--- ######################################################################## # # # aux # # # ######################################################################## aux_directory_default_owner: "{{ mash_playbook_user_username }}" aux_directory_default_group: "{{ mash_playbook_user_groupname }}" aux_file_default_owner: "{{ mash_playbook_user_username }}" aux_file_default_group: "{{ mash_playbook_user_groupname }}" ######################################################################## # # # /aux # # # ######################################################################## ######################################################################## # # # system/security # # # ######################################################################## system_security_ssh_enabled: false system_security_fail2ban_enabled: false ######################################################################## # # # /system/security # # # ######################################################################## ######################################################################## # # # system/swap # # # ######################################################################## system_swap_enabled: false ######################################################################## # # # /system/swap # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.systemd_service_manager # # # ######################################################################## devture_systemd_service_manager_services_list_auto: | {{ ([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else []) + ([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else []) + ([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else []) + ([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else []) + ([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else []) + ([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['mash', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else []) + ([{'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']}] if devture_woodpecker_ci_server_enabled else []) + ([{'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']}] if devture_woodpecker_ci_agent_enabled else []) + ([{'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']}] if docker_registry_enabled else []) + ([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']}] if docker_registry_enabled else []) + ([{'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']}] if docker_registry_browser_enabled else []) + ([{'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']}] if docker_registry_purger_enabled else []) + ([{'name': (firezone_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'firezone']}] if firezone_enabled else []) + ([{'name': (focalboard_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'focalboard']}] if focalboard_enabled else []) + ([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else []) + ([{'name': (gotosocial_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gotosocial']}] if gotosocial_enabled else []) + ([{'name': (grafana_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'grafana']}] if grafana_enabled else []) + ([{'name': (keycloak_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'keycloak']}] if keycloak_enabled else []) + ([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else []) + ([{'name': (navidrome_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'navidrome']}] if navidrome_enabled else []) + ([{'name': (netbox_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'netbox', 'netbox-server']}] if netbox_enabled else []) + ([{'name': (netbox_identifier + '-worker.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-worker']}] if netbox_enabled else []) + ([{'name': (netbox_identifier + '-housekeeping.service'), 'priority': 2500, 'groups': ['mash', 'netbox', 'netbox-housekeeping']}] if netbox_enabled else []) + ([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else []) + ([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else []) + ([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else []) + ([{'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']}] if prometheus_enabled else []) + ([{'name': (prometheus_blackbox_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-blackbox-exporter']}] if prometheus_blackbox_exporter_enabled else []) + ([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else []) + ([{'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']}] if radicale_enabled else []) + ([{'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled else []) + ([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else []) + ([{'name': (soft_serve_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'soft-serve']}] if soft_serve_enabled else []) + ([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else []) + ([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else []) + ([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else []) + ([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else []) }} ######################################################################## # # # /com.devture.ansible.role.systemd_service_manager # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.postgres # # # ######################################################################## devture_postgres_enabled: false devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres" devture_postgres_architecture: "{{ mash_playbook_architecture }}" devture_postgres_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres" devture_postgres_uid: "{{ mash_playbook_uid }}" devture_postgres_gid: "{{ mash_playbook_gid }}" devture_postgres_systemd_services_to_stop_for_maintenance_list: | {{ ([(miniflux_identifier + '.service')] if miniflux_enabled else []) + ([(redmine_identifier + '.service')] if redmine_enabled else []) }} devture_postgres_managed_databases_auto: | {{ ([{ 'name': focalboard_database_name, 'username': focalboard_database_username, 'password': focalboard_database_password, }] if focalboard_enabled and focalboard_database_type == 'postgres' and focalboard_database_hostname == devture_postgres_identifier