--- # role-specific:auxiliary ######################################################################## # # # aux # # # ######################################################################## aux_directory_default_owner: "{{ mash_playbook_user_username }}" aux_directory_default_group: "{{ mash_playbook_user_groupname }}" aux_file_default_owner: "{{ mash_playbook_user_username }}" aux_file_default_group: "{{ mash_playbook_user_groupname }}" ######################################################################## # # # /aux # # # ######################################################################## # /role-specific:auxiliary # role-specific:authelia ######################################################################## # # # authelia # # # ######################################################################## authelia_enabled: false authelia_identifier: "{{ mash_playbook_service_identifier_prefix }}authelia" authelia_uid: "{{ mash_playbook_uid }}" authelia_gid: "{{ mash_playbook_gid }}" authelia_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authelia" authelia_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else []) }} authelia_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier and authelia_container_network != devture_postgres_container_network else []) }} authelia_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" authelia_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" authelia_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" authelia_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" authelia_config_jwt_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jwt.authelia', rounds=655555) | to_uuid }}" authelia_config_session_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'ses.authelia', rounds=655555) | to_uuid }}" authelia_config_identity_providers_oidc_hmac_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'hm.authelia', rounds=655555) | to_uuid }}" # role-specific:postgres authelia_config_storage_postgres_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" authelia_config_storage_postgres_port: "{{ '5432' if devture_postgres_enabled else '' }}" authelia_config_storage_postgres_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}" # /role-specific:postgres # role-specific:mariadb # If Postgres and MariaDB are not enabled, we favor Postgres. # We only enable MySQL if it's the only enabled component (that is, if Postgres is not enabled at the same time). authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled | default(false) else '' }}" authelia_config_storage_mysql_port: "{{ '3306' if mariadb_enabled else '' }}" authelia_config_storage_mysql_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}" # /role-specific:mariadb ######################################################################## # # # /authelia # # # ######################################################################## # /role-specific:authelia # role-specific:ssh ######################################################################## # # # ssh # # # ######################################################################## system_security_ssh_enabled: false ######################################################################## # # # /ssh # # # ######################################################################## # /role-specific:ssh # role-specific:fail2ban ######################################################################## # # # fail2ban # # # ######################################################################## system_security_fail2ban_enabled: false ######################################################################## # # # /fail2ban # # # ######################################################################## # /role-specific:fail2ban # role-specific:swap ######################################################################## # # # swap # # # ######################################################################## system_swap_enabled: false ######################################################################## # # # /swap # # # ######################################################################## # /role-specific:swap # role-specific:systemd_service_manager ######################################################################## # # # systemd_service_manager # # # ######################################################################## mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: # Dummy entry, which is not role-specific. # Ensures there's at least one entry defined in the list. - "{{ omit }}" # role-specific:backup_borg - |- {{ ({'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['mash', 'backup', 'borg']} if backup_borg_enabled else omit) }} # /role-specific:backup_borg # role-specific:adguard_home - |- {{ ({'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']} if adguard_home_enabled else omit) }} # /role-specific:adguard_home # role-specific:apisix_dashboard - |- {{ ({'name': (apisix_dashboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-dashboard']} if apisix_dashboard_enabled else omit) }} # /role-specific:apisix_dashboard # role-specific:apisix_gateway - |- {{ ({'name': (apisix_gateway_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'apisix-gateway']} if apisix_gateway_enabled else omit) }} # /role-specific:apisix_gateway # role-specific:appsmith - |- {{ ({'name': (appsmith_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'appsmith']} if appsmith_enabled else omit) }} # /role-specific:appsmith # role-specific:authentik - |- {{ ({'name': (authentik_server_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']} if authentik_enabled else omit) }} - |- {{ ({'name': (authentik_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']} if authentik_enabled else omit) }} # /role-specific:authentik # role-specific:authelia - |- {{ ({'name': (authelia_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authelia']} if authelia_enabled else omit) }} # /role-specific:authelia # role-specific:changedetection - |- {{ ({'name': (changedetection_identifier + '.service'), 'priority': 2100, 'groups': ['mash', 'changedetection']} if changedetection_enabled else omit) }} - |- {{ ({'name': (changedetection_playwright_driver_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'changedetection']} if changedetection_playwright_driver_enabled else omit) }} # /role-specific:changedetection # role-specific:clickhouse - |- {{ ({'name': (clickhouse_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'clickhouse']} if clickhouse_enabled else omit) }} # /role-specific:clickhouse # role-specific:collabora_online - |- {{ ({'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']} if collabora_online_enabled else omit) }} # /role-specific:collabora_online # role-specific:postgres - |- {{ ({'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']} if devture_postgres_enabled else omit) }} # /role-specific:postgres # role-specific:postgres_backup - |- {{ ({'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']} if devture_postgres_backup_enabled else omit) }} # /role-specific:postgres_backup # role-specific:container_socket_proxy - |- {{ ({'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 200, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']} if devture_container_socket_proxy_enabled else omit) }} # /role-specific:container_socket_proxy # role-specific:traefik - |- {{ ({'name': (devture_traefik_identifier + '.service'), 'priority': 250, 'groups': ['mash', 'traefik', 'reverse-proxies']} if devture_traefik_enabled else omit) }} # /role-specific:traefik # role-specific:woodpecker_ci_server - |- {{ ({'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']} if devture_woodpecker_ci_server_enabled else omit) }} # /role-specific:woodpecker_ci_server # role-specific:woodpecker_ci_agent - |- {{ ({'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']} if devture_woodpecker_ci_agent_enabled else omit) }} # /role-specific:woodpecker_ci_agent # role-specific:docker_registry - |- {{ ({'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']} if docker_registry_enabled else omit) }} - |- {{ ({'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']} if docker_registry_enabled else omit) }} # /role-specific:docker_registry # role-specific:docker_registry_browser - |- {{ ({'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']} if docker_registry_browser_enabled else omit) }} # /role-specific:docker_registry_browser # role-specific:docker_registry_purger - |- {{ ({'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']} if docker_registry_purger_enabled else omit) }} # /role-specific:docker_registry_purger # role-specific:echoip - |- {{ ({'name': (echoip_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'echoip']} if echoip_enabled else omit) }} # /role-specific:echoip # role-specific:etcd - |- {{ ({'name': (etcd_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'etcd']} if etcd_enabled else omit) }} # /role-specific:etcd # role-specific:exim_relay - |- {{ ({'name': (exim_relay_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'exim-relay']} if exim_relay_enabled else omit) }} # /role-specific:exim_relay # role-specific:firezone - |- {{ ({'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']} if firezone_enabled else omit) }} # /role-specific:firezone # role-specific:focalboard - |- {{ ({'name': (focalboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'focalboard']} if focalboard_enabled else omit) }} # /role-specific:focalboard # role-specific:freshrss - |- {{ ({'name': (freshrss_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'freshrss']} if freshrss_enabled else omit) }} # /role-specific:freshrss # role-specific:funkwhale - |- {{ ({'name': (funkwhale_api_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }} - |- {{ ({'name': (funkwhale_frontend_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }} - |- {{ ({'name': (funkwhale_celery_beat_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }} - |- {{ ({'name': (funkwhale_celery_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']} if funkwhale_enabled else omit) }} # /role-specific:funkwhale # role-specific:gitea - |- {{ ({'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']} if gitea_enabled else omit) }} # /role-specific:gitea # role-specific:gotosocial - |- {{ ({'name': (gotosocial_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gotosocial']} if gotosocial_enabled else omit) }} # /role-specific:gotosocial # role-specific:grafana - |- {{ ({'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']} if grafana_enabled else omit) }} # /role-specific:grafana # role-specific:hubsite - |- {{ ({'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']} if hubsite_enabled else omit) }} # /role-specific:hubsite # role-specific:healthchecks - |- {{ ({'name': (healthchecks_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'healthchecks']} if healthchecks_enabled else omit) }} # /role-specific:healthchecks # role-specific:ilmo - |- {{ ({'name': (ilmo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'ilmo']} if ilmo_enabled else omit) }} # /role-specific:ilmo # role-specific:infisical - |- {{ ({'name': (infisical_identifier + '-backend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-backend']} if infisical_enabled else omit) }} - |- {{ ({'name': (infisical_identifier + '-frontend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-frontend']} if infisical_enabled else omit) }} # /role-specific:infisical # role-specific:influxdb - |- {{ ({'name': (influxdb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'influxdb']} if influxdb_enabled else omit) }} # /role-specific:influxdb # role-specific:jitsi - |- {{ ({'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['mash', 'jitsi', 'jitsi-web']} if jitsi_enabled else omit) }} - |- {{ ({'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['mash', 'jitsi', 'jitsi-prosody']} if jitsi_enabled else omit) }} - |- {{ ({'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jicofo']} if jitsi_enabled else omit) }} - |- {{ ({'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jvb']} if jitsi_enabled else omit) }} # /role-specific:jitsi # role-specific:keycloak - |- {{ ({'name': (keycloak_identifier + '.service'), 'priority': 1000, 'groups': ['mash', 'keycloak']} if keycloak_enabled else omit) }} # /role-specific:keycloak # role-specific:lago - |- {{ ({'name': (lago_identifier + '-api.service'), 'priority': 2000, 'groups': ['mash', 'lago', 'lago-api']} if lago_enabled else omit) }} - |- {{ ({'name': (lago_identifier + '-api-worker.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-worker']} if lago_enabled else omit) }} - |- {{ ({'name': (lago_identifier + '-api-clock.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-clock']} if lago_enabled else omit) }} - |- {{ ({'name': (lago_identifier + '-front.service'), 'priority': 2200, 'groups': ['mash', 'lago', 'lago-front']} if lago_enabled else omit) }} - |- {{ ({'name': (lago_identifier + '-pdf.service'), 'priority': 1900, 'groups': ['mash', 'lago', 'lago-pdf']} if lago_enabled else omit) }} # /role-specific:lago # role-specific:linkding - |- {{ ({'name': (linkding_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'linkding']} if linkding_enabled else omit) }} # /role-specific:linkding # role-specific:miniflux - |- {{ ({'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']} if miniflux_enabled else omit) }} # /role-specific:miniflux # role-specific:mobilizon - |- {{ ({'name': (mobilizon_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mobilizon']} if mobilizon_enabled else omit) }} # /role-specific:mobilizon # role-specific:mongodb - |- {{ ({'name': (mongodb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mongodb']} if mongodb_enabled else omit) }} # /role-specific:mongodb # role-specific:mosquitto - |- {{ ({'name': (mosquitto_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mosquitto']} if mosquitto_enabled else omit) }} # /role-specific:mosquitto # role-specific:mrs - |- {{ ({'name': (mrs_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mrs']} if mrs_enabled else omit) }} # /role-specific:mrs # role-specific:n8n - |- {{ ({'name': (n8n_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'n8n']} if n8n_enabled else omit) }} # /role-specific:n8n # role-specific:navidrome - |- {{ ({'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']} if navidrome_enabled else omit) }} # /role-specific:navidrome # role-specific:netbox - |- {{ ({'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']} if netbox_enabled else omit) }} - |- {{ ({'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']} if netbox_enabled else omit) }} - |- {{ ({'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']} if netbox_enabled else omit) }} # /role-specific:netbox # role-specific:nextcloud - |- {{ ({'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']} if nextcloud_enabled else omit) }} - |- {{ ({'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']} if nextcloud_enabled else omit) }} # /role-specific:nextcloud # role-specific:mariadb - |- {{ ({'name': (mariadb_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'mariadb']} if mariadb_enabled else omit) }} # /role-specific:mariadb # role-specific:outline - |- {{ ({'name': (outline_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'outline']} if outline_enabled else omit) }} # /role-specific:outline # role-specific:owncast - |- {{ ({'name': (owncast_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'owncast']} if owncast_enabled else omit) }} # /role-specific:owncast # role-specific:oxitraffic - |- {{ ({'name': (oxitraffic_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'oxitraffic']} if oxitraffic_enabled else omit) }} # /role-specific:oxitraffic # role-specific:peertube - |- {{ ({'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']} if peertube_enabled else omit) }} # /role-specific:peertube # role-specific:postgis - |- {{ ({'name': (postgis_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'postgis']} if postgis_enabled else omit) }} # /role-specific:postgis # role-specific:prometheus - |- {{ ({'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']} if prometheus_enabled else omit) }} # /role-specific:prometheus # role-specific:prometheus_blackbox_exporter - |- {{ ({'name': (prometheus_blackbox_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-blackbox-exporter']} if prometheus_blackbox_exporter_enabled else omit) }} # /role-specific:prometheus_blackbox_exporter # role-specific:prometheus_ssh_exporter - |- {{ ({'name': (prometheus_ssh_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-ssh-exporter']} if prometheus_ssh_exporter_enabled else omit) }} # /role-specific:prometheus_ssh_exporter # role-specific:prometheus_node_exporter - |- {{ ({'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']} if prometheus_node_exporter_enabled else omit) }} # /role-specific:prometheus_node_exporter # role-specific:prometheus_postgres_exporter - |- {{ ({'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-postgres-exporter']} if prometheus_postgres_exporter_enabled else omit) }} # /role-specific:prometheus_postgres_exporter # role-specific:radicale - |- {{ ({'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']} if radicale_enabled else omit) }} # /role-specific:radicale # role-specific:redmine - |- {{ ({'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled else omit) }} - |- {{ ({'name': (redmine_identifier + '-send-reminders.