---
########################################################################
# #
# aux #
# #
########################################################################
aux_directory_default_owner: "{{ mash_playbook_user_username }}"
aux_directory_default_group: "{{ mash_playbook_user_groupname }}"
aux_file_default_owner: "{{ mash_playbook_user_username }}"
aux_file_default_group: "{{ mash_playbook_user_groupname }}"
########################################################################
# #
# /aux #
# #
########################################################################
########################################################################
# #
# authelia #
# #
########################################################################
authelia_enabled: false
authelia_identifier: "{{ mash_playbook_service_identifier_prefix }}authelia"
authelia_uid: "{{ mash_playbook_uid }}"
authelia_gid: "{{ mash_playbook_gid }}"
authelia_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authelia"
authelia_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else [])
}}
authelia_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier and authelia_container_network != devture_postgres_container_network else [])
}}
authelia_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
authelia_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
authelia_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
authelia_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
authelia_config_jwt_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jwt.authelia', rounds=655555) | to_uuid }}"
authelia_config_session_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'ses.authelia', rounds=655555) | to_uuid }}"
authelia_config_identity_providers_oidc_hmac_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'hm.authelia', rounds=655555) | to_uuid }}"
authelia_config_storage_postgres_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authelia_config_storage_postgres_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
# If Postgres and MariaDB are bot enabled, we favor Postgres.
# We only enable MySQL if it's the only enabled component (that is, if Postgres is not enabled at the same time).
authelia_config_storage_mysql_host: "{{ mariadb_identifier if mariadb_enabled and not devture_postgres_enabled else '' }}"
authelia_config_storage_mysql_port: "{{ '3306' if mariadb_enabled else '' }}"
authelia_config_storage_mysql_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authelia', rounds=655555) | to_uuid }}"
########################################################################
# #
# /authelia #
# #
########################################################################
########################################################################
# #
# system/security #
# #
########################################################################
system_security_ssh_enabled: false
system_security_fail2ban_enabled: false
########################################################################
# #
# /system/security #
# #
########################################################################
########################################################################
# #
# system/swap #
# #
########################################################################
system_swap_enabled: false
########################################################################
# #
# /system/swap #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
devture_systemd_service_manager_services_list_auto: |
{{
([{'name': (backup_borg_identifier + '.timer'), 'priority': 5000, 'groups': ['mash', 'backup', 'borg']}] if backup_borg_enabled else [])
+
([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else [])
+
([{'name': (appsmith_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'appsmith']}] if appsmith_enabled else [])
+
([{'name': (authentik_server_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']}] if authentik_enabled else [])
+
([{'name': (authentik_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']}] if authentik_enabled else [])
+
([{'name': (authelia_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authelia']}] if authelia_enabled else [])
+
([{'name': (changedetection_identifier + '.service'), 'priority': 2100, 'groups': ['mash', 'changedetection']}] if changedetection_enabled else [])
+
([{'name': (changedetection_playwright_driver_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'changedetection']}] if changedetection_playwright_driver_enabled else [])
+
([{'name': (clickhouse_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'clickhouse']}] if clickhouse_enabled else [])
+
([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else [])
+
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else [])
+
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
+
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
+
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['mash', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
+
([{'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']}] if devture_woodpecker_ci_server_enabled else [])
+
([{'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']}] if devture_woodpecker_ci_agent_enabled else [])
+
([{'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']}] if docker_registry_enabled else [])
+
([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']}] if docker_registry_enabled else [])
+
([{'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']}] if docker_registry_browser_enabled else [])
+
([{'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']}] if docker_registry_purger_enabled else [])
+
([{'name': (echoip_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'echoip']}] if echoip_enabled else [])
+
([{'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']}] if firezone_enabled else [])
+
([{'name': (focalboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'focalboard']}] if focalboard_enabled else [])
+
([{'name': (freshrss_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'freshrss']}] if freshrss_enabled else [])
+
([{'name': (funkwhale_api_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']}] if funkwhale_enabled else [])
+
([{'name': (funkwhale_frontend_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']}] if funkwhale_enabled else [])
+
([{'name': (funkwhale_celery_beat_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']}] if funkwhale_enabled else [])
+
([{'name': (funkwhale_celery_worker_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'funkwhale']}] if funkwhale_enabled else [])
+
([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else [])
+
([{'name': (gotosocial_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gotosocial']}] if gotosocial_enabled else [])
+
([{'name': (ilmo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'ilmo']}] if ilmo_enabled else [])
+
([{'name': (mobilizon_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mobilizon']}] if mobilizon_enabled else [])
+
([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else [])
+
([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else [])
+
([{'name': (healthchecks_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'healthchecks']}] if healthchecks_enabled else [])
+
([{'name': (infisical_identifier + '-backend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-backend']}] if infisical_enabled else [])
+
([{'name': (infisical_identifier + '-frontend.service'), 'priority': 2000, 'groups': ['mash', 'infisical', 'infisical-frontend']}] if infisical_enabled else [])
+
([{'name': (influxdb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'influxdb']}] if influxdb_enabled else [])
+
([{'name': (jitsi_identifier + '-web.service'), 'priority': 4200, 'groups': ['mash', 'jitsi', 'jitsi-web']}] if jitsi_enabled else [])
+
([{'name': (jitsi_identifier + '-prosody.service'), 'priority': 4000, 'groups': ['mash', 'jitsi', 'jitsi-prosody']}] if jitsi_enabled else [])
+
([{'name': (jitsi_identifier + '-jicofo.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jicofo']}] if jitsi_enabled else [])
+
([{'name': (jitsi_identifier + '-jvb.service'), 'priority': 4100, 'groups': ['mash', 'jitsi', 'jitsi-jvb']}] if jitsi_enabled else [])
+
([{'name': (keycloak_identifier + '.service'), 'priority': 1000, 'groups': ['mash', 'keycloak']}] if keycloak_enabled else [])
+
([{'name': (lago_identifier + '-api.service'), 'priority': 2000, 'groups': ['mash', 'lago', 'lago-api']}] if lago_enabled else [])
+
([{'name': (lago_identifier + '-api-worker.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-worker']}] if lago_enabled else [])
+
([{'name': (lago_identifier + '-api-clock.service'), 'priority': 2500, 'groups': ['mash', 'lago', 'lago-api-clock']}] if lago_enabled else [])
+
([{'name': (lago_identifier + '-front.service'), 'priority': 2200, 'groups': ['mash', 'lago', 'lago-front']}] if lago_enabled else [])
+
([{'name': (lago_identifier + '-pdf.service'), 'priority': 1900, 'groups': ['mash', 'lago', 'lago-pdf']}] if lago_enabled else [])
+
([{'name': (linkding_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'linkding']}] if linkding_enabled else [])
+
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
+
([{'name': (mongodb_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mongodb']}] if mongodb_enabled else [])
+
([{'name': (mosquitto_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mosquitto']}] if mosquitto_enabled else [])
+
([{'name': (mrs_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'mrs']}] if mrs_enabled else [])
+
([{'name': (n8n_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'n8n']}] if n8n_enabled else [])
+
([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else [])
+
([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else [])
+
([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else [])
+
([{'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']}] if netbox_enabled else [])
+
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
+
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
+
([{'name': (mariadb_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'mariadb']}] if mariadb_enabled else [])
+
([{'name': (outline_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'outline']}] if outline_enabled else [])
+
([{'name': (owncast_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'owncast']}] if owncast_enabled else [])
+
([{'name': (oxitraffic_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'oxitraffic']}] if oxitraffic_enabled else [])
+
([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else [])
+
([{'name': (postgis_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'postgis']}] if postgis_enabled else [])
+
([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else [])
+
([{'name': (prometheus_blackbox_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-blackbox-exporter']}] if prometheus_blackbox_exporter_enabled else [])
+
([{'name': (prometheus_ssh_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-ssh-exporter']}] if prometheus_ssh_exporter_enabled else [])
+
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
+
([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-postgres-exporter']}] if prometheus_postgres_exporter_enabled else [])
+
([{'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']}] if radicale_enabled else [])
+
([{'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled else [])
+
([{'name': (redmine_identifier + '-send-reminders.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled else [])
+
([{'name': (redmine_identifier + '-recurring-tasks.timer'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled and redmine_recurring_tasks_enabled else [])
+
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else [])
+
([{'name': (roundcube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'roundcube']}] if roundcube_enabled else [])
+
([{'name': (rumqttd_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'rumqttd']}] if rumqttd_enabled else [])
+
([{'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']}] if soft_serve_enabled else [])
+
([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else [])
+
([{'name': (telegraf_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'telegraf']}] if telegraf_enabled else [])
+
([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else [])
+
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
+
([{'name': (wg_easy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'wg-easy']}] if wg_easy_enabled else [])
+
([{'name': (forgejo_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'forgejo', 'forgejo-server']}] if forgejo_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.systemd_service_manager #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.postgres #
# #
########################################################################
devture_postgres_enabled: false
devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres"
devture_postgres_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres"
devture_postgres_uid: "{{ mash_playbook_uid }}"
devture_postgres_gid: "{{ mash_playbook_gid }}"
