av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Compare commits

base: av:160f4219c57cba76ff2aa9fc65635d4765498f6e
Branches Tags
av:master
...
compare: av:master
Branches Tags
av:master

23 Commits
160f4219c5 ... master

Author SHA1 Message Date
Anton Vakhrushev
1d5ce38922 Wakapi: upgrade to 2.15.0 2025-09-07 11:16:30 +03:00
Anton Vakhrushev
0b9e66f067 Authelia: upgrade to 4.39.8 2025-09-05 09:29:39 +03:00
Anton Vakhrushev
379a113b86 Dozzle: upgrade to 8.13.12 2025-09-05 09:29:22 +03:00
Anton Vakhrushev
8538c00175 Outline: upgrade to 0.87.3 2025-09-05 09:29:05 +03:00
Anton Vakhrushev
645276018b Authelia: upgrade to 4.39.7 2025-09-01 09:30:59 +03:00
Anton Vakhrushev
ce5d682842 Dozzle: upgrade to 8.13.11 2025-09-01 09:30:35 +03:00
Anton Vakhrushev
de5b0f66bd Gramps: upgrade to 25.8.0 2025-09-01 09:30:18 +03:00
Anton Vakhrushev
64602b1db3 Outline: upgrade to 0.87.0 2025-09-01 09:29:55 +03:00
Anton Vakhrushev
caecb9b57e Caddy: upgrade to 2.10.2 2025-08-29 08:31:52 +03:00
Anton Vakhrushev
e8be04d5e1 Dozzle: upgrade to 8.13.10 2025-08-29 08:31:32 +03:00
Anton Vakhrushev
a7f90da43f Netdata: upgrade to 2.6.3 2025-08-25 09:11:55 +03:00
Anton Vakhrushev
0f80206c62 Gitea: upgrade to 1.24.5 2025-08-16 08:49:35 +03:00
Anton Vakhrushev
1daff82cc5 Dozzle: upgrade to 8.13.9 2025-08-16 08:49:16 +03:00
Anton Vakhrushev
9b4293c624 Add transcriber app 2025-08-14 15:13:29 +03:00
Anton Vakhrushev
0d93e8094c Authelia: more strict policy 2025-08-13 19:21:14 +03:00
Anton Vakhrushev
b92ab556e5 Dozzle: fix hostname 2025-08-13 19:21:00 +03:00
Anton Vakhrushev
8086799c7b Dozzle: install version 8.13.8 2025-08-13 19:08:46 +03:00
Anton Vakhrushev
6ec5df4b66 Netdata: upgrade to 2.6.2 2025-08-13 18:49:18 +03:00
Anton Vakhrushev
fb91e45806 Outline: upgrade to 0.86.1 2025-08-11 08:15:06 +03:00
Anton Vakhrushev
44f82434e7 Authelia: upgrade to 4.39.6 2025-08-11 08:14:37 +03:00
Anton Vakhrushev
31ca27750e Docker: remove unnecessary call 
Login to yandex registry only need in app playbooks
 2025-08-07 15:46:39 +03:00
Anton Vakhrushev
4be8d297ba Authelia: move secrets to separate file 2025-08-07 15:07:51 +03:00
Anton Vakhrushev
bcd8e62691 Backups: rewrite backup script 
To avoid specifying individual applications
 2025-08-07 12:06:07 +03:00
23 changed files with 2389 additions and 3778 deletions
Expand all files Collapse all files

3
Taskfile.yml
View File

@@ -46,8 +46,9 @@ tasks:
- > - >
ansible localhost ansible localhost
--module-name template --module-name template
--args "src=files/authelia/configuration.yml.j2 dest={{.DEST_FILE}}" --args "src=files/authelia/configuration.template.yml dest={{.DEST_FILE}}"
--extra-vars "@vars/secrets.yml" --extra-vars "@vars/secrets.yml"
--extra-vars "@files/authelia/secrets.yml"
- defer: rm -f {{.DEST_FILE}} - defer: rm -f {{.DEST_FILE}}
- > - >
{{.AUTHELIA_DOCKER}} {{.AUTHELIA_DOCKER}}

3725
files/authelia/configuration.secrets.yml.j2
View File

File diff suppressed because it is too large Load Diff

1683
files/authelia/configuration.template.yml Normal file
View File

File diff suppressed because it is too large Load Diff

2
files/authelia/docker-compose.yml.j2
View File

@@ -2,7 +2,7 @@ services:
authelia_app: authelia_app:
container_name: 'authelia_app' container_name: 'authelia_app'
image: 'docker.io/authelia/authelia:4.39.5' image: 'docker.io/authelia/authelia:4.39.8'
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}' user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'
restart: 'unless-stopped' restart: 'unless-stopped'
networks: networks:

