial_enabled else []) + + ([{'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority}] if hubsite_service_miniflux_enabled else []) + ([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else []) From e124241e1a40c8f627578de7052a8e5dc9d8daeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 21:00:52 +0100 Subject: [PATCH 09/61] Bump hubsite version to include gts logo --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 33757ce..2c2fb8b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -125,7 +125,7 @@ - src: git+https://github.com/moan0s/hubsite.git name: hubsite - version: da6fed398a9dd0761db941cb903b53277c341cc6 + version: b64a45e4b9e01a773598a9a753dcd2dff1179c1b - src: git+https://github.com/moan0s/role-firezone.git name: firezone From 94d0e1414b0e6c91ff751eb17c251f354df86c6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 23:51:37 +0100 Subject: [PATCH 10/61] Adjust role path --- docs/services/gotosocial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index 195c81c..f93f941 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -1,6 +1,6 @@ # GoToSocial -[GoToSocial](https://gotosocial.org/) is a self-hosted [ActivityPub](https://activitypub.rocks/) social network server, that this playbook can install, powered by the [moan0s/role-gotosocial](https://github.com/moan0s/role-gotosocial) Ansible role. +[GoToSocial](https://gotosocial.org/) is a self-hosted [ActivityPub](https://activitypub.rocks/) social network server, that this playbook can install, powered by the [mother-of-all-self-hosting/ansible-role-gotosocial](https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial) Ansible role. ## Configuration From c815a3f0aecad40eef8ed11d00d5e4fd07f6fc0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Fri, 24 Mar 2023 23:52:50 +0100 Subject: [PATCH 11/61] Adjust role path --- docs/services/firezone.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/services/firezone.md b/docs/services/firezone.md index 707313f..d4fbf2a 100644 --- a/docs/services/firezone.md +++ b/docs/services/firezone.md @@ -1,6 +1,6 @@ # Firezone -[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [moan0s/role-firezone](https://github.com/moan0s/role-firezone) Ansible role. +[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [mother-of-all-self-hosting/ansible-role-firezone](https://github.com/mother-of-all-self-hosting/ansible-role-firezone) Ansible role. ## Configuration From d346fd1c0b6cae24b682689ece125ed4001b51d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 09:13:45 +0100 Subject: [PATCH 12/61] Fix domain variable --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2c2fb8b..12f6b89 100644 --- a/requirements.yml +++ b/requirements.yml @@ -133,4 +133,4 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 883bc23dcd0df782505a58f50c53c984e739ebbd + version: 148933d390a2a789ee4595a593d825e64d5e6f46 From b4dfdcf2ff275b63fcdd01246aa8e27b67551f29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 09:15:53 +0100 Subject: [PATCH 13/61] Make use of mash_playbook_service_base_directory_name_prefix --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 8f0edc6..3b2ff5c 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1378,7 +1378,7 @@ gotosocial_enabled: false gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial" -gotosocial_base_path: "{{ mash_playbook_base_path }}/gotosocial" +gotosocial_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gotosocial" gotosocial_uid: "{{ mash_playbook_uid }}" gotosocial_gid: "{{ mash_playbook_gid }}" From be759e25cd35b0d3a8e493babbfc5a9ec8f7cf5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 13:30:15 +0100 Subject: [PATCH 14/61] Add to husbite * Add prometheus, radicale, syncthing, woodpecker, focalboard, docker registry browser and adguard --- group_vars/mash_servers | 79 +++++++++++++++++++++++++++++++++++++++++ requirements.yml | 2 +- 2 files changed, 80 insertions(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 3ceb85f..c813d53 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1267,6 +1267,30 @@ hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResol # Services ########## +# Adguard home +hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}" +hubsite_service_adguard_home_name: Adguard Home +hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}" +hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png" +hubsite_service_adguard_home_description: "A DNS based adblocker" +hubsite_service_adguard_home_priority: 1000 + +# Docker Registry Browser +hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}" +hubsite_service_docker_registry_browser_name: Docker Registry Browser +hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}" +hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png" +hubsite_service_docker_registry_browser_description: "Browse docker images" +hubsite_service_docker_registry_browser_priority: 1000 + +# Focalboard +hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}" +hubsite_service_focalboard_name: Focalboard +hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}" +hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png" +hubsite_service_focalboard_description: "A git service" +hubsite_service_focalboard_priority: 1000 + # Gitea hubsite_service_gitea_enabled: "{{ gitea_enabled }}" hubsite_service_gitea_name: Gitea @@ -1275,6 +1299,15 @@ hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png" hubsite_service_gitea_description: "A git service" hubsite_service_gitea_priority: 1000 +# Grafana +hubsite_service_grafana_enabled: "{{ grafana_enabled }}" +hubsite_service_grafana_name: Grafana +hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}" +hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png" +hubsite_service_grafana_description: "Check how your server is doing" +hubsite_service_grafana_priority: 1000 + + # Miniflux hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}" hubsite_service_miniflux_name: Miniflux @@ -1299,6 +1332,30 @@ hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png" hubsite_service_peertube_description: "Watch and upload videos" hubsite_service_peertube_priority: 1000 +# Prometheus +hubsite_service_prometheus_enabled: "{{ prometheus_enabled }}" +hubsite_service_prometheus_name: prometheus +hubsite_service_prometheus_url: "https://{{ prometheus_hostname }}{{ prometheus_path_prefix }}" +hubsite_service_prometheus_logo_location: "{{ role_path }}/assets/prometheus.png" +hubsite_service_prometheus_description: "Collect monitoring data" +hubsite_service_prometheus_priority: 1000 + +# Radicale +hubsite_service_radicale_enabled: "{{ radicale_enabled }}" +hubsite_service_radicale_name: Radicale +hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}" +hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png" +hubsite_service_radicale_description: "" +hubsite_service_radicale_priority: 1000 + +# Syncthing +hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}" +hubsite_service_syncthing_name: Syncthing +hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}" +hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png" +hubsite_service_syncthing_description: "" +hubsite_service_syncthing_priority: 1000 + # Uptime Kuma hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}" hubsite_service_uptime_kuma_name: Uptime Kuma @@ -1316,19 +1373,41 @@ hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.p hubsite_service_vaultwarden_description: "Securely access your passwords" hubsite_service_vaultwarden_priority: 1000 +# Woodpecker CI +hubsite_service_woodpecker_ci_enabled: "{{ woodpecker_ci_enabled }}" +hubsite_service_woodpecker_ci_name: Woodpecker CI +hubsite_service_woodpecker_ci_url: "https://{{ woodpecker_ci_hostname }}{{ woodpecker_ci_path_prefix }}" +hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" +hubsite_service_woodpecker_ci_description: "Securely access your passwords" +hubsite_service_woodpecker_ci_priority: 1000 + hubsite_service_list_auto: | {{ + ([{'name': hubsite_service_adguard_home_name, 'url': hubsite_service_adguard_home_url, 'logo_location': hubsite_service_adguard_home_logo_location, 'description': hubsite_service_adguard_home_description, 'priority': hubsite_service_adguard_home_priority}] if hubsite_service_adguard_home_enabled else []) + + + ([{'name': hubsite_service_focalboard_name, 'url': hubsite_service_focalboard_url, 'logo_location': hubsite_service_focalboard_logo_location, 'description': hubsite_service_focalboard_description, 'priority': hubsite_service_focalboard_priority}] if hubsite_service_focalboard_enabled else []) + + ([{'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority}] if hubsite_service_gitea_enabled else []) + + ([{'name': hubsite_service_grafana_name, 'url': hubsite_service_grafana_url, 'logo_location': hubsite_service_grafana_logo_location, 'description': hubsite_service_grafana_description, 'priority': hubsite_service_grafana_priority}] if hubsite_service_grafana_enabled else []) + + ([{'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority}] if hubsite_service_miniflux_enabled else []) + ([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else []) + ([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else []) + + ([{'name': hubsite_service_prometheus_name, 'url': hubsite_service_prometheus_url, 'logo_location': hubsite_service_prometheus_logo_location, 'description': hubsite_service_prometheus_description, 'priority': hubsite_service_prometheus_priority}] if hubsite_service_prometheus_enabled else []) + + + ([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else []) + + ([{'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority}] if hubsite_service_uptime_kuma_enabled else []) + + ([{'name': hubsite_service_syncthing_name, 'url': hubsite_service_syncthing_url, 'logo_location': hubsite_service_syncthing_logo_location, 'description': hubsite_service_syncthing_description, 'priority': hubsite_service_syncthing_priority}] if hubsite_service_syncthing_enabled else []) + + ([{'name': hubsite_service_vaultwarden_name, 'url': hubsite_service_vaultwarden_url, 'logo_location': hubsite_service_vaultwarden_logo_location, 'description': hubsite_service_vaultwarden_description, 'priority': hubsite_service_vaultwarden_priority}] if hubsite_service_vaultwarden_enabled else []) + + + ([{'name': hubsite_service_woodpecker_ci_name, 'url': hubsite_service_woodpecker_ci_url, 'logo_location': hubsite_service_woodpecker_ci_logo_location, 'description': hubsite_service_woodpecker_ci_description, 'priority': hubsite_service_woodpecker_ci_priority}] if hubsite_service_woodpecker_ci_enabled else []) }} ######################################################################## diff --git a/requirements.yml b/requirements.yml index 7ee6e6a..a7d1b16 100644 --- a/requirements.yml +++ b/requirements.yml @@ -130,7 +130,7 @@ - src: git+https://github.com/moan0s/hubsite.git name: hubsite - version: da6fed398a9dd0761db941cb903b53277c341cc6 + version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe - src: git+https://github.com/moan0s/role-firezone.git name: firezone From 9e3069277d073622d66d7240c28c80d7e4b94e5a Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 15:40:07 +0200 Subject: [PATCH 15/61] format justfile, safely integrate agru --- justfile | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/justfile b/justfile index e4b69d7..5598216 100644 --- a/justfile +++ b/justfile @@ -1,44 +1,50 @@ # Shows help default: - @just --list --justfile {{ justfile() }} + @just --list --justfile {{ justfile() }} # Pulls external Ansible roles roles: - rm -rf roles/galaxy - ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force + #!/usr/bin/env bash + set -euo pipefail + if [ -x "$(command -v agru)" ]; then + agru + else + rm -rf roles/galaxy + ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force + fi # Runs ansible-lint against all roles in the playbook lint: - ansible-lint + ansible-lint # Runs the playbook with --tags=install-all,start and optional arguments install-all *extra_args: (run-tags "install-all,start" extra_args) # Runs installation tasks for a single service install-service service *extra_args: - just --justfile {{ justfile() }} run --tags=install-{{ service }},start-group --extra-vars=group={{ service }} {{ extra_args }} + just --justfile {{ justfile() }} run --tags=install-{{ service }},start-group --extra-vars=group={{ service }} {{ extra_args }} # Runs the playbook with --tags=setup-all,start and optional arguments setup-all *extra_args: (run-tags "setup-all,start" extra_args) # Runs the playbook with the given list of arguments run +extra_args: - time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }} + time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }} # Runs the playbook with the given list of comma-separated tags and optional arguments run-tags tags *extra_args: - just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }} + just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }} # Starts all services start-all *extra_args: (run-tags "start-all" extra_args) # Starts a specific service group start-group group *extra_args: - @just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} + @just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} # Stops all services stop-all *extra_args: (run-tags "stop-all" extra_args) # Stops a specific service group stop-group group *extra_args: - @just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} + @just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} From f8202aeb05dc31ddf62b152c641d4965ea0d7759 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 15:41:54 +0200 Subject: [PATCH 16/61] add just update --- justfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/justfile b/justfile index 5598216..4d96b55 100644 --- a/justfile +++ b/justfile @@ -13,6 +13,10 @@ roles: ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force fi +# Updates requirements.yml if there are any new tags available. Requires agru +update: + @agru -u + # Runs ansible-lint against all roles in the playbook lint: ansible-lint From 28a1bbe55a57f73ff73a13279d215b0fe38f9b4c Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 15:48:33 +0200 Subject: [PATCH 17/61] fix urls to avoid redirects --- requirements.