# This includes everything for maximum safety.
# It may not be optimal though, because some services may not be dependant on Postgres at all, etc.
devture_postgres_systemd_services_to_stop_for_maintenance_list_auto: "{{ devture_systemd_service_manager_services_list_auto | map(attribute='name') | reject('equalto', (devture_postgres_identifier + '.service')) }}"
devture_postgres_managed_databases_auto: |
{{
([{
'name': authelia_config_storage_postgres_database,
'username': authelia_config_storage_postgres_username,
'password': authelia_config_storage_postgres_password,
}] if authelia_enabled and authelia_config_storage_postgres_host == devture_postgres_identifier else [])
+
([{
'name': authentik_database_name,
'username': authentik_database_username,
'password': authentik_database_password,
}] if authentik_enabled and authentik_database_hostname == devture_postgres_identifier else [])
+
([{
'name': focalboard_database_name,
'username': focalboard_database_username,
'password': focalboard_database_password,
}] if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else [])
+
([{
'name': freshrss_database_name,
'username': freshrss_database_username,
'password': freshrss_database_password,
}] if freshrss_enabled and freshrss_database_hostname == devture_postgres_identifier else [])
+
([{
'name': funkwhale_database_name,
'username': funkwhale_database_username,
'password': funkwhale_database_password,
}] if funkwhale_enabled and funkwhale_database_hostname == devture_postgres_identifier else [])
+
([{
'name': gitea_config_database_name,
'username': gitea_config_database_username,
'password': gitea_config_database_password,
}] if gitea_enabled else [])
+
([{
'name': healthchecks_database_name,
'username': healthchecks_database_username,
'password': healthchecks_database_password,
}] if healthchecks_enabled and healthchecks_database_hostname == devture_postgres_identifier else [])
+
([{
'name': devture_woodpecker_ci_server_database_datasource_db_name,
'username': devture_woodpecker_ci_server_database_datasource_username,
'password': devture_woodpecker_ci_server_database_datasource_password,
}] if devture_woodpecker_ci_server_enabled else [])
+
([{
'name': gotosocial_database_name,
'username': gotosocial_database_username,
'password': gotosocial_database_password,
}] if gotosocial_enabled else [])
+
([{
'name': ilmo_database_name,
'username': ilmo_database_username,
'password': ilmo_database_password,
}] if ilmo_enabled else [])
+
([{
'name': keycloak_database_name,
'username': keycloak_database_username,
'password': keycloak_database_password,
}] if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else [])
+
([{
'name': lago_database_name,
'username': lago_database_username,
'password': lago_database_password,
}] if lago_enabled and lago_database_hostname == devture_postgres_identifier else [])
+
([{
'name': linkding_database_name,
'username': linkding_database_username,
'password': linkding_database_password,
}] if linkding_enabled and linkding_database_engine == 'postgres' else [])
+
([{
'name': miniflux_database_name,
'username': miniflux_database_username,
'password': miniflux_database_password,
}] if miniflux_enabled else [])
+
([{
'name': redmine_database_name,
'username': redmine_database_username,
'password': redmine_database_password,
}] if redmine_enabled else [])
+
([{
'name': n8n_database_name,
'username': n8n_database_username,
'password': n8n_database_password,
}] if n8n_enabled else [])
+
([{
'name': netbox_database_name,
'username': netbox_database_username,
'password': netbox_database_password,
}] if netbox_enabled else [])
+
([{
'name': nextcloud_database_name,
'username': nextcloud_database_username,
'password': nextcloud_database_password,
}] if nextcloud_enabled else [])
+
([{
'name': outline_database_name,
'username': outline_database_username,
'password': outline_database_password,
}] if outline_enabled and outline_database_hostname == devture_postgres_identifier else [])
+
([{
'name': oxitraffic_database_name,
'username': oxitraffic_database_username,
'password': oxitraffic_database_password,
}] if oxitraffic_enabled and oxitraffic_database_hostname == devture_postgres_identifier else [])
+
([{
'name': peertube_config_database_name,
'username': peertube_config_database_username,
'password': peertube_config_database_password,
}] if peertube_enabled else [])
+
([{
'name': prometheus_postgres_exporter_database_name,
'username': prometheus_postgres_exporter_database_username,
'password': prometheus_postgres_exporter_database_password,
}] if prometheus_postgres_exporter_enabled else [])
+
([{
'name': firezone_database_name,
'username': firezone_database_user,
'password': firezone_database_password,
}] if firezone_enabled else [])
+
([{
'name': vaultwarden_database_name,
'username': vaultwarden_database_username,
'password': vaultwarden_database_password,
}] if vaultwarden_enabled else [])
+
([{
'name': forgejo_config_database_name,
'username': forgejo_config_database_username,
'password': forgejo_config_database_password,
}] if forgejo_enabled else [])
+
([{
'name': roundcube_database_name,
'username': roundcube_database_username,
'password': roundcube_database_password,
}] if roundcube_enabled and roundcube_database_hostname == devture_postgres_identifier else [])
}}
########################################################################
# #
# /com.devture.ansible.role.postgres #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.postgres_backup #
# #
########################################################################
devture_postgres_backup_enabled: false
devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup"
devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}"
devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup"
devture_postgres_backup_systemd_required_services_list: |
{{
(['docker.service'])
+
([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else [])
}}
devture_postgres_backup_container_network: "{{ devture_postgres_container_network }}"
devture_postgres_backup_uid: "{{ mash_playbook_uid }}"
devture_postgres_backup_gid: "{{ mash_playbook_gid }}"
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
########################################################################
# #
# /com.devture.ansible.role.postgres_backup #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.playbook_state_preserver #
# #
########################################################################
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}"
devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}"
devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml"
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml"
########################################################################
# #
# /com.devture.ansible.role.playbook_state_preserver #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}"
devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy"
devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy"
devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}"
devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}"
# Traefik requires read access to the containers APIs to do its job
devture_container_socket_proxy_api_containers_enabled: true
########################################################################
# #
# /com.devture.ansible.role.container_socket_proxy #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.traefik #
# #
########################################################################
devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik"
devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik"
devture_traefik_uid: "{{ mash_playbook_uid }}"
devture_traefik_gid: "{{ mash_playbook_gid }}"
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
devture_traefik_container_additional_networks: |
{{
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
}}
devture_traefik_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
}}
########################################################################
# #
# /com.devture.ansible.role.traefik #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.docker_sdk_for_python #
# #
########################################################################
devture_docker_sdk_for_python_installation_enabled: false
########################################################################
# #
# /com.devture.ansible.role.docker_sdk_for_python #
# #
########################################################################
########################################################################
# #
# com.devture.ansible.role.timesync #
# #
########################################################################
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
devture_timesync_installation_enabled: false
########################################################################
# #
# /com.devture.ansible.role.timesync #
# #
########################################################################
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: false
adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home"
adguard_home_uid: "{{ mash_playbook_uid }}"
adguard_home_gid: "{{ mash_playbook_gid }}"
adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home"
adguard_home_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /adguard-home #
# #
########################################################################
########################################################################
# #
# appsmith #
# #
########################################################################
appsmith_enabled: false
appsmith_identifier: "{{ mash_playbook_service_identifier_prefix }}appsmith"
appsmith_uid: "{{ mash_playbook_uid }}"
appsmith_gid: "{{ mash_playbook_gid }}"
appsmith_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}appsmith"
appsmith_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
appsmith_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
appsmith_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
appsmith_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
appsmith_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /appsmith #
# #
########################################################################
########################################################################
# #
# authentik #
# #
########################################################################
authentik_enabled: false
authentik_identifier: "{{ mash_playbook_service_identifier_prefix }}authentik"
authentik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}authentik"