136
files/authelia/secrets.yml Normal file
View File

@@ -0,0 +1,136 @@
$ANSIBLE_VAULT;1.1;AES256
37373465363866623436393966626530656465653837363463323664383666663164363233623738
3233383234343332623065386134643161346132653431350a303935373631656366633339663333
32353263346437626633346263323533313238613462613334353334643236343438306630333037
6435313930313262310a386662336637623461303636633337303531353261343861313966383764
32353439333364353434653164666434326232383562363063313433373137383138396266383134
36613538653531346232353236313262313138656234626638623034363436303337313961333536
66366666383363333439333439623931626662383764393463663733333034636633353538656137
62386263613533343963396166666532313862366433636536613266353064633932323765336362
34643634643962333563346633306665313765393663306364363362333536646635343832333634
30383361653063396333616433323235663338346439303465323135626639646166303164643339
31616534633034393339373934346531633433323433646436333863306566356462613531663136
61343561616434306163616130626338663737633866646537323263316636626137366361363963
31303361366365616335363230343239663038623830303232376236393639663232333764643064
34666439316430356664313531333363626562633636326463313765343263393636333465386339
33623037343134633535303863626564373630656463336330396336303462373735346331616663
63666161356565643539343431386231396162323030383836366161303634626266663934356362
61623833613734333661613338373663663230363331373236323166636534613962613763343663
31666534303965333466653335646263343764346465373461326166666266303138363933653566
37636530306632346636626336616536346236663664383864623863653835366133633635613861
63303634333962343039646564353534313063383434386462366333386331303433366665623734
61353039313762383664626330663230656237373061616132376564323763393632356665306633
34643865333165616664376162306634366532386437383461396163376366363832363834356164
64376637373135383539353636346461353761366561303530326363366238393932333039313264
34316539626365306461323336396631633532306637306331373863613531656565366236656338
30306237626561613561353265643137353965313033313939643161613163643566663632663964
61623134656238363134626530363933623930346532336366393163363562386265626233393139
63633333313531666335376538613765663933626533636137306564616333373766613665613332
65643331626361626136623432346233633364343963653932306632646436626433653337326665
39343033353030616630663865613630613032333831626538323461383264636633623439393765
65343866323237386336613764386439313830646239613135636161333138646664666339626137
36616433393339346139323333363030613731313236636464393864616135346234643664343533
31396661306664343031393865306533373762663962623730313261353231363661306134623934
64613931356164386431663536363361386566353361333861666365636564643536306638376238
37633865303063643962346664346366346362313463386432376637663934363165343537323532
63363431623663656163316662343435636165306134373839613731326139636337343862326338
61326433343631343065303735663434316330303139303834316137663330363762666664393062
30653236636538396234313735613365386635323062666236656164633136313362643834336339
32623834343334613839313138313462376237666238636663343333643533643537376261666433
64323933323134393461623034623563316135333566326135326434613237363830623063626535
66323533356366346130626530633337393263663664353430646330353339313534396434653137
36663737396261653162663337663338373433653233616363626130333833323533303363643730
66613135633761346433626164643130353963313762643361306537653639373934333565373439
31636133383866373032373562653933316163353936386339326266363233663633623437346665
66393630346434356563393039626537336537313930393437663562303031626338616266363361
65653033363539633364326531653563383634303830386362303665306438663035373831646562
30356564623733623939663332393463663730643533666134636361316263633166626566333831
66376461383139626230343136373437393464646331633139633435303236623132343035373037
39363131623330376262326235646633303232623139626239326361313236316665316464616265
35303166333561626130323864363430663332306338353731383139386131346132653632633132
37643865393462623831623435633838323664666264623232326561653866626437373864666232
64393466326162323236353539326364336238643031313434346566316434383733663663356334
62343337386532393236353432653239643735323531306337373739343839306264356666636635
35626665646634653766323939633434303238633564613962643364356631623539623032363039
31336535333763323236633531616661313834636231363362376661313931623131343364356364
35653539393265323636303930633639316139643631386632646139643266303531653865623664
31303930613561323330356337396138633033616265356137353336613638656161633063663964
33373965383532656634333863643131333461376135646635323035316230393439386130663036
37373331356364343433316435666130373031303038643063313131653835333365366138656238
38643437376234316332306434633039346564643863656461353364346335353839303734366565
32613364356532623231623632363637373664393764636262346264383134366439373238623032
62326163306532356262393565373937316530623963313266373736356632313831313465666663
61303962333836373832383236663532376130316465393039326366636133323233316134646430
63313437663662353962633561643535396332303533343962643038393165373239336431336664
65356663393565383263613530663762643731356463653538316439303863643363303261363838
33353739306337326665393164366232393665363465343537373866396136346164333663393738
31316335366238316537386236393461656266323566636364343139393665616138663432333564
37653837646666376530373530636164343633653162343131373034633432333138613138346339