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.yml b/requirements.yml index 7ee6e6a..d9dfc92 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,13 +4,13 @@ name: geerlingguy.docker version: 6.1.0 -- src: git+https://gitlab.com/etke.cc/roles/swap +- src: git+https://gitlab.com/etke.cc/roles/swap.git version: 843a0222b76a5ec361b35f31bf4dc872b6d7d54e -- src: git+https://gitlab.com/etke.cc/roles/ssh +- src: git+https://gitlab.com/etke.cc/roles/ssh.git version: 237adf859f9270db8a60e720bc4a58164806644e -- src: git+https://gitlab.com/etke.cc/roles/fail2ban +- src: git+https://gitlab.com/etke.cc/roles/fail2ban.git version: 09886730e8d3c061f22d1da4a542899063f97f0a - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From ed613b386d5285f1606ad9dd512a6f9429a487e9 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 15:49:21 +0200 Subject: [PATCH 18/61] format requirements.yml using agru --- requirements.yml | 73 +++++++++++------------------------------------- 1 file changed, 16 insertions(+), 57 deletions(-) diff --git a/requirements.yml b/requirements.yml index d9dfc92..70f5cef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,137 +1,96 @@ ---- - - src: git+https://github.com/geerlingguy/ansible-role-docker - name: geerlingguy.docker version: 6.1.0 - + name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/swap.git version: 843a0222b76a5ec361b35f31bf4dc872b6d7d54e - - src: git+https://gitlab.com/etke.cc/roles/ssh.git version: 237adf859f9270db8a60e720bc4a58164806644e - - src: git+https://gitlab.com/etke.cc/roles/fail2ban.git version: 09886730e8d3c061f22d1da4a542899063f97f0a - - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git version: 129c8590e106b83e6f4c259649a613c6279e937a - - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f - - src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git version: 327d2e17f5189ac2480d6012f58cf64a2b46efba - - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: 3d5bb2976815958cdce3f368fa34fb51554f899b - - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git version: 38764398bf82b06a1736c3bfedc71dfd229e4b52 - - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 8e9ec48a09284c84704d7a2dce17da35f181574d - - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-1 - - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: v2.9.9-0 - - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096 - - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 - - src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git version: v0.15.7-2 - - src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_agent.git version: v0.15.7-1 - - src: git+https://gitlab.com/etke.cc/roles/miniflux.git version: v2.0.43-2 - - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v9.4.7-0 - - src: git+https://gitlab.com/etke.cc/roles/radicale.git version: v3.1.8.1-2 - - src: git+https://gitlab.com/etke.cc/roles/uptime_kuma.git version: v1.21.0-0 - - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.0.10-0 - - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.5.0-7 - - src: git+https://gitlab.com/etke.cc/roles/prometheus_blackbox_exporter.git version: v0.23.0-3 - - src: git+https://gitlab.com/etke.cc/roles/redmine.git version: v5.0.5-1 - - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git - name: adguard_home version: v0.107.26-0 - + name: adguard_home - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git + version: v1.0.0-0 name: aux - version: v1.0.0-0 - - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-collabora-online.git - name: collabora_online version: v22.05.12.1.1-0 - + name: collabora_online - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry.git - name: docker_registry version: v2.8.1-1 - + name: docker_registry - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry-browser.git - name: docker_registry_browser version: v1.6.0-0 - + name: docker_registry_browser - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry-purger.git - name: docker_registry_purger version: v1.0.0-0 - + name: docker_registry_purger - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-focalboard.git - name: focalboard version: v7.8.0-0 - + name: focalboard - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git - name: gitea version: v1.19.0-0 - + name: gitea - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git - name: nextcloud version: v26.0.0-0 - + name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git - name: peertube version: v5.1.0-0 - + name: peertube - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - name: prometheus version: v2.43.0-0 - + name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-syncthing.git - name: syncthing version: v1.23.2-0 - + name: syncthing - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git - name: vaultwarden version: v1.27.0-2 - + name: vaultwarden - src: git+https://github.com/moan0s/hubsite.git - name: hubsite version: da6fed398a9dd0761db941cb903b53277c341cc6 - + name: hubsite - src: git+https://github.com/moan0s/role-firezone.git - name: firezone version: ac8564d5e11a75107ba93aec6427b83be824c30a + name: firezone From 2be8286d07bf67b5af26d79f8801641415af4c91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 14:49:55 +0100 Subject: [PATCH 19/61] Remove Prometheus It currently does not expose the web gui --- group_vars/mash_servers | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index c813d53..c8a81a0 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1332,14 +1332,6 @@ hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png" hubsite_service_peertube_description: "Watch and upload videos" hubsite_service_peertube_priority: 1000 -# Prometheus -hubsite_service_prometheus_enabled: "{{ prometheus_enabled }}" -hubsite_service_prometheus_name: prometheus -hubsite_service_prometheus_url: "https://{{ prometheus_hostname }}{{ prometheus_path_prefix }}" -hubsite_service_prometheus_logo_location: "{{ role_path }}/assets/prometheus.png" -hubsite_service_prometheus_description: "Collect monitoring data" -hubsite_service_prometheus_priority: 1000 - # Radicale hubsite_service_radicale_enabled: "{{ radicale_enabled }}" hubsite_service_radicale_name: Radicale @@ -1397,8 +1389,6 @@ hubsite_service_list_auto: | + ([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else []) + - ([{'name': hubsite_service_prometheus_name, 'url': hubsite_service_prometheus_url, 'logo_location': hubsite_service_prometheus_logo_location, 'description': hubsite_service_prometheus_description, 'priority': hubsite_service_prometheus_priority}] if hubsite_service_prometheus_enabled else []) - + ([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else []) + ([{'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority}] if hubsite_service_uptime_kuma_enabled else []) From 7cc031e5e62eae6dbaa03c6d22ebb86eec355323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 14:50:35 +0100 Subject: [PATCH 20/61] Correct woordpecker hostname --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index c8a81a0..329561a 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1368,7 +1368,7 @@ hubsite_service_vaultwarden_priority: 1000 # Woodpecker CI hubsite_service_woodpecker_ci_enabled: "{{ woodpecker_ci_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI -hubsite_service_woodpecker_ci_url: "https://{{ woodpecker_ci_hostname }}{{ woodpecker_ci_path_prefix }}" +hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" hubsite_service_woodpecker_ci_description: "Securely access your passwords" hubsite_service_woodpecker_ci_priority: 1000 From 8ea629324603a7a4dd7563dc0aff81ac9766a7ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 25 Mar 2023 15:10:31 +0100 Subject: [PATCH 21/61] Add proper descriptions --- group_vars/mash_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 329561a..03b5dc4 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1272,7 +1272,7 @@ hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}" hubsite_service_adguard_home_name: Adguard Home hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}" hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png" -hubsite_service_adguard_home_description: "A DNS based adblocker" +hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking" hubsite_service_adguard_home_priority: 1000 # Docker Registry Browser @@ -1288,7 +1288,7 @@ hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}" hubsite_service_focalboard_name: Focalboard hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}" hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png" -hubsite_service_focalboard_description: "A git service" +hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana." hubsite_service_focalboard_priority: 1000 # Gitea @@ -1337,7 +1337,7 @@ hubsite_service_radicale_enabled: "{{ radicale_enabled }}" hubsite_service_radicale_name: Radicale hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}" hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png" -hubsite_service_radicale_description: "" +hubsite_service_radicale_description: "Sync contacts and calendars" hubsite_service_radicale_priority: 1000 # Syncthing @@ -1345,7 +1345,7 @@ hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}" hubsite_service_syncthing_name: Syncthing hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}" hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png" -hubsite_service_syncthing_description: "" +hubsite_service_syncthing_description: "Sync your files" hubsite_service_syncthing_priority: 1000 # Uptime Kuma @@ -1370,7 +1370,7 @@ hubsite_service_woodpecker_ci_enabled: "{{ woodpecker_ci_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" -hubsite_service_woodpecker_ci_description: "Securely access your passwords" +hubsite_service_woodpecker_ci_description: "Check you CI" hubsite_service_woodpecker_ci_priority: 1000 hubsite_service_list_auto: | From b7d2bebd1392daf4f9dfe13a9886abbc0bb57dd2 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 16:15:08 +0200 Subject: [PATCH 22/61] just roles - replace bash with sh --- justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/justfile b/justfile index 4d96b55..fd618e4 100644 --- a/justfile +++ b/justfile @@ -4,7 +4,7 @@ default: # Pulls external Ansible roles roles: - #!/usr/bin/env bash + #!/usr/bin/env sh set -euo pipefail if [ -x "$(command -v agru)" ]; then agru From 0a27d99b1ae81006f82385fa20df80509e27e7c4 Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 16:50:46 +0200 Subject: [PATCH 23/61] justfile - fix formatting --- justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/justfile b/justfile index fd618e4..bf4b02c 100644 --- a/justfile +++ b/justfile @@ -15,7 +15,7 @@ roles: # Updates requirements.yml if there are any new tags available. Requires agru update: - @agru -u + @agru -u # Runs ansible-lint against all roles in the playbook lint: From e87caadc2ad74430f26d4da142e1b3d7e6abb34c Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 25 Mar 2023 18:57:31 +0200 Subject: [PATCH 24/61] update swap role --- docs/services/system.md | 7 +------ requirements.yml | 2 +- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/services/system.md b/docs/services/system.md index 430f3e5..d8bb491 100644 --- a/docs/services/system.md +++ b/docs/services/system.md @@ -25,12 +25,7 @@ system_swap_enabled: true A swap file will be created in `/var/swap` (configured using the `system_swap_path` variable) and enabled in your `/etc/fstab` file. -By default, the swap file will have the following size: - -- on systems with `<= 2GB` of RAM, swap file size = `total RAM * 2` -- on systems with `> 2GB` of RAM, swap file size = `1GB` - -To avoid these calculations and set your own size explicitly, set the `system_swap_size` variable in megabytes, example (4gb): +By default, the swap file will have `1GB` size, but you can set the `system_swap_size` variable in megabytes, example (4gb): ```yaml system_swap_size: 4096 diff --git a/requirements.yml b/requirements.yml index 70f5cef..462d24e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -2,7 +2,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/swap.git - version: 843a0222b76a5ec361b35f31bf4dc872b6d7d54e + version: abfb18b6862108bbf24347500446203170324d7f - src: git+https://gitlab.com/etke.cc/roles/ssh.git version: 237adf859f9270db8a60e720bc4a58164806644e - src: git+https://gitlab.com/etke.cc/roles/fail2ban.git From a6550d6004cf4dffa878c6d4aa49b60a21b8849a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Mar 2023 19:18:41 +0200 Subject: [PATCH 25/61] Add some helpful AdGuard Home after-installation tips --- docs/services/adguard-home.