authentik_uid: "{{ mash_playbook_uid }}"
authentik_gid: "{{ mash_playbook_gid }}"
authentik_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
authentik_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
authentik_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.authentik', rounds=655555) | to_uuid }}"
authentik_database_username: "{{ authentik_identifier }}"
authentik_server_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier else [])
}}
authentik_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and authentik_database_hostname == devture_postgres_identifier and authentik_container_network != devture_postgres_container_network else [])
}}
authentik_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
authentik_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
authentik_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
authentik_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /authentik #
# #
########################################################################
########################################################################
# #
# backup-borg #
# #
########################################################################
backup_borg_enabled: false
backup_borg_identifier: "{{ mash_playbook_service_identifier_prefix }}backup-borg"
backup_borg_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}borg-backup"
backup_borg_uid: "{{ mash_playbook_uid }}"
backup_borg_gid: "{{ mash_playbook_gid }}"
backup_borg_container_network: "{{ devture_postgres_container_network if devture_postgres_enabled else backup_borg_identifier }}"
backup_borg_retention_prefix: "{{ mash_playbook_service_identifier_prefix }}"
backup_borg_storage_archive_name_format: "{{ mash_playbook_service_identifier_prefix }}-{now:%Y-%m-%d-%H%M%S}"
backup_borg_container_image_self_build: "{{ mash_playbook_architecture not in ['amd64', 'arm32', 'arm64'] }}"
backup_borg_postgresql_enabled: "{{ devture_postgres_enabled }}"
backup_borg_postgresql_databases_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
backup_borg_postgresql_databases_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
backup_borg_postgresql_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
backup_borg_mysql_enabled: "{{ mariadb_enabled }}"
backup_borg_mysql_databases_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}"
backup_borg_mysql_databases_username: "root"
backup_borg_mysql_databases_password: "{{ mariadb_root_passsword if mariadb_enabled else '' }}"
backup_borg_mysql_databases_port: 3306
backup_borg_mysql_databases: "{{ mariadb_managed_databases | map(attribute='name') if mariadb_enabled else [] }}"
backup_borg_location_source_directories:
- "{{ mash_playbook_base_path }}"
backup_borg_location_exclude_patterns: |
{{
([devture_postgres_data_path] if devture_postgres_enabled else [])
+
([mariadb_data_path] if mariadb_enabled else [])
}}
backup_borg_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
([mariadb_identifier ~ '.service'] if mariadb_enabled else [])
}}
########################################################################
# #
# /backup-borg #
# #
########################################################################
########################################################################
# #
# Changedetection.io #
# #
########################################################################
changedetection_enabled: false
changedetection_identifier: "{{ mash_playbook_service_identifier_prefix }}changedetection"
changedetection_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}changedetection"
changedetection_uid: "{{ mash_playbook_uid }}"
changedetection_gid: "{{ mash_playbook_gid }}"
changedetection_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
changedetection_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
changedetection_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
changedetection_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
changedetection_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /Changedetection.io #
# #
########################################################################
########################################################################
# #
# clickhouse #
# #
########################################################################
clickhouse_enabled: false
clickhouse_identifier: "{{ mash_playbook_service_identifier_prefix }}clickhouse"
clickhouse_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}clickhouse"
clickhouse_uid: "{{ mash_playbook_uid }}"
clickhouse_gid: "{{ mash_playbook_gid }}"
# This will be extended in the future, to auto-create databases for services which depend on MariaDB.
# See `devture_postgres_managed_databases_auto`
# TODO
# clickhouse_managed_databases_auto: []
########################################################################
# #
# /clickhouse #
# #
########################################################################
########################################################################
# #
# collabora-online #
# #
########################################################################
collabora_online_enabled: false
collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online"
collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online"
collabora_online_uid: "{{ mash_playbook_uid }}"
collabora_online_gid: "{{ mash_playbook_gid }}"
collabora_online_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /collabora-online #
# #
########################################################################
########################################################################
# #
# docker-registry #
# #
########################################################################
docker_registry_enabled: false
docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry"
docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry"
docker_registry_uid: "{{ mash_playbook_uid }}"
docker_registry_gid: "{{ mash_playbook_gid }}"
docker_registry_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /docker-registry #
# #
########################################################################
########################################################################
# #
# docker-registry-browser #
# #
########################################################################
docker_registry_browser_enabled: false
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser"
docker_registry_browser_uid: "{{ mash_playbook_uid }}"
docker_registry_browser_gid: "{{ mash_playbook_gid }}"
docker_registry_browser_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /docker-registry-browser #
# #
########################################################################
########################################################################
# #
# docker-registry-purger #
# #
########################################################################
docker_registry_purger_enabled: false
docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger"
docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger"
docker_registry_purger_uid: "{{ mash_playbook_uid }}"
docker_registry_purger_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /docker-registry-purger #
# #
########################################################################
########################################################################
# #
# echoip #
# #
########################################################################
echoip_enabled: false
echoip_identifier: "{{ mash_playbook_service_identifier_prefix }}echoip"
echoip_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}echoip"
echoip_uid: "{{ mash_playbook_uid }}"
echoip_gid: "{{ mash_playbook_gid }}"
echoip_systemd_required_services_list: |
{{
(['docker.service'])
}}
echoip_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
echoip_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
echoip_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
echoip_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
echoip_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /echoip #
# #
########################################################################
########################################################################
# #
# firezone #
# #
########################################################################
firezone_enabled: false
firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone"
firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone"
firezone_uid: "{{ mash_playbook_uid }}"
firezone_gid: "{{ mash_playbook_gid }}"
firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}"
firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}"
firezone_database_user: "{{ firezone_identifier }}"
firezone_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier else [])
}}
firezone_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else [])
}}
firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /firezone #
# #
########################################################################
########################################################################
# #
# focalboard #
# #
########################################################################
focalboard_enabled: false
focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard"
focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard"
focalboard_uid: "{{ mash_playbook_uid }}"
focalboard_gid: "{{ mash_playbook_gid }}"
focalboard_systemd_required_systemd_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}"
focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}"
focalboard_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else [])
}}
focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /focalboard #
# #
########################################################################
########################################################################
# #
# freshrss #
# #
########################################################################
freshrss_enabled: false
freshrss_identifier: "{{ mash_playbook_service_identifier_prefix }}freshrss"
freshrss_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}freshrss"
# freshrss_uid and freshrss_gid are intentionally not being set here.
# FreshRSS can only work with a specific user and group, as hardcoded in the role defaults.
freshrss_uid: "0"
freshrss_gid: "33"
freshrss_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier else [])
}}
freshrss_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and freshrss_database_hostname == devture_postgres_identifier and freshrss_container_network != devture_postgres_container_network else [])