32303332626338653561323835343266353633613434346465616162326162393733643837663230
62333630333464633362656661336139393639623863343036636534323637336561333734373262
36373365306531383830383361303566626239343062316166303636323539373966626336613638
31623863643632653036323834346362663834666431643637666137376139386666643834323465
63626264643337376663633335666631653637626364653866353131393336303937633430366430
38383066313831346461643862333838386566613661623130313038386137323331373434363033
34613537303134343532643430383532353934623066383530653435626566333239333162316435
30386361346336666665656336646633353663376337326131663435636533646162616332306530
30373263376437646639623039343234393537303931346461643966383732336366363331643135
65383462353034643464366334636136373035313437366639336338366133663765313735353366
62386239326134343761313464383239316465633932363862303536353365376338643863643834
32633233336262626336383061316137646431353766303930336562386136383530613538383837
66336235643437636138646663393565383466636232366133343232306563363635316561346565
36633637303163303963396132653731663134666238363939666663303033316564356364633162
31376233306138666131333634336639643163666562653934336162323964613863646564616361
33666264303163326664633839303562333664383130356134383836313635376239353137313363
66613132663137383737373530326131663861303935663635373464306334363962333566663261
64616361366137626163626139333630653331383763353632396130306231376662666363353962
66343064313932386631303663373432646135353438313632316634336235316139313237666362
31383638393362663038363765303634363366326265643332393165643635643339343137373930
37633031626365353033333938623466663963376366353561303166373164386132376365643630
32333134316464643564373537643734353534366563666435663663616331383039393862613838
63633962316533386337366263636265646334636235323430383832363964343939633264343338
64366539383831373636343330356537323662666533323935646634363466663239663362326531
66363863383762303539373636336330353834303239376330623964393439356130646166663332
65326162336366363466646230656362653531386162356235326235333866373966636434326537
38653139393563373337346636333337373039343439343139313366316264613763663664633037
32313237653239643635393363316465346561613331623033323137653865396239633639323534
61326262643365363737393031383461626530636266393836663937666135363662353665376362
63643039373931316439303731663762393237623065643236303737643966393836646335626132
36376665656662373437653933356330636638626162666564393636633630663562303839326662
35626261616534386361373539633636356136616137323737393466633364653730356138343638
36663537663361393566616365383161366236646630653737643765666638346531376136643163
37643530373330353238323431343761653633306464643835343333623837313135303031666535
30326538636432303363666131376334393361333232313834623230306630373834633265333237
34323731333835363863643031346166636464653731636636313161643265613861336638313338
32383438353763343933383537636464666466386131363566306562333136356538326239656232
33343631613134616265393232613063643561633335323665383133313536313364343066366665
63636439376436393162306638303062616435333039343566613961626434303766616535623364
32643866393430303137366264306262643365663034613965666332313430366630653736303537
39663832326132393066373166613161613130363033363633366563353461663435393565326362
37616462393933303937643664343663373234663066633834626164303866323835363333366266
36356133336165613032646436306162663534306239313330353935336332643637653534626233
38303965646361316434343131653461353234396163613736333235656639326231353734636266
61613566336437666265366637336363326266383666383165343661333766303830633633393664
34613061396564616337643032666561633038663062336233666263306132663139396565323035
33353438633338363263313630393239376162366461383265386633613939663461616233396334
35616433663862616530636362396333343464393339396538333861303763393066626439396361
32303732393062383662633937653531653933333463366638613035333832636235346233653866
35656664636636326163353439626538343463613465613634656530366566323165623162303565
31303139343138616132383731323061346431336133643735356532373838663761313139663361
33656365636261303532333131346633373732643232303139353431663132346532616334613034
30363137613133396335343162643936623330393834356365663932626262313366616534663033
37376132656233633361623733356334636266383361656437613331306636656333623139303661
38353639346266333833663533366661633136313262396465633738373438623262306637643336
34656136343139663461336264346666333537633065343766316630626566363761396537643334
30323766633664666639363965363138396334343365346333663035323839613030626533303830
31333734386565383831373939306265636432386332313531623638333663643162623339613366
34363935636266313736366639373833636230633661323935646331376336623937353039343561
39623865663462663431643738653663663733663765383663623437383163613232336332653531
64663133353934313436336633666435343162316135303663636130353936363936363032313263
65376436316237663434323736663263376164346139616465663737323963316361373438633339
31323261343635633338613636643232616537653331326331353161396331633461643861323466
64633033623537386263376263346666633939336133616234363964363339616331636464326163
63633862373030323132613439343431333938343864383637613435323732356234613965666364
37343765353735633737393664306533633262353562323565306537646534663833343430643662
39326134353335653938396532363136376332306162613836663464636233383436333735663731
313461396466396230323561646662653063

