This commit is contained in:
Julian-Samuel Gebühr 2023-03-25 09:16:32 +01:00
commit f8f1e351f5
9 changed files with 202 additions and 45 deletions

View file

@ -1,3 +1,36 @@
# 2023-03-25
## (Backward Compatibility Break) Docker no longer installed by default
The playbook used to install Docker and the Docker SDK for Python by default, unless you turned these off by setting `mash_playbook_docker_installation_enabled` and `devture_docker_sdk_for_python_installation_enabled` (respectively) to `false`.
From now on, both of these variables default to `false`. An empty inventory file will not install these components.
**Most** users will want to enable these, just like they would want to enable [Traefik](docs/services/traefik.md) and [Postgres](docs/services/postgres.md), so why default them to `false`? The answer is: it's cleaner to have "**everything** is off by default - enable as you wish" and just need to add stuff, as opposed to "**some** things are on, **some** are off - toggle as you wish".
To enable these components, you need to explicitly add something like this to your `vars.yml` file:
```yaml
########################################################################
# #
# Docker #
# #
########################################################################
mash_playbook_docker_installation_enabled: true
devture_docker_sdk_for_python_installation_enabled: true
########################################################################
# #
# /Docker #
# #
########################################################################
```
Our [example vars.yml](examples/vars.yml) file has been updated, so that new hosts created based on it will have this configuration by default.
# 2023-03-15 # 2023-03-15
## Initial release ## Initial release

View file

@ -0,0 +1,78 @@
# AdGuard Home
[AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) is a network-wide DNS software for blocking ads & tracking.
**Warning**: running a public DNS server is not advisable. You'd better install AdGuard Home in a trusted local network, or adjust its network interfaces and port exposure (via the variables in the [Networking](#networking) configuration section below) so that you don't expose your DNS server publicly to the whole world. If you're exposing your DNS server publicly, consider restricting who can use it by adjusting the **Allowed clients** setting in the **Access settings** section of **Settings** -> **DNS settings**.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: true
adguard_home_hostname: mash.example.com
# Hosting under a subpath sort of works, but is not ideal
# (see the URL section below for details).
# Consider using a dedicated hostname and removing the line below.
adguard_home_path_prefix: /adguard-home
########################################################################
# #
# /adguard-home #
# #
########################################################################
```
### URL
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/adguard-home`.
You can remove the `adguard_home_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
When **hosting under a subpath**, you may hit [this bug](https://github.com/AdguardTeam/AdGuardHome/issues/5478), which causes these **annoyances**:
- upon initial usage, you will be redirected to `/install.html` and would need to manually adjust this URL to something like `/adguard-home/install.html` (depending on your `adguard_home_path_prefix`). After the installation wizard completes, you'd be redirected to `/index.html` incorrectly as well.
- every time you hit the homepage and you're not logged in, you will be redirected to `/login.html` and would need to manually adjust this URL to something like `/adguard-home/login.html` (depending on your `adguard_home_path_prefix`)
### Networking
By default, the following ports will be exposed by the container on **all network interfaces**:
- `53` over **TCP**, controlled by `adguard_home_container_dns_tcp_bind_port` - used for DNS over TCP
- `53` over **UDP**, controlled by `adguard_home_container_dns_udp_bind_port` - used for DNS over UDP
Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it.
To expose these ports only on **some** network interfaces, you can use additional configuration like this:
```yaml
# Expose only on 192.168.1.15
adguard_home_container_dns_tcp_bind_port: '192.168.1.15:53'
adguard_home_container_dns_udp_bind_port: '192.168.1.15:53'
```
## Usage
After installation, you can go to the AdGuard Home URL, as defined in `adguard_home_hostname` and `adguard_home_path_prefix`.
As mentioned in the [URL](#url) section above, you may hit some annoyances when hosting under a subpath.
The first time you visit the AdGuard Home pages, you'll go through a setup wizard **make sure to set the HTTP port to `3000`**. This is the in-container port that our Traefik setup expects and uses for serving the install wizard to begin with. If you go with the default (`80`), the web UI will stop working after the installation wizard completes.

