1026 lines
52 KiB
Text
1026 lines
52 KiB
Text
---
|
|
|
|
########################################################################
|
|
# #
|
|
# system/security #
|
|
# #
|
|
########################################################################
|
|
|
|
system_security_ssh_enabled: false
|
|
system_security_fail2ban_enabled: false
|
|
|
|
########################################################################
|
|
# #
|
|
# /system/security #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# system/swap #
|
|
# #
|
|
########################################################################
|
|
|
|
system_swap_enabled: false
|
|
|
|
########################################################################
|
|
# #
|
|
# /system/swap #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.systemd_service_manager #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_systemd_service_manager_services_list_auto: |
|
|
{{
|
|
([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else [])
|
|
+
|
|
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else [])
|
|
+
|
|
([{'name': (devture_postgres_backup_identifier + '.service'), 'priority': 5000, 'groups': ['mash', 'backup', 'postgres-backup']}] if devture_postgres_backup_enabled else [])
|
|
+
|
|
([{'name': (devture_container_socket_proxy_identifier + '.service'), 'priority': 2900, 'groups': ['mash', 'reverse-proxies', 'container-socket-proxy']}] if devture_container_socket_proxy_enabled else [])
|
|
+
|
|
([{'name': (devture_traefik_identifier + '.service'), 'priority': 3000, 'groups': ['mash', 'traefik', 'reverse-proxies']}] if devture_traefik_enabled else [])
|
|
+
|
|
([{'name': (devture_woodpecker_ci_server_identifier + '.service'), 'priority': 4000, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-server']}] if devture_woodpecker_ci_server_enabled else [])
|
|
+
|
|
([{'name': (devture_woodpecker_ci_agent_identifier + '.service'), 'priority': 4100, 'groups': ['mash', 'woodpecker', 'ci', 'woodpecker-ci-agent']}] if devture_woodpecker_ci_agent_enabled else [])
|
|
+
|
|
([{'name': (docker_registry_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry']}] if docker_registry_enabled else [])
|
|
+
|
|
([{'name': (docker_registry_identifier + '-garbage-collect.timer'), 'priority': 2500, 'groups': ['mash', 'docker-registry', 'docker-registry-gc']}] if docker_registry_enabled else [])
|
|
+
|
|
([{'name': (docker_registry_browser_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'docker-registry-browser']}] if docker_registry_browser_enabled else [])
|
|
+
|
|
([{'name': (docker_registry_purger_identifier + '.timer'), 'priority': 3000, 'groups': ['mash', 'docker-registry-purger']}] if docker_registry_purger_enabled else [])
|
|
+
|
|
([{'name': (gitea_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'gitea', 'gitea-server']}] if gitea_enabled else [])
|
|
+
|
|
([{'name': (nextcloud_identifier + '-server.service'), 'priority': 2000, 'groups': ['mash', 'nextcloud', 'nextcloud-server']}] if nextcloud_enabled else [])
|
|
+
|
|
([{'name': (nextcloud_identifier + '-cron.timer'), 'priority': 2500, 'groups': ['mash', 'nextcloud', 'nextcloud-cron']}] if nextcloud_enabled else [])
|
|
+
|
|
([{'name': (miniflux_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'miniflux']}] if miniflux_enabled else [])
|
|
+
|
|
([{'name': (peertube_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'peertube']}] if peertube_enabled else [])
|
|
+
|
|
([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'metrics', 'prometheus-node-exporter']}] if prometheus_node_exporter_enabled else [])
|
|
+
|
|
([{'name': (radicale_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'radicale']}] if radicale_enabled else [])
|
|
+
|
|
([{'name': (redmine_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'redmine']}] if redmine_enabled else [])
|
|
+
|
|
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else [])
|
|
+
|
|
([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else [])
|
|
+
|
|
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
|
|
+
|
|