else []) + ([{ 'name': gitea_config_database_name, 'username': gitea_config_database_username, 'password': gitea_config_database_password, }] if gitea_enabled else []) + ([{ 'name': devture_woodpecker_ci_server_database_datasource_db_name, 'username': devture_woodpecker_ci_server_database_datasource_username, 'password': devture_woodpecker_ci_server_database_datasource_password, }] if devture_woodpecker_ci_server_enabled else []) + ([{ 'name': gotosocial_database_name, 'username': gotosocial_database_username, 'password': gotosocial_database_password, }] if gotosocial_enabled else []) + ([{ 'name': keycloak_database_name, 'username': keycloak_database_username, 'password': keycloak_database_password, }] if keycloak_enabled and keycloak_database_type == 'postgres' and keycloak_database_hostname == devture_postgres_identifier else []) + ([{ 'name': miniflux_database_name, 'username': miniflux_database_username, 'password': miniflux_database_password, }] if miniflux_enabled else []) + ([{ 'name': redmine_database_name, 'username': redmine_database_username, 'password': redmine_database_password, }] if redmine_enabled else []) + ([{ 'name': netbox_database_name, 'username': netbox_database_username, 'password': netbox_database_password, }] if netbox_enabled else []) + ([{ 'name': nextcloud_database_name, 'username': nextcloud_database_username, 'password': nextcloud_database_password, }] if nextcloud_enabled else []) + ([{ 'name': peertube_config_database_name, 'username': peertube_config_database_username, 'password': peertube_config_database_password, }] if peertube_enabled else []) + ([{ 'name': firezone_database_name, 'username': firezone_database_user, 'password': firezone_database_password, }] if firezone_enabled else []) + ([{ 'name': vaultwarden_database_name, 'username': vaultwarden_database_username, 'password': vaultwarden_database_password, }] if vaultwarden_enabled else []) }} ######################################################################## # # # /com.devture.ansible.role.postgres # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.postgres_backup # # # ######################################################################## devture_postgres_backup_enabled: false devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup" devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}" devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}postgres-backup" devture_postgres_backup_systemd_required_services_list: | {{ (['docker.service']) + ([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else []) }} devture_postgres_backup_container_network: "{{ devture_postgres_container_network }}" devture_postgres_backup_uid: "{{ mash_playbook_uid }}" devture_postgres_backup_gid: "{{ mash_playbook_gid }}" devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}" devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}" devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}" devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}" devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}" ######################################################################## # # # /com.devture.ansible.role.postgres_backup # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.playbook_state_preserver # # # ######################################################################## # To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`. devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}" devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}" devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vars.yml" devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}git_hash.yml" ######################################################################## # # # /com.devture.ansible.role.playbook_state_preserver # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.container_socket_proxy # # # ######################################################################## devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}" devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy" devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}container-socket-proxy" devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}" devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}" # Traefik requires read access to the containers APIs to do its job devture_container_socket_proxy_api_containers_enabled: true ######################################################################## # # # /com.devture.ansible.role.container_socket_proxy # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.traefik # # # ######################################################################## devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}" devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik" devture_traefik_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}traefik" devture_traefik_uid: "{{ mash_playbook_uid }}" devture_traefik_gid: "{{ mash_playbook_gid }}" devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}" devture_traefik_container_additional_networks: | {{ ([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else []) }} devture_traefik_systemd_required_services_list: | {{ (['docker.service']) + ([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else []) }} ######################################################################## # # # /com.devture.ansible.role.traefik # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.docker_sdk_for_python # # # ######################################################################## devture_docker_sdk_for_python_installation_enabled: false ######################################################################## # # # /com.devture.ansible.role.docker_sdk_for_python # # # ######################################################################## ######################################################################## # # # com.devture.ansible.role.timesync # # # ######################################################################## # To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`. devture_timesync_installation_enabled: false ######################################################################## # # # /com.devture.ansible.role.timesync # # # ######################################################################## ######################################################################## # # # adguard-home # # # ######################################################################## adguard_home_enabled: false adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home" adguard_home_uid: "{{ mash_playbook_uid }}" adguard_home_gid: "{{ mash_playbook_gid }}" adguard_home_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}adguard-home" adguard_home_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /adguard-home # # # ######################################################################## ######################################################################## # # # collabora-online # # # ######################################################################## collabora_online_enabled: false collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online" collabora_online_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}collabora-online" collabora_online_uid: "{{ mash_playbook_uid }}" collabora_online_gid: "{{ mash_playbook_gid }}" collabora_online_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /collabora-online # # # ######################################################################## ######################################################################## # # # docker-registry # # # ######################################################################## docker_registry_enabled: false docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry" docker_registry_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry" docker_registry_uid: "{{ mash_playbook_uid }}" docker_registry_gid: "{{ mash_playbook_gid }}" docker_registry_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /docker-registry # # # ######################################################################## ######################################################################## # # # docker-registry-browser # # # ######################################################################## docker_registry_browser_enabled: false docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser" docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-browser" docker_registry_browser_uid: "{{ mash_playbook_uid }}" docker_registry_browser_gid: "{{ mash_playbook_gid }}" docker_registry_browser_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /docker-registry-browser # # # ######################################################################## ######################################################################## # # # docker-registry-purger # # # ######################################################################## docker_registry_purger_enabled: false docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger" docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}docker-registry-purger" docker_registry_purger_uid: "{{ mash_playbook_uid }}" docker_registry_purger_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /docker-registry-purger # # # ######################################################################## ######################################################################## # # # focalboard # # # ######################################################################## focalboard_enabled: false focalboard_identifier: "{{ mash_playbook_service_identifier_prefix }}focalboard" focalboard_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}focalboard" focalboard_uid: "{{ mash_playbook_uid }}" focalboard_gid: "{{ mash_playbook_gid }}" focalboard_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else []) }} focalboard_database_type: "{{ 'postgres' if devture_postgres_enabled else '' }}" focalboard_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" focalboard_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" focalboard_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.focalboard', rounds=655555) | to_uuid }}" focalboard_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and focalboard_database_hostname == devture_postgres_identifier else []) }} focalboard_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" focalboard_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" focalboard_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" focalboard_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /focalboard # # # ######################################################################## ######################################################################## # # # gitea # # # ######################################################################## gitea_enabled: false gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea" gitea_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gitea" gitea_uid: "{{ mash_playbook_uid }}" gitea_gid: "{{ mash_playbook_gid }}" gitea_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else []) }} gitea_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else []) }} gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gitea_config_database_username: "gitea" gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}" ######################################################################## # # # /gitea # # # ######################################################################## ######################################################################## # # # grafana # # # ######################################################################## grafana_enabled: false grafana_identifier: "{{ mash_playbook_service_identifier_prefix }}grafana" grafana_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}grafana" grafana_uid: "{{ mash_playbook_uid }}" grafana_gid: "{{ mash_playbook_gid }}" grafana_container_additional_networks: "{{ grafana_container_additional_networks_reverse_proxy + grafana_container_additional_networks_additional }}" grafana_container_additional_networks_reverse_proxy: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} grafana_container_additional_networks_additional: [] grafana_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" grafana_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" grafana_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" grafana_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /grafana # # # ######################################################################## ######################################################################## # # # keycloak # # # ######################################################################## keycloak_enabled: false keycloak_identifier: "{{ mash_playbook_service_identifier_prefix }}keycloak" keycloak_uid: "{{ mash_playbook_uid }}" keycloak_gid: "{{ mash_playbook_gid }}" keycloak_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}keycloak" keycloak_systemd_required_systemd_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier else []) }} keycloak_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and keycloak_database_hostname == devture_postgres_identifier and keycloak_container_network != devture_postgres_container_network else []) }} keycloak_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" keycloak_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" keycloak_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" keycloak_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" keycloak_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" keycloak_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" keycloak_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.keycloak', rounds=655555) | to_uuid }}" ######################################################################## # # # /keycloak # # # ######################################################################## ######################################################################## # # # miniflux # # # ######################################################################## miniflux_enabled: false miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux" miniflux_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}miniflux" miniflux_uid: "{{ mash_playbook_uid }}" miniflux_gid: "{{ mash_playbook_gid }}" miniflux_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else []) }} miniflux_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else []) }} miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}" ######################################################################## # # # /miniflux # # # ######################################################################## ######################################################################## # # # navidrome # # # ######################################################################## navidrome_enabled: false navidrome_identifier: "{{ mash_playbook_service_identifier_prefix }}navidrome" navidrome_uid: "{{ mash_playbook_uid }}" navidrome_gid: "{{ mash_playbook_gid }}" navidrome_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}navidrome" navidrome_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} navidrome_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" navidrome_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" navidrome_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" navidrome_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /navidrome # # # ######################################################################## ######################################################################## # # # nextcloud # # # ######################################################################## nextcloud_enabled: false nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud" nextcloud_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}nextcloud" nextcloud_uid: "{{ mash_playbook_uid }}" nextcloud_gid: "{{ mash_playbook_gid }}" nextcloud_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} nextcloud_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else []) }} nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" nextcloud_database_username: "nextcloud" nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}" ######################################################################## # # # /nextcloud # # # ######################################################################## ######################################################################## # # # netbox # # # ######################################################################## netbox_enabled: false netbox_identifier: "{{ mash_playbook_service_identifier_prefix }}netbox" netbox_uid: "{{ mash_playbook_uid }}" netbox_gid: "{{ mash_playbook_gid }}" netbox_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}netbox" netbox_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else []) }} netbox_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and netbox_database_hostname == devture_postgres_identifier and netbox_container_network != devture_postgres_container_network else []) ) | unique }} netbox_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" netbox_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" netbox_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" netbox_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" netbox_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" netbox_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" netbox_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.netbox', rounds=655555) | to_uuid }}" ######################################################################## # # # /netbox # # # ######################################################################## ######################################################################## # # # peertube # # # ######################################################################## peertube_enabled: false peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube" peertube_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}peertube" peertube_uid: "{{ mash_playbook_uid }}" peertube_gid: "{{ mash_playbook_gid }}" peertube_container_additional_networks_auto: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else []) ) | unique }} peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" peertube_config_database_username: peertube peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}" peertube_systemd_required_services_list_auto: | {{ ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else []) }} ######################################################################## # # # /peertube # # # ######################################################################## ######################################################################## # # # prometheus # # # ######################################################################## prometheus_enabled: false prometheus_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus" prometheus_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus" prometheus_uid: "{{ mash_playbook_uid }}" prometheus_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /prometheus # # # ######################################################################## ######################################################################## # # # prometheus_blackbox_exporter # # # ######################################################################## prometheus_blackbox_exporter_enabled: false prometheus_blackbox_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-blackbox-exporter" prometheus_blackbox_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-blackbox-exporter" prometheus_blackbox_exporter_uid: "{{ mash_playbook_uid }}" prometheus_blackbox_exporter_gid: "{{ mash_playbook_gid }}" prometheus_blackbox_exporter_basicauth_enabled: "{{ prometheus_blackbox_exporter_container_labels_traefik_enabled }}" prometheus_blackbox_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.user', rounds=655555) | to_uuid }}" prometheus_blackbox_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'blackbox.password', rounds=655555) | to_uuid }}" prometheus_blackbox_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_blackbox_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_blackbox_exporter_hostname }}" prometheus_blackbox_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_blackbox_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_blackbox_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /prometheus_blackbox_exporter # # # ######################################################################## ######################################################################## # # # prometheus_node_exporter # # # ######################################################################## prometheus_node_exporter_enabled: false prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter" prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}prometheus-node-exporter" prometheus_node_exporter_uid: "{{ mash_playbook_uid }}" prometheus_node_exporter_gid: "{{ mash_playbook_gid }}" prometheus_node_exporter_basicauth_enabled: "{{ prometheus_node_exporter_container_labels_traefik_enabled }}" prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}" prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}" prometheus_node_exporter_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} # Only enable Traefik labels if a hostname is set (indicating that this will be exposed publicly) prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled and prometheus_node_exporter_hostname }}" prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" prometheus_node_exporter_process_extra_arguments: - "--collector.disable-defaults" - "--collector.cpu" - "--collector.filesystem" - "--collector.meminfo" - "--collector.systemd" - "--collector.uname" prometheus_node_exporter_container_extra_arguments: - "--security-opt apparmor=unconfined" - "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave" ######################################################################## # # # /prometheus_node_exporter # # # ######################################################################## ######################################################################## # # # radicale # # # ######################################################################## radicale_enabled: false radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale" radicale_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}radicale" radicale_uid: "{{ mash_playbook_uid }}" radicale_gid: "{{ mash_playbook_gid }}" radicale_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /radicale # # # ######################################################################## ######################################################################## # # # redmine # # # ######################################################################## redmine_enabled: false redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine" redmine_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redmine" redmine_uid: "{{ mash_playbook_uid }}" redmine_gid: "{{ mash_playbook_gid }}" redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}" redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}" redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}" redmine_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else []) }} redmine_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else []) }} redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}" redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" redmine_database_username: "redmine" redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}" ######################################################################## # # # /redmine # # # ######################################################################## ######################################################################## # # # redis # # # ######################################################################## redis_enabled: false redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis" redis_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}redis" redis_uid: "{{ mash_playbook_uid }}" redis_gid: "{{ mash_playbook_gid }}" ######################################################################## # # # /redis # # # ######################################################################## ######################################################################## # # # soft-serve # # # ######################################################################## soft_serve_enabled: false soft_serve_identifier: "{{ mash_playbook_service_identifier_prefix }}soft-serve" soft_serve_uid: "{{ mash_playbook_uid }}" soft_serve_gid: "{{ mash_playbook_gid }}" soft_serve_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}soft-serve" ######################################################################## # # # /soft-serve # # # ######################################################################## ######################################################################## # # # syncthing # # # ######################################################################## syncthing_enabled: false syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing" syncthing_uid: "{{ mash_playbook_uid }}" syncthing_gid: "{{ mash_playbook_gid }}" syncthing_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}syncthing" syncthing_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /syncthing # # # ######################################################################## ######################################################################## # # # vaultwarden # # # ######################################################################## vaultwarden_enabled: false vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden" vaultwarden_uid: "{{ mash_playbook_uid }}" vaultwarden_gid: "{{ mash_playbook_gid }}" vaultwarden_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}vaultwarden" vaultwarden_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else []) }} vaultwarden_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else []) }} vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" vaultwarden_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" vaultwarden_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" vaultwarden_database_username: "vaultwarden" vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}" ######################################################################## # # # /vaultwarden # # # ######################################################################## ######################################################################## # # # etke/uptime_kuma # # # ######################################################################## uptime_kuma_enabled: false uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma" uptime_kuma_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}uptime-kuma" uptime_kuma_uid: "{{ mash_playbook_uid }}" uptime_kuma_gid: "{{ mash_playbook_gid }}" uptime_kuma_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /etke/uptime_kuma # # # ######################################################################## ######################################################################## # # # woodpecker-ci-server # # # ######################################################################## devture_woodpecker_ci_server_enabled: false devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server" devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/server" devture_woodpecker_ci_server_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else []) }} devture_woodpecker_ci_server_container_additional_networks: | {{ ( ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else []) ) | unique }} devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" devture_woodpecker_ci_server_database_driver: postgres devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable" devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}" devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}" devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server ######################################################################## # # # /woodpecker-ci-server # # # ######################################################################## ######################################################################## # # # woodpecker-ci-agent # # # ######################################################################## devture_woodpecker_ci_agent_enabled: false devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent" devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}" devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}" devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}woodpecker-ci/agent" devture_woodpecker_ci_agent_systemd_required_systemd_services_list: | {{ (['docker.service']) + ([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else []) }} devture_woodpecker_ci_agent_container_additional_networks: | {{ ( ([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else []) ) | unique }} devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}" devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}" ######################################################################## # # # /woodpecker-ci-agent # # # ######################################################################## ######################################################################## # # # hubsite # # # ######################################################################## hubsite_enabled: false hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite" hubsite_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}hubsite" hubsite_uid: "{{ mash_playbook_uid }}" hubsite_gid: "{{ mash_playbook_gid }}" hubsite_systemd_required_services_list: | {{ (['docker.service']) }} hubsite_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) }} hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" # Services ########## # Adguard home hubsite_service_adguard_home_enabled: "{{ adguard_home_enabled }}" hubsite_service_adguard_home_name: Adguard Home hubsite_service_adguard_home_url: "https://{{ adguard_home_hostname }}{{ adguard_home_path_prefix }}" hubsite_service_adguard_home_logo_location: "{{ role_path }}/assets/shield.png" hubsite_service_adguard_home_description: "A network-wide DNS software for blocking ads & tracking" hubsite_service_adguard_home_priority: 1000 # Docker Registry Browser hubsite_service_docker_registry_browser_enabled: "{{ docker_registry_browser_enabled }}" hubsite_service_docker_registry_browser_name: Docker Registry Browser hubsite_service_docker_registry_browser_url: "https://{{ docker_registry_browser_hostname }}{{ docker_registry_browser_path_prefix }}" hubsite_service_docker_registry_browser_logo_location: "{{ role_path }}/assets/docker.png" hubsite_service_docker_registry_browser_description: "Browse docker images" hubsite_service_docker_registry_browser_priority: 1000 # Focalboard hubsite_service_focalboard_enabled: "{{ focalboard_enabled }}" hubsite_service_focalboard_name: Focalboard hubsite_service_focalboard_url: "https://{{ focalboard_hostname }}{{ focalboard_path_prefix }}" hubsite_service_focalboard_logo_location: "{{ role_path }}/assets/focalboard.png" hubsite_service_focalboard_description: "An open source, self-hosted alternative to Trello, Notion, and Asana." hubsite_service_focalboard_priority: 1000 # Gitea hubsite_service_gitea_enabled: "{{ gitea_enabled }}" hubsite_service_gitea_name: Gitea hubsite_service_gitea_url: "https://{{ gitea_hostname }}{{ gitea_path_prefix }}" hubsite_service_gitea_logo_location: "{{ role_path }}/assets/gitea.png" hubsite_service_gitea_description: "A git service" hubsite_service_gitea_priority: 1000 # GoToSocial hubsite_service_gotosocial_enabled: "{{ gotosocial_enabled }}" hubsite_service_gotosocial_name: GoToSocial hubsite_service_gotosocial_url: "https://{{ gotosocial_hostname }}" hubsite_service_gotosocial_logo_location: "{{ role_path }}/assets/gotosocial.png" hubsite_service_gotosocial_description: "A fediverse server" hubsite_service_gotosocial_priority: 1000 # Grafana hubsite_service_grafana_enabled: "{{ grafana_enabled }}" hubsite_service_grafana_name: Grafana hubsite_service_grafana_url: "https://{{ grafana_hostname }}{{ grafana_path_prefix }}" hubsite_service_grafana_logo_location: "{{ role_path }}/assets/grafana.png" hubsite_service_grafana_description: "Check how your server is doing" hubsite_service_grafana_priority: 1000 # Miniflux hubsite_service_miniflux_enabled: "{{ miniflux_enabled }}" hubsite_service_miniflux_name: Miniflux hubsite_service_miniflux_url: "https://{{ miniflux_hostname }}{{ miniflux_path_prefix }}" hubsite_service_miniflux_logo_location: "{{ role_path }}/assets/miniflux.png" hubsite_service_miniflux_description: "An opinionated feed reader" hubsite_service_miniflux_priority: 1000 # Nextcloud hubsite_service_nextcloud_enabled: "{{ nextcloud_enabled }}" hubsite_service_nextcloud_name: Nextcloud hubsite_service_nextcloud_url: "https://{{ nextcloud_hostname }}{{ nextcloud_path_prefix }}" hubsite_service_nextcloud_logo_location: "{{ role_path }}/assets/nextcloud.png" hubsite_service_nextcloud_description: "Sync your files & much more" hubsite_service_nextcloud_priority: 1000 # Peertube hubsite_service_peertube_enabled: "{{ peertube_enabled }}" hubsite_service_peertube_name: Peertube hubsite_service_peertube_url: "https://{{ peertube_hostname }}{{ peertube_path_prefix }}" hubsite_service_peertube_logo_location: "{{ role_path }}/assets/peertube.png" hubsite_service_peertube_description: "Watch and upload videos" hubsite_service_peertube_priority: 1000 # Radicale hubsite_service_radicale_enabled: "{{ radicale_enabled }}" hubsite_service_radicale_name: Radicale hubsite_service_radicale_url: "https://{{ radicale_hostname }}{{ radicale_path_prefix }}" hubsite_service_radicale_logo_location: "{{ role_path }}/assets/radicale.png" hubsite_service_radicale_description: "Sync contacts and calendars" hubsite_service_radicale_priority: 1000 # Syncthing hubsite_service_syncthing_enabled: "{{ syncthing_enabled }}" hubsite_service_syncthing_name: Syncthing hubsite_service_syncthing_url: "https://{{ syncthing_hostname }}{{ syncthing_path_prefix }}" hubsite_service_syncthing_logo_location: "{{ role_path }}/assets/syncthing.png" hubsite_service_syncthing_description: "Sync your files" hubsite_service_syncthing_priority: 1000 # Uptime Kuma hubsite_service_uptime_kuma_enabled: "{{ uptime_kuma_enabled }}" hubsite_service_uptime_kuma_name: Uptime Kuma hubsite_service_uptime_kuma_url: "https://{{ uptime_kuma_hostname }}{{ uptime_kuma_path_prefix }}" hubsite_service_uptime_kuma_logo_location: "{{ role_path }}/assets/uptime-kuma.png" hubsite_service_uptime_kuma_description: "Check the status of the services" hubsite_service_uptime_kuma_priority: 1000 # Vaultwarden # The vaultwarden service link is deactivated by default for security reasons, see: https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#hiding-under-a-subdir hubsite_service_vaultwarden_enabled: false hubsite_service_vaultwarden_name: Vaultwarden hubsite_service_vaultwarden_url: "https://{{ vaultwarden_hostname }}{{ vaultwarden_path_prefix }}" hubsite_service_vaultwarden_logo_location: "{{ role_path }}/assets/vaultwarden.png" hubsite_service_vaultwarden_description: "Securely access your passwords" hubsite_service_vaultwarden_priority: 1000 # Woodpecker CI hubsite_service_woodpecker_ci_enabled: "{{ devture_woodpecker_ci_server_enabled }}" hubsite_service_woodpecker_ci_name: Woodpecker CI hubsite_service_woodpecker_ci_url: "https://{{ devture_woodpecker_ci_server_hostname }}" hubsite_service_woodpecker_ci_logo_location: "{{ role_path }}/assets/woodpecker.png" hubsite_service_woodpecker_ci_description: "Check you CI" hubsite_service_woodpecker_ci_priority: 1000 hubsite_service_list_auto: | {{ ([{'name': hubsite_service_adguard_home_name, 'url': hubsite_service_adguard_home_url, 'logo_location': hubsite_service_adguard_home_logo_location, 'description': hubsite_service_adguard_home_description, 'priority': hubsite_service_adguard_home_priority}] if hubsite_service_adguard_home_enabled else []) + ([{'name': hubsite_service_focalboard_name, 'url': hubsite_service_focalboard_url, 'logo_location': hubsite_service_focalboard_logo_location, 'description': hubsite_service_focalboard_description, 'priority': hubsite_service_focalboard_priority}] if hubsite_service_focalboard_enabled else []) + ([{'name': hubsite_service_gitea_name, 'url': hubsite_service_gitea_url, 'logo_location': hubsite_service_gitea_logo_location, 'description': hubsite_service_gitea_description, 