}}
freshrss_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
freshrss_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
freshrss_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
freshrss_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
freshrss_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
# Intentionally not auto-generating freshrss_database_password.
# It's meant to be explicitly defined, so that it can be used in the setup wizard after installation.
########################################################################
# #
# /freshrss #
# #
########################################################################
########################################################################
# #
# funkwhale #
# #
########################################################################
funkwhale_enabled: false
funkwhale_identifier: "{{ mash_playbook_service_identifier_prefix }}funkwhale"
funkwhale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}funkwhale"
funkwhale_uid: "{{ mash_playbook_uid }}"
funkwhale_gid: "{{ mash_playbook_gid }}"
funkwhale_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
funkwhale_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
funkwhale_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.funkwhale', rounds=655555) | to_uuid }}"
funkwhale_database_username: "{{ funkwhale_identifier }}"
funkwhale_api_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else [])
}}
funkwhale_frontend_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier else [])
}}
funkwhale_api_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_api_container_network != devture_postgres_container_network else [])
}}
funkwhale_frontend_container_additional_networks_auto: |
{{
([devture_postgres_container_network] if devture_postgres_enabled and funkwhale_database_hostname == devture_postgres_identifier and funkwhale_frontend_container_network != devture_postgres_container_network else [])
+
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
funkwhale_api_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
funkwhale_api_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
funkwhale_api_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
funkwhale_api_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
funkwhale_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
funkwhale_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
funkwhale_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
funkwhale_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /funkwhale #
# #
########################################################################
########################################################################
# #
# gitea #
# #
########################################################################
gitea_enabled: false
gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea"
gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea"
gitea_uid: "{{ mash_playbook_uid }}"
gitea_gid: "{{ mash_playbook_gid }}"
gitea_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else [])
}}
gitea_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else [])
}}
gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gitea_config_database_username: "gitea"
gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}"
########################################################################
# #
# /gitea #
# #
########################################################################
########################################################################
# #
# gotosocial #
# #
########################################################################
gotosocial_enabled: false
gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial"
gotosocial_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gotosocial"
gotosocial_uid: "{{ mash_playbook_uid }}"
gotosocial_gid: "{{ mash_playbook_gid }}"
gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}"
gotosocial_database_username: "{{ gotosocial_identifier }}"
gotosocial_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else [])
}}
gotosocial_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else [])
}}
gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /gotosocial #
# #
########################################################################
########################################################################
# #
# grafana #
# #
########################################################################
grafana_enabled: false
grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana"
grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana"
grafana_uid: "{{ mash_playbook_uid }}"
grafana_gid: "{{ mash_playbook_gid }}"
grafana_container_additional_networks: "{{ grafana_container_additional_networks_reverse_proxy + grafana_container_additional_networks_additional }}"
grafana_container_additional_networks_reverse_proxy: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
grafana_container_additional_networks_additional: []
grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /grafana #
# #
########################################################################
########################################################################
# #
# healthchecks #
# #
########################################################################
healthchecks_enabled: false
healthchecks_identifier: "{{ mash_playbook_service_identifier_prefix }}healthchecks"
healthchecks_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}healthchecks"
healthchecks_uid: "{{ mash_playbook_uid }}"
healthchecks_gid: "{{ mash_playbook_gid }}"
healthchecks_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier else [])
}}
healthchecks_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and healthchecks_database_hostname == devture_postgres_identifier and healthchecks_container_network != devture_postgres_container_network else [])
}}
healthchecks_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
healthchecks_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
healthchecks_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
healthchecks_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
healthchecks_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
healthchecks_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks.db', rounds=655555) | to_uuid }}"
healthchecks_environment_variable_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'healthchecks', rounds=655555) | to_uuid }}"
########################################################################
# #
# /healthchecks #
# #
########################################################################
########################################################################
# #
# hubsite #
# #
########################################################################
hubsite_enabled: false
hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite"
hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite"
hubsite_uid: "{{ mash_playbook_uid }}"
hubsite_gid: "{{ mash_playbook_gid }}"
hubsite_systemd_required_services_list: |
{{
(['docker.service'])
}}
hubsite_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Services
##########
# Adguard home
hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}"
hubsite_service_adguard_home_name: Adguard Home
hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}"
hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png"
hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking"
hubsite_service_adguard_home_priority: 1000
# authentik
hubsite_service_authentik_enabled: "{{ authentik_enabled }}"
hubsite_service_authentik_name: Authentik
hubsite_service_authentik_url: "https://{{ authentik_hostname }}"
hubsite_service_authentik_logo_location: "{{ role_path }}/assets/authentik.png"
hubsite_service_authentik_description: "An open source identity provider"
hubsite_service_authentik_priority: 1000
# Appsmith
hubsite_service_appsmith_enabled: "{{ appsmith_enabled }}"
hubsite_service_appsmith_name: Appsmith
hubsite_service_appsmith_url: "https://{{ appsmith_hostname }}{{ appsmith_path_prefix }}"
hubsite_service_appsmith_logo_location: "{{ role_path }}/assets/appsmith.png"
hubsite_service_appsmith_description: "Platform for building and deploying custom internal tools and applications without writing code"
hubsite_service_appsmith_priority: 1000
# Docker Registry Browser
hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}"
hubsite_service_docker_registry_browser_name: Docker Registry Browser
hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}"
hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png"
hubsite_service_docker_registry_browser_description: "Browse docker images"
hubsite_service_docker_registry_browser_priority: 1000
# Firezone
hubsite_service_firezone_enabled: "{{ firezone_enabled }}"
hubsite_service_firezone_name: Firezone
hubsite_service_firezone_url: "https://{{ firezone_hostname }}"
hubsite_service_firezone_logo_location: "{{ role_path }}/assets/firezone.png"
hubsite_service_firezone_description: "A self-hosted VPN server, based on Wireguard"
hubsite_service_firezone_priority: 1000
# Focalboard
hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}"
hubsite_service_focalboard_name: Focalboard
hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}"
hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png"
hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana."
hubsite_service_focalboard_priority: 1000
# FreshRSS
hubsite_service_freshrss_enabled: "{{ freshrss_enabled }}"
hubsite_service_freshrss_name: FreshRSS
hubsite_service_freshrss_url: "https://{{ freshrss_hostname }}{{ freshrss_path_prefix }}"
hubsite_service_freshrss_logo_location: "{{ role_path }}/assets/freshrss.png"
hubsite_service_freshrss_description: "RSS and Atom feed aggregator."
hubsite_service_freshrss_priority: 1000
# Funkwhale
hubsite_service_funkwhale_enabled: "{{ funkwhale_enabled }}"
hubsite_service_funkwhale_name: Funkwhale
hubsite_service_funkwhale_url: "https://{{ funkwhale_hostname }}"
hubsite_service_funkwhale_logo_location: "{{ role_path }}/assets/funkwhale.png"
hubsite_service_funkwhale_description: "Listen and share music with a selfhosted streaming server"
hubsite_service_funkwhale_priority: 1000
# Gitea
hubsite_service_gitea_enabled: "{{ gitea_enabled }}"
hubsite_service_gitea_name: Gitea
hubsite_service_gitea_url: "https://{{ gitea_hostname }}{{ gitea_path_prefix }}"
hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png"
hubsite_service_gitea_description: "A git service"
hubsite_service_gitea_priority: 1000
# GoToSocial
hubsite_service_gotosocial_enabled: "{{ gotosocial_enabled }}"
hubsite_service_gotosocial_name: GoToSocial
hubsite_service_gotosocial_url: "https://{{ gotosocial_hostname }}"
hubsite_service_gotosocial_logo_location: "{{ role_path }}/assets/gotosocial.png"
hubsite_service_gotosocial_description: "A fediverse server"
hubsite_service_gotosocial_priority: 1000
# Grafana
hubsite_service_grafana_enabled: "{{ grafana_enabled }}"
hubsite_service_grafana_name: Grafana
hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}"
hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png"
hubsite_service_grafana_description: "Check how your server is doing"
hubsite_service_grafana_priority: 1000
# Healthchecks
hubsite_service_healthchecks_enabled: "{{ healthchecks_enabled }}"
hubsite_service_healthchecks_name: Healthchecks
hubsite_service_healthchecks_url: "https://{{ healthchecks_hostname }}{{ healthchecks_path_prefix }}"
hubsite_service_healthchecks_logo_location: "{{ role_path }}/assets/healthchecks.png"
hubsite_service_healthchecks_description: "A simple and Effective Cron Job Monitoring solution"
hubsite_service_healthchecks_priority: 1000
# Keycloak
hubsite_service_keycloak_enabled: "{{ keycloak_enabled }}"
hubsite_service_keycloak_name: Keycloak
hubsite_service_keycloak_url: "https://{{ keycloak_hostname }}{{ keycloak_path_prefix }}"
hubsite_service_keycloak_logo_location: "{{ role_path }}/assets/keycloak.png"
hubsite_service_keycloak_description: "An open source identity and access management solution."
hubsite_service_keycloak_priority: 1000
# Miniflux
hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}"
hubsite_service_miniflux_name: Miniflux
hubsite_service_miniflux_url: "https://{{ miniflux_hostname }}{{ miniflux_path_prefix }}"
hubsite_service_miniflux_logo_location: "{{ role_path }}/assets/miniflux.png"
hubsite_service_miniflux_description: "An opinionated feed reader"
hubsite_service_miniflux_priority: 1000
# n8n
hubsite_service_n8n_enabled: "{{ n8n_enabled }}"
hubsite_service_n8n_name: n8n
hubsite_service_n8n_url: "https://{{ n8n_hostname }}{{ n8n_path_prefix }}"
hubsite_service_n8n_logo_location: "{{ role_path }}/assets/n8n.png"
hubsite_service_n8n_description: "Workflow automation for technical people."
hubsite_service_n8n_priority: 1000
# Linkding
hubsite_service_linkding_enabled: "{{ linkding_enabled }}"
hubsite_service_linkding_name: Linkding
hubsite_service_linkding_url: "https://{{ linkding_hostname }}{{ linkding_path_prefix }}"
hubsite_service_linkding_logo_location: "{{ role_path }}/assets/linkding.png"
hubsite_service_linkding_description: "Bookmark manager that is designed be to be minimal and fast."