View file

@ -3,6 +3,7 @@
| Name | Description | Documentation | | Name | Description | Documentation |
| ------------------------------ | ------------------------------------- | ------------- | | ------------------------------ | ------------------------------------- | ------------- |
| [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/aux.md) | | [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/aux.md) |
| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) |
| [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) | | [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) |
| [Docker](https://www.docker.com/) | Open-source software for deploying containerized applications | [Link](services/docker.md) | | [Docker](https://www.docker.com/) | Open-source software for deploying containerized applications | [Link](services/docker.md) |
| [Docker Registry](https://docs.docker.com/registry/) | A container image distribution registry | [Link](services/docker-registry.md) | | [Docker Registry](https://docs.docker.com/registry/) | A container image distribution registry | [Link](services/docker-registry.md) |

View file

@ -26,17 +26,13 @@ mash_playbook_generic_secret_key: ''
# # # #
######################################################################## ########################################################################
# Docker is installed by default.
#
# To disable Docker installation (in case you'd be installing Docker in another way), # To disable Docker installation (in case you'd be installing Docker in another way),
# uncomment the line below: # remove the line below.
# mash_playbook_docker_installation_enabled: false mash_playbook_docker_installation_enabled: true
# Docker SDK for Python is installed by default.
#
# To disable Docker SDK for Python installation (in case you'd be installing the SDK in another way), # To disable Docker SDK for Python installation (in case you'd be installing the SDK in another way),
# uncomment the line below: # remove the line below.
# devture_docker_sdk_for_python_installation_enabled: false devture_docker_sdk_for_python_installation_enabled: true
######################################################################## ########################################################################
# # # #

View file

@ -63,6 +63,8 @@ system_swap_enabled: false
devture_systemd_service_manager_services_list_auto: | devture_systemd_service_manager_services_list_auto: |
{{ {{
([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else [])
+
([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else []) ([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else [])
+ +
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else []) ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else [])
@ -144,7 +146,7 @@ devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postg
devture_postgres_architecture: "{{ mash_playbook_architecture }}" devture_postgres_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_base_path: "{{ mash_playbook_base_path }}/postgres" devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres"
devture_postgres_uid: "{{ mash_playbook_uid }}" devture_postgres_uid: "{{ mash_playbook_uid }}"
devture_postgres_gid: "{{ mash_playbook_gid }}" devture_postgres_gid: "{{ mash_playbook_gid }}"
@ -239,7 +241,7 @@ devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix
devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}" devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/postgres-backup" devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup"
devture_postgres_backup_systemd_required_services_list: | devture_postgres_backup_systemd_required_services_list: |
{{ {{
@ -281,9 +283,9 @@ devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(
devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}" devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}"
devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}" devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/vars.yml" devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml"
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/git_hash.yml" devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml"
######################################################################## ########################################################################
# # # #
@ -303,7 +305,7 @@ devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}"
devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy" devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy"
devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/container-socket-proxy" devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy"
devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}" devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}"
devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}" devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}"
@ -329,7 +331,7 @@ devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-manag
devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik" devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik"
devture_traefik_base_path: "{{ mash_playbook_base_path }}/traefik" devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik"
devture_traefik_uid: "{{ mash_playbook_uid }}" devture_traefik_uid: "{{ mash_playbook_uid }}"
devture_traefik_gid: "{{ mash_playbook_gid }}" devture_traefik_gid: "{{ mash_playbook_gid }}"