37
files/backups/backup-all.sh.j2
View File

@@ -1,37 +0,0 @@
#!/usr/bin/env bash
set -eu
set -o pipefail
echo "Backup: perform gitea backup"
su --login gitea --command '/home/gitea/backup.sh'
echo "Backup: perform outline backup"
su --login outline --command '/home/outline/backup.sh'
echo "Backup: perform gramps backup"
su --login gramps --command '/home/gramps/backup.sh'
echo "Backup: perform miniflux backup"
su --login miniflux --command '/home/miniflux/backup.sh'
echo "Backup: perform wakapi backup"
su --login wakapi --command '/home/wakapi/backup.sh'
echo "Backup: send backups to remote storage with retic"
restic-shell.sh backup --verbose /home/gitea/backups /home/outline/backups /home/gramps/backups /home/miniflux/backups /home/wakapi/backups \
&& restic-shell.sh check \
&& restic-shell.sh forget --compact --prune --keep-daily 90 --keep-monthly 36 \
&& restic-shell.sh check
echo "Backup: send notification"
curl -s -X POST 'https://api.telegram.org/bot{{ notifications_tg_bot_token }}/sendMessage' \
-d 'chat_id={{ notifications_tg_chat_id }}' \
-d 'parse_mode=HTML' \
-d 'text=<b>{{ notifications_name }}</b>: бекап успешно завершен!'
echo -e "\nBackup: done"