hubsite_service_linkding_priority: 1000
# Nextcloud
hubsite_service_nextcloud_enabled: "{{ nextcloud_enabled }}"
hubsite_service_nextcloud_name: Nextcloud
hubsite_service_nextcloud_url: "https://{{ nextcloud_hostname }}{{ nextcloud_path_prefix }}"
hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png"
hubsite_service_nextcloud_description: "Sync your files & much more"
hubsite_service_nextcloud_priority: 1000
# Owncast
hubsite_service_owncast_enabled: "{{ owncast_enabled }}"
hubsite_service_owncast_name: Owncast
hubsite_service_owncast_url: "https://{{ owncast_hostname }}"
hubsite_service_owncast_logo_location: "{{ role_path }}/assets/owncast.png"
hubsite_service_owncast_description: "Livestream & Chat"
hubsite_service_owncast_priority: 1000
# Peertube
hubsite_service_peertube_enabled: "{{ peertube_enabled }}"
hubsite_service_peertube_name: Peertube
hubsite_service_peertube_url: "https://{{ peertube_hostname }}{{ peertube_path_prefix }}"
hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png"
hubsite_service_peertube_description: "Watch and upload videos"
hubsite_service_peertube_priority: 1000
# Radicale
hubsite_service_radicale_enabled: "{{ radicale_enabled }}"
hubsite_service_radicale_name: Radicale
hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}"
hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png"
hubsite_service_radicale_description: "Sync contacts and calendars"
hubsite_service_radicale_priority: 1000
# Syncthing
hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}"
hubsite_service_syncthing_name: Syncthing
hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}"
hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png"
hubsite_service_syncthing_description: "Sync your files"
hubsite_service_syncthing_priority: 1000
# Uptime Kuma
hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}"
hubsite_service_uptime_kuma_name: Uptime Kuma
hubsite_service_uptime_kuma_url: "https://{{ uptime_kuma_hostname }}{{ uptime_kuma_path_prefix }}"
hubsite_service_uptime_kuma_logo_location: "{{ role_path }}/assets/uptime-kuma.png"
hubsite_service_uptime_kuma_description: "Check the status of the services"
hubsite_service_uptime_kuma_priority: 1000
# Vaultwarden
# The vaultwarden service link is deactivated by default for security reasons, see: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#hiding-under-a-subdir
hubsite_service_vaultwarden_enabled: false
hubsite_service_vaultwarden_name: Vaultwarden
hubsite_service_vaultwarden_url: "https://{{ vaultwarden_hostname }}{{ vaultwarden_path_prefix }}"
hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.png"
hubsite_service_vaultwarden_description: "Securely access your passwords"
hubsite_service_vaultwarden_priority: 1000
# Woodpecker CI
hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}"
hubsite_service_woodpecker_ci_name: Woodpecker CI
hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}"
hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png"
hubsite_service_woodpecker_ci_description: "Check you CI"
hubsite_service_woodpecker_ci_priority: 1000
# Forgejo
hubsite_service_forgejo_enabled: "{{ forgejo_enabled }}"
hubsite_service_forgejo_name: Forgejo
hubsite_service_forgejo_url: "https://{{ forgejo_hostname }}{{ forgejo_path_prefix }}"
hubsite_service_forgejo_logo_location: "{{ role_path }}/assets/forgejo.png"
hubsite_service_forgejo_description: "Another git service"
hubsite_service_forgejo_priority: 1000
hubsite_service_list_auto: |
{{
([{'name': hubsite_service_adguard_home_name, 'url': hubsite_service_adguard_home_url, 'logo_location': hubsite_service_adguard_home_logo_location, 'description': hubsite_service_adguard_home_description, 'priority': hubsite_service_adguard_home_priority}] if hubsite_service_adguard_home_enabled else [])
+
([{'name': hubsite_service_authentik_name, 'url': hubsite_service_authentik_url, 'logo_location': hubsite_service_authentik_logo_location, 'description': hubsite_service_authentik_description, 'priority': hubsite_service_adguard_home_priority}] if hubsite_service_authentik_enabled else [])
+
([{'name': hubsite_service_appsmith_name, 'url': hubsite_service_appsmith_url, 'logo_location': hubsite_service_appsmith_logo_location, 'description': hubsite_service_appsmith_description, 'priority': hubsite_service_appsmith_priority}] if hubsite_service_appsmith_enabled else [])
+
([{'name': hubsite_service_docker_registry_browser_name, 'url': hubsite_service_docker_registry_browser_url, 'logo_location': hubsite_service_docker_registry_browser_logo_location, 'description': hubsite_service_docker_registry_browser_description, 'priority': hubsite_service_docker_registry_browser_priority}] if hubsite_service_docker_registry_browser_enabled else [])
+
([{'name': hubsite_service_firezone_name, 'url': hubsite_service_firezone_url, 'logo_location': hubsite_service_firezone_logo_location, 'description': hubsite_service_firezone_description, 'priority': hubsite_service_firezone_priority}] if hubsite_service_firezone_enabled else [])
+
([{'name': hubsite_service_focalboard_name, 'url': hubsite_service_focalboard_url, 'logo_location': hubsite_service_focalboard_logo_location, 'description': hubsite_service_focalboard_description, 'priority': hubsite_service_focalboard_priority}] if hubsite_service_focalboard_enabled else [])
+
([{'name': hubsite_service_freshrss_name, 'url': hubsite_service_freshrss_url, 'logo_location': hubsite_service_freshrss_logo_location, 'description': hubsite_service_freshrss_description, 'priority': hubsite_service_freshrss_priority}] if hubsite_service_freshrss_enabled else [])
+
([{'name': hubsite_service_funkwhale_name, 'url': hubsite_service_funkwhale_url, 'logo_location': hubsite_service_funkwhale_logo_location, 'description': hubsite_service_funkwhale_description, 'priority': hubsite_service_funkwhale_priority}] if hubsite_service_funkwhale_enabled else [])
+
([{'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority}] if hubsite_service_gitea_enabled else [])
+
([{'name': hubsite_service_gotosocial_name, 'url': hubsite_service_gotosocial_url, 'logo_location': hubsite_service_gotosocial_logo_location, 'description': hubsite_service_gotosocial_description, 'priority': hubsite_service_gotosocial_priority}] if hubsite_service_gotosocial_enabled else [])
+
([{'name': hubsite_service_grafana_name, 'url': hubsite_service_grafana_url, 'logo_location': hubsite_service_grafana_logo_location, 'description': hubsite_service_grafana_description, 'priority': hubsite_service_grafana_priority}] if hubsite_service_grafana_enabled else [])
+
([{'name': hubsite_service_healthchecks_name, 'url': hubsite_service_healthchecks_url, 'logo_location': hubsite_service_healthchecks_logo_location, 'description': hubsite_service_healthchecks_description, 'priority': hubsite_service_healthchecks_priority}] if hubsite_service_healthchecks_enabled else [])
+
([{'name': hubsite_service_keycloak_name, 'url': hubsite_service_keycloak_url, 'logo_location': hubsite_service_keycloak_logo_location, 'description': hubsite_service_keycloak_description, 'priority': hubsite_service_keycloak_priority}] if hubsite_service_keycloak_enabled else [])
+
([{'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority}] if hubsite_service_miniflux_enabled else [])
+
([{'name': hubsite_service_n8n_name, 'url': hubsite_service_n8n_url, 'logo_location': hubsite_service_n8n_logo_location, 'description': hubsite_service_n8n_description, 'priority': hubsite_service_n8n_priority}] if hubsite_service_n8n_enabled else [])
+
([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else [])
+
([{'name': hubsite_service_linkding_name, 'url': hubsite_service_linkding_url, 'logo_location': hubsite_service_linkding_logo_location, 'description': hubsite_service_linkding_description, 'priority': hubsite_service_linkding_priority}] if hubsite_service_linkding_enabled else [])
+
([{'name': hubsite_service_owncast_name, 'url': hubsite_service_owncast_url, 'logo_location': hubsite_service_owncast_logo_location, 'description': hubsite_service_owncast_description, 'priority': hubsite_service_owncast_priority}] if hubsite_service_owncast_enabled else [])
+
([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else [])
+
([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else [])
+
([{'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority}] if hubsite_service_uptime_kuma_enabled else [])
+
([{'name': hubsite_service_syncthing_name, 'url': hubsite_service_syncthing_url, 'logo_location': hubsite_service_syncthing_logo_location, 'description': hubsite_service_syncthing_description, 'priority': hubsite_service_syncthing_priority}] if hubsite_service_syncthing_enabled else [])
+
([{'name': hubsite_service_vaultwarden_name, 'url': hubsite_service_vaultwarden_url, 'logo_location': hubsite_service_vaultwarden_logo_location, 'description': hubsite_service_vaultwarden_description, 'priority': hubsite_service_vaultwarden_priority}] if hubsite_service_vaultwarden_enabled else [])
+
([{'name': hubsite_service_woodpecker_ci_name, 'url': hubsite_service_woodpecker_ci_url, 'logo_location': hubsite_service_woodpecker_ci_logo_location, 'description': hubsite_service_woodpecker_ci_description, 'priority': hubsite_service_woodpecker_ci_priority}] if hubsite_service_woodpecker_ci_enabled else [])
}}
########################################################################
# #
# /hubsite #
# #
########################################################################
########################################################################
# #
# ilmo #
# #
########################################################################
ilmo_enabled: false
ilmo_identifier: "{{ mash_playbook_service_identifier_prefix }}ilmo"
ilmo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}ilmo"
ilmo_uid: "{{ mash_playbook_uid }}"
ilmo_gid: "{{ mash_playbook_gid }}"
ilmo_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.ilmo', rounds=655555) | to_uuid }}"
ilmo_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
ilmo_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
ilmo_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.ilmo', rounds=655555) | to_uuid }}"
ilmo_database_username: "ilmo"
ilmo_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier else [])
}}
ilmo_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and ilmo_database_host == devture_postgres_identifier and ilmo_container_network != devture_postgres_container_network else [])
}}
ilmo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
ilmo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
ilmo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
ilmo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /ilmo #
# #
########################################################################
########################################################################
# #
# infisical #
# #
########################################################################
infisical_enabled: false
infisical_identifier: "{{ mash_playbook_service_identifier_prefix }}infisical"
infisical_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}infisical"
infisical_uid: "{{ mash_playbook_uid }}"
infisical_gid: "{{ mash_playbook_gid }}"
infisical_backend_systemd_required_services_list: |
{{
(['docker.service'])
+
([mongodb_identifier ~ '.service'] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier else [])
}}
infisical_backend_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([mongodb_container_network] if mongodb_enabled and infisical_mongodb_hostname == mongodb_identifier and infisical_backend_container_network != mongodb_container_network else [])