([{'name': (hubsite_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'hubsite']}] if hubsite_enabled else [])
|
|
}}
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.systemd_service_manager #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.postgres #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_postgres_enabled: false
|
|
|
|
devture_postgres_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres"
|
|
|
|
devture_postgres_architecture: "{{ mash_playbook_architecture }}"
|
|
|
|
devture_postgres_base_path: "{{ mash_playbook_base_path }}/postgres"
|
|
|
|
devture_postgres_uid: "{{ mash_playbook_uid }}"
|
|
devture_postgres_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_postgres_systemd_services_to_stop_for_maintenance_list: |
|
|
{{
|
|
([(miniflux_identifier + '.service')] if miniflux_enabled else [])
|
|
+
|
|
([(redmine_identifier + '.service')] if redmine_enabled else [])
|
|
}}
|
|
|
|
devture_postgres_managed_databases_auto: |
|
|
{{
|
|
([{
|
|
'name': gitea_config_database_name,
|
|
'username': gitea_config_database_username,
|
|
'password': gitea_config_database_password,
|
|
}] if gitea_enabled else [])
|
|
+
|
|
([{
|
|
'name': devture_woodpecker_ci_server_database_datasource_db_name,
|
|
'username': devture_woodpecker_ci_server_database_datasource_username,
|
|
'password': devture_woodpecker_ci_server_database_datasource_password,
|
|
}] if devture_woodpecker_ci_server_enabled else [])
|
|
+
|
|
([{
|
|
'name': miniflux_database_name,
|
|
'username': miniflux_database_username,
|
|
'password': miniflux_database_password,
|
|
}] if miniflux_enabled else [])
|
|
+
|
|
([{
|
|
'name': redmine_database_name,
|
|
'username': redmine_database_username,
|
|
'password': redmine_database_password,
|
|
}] if redmine_enabled else [])
|
|
+
|
|
([{
|
|
'name': nextcloud_database_name,
|
|
'username': nextcloud_database_username,
|
|
'password': nextcloud_database_password,
|
|
}] if nextcloud_enabled else [])
|
|
+
|
|
([{
|
|
'name': peertube_config_database_name,
|
|
'username': peertube_config_database_username,
|
|
'password': peertube_config_database_password,
|
|
}] if peertube_enabled else [])
|
|
+
|
|
([{
|
|
'name': vaultwarden_database_name,
|
|
'username': vaultwarden_database_username,
|
|
'password': vaultwarden_database_password,
|
|
}] if vaultwarden_enabled else [])
|
|
}}
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.postgres #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.postgres_backup #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_postgres_backup_enabled: false
|
|
|
|
devture_postgres_backup_identifier: "{{ mash_playbook_service_identifier_prefix }}postgres-backup"
|
|
|
|
devture_postgres_backup_architecture: "{{ mash_playbook_architecture }}"
|
|
|
|
devture_postgres_backup_base_path: "{{ mash_playbook_base_path }}/postgres-backup"
|
|
|
|
devture_postgres_backup_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([(devture_postgres_identifier + '.service')] if devture_postgres_enabled else [])
|
|
}}
|
|
|
|
devture_postgres_backup_container_network: "{{ devture_postgres_container_network }}"
|
|
|
|
devture_postgres_backup_uid: "{{ mash_playbook_uid }}"
|
|
devture_postgres_backup_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_postgres_backup_connection_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
|
devture_postgres_backup_connection_port: "{{ devture_postgres_connection_port if devture_postgres_enabled else 5432 }}"
|
|
devture_postgres_backup_connection_username: "{{ devture_postgres_connection_username if devture_postgres_enabled else '' }}"
|
|
devture_postgres_backup_connection_password: "{{ devture_postgres_connection_password if devture_postgres_enabled else '' }}"
|
|
|
|
devture_postgres_backup_postgres_data_path: "{{ devture_postgres_data_path if devture_postgres_enabled else '' }}"
|
|
|
|
devture_postgres_backup_databases: "{{ devture_postgres_managed_databases | map(attribute='name') if devture_postgres_enabled else [] }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.postgres_backup #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.playbook_state_preserver #