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/services/adguard-home.md b/docs/services/adguard-home.md index db06e2b..2b87121 100644 --- a/docs/services/adguard-home.md +++ b/docs/services/adguard-home.md @@ -76,3 +76,10 @@ After installation, you can go to the AdGuard Home URL, as defined in `adguard_h As mentioned in the [URL](#url) section above, you may hit some annoyances when hosting under a subpath. The first time you visit the AdGuard Home pages, you'll go through a setup wizard **make sure to set the HTTP port to `3000`**. This is the in-container port that our Traefik setup expects and uses for serving the install wizard to begin with. If you go with the default (`80`), the web UI will stop working after the installation wizard completes. + +Things you should consider doing later: + +- increasing the per-client Rate Limit (from the default of `20`) in the **DNS server configuration** section in **Settings** -> **DNS Settings** +- enabling caching in the **DNS cache configuration** section in **Settings** -> **DNS Settings** +- adding additional blocklists by discovering them on [Firebog](https://firebog.net/) or other sources and importing them from **Filters** -> **DNS blocklists** +- reading the AdGuard Home [README](https://github.com/AdguardTeam/AdGuardHome/blob/master/README.md) and [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) From 51eeb1b1acc15303f579f0cff89ae54ef4799016 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 25 Mar 2023 19:24:16 +0200 Subject: [PATCH 26/61] Fix incorrect variable usage Related to https://github.com/mother-of-all-self-hosting/mash-playbook/pull/21 --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 03b5dc4..be647f6 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1366,7 +1366,7 @@ hubsite_service_vaultwarden_description: "Securely access your passwords" hubsite_service_vaultwarden_priority: 1000 # Woodpecker CI -hubsite_service_woodpecker_ci_enabled: "{{ woodpecker_ci_enabled }}" +hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" From 798b37d2fe0967065c9cc64f99a5c2816cf93925 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 26 Mar 2023 14:13:14 +0300 Subject: [PATCH 27/61] Remove shell configuration for better compatibility --- justfile | 1 - 1 file changed, 1 deletion(-) diff --git a/justfile b/justfile index bf4b02c..1cbbf60 100644 --- a/justfile +++ b/justfile @@ -5,7 +5,6 @@ default: # Pulls external Ansible roles roles: #!/usr/bin/env sh - set -euo pipefail if [ -x "$(command -v agru)" ]; then agru else From 651c2705e933c91eb0d147a5683bdc3f3d946c27 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 26 Mar 2023 15:51:44 +0300 Subject: [PATCH 28/61] Upgrade PeerTube (v5.1.0-0 -> v5.1.0-1) --- group_vars/mash_servers | 6 ++---- requirements.yml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index be647f6..efba2f6 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -777,7 +777,7 @@ peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base peertube_uid: "{{ mash_playbook_uid }}" peertube_gid: "{{ mash_playbook_gid }}" -peertube_container_additional_networks: | +peertube_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) @@ -800,10 +800,8 @@ peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secre peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}" -peertube_systemd_required_services_list: | +peertube_systemd_required_services_list_auto: | {{ - (['docker.service']) - + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else []) + ([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else []) diff --git a/requirements.yml b/requirements.yml index b9fe7a6..67828fd 100644 --- a/requirements.yml +++ b/requirements.yml @@ -77,7 +77,7 @@ version: v26.0.0-0 name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git - version: v5.1.0-0 + version: v5.1.0-1 name: peertube - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.43.0-0 From 330baf8993eb7e56c38b56700a841cba3a2841e9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 26 Mar 2023 17:13:57 +0300 Subject: [PATCH 29/61] Add NetBox service and redo Redis integration for PeerTube --- CHANGELOG.md | 11 ++ docs/running-multiple-instances.md | 210 ++++++++++++++++++++++++++++ docs/services/netbox.md | 211 +++++++++++++++++++++++++++++ docs/services/peertube.md | 147 +++++++++++++++++++- docs/services/redis.md | 13 +- docs/supported-services.md | 1 + group_vars/mash_servers | 64 ++++++++- requirements.yml | 3 + setup.yml | 2 + 9 files changed, 653 insertions(+), 9 deletions(-) create mode 100644 docs/running-multiple-instances.md create mode 100644 docs/services/netbox.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 2077f45..6a668a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-03-26 + +## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically + +As described in our [Redis](docs/services/redis.md) services docs, running a single instance of Redis to be used by multiple services is not a good practice. + +For this reason, we're no longer auto-wiring PeerTube to Redis. If you're running other services (which may require Redis in the future) on the same host, it's recommended that you follow the [Creating a Redis instance dedicated to PeerTube](docs/services/peertube.md#creating-a-redis-instance-dedicated-to-peertube) documentation. + +If you're only running PeerTube on a dedicated server (no other services that may need Redis) or you'd like to stick to what you've used until now (a single shared Redis instance), follow the [Using the shared Redis instance for PeerTube](docs/services/peertube.md#using-the-shared-redis-instance-for-peertube) documentation. + + # 2023-03-25 ## (Backward Compatibility Break) Docker no longer installed by default diff --git a/docs/running-multiple-instances.md b/docs/running-multiple-instances.md new file mode 100644 index 0000000..294bbd7 --- /dev/null +++ b/docs/running-multiple-instances.md @@ -0,0 +1,210 @@ +## Running multiple instances of the same service on the same host + +The way this playbook is structured, each Ansible role can only be invoked once and made to install one instance of the service it's responsible for. + +If you need multiple instances (of whichever service), you'll need some workarounds as described below. + +The example below focuses on hosting multiple [Redis](services/redis.md) instances, but you can apply it to hosting multiple instances or whole stacks of any kind. + +Let's say you're managing a host called `mash.example.com` which installs both [PeerTube](services/peertube.md) and [NetBox](services/netbox.md). Both of these services require a [Redis](services/redis.md) instance. If you simply add `redis_enabled: true` to your `mash.example.com` host's `vars.yml` file, you'd get a Redis instance (`mash-redis`), but it's just one instance. As described in our [Redis](services/redis.md) documentation, this is a security problem and potentially fragile as both services may try to read/write the same data and get in conflict with one another. + +We propose that you **don't** add `redis_enabled: true` to your main `mash.example.com` file, but do the following: + +## Re-do your inventory to add supplementary hosts + +Create multiple hosts in your inventory (`inventory/hosts`) which target the same server, like this: + +```ini +[mash_servers] +[mash_servers:children] +mash_example_com + +[mash_example_com] +mash.example.com-netbox-deps ansible_host=1.2.3.4 +mash.example.com-peertube-deps ansible_host=1.2.3.4 +mash.example.com ansible_host=1.2.3.4 +``` + +This creates a new group (called `mash_example_com`) which groups all 3 hosts: + +- (**new**) `mash.example.com-netbox-deps` - a new host, for your [NetBox](services/netbox.md) dependencies +- (**new**) `mash.example.com-peertube-deps` - a new host, for your [PeerTube](services/peertube.md) dependencies +- (old) `mash.example.com` - your regular inventory host + +When running Ansible commands later on, you can use the `-l` flag to limit which host to run them against. Here are a few examples: + +- `just install-all` - runs the [installation](installing.md) process on all hosts (3 hosts in this case) +- `just install-all -l mash_example_com` - runs the installation process on all hosts in the `mash_example_com` group (same 3 hosts as `just install-all` in this case) +- `just install-all -l mash.example.com-netbox-deps` - runs the installation process on the `mash.example.com-netbox-deps` host + + +## Adjust the configuration of the supplementary hosts to use a new "namespace" + +Multiple hosts targetting the same server as described above still causes conflicts, because services will use the same paths (e.g. `/mash/redis`) and service/container names (`mash-redis`) everywhere. + +To avoid conflicts, adjust the `vars.yml` file for the new hosts (`mash.example.com-netbox-deps` and `mash.example.com-peertube-deps`) +and set non-default and unique values in the `mash_playbook_service_identifier_prefix` and `mash_playbook_service_base_directory_name_prefix` variables. Examples below: + +`inventory/host_vars/mash.example.com-netbox-deps/vars.yml`: + +```yaml +--- + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-netbox-' +mash_playbook_service_base_directory_name_prefix: 'netbox-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## +``` + +`inventory/host_vars/mash.example.com-peertube-deps/vars.yml`: + +```yaml +--- + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-peertube-' +mash_playbook_service_base_directory_name_prefix: 'peertube-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## +``` + +The above configuration will create **2** Redis instances: + +- `mash-netbox-redis` with its base data path in `/mash/netbox-redis` +- `mash-peertube-redis` with its base data path in `/mash/peertube-redis` + +These instances reuse the `mash` user and group and the `/mash` data path, but are not in conflict with each other. + + +## Adjust the configuration of the base host + +Now that we've created separate Redis instances for both PeerTube and NetBox, we need to put them to use by editing the `vars.yml` file of the main host (the one that installs PeerTbue and NetBox) to wire them to their Redis instances. + +You'll need configuration (`inventory/host_vars/mash.example.com/vars.yml`) like this: + +```yaml +######################################################################## +# # +# netbox # +# # +######################################################################## + +netbox_enabled: true + +# Other NetBox configuration here + +# Point NetBox to its dedicated Redis instance +netbox_environment_variable_redis_host: mash-netbox-redis +netbox_environment_variable_redis_cache_host: mash-netbox-redis + +# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service) +netbox_systemd_required_services_list_custom: + - mash-netbox-redis.service + +# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis) +netbox_container_additional_networks_custom: + - mash-netbox-redis + +######################################################################## +# # +# /netbox # +# # +######################################################################## + + + +######################################################################## +# # +# peertube # +# # +######################################################################## + +# Other PeerTube configuration here + +# Point PeerTube to its dedicated Redis instance +peertube_config_redis_hostname: mash-peertube-redis + +# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service) +peertube_systemd_required_services_list_custom: + - "mash-peertube-redis.service" + +# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis) +peertube_container_additional_networks_custom: + - "mash-peertube-redis" + +######################################################################## +# # +# /peertube # +# # +######################################################################## +``` + + +## Questions & Answers + +**Can't I just use the same Redis instance for multiple services?