326
files/backups/backup-all.template.py Normal file
View File

@@ -0,0 +1,326 @@
#!/usr/bin/env python3
"""
Backup script for all applications
Automatically discovers and runs backup scripts for all users,
then creates restic backups and sends notifications.
"""
import os
import sys
import subprocess
import logging
import pwd
from pathlib import Path
from typing import List, Tuple, Optional
import requests
# Configure logging
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s - %(levelname)s - %(message)s",
handlers=[
logging.StreamHandler(sys.stdout),
logging.FileHandler("/var/log/backup-all.log"),
],
)
logger = logging.getLogger(__name__)
# Configuration from Ansible template variables
RESTIC_REPOSITORY = "{{ restic_repository }}"
RESTIC_PASSWORD = "{{ restic_password }}"
AWS_ACCESS_KEY_ID = "{{ restic_s3_access_key }}"
AWS_SECRET_ACCESS_KEY = "{{ restic_s3_access_secret }}"
AWS_DEFAULT_REGION = "{{ restic_s3_region }}"
TELEGRAM_BOT_TOKEN = "{{ notifications_tg_bot_token }}"
TELEGRAM_CHAT_ID = "{{ notifications_tg_chat_id }}"
NOTIFICATIONS_NAME = "{{ notifications_name }}"
class BackupManager:
def __init__(self):
self.errors = []
self.warnings = []
self.successful_backups = []
def get_home_directories(self) -> List[Tuple[str, str]]:
"""Get all home directories and their owners"""
home_dirs = []
home_path = Path("/home")
if not home_path.exists():
logger.error("/home directory does not exist")
return home_dirs
for user_dir in home_path.iterdir():
if user_dir.is_dir():
try:
# Get the owner of the directory
stat_info = user_dir.stat()
owner = pwd.getpwuid(stat_info.st_uid).pw_name
home_dirs.append((str(user_dir), owner))
except (KeyError, OSError) as e:
logger.warning(f"Could not get owner for {user_dir}: {e}")
return home_dirs
def find_backup_script(self, home_dir: str) -> Optional[str]:
"""Find backup script in user's home directory"""
possible_scripts = [
os.path.join(home_dir, "backup.sh"),
os.path.join(home_dir, "backup"),
]
for script_path in possible_scripts:
if os.path.exists(script_path):
# Check if file is executable
if os.access(script_path, os.X_OK):
return script_path
else:
logger.warning(
f"Backup script {script_path} exists but is not executable"
)
return None
def run_user_backup(self, script_path: str, username: str) -> bool:
"""Run backup script as the specified user"""
try:
logger.info(f"Running backup script {script_path} as user {username}")
# Use su to run the script as the user
cmd = ["su", "--login", username, "--command", script_path]
result = subprocess.run(
cmd, capture_output=True, text=True, timeout=3600 # 1 hour timeout
)
if result.returncode == 0:
logger.info(f"Backup script for {username} completed successfully")
self.successful_backups.append(username)
return True
else:
error_msg = f"Backup script for {username} failed with return code {result.returncode}"
if result.stderr:
error_msg += f": {result.stderr}"
logger.error(error_msg)
self.errors.append(f"User {username}: {error_msg}")
return False
except subprocess.TimeoutExpired:
error_msg = f"Backup script for {username} timed out"
logger.error(error_msg)
self.errors.append(f"User {username}: {error_msg}")
return False
except Exception as e:
error_msg = f"Failed to run backup script for {username}: {str(e)}"
logger.error(error_msg)
self.errors.append(f"User {username}: {error_msg}")
return False
def get_backup_directories(self) -> List[str]:
"""Get all backup directories that exist"""
backup_dirs = []
home_dirs = self.get_home_directories()
for home_dir, _ in home_dirs:
backup_path = os.path.join(home_dir, "backups")
if os.path.exists(backup_path) and os.path.isdir(backup_path):
backup_dirs.append(backup_path)
return backup_dirs
def run_restic_backup(self, backup_dirs: List[str]) -> bool:
"""Run restic backup for all backup directories"""
if not backup_dirs:
logger.warning("No backup directories found")
return True
try:
logger.info("Starting restic backup")
# Set environment variables for restic
env = os.environ.copy()
env.update(
{
"RESTIC_REPOSITORY": RESTIC_REPOSITORY,
"RESTIC_PASSWORD": RESTIC_PASSWORD,
"AWS_ACCESS_KEY_ID": AWS_ACCESS_KEY_ID,
"AWS_SECRET_ACCESS_KEY": AWS_SECRET_ACCESS_KEY,
"AWS_DEFAULT_REGION": AWS_DEFAULT_REGION,
}
)
# Run backup
backup_cmd = ["restic", "backup", "--verbose"] + backup_dirs
result = subprocess.run(backup_cmd, env=env, capture_output=True, text=True)
if result.returncode != 0:
error_msg = f"Restic backup failed: {result.stderr}"
logger.error(error_msg)
self.errors.append(f"Restic backup: {error_msg}")
return False
logger.info("Restic backup completed successfully")
# Run check
check_cmd = ["restic", "check"]
result = subprocess.run(check_cmd, env=env, capture_output=True, text=True)
if result.returncode != 0:
error_msg = f"Restic check failed: {result.stderr}"
logger.error(error_msg)
self.errors.append(f"Restic check: {error_msg}")
return False
logger.info("Restic check completed successfully")
# Run forget and prune
forget_cmd = [
"restic",
"forget",
"--compact",
"--prune",
"--keep-daily",
"90",
"--keep-monthly",
"36",
]
result = subprocess.run(forget_cmd, env=env, capture_output=True, text=True)
if result.returncode != 0:
error_msg = f"Restic forget/prune failed: {result.stderr}"
logger.error(error_msg)
self.errors.append(f"Restic forget/prune: {error_msg}")
return False
logger.info("Restic forget/prune completed successfully")
# Final check
result = subprocess.run(check_cmd, env=env, capture_output=True, text=True)
if result.returncode != 0:
error_msg = f"Final restic check failed: {result.stderr}"
logger.error(error_msg)
self.errors.append(f"Final restic check: {error_msg}")
return False
logger.info("Final restic check completed successfully")
return True
except Exception as e:
error_msg = f"Restic backup process failed: {str(e)}"
logger.error(error_msg)
self.errors.append(f"Restic: {error_msg}")
return False
def send_telegram_notification(self, success: bool) -> None:
"""Send notification to Telegram"""
try:
if success and not self.errors:
message = f"<b>{NOTIFICATIONS_NAME}</b>: бекап успешно завершен!"
if self.successful_backups:
message += (
f"\n\nУспешные бекапы: {', '.join(self.successful_backups)}"
)
else:
message = f"<b>{NOTIFICATIONS_NAME}</b>: бекап завершен с ошибками!"
if self.successful_backups:
message += (
f"\n\n✅ Успешные бекапы: {', '.join(self.successful_backups)}"
)
if self.warnings:
message += f"\n\n⚠️ Предупреждения:\n" + "\n".join(self.warnings)
if self.errors:
message += f"\n\n❌ Ошибки:\n" + "\n".join(self.errors)
url = f"https://api.telegram.org/bot{TELEGRAM_BOT_TOKEN}/sendMessage"
data = {"chat_id": TELEGRAM_CHAT_ID, "parse_mode": "HTML", "text": message}
response = requests.post(url, data=data, timeout=30)
if response.status_code == 200:
logger.info("Telegram notification sent successfully")
else:
logger.error(
f"Failed to send Telegram notification: {response.status_code} - {response.text}"
)
except Exception as e:
logger.error(f"Failed to send Telegram notification: {str(e)}")
def run_backup_process(self) -> bool:
"""Main backup process"""
logger.info("Starting backup process")
# Get all home directories
home_dirs = self.get_home_directories()
logger.info(f"Found {len(home_dirs)} home directories")
# Process each user's backup
for home_dir, username in home_dirs:
logger.info(f"Processing backup for user: {username} ({home_dir})")
# Find backup script
backup_script = self.find_backup_script(home_dir)
if backup_script is None:
warning_msg = (
f"No backup script found for user {username} in {home_dir}"
)
logger.warning(warning_msg)
self.warnings.append(warning_msg)
continue
# Run backup script
self.run_user_backup(backup_script, username)
# Get backup directories
backup_dirs = self.get_backup_directories()
logger.info(f"Found backup directories: {backup_dirs}")
# Run restic backup
restic_success = self.run_restic_backup(backup_dirs)
# Determine overall success
overall_success = restic_success and len(self.errors) == 0
# Send notification
self.send_telegram_notification(overall_success)
logger.info("Backup process completed")
if self.errors:
logger.error(f"Backup completed with {len(self.errors)} errors")
return False
elif self.warnings:
logger.warning(f"Backup completed with {len(self.warnings)} warnings")
return True
else:
logger.info("Backup completed successfully")
return True
def main():
"""Main entry point"""
try:
backup_manager = BackupManager()
success = backup_manager.run_backup_process()
if success:
sys.exit(0)
else:
sys.exit(1)
except KeyboardInterrupt:
logger.info("Backup process interrupted by user")
sys.exit(130)
except Exception as e:
logger.error(f"Unexpected error in backup process: {str(e)}")
sys.exit(1)
if __name__ == "__main__":
main()