|
|
# #
|
|
########################################################################
|
|
|
|
# To completely disable this feature, use `devture_playbook_state_preserver_enabled: false`.
|
|
|
|
devture_playbook_state_preserver_uid: "{{ mash_playbook_uid }}"
|
|
devture_playbook_state_preserver_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_playbook_state_preserver_vars_preservation_dst: "{{ mash_playbook_base_path }}/vars.yml"
|
|
|
|
devture_playbook_state_preserver_commit_hash_preservation_dst: "{{ mash_playbook_base_path }}/git_hash.yml"
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.playbook_state_preserver #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.container_socket_proxy #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_container_socket_proxy_enabled: "{{ devture_traefik_enabled }}"
|
|
|
|
devture_container_socket_proxy_identifier: "{{ mash_playbook_service_identifier_prefix }}container-socket-proxy"
|
|
|
|
devture_container_socket_proxy_base_path: "{{ mash_playbook_base_path }}/container-socket-proxy"
|
|
|
|
devture_container_socket_proxy_uid: "{{ mash_playbook_uid }}"
|
|
devture_container_socket_proxy_gid: "{{ mash_playbook_gid }}"
|
|
|
|
# Traefik requires read access to the containers APIs to do its job
|
|
devture_container_socket_proxy_api_containers_enabled: true
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.container_socket_proxy #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.traefik #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_traefik_enabled: "{{ mash_playbook_reverse_proxy_type == 'playbook-managed-traefik' }}"
|
|
|
|
devture_traefik_identifier: "{{ mash_playbook_service_identifier_prefix }}traefik"
|
|
|
|
devture_traefik_base_path: "{{ mash_playbook_base_path }}/traefik"
|
|
|
|
devture_traefik_uid: "{{ mash_playbook_uid }}"
|
|
devture_traefik_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_traefik_config_providers_docker_endpoint: "{{ devture_container_socket_proxy_endpoint if devture_container_socket_proxy_enabled else 'unix:///var/run/docker.sock' }}"
|
|
|
|
devture_traefik_container_additional_networks: |
|
|
{{
|
|
([devture_container_socket_proxy_container_network] if devture_container_socket_proxy_enabled else [])
|
|
}}
|
|
|
|
devture_traefik_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_container_socket_proxy_identifier + '.service'] if devture_container_socket_proxy_enabled else [])
|
|
}}
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.traefik #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.docker_sdk_for_python #
|
|
# #
|
|
########################################################################
|
|
|
|
# To completely disable installing the Docker SDK for Python, use `devture_docker_sdk_for_python_installation_enabled: false`.
|
|
|
|
devture_docker_sdk_for_python_installation_enabled: true
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.docker_sdk_for_python #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# com.devture.ansible.role.timesync #
|
|
# #
|
|
########################################################################
|
|
|
|
# To completely disable installing systemd-timesyncd/ntpd, use `devture_timesync_installation_enabled: false`.
|
|
|
|
devture_timesync_installation_enabled: false
|
|
|
|
########################################################################
|
|
# #
|
|
# /com.devture.ansible.role.timesync #
|
|
# #
|
|
########################################################################
|
|
|
|
########################################################################
|
|
# #
|
|
# collabora-online #
|
|
# #
|
|
########################################################################
|
|
|
|
collabora_online_enabled: false
|
|
|
|
collabora_online_identifier: "{{ mash_playbook_service_identifier_prefix }}collabora-online"
|
|
|
|
collabora_online_base_path: "{{ mash_playbook_base_path }}/collabora-online"
|
|
|
|
collabora_online_uid: "{{ mash_playbook_uid }}"
|
|
collabora_online_gid: "{{ mash_playbook_gid }}"
|
|
|
|
collabora_online_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
collabora_online_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
collabora_online_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
collabora_online_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
collabora_online_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /collabora-online #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# docker-registry #
|
|
# #
|
|
########################################################################
|
|
|
|
docker_registry_enabled: false
|
|
|
|
docker_registry_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry"
|
|
|
|
docker_registry_base_path: "{{ mash_playbook_base_path }}/docker-registry"
|
|
|
|
docker_registry_uid: "{{ mash_playbook_uid }}"
|
|
docker_registry_gid: "{{ mash_playbook_gid }}"
|
|
|
|
docker_registry_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
docker_registry_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
docker_registry_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
docker_registry_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