** + +> You may or you may not. See the [Redis](services/redis.md) documentation for why you shouldn't do this. + +**Can't I just create one host and a separate stack for each service** (e.g. Nextcloud + all dependencies on one inventory host; PeerTube + all dependencies on another inventory host; with both inventory hosts targetting the same server)? + +> That's a possibility which is somewhat clean. The downside is that each "full stack" comes with its own Postgres database which needs to be maintained and upgraded separately. diff --git a/docs/services/netbox.md b/docs/services/netbox.md new file mode 100644 index 0000000..d023d81 --- /dev/null +++ b/docs/services/netbox.md @@ -0,0 +1,211 @@ +# NetBox + +[NetBox](https://docs.netbox.dev/en/stable/) is an open-source web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality. + + +## Dependencies + +This service requires the following other services: + +- a [Postgres](postgres.md) database +- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# netbox # +# # +######################################################################## + +netbox_enabled: true + +netbox_hostname: mash.example.com +netbox_path_prefix: /netbox + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +netbox_environment_variable_secret_key: '' + +# The following superuser will be created upon launch. +netbox_environment_variable_superuser_name: your_username_here +netbox_environment_variable_superuser_email: your.email@example.com +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way. +# Changing the password subsequently will not affect the user's password. +netbox_environment_variable_superuser_password: '' + +# Redis configuration, as described below + +######################################################################## +# # +# /netbox # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/netbox`. + +You can remove the `netbox_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + + +### Authentication + +If `netbox_environment_variable_superuser_*` variables are specified, NetBox will try to create the user (if missing). + + +### Redis + +As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox). + +If you're only running NetBox on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-netbox). + +#### Using the shared Redis instance for NetBox + +To install a single (non-dedicated) Redis instance (`mash-redis`) and hook NetBox to it, add the following **additional** configuration: + +```yaml +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## + + +######################################################################## +# # +# netbox # +# # +######################################################################## + +# Base configuration as shown above + +# Point NetBox to the shared Redis instance +netbox_config_redis_hostname: "{{ redis_identifier }}" + +# Make sure the NetBox service (mash-netbox.service) starts after the shared Redis service (mash-redis.service) +netbox_systemd_required_services_list_custom: + - "{{ redis_identifier }}.service" + +# Make sure the NetBox container is connected to the container network of the shared Redis service (mash-redis) +netbox_container_additional_networks_custom: + - "{{ redis_identifier }}" + +######################################################################## +# # +# /netbox # +# # +######################################################################## +``` + +This will create a `mash-redis` Redis instance on this host. + +This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to NetBox](#creating-a-redis-instance-dedicated-to-netbox). + + +#### Creating a Redis instance dedicated to NetBox + +The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. + +Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `netbox.example.com` is your main one, create `netbox.example.com-deps`). + +Then, create a new `vars.yml` file for the + +`inventory/host_vars/netbox.example.com-deps/vars.yml`: + +```yaml +--- + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-netbox-' +mash_playbook_service_base_directory_name_prefix: 'netbox-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## +``` + +This will create a `mash-netbox-redis` instance on this host with its data in `/mash/netbox-redis`. + +Then, adjust your main inventory host's variables file (`inventory/host_vars/netbox.example.com/vars.yml`) like this: + +```yaml +######################################################################## +# # +# netbox # +# # +######################################################################## + +# Base configuration as shown above + + +# Point NetBox to its dedicated Redis instance +netbox_environment_variable_redis_host: mash-netbox-redis +netbox_environment_variable_redis_cache_host: mash-netbox-redis + +# Make sure the NetBox service (mash-netbox.service) starts after its dedicated Redis service (mash-netbox-redis.service) +netbox_systemd_required_services_list_custom: + - "mash-netbox-redis.service" + +# Make sure the NetBox container is connected to the container network of its dedicated Redis service (mash-netbox-redis) +netbox_container_additional_networks_custom: + - "mash-netbox-redis" + +######################################################################## +# # +# /netbox # +# # +######################################################################## +``` + + +## Installation + +If you've decided to install a dedicated Redis instance for NetBox, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `netbox.example.com-deps`), before running installation for the main one (e.g. `netbox.example.com`). + + +## Usage + +After installation, you can go to the NetBox URL, as defined in `netbox_hostname` and `netbox_path_prefix`. + +You can log in with the **username** (**not** email) and password specified in the `netbox_environment_variable_superuser*` variables. diff --git a/docs/services/peertube.md b/docs/services/peertube.md index b7c0963..0d530c5 100644 --- a/docs/services/peertube.md +++ b/docs/services/peertube.md @@ -8,7 +8,7 @@ This service requires the following other services: - a [Postgres](postgres.md) database -- a [Redis](redis.md) data-store +- a [Redis](redis.md) data-store, installation details [below](#redis) - a [Traefik](traefik.md) reverse-proxy server @@ -47,6 +47,8 @@ peertube_config_root_user_initial_password: '' # Then, replace the example IP range below, and re-run the playbook. # peertube_trusted_proxies_values_custom: ["172.21.0.0/16"] +# Redis configuration, as described below + ######################################################################## # # # /peertube # @@ -58,6 +60,148 @@ In the example configuration above, we configure the service to be hosted at `ht Hosting PeerTube under a subpath (by configuring the `peertube_path_prefix` variable) does not seem to be possible right now, due to PeerTube limitations. +### Redis + +As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube). + +If you're only running PeerTube on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-peertube). + +#### Using the shared Redis instance for PeerTube + +To install a single (non-dedicated) Redis instance (`mash-redis`) and hook PeerTube to it, add the following **additional** configuration: + +```yaml +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## + + +######################################################################## +# # +# peertube # +# # +######################################################################## + +# Base configuration as shown above + +# Point PeerTube to the shared Redis instance +peertube_config_redis_hostname: "{{ redis_identifier }}" + +# Make sure the PeerTube service (mash-peertube.service) starts after the shared Redis service (mash-redis.service) +peertube_systemd_required_services_list_custom: + - "{{ redis_identifier }}.service" + +# Make sure the PeerTube container is connected to the container network of the shared Redis service (mash-redis) +peertube_container_additional_networks_custom: + - "{{ redis_identifier }}" + +######################################################################## +# # +# /peertube # +# # +######################################################################## +``` + +This will create a `mash-redis` Redis instance on this host. + +This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to PeerTube](#creating-a-redis-instance-dedicated-to-peertube). + + +#### Creating a Redis instance dedicated to PeerTube + +The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. + +Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `peertube.example.com` is your main one, create `peertube.example.com-deps`). + +Then, create a new `vars.yml` file for the + +`inventory/host_vars/peertube.example.com-deps/vars.yml`: + +```yaml +--- + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-peertube-' +mash_playbook_service_base_directory_name_prefix: 'peertube-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## +``` + +This will create a `mash-peertube-redis` instance on this host with its data in `/mash/peertube-redis`. + +Then, adjust your main inventory host's variables file (`inventory/host_vars/peertube.example.com/vars.yml`) like this: + +```yaml +######################################################################## +# # +# peertube # +# # +######################################################################## + +# Base configuration as shown above + +# Point PeerTube to its dedicated Redis instance +peertube_config_redis_hostname: mash-peertube-redis + +# Make sure the PeerTube service (mash-peertube.service) starts after its dedicated Redis service (mash-peertube-redis.service) +peertube_systemd_required_services_list_custom: + - "mash-peertube-redis.service" + +# Make sure the PeerTube container is connected to the container network of its dedicated Redis service (mash-peertube-redis) +peertube_container_additional_networks_custom: + - "mash-peertube-redis" + +######################################################################## +# # +# /peertube # +# # +######################################################################## +``` + + +## Installation + +If you've decided to install a dedicated Redis instance for PeerTube, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `peertube.example.com-deps`), before running installation for the main one (e.g. `peertube.example.com`). + ## Usage @@ -68,6 +212,7 @@ You should then be able to log in with: - username: `root` - password: the password you've set in `peertube_config_root_user_initial_password` in `vars.yml` + ## Adjusting the trusted reverse-proxy networks If you go to **Administration** -> **System** -> **Debug** (`/admin/system/debug`), you'll notice that PeerTube reports some local IP instead of your own IP address. diff --git a/docs/services/redis.md b/docs/services/redis.md index 2f7ebd0..9249ac9 100644 --- a/docs/services/redis.md +++ b/docs/services/redis.md @@ -4,12 +4,19 @@ Some of the services installed by this playbook require a Redis data store. -Enabling the Redis database service will automatically wire all other services to use it. +**Warning**: Because Redis is not as flexible as [Postgres](postgres.md) when it comes to authentication and data separation, it's **recommended that you run separate Redis instances** (one for each service). Redis supports multiple database and a [SELECT](https://redis.io/commands/select/) command for switching between them. However, **reusing the same Redis instance is not good enough** because: + +- if all services use the same Redis instance and database (id = 0), services may conflict with one another +- the number of databases is limited to [16 by default](https://github.com/redis/redis/blob/aa2403ca98f6a39b6acd8373f8de1a7ba75162d5/redis.conf#L376-L379), which may or may not be enough. With configuration changes, this is solveable. +- some services do not support switching the Redis database and always insist on using the default one (id = 0) +- Redis [does not support different authentication credentials for its different databases](https://stackoverflow.com/a/37262596), so each service can potentially read and modify other services' data + +If you're only hosting a single service (like [PeerTube](peertube.md) or [NetBox](netbox.md)) on your server, you can get away with running a single instance. If you're hosting multiple services, you should prepare separate instances for each service. ## Configuration -To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process to **host a single instance of the Redis service**: ```yaml ######################################################################## @@ -26,3 +33,5 @@ redis_enabled: true # # ######################################################################## ``` + +To **host multiple instances of the Redis service**, follow the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation or the **Redis** section (if available) of the service you're installing. diff --git a/docs/supported-services.md b/docs/supported-services.md index d677479..a9f95a4 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -15,6 +15,7 @@ | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | +| [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) | | [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index