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled else omit) }} - |- {{ ({'name': (redmine_identifier + '-recurring-tasks.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']} if redmine_enabled and redmine_recurring_tasks_enabled else omit) }} # /role-specific:redmine # role-specific:redis - |- {{ ({'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']} if redis_enabled else omit) }} # /role-specific:redis # role-specific:roundcube - |- {{ ({'name': (roundcube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'roundcube']} if roundcube_enabled else omit) }} # /role-specific:roundcube # role-specific:rumqttd - |- {{ ({'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']} if rumqttd_enabled else omit) }} # /role-specific:rumqttd # role-specific:semaphore - |- {{ ({'name': (semaphore_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'semaphore']} if semaphore_enabled else omit) }} # /role-specific:semaphore # role-specific:soft_serve - |- {{ ({'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']} if soft_serve_enabled else omit) }} # /role-specific:soft_serve # role-specific:syncthing - |- {{ ({'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']} if syncthing_enabled else omit) }} # /role-specific:syncthing # role-specific:telegraf - |- {{ ({'name': (telegraf_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'telegraf']} if telegraf_enabled else omit) }} # /role-specific:telegraf # role-specific:vaultwarden - |- {{ ({'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']} if vaultwarden_enabled else omit) }} # /role-specific:vaultwarden # role-specific:uptime_kuma - |- {{ ({'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']} if uptime_kuma_enabled else omit) }} # /role-specific:uptime_kuma # role-specific:wg_easy - |- {{ ({'name': (wg_easy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'wg-easy']} if wg_easy_enabled else omit) }} # /role-specific:wg_easy # role-specific:forgejo - |- {{ ({'name': (forgejo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'forgejo', 'forgejo-server']} if forgejo_enabled else omit) }} # /role-specific:forgejo devture_systemd_service_manager_services_list_auto: "{{ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # # /systemd_service_manager # # # ######################################################################## # /role-specific:systemd_service_manager # role-specific:postgres ######################################################################## # # # postgres # # # ######################################################################## devture_postgres_enabled: false devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres" devture_postgres_architecture: "{{ mash_playbook_architecture }}" devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres" devture_postgres_uid: "{{ mash_playbook_uid }}" devture_postgres_gid: "{{ mash_playbook_gid }}" # This includes everything for maximum safety. # It may not be optimal though, because some services may not be dependant on Postgres at all, etc. devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}" mash_playbook_devture_postgres_managed_databases_auto_itemized: # Dummy entry, which is not role-specific. # Ensures there's at least one entry defined in the list. - "{{ omit }}" # role-specific:authelia - |- {{ ({ 'name': authelia_config_storage_postgres_database, 'username': authelia_config_storage_postgres_username, 'password': authelia_config_storage_postgres_password, } if authelia_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else omit) }} # /role-specific:authelia # role-specific:authentik - |- {{ ({ 'name': authentik_database_name, 'username': authentik_database_username, 'password': authentik_database_password, } if authentik_enabled and authentik_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:authentik # role-specific:focalboard - |- {{ ({ 'name': focalboard_database_name, 'username': focalboard_database_username, 'password': focalboard_database_password, } if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:focalboard # role-specific:freshrss - |- {{ ({ 'name': freshrss_database_name, 'username': freshrss_database_username, 'password': freshrss_database_password, } if freshrss_enabled and freshrss_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:freshrss # role-specific:funkwhale - |- {{ ({ 'name': funkwhale_database_name, 'username': funkwhale_database_username, 'password': funkwhale_database_password, } if funkwhale_enabled and funkwhale_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:funkwhale # role-specific:gitea - |- {{ ({ 'name': gitea_config_database_name, 'username': gitea_config_database_username, 'password': gitea_config_database_password, } if gitea_enabled else omit) }} # /role-specific:gitea # role-specific:healthchecks - |- {{ ({ 'name': healthchecks_database_name, 'username': healthchecks_database_username, 'password': healthchecks_database_password, } if healthchecks_enabled and healthchecks_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:healthchecks # role-specific:woodpecker_ci_server - |- {{ ({ 'name': devture_woodpecker_ci_server_database_datasource_db_name, 'username': devture_woodpecker_ci_server_database_datasource_username, 'password': devture_woodpecker_ci_server_database_datasource_password, } if devture_woodpecker_ci_server_enabled else omit) }} # /role-specific:woodpecker_ci_server # role-specific:gotosocial - |- {{ ({ 'name': gotosocial_database_name, 'username': gotosocial_database_username, 'password': gotosocial_database_password, } if gotosocial_enabled else omit) }} # /role-specific:gotosocial # role-specific:ilmo - |- {{ ({ 'name': ilmo_database_name, 'username': ilmo_database_username, 'password': ilmo_database_password, } if ilmo_enabled else omit) }} # /role-specific:ilmo # role-specific:keycloak - |- {{ ({ 'name': keycloak_database_name, 'username': keycloak_database_username, 'password': keycloak_database_password, } if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:keycloak # role-specific:lago - |- {{ ({ 'name': lago_database_name, 'username': lago_database_username, 'password': lago_database_password, } if lago_enabled and lago_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:lago # role-specific:linkding - |- {{ ({ 'name': linkding_database_name, 'username': linkding_database_username, 'password': linkding_database_password, } if linkding_enabled and linkding_database_engine == 'postgres' else omit) }} # /role-specific:linkding # role-specific:miniflux - |- {{ ({ 'name': miniflux_database_name, 'username': miniflux_database_username, 'password': miniflux_database_password, } if miniflux_enabled else omit) }} # /role-specific:miniflux # role-specific:redmine - |- {{ ({ 'name': redmine_database_name, 'username': redmine_database_username, 'password': redmine_database_password, } if redmine_enabled else omit) }} # /role-specific:redmine # role-specific:n8n - |- {{ ({ 'name': n8n_database_name, 'username': n8n_database_username, 'password': n8n_database_password, } if n8n_enabled else omit) }} # /role-specific:n8n # role-specific:netbox - |- {{ ({ 'name': netbox_database_name, 'username': netbox_database_username, 'password': netbox_database_password, } if netbox_enabled else omit) }} # /role-specific:netbox # role-specific:nextcloud - |- {{ ({ 'name': nextcloud_database_name, 'username': nextcloud_database_username, 'password': nextcloud_database_password, } if nextcloud_enabled else omit) }} # /role-specific:nextcloud # role-specific:outline - |- {{ ({ 'name': outline_database_name, 'username': outline_database_username, 'password': outline_database_password, } if outline_enabled and outline_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:outline # role-specific:oxitraffic - |- {{ ({ 'name': oxitraffic_database_name, 'username': oxitraffic_database_username, 'password': oxitraffic_database_password, } if oxitraffic_enabled and oxitraffic_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:oxitraffic # role-specific:peertube - |- {{ ({ 'name': peertube_config_database_name, 'username': peertube_config_database_username, 'password': peertube_config_database_password, } if peertube_enabled else omit) }} # /role-specific:peertube # role-specific:prometheus_postgres_exporter - |- {{ ({ 'name': prometheus_postgres_exporter_database_name, 'username': prometheus_postgres_exporter_database_username, 'password': prometheus_postgres_exporter_database_password, } if prometheus_postgres_exporter_enabled else omit) }} # /role-specific:prometheus_postgres_exporter # role-specific:firezone - |- {{ ({ 'name': firezone_database_name, 'username': firezone_database_username, 'password': firezone_database_password, } if firezone_enabled else omit) }} # /role-specific:firezone # role-specific:vaultwarden - |- {{ ({ 'name': vaultwarden_database_name, 'username': vaultwarden_database_username, 'password': vaultwarden_database_password, } if vaultwarden_enabled else omit) }} # /role-specific:vaultwarden # role-specific:forgejo - |- {{ ({ 'name': forgejo_config_database_name, 'username': forgejo_config_database_username, 'password': forgejo_config_database_password, } if forgejo_enabled else omit) }} # /role-specific:forgejo # role-specific:roundcube - |- {{ ({ 'name': roundcube_database_name, 'username': roundcube_database_username, 'password': roundcube_database_password, } if roundcube_enabled and roundcube_database_hostname == devture_postgres_identifier else omit) }} # /role-specific:roundcube # role-specific:semaphore - |- {{ ({ 'name': semaphore_database_name, 'username': semaphore_database_username, 'password': semaphore_database_password, } if semaphore_enabled and semaphore_database_host == devture_postgres_identifier else omit) }} # /role-specific:semaphore devture_postgres_managed_databases_auto: "{{ mash_playbook_devture_postgres_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # # /postgres # # # ######################################################################## # /role-specific:postgres # role-specific:postgres_backup ######################################################################## # # # postgres_backup # # # ######################################################################## devture_postgres_backup_enabled: false devture_postgres_backup_postgres_role_include_name: galaxy/postgres devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup" devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}" devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup" devture_postgres_backup_uid: "{{ mash_playbook_uid }}" devture_postgres_backup_gid: "{{ mash_playbook_gid }}" # role-specific:postgres devture_postgres_backup_systemd_required_services_list_auto: | {{ ([(devture_postgres_identifier + '.service')] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else []) }} devture_postgres_backup_container_network: "{{ (devture_postgres_container_network if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname) else devture_postgres_backup_identifier) }}" devture_postgres_backup_container_additional_networks_auto: |- {{ ([devture_postgres_container_network] if (devture_postgres_enabled and devture_postgres_backup_connection_hostname == devture_postgres_connection_hostname and devture_postgres_backup_container_network != devture_postgres_container_network) else []) }} devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" # /role-specific:postgres ######################################################################## # # # /postgres_backup # # # ######################################################################## # /role-specific:postgres_backup # role-specific:playbook_state_preserver ######################################################################## # # # playbook_state_preserver # # # ######################################################################## # To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`. devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}" devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}" devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml" devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml" ######################################################################## # # # /playbook_state_preserver # # # ######################################################################## # /role-specific:playbook_state_preserver # role-specific:container_socket_proxy ######################################################################## # # # container_socket_proxy # # # ######################################################################## devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}" devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy" devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy" devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}" devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}" # Traefik requires read access to the containers APIs to do its job devture_container_socket_proxy_api_containers_enabled: true ######################################################################## # # # /container_socket_proxy # # # ######################################################################## # /role-specific:container_socket_proxy # role-specific:traefik ######################################################################## # # # traefik # # # ######################################################################## devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik" devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik" devture_traefik_uid: "{{ mash_playbook_uid }}" devture_traefik_gid: "{{ mash_playbook_gid }}" # role-specific:container_socket_proxy devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" # /role-specific:container_socket_proxy devture_traefik_container_additional_networks_auto: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled | default(false) else []) }} devture_traefik_systemd_required_services_list: | {{ (['docker.service']) + ([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled | default(false) else []) }} ######################################################################## # # # /traefik # # # ######################################################################## # /role-specific:traefik # role-specific:docker_sdk_for_python ######################################################################## # # # docker_sdk_for_python # # # ######################################################################## devture_docker_sdk_for_python_installation_enabled: false ######################################################################## # # # /docker_sdk_for_python # # # ######################################################################## # /role-specific:docker_sdk_for_python # role-specific:timesync ######################################################################## # # # timesync # # # ######################################################################## # To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`. devture_timesync_installation_enabled: false ######################################################################## # # # /timesync # # # ######################################################################## # /role-specific:timesync # role-specific:adguard_home ######################################################################## # # # adguard-home # # # ######################################################################## adguard_home_enabled: false adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home" adguard_home_uid: "{{ mash_playbook_uid }}" adguard_home_gid: "{{ mash_playbook_gid }}" adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home" adguard_home_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /adguard-home # # # ######################################################################## # /role-specific:adguard_home # role-specific:apisix_dashboard ######################################################################## # # # apisix_dashboard # # # ######################################################################## apisix_dashboard_enabled: false apisix_dashboard_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-dashboard" apisix_dashboard_uid: "{{ mash_playbook_uid }}" apisix_dashboard_gid: "{{ mash_playbook_gid }}" apisix_dashboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-dashboard" apisix_dashboard_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_dashboard_container_labels_traefik_enabled) else []) }} apisix_dashboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" apisix_dashboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" apisix_dashboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" apisix_dashboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # role-specific:etcd apisix_dashboard_config_conf_etcd_endpoints: | {{ ([(etcd_identifier + ':2379')] if etcd_enabled else []) }} apisix_dashboard_config_conf_etcd_username: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}" apisix_dashboard_config_conf_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}" apisix_dashboard_container_additional_networks_custom: | {{ ([etcd_container_network] if etcd_enabled else []) }} apisix_dashboard_systemd_required_systemd_services_list_auto: | {{ ([(etcd_identifier + '.service')] if etcd_enabled else []) }} # /role-specific:etcd ######################################################################## # # # /apisix_dashboard # # # ######################################################################## # /role-specific:apisix_dashboard # role-specific:apisix_gateway ######################################################################## # # # apisix_gateway # # # ######################################################################## apisix_gateway_enabled: false apisix_gateway_identifier: "{{ mash_playbook_service_identifier_prefix }}apisix-gateway" apisix_gateway_uid: "{{ mash_playbook_uid }}" apisix_gateway_gid: "{{ mash_playbook_gid }}" apisix_gateway_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}apisix-gateway" apisix_gateway_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if (mash_playbook_reverse_proxyable_services_additional_network and apisix_gateway_container_labels_traefik_enabled) else []) }} apisix_gateway_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" apisix_gateway_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" apisix_gateway_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" apisix_gateway_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" apisix_gateway_container_labels_metrics_enabled: "{{ prometheus_enabled | default(false) or mash_playbook_metrics_exposure_enabled }}" apisix_gateway_container_labels_metrics_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" apisix_gateway_container_labels_metrics_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ apisix_gateway_identifier }}" apisix_gateway_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" apisix_gateway_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" # role-specific:etcd apisix_gateway_config_deployment_etcd_host: | {{ ([('http://' + etcd_identifier + ':2379')] if etcd_enabled else []) }} apisix_gateway_config_deployment_etcd_user: "{{ ('root' if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}" apisix_gateway_config_deployment_etcd_password: "{{ (etcd_environment_variable_etcd_root_password if (etcd_enabled and not etcd_environment_variable_allow_none_authentication) else '') }}" apisix_gateway_container_additional_networks_custom: | {{ ([etcd_container_network] if etcd_enabled else []) }} apisix_gateway_systemd_required_systemd_services_list_auto: | {{ ([(etcd_identifier + '.service')] if etcd_enabled else []) }} # /role-specific:etcd ######################################################################## # # # /apisix_gateway # # # ######################################################################## # /role-specific:apisix_gateway # role-specific:appsmith ######################################################################## # # # appsmith # # # ######################################################################## appsmith_enabled: false appsmith_identifier: "{{ mash_playbook_service_identifier_prefix }}appsmith" appsmith_uid: "{{ mash_playbook_uid }}" appsmith_gid: "{{ mash_playbook_gid }}" appsmith_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}appsmith" appsmith_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik appsmith_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" appsmith_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" appsmith_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" appsmith_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /appsmith # # # ######################################################################## # /role-specific:appsmith # role-specific:authentik ######################################################################## # # # authentik # # # ######################################################################## authentik_enabled: false authentik_identifier: "{{ mash_playbook_service_identifier_prefix }}authentik" authentik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authentik" authentik_uid: "{{ mash_playbook_uid }}" authentik_gid: "{{ mash_playbook_gid }}" # role-specific:postgres authentik_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" authentik_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" authentik_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}" authentik_database_username: "{{ authentik_identifier }}" # /role-specific:postgres authentik_server_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier else []) }} authentik_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier and authentik_container_network != devture_postgres_container_network else []) }} # role-specific:traefik authentik_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" authentik_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" authentik_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" authentik_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /authentik # # # ######################################################################## # /role-specific:authentik # role-specific:backup_borg ######################################################################## # # # backup-borg # # # ######################################################################## backup_borg_enabled: false backup_borg_identifier: "{{ mash_playbook_service_identifier_prefix }}backup-borg" backup_borg_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}borg-backup" backup_borg_uid: "{{ mash_playbook_uid }}" backup_borg_gid: "{{ mash_playbook_gid }}" backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}" backup_borg_retention_prefix: "{{ mash_playbook_service_identifier_prefix }}" backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_prefix }}-{now:%Y-%m-%d-%H%M%S}" backup_borg_container_image_self_build: "{{ mash_playbook_architecture not in ['amd64', 'arm32', 'arm64'] }}" # role-specific:postgres backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}" backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" # /role-specific:postgres # role-specific:mariadb backup_borg_mysql_enabled: "{{ mariadb_enabled }}" backup_borg_mysql_databases_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}" backup_borg_mysql_databases_username: "root" backup_borg_mysql_databases_password: "{{ mariadb_root_passsword if mariadb_enabled else '' }}" backup_borg_mysql_databases_port: 3306 backup_borg_mysql_databases: "{{ mariadb_managed_databases | map(attribute='name') if mariadb_enabled else [] }}" # /role-specific:mariadb backup_borg_location_source_directories: - "{{ mash_playbook_base_path }}" backup_borg_location_exclude_patterns: | {{ ([devture_postgres_data_path] if devture_postgres_enabled | default(false) else []) + ([mariadb_data_path] if mariadb_enabled | default(false) else []) }} backup_borg_systemd_required_services_list: | {{ ['docker.service'] + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) else []) + ([mariadb_identifier ~ '.service'] if mariadb_enabled | default(false) else []) }} ######################################################################## # # # /backup-borg # # # ######################################################################## # /role-specific:backup_borg # role-specific:changedetection ######################################################################## # # # Changedetection.io # # # ######################################################################## changedetection_enabled: false changedetection_identifier: "{{ mash_playbook_service_identifier_prefix }}changedetection" changedetection_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}changedetection" changedetection_uid: "{{ mash_playbook_uid }}" changedetection_gid: "{{ mash_playbook_gid }}" changedetection_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik changedetection_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" changedetection_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" changedetection_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" changedetection_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /Changedetection.io # # # ######################################################################## # /role-specific:changedetection # role-specific:clickhouse ######################################################################## # # # clickhouse # # # ######################################################################## clickhouse_enabled: false clickhouse_identifier: "{{ mash_playbook_service_identifier_prefix }}clickhouse" clickhouse_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}clickhouse" clickhouse_uid: "{{ mash_playbook_uid }}" clickhouse_gid: "{{ mash_playbook_gid }}" # This will be extended in the future, to auto-create databases for services which depend on MariaDB. # See `devture_postgres_managed_databases_auto` # TODO # clickhouse_managed_databases_auto: [] ######################################################################## # # # /clickhouse # # # ######################################################################## # /role-specific:clickhouse # role-specific:collabora_online ######################################################################## # # # collabora-online # # # ######################################################################## collabora_online_enabled: false collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online" collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online" collabora_online_uid: "{{ mash_playbook_uid }}" collabora_online_gid: "{{ mash_playbook_gid }}" collabora_online_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /collabora-online # # # ######################################################################## # /role-specific:collabora_online # role-specific:docker_registry ######################################################################## # # # docker-registry # # # ######################################################################## docker_registry_enabled: false docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry" docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry" docker_registry_uid: "{{ mash_playbook_uid }}" docker_registry_gid: "{{ mash_playbook_gid }}" docker_registry_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /docker-registry # # # ######################################################################## # /role-specific:docker_registry # role-specific:docker_registry_browser ######################################################################## # # # docker-registry-browser # # # ######################################################################## docker_registry_browser_enabled: false docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser" docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser" docker_registry_browser_uid: "{{ mash_playbook_uid }}" docker_registry_browser_gid: "{{ mash_playbook_gid }}" docker_registry_browser_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /docker-registry-browser # # # ######################################################################## # /role-specific:docker_registry_browser # role-specific:docker_registry_purger ######################################################################## # # # docker-registry-purger # # # ######################################################################## docker_registry_purger_enabled: false docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger" docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger" docker_registry_purger_uid: "{{ mash_playbook_uid }}" docker_registry_purger_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /docker-registry-purger # # # ######################################################################## # /role-specific:docker_registry_purger # role-specific:echoip ######################################################################## # # # echoip # # # ######################################################################## echoip_enabled: false echoip_identifier: "{{ mash_playbook_service_identifier_prefix }}echoip" echoip_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}echoip" echoip_uid: "{{ mash_playbook_uid }}" echoip_gid: "{{ mash_playbook_gid }}" echoip_systemd_required_services_list: | {{ (['docker.service']) }} echoip_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # role-specific:traefik echoip_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" echoip_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" echoip_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" echoip_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /echoip # # # ######################################################################## # /role-specific:echoip # role-specific:etcd ######################################################################## # # # etcd # # # ######################################################################## etcd_enabled: false etcd_identifier: "{{ mash_playbook_service_identifier_prefix }}etcd" etcd_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}etcd" etcd_uid: "{{ mash_playbook_uid }}" etcd_gid: "{{ mash_playbook_gid }}" etcd_environment_variable_etcd_root_password: "{{ '' if etcd_environment_variable_allow_none_authentication else ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'etcd', rounds=655555) | to_uuid) }}" ######################################################################## # # # /etcd # # # ######################################################################## # /role-specific:etcd # role-specific:exim_relay ######################################################################## # # # exim_relay # # # ######################################################################## exim_relay_enabled: false exim_relay_identifier: "{{ mash_playbook_service_identifier_prefix }}exim-relay" exim_relay_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}exim-relay" exim_relay_uid: "{{ mash_playbook_uid }}" exim_relay_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /exim_relay # # # ######################################################################## # /role-specific:exim_relay # role-specific:firezone ######################################################################## # # # firezone # # # ######################################################################## firezone_enabled: false firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone" firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone" firezone_uid: "{{ mash_playbook_uid }}" firezone_gid: "{{ mash_playbook_gid }}" firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}" # role-specific:postgres firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_username: "{{ firezone_identifier }}" # /role-specific:postgres firezone_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier else []) }} firezone_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled | default(false) and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else []) }} # role-specific:traefik firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /firezone # # # ######################################################################## # /role-specific:firezone # role-specific:focalboard ######################################################################## # # # focalboard # # # ######################################################################## focalboard_enabled: false focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard" focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard" focalboard_uid: "{{ mash_playbook_uid }}" focalboard_gid: "{{ mash_playbook_gid }}" focalboard_systemd_required_systemd_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else []) }} # role-specific:postgres focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}" focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}" # /role-specific:postgres focalboard_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled | default(false) and focalboard_database_hostname == devture_postgres_identifier else []) }} # role-specific:traefik focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # /role-specific:traefik ######################################################################## # # # /focalboard # # # ######################################################################## # /role-specific:focalboard # role-specific:freshrss ######################################################################## # # # freshrss # # # ######################################################################## freshrss_enabled: false freshrss_identifier: "{{ mash_playbook_service_identifier_prefix }}freshrss" freshrss_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}freshrss" # freshrss_uid and freshrss_gid are intentionally not being set here. # FreshRSS can only work with a specific user and group, as hardcoded in the role defaults. freshrss_uid: "0" freshrss_gid: "33" freshrss_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier else []) }} freshrss_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier and freshrss_container_network != devture_postgres_container_network else []) }} freshrss_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" freshrss_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" # Intentionally not auto-generating freshrss_database_password. # It's meant to be explicitly defined, so that it can be used in the setup wizard after installation. ######################################################################## # # # /freshrss # # # ######################################################################## # /role-specific:freshrss # role-specific:funkwhale ######################################################################## # # # funkwhale # # # ######################################################################## funkwhale_enabled: false funkwhale_identifier: "{{ mash_playbook_service_identifier_prefix }}funkwhale" funkwhale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}funkwhale" funkwhale_uid: "{{ mash_playbook_uid }}" funkwhale_gid: "{{ mash_playbook_gid }}" funkwhale_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" funkwhale_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" funkwhale_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.funkwhale', rounds=655555) | to_uuid }}" funkwhale_database_username: "{{ funkwhale_identifier }}" funkwhale_api_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else []) }} funkwhale_frontend_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else []) }} funkwhale_api_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_api_container_network != devture_postgres_container_network else []) }} funkwhale_frontend_container_additional_networks_auto: | {{ ([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_frontend_container_network != devture_postgres_container_network else []) + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} funkwhale_api_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" funkwhale_api_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" funkwhale_api_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" funkwhale_api_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" funkwhale_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" funkwhale_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" funkwhale_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" funkwhale_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /funkwhale # # # ######################################################################## # /role-specific:funkwhale # role-specific:gitea ######################################################################## # # # gitea # # # ######################################################################## gitea_enabled: false gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea" gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea" gitea_uid: "{{ mash_playbook_uid }}" gitea_gid: "{{ mash_playbook_gid }}" gitea_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else []) }} gitea_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else []) }} gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gitea_config_database_username: "gitea" gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}" ######################################################################## # # # /gitea # # # ######################################################################## # /role-specific:gitea # role-specific:gotosocial ######################################################################## # # # gotosocial # # # ######################################################################## gotosocial_enabled: false gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial" gotosocial_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gotosocial" gotosocial_uid: "{{ mash_playbook_uid }}" gotosocial_gid: "{{ mash_playbook_gid }}" gotosocial_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else []) }} gotosocial_systemd_wanted_services_list_auto: | {{ ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and gotosocial_smtp_host == exim_relay_identifier | default('mash-exim-relay')) else []) }} gotosocial_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and gotosocial_smtp_host == exim_relay_identifier | default('mash-exim-relay') and gotosocial_container_network != exim_relay_container_network) else []) }} gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_username: "{{ gotosocial_identifier }}" # role-specific:exim_relay gotosocial_smtp_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" gotosocial_smtp_port: 8025 gotosocial_smtp_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" # /role-specific:exim_relay ######################################################################## # # # /gotosocial # # # ######################################################################## # /role-specific:gotosocial # role-specific:grafana ######################################################################## # # # grafana # # # ######################################################################## grafana_enabled: false grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana" grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana" grafana_uid: "{{ mash_playbook_uid }}" grafana_gid: "{{ mash_playbook_gid }}" grafana_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if (grafana_container_labels_traefik_enabled and mash_playbook_reverse_proxyable_services_additional_network) else []) }} grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /grafana # # # ######################################################################## # /role-specific:grafana # role-specific:healthchecks ######################################################################## # # # healthchecks # # # ######################################################################## healthchecks_enabled: false healthchecks_identifier: "{{ mash_playbook_service_identifier_prefix }}healthchecks" healthchecks_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}healthchecks" healthchecks_uid: "{{ mash_playbook_uid }}" healthchecks_gid: "{{ mash_playbook_gid }}" healthchecks_systemd_required_systemd_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier else []) }} healthchecks_systemd_wanted_systemd_services_list_auto: | {{ ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and healthchecks_environment_variable_email_host == exim_relay_identifier | default('mash-exim-relay')) else []) }} healthchecks_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier and healthchecks_container_network != devture_postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and healthchecks_environment_variable_email_host == exim_relay_identifier | default('mash-exim-relay') and healthchecks_container_network != exim_relay_container_network) else []) }} healthchecks_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" healthchecks_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" healthchecks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" healthchecks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" healthchecks_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" healthchecks_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks.db', rounds=655555) | to_uuid }}" healthchecks_environment_variable_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks', rounds=655555) | to_uuid }}" # role-specific:exim_relay healthchecks_environment_variable_default_from_email: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" healthchecks_environment_variable_email_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" healthchecks_environment_variable_email_port: "{{ 8025 if exim_relay_enabled else '587' }}" healthchecks_environment_variable_email_use_tls: "{{ false if exim_relay_enabled else true }}" healthchecks_environment_variable_email_use_verification: "{{ false if exim_relay_enabled else true }}" # /role-specific:exim_relay ######################################################################## # # # /healthchecks # # # ######################################################################## # /role-specific:healthchecks # role-specific:hubsite ######################################################################## # # # hubsite # # # ######################################################################## hubsite_enabled: false hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite" hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite" hubsite_uid: "{{ mash_playbook_uid }}" hubsite_gid: "{{ mash_playbook_gid }}" hubsite_systemd_required_services_list: | {{ (['docker.service']) }} hubsite_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # Services ########## # role-specific:adguard_home # Adguard home hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}" hubsite_service_adguard_home_name: Adguard Home hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}" hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png" hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking" hubsite_service_adguard_home_priority: 1000 # /role-specific:adguard_home # role-specific:authentik # authentik hubsite_service_authentik_enabled: "{{ authentik_enabled }}" hubsite_service_authentik_name: Authentik hubsite_service_authentik_url: "https://{{ authentik_hostname }}" hubsite_service_authentik_logo_location: "{{ role_path }}/assets/authentik.png" hubsite_service_authentik_description: "An open source identity provider" hubsite_service_authentik_priority: 1000 # /role-specific:authentik # role-specific:appsmith # Appsmith hubsite_service_appsmith_enabled: "{{ appsmith_enabled }}" hubsite_service_appsmith_name: Appsmith hubsite_service_appsmith_url: "https://{{ appsmith_hostname }}{{ appsmith_path_prefix }}" hubsite_service_appsmith_logo_location: "{{ role_path }}/assets/appsmith.png" hubsite_service_appsmith_description: "Platform for building and deploying custom internal tools and applications without writing code" hubsite_service_appsmith_priority: 1000 # /role-specific:appsmith # role-specific:docker_registry_browser # Docker Registry Browser hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}" hubsite_service_docker_registry_browser_name: Docker Registry Browser hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}" hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png" hubsite_service_docker_registry_browser_description: "Browse docker images" hubsite_service_docker_registry_browser_priority: 1000 # /role-specific:docker_registry_browser # role-specific:firezone # Firezone hubsite_service_firezone_enabled: "{{ firezone_enabled }}" hubsite_service_firezone_name: Firezone hubsite_service_firezone_url: "https://{{ firezone_hostname }}" hubsite_service_firezone_logo_location: "{{ role_path }}/assets/firezone.png" hubsite_service_firezone_description: "A self-hosted VPN server, based on Wireguard" hubsite_service_firezone_priority: 1000 # /role-specific:firezone # role-specific:focalboard # Focalboard hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}" hubsite_service_focalboard_name: Focalboard hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}" hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png" hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana." hubsite_service_focalboard_priority: 1000 # /role-specific:focalboard # role-specific:freshrss # FreshRSS hubsite_service_freshrss_enabled: "{{ freshrss_enabled }}" hubsite_service_freshrss_name: FreshRSS hubsite_service_freshrss_url: "https://{{ freshrss_hostname }}{{ freshrss_path_prefix }}" hubsite_service_freshrss_logo_location: "{{ role_path }}/assets/freshrss.png" hubsite_service_freshrss_description: "RSS and Atom feed aggregator." hubsite_service_freshrss_priority: 1000 # /role-specific:freshrss # role-specific:funkwhale # Funkwhale hubsite_service_funkwhale_enabled: "{{ funkwhale_enabled }}" hubsite_service_funkwhale_name: Funkwhale hubsite_service_funkwhale_url: "https://{{ funkwhale_hostname }}" hubsite_service_funkwhale_logo_location: "{{ role_path }}/assets/funkwhale.png" hubsite_service_funkwhale_description: "Listen and share music with a selfhosted streaming server" hubsite_service_funkwhale_priority: 1000 # /role-specific:funkwhale # role-specific:gitea # Gitea hubsite_service_gitea_enabled: "{{ gitea_enabled }}" hubsite_service_gitea_name: Gitea hubsite_service_gitea_url: "https://{{ gitea_hostname }}{{ gitea_path_prefix }}" hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png" hubsite_service_gitea_description: "A git service" hubsite_service_gitea_priority: 1000 # /role-specific:gitea # role-specific:gotosocial # GoToSocial hubsite_service_gotosocial_enabled: "{{ gotosocial_enabled }}" hubsite_service_gotosocial_name: GoToSocial hubsite_service_gotosocial_url: "https://{{ gotosocial_hostname }}" hubsite_service_gotosocial_logo_location: "{{ role_path }}/assets/gotosocial.png" hubsite_service_gotosocial_description: "A fediverse server" hubsite_service_gotosocial_priority: 1000 # /role-specific:gotosocial # role-specific:grafana # Grafana hubsite_service_grafana_enabled: "{{ grafana_enabled }}" hubsite_service_grafana_name: Grafana hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}" hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png" hubsite_service_grafana_description: "Check how your server is doing" hubsite_service_grafana_priority: 1000 # /role-specific:grafana # role-specific:healthchecks # Healthchecks hubsite_service_healthchecks_enabled: "{{ healthchecks_enabled }}" hubsite_service_healthchecks_name: Healthchecks hubsite_service_healthchecks_url: "https://{{ healthchecks_hostname }}{{ healthchecks_path_prefix }}" hubsite_service_healthchecks_logo_location: "{{ role_path }}/assets/healthchecks.png" hubsite_service_healthchecks_description: "A simple and Effective Cron Job Monitoring solution" hubsite_service_healthchecks_priority: 1000 # /role-specific:healthchecks # role-specific:keycloak # Keycloak hubsite_service_keycloak_enabled: "{{ keycloak_enabled }}" hubsite_service_keycloak_name: Keycloak hubsite_service_keycloak_url: "https://{{ keycloak_hostname }}{{ keycloak_path_prefix }}" hubsite_service_keycloak_logo_location: "{{ role_path }}/assets/keycloak.png" hubsite_service_keycloak_description: "An open source identity and access management solution." hubsite_service_keycloak_priority: 1000 # /role-specific:keycloak # role-specific:miniflux # Miniflux hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}" hubsite_service_miniflux_name: Miniflux hubsite_service_miniflux_url: "https://{{ miniflux_hostname }}{{ miniflux_path_prefix }}" hubsite_service_miniflux_logo_location: "{{ role_path }}/assets/miniflux.png" hubsite_service_miniflux_description: "An opinionated feed reader" hubsite_service_miniflux_priority: 1000 # /role-specific:miniflux # role-specific:n8n # n8n hubsite_service_n8n_enabled: "{{ n8n_enabled }}" hubsite_service_n8n_name: n8n hubsite_service_n8n_url: "https://{{ n8n_hostname }}{{ n8n_path_prefix }}" hubsite_service_n8n_logo_location: "{{ role_path }}/assets/n8n.png" hubsite_service_n8n_description: "Workflow automation for technical people." hubsite_service_n8n_priority: 1000 # /role-specific:n8n # role-specific:linkding # Linkding hubsite_service_linkding_enabled: "{{ linkding_enabled }}" hubsite_service_linkding_name: Linkding hubsite_service_linkding_url: "https://{{ linkding_hostname }}{{ linkding_path_prefix }}" hubsite_service_linkding_logo_location: "{{ role_path }}/assets/linkding.png" hubsite_service_linkding_description: "Bookmark manager that is designed be to be minimal and fast." hubsite_service_linkding_priority: 1000 # /role-specific:linkding # role-specific:nextcloud # Nextcloud hubsite_service_nextcloud_enabled: "{{ nextcloud_enabled }}" hubsite_service_nextcloud_name: Nextcloud hubsite_service_nextcloud_url: "https://{{ nextcloud_hostname }}{{ nextcloud_path_prefix }}" hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png" hubsite_service_nextcloud_description: "Sync your files & much more" hubsite_service_nextcloud_priority: 1000 # /role-specific:nextcloud # role-specific:owncast # Owncast hubsite_service_owncast_enabled: "{{ owncast_enabled }}" hubsite_service_owncast_name: Owncast hubsite_service_owncast_url: "https://{{ owncast_hostname }}" hubsite_service_owncast_logo_location: "{{ role_path }}/assets/owncast.png" hubsite_service_owncast_description: "Livestream & Chat" hubsite_service_owncast_priority: 1000 # /role-specific:owncast # role-specific:peertube # Peertube hubsite_service_peertube_enabled: "{{ peertube_enabled }}" hubsite_service_peertube_name: Peertube hubsite_service_peertube_url: "https://{{ peertube_hostname }}{{ peertube_path_prefix }}" hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png" hubsite_service_peertube_description: "Watch and upload videos" hubsite_service_peertube_priority: 1000 # /role-specific:peertube # role-specific:radicale # Radicale hubsite_service_radicale_enabled: "{{ radicale_enabled }}" hubsite_service_radicale_name: Radicale hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}" hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png" hubsite_service_radicale_description: "Sync contacts and calendars" hubsite_service_radicale_priority: 1000 # /role-specific:radicale # role-specific:syncthing # Syncthing hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}" hubsite_service_syncthing_name: Syncthing hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}" hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png" hubsite_service_syncthing_description: "Sync your files" hubsite_service_syncthing_priority: 1000 # /role-specific:syncthing # role-specific:uptime_kuma # Uptime Kuma hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}" hubsite_service_uptime_kuma_name: Uptime Kuma hubsite_service_uptime_kuma_url: "https://{{ uptime_kuma_hostname }}{{ uptime_kuma_path_prefix }}" hubsite_service_uptime_kuma_logo_location: "{{ role_path }}/assets/uptime-kuma.png" hubsite_service_uptime_kuma_description: "Check the status of the services" hubsite_service_uptime_kuma_priority: 1000 # /role-specific:uptime_kuma # role-specific:vaultwarden # Vaultwarden # The vaultwarden service link is deactivated by default for security reasons, see: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#hiding-under-a-subdir hubsite_service_vaultwarden_enabled: false hubsite_service_vaultwarden_name: Vaultwarden hubsite_service_vaultwarden_url: "https://{{ vaultwarden_hostname }}{{ vaultwarden_path_prefix }}" hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.png" hubsite_service_vaultwarden_description: "Securely access your passwords" hubsite_service_vaultwarden_priority: 1000 # /role-specific:vaultwarden # role-specific:woodpecker_ci_server # Woodpecker CI hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" hubsite_service_woodpecker_ci_description: "Check you CI" hubsite_service_woodpecker_ci_priority: 1000 # /role-specific:woodpecker_ci_server # role-specific:forgejo # Forgejo hubsite_service_forgejo_enabled: "{{ forgejo_enabled }}" hubsite_service_forgejo_name: Forgejo hubsite_service_forgejo_url: "https://{{ forgejo_hostname }}{{ forgejo_path_prefix }}" hubsite_service_forgejo_logo_location: "{{ role_path }}/assets/forgejo.png" hubsite_service_forgejo_description: "Another git service" hubsite_service_forgejo_priority: 1000 # /role-specific:forgejo mash_playbook_hubsite_service_list_auto_itemized: # Dummy entry, which is not role-specific. # Ensures there's at least one entry defined in the list. - "{{ omit }}" # role-specific:adguard_home - |- {{ ({ 'name': hubsite_service_adguard_home_name, 'url': hubsite_service_adguard_home_url, 'logo_location': hubsite_service_adguard_home_logo_location, 'description': hubsite_service_adguard_home_description, 'priority': hubsite_service_adguard_home_priority, } if hubsite_service_adguard_home_enabled else omit) }} # /role-specific:adguard_home # role-specific:authentik - |- {{ ({ 'name': hubsite_service_authentik_name, 'url': hubsite_service_authentik_url, 'logo_location': hubsite_service_authentik_logo_location, 'description': hubsite_service_authentik_description, 'priority': hubsite_service_adguard_home_priority, } if hubsite_service_authentik_enabled else omit) }} # /role-specific:authentik # role-specific:appsmith - |- {{ ({ 'name': hubsite_service_appsmith_name, 'url': hubsite_service_appsmith_url, 'logo_location': hubsite_service_appsmith_logo_location, 'description': hubsite_service_appsmith_description, 'priority': hubsite_service_appsmith_priority, } if hubsite_service_appsmith_enabled else omit) }} # /role-specific:appsmith # role-specific:docker_registry_browser - |- {{ ({ 'name': hubsite_service_docker_registry_browser_name, 'url': hubsite_service_docker_registry_browser_url, 'logo_location': hubsite_service_docker_registry_browser_logo_location, 'description': hubsite_service_docker_registry_browser_description, 'priority': hubsite_service_docker_registry_browser_priority, } if hubsite_service_docker_registry_browser_enabled else omit) }} # /role-specific:docker_registry_browser # role-specific:firezone - |- {{ ({ 'name': hubsite_service_firezone_name, 'url': hubsite_service_firezone_url, 'logo_location': hubsite_service_firezone_logo_location, 'description': hubsite_service_firezone_description, 'priority': hubsite_service_firezone_priority, } if hubsite_service_firezone_enabled else omit) }} # /role-specific:firezone # role-specific:focalboard - |- {{ ({ 'name': hubsite_service_focalboard_name, 'url': hubsite_service_focalboard_url, 'logo_location': hubsite_service_focalboard_logo_location, 'description': hubsite_service_focalboard_description, 'priority': hubsite_service_focalboard_priority, } if hubsite_service_focalboard_enabled else omit) }} # /role-specific:focalboard # role-specific:freshrss - |- {{ ({ 'name': hubsite_service_freshrss_name, 'url': hubsite_service_freshrss_url, 'logo_location': hubsite_service_freshrss_logo_location, 'description': hubsite_service_freshrss_description, 'priority': hubsite_service_freshrss_priority, } if hubsite_service_freshrss_enabled else omit) }} # /role-specific:freshrss # role-specific:funkwhale - |- {{ ({ 'name': hubsite_service_funkwhale_name, 'url': hubsite_service_funkwhale_url, 'logo_location': hubsite_service_funkwhale_logo_location, 'description': hubsite_service_funkwhale_description, 'priority': hubsite_service_funkwhale_priority, } if hubsite_service_funkwhale_enabled else omit) }} # /role-specific:funkwhale # role-specific:gitea - |- {{ ({ 'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority, } if hubsite_service_gitea_enabled else omit) }} # /role-specific:gitea # role-specific:gotosocial - |- {{ ({ 'name': hubsite_service_gotosocial_name, 'url': hubsite_service_gotosocial_url, 'logo_location': hubsite_service_gotosocial_logo_location, 'description': hubsite_service_gotosocial_description, 'priority': hubsite_service_gotosocial_priority, } if hubsite_service_gotosocial_enabled else omit) }} # /role-specific:gotosocial # role-specific:grafana - |- {{ ({ 'name': hubsite_service_grafana_name, 'url': hubsite_service_grafana_url, 'logo_location': hubsite_service_grafana_logo_location, 'description': hubsite_service_grafana_description, 'priority': hubsite_service_grafana_priority, } if hubsite_service_grafana_enabled else omit) }} # /role-specific:grafana # role-specific:healthchecks - |- {{ ({ 'name': hubsite_service_healthchecks_name, 'url': hubsite_service_healthchecks_url, 'logo_location': hubsite_service_healthchecks_logo_location, 'description': hubsite_service_healthchecks_description, 'priority': hubsite_service_healthchecks_priority, } if hubsite_service_healthchecks_enabled else omit) }} # /role-specific:healthchecks # role-specific:keycloak - |- {{ ({ 'name': hubsite_service_keycloak_name, 'url': hubsite_service_keycloak_url, 'logo_location': hubsite_service_keycloak_logo_location, 'description': hubsite_service_keycloak_description, 'priority': hubsite_service_keycloak_priority, } if hubsite_service_keycloak_enabled else omit) }} # /role-specific:keycloak # role-specific:miniflux - |- {{ ({ 'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority, } if hubsite_service_miniflux_enabled else omit) }} # /role-specific:miniflux # role-specific:n8n - |- {{ ({ 'name': hubsite_service_n8n_name, 'url': hubsite_service_n8n_url, 'logo_location': hubsite_service_n8n_logo_location, 'description': hubsite_service_n8n_description, 'priority': hubsite_service_n8n_priority, } if hubsite_service_n8n_enabled else omit) }} # /role-specific:n8n # role-specific:nextcloud - |- {{ ({ 'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority, } if hubsite_service_nextcloud_enabled else omit) }} # /role-specific:nextcloud # role-specific:linkding - |- {{ ({ 'name': hubsite_service_linkding_name, 'url': hubsite_service_linkding_url, 'logo_location': hubsite_service_linkding_logo_location, 'description': hubsite_service_linkding_description, 'priority': hubsite_service_linkding_priority, } if hubsite_service_linkding_enabled else omit) }} # /role-specific:linkding # role-specific:owncast - |- {{ ({ 'name': hubsite_service_owncast_name, 'url': hubsite_service_owncast_url, 'logo_location': hubsite_service_owncast_logo_location, 'description': hubsite_service_owncast_description, 'priority': hubsite_service_owncast_priority, } if hubsite_service_owncast_enabled else omit) }} # /role-specific:owncast # role-specific:peertube - |- {{ ({ 'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority, } if hubsite_service_peertube_enabled else omit) }} # /role-specific:peertube # role-specific:radicale - |- {{ ({ 'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority, } if hubsite_service_radicale_enabled else omit) }} # /role-specific:radicale # role-specific:uptime_kuma - |- {{ ({ 'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority, } if hubsite_service_uptime_kuma_enabled else omit) }} # /role-specific:uptime_kuma # role-specific:syncthing - |- {{ ({ 'name': hubsite_service_syncthing_name, 'url': hubsite_service_syncthing_url, 'logo_location': hubsite_service_syncthing_logo_location, 'description': hubsite_service_syncthing_description, 'priority': hubsite_service_syncthing_priority } if hubsite_service_syncthing_enabled else omit) }} # /role-specific:syncthing # role-specific:vaultwarden - |- {{ ({ 'name': hubsite_service_vaultwarden_name, 'url': hubsite_service_vaultwarden_url, 'logo_location': hubsite_service_vaultwarden_logo_location, 'description': hubsite_service_vaultwarden_description, 'priority': hubsite_service_vaultwarden_priority } if hubsite_service_vaultwarden_enabled else omit) }} # /role-specific:vaultwarden # role-specific:woodpecker_ci_server - |- {{ ({ 'name': hubsite_service_woodpecker_ci_name, 'url': hubsite_service_woodpecker_ci_url, 'logo_location': hubsite_service_woodpecker_ci_logo_location, 'description': hubsite_service_woodpecker_ci_description, 'priority': hubsite_service_woodpecker_ci_priority } if hubsite_service_woodpecker_ci_enabled else omit) }} # /role-specific:woodpecker_ci_server hubsite_service_list_auto: "{{ mash_playbook_hubsite_service_list_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # # /hubsite # # # ######################################################################## # /role-specific:hubsite # role-specific:ilmo ######################################################################## # # # ilmo # # # ######################################################################## ilmo_enabled: false ilmo_identifier: "{{ mash_playbook_service_identifier_prefix }}ilmo" ilmo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}ilmo" ilmo_uid: "{{ mash_playbook_uid }}" ilmo_gid: "{{ mash_playbook_gid }}" ilmo_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.ilmo', rounds=655555) | to_uuid }}" ilmo_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" ilmo_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" ilmo_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.ilmo', rounds=655555) | to_uuid }}" ilmo_database_username: "ilmo" ilmo_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier else []) }} ilmo_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier and ilmo_container_network != devture_postgres_container_network else []) }} ilmo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" ilmo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" ilmo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" ilmo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /ilmo # # # ######################################################################## # /role-specific:ilmo # role-specific:infisical ######################################################################## # # # infisical # # # ######################################################################## infisical_enabled: false infisical_identifier: "{{ mash_playbook_service_identifier_prefix }}infisical" infisical_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}infisical" infisical_uid: "{{ mash_playbook_uid }}" infisical_gid: "{{ mash_playbook_gid }}" infisical_backend_systemd_required_services_list: | {{ (['docker.service']) + ([mongodb_identifier ~ '.service'] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier else []) }} infisical_backend_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([mongodb_container_network] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier and infisical_backend_container_network != mongodb_container_network else []) }} infisical_backend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" infisical_backend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" infisical_backend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" infisical_backend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # Intentionally not auto-generating infisical_backend_environment_variable_encryption_key here. # We prefer it to be explicit as it seems important that it remains stable. infisical_backend_environment_variable_jwt_signup_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.signup', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" infisical_backend_environment_variable_jwt_refresh_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.r', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" infisical_backend_environment_variable_jwt_auth_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.a', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" infisical_backend_environment_variable_jwt_service_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.svc', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}" infisical_frontend_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} infisical_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" infisical_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" infisical_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" infisical_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" infisical_mongodb_hostname: "{{ mongodb_identifier if mongodb_enabled else '' }}" infisical_mongodb_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'infisical.db', rounds=655555) | to_uuid }}" infisical_mongodb_auth_source: "{{ infisical_mongodb_db_name }}" ######################################################################## # # # /infisical # # # ######################################################################## # /role-specific:infisical # role-specific:influxdb ######################################################################## # # # influxdb # # # ######################################################################## influxdb_enabled: false influxdb_identifier: "{{ mash_playbook_service_identifier_prefix }}influxdb" influxdb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}influxdb" influxdb_uid: "{{ mash_playbook_uid }}" influxdb_gid: "{{ mash_playbook_gid }}" influxdb_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if (influxdb_container_labels_traefik_enabled and mash_playbook_reverse_proxyable_services_additional_network) else []) }} influxdb_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" influxdb_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" influxdb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" influxdb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /influxdb # # # ######################################################################## # /role-specific:influxdb # role-specific:jitsi ######################################################################## # # # jitsi # # # ######################################################################## jitsi_enabled: false jitsi_architecture: "{{ mash_playbook_architecture }}" jitsi_identifier: "{{ mash_playbook_service_identifier_prefix }}jitsi" jitsi_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}jitsi" jitsi_uid: "{{ mash_playbook_uid }}" jitsi_gid: "{{ mash_playbook_gid }}" jitsi_user_username: "{{ mash_playbook_user_username }}" jitsi_web_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} jitsi_prosody_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} jitsi_jvb_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} jitsi_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" jitsi_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" jitsi_jibri_xmpp_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}" jitsi_jicofo_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}" jitsi_jvb_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}" ######################################################################## # # # /jitsi # # # ######################################################################## # /role-specific:jitsi # role-specific:keycloak ######################################################################## # # # keycloak # # # ######################################################################## keycloak_enabled: false keycloak_identifier: "{{ mash_playbook_service_identifier_prefix }}keycloak" keycloak_uid: "{{ mash_playbook_uid }}" keycloak_gid: "{{ mash_playbook_gid }}" keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keycloak" keycloak_systemd_required_systemd_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else []) }} keycloak_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else []) }} keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}" ######################################################################## # # # /keycloak # # # ######################################################################## # /role-specific:keycloak # role-specific:lago ######################################################################## # # # lago # # # ######################################################################## lago_enabled: false lago_architecture: "{{ mash_playbook_architecture }}" lago_identifier: "{{ mash_playbook_service_identifier_prefix }}lago" lago_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}lago" lago_uid: "{{ mash_playbook_uid }}" lago_gid: "{{ mash_playbook_gid }}" lago_api_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and lago_database_hostname == devture_postgres_identifier and lago_api_container_network != devture_postgres_container_network else []) }} lago_front_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} lago_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" lago_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" lago_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" lago_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" lago_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" lago_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" lago_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.db', rounds=655555) | to_uuid }}" lago_api_environment_variable_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.sec.key', rounds=655555) | to_uuid }}" lago_api_environment_variable_encryption_primary_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.enc.primary', rounds=655555) | to_uuid }}" lago_api_environment_variable_encryption_deterministic_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deter.key', rounds=655555) | to_uuid }}" lago_api_environment_variable_encryption_key_derivation_salt: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deriv.salt', rounds=655555) | to_uuid }}" ######################################################################## # # # /lago # # # ######################################################################## # /role-specific:lago # role-specific:linkding ######################################################################## # # # linkding # # # ######################################################################## linkding_enabled: false linkding_identifier: "{{ mash_playbook_service_identifier_prefix }}linkding" linkding_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}linkding" linkding_uid: "{{ mash_playbook_uid }}" linkding_gid: "{{ mash_playbook_gid }}" linkding_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier else []) }} linkding_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier and linkding_container_network != devture_postgres_container_network else []) }} linkding_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" linkding_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" linkding_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" linkding_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" linkding_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" linkding_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'linkding.db', rounds=655555) | to_uuid }}" linkding_database_engine: "{{ 'postgres' if devture_postgres_enabled and linkding_database_hostname == devture_postgres_connection_hostname else 'sqlite' }}" ######################################################################## # # # /linkding # # # ######################################################################## # /role-specific:linkding # role-specific:miniflux ######################################################################## # # # miniflux # # # ######################################################################## miniflux_enabled: false miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux" miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux" miniflux_uid: "{{ mash_playbook_uid }}" miniflux_gid: "{{ mash_playbook_gid }}" miniflux_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else []) }} miniflux_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else []) }} miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}" ######################################################################## # # # /miniflux # # # ######################################################################## # /role-specific:miniflux # role-specific:mobilizon ######################################################################## # # # mobilizon # # # ######################################################################## mobilizon_enabled: false mobilizon_identifier: "{{ mash_playbook_service_identifier_prefix }}mobilizon" mobilizon_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mobilizon" mobilizon_uid: "{{ mash_playbook_uid }}" mobilizon_gid: "{{ mash_playbook_gid }}" mobilizon_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'sk.mobilizon', rounds=655555) | to_uuid }}" mobilizon_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'skb.mobilizon', rounds=655555) | to_uuid }}" mobilizon_database_hostname: "{{ postgis_identifier if postgis_enabled else '' }}" mobilizon_database_name: "mobilizon" mobilizon_database_port: "{{ '5432' if postgis_enabled else '' }}" mobilizon_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.mobilizon', rounds=655555) | to_uuid }}" mobilizon_database_username: "mobilizon" mobilizon_systemd_required_services_list: | {{ (['docker.service']) + ([postgis_identifier ~ '.service'] if postgis_enabled and mobilizon_database_hostname == postgis_identifier else []) }} mobilizon_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([postgis_container_network] if postgis_enabled and mobilizon_database_hostname == postgis_identifier and mobilizon_container_network != postgis_container_network else []) }} mobilizon_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" mobilizon_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" mobilizon_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" mobilizon_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /mobilizon # # # ######################################################################## # /role-specific:mobilizon # role-specific:mongodb ######################################################################## # # # mongodb # # # ######################################################################## mongodb_enabled: false mongodb_identifier: "{{ mash_playbook_service_identifier_prefix }}mongodb" mongodb_uid: "{{ mash_playbook_uid }}" mongodb_gid: "{{ mash_playbook_gid }}" mongodb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mongodb" mongodb_managed_databases_auto: | {{ ([{ 'name': infisical_mongodb_db_name, 'username': infisical_mongodb_username, 'password': infisical_mongodb_password, }] if infisical_enabled and infisical_mongodb_hostname == mongodb_identifier else []) }} ######################################################################## # # # /mongodb # # # ######################################################################## # /role-specific:mongodb # role-specific:mosquitto ######################################################################## # # # mosquitto # # # ######################################################################## mosquitto_enabled: false mosquitto_identifier: "{{ mash_playbook_service_identifier_prefix }}mosquitto" mosquitto_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mosquitto" mosquitto_uid: "{{ mash_playbook_uid }}" mosquitto_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /mosquitto # # # ######################################################################## # /role-specific:mosquitto # role-specific:mrs ######################################################################## # # # mrs # # # ######################################################################## mrs_enabled: false mrs_identifier: "{{ mash_playbook_service_identifier_prefix }}mrs" mrs_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mrs" mrs_uid: "{{ mash_playbook_uid }}" mrs_gid: "{{ mash_playbook_gid }}" mrs_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} mrs_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" mrs_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" mrs_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" mrs_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /mrs # # # ######################################################################## # /role-specific:mrs # role-specific:n8n ######################################################################## # # # n8n # # # ######################################################################## n8n_enabled: false n8n_identifier: "{{ mash_playbook_service_identifier_prefix }}n8n" n8n_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}n8n" # Please see the note attached to this comment on why we can't use mash's playbook uid and gid # https://github.com/kinduff/ansible-docker-n8n/blob/v1.4.2/defaults/main.yml n8n_uid: "1000" n8n_gid: "1000" n8n_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier else []) }} n8n_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier and n8n_container_network != devture_postgres_container_network else []) }} n8n_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" n8n_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" n8n_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" n8n_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" n8n_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" n8n_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'n8n.db', rounds=655555) | to_uuid }}" ######################################################################## # # # /n8n # # # ######################################################################## # /role-specific:n8n # role-specific:navidrome ######################################################################## # # # navidrome # # # ######################################################################## navidrome_enabled: false navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome" navidrome_uid: "{{ mash_playbook_uid }}" navidrome_gid: "{{ mash_playbook_gid }}" navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome" navidrome_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /navidrome # # # ######################################################################## # /role-specific:navidrome # role-specific:nextcloud ######################################################################## # # # nextcloud # # # ######################################################################## nextcloud_enabled: false nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud" nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud" nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_gid: "{{ mash_playbook_gid }}" nextcloud_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} nextcloud_systemd_wanted_services_list_auto: | {{ ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and nextcloud_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay')) else []) }} nextcloud_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and nextcloud_config_parameter_mail_smtphost == exim_relay_identifier | default('mash-exim-relay') and nextcloud_container_network != exim_relay_container_network) else []) ) | unique }} nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" nextcloud_database_username: "nextcloud" nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}" # role-specific:exim_relay nextcloud_config_parameter_mail_smtphost: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" nextcloud_config_parameter_mail_smtpport: "{{ 8025 if exim_relay_enabled else '' }}" nextcloud_config_parameter_mail_smtpsecure: '' nextcloud_config_parameter_mail_smtpauth: false nextcloud_config_parameter_mail_from_address: "{{ (exim_relay_sender_address | split('@'))[0] if exim_relay_enabled else '' }}" nextcloud_config_parameter_mail_domain: "{{ (exim_relay_sender_address | split('@'))[1] if exim_relay_enabled else '' }}" # /role-specific:exim_relay ######################################################################## # # # /nextcloud # # # ######################################################################## # /role-specific:nextcloud # role-specific:netbox ######################################################################## # # # netbox # # # ######################################################################## netbox_enabled: false netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox" netbox_uid: "{{ mash_playbook_uid }}" netbox_gid: "{{ mash_playbook_gid }}" netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox" netbox_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier else []) }} netbox_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else []) ) | unique }} netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}" ######################################################################## # # # /netbox # # # ######################################################################## # /role-specific:netbox # role-specific:mariadb ######################################################################## # # # mariadb # # # ######################################################################## mariadb_enabled: false mariadb_identifier: "{{ mash_playbook_service_identifier_prefix }}mariadb" mariadb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mariadb" mariadb_uid: "{{ mash_playbook_uid }}" mariadb_gid: "{{ mash_playbook_gid }}" mash_playbook_mariadb_managed_databases_auto_itemized: # Dummy entry, which is not role-specific. # Ensures there's at least one entry defined in the list. - "{{ omit }}" # role-specific:authelia - |- {{ ({ 'name': authelia_config_storage_mysql_database, 'username': authelia_config_storage_mysql_username, 'password': authelia_config_storage_mysql_password, } if authelia_enabled and authelia_config_storage_mysql_host == mariadb_identifier else omit) }} # /role-specific:authelia mariadb_managed_databases_auto: "{{ mash_playbook_mariadb_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # # /mariadb # # # ######################################################################## # /role-specific:mariadb # role-specific:outline ######################################################################## # # # outline # # # ######################################################################## outline_enabled: false outline_identifier: "{{ mash_playbook_service_identifier_prefix }}outline" outline_uid: "{{ mash_playbook_uid }}" outline_gid: "{{ mash_playbook_gid }}" outline_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}outline" outline_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else []) }} outline_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier and outline_container_network != devture_postgres_container_network else []) }} outline_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" outline_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" outline_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" outline_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" outline_environment_variable_utils_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'utils.out', rounds=655555) | to_uuid }}" outline_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" outline_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" outline_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.out', rounds=655555) | to_uuid }}" outline_database_sslmode: "{{ 'disable' if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else 'prefer' }}" ######################################################################## # # # /outline # # # ######################################################################## # /role-specific:outline # role-specific:owncast ######################################################################## # # # owncast # # # ######################################################################## owncast_enabled: false owncast_identifier: "{{ mash_playbook_service_identifier_prefix }}owncast" owncast_uid: "{{ mash_playbook_uid }}" owncast_gid: "{{ mash_playbook_gid }}" owncast_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}owncast" owncast_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /owncast # # # ######################################################################## # /role-specific:owncast # role-specific:oxitraffic ######################################################################## # # # oxitraffic # # # ######################################################################## oxitraffic_enabled: false oxitraffic_identifier: "{{ mash_playbook_service_identifier_prefix }}oxitraffic" oxitraffic_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}oxitraffic" oxitraffic_uid: "{{ mash_playbook_uid }}" oxitraffic_gid: "{{ mash_playbook_gid }}" oxitraffic_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" oxitraffic_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" oxitraffic_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.oxitraffic', rounds=655555) | to_uuid }}" oxitraffic_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier else []) }} oxitraffic_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier and oxitraffic_container_network != devture_postgres_container_network else []) }} oxitraffic_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" oxitraffic_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" oxitraffic_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" oxitraffic_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /oxitraffic # # # ######################################################################## # /role-specific:oxitraffic # role-specific:peertube ######################################################################## # # # peertube # # # ######################################################################## peertube_enabled: false peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube" peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube" peertube_uid: "{{ mash_playbook_uid }}" peertube_gid: "{{ mash_playbook_gid }}" peertube_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else []) ) | unique }} peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" peertube_config_database_username: peertube peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}" peertube_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else []) }} ######################################################################## # # # /peertube # # # ######################################################################## # /role-specific:peertube # role-specific:postgis ######################################################################## # # # postgis # # # ######################################################################## postgis_enabled: false postgis_identifier: "{{ mash_playbook_service_identifier_prefix }}postgis" postgis_architecture: "{{ mash_playbook_architecture }}" postgis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgis" postgis_uid: "{{ mash_playbook_uid }}" postgis_gid: "{{ mash_playbook_gid }}" postgis_systemd_services_to_stop_for_maintenance_list: | {{ ([(mobilizon_identifier + '.service')] if mobilizon_enabled else []) }} postgis_managed_databases_auto: | {{ ([{ 'name': mobilizon_database_name, 'username': mobilizon_database_username, 'password': mobilizon_database_password, }] if mobilizon_enabled and mobilizon_database_type == 'postgis' and mobilizon_database_hostname == postgis_identifier else []) }} ######################################################################## # # # /postgis # # # ######################################################################## # /role-specific:postgis # role-specific:prometheus_postgres_exporter ######################################################################## # # # prometheus_postgres_exporter # # # ######################################################################## prometheus_postgres_exporter_enabled: false prometheus_postgres_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-postgres-exporter" prometheus_postgres_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" prometheus_postgres_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_postgres_exporter_identifier }}" prometheus_postgres_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-postgres-exporter" prometheus_postgres_exporter_uid: "{{ mash_playbook_uid }}" prometheus_postgres_exporter_gid: "{{ mash_playbook_gid }}" prometheus_postgres_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_identifier and prometheus_postgres_exporter_container_network != devture_postgres_container_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_postgres_exporter_hostname | length > 0 }}" prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_postgres_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" prometheus_postgres_exporter_database_username: prometheus_postgres_exporter prometheus_postgres_exporter_database_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" prometheus_postgres_exporter_database_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" prometheus_postgres_exporter_database_ssl: false prometheus_postgres_exporter_systemd_required_services_list: | {{ ['docker.service'] + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) }} ######################################################################## # # # /prometheus_postgres_exporter # # # ######################################################################## # /role-specific:prometheus_postgres_exporter # role-specific:prometheus ######################################################################## # # # prometheus # # # ######################################################################## prometheus_enabled: false prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus" prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus" prometheus_uid: "{{ mash_playbook_uid }}" prometheus_gid: "{{ mash_playbook_gid }}" # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_hostname | length > 0 }}" prometheus_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} ######################################################################## # # # /prometheus # # # ######################################################################## # /role-specific:prometheus # role-specific:prometheus_blackbox_exporter ######################################################################## # # # prometheus_blackbox_exporter # # # ######################################################################## prometheus_blackbox_exporter_enabled: false prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter" prometheus_blackbox_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" prometheus_blackbox_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_blackbox_exporter_identifier }}" prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter" prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}" prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}" prometheus_blackbox_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}" prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_blackbox_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" ######################################################################## # # # /prometheus_blackbox_exporter # # # ######################################################################## # /role-specific:prometheus_blackbox_exporter # role-specific:prometheus_ssh_exporter ######################################################################## # # # prometheus_ssh_exporter # # # ######################################################################## prometheus_ssh_exporter_enabled: false prometheus_ssh_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-ssh-exporter" prometheus_ssh_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" prometheus_ssh_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_ssh_exporter_identifier }}" prometheus_ssh_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-ssh-exporter" prometheus_ssh_exporter_uid: "{{ mash_playbook_uid }}" prometheus_ssh_exporter_gid: "{{ mash_playbook_gid }}" prometheus_ssh_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_ssh_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_ssh_exporter_hostname }}" prometheus_ssh_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_ssh_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_ssh_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_ssh_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" ######################################################################## # # # /prometheus_ssh_exporter # # # ######################################################################## # /role-specific:prometheus_ssh_exporter # role-specific:prometheus_node_exporter ######################################################################## # # # prometheus_node_exporter # # # ######################################################################## prometheus_node_exporter_enabled: false prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter" prometheus_node_exporter_hostname: "{{ mash_playbook_metrics_exposure_hostname }}" prometheus_node_exporter_path_prefix: "{{ mash_playbook_metrics_exposure_path_prefix }}/{{ prometheus_node_exporter_identifier }}" prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter" prometheus_node_exporter_uid: "{{ mash_playbook_uid }}" prometheus_node_exporter_gid: "{{ mash_playbook_gid }}" prometheus_node_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}" prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_enabled: "{{ mash_playbook_metrics_exposure_http_basic_auth_enabled }}" prometheus_node_exporter_container_labels_metrics_middleware_basic_auth_users: "{{ mash_playbook_metrics_exposure_http_basic_auth_users }}" prometheus_node_exporter_process_extra_arguments: - "--collector.disable-defaults" - "--collector.cpu" - "--collector.filesystem" - "--collector.meminfo" - "--collector.systemd" - "--collector.uname" prometheus_node_exporter_container_extra_arguments: - "--security-opt apparmor=unconfined" - "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave" ######################################################################## # # # /prometheus_node_exporter # # # ######################################################################## # /role-specific:prometheus_node_exporter # role-specific:radicale ######################################################################## # # # radicale # # # ######################################################################## radicale_enabled: false radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale" radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale" radicale_uid: "{{ mash_playbook_uid }}" radicale_gid: "{{ mash_playbook_gid }}" radicale_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /radicale # # # ######################################################################## # /role-specific:radicale # role-specific:redmine ######################################################################## # # # redmine # # # ######################################################################## redmine_enabled: false redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine" redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine" redmine_uid: "{{ mash_playbook_uid }}" redmine_gid: "{{ mash_playbook_gid }}" redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}" redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}" redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}" redmine_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else []) }} redmine_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else []) }} redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}" redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" redmine_database_username: "redmine" redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}" ######################################################################## # # # /redmine # # # ######################################################################## # /role-specific:redmine # role-specific:redis ######################################################################## # # # redis # # # ######################################################################## redis_enabled: false redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis" redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis" redis_uid: "{{ mash_playbook_uid }}" redis_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /redis # # # ######################################################################## # /role-specific:redis # role-specific:roundcube ######################################################################## # # # roundcube # # # ######################################################################## roundcube_enabled: false roundcube_identifier: "{{ mash_playbook_service_identifier_prefix }}roundcube" roundcube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}roundcube" roundcube_uid: "0" roundcube_gid: "0" roundcube_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite' }}" roundcube_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" roundcube_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" roundcube_database_name: "{{ 'roundcube' if devture_postgres_enabled else '' }}" roundcube_database_username: "{{ 'roundcube' if devture_postgres_enabled else '' }}" roundcube_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.roundcube', rounds=655555) | to_uuid }}" roundcube_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier else []) }} roundcube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" roundcube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" roundcube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" roundcube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" roundcube_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier and roundcube_container_network != devture_postgres_container_network else []) }} ######################################################################## # # # /roundcube # # # ######################################################################## # /role-specific:roundcube # role-specific:rumqttd ######################################################################## # # # rumqttd # # # ######################################################################## rumqttd_enabled: false rumqttd_identifier: "{{ mash_playbook_service_identifier_prefix }}rumqttd" rumqttd_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}rumqttd" rumqttd_uid: "{{ mash_playbook_uid }}" rumqttd_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /rumqttd # # # ######################################################################## # /role-specific:rumqttd # role-specific:semaphore ######################################################################## # # # semaphore # # # ######################################################################## semaphore_enabled: false semaphore_identifier: "{{ mash_playbook_service_identifier_prefix }}semaphore" semaphore_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}semaphore" semaphore_uid: "{{ mash_playbook_uid }}" semaphore_gid: "{{ mash_playbook_gid }}" semaphore_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" semaphore_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" semaphore_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.semaphore', rounds=655555) | to_uuid }}" semaphore_database_username: "{{ semaphore_identifier }}" semaphore_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier else []) }} semaphore_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and semaphore_database_host == devture_postgres_identifier and semaphore_container_network != devture_postgres_container_network else []) }} semaphore_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" semaphore_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" semaphore_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" semaphore_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /semaphore # # # ######################################################################## # /role-specific:semaphore # role-specific:soft_serve ######################################################################## # # # soft-serve # # # ######################################################################## soft_serve_enabled: false soft_serve_identifier: "{{ mash_playbook_service_identifier_prefix }}soft-serve" soft_serve_uid: "{{ mash_playbook_uid }}" soft_serve_gid: "{{ mash_playbook_gid }}" soft_serve_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}soft-serve" ######################################################################## # # # /soft-serve # # # ######################################################################## # /role-specific:soft_serve # role-specific:syncthing ######################################################################## # # # syncthing # # # ######################################################################## syncthing_enabled: false syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing" syncthing_uid: "{{ mash_playbook_uid }}" syncthing_gid: "{{ mash_playbook_gid }}" syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing" syncthing_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /syncthing # # # ######################################################################## # /role-specific:syncthing # role-specific:telegraf ######################################################################## # # # telegraf # # # ######################################################################## telegraf_enabled: false telegraf_identifier: "{{ mash_playbook_service_identifier_prefix }}telegraf" telegraf_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}telegraf" telegraf_uid: "{{ mash_playbook_uid }}" telegraf_gid: "{{ mash_playbook_gid }}" telegraf_systemd_required_services_list: | {{ (['docker.service']) + ([(influxdb_identifier + '.service')] if influxdb_enabled else []) }} ######################################################################## # # # /telegraf # # # ######################################################################## # /role-specific:telegraf # role-specific:vaultwarden ######################################################################## # # # vaultwarden # # # ######################################################################## vaultwarden_enabled: false vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden" vaultwarden_uid: "{{ mash_playbook_uid }}" vaultwarden_gid: "{{ mash_playbook_gid }}" vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden" vaultwarden_systemd_required_systemd_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else []) }} vaultwarden_systemd_wanted_systemd_services_list_auto: | {{ ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and vaultwarden_config_smtp_host == exim_relay_identifier | default('mash-exim-relay')) else []) }} vaultwarden_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else []) + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and vaultwarden_config_smtp_host == exim_relay_identifier | default('mash-exim-relay') and vaultwarden_container_network != exim_relay_container_network) else []) }} vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" vaultwarden_database_username: "vaultwarden" vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}" # role-specific:exim_relay vaultwarden_config_smtp_from: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" vaultwarden_config_smtp_host: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" vaultwarden_config_smtp_port: "{{ 8025 if exim_relay_enabled else '587' }}" vaultwarden_config_smtp_security: "{{ 'off' if exim_relay_enabled else 'starttls' }}" # /role-specific:exim_relay ######################################################################## # # # /vaultwarden # # # ######################################################################## # /role-specific:vaultwarden # role-specific:uptime_kuma ######################################################################## # # # uptime_kuma # # # ######################################################################## uptime_kuma_enabled: false uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma" uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma" uptime_kuma_uid: "{{ mash_playbook_uid }}" uptime_kuma_gid: "{{ mash_playbook_gid }}" uptime_kuma_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /uptime_kuma # # # ######################################################################## # /role-specific:uptime_kuma # role-specific:wg_easy ######################################################################## # # # wg-easy # # # ######################################################################## wg_easy_enabled: false wg_easy_identifier: "{{ mash_playbook_service_identifier_prefix }}wg-easy" wg_easy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}wg-easy" wg_easy_uid: "{{ mash_playbook_uid }}" wg_easy_gid: "{{ mash_playbook_gid }}" wg_easy_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} wg_easy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" wg_easy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" wg_easy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" wg_easy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /wg-easy # # # ######################################################################## # /role-specific:wg_easy # role-specific:forgejo ######################################################################## # # # forgejo # # # ######################################################################## forgejo_enabled: false forgejo_identifier: "{{ mash_playbook_service_identifier_prefix }}forgejo" forgejo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}forgejo" forgejo_uid: "{{ mash_playbook_uid }}" forgejo_gid: "{{ mash_playbook_gid }}" forgejo_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier else []) }} forgejo_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier and forgejo_container_network != devture_postgres_container_network else []) }} forgejo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" forgejo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" forgejo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" forgejo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" forgejo_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" forgejo_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" forgejo_config_database_username: "forgejo" forgejo_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.forgejo', rounds=655555) | to_uuid }}" ######################################################################## # # # /forgejo # # # ######################################################################## # /role-specific:forgejo # role-specific:woodpecker_ci_server ######################################################################## # # # woodpecker-ci-server # # # ######################################################################## devture_woodpecker_ci_server_enabled: false devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server" devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server" devture_woodpecker_ci_server_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else []) }} devture_woodpecker_ci_server_container_additional_networks: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else []) ) | unique }} devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" devture_woodpecker_ci_server_database_driver: postgres devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable" devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}" devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}" devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server ######################################################################## # # # /woodpecker-ci-server # # # ######################################################################## # /role-specific:woodpecker_ci_server # role-specific:woodpecker_ci_agent ######################################################################## # # # woodpecker-ci-agent # # # ######################################################################## devture_woodpecker_ci_agent_enabled: false devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent" devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent" devture_woodpecker_ci_agent_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else []) }} devture_woodpecker_ci_agent_container_additional_networks: | {{ ( ([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else []) ) | unique }} devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}" devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}" ######################################################################## # # # /woodpecker-ci-agent # # # ######################################################################## # /role-specific:woodpecker_ci_agent