docker_registry_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /docker-registry #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# docker-registry-browser #
|
|
# #
|
|
########################################################################
|
|
|
|
docker_registry_browser_enabled: false
|
|
|
|
docker_registry_browser_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-browser"
|
|
|
|
docker_registry_browser_base_path: "{{ mash_playbook_base_path }}/docker-registry-browser"
|
|
|
|
docker_registry_browser_uid: "{{ mash_playbook_uid }}"
|
|
docker_registry_browser_gid: "{{ mash_playbook_gid }}"
|
|
|
|
docker_registry_browser_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
docker_registry_browser_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
docker_registry_browser_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
docker_registry_browser_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
docker_registry_browser_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /docker-registry-browser #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# docker-registry-purger #
|
|
# #
|
|
########################################################################
|
|
|
|
docker_registry_purger_enabled: false
|
|
|
|
docker_registry_purger_identifier: "{{ mash_playbook_service_identifier_prefix }}docker-registry-purger"
|
|
|
|
docker_registry_purger_base_path: "{{ mash_playbook_base_path }}/docker-registry-purger"
|
|
|
|
docker_registry_purger_uid: "{{ mash_playbook_uid }}"
|
|
docker_registry_purger_gid: "{{ mash_playbook_gid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /docker-registry-purger #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# gitea #
|
|
# #
|
|
########################################################################
|
|
|
|
gitea_enabled: false
|
|
|
|
gitea_identifier: "{{ mash_playbook_service_identifier_prefix }}gitea"
|
|
|
|
gitea_base_path: "{{ mash_playbook_base_path }}/gitea"
|
|
|
|
gitea_uid: "{{ mash_playbook_uid }}"
|
|
gitea_gid: "{{ mash_playbook_gid }}"
|
|
|
|
gitea_systemd_required_systemd_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
gitea_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and gitea_config_database_hostname == devture_postgres_identifier and gitea_container_network != devture_postgres_container_network else [])
|
|
}}
|
|
|
|
gitea_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
gitea_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
gitea_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
gitea_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
gitea_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
|
gitea_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
|
gitea_config_database_username: "gitea"
|
|
gitea_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.gitea', rounds=655555) | to_uuid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /gitea #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# miniflux #
|
|
# #
|
|
########################################################################
|
|
|
|
miniflux_enabled: false
|
|
|
|
miniflux_identifier: "{{ mash_playbook_service_identifier_prefix }}miniflux"
|
|
|
|
miniflux_base_path: "{{ mash_playbook_base_path }}/miniflux"
|
|
|
|
miniflux_uid: "{{ mash_playbook_uid }}"
|
|
miniflux_gid: "{{ mash_playbook_gid }}"
|
|
|
|
miniflux_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
miniflux_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and miniflux_database_hostname == devture_postgres_identifier and miniflux_container_network != devture_postgres_container_network else [])
|
|
}}
|
|
|
|
miniflux_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
miniflux_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
miniflux_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
miniflux_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
miniflux_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
|
miniflux_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'miniflux.db', rounds=655555) | to_uuid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /miniflux #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# nextcloud #
|
|
# #
|
|
########################################################################
|
|
|
|
nextcloud_enabled: false
|
|
|
|
nextcloud_identifier: "{{ mash_playbook_service_identifier_prefix }}nextcloud"
|
|
|
|
nextcloud_base_path: "{{ mash_playbook_base_path }}/nextcloud"
|
|
|
|
nextcloud_uid: "{{ mash_playbook_uid }}"
|
|
nextcloud_gid: "{{ mash_playbook_gid }}"
|
|
|
|
nextcloud_systemd_required_systemd_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
nextcloud_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and nextcloud_database_hostname == devture_postgres_identifier and nextcloud_container_network != devture_postgres_container_network else [])
|
|
}}
|
|
|
|
nextcloud_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
nextcloud_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
nextcloud_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
nextcloud_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