}}
infisical_backend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
infisical_backend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
infisical_backend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
infisical_backend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
# Intentionally not auto-generating infisical_backend_environment_variable_encryption_key here.
# We prefer it to be explicit as it seems important that it remains stable.
infisical_backend_environment_variable_jwt_signup_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.signup', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_refresh_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.r', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_auth_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.a', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_backend_environment_variable_jwt_service_secret: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'inf.jwt.svc', rounds=655555) | to_uuid | replace('-', ''))[0:32] }}"
infisical_frontend_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
infisical_frontend_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
infisical_frontend_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
infisical_frontend_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
infisical_frontend_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
infisical_mongodb_hostname: "{{ mongodb_identifier if mongodb_enabled else '' }}"
infisical_mongodb_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'infisical.db', rounds=655555) | to_uuid }}"
infisical_mongodb_auth_source: "{{ infisical_mongodb_db_name }}"
########################################################################
# #
# /infisical #
# #
########################################################################
########################################################################
# #
# influxdb #
# #
########################################################################
influxdb_enabled: false
influxdb_identifier: "{{ mash_playbook_service_identifier_prefix }}influxdb"
influxdb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}influxdb"
influxdb_uid: "{{ mash_playbook_uid }}"
influxdb_gid: "{{ mash_playbook_gid }}"
influxdb_systemd_required_services_list: |
{{
(['docker.service'])
}}
influxdb_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
influxdb_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
influxdb_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
influxdb_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
influxdb_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /influxdb #
# #
########################################################################
########################################################################
# #
# jitsi #
# #
########################################################################
jitsi_enabled: false
jitsi_architecture: "{{ mash_playbook_architecture }}"
jitsi_identifier: "{{ mash_playbook_service_identifier_prefix }}jitsi"
jitsi_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}jitsi"
jitsi_uid: "{{ mash_playbook_uid }}"
jitsi_gid: "{{ mash_playbook_gid }}"
jitsi_user_username: "{{ mash_playbook_user_username }}"
jitsi_web_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_prosody_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_jvb_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
jitsi_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
jitsi_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
jitsi_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
jitsi_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
jitsi_jibri_xmpp_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jibri', rounds=655555) | to_uuid }}"
jitsi_jicofo_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jicofo', rounds=655555) | to_uuid }}"
jitsi_jvb_auth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'jvb', rounds=655555) | to_uuid }}"
########################################################################
# #
# /jitsi #
# #
########################################################################
########################################################################
# #
# keycloak #
# #
########################################################################
keycloak_enabled: false
keycloak_identifier: "{{ mash_playbook_service_identifier_prefix }}keycloak"
keycloak_uid: "{{ mash_playbook_uid }}"
keycloak_gid: "{{ mash_playbook_gid }}"
keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keycloak"
keycloak_systemd_required_systemd_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else [])
}}
keycloak_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else [])
}}
keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}"
########################################################################
# #
# /keycloak #
# #
########################################################################
########################################################################
# #
# lago #
# #
########################################################################
lago_enabled: false
lago_architecture: "{{ mash_playbook_architecture }}"
lago_identifier: "{{ mash_playbook_service_identifier_prefix }}lago"
lago_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}lago"
lago_uid: "{{ mash_playbook_uid }}"
lago_gid: "{{ mash_playbook_gid }}"
lago_api_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and lago_database_hostname == devture_postgres_identifier and lago_api_container_network != devture_postgres_container_network else [])
}}
lago_front_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
lago_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
lago_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
lago_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
lago_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
lago_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
lago_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
lago_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.db', rounds=655555) | to_uuid }}"
lago_api_environment_variable_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.sec.key', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_primary_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.enc.primary', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_deterministic_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deter.key', rounds=655555) | to_uuid }}"
lago_api_environment_variable_encryption_key_derivation_salt: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'lago.deriv.salt', rounds=655555) | to_uuid }}"
########################################################################
# #
# /lago #
# #
########################################################################
########################################################################
# #
# linkding #
# #
########################################################################
linkding_enabled: false
linkding_identifier: "{{ mash_playbook_service_identifier_prefix }}linkding"
linkding_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}linkding"
linkding_uid: "{{ mash_playbook_uid }}"
linkding_gid: "{{ mash_playbook_gid }}"
linkding_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier else [])
}}
linkding_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and linkding_database_hostname == devture_postgres_identifier and linkding_container_network != devture_postgres_container_network else [])
}}
linkding_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
linkding_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
linkding_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
linkding_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
linkding_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
linkding_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'linkding.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /linkding #
# #
########################################################################
########################################################################
# #
# miniflux #
# #
########################################################################
miniflux_enabled: false
miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux"
miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux"
miniflux_uid: "{{ mash_playbook_uid }}"
miniflux_gid: "{{ mash_playbook_gid }}"
miniflux_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else [])
}}
miniflux_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else [])
}}
miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /miniflux #
# #
########################################################################
########################################################################
# #
# mobilizon #
# #
########################################################################
mobilizon_enabled: false
mobilizon_identifier: "{{ mash_playbook_service_identifier_prefix }}mobilizon"
mobilizon_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mobilizon"
mobilizon_uid: "{{ mash_playbook_uid }}"
mobilizon_gid: "{{ mash_playbook_gid }}"
mobilizon_secret_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'sk.mobilizon', rounds=655555) | to_uuid }}"
mobilizon_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'skb.mobilizon', rounds=655555) | to_uuid }}"
mobilizon_database_hostname: "{{ postgis_identifier if postgis_enabled else '' }}"
mobilizon_database_name: "mobilizon"
mobilizon_database_port: "{{ '5432' if postgis_enabled else '' }}"
mobilizon_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.mobilizon', rounds=655555) | to_uuid }}"
mobilizon_database_username: "mobilizon"
mobilizon_systemd_required_services_list: |
{{
(['docker.service'])
+
([postgis_identifier ~ '.service'] if postgis_enabled and mobilizon_database_hostname == postgis_identifier else [])
}}
mobilizon_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([postgis_container_network] if postgis_enabled and mobilizon_database_hostname == postgis_identifier and mobilizon_container_network != postgis_container_network else [])
}}
mobilizon_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
mobilizon_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
mobilizon_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
mobilizon_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /mobilizon #
# #
########################################################################
########################################################################
# #
# mongodb #
# #
########################################################################
mongodb_enabled: false
mongodb_identifier: "{{ mash_playbook_service_identifier_prefix }}mongodb"
mongodb_uid: "{{ mash_playbook_uid }}"
mongodb_gid: "{{ mash_playbook_gid }}"
mongodb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mongodb"
mongodb_managed_databases_auto: |
{{
([{
'name': infisical_mongodb_db_name,
'username': infisical_mongodb_username,
'password': infisical_mongodb_password,
}] if infisical_enabled and infisical_mongodb_hostname == mongodb_identifier else [])
}}
########################################################################
# #
# /mongodb #
# #
########################################################################
########################################################################
# #
# mosquitto #
# #
########################################################################
mosquitto_enabled: false
mosquitto_identifier: "{{ mash_playbook_service_identifier_prefix }}mosquitto"
mosquitto_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mosquitto"
mosquitto_uid: "{{ mash_playbook_uid }}"
mosquitto_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /mosquitto #
# #
########################################################################
########################################################################
# #
# mrs #
# #
########################################################################
mrs_enabled: false
mrs_identifier: "{{ mash_playbook_service_identifier_prefix }}mrs"
mrs_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mrs"
mrs_uid: "{{ mash_playbook_uid }}"
mrs_gid: "{{ mash_playbook_gid }}"
mrs_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
mrs_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
mrs_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
mrs_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
mrs_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /mrs #
# #
########################################################################
########################################################################
# #
# n8n #
# #
########################################################################
n8n_enabled: false
n8n_identifier: "{{ mash_playbook_service_identifier_prefix }}n8n"
n8n_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}n8n"
# Please see the note attached to this comment on why we can't use mash's playbook uid and gid
# https://github.com/kinduff/ansible-docker-n8n/blob/v1.4.2/defaults/main.yml
n8n_uid: "1000"
n8n_gid: "1000"
n8n_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier else [])
}}
n8n_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and n8n_database_hostname == devture_postgres_identifier and n8n_container_network != devture_postgres_container_network else [])
}}
n8n_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
n8n_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
n8n_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
n8n_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
n8n_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