@ -362,9 +364,7 @@ devture_traefik_systemd_required_services_list: |
# # # #
######################################################################## ########################################################################
# To completely disable installing the Docker SDK for Python, use `devture_docker_sdk_for_python_installation_enabled: false`. devture_docker_sdk_for_python_installation_enabled: false
devture_docker_sdk_for_python_installation_enabled: true
######################################################################## ########################################################################
# # # #
@ -390,6 +390,41 @@ devture_timesync_installation_enabled: false
# # # #
######################################################################## ########################################################################
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: false
adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home"
adguard_home_uid: "{{ mash_playbook_uid }}"
adguard_home_gid: "{{ mash_playbook_gid }}"
adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home"
adguard_home_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /adguard-home #
# #
########################################################################
######################################################################## ########################################################################
# # # #
# collabora-online # # collabora-online #
@ -400,7 +435,7 @@ collabora_online_enabled: false
collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online" collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online"
collabora_online_base_path: "{{ mash_playbook_base_path }}/collabora-online" collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online"
collabora_online_uid: "{{ mash_playbook_uid }}" collabora_online_uid: "{{ mash_playbook_uid }}"
collabora_online_gid: "{{ mash_playbook_gid }}" collabora_online_gid: "{{ mash_playbook_gid }}"
@ -433,7 +468,7 @@ docker_registry_enabled: false
docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry" docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry"
docker_registry_base_path: "{{ mash_playbook_base_path }}/docker-registry" docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry"
docker_registry_uid: "{{ mash_playbook_uid }}" docker_registry_uid: "{{ mash_playbook_uid }}"
docker_registry_gid: "{{ mash_playbook_gid }}" docker_registry_gid: "{{ mash_playbook_gid }}"
@ -466,7 +501,7 @@ docker_registry_browser_enabled: false
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser" docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/docker-registry-browser" docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser"
docker_registry_browser_uid: "{{ mash_playbook_uid }}" docker_registry_browser_uid: "{{ mash_playbook_uid }}"
docker_registry_browser_gid: "{{ mash_playbook_gid }}" docker_registry_browser_gid: "{{ mash_playbook_gid }}"
@ -499,7 +534,7 @@ docker_registry_purger_enabled: false
docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger" docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger"
docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/docker-registry-purger" docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger"
docker_registry_purger_uid: "{{ mash_playbook_uid }}" docker_registry_purger_uid: "{{ mash_playbook_uid }}"
docker_registry_purger_gid: "{{ mash_playbook_gid }}" docker_registry_purger_gid: "{{ mash_playbook_gid }}"
@ -522,7 +557,7 @@ focalboard_enabled: false
focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard" focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard"
focalboard_base_path: "{{ mash_playbook_base_path }}/focalboard" focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard"
focalboard_uid: "{{ mash_playbook_uid }}" focalboard_uid: "{{ mash_playbook_uid }}"
focalboard_gid: "{{ mash_playbook_gid }}" focalboard_gid: "{{ mash_playbook_gid }}"
@ -569,7 +604,7 @@ gitea_enabled: false
gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea" gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea"
gitea_base_path: "{{ mash_playbook_base_path }}/gitea" gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea"
gitea_uid: "{{ mash_playbook_uid }}" gitea_uid: "{{ mash_playbook_uid }}"
gitea_gid: "{{ mash_playbook_gid }}" gitea_gid: "{{ mash_playbook_gid }}"
@ -616,7 +651,7 @@ grafana_enabled: false
grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana" grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana"
grafana_base_path: "{{ mash_playbook_base_path }}/grafana" grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana"
grafana_uid: "{{ mash_playbook_uid }}" grafana_uid: "{{ mash_playbook_uid }}"
grafana_gid: "{{ mash_playbook_gid }}" grafana_gid: "{{ mash_playbook_gid }}"
@ -653,7 +688,7 @@ miniflux_enabled: false
miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux" miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux"
miniflux_base_path: "{{ mash_playbook_base_path }}/miniflux" miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux"
miniflux_uid: "{{ mash_playbook_uid }}" miniflux_uid: "{{ mash_playbook_uid }}"
miniflux_gid: "{{ mash_playbook_gid }}" miniflux_gid: "{{ mash_playbook_gid }}"
@ -698,7 +733,7 @@ nextcloud_enabled: false
nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud" nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud"