nextcloud_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
|
nextcloud_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
|
nextcloud_database_username: "nextcloud"
|
|
nextcloud_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.nextcloud', rounds=655555) | to_uuid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /nextcloud #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# peertube #
|
|
# #
|
|
########################################################################
|
|
|
|
peertube_enabled: false
|
|
|
|
peertube_identifier: "{{ mash_playbook_service_identifier_prefix }}peertube"
|
|
|
|
peertube_base_path: "{{ mash_playbook_base_path }}/peertube"
|
|
|
|
peertube_uid: "{{ mash_playbook_uid }}"
|
|
peertube_gid: "{{ mash_playbook_gid }}"
|
|
|
|
peertube_container_additional_networks: |
|
|
{{
|
|
(
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier and peertube_container_network != devture_postgres_container_network else [])
|
|
+
|
|
([redis_container_network] if peertube_config_redis_hostname == redis_identifier else [])
|
|
) | unique
|
|
}}
|
|
|
|
peertube_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
peertube_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
peertube_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
peertube_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
peertube_config_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
|
peertube_config_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
|
peertube_config_database_username: peertube
|
|
peertube_config_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.peertube', rounds=655555) | to_uuid }}"
|
|
|
|
peertube_config_redis_hostname: "{{ redis_identifier if redis_enabled else '' }}"
|
|
|
|
peertube_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and peertube_config_database_hostname == devture_postgres_identifier else [])
|
|
+
|
|
([redis_identifier ~ '.service'] if redis_enabled and peertube_config_redis_hostname == redis_identifier else [])
|
|
}}
|
|
|
|
########################################################################
|
|
# #
|
|
# /peertube #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# prometheus_node_exporter #
|
|
# #
|
|
########################################################################
|
|
|
|
prometheus_node_exporter_enabled: false
|
|
|
|
prometheus_node_exporter_identifier: "{{ mash_playbook_service_identifier_prefix }}prometheus-node-exporter"
|
|
|
|
prometheus_node_exporter_base_path: "{{ mash_playbook_base_path }}/prometheus-node-exporter"
|
|
|
|
prometheus_node_exporter_uid: "{{ mash_playbook_uid }}"
|
|
prometheus_node_exporter_gid: "{{ mash_playbook_gid }}"
|
|
|
|
prometheus_node_exporter_basicauth_enabled: true
|
|
prometheus_node_exporter_basicauth_user: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.user', rounds=655555) | to_uuid }}"
|
|
prometheus_node_exporter_basicauth_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'node.password', rounds=655555) | to_uuid }}"
|
|
|
|
prometheus_node_exporter_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
prometheus_node_exporter_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
prometheus_node_exporter_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
prometheus_node_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
prometheus_node_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
prometheus_node_exporter_process_extra_arguments:
|
|
- "--collector.disable-defaults"
|
|
- "--collector.cpu"
|
|
- "--collector.filesystem"
|
|
- "--collector.meminfo"
|
|
- "--collector.systemd"
|
|
- "--collector.uname"
|
|
prometheus_node_exporter_container_extra_arguments:
|
|
- "--security-opt apparmor=unconfined"
|
|
- "--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave"
|
|
|
|
########################################################################
|
|
# #
|
|
# /prometheus_node_exporter #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# radicale #
|
|
# #
|
|
########################################################################
|
|
|
|
radicale_enabled: false
|
|
|
|
radicale_identifier: "{{ mash_playbook_service_identifier_prefix }}radicale"
|
|
|
|
radicale_base_path: "{{ mash_playbook_base_path }}/radicale"
|
|
|
|
radicale_uid: "{{ mash_playbook_uid }}"
|
|
radicale_gid: "{{ mash_playbook_gid }}"
|
|
|
|
radicale_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
radicale_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
radicale_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
radicale_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
radicale_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /radicale #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# redmine #
|
|
# #
|
|
########################################################################
|
|
|
|
redmine_enabled: false
|
|
|
|
redmine_identifier: "{{ mash_playbook_service_identifier_prefix }}redmine"
|
|
|
|
redmine_base_path: "{{ mash_playbook_base_path }}/redmine"
|
|
|
|
redmine_uid: "{{ mash_playbook_uid }}"
|
|
redmine_gid: "{{ mash_playbook_gid }}"
|
|
|
|
redmine_secret_key_base: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.base', rounds=655555) | to_uuid }}"