11
files/caddyproxy/Caddyfile.j2
View File

@@ -91,3 +91,14 @@ rssbridge.vakhrushev.me {
reverse_proxy rssbridge_app:80 reverse_proxy rssbridge_app:80
} }
dozzle.vakhrushev.me {
tls anwinged@ya.ru
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name Remote-Filter
}
reverse_proxy dozzle_app:8080
}
}

2
files/caddyproxy/docker-compose.yml.j2
View File

@@ -1,7 +1,7 @@
services: services:
{{ service_name }}: {{ service_name }}:
image: caddy:2.10.0 image: caddy:2.10.2
restart: unless-stopped restart: unless-stopped
container_name: {{ service_name }} container_name: {{ service_name }}
ports: ports:

23
files/dozzle/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,23 @@
services:
dozzle_app:
image: amir20/dozzle:v8.13.12
container_name: dozzle_app
restart: unless-stopped
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- "web_proxy_network"
environment:
DOZZLE_HOSTNAME: vakhrushev.me
DOZZLE_AUTH_PROVIDER: forward-proxy
healthcheck:
test: ["CMD", "/dozzle", "healthcheck"]
interval: 3s
timeout: 30s
retries: 5
start_period: 30s
networks:
web_proxy_network:
external: true

2
files/gitea/docker-compose.yml.j2
View File

@@ -1,7 +1,7 @@
services: services:
gitea_app: gitea_app:
image: gitea/gitea:1.24.4 image: gitea/gitea:1.24.5
restart: unless-stopped restart: unless-stopped
container_name: gitea_app container_name: gitea_app
ports: ports:

2
files/gramps/docker-compose.yml.j2
View File

@@ -3,7 +3,7 @@
services: services:
gramps_app: &gramps_app gramps_app: &gramps_app
image: ghcr.io/gramps-project/grampsweb:25.7.3 image: ghcr.io/gramps-project/grampsweb:25.8.0
container_name: gramps_app container_name: gramps_app
depends_on: depends_on:
- gramps_redis - gramps_redis

2
files/netdata/docker-compose.yml.j2
View File

@@ -2,7 +2,7 @@
services: services:
netdata: netdata:
image: netdata/netdata:v2.6.1 image: netdata/netdata:v2.6.3
container_name: netdata container_name: netdata
restart: unless-stopped restart: unless-stopped
cap_add: cap_add:

3
files/netdata/go.d/prometheus.conf
View File

@@ -19,3 +19,6 @@ jobs:
selector: selector:
allow: allow:
- "miniflux_*" - "miniflux_*"
- name: transcriber
url: http://transcriber_app:8080/metrics

2
files/outline/docker-compose.yml.j2
View File

@@ -3,7 +3,7 @@ services:
# See sample https://github.com/outline/outline/blob/main/.env.sample # See sample https://github.com/outline/outline/blob/main/.env.sample
outline_app: outline_app:
image: outlinewiki/outline:0.86.0 image: outlinewiki/outline:0.87.3
container_name: outline_app container_name: outline_app
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:

44
files/transcriber/config.secrets.toml Normal file
View File

@@ -0,0 +1,44 @@
$ANSIBLE_VAULT;1.1;AES256
33396537353265633634336630353330653337623861373731613734663938633837613437366537
3439383366633266623463366530626662346338393165630a663539313066663061353635666366
61393437393131333166626165306563366661353338363138633239666566313330363331666537
3763356535396334380a386362383436363732353234333033613133383264643934306432313335
34646164323664636532663835306230386633316539373564383163346663376666633564326134
30666135626637343963383766383836653135633739636261353666303666633566346562643962
63376165636434343066306539653637343736323437653465656436323533636237643333326438
35626239323530643066363533323039393237333338316135313838643464306161646635313062
36386565626435373333393566393831366538363864313737306565343162316536353539333864
63376264643566613266373665666363366662643262616634333132386535383731396462633430
32343738343039616139343833366661303430383766376139636434616565356161396433643035
37363165383935373937346464343738643430333764336264373931616332393964346566636638
39303434343461326464623363323937396663376335316237373166306134636432376435663033
34346436623435626363636237373965633139343661623135633764303862353465306235666563
66653764666635636462636434663264646665383236343166643133613966366334653030653262
38326437313939616332636638323033346139343732653933356239306132613665376163646164
30316663643666633334653133613764396165646533636534613931663138666366316235396466
61313964396264626339306135376635633133366433303033633363396132303938363638346333
66326466326134313535393831343262363862663065323135643630316431336531373833316363
64376338653366353031333836643137333736363534363164306331313337353663653961623665
64626562366637336637353433303261303964633236356162363139396339396136393237643935
34316266326561663834353762343766363933313463313263393063343562613933393361653861
38363635323231666438366536626435373365323733663139666534636564623666356436346539
63326436386436356636633637373738343032353664323736653939346234643165313461643833
35666439613136396264313033336539313537613238393262306365656238396464373936616538
64316365616464386638313331653030346330393665353539393834346135643434363736323135
37663433326439356663633162616435313061353662373766633731636439636266666466613363
39343930386534376330663230623832643933336235636166626534366664366562356165373764
63343432323864366162376263656565646661633536666336643030363039616666343063386165
37343238303034313832393538313632396261316232376635633732656663396631323261363433
38373738363833323934353739643538376237316535623035383965613965636337646537326537
64663837643632666334393634323264613139353332306263613165383733386662366333316139
63373839346265366166333331353231663763306163323063613138323835313831303666306561
39316666343761303464333535336361333462623363633333383363303134336139356436666165
62616364373030613837353939363636653537373965613531636130383266643637333233316137
39353866366239643265366162663031346439663234363935353138323739393337313835313062
33373263326565383735366364316461323930336437623834356132346633636364313732383661
66346634613762613037386238656334616430633037343066623463313035646339313638653137
65643166316664626236633332326136303235623934306462643636373437373630346435633835
66346364393236393563623032306631396561623263653236393939313333373635303365316638
66373037333565323733656331636337336665363038353635383531386366633632363031623430
31356461663438653736316464363231303938653932613561633139316361633461626361383132
396436303634613135383839396566393135

23
files/transcriber/docker-compose.yml.j2 Normal file
View File

@@ -0,0 +1,23 @@
services:
transcriber_app:
image: "{{ registry_transcriber_image }}"
container_name: transcriber_app
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'
restart: unless-stopped
volumes:
- "{{ config_file }}:/config/config.toml:ro"
- "{{ data_dir }}:/data"
networks:
- "web_proxy_network"
- "monitoring_network"
environment:
- "USER_UID={{ user_create_result.uid }}"
- "USER_GID={{ user_create_result.group }}"
command: ./transcriber --config=/config/config.toml
networks:
web_proxy_network:
external: true
monitoring_network:
external: true

2
files/wakapi/docker-compose.yml.j2
View File

@@ -3,7 +3,7 @@
services: services:
wakapi_app: wakapi_app:
image: ghcr.io/muety/wakapi:2.14.1 image: ghcr.io/muety/wakapi:2.15.0
container_name: wakapi_app container_name: wakapi_app
restart: unless-stopped restart: unless-stopped
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}' user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'