n8n_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'n8n.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /n8n #
# #
########################################################################
########################################################################
# #
# navidrome #
# #
########################################################################
navidrome_enabled: false
navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome"
navidrome_uid: "{{ mash_playbook_uid }}"
navidrome_gid: "{{ mash_playbook_gid }}"
navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome"
navidrome_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /navidrome #
# #
########################################################################
########################################################################
# #
# nextcloud #
# #
########################################################################
nextcloud_enabled: false
nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud"
nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud"
nextcloud_uid: "{{ mash_playbook_uid }}"
nextcloud_gid: "{{ mash_playbook_gid }}"
nextcloud_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
}}
nextcloud_container_additional_networks_auto: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else [])
) | unique
}}
nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
nextcloud_database_username: "nextcloud"
nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}"
########################################################################
# #
# /nextcloud #
# #
########################################################################
########################################################################
# #
# netbox #
# #
########################################################################
netbox_enabled: false
netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox"
netbox_uid: "{{ mash_playbook_uid }}"
netbox_gid: "{{ mash_playbook_gid }}"
netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox"
netbox_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
}}
netbox_container_additional_networks_auto: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else [])
) | unique
}}
netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}"
########################################################################
# #
# /netbox #
# #
########################################################################
########################################################################
# #
# mariadb #
# #
########################################################################
mariadb_enabled: false
mariadb_identifier: "{{ mash_playbook_service_identifier_prefix }}mariadb"
mariadb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}mariadb"
mariadb_uid: "{{ mash_playbook_uid }}"
mariadb_gid: "{{ mash_playbook_gid }}"
mariadb_managed_databases_auto: |
{{
([{
'name': authelia_config_storage_mysql_database,
'username': authelia_config_storage_mysql_username,
'password': authelia_config_storage_mysql_password,
}] if authelia_enabled and authelia_config_storage_mysql_host == mariadb_identifier else [])
}}
########################################################################
# #
# /mariadb #
# #
########################################################################
########################################################################
# #
# outline #
# #
########################################################################
outline_enabled: false
outline_identifier: "{{ mash_playbook_service_identifier_prefix }}outline"
outline_uid: "{{ mash_playbook_uid }}"
outline_gid: "{{ mash_playbook_gid }}"
outline_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}outline"
outline_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else [])
}}
outline_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier and outline_container_network != devture_postgres_container_network else [])
}}
outline_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
outline_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
outline_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
outline_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
outline_environment_variable_utils_secret: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'utils.out', rounds=655555) | to_uuid }}"
outline_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
outline_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
outline_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.out', rounds=655555) | to_uuid }}"
outline_database_sslmode: "{{ 'disable' if devture_postgres_enabled and outline_database_hostname == devture_postgres_identifier else 'prefer' }}"
########################################################################
# #
# /outline #
# #
########################################################################
########################################################################
# #
# owncast #
# #
########################################################################
owncast_enabled: false
owncast_identifier: "{{ mash_playbook_service_identifier_prefix }}owncast"
owncast_uid: "{{ mash_playbook_uid }}"
owncast_gid: "{{ mash_playbook_gid }}"
owncast_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}owncast"
owncast_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
owncast_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
owncast_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
owncast_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
owncast_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /owncast #
# #
########################################################################
########################################################################
# #
# oxitraffic #
# #
########################################################################
oxitraffic_enabled: false
oxitraffic_identifier: "{{ mash_playbook_service_identifier_prefix }}oxitraffic"
oxitraffic_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}oxitraffic"
oxitraffic_uid: "{{ mash_playbook_uid }}"
oxitraffic_gid: "{{ mash_playbook_gid }}"
oxitraffic_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
oxitraffic_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
oxitraffic_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.oxitraffic', rounds=655555) | to_uuid }}"
oxitraffic_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier else [])
}}
oxitraffic_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and oxitraffic_database_hostname == devture_postgres_identifier and oxitraffic_container_network != devture_postgres_container_network else [])
}}
oxitraffic_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
oxitraffic_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
oxitraffic_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
oxitraffic_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /oxitraffic #
# #
########################################################################
########################################################################
# #
# peertube #
# #
########################################################################
peertube_enabled: false
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube"
peertube_uid: "{{ mash_playbook_uid }}"
peertube_gid: "{{ mash_playbook_gid }}"
peertube_container_additional_networks_auto: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
) | unique
}}
peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
peertube_config_database_username: peertube
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
peertube_systemd_required_services_list_auto: |
{{
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
}}
########################################################################
# #
# /peertube #
# #
########################################################################
########################################################################
# #
# postgis #
# #
########################################################################
postgis_enabled: false
postgis_identifier: "{{ mash_playbook_service_identifier_prefix }}postgis"
postgis_architecture: "{{ mash_playbook_architecture }}"
postgis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgis"
postgis_uid: "{{ mash_playbook_uid }}"
postgis_gid: "{{ mash_playbook_gid }}"
postgis_systemd_services_to_stop_for_maintenance_list: |
{{
([(mobilizon_identifier + '.service')] if mobilizon_enabled else [])
}}
postgis_managed_databases_auto: |
{{
([{
'name': mobilizon_database_name,
'username': mobilizon_database_username,
'password': mobilizon_database_password,
}] if mobilizon_enabled and mobilizon_database_type == 'postgis' and mobilizon_database_hostname == postgis_identifier else [])
}}
########################################################################
# #
# /postgis #
# #
########################################################################
########################################################################
# #
# prometheus_postgres_exporter #
# #
########################################################################
prometheus_postgres_exporter_enabled: false
prometheus_postgres_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-postgres-exporter"
prometheus_postgres_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-postgres-exporter"
prometheus_postgres_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_postgres_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_postgres_exporter_basicauth_enabled: "{{ prometheus_postgres_exporter_container_labels_traefik_enabled }}"
prometheus_postgres_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'prometheus-postgres-exporter.user', rounds=655555) | to_uuid }}"
prometheus_postgres_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'prometheus-postgres-exporter.password', rounds=655555) | to_uuid }}"
prometheus_postgres_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_identifier and prometheus_postgres_exporter_container_network != devture_postgres_container_network else [])
}}
prometheus_postgres_exporter_server_fqn: "{{ prometheus_postgres_exporter_hostname }}"
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_postgres_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_postgres_exporter_hostname | length > 0 }}"
prometheus_postgres_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_postgres_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_postgres_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_username: prometheus_postgres_exporter
prometheus_postgres_exporter_database_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
prometheus_postgres_exporter_database_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
prometheus_postgres_exporter_database_ssl: false
prometheus_postgres_exporter_systemd_required_services_list: |
{{
['docker.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
}}
########################################################################
# #
# /prometheus_node_exporter #
# #
########################################################################
########################################################################
# #
# prometheus #
# #
########################################################################
prometheus_enabled: false
prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus"
prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus"
prometheus_uid: "{{ mash_playbook_uid }}"
prometheus_gid: "{{ mash_playbook_gid }}"
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_hostname | length > 0 }}"
prometheus_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
########################################################################
# #
# /prometheus #
# #
########################################################################
########################################################################
# #
# prometheus_blackbox_exporter #
# #
########################################################################
prometheus_blackbox_exporter_enabled: false
prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter"
prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_blackbox_exporter_basicauth_enabled: "{{ prometheus_blackbox_exporter_container_labels_traefik_enabled }}"
prometheus_blackbox_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.user', rounds=655555) | to_uuid }}"
prometheus_blackbox_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.password', rounds=655555) | to_uuid }}"
prometheus_blackbox_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}"
prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /prometheus_blackbox_exporter #
# #
########################################################################
########################################################################
# #
# prometheus_ssh_exporter #
# #
########################################################################
prometheus_ssh_exporter_enabled: false
prometheus_ssh_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-ssh-exporter"
prometheus_ssh_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-ssh-exporter"
prometheus_ssh_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_ssh_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_ssh_exporter_basicauth_enabled: "{{ prometheus_ssh_exporter_container_labels_traefik_enabled }}"
prometheus_ssh_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'ssh.user', rounds=655555) | to_uuid }}"
prometheus_ssh_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'ssh.password', rounds=655555) | to_uuid }}"
prometheus_ssh_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_ssh_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_ssh_exporter_hostname }}"