|
|
redmine_secret_token: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'secret.token', rounds=655555) | to_uuid }}"
|
|
redmine_database_cipher_key: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.cipherkey', rounds=655555) | to_uuid }}"
|
|
|
|
redmine_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
redmine_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and redmine_database_hostname == devture_postgres_identifier and redmine_container_network != devture_postgres_container_network else [])
|
|
}}
|
|
|
|
redmine_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
redmine_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
redmine_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
redmine_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
redmine_database_type: "{{ 'postgresql' if devture_postgres_enabled else 'sqlite3' }}"
|
|
redmine_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
|
|
redmine_database_username: "redmine"
|
|
redmine_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'redmine.db', rounds=655555) | to_uuid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /redmine #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# redis #
|
|
# #
|
|
########################################################################
|
|
|
|
redis_enabled: false
|
|
|
|
redis_identifier: "{{ mash_playbook_service_identifier_prefix }}redis"
|
|
|
|
redis_base_path: "{{ mash_playbook_base_path }}/redis"
|
|
|
|
redis_uid: "{{ mash_playbook_uid }}"
|
|
redis_gid: "{{ mash_playbook_gid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /redis #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# vaultwarden #
|
|
# #
|
|
########################################################################
|
|
|
|
vaultwarden_enabled: false
|
|
|
|
vaultwarden_identifier: "{{ mash_playbook_service_identifier_prefix }}vaultwarden"
|
|
|
|
vaultwarden_uid: "{{ mash_playbook_uid }}"
|
|
vaultwarden_gid: "{{ mash_playbook_gid }}"
|
|
|
|
vaultwarden_base_path: "{{ mash_playbook_base_path }}/vaultwarden"
|
|
|
|
vaultwarden_systemd_required_systemd_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
vaultwarden_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and vaultwarden_database_hostname == devture_postgres_identifier and vaultwarden_container_network != devture_postgres_container_network else [])
|
|
}}
|
|
|
|
vaultwarden_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
vaultwarden_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
|
|
vaultwarden_database_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
|
vaultwarden_database_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
|
vaultwarden_database_username: "vaultwarden"
|
|
vaultwarden_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.vaultwarden', rounds=655555) | to_uuid }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /vaultwarden #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# etke/uptime_kuma #
|
|
# #
|
|
########################################################################
|
|
|
|
uptime_kuma_enabled: false
|
|
|
|
uptime_kuma_identifier: "{{ mash_playbook_service_identifier_prefix }}uptime-kuma"
|
|
|
|
uptime_kuma_base_path: "{{ mash_playbook_base_path }}/uptime-kuma"
|
|
|
|
uptime_kuma_uid: "{{ mash_playbook_uid }}"
|
|
uptime_kuma_gid: "{{ mash_playbook_gid }}"
|
|
|
|
uptime_kuma_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
uptime_kuma_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
uptime_kuma_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
uptime_kuma_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
uptime_kuma_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /etke/uptime_kuma #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# woodpecker-ci-server #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_woodpecker_ci_server_enabled: false
|
|
|
|
devture_woodpecker_ci_server_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-server"
|
|
|
|
devture_woodpecker_ci_server_uid: "{{ mash_playbook_uid }}"
|
|
devture_woodpecker_ci_server_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_woodpecker_ci_server_base_path: "{{ mash_playbook_base_path }}/woodpecker-ci/server"
|
|
|
|
devture_woodpecker_ci_server_systemd_required_systemd_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier else [])
|
|
}}
|
|
|
|
devture_woodpecker_ci_server_container_additional_networks: |
|
|
{{
|
|
(
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
+
|
|
([devture_postgres_container_network] if devture_postgres_enabled and devture_woodpecker_ci_server_database_datasource_hostname == devture_postgres_identifier and devture_woodpecker_ci_server_container_network != devture_postgres_container_network else [])
|
|
) | unique
|
|
}}
|
|
|
|
devture_woodpecker_ci_server_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
devture_woodpecker_ci_server_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
|
|
devture_woodpecker_ci_server_database_driver: postgres
|
|