efba2f6..0e628c9 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -95,6 +95,12 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else []) + + ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) + + + ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) + + + ([{'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']}] if netbox_enabled else []) + + ([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else []) + ([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else []) @@ -188,6 +194,12 @@ devture_postgres_managed_databases_auto: | 'password': redmine_database_password, }] if redmine_enabled else []) + + ([{ + 'name': netbox_database_name, + 'username': netbox_database_username, + 'password': netbox_database_password, + }] if netbox_enabled else []) + + ([{ 'name': nextcloud_database_name, 'username': nextcloud_database_username, @@ -762,6 +774,52 @@ nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) +######################################################################## +# # +# netbox # +# # +######################################################################## + +netbox_enabled: false + +netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox" + +netbox_uid: "{{ mash_playbook_uid }}" +netbox_gid: "{{ mash_playbook_gid }}" + +netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox" + +netbox_systemd_required_services_list_auto: | + {{ + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) + }} + +netbox_container_additional_networks_auto: | + {{ + ( + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else []) + ) | unique + }} + +netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}" + +######################################################################## +# # +# /netbox # +# # +######################################################################## + + + ######################################################################## # # # peertube # @@ -783,8 +841,6 @@ peertube_container_additional_networks_auto: | ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else []) - + - ([redis_container_network] if peertube_config_redis_hostname == redis_identifier else []) ) | unique }} @@ -798,13 +854,9 @@ peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }} peertube_config_database_username: peertube peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}" -peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}" - peertube_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else []) - + - ([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else []) }} ######################################################################## diff --git a/requirements.yml b/requirements.yml index 67828fd..e4e6196 100644 --- a/requirements.yml +++ b/requirements.yml @@ -73,6 +73,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git version: v1.19.0-0 name: gitea +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git + version: v3.4.6-2.5.1-0 + name: netbox - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git version: v26.0.0-0 name: nextcloud diff --git a/setup.yml b/setup.yml index 4638758..273ed24 100644 --- a/setup.yml +++ b/setup.yml @@ -74,6 +74,8 @@ - role: galaxy/hubsite + - role: galaxy/netbox + - role: galaxy/nextcloud - role: galaxy/peertube From 433df3cfffa5107ba25685cf772f8d054ef4a470 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 27 Mar 2023 17:13:45 +0300 Subject: [PATCH 30/61] update uptime-kuma 1.21.0 -> 1.21.1 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e4e6196..299acf8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ - src: git+https://gitlab.com/etke.cc/roles/radicale.git version: v3.1.8.1-2 - src: git+https://gitlab.com/etke.cc/roles/uptime_kuma.git - version: v1.21.0-0 + version: v1.21.1-0 - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.0.10-0 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git From 2d69737ebd764d26f137906988e0c27abe0d8f93 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 09:20:07 +0300 Subject: [PATCH 31/61] Upgrade PeerTube (v5.1.0-1 -> v5.1.0-2) This main adds support for installing plugins via the web UI. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 299acf8..0743398 100644 --- a/requirements.yml +++ b/requirements.yml @@ -80,7 +80,7 @@ version: v26.0.0-0 name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git - version: v5.1.0-1 + version: v5.1.0-2 name: peertube - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.43.0-0 From c85146ba788718b7581d907e45d69deaf0aafb27 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 10:27:36 +0300 Subject: [PATCH 32/61] Add Keycloak service --- docs/services/keycloak.md | 61 ++++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + group_vars/mash_servers | 56 ++++++++++++++++++++++++++++++++-- requirements.yml | 3 ++ setup.yml | 2 ++ 5 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 docs/services/keycloak.md diff --git a/docs/services/keycloak.md b/docs/services/keycloak.md new file mode 100644 index 0000000..7e5e235 --- /dev/null +++ b/docs/services/keycloak.md @@ -0,0 +1,61 @@ +# Keycloak + +[Keycloak](https://keycloak.net/) is an open source identity and access management solution. + +**Warning**: this service is a new addition to the playbook. It may not fully work or be configured in a suboptimal manner. + + +## Dependencies + +This service requires the following other services: + +- a [Postgres](postgres.md) database +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# keycloak # +# # +######################################################################## + +keycloak_enabled: true + +keycloak_hostname: mash.example.com +keycloak_path_prefix: /keycloak + +keycloak_environment_variable_keycloak_admin: your_username_here +# Generating a strong password (e.g. `pwgen -s 64 1`) is recommended +keycloak_environment_variable_keycloak_admin_password: '' + +######################################################################## +# # +# /keycloak # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/keycloak`. + +You can remove the `keycloak_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + +### Authentication + +On first start, the admin user account will be created as defined with the `keycloak_environment_variable_keycloak_admin` and `keycloak_environment_variable_keycloak_admin_password` variables. + +On each start after that, Keycloak will attempt to create the user again and report a non-fatal error (Keycloak will continue running). + +Subsequent changes to the password will not affect an existing user's password. + +## Usage + +After installation, you can go to the Keycloak URL, as defined in `keycloak_hostname` and `keycloak_path_prefix` and log in as described in [Authentication](#authentication). + +Follow the [Keycloak documentation](https://www.keycloak.org/documentation) or other guides for learning how to use Keycloak. diff --git a/docs/supported-services.md b/docs/supported-services.md index a9f95a4..1a36de1 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -14,6 +14,7 @@ | [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | +| [Keycloak](https://keycloak.net/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 0e628c9..2490530 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -95,6 +95,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else []) + + ([{'name': (keycloak_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'keycloak']}] if keycloak_enabled else []) + + + ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) + + ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) + ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) @@ -105,8 +109,6 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else []) + - ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) - + ([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else []) + ([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else []) @@ -182,6 +184,12 @@ devture_postgres_managed_databases_auto: | 'password': devture_woodpecker_ci_server_database_datasource_password, }] if devture_woodpecker_ci_server_enabled else []) + + ([{ + 'name': keycloak_database_name, + 'username': keycloak_database_username, + 'password': keycloak_database_password, + }] if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else []) + + ([{ 'name': miniflux_database_name, 'username': miniflux_database_username, @@ -682,6 +690,50 @@ grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResol +######################################################################## +# # +# keycloak # +# # +######################################################################## + +keycloak_enabled: false + +keycloak_identifier: "{{ mash_playbook_service_identifier_prefix }}keycloak" + +keycloak_uid: "{{ mash_playbook_uid }}" +keycloak_gid: "{{ mash_playbook_gid }}" + +keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keycloak" + +keycloak_systemd_required_systemd_services_list_auto: | + {{ + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else []) + }} + +keycloak_container_additional_networks_auto: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else []) + }} + +keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" +keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" +keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}" + +######################################################################## +# # +# /keycloak # +# # +######################################################################## + + + ######################################################################## # # # miniflux # diff --git a/requirements.yml b/requirements.yml index 0743398..2762faa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -73,6 +73,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gitea.git version: v1.19.0-0 name: gitea +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git + version: v21.0.1-0 + name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git version: v3.4.6-2.5.1-0 name: netbox diff --git a/setup.yml b/setup.yml index 273ed24..78904fe 100644 --- a/setup.yml +++ b/setup.yml @@ -70,6 +70,8 @@ - role: galaxy/grafana + - role: galaxy/keycloak + - role: galaxy/miniflux - role: galaxy/hubsite From 28d15a6af306cd8294bea46f7664f2f2ae4cbd7f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 10:29:41 +0300 Subject: [PATCH 33/61] Upgrade Keycloak (v21.0.1-0 -> v21.0.1-1) and fix URLs --- docs/services/keycloak.md | 2 +- docs/supported-services.md | 2 +- requirements.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/services/keycloak.md b/docs/services/keycloak.md index 7e5e235..3d29ee5 100644 --- a/docs/services/keycloak.md +++ b/docs/services/keycloak.md @@ -1,6 +1,6 @@ # Keycloak -[Keycloak](https://keycloak.net/) is an open source identity and access management solution. +[Keycloak](https://www.keycloak.org/) is an open source identity and access management solution. **Warning**: this service is a new addition to the playbook. It may not fully work or be configured in a suboptimal manner. diff --git a/docs/supported-services.md b/docs/supported-services.md index 1a36de1..5b173b8 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -14,7 +14,7 @@ | [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | -| [Keycloak](https://keycloak.net/) | An open source identity and access management solution. | [Link](services/keycloak.md) | +| [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | diff --git a/requirements.yml b/requirements.yml index 2762faa..f5fa1e0 100644 --- a/requirements.yml +++ b/requirements.yml @@ -74,7 +74,7 @@ version: v1.19.0-0 name: gitea - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git - version: v21.0.1-0 + version: v21.0.1-1 name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git version: v3.4.6-2.5.1-0 From 2d94dc1e00db93aa1e60db814f93dd98b6038ddd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 10:52:00 +0300 Subject: [PATCH 34/61] Upgrade com.devture.ansible.role.systemd_service_manager --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index f5fa1e0..2a8715a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git version: v2.9.9-0 - src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git - version: 6ccb88ac5fc27e1e70afcd48278ade4b564a9096 + version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 - src: git+https://github.com/devture/com.devture.ansible.role.woodpecker_ci_server.git From dbf84d1249d94d8009063edf16f56ad28c794315 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 10:52:48 +0300 Subject: [PATCH 35/61] Always restart services one by one when doing install-service This way, something like `just install-service postgres` will definitely do a `restart` and not a `stop` + `start` (which may leave dependant services stopped). This has potentially been addressed by https://github.com/devture/com.devture.ansible.role.systemd_service_manager/commit/7acb5f4b85de1a7009b149f5b6ee3a6eef203047 as well. --- justfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/justfile