nextcloud_base_path: "{{ mash_playbook_base_path }}/nextcloud" nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud"
nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_uid: "{{ mash_playbook_uid }}"
nextcloud_gid: "{{ mash_playbook_gid }}" nextcloud_gid: "{{ mash_playbook_gid }}"
@ -745,7 +780,7 @@ peertube_enabled: false
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube" peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
peertube_base_path: "{{ mash_playbook_base_path }}/peertube" peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube"
peertube_uid: "{{ mash_playbook_uid }}" peertube_uid: "{{ mash_playbook_uid }}"
peertube_gid: "{{ mash_playbook_gid }}" peertube_gid: "{{ mash_playbook_gid }}"
@ -799,7 +834,7 @@ prometheus_enabled: false
prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus" prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus"
prometheus_base_path: "{{ mash_playbook_base_path }}/prometheus" prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus"
prometheus_uid: "{{ mash_playbook_uid }}" prometheus_uid: "{{ mash_playbook_uid }}"
prometheus_gid: "{{ mash_playbook_gid }}" prometheus_gid: "{{ mash_playbook_gid }}"
@ -822,7 +857,7 @@ prometheus_blackbox_exporter_enabled: false
prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter" prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/prometheus-blackbox-exporter" prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}" prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}" prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}"
@ -860,7 +895,7 @@ prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter" prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/prometheus-node-exporter" prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}" prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}" prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
@ -909,7 +944,7 @@ radicale_enabled: false
radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale" radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale"
radicale_base_path: "{{ mash_playbook_base_path }}/radicale" radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale"
radicale_uid: "{{ mash_playbook_uid }}" radicale_uid: "{{ mash_playbook_uid }}"
radicale_gid: "{{ mash_playbook_gid }}" radicale_gid: "{{ mash_playbook_gid }}"
@ -941,7 +976,7 @@ redmine_enabled: false
redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine" redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine"
redmine_base_path: "{{ mash_playbook_base_path }}/redmine" redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine"
redmine_uid: "{{ mash_playbook_uid }}" redmine_uid: "{{ mash_playbook_uid }}"
redmine_gid: "{{ mash_playbook_gid }}" redmine_gid: "{{ mash_playbook_gid }}"
@ -991,7 +1026,7 @@ redis_enabled: false
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis" redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
redis_base_path: "{{ mash_playbook_base_path }}/redis" redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis"
redis_uid: "{{ mash_playbook_uid }}" redis_uid: "{{ mash_playbook_uid }}"
redis_gid: "{{ mash_playbook_gid }}" redis_gid: "{{ mash_playbook_gid }}"
@ -1017,7 +1052,7 @@ syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing"
syncthing_uid: "{{ mash_playbook_uid }}" syncthing_uid: "{{ mash_playbook_uid }}"
syncthing_gid: "{{ mash_playbook_gid }}" syncthing_gid: "{{ mash_playbook_gid }}"
syncthing_base_path: "{{ mash_playbook_base_path }}/syncthing" syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing"
syncthing_container_additional_networks: | syncthing_container_additional_networks: |
{{ {{
@ -1050,7 +1085,7 @@ vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarde
vaultwarden_uid: "{{ mash_playbook_uid }}" vaultwarden_uid: "{{ mash_playbook_uid }}"
vaultwarden_gid: "{{ mash_playbook_gid }}" vaultwarden_gid: "{{ mash_playbook_gid }}"
vaultwarden_base_path: "{{ mash_playbook_base_path }}/vaultwarden" vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden"
vaultwarden_systemd_required_systemd_services_list: | vaultwarden_systemd_required_systemd_services_list: |
{{ {{
@ -1094,7 +1129,7 @@ uptime_kuma_enabled: false
uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma" uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma"
uptime_kuma_base_path: "{{ mash_playbook_base_path }}/uptime-kuma" uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma"
uptime_kuma_uid: "{{ mash_playbook_uid }}" uptime_kuma_uid: "{{ mash_playbook_uid }}"
uptime_kuma_gid: "{{ mash_playbook_gid }}" uptime_kuma_gid: "{{ mash_playbook_gid }}"
@ -1130,7 +1165,7 @@ devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_pr
devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/woodpecker-ci/server" devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server"
devture_woodpecker_ci_server_systemd_required_systemd_services_list: | devture_woodpecker_ci_server_systemd_required_systemd_services_list: |
{{ {{
@ -1181,7 +1216,7 @@ devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_pre
devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/woodpecker-ci/agent" devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent"
devture_woodpecker_ci_agent_systemd_required_systemd_services_list: | devture_woodpecker_ci_agent_systemd_required_systemd_services_list: |
{{ {{