devture_woodpecker_ci_server_database_datasource: "postgres://{{ devture_woodpecker_ci_server_database_datasource_username }}:{{ devture_woodpecker_ci_server_database_datasource_password }}@{{ devture_woodpecker_ci_server_database_datasource_hostname }}:{{ devture_woodpecker_ci_server_database_datasource_port }}/{{ devture_woodpecker_ci_server_database_datasource_db_name }}?sslmode=disable"
|
|
|
|
devture_woodpecker_ci_server_database_datasource_hostname: "{{ devture_postgres_identifier if devture_postgres_enabled else '' }}"
|
|
devture_woodpecker_ci_server_database_datasource_port: "{{ '5432' if devture_postgres_enabled else '' }}"
|
|
devture_woodpecker_ci_server_database_datasource_username: woodpecker_ci_server
|
|
devture_woodpecker_ci_server_database_datasource_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'woodpecker.ci', rounds=655555) | to_uuid }}"
|
|
devture_woodpecker_ci_server_database_datasource_db_name: woodpecker_ci_server
|
|
|
|
########################################################################
|
|
# #
|
|
# /woodpecker-ci-server #
|
|
# #
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
# #
|
|
# woodpecker-ci-agent #
|
|
# #
|
|
########################################################################
|
|
|
|
devture_woodpecker_ci_agent_enabled: false
|
|
|
|
devture_woodpecker_ci_agent_identifier: "{{ mash_playbook_service_identifier_prefix }}woodpecker-ci-agent"
|
|
|
|
devture_woodpecker_ci_agent_uid: "{{ mash_playbook_uid }}"
|
|
devture_woodpecker_ci_agent_gid: "{{ mash_playbook_gid }}"
|
|
|
|
devture_woodpecker_ci_agent_base_path: "{{ mash_playbook_base_path }}/woodpecker-ci/agent"
|
|
|
|
devture_woodpecker_ci_agent_systemd_required_systemd_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
+
|
|
([devture_woodpecker_ci_server_identifier ~ '.service'] if devture_woodpecker_ci_server_enabled else [])
|
|
}}
|
|
|
|
devture_woodpecker_ci_agent_container_additional_networks: |
|
|
{{
|
|
(
|
|
([devture_woodpecker_ci_server_container_network] if devture_woodpecker_ci_server_enabled and devture_woodpecker_ci_server_container_network != devture_woodpecker_ci_agent_container_network else [])
|
|
) | unique
|
|
}}
|
|
|
|
devture_woodpecker_ci_agent_config_server: "{{ (devture_woodpecker_ci_server_identifier + ':' + devture_woodpecker_ci_server_config_grpc_addr_port | string) if devture_woodpecker_ci_agent_enabled else '' }}"
|
|
|
|
devture_woodpecker_ci_agent_config_agent_secret: "{{ devture_woodpecker_ci_server_config_agent_secret if devture_woodpecker_ci_agent_enabled else '' }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /woodpecker-ci-agent #
|
|
# #
|
|
########################################################################
|
|
|
|
########################################################################
|
|
# #
|
|
# hubsite #
|
|
# #
|
|
########################################################################
|
|
|
|
hubsite_enabled: false
|
|
|
|
hubsite_service_list_auto: |
|
|
{{
|
|
([{'name': 'Miniflux', 'url': 'https://' + miniflux_hostname + miniflux_path_prefix, 'logo_location': '{{ role_path }}/assets/miniflux.png', 'description': 'An opinionated feed reader '}] if miniflux_enabled else [])
|
|
+
|
|
([{'name': 'Uptime Kuma', 'url': 'https://' + uptime_kuma_hostname + uptime_kuma_path_prefix, 'logo_location': '{{ role_path }}/assets/uptime-kuma.png', 'description': 'Check if the status of services'}] if uptime_kuma_enabled else [])
|
|
+
|
|
([{'name': 'Nextcloud', 'url': 'https://' + nextcloud_hostname + nextcloud_path_prefix, 'logo_location': '{{ role_path }}/assets/nextcloud.png', 'description': 'Sync your files & much more'}] if nextcloud_enabled else [])
|
|
+
|
|
([{'name': 'Peertube', 'url': 'https://' + peertube_hostname + peertube_path_prefix, 'logo_location': '{{ role_path }}/assets/peertube.png', 'description': 'Watch videos '}] if peertube_enabled else [])
|
|
+
|
|
([{'name': 'Vaultwarden', 'url': 'https://' + vaultwarden_hostname + vaultwarden_path_prefix, ' logo_location': '{{ role_path }}/assets/vaultwarden.png', 'description': 'Securly access your passwords'}] if vaultwarden_enabled else [])
|
|
+
|
|
([{'name': 'Gitea', 'url': 'https://' + gitea_hostname + gitea_path_prefix, 'logo_location': '{{ role_path }}/assets/gitea.png', 'description': 'A git service'}] if gitea_enabled else [])
|
|
}}
|
|
|
|
hubsite_identifier: "{{ mash_playbook_service_identifier_prefix }}hubsite"
|
|
|
|
hubsite_base_path: "{{ mash_playbook_base_path }}/hubsite"
|
|
|
|
hubsite_uid: "{{ mash_playbook_uid }}"
|
|
hubsite_gid: "{{ mash_playbook_gid }}"
|
|
|
|
hubsite_systemd_required_services_list: |
|
|
{{
|
|
(['docker.service'])
|
|
}}
|
|
|
|
hubsite_container_additional_networks: |
|
|
{{
|
|
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
|
|
}}
|
|
|
|
hubsite_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
|
|
hubsite_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
|
|
hubsite_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
|
|
hubsite_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
|
|
|
|
########################################################################
|
|
# #
|
|
# /hubsite #
|
|
# #
|
|
########################################################################
|