'priority': hubsite_service_gitea_priority}] if hubsite_service_gitea_enabled else []) + ([{'name': hubsite_service_gotosocial_name, 'url': hubsite_service_gotosocial_url, 'logo_location': hubsite_service_gotosocial_logo_location, 'description': hubsite_service_gotosocial_description, 'priority': hubsite_service_gotosocial_priority}] if hubsite_service_gotosocial_enabled else []) + ([{'name': hubsite_service_grafana_name, 'url': hubsite_service_grafana_url, 'logo_location': hubsite_service_grafana_logo_location, 'description': hubsite_service_grafana_description, 'priority': hubsite_service_grafana_priority}] if hubsite_service_grafana_enabled else []) + ([{'name': hubsite_service_miniflux_name, 'url': hubsite_service_miniflux_url, 'logo_location': hubsite_service_miniflux_logo_location, 'description': hubsite_service_miniflux_description, 'priority': hubsite_service_miniflux_priority}] if hubsite_service_miniflux_enabled else []) + ([{'name': hubsite_service_nextcloud_name, 'url': hubsite_service_nextcloud_url, 'logo_location': hubsite_service_nextcloud_logo_location, 'description': hubsite_service_nextcloud_description, 'priority': hubsite_service_nextcloud_priority}] if hubsite_service_nextcloud_enabled else []) + ([{'name': hubsite_service_peertube_name, 'url': hubsite_service_peertube_url, 'logo_location': hubsite_service_peertube_logo_location, 'description': hubsite_service_peertube_description, 'priority': hubsite_service_peertube_priority}] if hubsite_service_peertube_enabled else []) + ([{'name': hubsite_service_radicale_name, 'url': hubsite_service_radicale_url, 'logo_location': hubsite_service_radicale_logo_location, 'description': hubsite_service_radicale_description, 'priority': hubsite_service_radicale_priority}] if hubsite_service_radicale_enabled else []) + ([{'name': hubsite_service_uptime_kuma_name, 'url': hubsite_service_uptime_kuma_url, 'logo_location': hubsite_service_uptime_kuma_logo_location, 'description': hubsite_service_uptime_kuma_description, 'priority': hubsite_service_uptime_kuma_priority}] if hubsite_service_uptime_kuma_enabled else []) + ([{'name': hubsite_service_syncthing_name, 'url': hubsite_service_syncthing_url, 'logo_location': hubsite_service_syncthing_logo_location, 'description': hubsite_service_syncthing_description, 'priority': hubsite_service_syncthing_priority}] if hubsite_service_syncthing_enabled else []) + ([{'name': hubsite_service_vaultwarden_name, 'url': hubsite_service_vaultwarden_url, 'logo_location': hubsite_service_vaultwarden_logo_location, 'description': hubsite_service_vaultwarden_description, 'priority': hubsite_service_vaultwarden_priority}] if hubsite_service_vaultwarden_enabled else []) + ([{'name': hubsite_service_woodpecker_ci_name, 'url': hubsite_service_woodpecker_ci_url, 'logo_location': hubsite_service_woodpecker_ci_logo_location, 'description': hubsite_service_woodpecker_ci_description, 'priority': hubsite_service_woodpecker_ci_priority}] if hubsite_service_woodpecker_ci_enabled else []) }} ######################################################################## # # # /hubsite # # # ######################################################################## ######################################################################## # # # firezone # # # ######################################################################## firezone_enabled: false firezone_identifier: "{{ mash_playbook_service_identifier_prefix }}firezone" firezone_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}firezone" firezone_uid: "{{ mash_playbook_uid }}" firezone_gid: "{{ mash_playbook_gid }}" firezone_generic_secret: "{{ mash_playbook_generic_secret_key }}" firezone_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" firezone_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" firezone_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'fz.db.user', rounds=655555) | to_uuid }}" firezone_database_user: "{{ firezone_identifier }}" firezone_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier else []) }} firezone_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and firezone_database_host == devture_postgres_identifier and firezone_container_network != devture_postgres_container_network else []) }} firezone_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" firezone_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" firezone_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" firezone_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /firezone # # # ######################################################################## ######################################################################## # # # gotsocial # # # ######################################################################## gotosocial_enabled: false gotosocial_identifier: "{{ mash_playbook_service_identifier_prefix }}gotosocial" gotosocial_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}gotosocial" gotosocial_uid: "{{ mash_playbook_uid }}" gotosocial_gid: "{{ mash_playbook_gid }}" gotosocial_database_host: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}" gotosocial_database_port: "{{ '5432' if devture_postgres_enabled else '' }}" gotosocial_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gotosocial', rounds=655555) | to_uuid }}" gotosocial_database_username: "{{ gotosocial_identifier }}" gotosocial_systemd_required_services_list: | {{ (['docker.service']) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier else []) }} gotosocial_container_additional_networks: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + ([devture_postgres_container_network] if devture_postgres_enabled and gotosocial_database_host == devture_postgres_identifier and gotosocial_container_network != devture_postgres_container_network else []) }} gotosocial_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" gotosocial_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" gotosocial_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" gotosocial_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # # /gotosocial # # # ########################################################################