prometheus_ssh_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_ssh_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_ssh_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /prometheus_ssh_exporter #
# #
########################################################################
########################################################################
# #
# prometheus_node_exporter #
# #
########################################################################
prometheus_node_exporter_enabled: false
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter"
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
prometheus_node_exporter_basicauth_enabled: "{{ prometheus_node_exporter_container_labels_traefik_enabled }}"
prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}"
prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}"
prometheus_node_exporter_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
# Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly)
prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}"
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
prometheus_node_exporter_process_extra_arguments:
- "--collector.disable-defaults"
- "--collector.cpu"
- "--collector.filesystem"
- "--collector.meminfo"
- "--collector.systemd"
- "--collector.uname"
prometheus_node_exporter_container_extra_arguments:
- "--security-opt apparmor=unconfined"
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"
########################################################################
# #
# /prometheus_node_exporter #
# #
########################################################################
########################################################################
# #
# radicale #
# #
########################################################################
radicale_enabled: false
radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale"
radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale"
radicale_uid: "{{ mash_playbook_uid }}"
radicale_gid: "{{ mash_playbook_gid }}"
radicale_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /radicale #
# #
########################################################################
########################################################################
# #
# redmine #
# #
########################################################################
redmine_enabled: false
redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine"
redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine"
redmine_uid: "{{ mash_playbook_uid }}"
redmine_gid: "{{ mash_playbook_gid }}"
redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}"
redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}"
redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}"
redmine_systemd_required_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else [])
}}
redmine_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else [])
}}
redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}"
redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
redmine_database_username: "redmine"
redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}"
########################################################################
# #
# /redmine #
# #
########################################################################
########################################################################
# #
# redis #
# #
########################################################################
redis_enabled: false
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis"
redis_uid: "{{ mash_playbook_uid }}"
redis_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /redis #
# #
########################################################################
########################################################################
# #
# roundcube #
# #
########################################################################
roundcube_enabled: false
roundcube_identifier: "{{ mash_playbook_service_identifier_prefix }}roundcube"
roundcube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}roundcube"
roundcube_uid: "0"
roundcube_gid: "0"
roundcube_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite' }}"
roundcube_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
roundcube_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
roundcube_database_name: "{{ 'roundcube' if devture_postgres_enabled else '' }}"
roundcube_database_username: "{{ 'roundcube' if devture_postgres_enabled else '' }}"
roundcube_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.roundcube', rounds=655555) | to_uuid }}"
roundcube_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier else [])
}}
roundcube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
roundcube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
roundcube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
roundcube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
roundcube_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and roundcube_database_hostname == devture_postgres_identifier and roundcube_container_network != devture_postgres_container_network else [])
}}
########################################################################
# #
# /roundcube #
# #
########################################################################
########################################################################
# #
# rumqttd #
# #
########################################################################
rumqttd_enabled: false
rumqttd_identifier: "{{ mash_playbook_service_identifier_prefix }}rumqttd"
rumqttd_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}rumqttd"
rumqttd_uid: "{{ mash_playbook_uid }}"
rumqttd_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# /rumqttd #
# #
########################################################################
########################################################################
# #
# soft-serve #
# #
########################################################################
soft_serve_enabled: false
soft_serve_identifier: "{{ mash_playbook_service_identifier_prefix }}soft-serve"
soft_serve_uid: "{{ mash_playbook_uid }}"
soft_serve_gid: "{{ mash_playbook_gid }}"
soft_serve_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}soft-serve"
########################################################################
# #
# /soft-serve #
# #
########################################################################
########################################################################
# #
# syncthing #
# #
########################################################################
syncthing_enabled: false
syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing"
syncthing_uid: "{{ mash_playbook_uid }}"
syncthing_gid: "{{ mash_playbook_gid }}"
syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing"
syncthing_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /syncthing #
# #
########################################################################
########################################################################
# #
# telegraf #
# #
########################################################################
telegraf_enabled: false
telegraf_identifier: "{{ mash_playbook_service_identifier_prefix }}telegraf"
telegraf_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}telegraf"
telegraf_uid: "{{ mash_playbook_uid }}"
telegraf_gid: "{{ mash_playbook_gid }}"
telegraf_systemd_required_services_list: |
{{
(['docker.service'])
+
([(influxdb_identifier + '.service')] if influxdb_enabled else [])
}}
########################################################################
# #
# /telegraf #
# #
########################################################################
########################################################################
# #
# vaultwarden #
# #
########################################################################
vaultwarden_enabled: false
vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden"
vaultwarden_uid: "{{ mash_playbook_uid }}"
vaultwarden_gid: "{{ mash_playbook_gid }}"
vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden"
vaultwarden_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else [])
}}
vaultwarden_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else [])
}}
vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
vaultwarden_database_username: "vaultwarden"
vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}"
########################################################################
# #
# /vaultwarden #
# #
########################################################################
########################################################################
# #
# etke/uptime_kuma #
# #
########################################################################
uptime_kuma_enabled: false
uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma"
uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma"
uptime_kuma_uid: "{{ mash_playbook_uid }}"
uptime_kuma_gid: "{{ mash_playbook_gid }}"
uptime_kuma_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /etke/uptime_kuma #
# #
########################################################################
########################################################################
# #
# wg-easy #
# #
########################################################################
wg_easy_enabled: false
wg_easy_identifier: "{{ mash_playbook_service_identifier_prefix }}wg-easy"
wg_easy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}wg-easy"
wg_easy_uid: "{{ mash_playbook_uid }}"
wg_easy_gid: "{{ mash_playbook_gid }}"
wg_easy_container_additional_networks_auto: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
wg_easy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
wg_easy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
wg_easy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
wg_easy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /wg-easy #
# #
########################################################################
########################################################################
# #
# forgejo #
# #
########################################################################
forgejo_enabled: false
forgejo_identifier: "{{ mash_playbook_service_identifier_prefix }}forgejo"
forgejo_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}forgejo"
forgejo_uid: "{{ mash_playbook_uid }}"
forgejo_gid: "{{ mash_playbook_gid }}"
forgejo_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier else [])
}}
forgejo_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and forgejo_config_database_hostname == devture_postgres_identifier and forgejo_container_network != devture_postgres_container_network else [])
}}
forgejo_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
forgejo_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
forgejo_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
forgejo_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
forgejo_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
forgejo_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
forgejo_config_database_username: "forgejo"
forgejo_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.forgejo', rounds=655555) | to_uuid }}"
########################################################################
# #
# /forgejo #
# #
########################################################################
########################################################################
# #
# woodpecker-ci-server #
# #
########################################################################
devture_woodpecker_ci_server_enabled: false
devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server"
devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server"
devture_woodpecker_ci_server_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else [])
}}
devture_woodpecker_ci_server_container_additional_networks: |
{{
(
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
+
([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else [])
) | unique
}}
devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
devture_woodpecker_ci_server_database_driver: postgres
devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable"
devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}"
devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server
devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}"
devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server
########################################################################
# #
# /woodpecker-ci-server #
# #
########################################################################
########################################################################
# #
# woodpecker-ci-agent #
# #
########################################################################
devture_woodpecker_ci_agent_enabled: false
devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent"
devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}"
devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}"
devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent"
devture_woodpecker_ci_agent_systemd_required_systemd_services_list: |
{{
(['docker.service'])
+
([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else [])
}}
devture_woodpecker_ci_agent_container_additional_networks: |
{{
(
([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else [])
) | unique
}}
devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}"
devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}"
########################################################################
# #
# /woodpecker-ci-agent #
# #
########################################################################