@ -1217,7 +1252,7 @@ hubsite_enabled: false
hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite" hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite"
hubsite_base_path: "{{ mash_playbook_base_path }}/hubsite" hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite"
hubsite_uid: "{{ mash_playbook_uid }}" hubsite_uid: "{{ mash_playbook_uid }}"
hubsite_gid: "{{ mash_playbook_gid }}" hubsite_gid: "{{ mash_playbook_gid }}"
@ -1330,7 +1365,7 @@ firezone_enabled: false
firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone" firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone"
firezone_base_path: "{{ mash_playbook_base_path }}/firezone" firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone"
firezone_uid: "{{ mash_playbook_uid }}" firezone_uid: "{{ mash_playbook_uid }}"
firezone_gid: "{{ mash_playbook_gid }}" firezone_gid: "{{ mash_playbook_gid }}"

View file

@ -1,6 +1,7 @@
--- ---
- src: geerlingguy.docker - src: git+https://github.com/geerlingguy/ansible-role-docker
name: geerlingguy.docker
version: 6.1.0 version: 6.1.0
- src: git+https://gitlab.com/etke.cc/roles/swap - src: git+https://gitlab.com/etke.cc/roles/swap
@ -75,6 +76,10 @@
- src: git+https://gitlab.com/etke.cc/roles/redmine.git - src: git+https://gitlab.com/etke.cc/roles/redmine.git
version: v5.0.5-1 version: v5.0.5-1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git
name: adguard_home
version: v0.107.26-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
name: aux name: aux
version: v1.0.0-0 version: v1.0.0-0

View file

@ -7,6 +7,8 @@ mash_playbook_identifier: mash
mash_playbook_user_username: "{{ mash_playbook_identifier }}" mash_playbook_user_username: "{{ mash_playbook_identifier }}"
mash_playbook_user_groupname: "{{ mash_playbook_identifier }}" mash_playbook_user_groupname: "{{ mash_playbook_identifier }}"
mash_playbook_user_home: "{{ mash_playbook_base_path }}"
# By default, the playbook creates the user (`mash_playbook_user_username`) # By default, the playbook creates the user (`mash_playbook_user_username`)
# and group (`mash_playbook_user_groupname`) with a random id. # and group (`mash_playbook_user_groupname`) with a random id.
# To use a specific user/group id, override these variables. # To use a specific user/group id, override these variables.
@ -17,10 +19,15 @@ mash_playbook_gid: ~
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
mash_playbook_generic_secret_key: '' mash_playbook_generic_secret_key: ''
# Controls the prefixed used for all service identifiers. # Controls the prefix used for all service identifiers.
# This affects systemd service names, container names, container networks, etc. # This affects systemd service names, container names, container networks, etc.
mash_playbook_service_identifier_prefix: "{{ mash_playbook_identifier }}-" mash_playbook_service_identifier_prefix: "{{ mash_playbook_identifier }}-"
# Controls the prefix of the base directory for all services.
# Example: `/mash/{PREFIX}traefik`.
# If `mash_playbook_identifier` is the default (mash), we intentionally use an empty prefix.
mash_playbook_service_base_directory_name_prefix: "{{ '' if mash_playbook_identifier == 'mash' else (mash_playbook_identifier + '-') }}"
# Controls the base path where all services will be installed # Controls the base path where all services will be installed
mash_playbook_base_path: "/{{ mash_playbook_identifier }}" mash_playbook_base_path: "/{{ mash_playbook_identifier }}"
mash_playbook_base_path_mode: "750" mash_playbook_base_path_mode: "750"
@ -52,11 +59,11 @@ mash_playbook_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else
# - no reverse-proxy will be installed # - no reverse-proxy will be installed
# - no port exposure will be done for any of the container services # - no port exposure will be done for any of the container services
# - it's up to you to expose the ports you want, etc. # - it's up to you to expose the ports you want, etc.
mash_playbook_reverse_proxy_type: playbook-managed-traefik mash_playbook_reverse_proxy_type: none
# Controls whether to install Docker or not # Controls whether to install Docker or not
# Also see `devture_docker_sdk_for_python_installation_enabled`. # Also see `devture_docker_sdk_for_python_installation_enabled`.
mash_playbook_docker_installation_enabled: true mash_playbook_docker_installation_enabled: false
# Controls whether to attach Traefik labels to services. # Controls whether to attach Traefik labels to services.
# This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook, # This is separate from `devture_traefik_enabled`, because you may wish to disable Traefik installation by the playbook,

View file

@ -15,7 +15,7 @@
uid: "{{ omit if mash_playbook_uid is none else mash_playbook_uid }}" uid: "{{ omit if mash_playbook_uid is none else mash_playbook_uid }}"
state: present state: present
group: "{{ mash_playbook_user_groupname }}" group: "{{ mash_playbook_user_groupname }}"
home: "{{ mash_playbook_base_path }}" home: "{{ mash_playbook_user_home }}"
create_home: false create_home: false
system: true system: true
register: mash_base_user_result register: mash_base_user_result

View file

@ -54,6 +54,8 @@
- role: galaxy/com.devture.ansible.role.traefik - role: galaxy/com.devture.ansible.role.traefik
- role: galaxy/adguard_home
- role: galaxy/collabora_online - role: galaxy/collabora_online
- role: galaxy/docker_registry - role: galaxy/docker_registry