b/justfile index 1cbbf60..74f4d33 100644 --- a/justfile +++ b/justfile @@ -25,7 +25,10 @@ install-all *extra_args: (run-tags "install-all,start" extra_args) # Runs installation tasks for a single service install-service service *extra_args: - just --justfile {{ justfile() }} run --tags=install-{{ service }},start-group --extra-vars=group={{ service }} {{ extra_args }} + just --justfile {{ justfile() }} run \ + --tags=install-{{ service }},start-group \ + --extra-vars=group={{ service }} \ + --extra-vars=devture_systemd_service_manager_service_restart_mode=one-by-one {{ extra_args }} # Runs the playbook with --tags=setup-all,start and optional arguments setup-all *extra_args: (run-tags "setup-all,start" extra_args) From de10454359d7c25ea454ef06700e0efcdfd9db25 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 10:54:18 +0300 Subject: [PATCH 36/61] Add justfile to .editorconfig --- .editorconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.editorconfig b/.editorconfig index de8516e..cc806b2 100644 --- a/.editorconfig +++ b/.editorconfig @@ -23,6 +23,10 @@ indent_size = 2 indent_style = space indent_size = 2 +[justfile] +indent_style = space +indent_size = 4 + # Markdown Files # # Two spaces at the end of a line in Markdown mean "new line", From a900cfd650d4d98bf361bd95c220f0efc29f3670 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 12:24:00 +0300 Subject: [PATCH 37/61] Upgrade Grafana (v9.4.7-0 -> v9.4.7-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 2a8715a..69408f3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -36,7 +36,7 @@ - src: git+https://gitlab.com/etke.cc/roles/miniflux.git version: v2.0.43-2 - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v9.4.7-0 + version: v9.4.7-1 - src: git+https://gitlab.com/etke.cc/roles/radicale.git version: v3.1.8.1-2 - src: git+https://gitlab.com/etke.cc/roles/uptime_kuma.git From 9c0edad5b94559ae962c6159d5f2943fa6ed0f55 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 28 Mar 2023 16:02:22 +0300 Subject: [PATCH 38/61] add Soft Serve --- docs/services/soft-serve.md | 30 ++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + group_vars/mash_servers | 26 ++++++++++++++++++++++++++ requirements.yml | 2 ++ setup.yml | 2 ++ 5 files changed, 61 insertions(+) create mode 100644 docs/services/soft-serve.md diff --git a/docs/services/soft-serve.md b/docs/services/soft-serve.md new file mode 100644 index 0000000..2838361 --- /dev/null +++ b/docs/services/soft-serve.md @@ -0,0 +1,30 @@ +# Soft Serve + +This playbook can configure [Soft Serve](https://github.com/charmbracelet/soft-serve). + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# soft-serve # +# # +######################################################################## + +soft_serve_enabled: true +soft_serve_hostname: mash.example.com # an URL Soft Serve will advertise +soft_serve_container_bind_port: 2222 # Expose Soft Serve's port. For git servers the usual git-over-ssh port is 22 +soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE + +######################################################################## +# # +# /soft-serve # +# # +######################################################################## +``` + +## Usage + +After you've installed Soft Serve, you can `ssh your-user@mash.example.com -p 2222` with the ssh key you defined in `soft_serve_initial_admin_key` to see TUI and follow the instructions to configure Soft Serve further. diff --git a/docs/supported-services.md b/docs/supported-services.md index 5b173b8..381a0d7 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -27,6 +27,7 @@ | [Radicale](https://radicale.org/) | A Free and Open-Source CalDAV and CardDAV Server (solution for hosting contacts and calendars) | [Link](services/radicale.md) | | [Redmine](https://redmine.org/) | A flexible project management web application. | [Link](services/redmine.md) | | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) | +| [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable Git server for the command line | [Link](services/soft-serve.md) | | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) | | [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) | | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 2490530..18de9c8 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -123,6 +123,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else []) + + ([{'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']}] if soft_serve_enabled else []) + + ([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else []) + ([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else []) @@ -1133,6 +1135,30 @@ redis_gid: "{{ mash_playbook_gid }}" + +######################################################################## +# # +# soft-serve # +# # +######################################################################## + +soft_serve_enabled: false + +soft_serve_identifier: "{{ mash_playbook_service_identifier_prefix }}soft-serve" + +soft_serve_uid: "{{ mash_playbook_uid }}" +soft_serve_gid: "{{ mash_playbook_gid }}" + +soft_serve_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}soft-serve" + +######################################################################## +# # +# /soft-serve # +# # +######################################################################## + + + ######################################################################## # # # syncthing # diff --git a/requirements.yml b/requirements.yml index 69408f3..1ba4214 100644 --- a/requirements.yml +++ b/requirements.yml @@ -49,6 +49,8 @@ version: v0.23.0-3 - src: git+https://gitlab.com/etke.cc/roles/redmine.git version: v5.0.5-1 +- src: git+https://gitlab.com/etke.cc/roles/soft_serve.git + version: v0.4.6-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git version: v0.107.26-0 name: adguard_home diff --git a/setup.yml b/setup.yml index 78904fe..f35d358 100644 --- a/setup.yml +++ b/setup.yml @@ -92,6 +92,8 @@ - role: galaxy/redis + - role: galaxy/soft_serve + - role: galaxy/syncthing - role: galaxy/vaultwarden From a30c09ada19b172f016c5865c1666ce05468b7e2 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 28 Mar 2023 16:11:58 +0300 Subject: [PATCH 39/61] soft-serve: fix comments --- docs/services/soft-serve.md | 4 +++- requirements.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/services/soft-serve.md b/docs/services/soft-serve.md index 2838361..fa29b02 100644 --- a/docs/services/soft-serve.md +++ b/docs/services/soft-serve.md @@ -14,7 +14,9 @@ To enable this service, add the following configuration to your `vars.yml` file ######################################################################## soft_serve_enabled: true -soft_serve_hostname: mash.example.com # an URL Soft Serve will advertise +# The hostname of this system. +# It will be used for generating git clone URLs (e.g. ssh://mash.example.com/repository.git) +soft_serve_hostname: mash.example.com soft_serve_container_bind_port: 2222 # Expose Soft Serve's port. For git servers the usual git-over-ssh port is 22 soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE diff --git a/requirements.yml b/requirements.yml index 1ba4214..c9a6946 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,7 +50,7 @@ - src: git+https://gitlab.com/etke.cc/roles/redmine.git version: v5.0.5-1 - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git - version: v0.4.6-0 + version: v0.4.6-1 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git version: v0.107.26-0 name: adguard_home From 5b9800e70ba5440d5b1c9b918bd42112d26142dd Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 28 Mar 2023 16:40:35 +0300 Subject: [PATCH 40/61] soft-serve: add note --- docs/services/soft-serve.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/services/soft-serve.md b/docs/services/soft-serve.md index fa29b02..bfb6467 100644 --- a/docs/services/soft-serve.md +++ b/docs/services/soft-serve.md @@ -18,7 +18,7 @@ soft_serve_enabled: true # It will be used for generating git clone URLs (e.g. ssh://mash.example.com/repository.git) soft_serve_hostname: mash.example.com soft_serve_container_bind_port: 2222 # Expose Soft Serve's port. For git servers the usual git-over-ssh port is 22 -soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE +soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE # This key will be able to authenticate with ANY user until you configure Soft Serve ######################################################################## # # @@ -30,3 +30,5 @@ soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE ## Usage After you've installed Soft Serve, you can `ssh your-user@mash.example.com -p 2222` with the ssh key you defined in `soft_serve_initial_admin_key` to see TUI and follow the instructions to configure Soft Serve further. + +Note that you have to [finish the configuration yourself](https://github.com/charmbracelet/soft-serve#configuration), otherwise any user with `soft_serve_initial_admin_key` will work as admin. From a513f0421554a83ad043a918a2530ef8c4b0ee12 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 16:47:07 +0300 Subject: [PATCH 41/61] Update soft-serve.md --- docs/services/soft-serve.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/services/soft-serve.md b/docs/services/soft-serve.md index bfb6467..117e0a5 100644 --- a/docs/services/soft-serve.md +++ b/docs/services/soft-serve.md @@ -1,6 +1,6 @@ # Soft Serve -This playbook can configure [Soft Serve](https://github.com/charmbracelet/soft-serve). +[Soft Serve](https://github.com/charmbracelet/soft-serve) is a tasty, self-hostable [Git](https://git-scm.com/) server for the command line. ## Configuration @@ -14,11 +14,16 @@ To enable this service, add the following configuration to your `vars.yml` file ######################################################################## soft_serve_enabled: true + # The hostname of this system. # It will be used for generating git clone URLs (e.g. ssh://mash.example.com/repository.git) soft_serve_hostname: mash.example.com -soft_serve_container_bind_port: 2222 # Expose Soft Serve's port. For git servers the usual git-over-ssh port is 22 -soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE # This key will be able to authenticate with ANY user until you configure Soft Serve + +# Expose Soft Serve's port. For git servers the usual git-over-ssh port is 22 +soft_serve_container_bind_port: 2222 + +# This key will be able to authenticate with ANY user until you configure Soft Serve +soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE ######################################################################## # # @@ -29,6 +34,6 @@ soft_serve_initial_admin_key: YOUR PUBLIC SSH KEY HERE # This key will be able t ## Usage -After you've installed Soft Serve, you can `ssh your-user@mash.example.com -p 2222` with the ssh key you defined in `soft_serve_initial_admin_key` to see TUI and follow the instructions to configure Soft Serve further. +After you've installed Soft Serve, you can `ssh your-user@mash.example.com -p 2222` with the SSH key defined in `soft_serve_initial_admin_key` to see its [TUI](https://en.wikipedia.org/wiki/Text-based_user_interface) and follow the instructions to configure Soft Serve further. -Note that you have to [finish the configuration yourself](https://github.com/charmbracelet/soft-serve#configuration), otherwise any user with `soft_serve_initial_admin_key` will work as admin. +Note that you have to [finish the configuration yourself](https://github.com/charmbracelet/soft-serve#configuration), otherwise any user with `soft_serve_initial_admin_key` will work as an admin. From cf5019aac34da0e01734d284acca34c7b228c0d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 16:48:03 +0300 Subject: [PATCH 42/61] Update supported-services.md --- docs/supported-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/supported-services.md b/docs/supported-services.md index 381a0d7..c80d2ea 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -11,7 +11,7 @@ | [Docker Registry Purger](https://github.com/devture/docker-registry-purger) | A small tool used for purging a private Docker Registry's old tags | [Link](services/docker-registry-purger.md) | | [Focalboard](https://www.focalboard.com/) | An open source, self-hosted alternative to [Trello](https://trello.com/), [Notion](https://www.notion.so/), and [Asana](https://asana.com/). | [Link](services/focalboard.md) | | [Firezone](https://www.firezone.dev/) | A self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with a Web UI | [Link](services/firezone.md) | -| [Gitea](https://gitea.io/) | A painless self-hosted Git service. | [Link](services/gitea.md) | +| [Gitea](https://gitea.io/) | A painless self-hosted [Git](https://git-scm.com/) service. | [Link](services/gitea.md) | | [Grafana](https://grafana.com/) | An open and composable observability and data visualization platform, often used with [Prometheus](services/prometheus.md) | [Link](services/grafana.md) | | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | @@ -27,7 +27,7 @@ | [Radicale](https://radicale.org/) | A Free and Open-Source CalDAV and CardDAV Server (solution for hosting contacts and calendars) | [Link](services/radicale.md) | | [Redmine](https://redmine.org/) | A flexible project management web application. | [Link](services/redmine.md) | | [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) | -| [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable Git server for the command line | [Link](services/soft-serve.md) | +| [Soft Serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable [Git](https://git-scm.com/) server for the command line | [Link](services/soft-serve.md) | | [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) | | [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) | | [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) | From 19cca0e840454d48a1b58b733d1c7fc08b601391 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Mar 2023 19:40:15 +0300 Subject: [PATCH 43/61] Fix alignment --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 18de9c8..22eb40c 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -775,7 +775,7 @@ miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) ######################################################################## # # -# /miniflux # +# /miniflux # # # ######################################################################## From 3330f6cfd601daa0c2e4c737d9260b0ede86fc99 Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 28 Mar 2023 20:11:55 +0300 Subject: [PATCH 44/61] update soft-serve 0.4.6 -> 0.4.7 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index c9a6946..7b58b8e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,7 +50,7 @@ - src: git+https://gitlab.com/etke.cc/roles/redmine.git version: v5.0.5-1 - src: git+https://gitlab.com/etke.cc/roles/soft_serve.git - version: v0.4.6-1 + version: v0.4.7-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git version: v0.107.26-0 name: adguard_home From daebb695d5bbd622e7faf21521cc88a756c017bd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 09:22:40 +0300 Subject: [PATCH 45/61] Upgrade Vaultwarden (v1.27.0-2 -> v1.28.0-0) Fixes https://github.com/mother-of-all-self-hosting/mash-playbook/issues/25 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7b58b8e..87d4d8a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -94,7 +94,7 @@ version: v1.23.2-0 name: syncthing - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git - version: v1.27.0-2 + version: v1.28.0-0 name: vaultwarden - src: git+https://github.com/moan0s/hubsite.git version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe From e5ab7b671629b9fa9bc4da1199ae3ad24a19b57a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 10:22:20 +0300 Subject: [PATCH 46/61] Upgrade Syncthing (v1.23.2-0 -> v1.23.2-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 87d4d8a..d492f67 100644 --- a/requirements.yml +++ b/requirements.yml @@ -91,7 +91,7 @@ version: v2.43.0-0 name: prometheus - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-syncthing.git - version: v1.23.2-0 + version: v1.23.2-1 name: syncthing - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git version: v1.28.0-0 From b1bf911072988693755f8b8e4cbeb22e37dba3ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 10:02:55 +0200 Subject: [PATCH 47/61] Add migration guide --- docs/services/gotosocial.md | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index f93f941..5670cb7 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -38,3 +38,41 @@ docker exec -it mash-gotosocial /gotosocial/gotosocial admin account demote --us to demote a user from admin to normal user. Refer to the [great official documentation](https://docs.gotosocial.org/en/latest/) for more information on GoToSocial. + + +## Migrate an existing instance + +The following assumes you want to migrate from `serverA` to `serverB` (managed by mash) but you just cave to adjust the copy commands if you are on the same server. + +Stop the initial instance on `serverA` + +```bash +serverA$ systemctl stop gotosocial +``` + +Dump the database (depending on your existing setup you might have to adjust this) +``` +serverA$ pg_dump gotosocial > latest.sql +``` + +Copy the files to the new server + +```bash +serverA$ rsync -av -e "ssh" latest.sql root@serverB:/mash/gotosocial/ +serverA$ rsync -av -e "ssh" data/* root@serverB:/mash/gotosocial/data/ +``` + +Install (but don't start) the service and database on the server. + +```bash +yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all +yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial +``` + +Start the services on the new server + +```bash +yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all +``` + +Done 🥳 From bd98a52f6808bea75050458924f4806fb09df6de Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 11:42:39 +0300 Subject: [PATCH 48/61] Add Navidrome support --- docs/services/navidrome.md | 141 +++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + group_vars/mash_servers | 35 +++++++++ requirements.yml | 3 + setup.yml | 2 + 5 files changed, 182 insertions(+) create mode 100644 docs/services/navidrome.md diff --git a/docs/services/navidrome.md b/docs/services/navidrome.md new file mode 100644 index 0000000..5703aa5 --- /dev/null +++ b/docs/services/navidrome.md @@ -0,0 +1,141 @@ +# Navidrome + +[Navidrome](https://www.navidrome.org/) is a [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server. + + +## Dependencies + +This service requires the following other services: + +- a [Traefik](traefik.md) reverse-proxy server + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# navidrome # +# # +######################################################################## + +navidrome_enabled: true + +navidrome_hostname: mash.example.com +navidrome_path_prefix: /navidrome + +# By default, Navidrome will look at the /music directory for music files, +# controlled by the `navidrome_environment_variable_nd_musicfolder` variable. +# +# You'd need to mount some music directory into the Navidrome container, like shown below. +# The "Syncthing integration" section below may be relevant. +# navidrome_container_additional_volumes: +# - type: bind +# src: /on-host/path/to/music +# dst: /music +# options: readonly + +######################################################################## +# # +# /navidrome # +# # +######################################################################## +``` + +### URL + +In the example configuration above, we configure the service to be hosted at `https://mash.example.com/navidrome`. + +You can remove the `navidrome_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`. + +### Authentication + +On first use (see [Usage](#usage) below), you'll be asked to create the first administrator user. + +You can create additional users from the web UI after that. + +### Syncthing integration + +If you've got a [Syncthing](syncthing.md) service running, you can use it to synchronize your music directory onto the server and then mount it as read-only into the Navidrome container. + +We recommend that you make use of the [aux](aux.md) role to create some shared directory like this: + +```yaml +######################################################################## +# # +# aux # +# # +######################################################################## + +aux_directory_definitions: + - dest: "{{ mash_playbook_base_path }}/storage" + - dest: "{{ mash_playbook_base_path }}/storage/music" + +######################################################################## +# # +# /aux # +# # +######################################################################## +``` + +You can then mount this `{{ mash_playbook_base_path }}/storage/music` directory into the Syncthing container and synchronize it with some other computer: + +```yaml +######################################################################## +# # +# syncthing # +# # +######################################################################## + +# Other Syncthing configuration.. + +syncthing_container_additional_volumes: + - type: bind + src: "{{ mash_playbook_base_path }}/storage/music" + dst: /music + +######################################################################## +# # +# /syncthing # +# # +######################################################################## +``` + +Finally, mount the `{{ mash_playbook_base_path }}/storage/music` directory into the Navidrome container as read-only: + +```yaml +######################################################################## +# # +# navidrome # +# # +######################################################################## + +# Other Navidrome configuration.. + +navidrome_container_additional_volumes: + - type: bind + src: "{{ mash_playbook_base_path }}/storage/music" + dst: /music + options: readonly + +######################################################################## +# # +# /navidrome # +# # +######################################################################## +``` + +## Usage + +After installation, you can go to the Navidrome URL, as defined in `navidrome_hostname` and `navidrome_path_prefix`. + +As mentioned in [Authentication](#authentication) above, you'll be asked to create the first administrator user the first time you open the web UI. + +You can also connect various Subsonic-API-compatible [apps](https://www.navidrome.org/docs/overview/#apps) (desktop, web, mobile) to your Navidrome instance. + + +## Recommended other services + +- [Syncthing](syncthing.md) - a continuous file synchronization program which synchronizes files between two or more computers in real time. See [Syncthing integration](#syncthing-integration) diff --git a/docs/supported-services.md b/docs/supported-services.md index c80d2ea..4cbb949 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -16,6 +16,7 @@ | [Hubsite](https://github.com/moan0s/hubsite) | A simple, static site that shows an overview of the available services | [Link](services/hubsite.md) | | [Keycloak](https://www.keycloak.org/) | An open source identity and access management solution. | [Link](services/keycloak.md) | | [Miniflux](https://miniflux.app/) | Minimalist and opinionated feed reader. | [Link](services/miniflux.md) | +| [Navidrome](https://www.navidrome.org/) | [Subsonic-API](http://www.subsonic.org/pages/api.jsp) compatible music server | [Link](services/navidrome.md) | [NetBox](https://docs.netbox.dev/en/stable/) | Web application that provides [IP address management (IPAM)](https://en.wikipedia.org/wiki/IP_address_management) and [data center infrastructure management (DCIM)](https://en.wikipedia.org/wiki/Data_center_management#Data_center_infrastructure_management) functionality | [Link](services/netbox.md) | | [Nextcloud](https://nextcloud.com/) | The most popular self-hosted collaboration solution for tens of millions of users at thousands of organizations across the globe. | [Link](services/nextcloud.md) | | [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) | diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 22eb40c..b5cc364 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -99,6 +99,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) + + ([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else []) + + ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) + ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) @@ -781,6 +783,39 @@ miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) +######################################################################## +# # +# navidrome # +# # +######################################################################## + +navidrome_enabled: false + +navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome" + +navidrome_uid: "{{ mash_playbook_uid }}" +navidrome_gid: "{{ mash_playbook_gid }}" + +navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome" + +navidrome_container_additional_networks_auto: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + }} + +navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +######################################################################## +# # +# /navidrome # +# # +######################################################################## + + + ######################################################################## # # # nextcloud # diff --git a/requirements.yml b/requirements.yml index d492f67..b79a621 100644 --- a/requirements.yml +++ b/requirements.yml @@ -78,6 +78,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keycloak.git version: v21.0.1-1 name: keycloak +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-navidrome.git + version: v0.49.3-0 + name: navidrome - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git version: v3.4.6-2.5.1-0 name: netbox diff --git a/setup.yml b/setup.yml index f35d358..45f36f2 100644 --- a/setup.yml +++ b/setup.yml @@ -76,6 +76,8 @@ - role: galaxy/hubsite + - role: galaxy/navidrome + - role: galaxy/netbox - role: galaxy/nextcloud From 5e7ab98e025dab3b21a5a6f2020bddc00cd9a868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 