3
playbook-authelia.yml
View File

@@ -5,6 +5,7 @@
vars_files: vars_files:
- vars/ports.yml - vars/ports.yml
- vars/secrets.yml - vars/secrets.yml
- files/authelia/secrets.yml
vars: vars:
app_name: "authelia" app_name: "authelia"
@@ -40,7 +41,7 @@
- name: "Copy configuration files (templates)" - name: "Copy configuration files (templates)"
ansible.builtin.template: ansible.builtin.template:
src: "files/{{ app_name }}/configuration.secrets.yml.j2" src: "files/{{ app_name }}/configuration.template.yml"
dest: "{{ (config_dir, 'configuration.yml') | path_join }}" dest: "{{ (config_dir, 'configuration.yml') | path_join }}"
owner: "{{ app_user }}" owner: "{{ app_user }}"
group: "{{ app_user }}" group: "{{ app_user }}"

4
playbook-backups.yml
View File

@@ -8,7 +8,7 @@
vars: vars:
restic_shell_script: "{{ (bin_prefix, 'restic-shell.sh') | path_join }}" restic_shell_script: "{{ (bin_prefix, 'restic-shell.sh') | path_join }}"
backup_all_script: "{{ (bin_prefix, 'backup-all.sh') | path_join }}" backup_all_script: "{{ (bin_prefix, 'backup-all.py') | path_join }}"
tasks: tasks:
- name: "Copy restic shell script" - name: "Copy restic shell script"
@@ -21,7 +21,7 @@
- name: "Copy backup all script" - name: "Copy backup all script"
ansible.builtin.template: ansible.builtin.template:
src: "files/backups/backup-all.sh.j2" src: "files/backups/backup-all.template.py"
dest: "{{ backup_all_script }}" dest: "{{ backup_all_script }}"
owner: root owner: root
group: root group: root

6
playbook-docker.yml
View File

@@ -21,11 +21,7 @@
- "docker-{{ docker_edition }}-cli" - "docker-{{ docker_edition }}-cli"
- "docker-{{ docker_edition }}-rootless-extras" - "docker-{{ docker_edition }}-rootless-extras"
docker_users: docker_users:
- major - "{{ primary_user }}"
- name: "Login to yandex docker registry."
ansible.builtin.script:
cmd: "files/yandex-docker-registry-auth.sh"
- name: Create a network for web proxy - name: Create a network for web proxy
community.docker.docker_network: community.docker.docker_network:

34
playbook-dozzle.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: "Configure dozzle application"
hosts: all
vars_files:
- vars/ports.yml
- vars/secrets.yml
vars:
app_name: "dozzle"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true

92
playbook-transcriber.yml Normal file
View File

@@ -0,0 +1,92 @@
---
- name: "Deploy transcriber application"
hosts: all
vars_files:
- vars/ports.yml
- vars/secrets.yml
vars:
app_name: "transcriber"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
config_dir: "{{ (base_dir, 'config') | path_join }}"
config_file: "{{ (config_dir, 'config.toml') | path_join }}"
data_dir: "{{ (base_dir, 'data') | path_join }}"
backups_dir: "{{ (base_dir, 'backups') | path_join }}"
docker_registry_prefix: "cr.yandex/crplfk0168i4o8kd7ade"
# transcriber_image: "{{ transcriber_image | default(omit) }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Create application internal directories"
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0750"
loop:
- "{{ config_dir }}"
- "{{ data_dir }}"
- "{{ backups_dir }}"
- name: "Copy configuration files (templates)"
ansible.builtin.copy:
src: "files/{{ app_name }}/config.secrets.toml"
dest: "{{ config_file }}"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0600"
- name: "Login to yandex docker registry."
ansible.builtin.script:
cmd: "files/yandex-docker-registry-auth.sh"
- name: "Deploy service"
when: transcriber_image is defined
block:
# - name: "Check is web service image passed"
# ansible.builtin.assert:
# that:
# - "transcriber_image is defined"
# fail_msg: 'You must pass variable "transcriber_image"'
- name: "Create full image name with container registry"
ansible.builtin.set_fact:
registry_transcriber_image: "{{ (docker_registry_prefix, transcriber_image) | path_join }}"
- name: "Push web service image to remote registry"
community.docker.docker_image:
state: present
source: local
name: "{{ transcriber_image }}"
repository: "{{ registry_transcriber_image }}"
push: true
delegate_to: 127.0.0.1
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true