10:54:51 +0200 Subject: [PATCH 49/61] Correct command tag --- docs/services/gotosocial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index 5670cb7..ae93152 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -72,7 +72,7 @@ yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/ma Start the services on the new server ```bash -yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all +yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=start ``` Done 🥳 From c3ac6200a98857296ed5979bb96b9e4f065127db Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 14:14:29 +0300 Subject: [PATCH 50/61] Upgrade Nextcloud (v26.0.0-0 -> v26.0.0-1) --- group_vars/mash_servers | 6 ++---- requirements.yml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index b5cc364..be91cb0 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -831,14 +831,12 @@ nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_gid: "{{ mash_playbook_gid }}" -nextcloud_systemd_required_systemd_services_list: | +nextcloud_systemd_required_systemd_services_list_auto: | {{ - (['docker.service']) - + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} -nextcloud_container_additional_networks: | +nextcloud_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + diff --git a/requirements.yml b/requirements.yml index b79a621..b20d641 100644 --- a/requirements.yml +++ b/requirements.yml @@ -85,7 +85,7 @@ version: v3.4.6-2.5.1-0 name: netbox - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-nextcloud.git - version: v26.0.0-0 + version: v26.0.0-1 name: nextcloud - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-peertube.git version: v5.1.0-2 From ea0ab44b876b4b4fc5f8918be666ca158f7b6e3a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 14:20:18 +0300 Subject: [PATCH 51/61] Upgrade Navidrome (v0.49.3-0 -> v0.49.3-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index b20d641..f98f2eb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -79,7 +79,7 @@ version: v21.0.1-1 name: keycloak - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-navidrome.git - version: v0.49.3-0 + version: v0.49.3-1 name: navidrome - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-netbox.git version: v3.4.6-2.5.1-0 From f6cc08b33e294bd3839d2a9ba10da9fa4a7ca546 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 14:23:59 +0300 Subject: [PATCH 52/61] Fix variable typo --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index be91cb0..dcd32dc 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -831,7 +831,7 @@ nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_bas nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_gid: "{{ mash_playbook_gid }}" -nextcloud_systemd_required_systemd_services_list_auto: | +nextcloud_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} From 0c5d9b0ae1e7b698bce0b025beb0882abfdb1684 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 13:31:17 +0200 Subject: [PATCH 53/61] Use just command --- docs/services/gotosocial.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index ae93152..b5d5a54 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -65,14 +65,14 @@ serverA$ rsync -av -e "ssh" data/* root@serverB:/mash/gotosocial/data/ Install (but don't start) the service and database on the server. ```bash -yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=install-all +yourPC$ just run-tags install-all yourPC$ just run-tags import-postgres --extra-vars=server_path_postgres_dump=/mash/gotosocial/latest.sql --extra-vars=postgres_default_import_database=mash-gotosocial ``` Start the services on the new server ```bash -yourPC$ ansible-playbook -i inventory/hosts setup.yml --tags=start +yourPC$ just run-tags start ``` Done 🥳 From 040a64c29ba6d74a68c7c0eb75d9e203d6032a09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 13:42:29 +0200 Subject: [PATCH 54/61] use jsut and correct wrong role prefix --- docs/services/gotosocial.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index b5d5a54..893e4f8 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -23,12 +23,12 @@ gotosocial_hostname: 'social.example.org' ######################################################################## ``` -After installation, you can use `ansible-playbook -i inventory/hosts setup.yml --tags=gotosocial-add-user --extra-vars "username= email= password="` +After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username=USERNAME --extra-vars=password=PASSWORD --extra-vars=email="` to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account. ### Usage -After [installing](../installing.md), you can visti at the URL specified in `firezone_hostname` and should see your instance. +After [installing](../installing.md), you can visti at the URL specified in `gotosocial_hostname` and should see your instance. Start to customize it at `social.example.org/admin`. Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use From 80471fc55ca6b22ce208461d54fe100029adeed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 13:49:44 +0200 Subject: [PATCH 55/61] Add documentation on hostname and domain --- docs/services/gotosocial.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index 893e4f8..5e78e14 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -14,8 +14,21 @@ To enable this service, add the following configuration to your `vars.yml` file ######################################################################## gotosocial_enabled: true + + +# Hostname that this server will be reachable at. +# DO NOT change this after your server has already run once, or you will break things! +# Examples: ["gts.example.org","some.server.com"] gotosocial_hostname: 'social.example.org' +# Domain to use when federating profiles. It defaults to `gotosocial_hostname` but you can cange it when you want your server to be at +# eg., `gotosocial_hostname: gts.example.org`, but you want the domain on accounts to be "example.org" because it looks better +# or is just shorter/easier to remember. +# +# Please read the appropriate section of the installation guide before you go messing around with this setting: +# https://docs.gotosocial.org/installation_guide/advanced/#can-i-host-my-instance-at-fediexampleorg-but-have-just-exampleorg-in-my-username +# gotosocial_account_domain: "example.org" + ######################################################################## # # # /gotosocial # From 92eac9df3bd8e2a710aeea0ca92841183e829476 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 13:53:46 +0200 Subject: [PATCH 56/61] Streamline placeholders & typo --- docs/services/gotosocial.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/services/gotosocial.md b/docs/services/gotosocial.md index 5e78e14..3558709 100644 --- a/docs/services/gotosocial.md +++ b/docs/services/gotosocial.md @@ -36,12 +36,12 @@ gotosocial_hostname: 'social.example.org' ######################################################################## ``` -After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username=USERNAME --extra-vars=password=PASSWORD --extra-vars=email="` +After installation, you can use `just run-tags gotosocial-add-user --extra-vars=username= --extra-vars=password= --extra-vars=email="` to create your a user. Change `--tags=gotosocial-add-user` to `--tags=gotosocial-add-admin` to create an admin account. ### Usage -After [installing](../installing.md), you can visti at the URL specified in `gotosocial_hostname` and should see your instance. +After [installing](../installing.md), you can visit at the URL specified in `gotosocial_hostname` and should see your instance. Start to customize it at `social.example.org/admin`. Use the [GtS CLI Tool](https://docs.gotosocial.org/en/latest/admin/cli/) to do admin & maintenance tasks. E.g. use From f08a2077221b9fe9474acefea39adb3f196fb18a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 14:44:38 +0200 Subject: [PATCH 57/61] Rename mash-gotosocial db to gotosocial --- group_vars/mash_servers | 1 - requirements.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 89f008f..d5e47e9 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1616,7 +1616,6 @@ gotosocial_gid: "{{ mash_playbook_gid }}" gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" -gotosocial_database_name: "{{ gotosocial_identifier }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_username: "{{ gotosocial_identifier }}" diff --git a/requirements.yml b/requirements.yml index 03c9dc9..534f68d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -104,4 +104,4 @@ name: firezone - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial - version: 148933d390a2a789ee4595a593d825e64d5e6f46 + version: d608eb330af28b75d3e4881b2e8c09af64d078f1 From f699b4d2640460e1c462ec185821e588d251f3c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 14:51:58 +0200 Subject: [PATCH 58/61] Rename mash-firezone db to firezone --- group_vars/mash_servers | 1 - requirements.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 4e8b135..f2bedc4 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -1602,7 +1602,6 @@ firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}" firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" -firezone_database_name: "{{ firezone_identifier }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_user: "{{ firezone_identifier }}" diff --git a/requirements.yml b/requirements.yml index ad77fb8..afbf953 100644 --- a/requirements.yml +++ b/requirements.yml @@ -103,7 +103,7 @@ version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe name: hubsite - src: git+https://github.com/moan0s/role-firezone.git - version: ac8564d5e11a75107ba93aec6427b83be824c30a + version: 7962aabb18186520acc6f8f9e4e867bd06bb7280 name: firezone - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial From 4f6bb57a0c991e79c8985f1fef24f651861f0785 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 14:58:45 +0200 Subject: [PATCH 59/61] Document breaking change for firezone --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a668a9..611c0b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2023-03-29 + +## (Backward Compatibility Break) Firezone database renamed + +If you are running firezone with the default postgres integration the playbook automatically created the database `mash-firezone`. +To follow the naming scheme we now renamed it just `firezone`. You will have to rename you database manually by running the following commands on your server + +```bash +systemctl stop mash-firezone +docker exec -it mash-postgres psql -U root +ALTER DATABASE "mash-firezone" RENAME TO firezone; +``` + +Then run `just install-all` and you should be good to go! + # 2023-03-26 ## (Backward Compatibility Break) PeerTube is no longer wired to Redis automatically From 9e4e578f1778fde553e258195df0650629c0f54d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Wed, 29 Mar 2023 15:11:53 +0200 Subject: [PATCH 60/61] Bump version --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index afbf953..2526b6b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -103,7 +103,7 @@ version: 6b20c472d36ce5765dc44675d42cce74cbcbd0fe name: hubsite - src: git+https://github.com/moan0s/role-firezone.git - version: 7962aabb18186520acc6f8f9e4e867bd06bb7280 + version: 3a2a1e4c6b484b643a847941937a80d0efd86d6c name: firezone - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-gotosocial.git name: gotosocial From beedda826aec668ab368a6b331338ce556b5c125 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Mar 2023 16:22:41 +0300 Subject: [PATCH 61/61] Update CHANGELOG.md --- CHANGELOG.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 611c0b5..87ebd5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,16 +2,14 @@ ## (Backward Compatibility Break) Firezone database renamed -If you are running firezone with the default postgres integration the playbook automatically created the database `mash-firezone`. -To follow the naming scheme we now renamed it just `firezone`. You will have to rename you database manually by running the following commands on your server +If you are running [Firezone](docs/services/firezone.md) with the default [Postgres](docs/services/postgres.md) integration the playbook automatically created the database with the name `mash-firezone`. +To be consistent with how this playbook names databases for all other services, going forward we've changed the database name to be just `firezone`. You will have to rename you database manually by running the following commands on your server: -```bash -systemctl stop mash-firezone -docker exec -it mash-postgres psql -U root -ALTER DATABASE "mash-firezone" RENAME TO firezone; -``` +1. Stop Firezone: `systemctl stop mash-firezone` +2. Run a Postgres `psql` shell: `/mash/postgres/bin/cli` +3. Execute this query: `ALTER DATABASE "mash-firezone" RENAME TO firezone;` and then quit the shell with `\q` -Then run `just install-all` and you should be good to go! +Then update the playbook (don't forget to run `just roles`), run `just install-all` and you should be good to go! # 2023-03-26