Compare commits
10 Commits
35c1f727f6
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
d5078186e7
|
|||
|
57bb696e6e
|
|||
|
c6cc7d4c6c
|
|||
|
90abc6c833
|
|||
|
395203f236
|
|||
|
57cc639cc8
|
|||
|
1405a2364e
|
|||
|
b165899f25
|
|||
|
86147d0103
|
|||
|
2c9ade0a8e
|
12
Taskfile.yml
12
Taskfile.yml
@@ -55,16 +55,24 @@ tasks:
|
||||
validate-config --config /data/{{.DEST_FILE}}
|
||||
|
||||
authelia-gen-random-string:
|
||||
summary: |
|
||||
Generate random string.
|
||||
Usage example:
|
||||
task authelia-gen-random-string LEN=64
|
||||
vars:
|
||||
LEN: '{{ .LEN | default 10 }}'
|
||||
cmds:
|
||||
- >
|
||||
{{.AUTHELIA_DOCKER}}
|
||||
crypto rand --length 32 --charset alphanumeric
|
||||
crypto rand --length {{.LEN}} --charset alphanumeric
|
||||
|
||||
authelia-gen-secret-and-hash:
|
||||
vars:
|
||||
LEN: '{{ .LEN | default 72 }}'
|
||||
cmds:
|
||||
- >
|
||||
{{.AUTHELIA_DOCKER}}
|
||||
crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
|
||||
crypto hash generate pbkdf2 --variant sha512 --random --random.length {{.LEN}} --random.charset rfc3986
|
||||
|
||||
format-py-files:
|
||||
cmds:
|
||||
|
||||
@@ -895,9 +895,9 @@ session:
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/t/statelessness
|
||||
##
|
||||
# redis:
|
||||
# host: '127.0.0.1'
|
||||
# port: 6379
|
||||
redis:
|
||||
host: 'authelia_redis'
|
||||
port: 6379
|
||||
## Use a unix socket instead
|
||||
# host: '/var/run/redis/redis.sock'
|
||||
|
||||
|
||||
@@ -7,9 +7,19 @@ services:
|
||||
restart: 'unless-stopped'
|
||||
networks:
|
||||
- "web_proxy_network"
|
||||
- "monitoring_network"
|
||||
volumes:
|
||||
- "{{ config_dir }}:/config"
|
||||
|
||||
authelia_redis:
|
||||
image: valkey/valkey:9-alpine
|
||||
container_name: authelia_redis
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- "monitoring_network"
|
||||
|
||||
networks:
|
||||
web_proxy_network:
|
||||
external: true
|
||||
monitoring_network:
|
||||
external: true
|
||||
@@ -89,6 +89,14 @@ wanderer.vakhrushev.me {
|
||||
}
|
||||
|
||||
memos.vakhrushev.me {
|
||||
tls anwinged@ya.ru
|
||||
|
||||
reverse_proxy {
|
||||
to memos_app:5230
|
||||
}
|
||||
}
|
||||
|
||||
wanderbase.vakhrushev.me {
|
||||
tls anwinged@ya.ru
|
||||
|
||||
forward_auth authelia_app:9091 {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
services:
|
||||
|
||||
gitea_app:
|
||||
image: gitea/gitea:1.24.7
|
||||
image: gitea/gitea:1.25.1
|
||||
restart: unless-stopped
|
||||
container_name: gitea_app
|
||||
ports:
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
services:
|
||||
|
||||
gramps_app: &gramps_app
|
||||
image: ghcr.io/gramps-project/grampsweb:25.9.0
|
||||
image: ghcr.io/gramps-project/grampsweb:25.10.1
|
||||
container_name: gramps_app
|
||||
depends_on:
|
||||
- gramps_redis
|
||||
|
||||
10
files/memos/backup.sh.j2
Normal file
10
files/memos/backup.sh.j2
Normal file
@@ -0,0 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
echo "{{ app_name }}: backup data with gobackups"
|
||||
|
||||
(cd "{{ base_dir }}" && gobackup perform --config "{{ gobackup_config }}")
|
||||
|
||||
echo "{{ app_name }}: done."
|
||||
23
files/memos/docker-compose.template.yml
Normal file
23
files/memos/docker-compose.template.yml
Normal file
@@ -0,0 +1,23 @@
|
||||
# See versions: https://github.com/gramps-project/gramps-web/pkgs/container/grampsweb
|
||||
|
||||
services:
|
||||
|
||||
memos_app:
|
||||
image: neosmemo/memos:0.25.2
|
||||
container_name: memos_app
|
||||
restart: unless-stopped
|
||||
user: "{{ user_create_result.uid }}:{{ user_create_result.group }}"
|
||||
networks:
|
||||
- "web_proxy_network"
|
||||
volumes:
|
||||
- "{{ data_dir }}:/var/opt/memos"
|
||||
environment:
|
||||
- MEMOS_MODE=prod
|
||||
- MEMOS_PORT=5230
|
||||
- MEMOS_STORAGE_TYPE=local
|
||||
- MEMOS_STORAGE_PATH=assets/{uuid}
|
||||
- MEMOS_MAX_FILE_SIZE=52428800
|
||||
|
||||
networks:
|
||||
web_proxy_network:
|
||||
external: true
|
||||
21
files/memos/gobackup.yml.j2
Normal file
21
files/memos/gobackup.yml.j2
Normal file
@@ -0,0 +1,21 @@
|
||||
# https://gobackup.github.io/configuration
|
||||
|
||||
models:
|
||||
|
||||
gramps:
|
||||
compress_with:
|
||||
type: 'tgz'
|
||||
storages:
|
||||
local:
|
||||
type: 'local'
|
||||
path: '{{ backups_dir }}'
|
||||
keep: 3
|
||||
databases:
|
||||
users:
|
||||
type: sqlite
|
||||
path: "{{ (data_dir, 'memos_prod.db') | path_join }}"
|
||||
archive:
|
||||
includes:
|
||||
- "{{ data_dir }}"
|
||||
excludes:
|
||||
- "{{ (data_dir, '.thumbnail_cache') | path_join }}"
|
||||
@@ -2,7 +2,7 @@
|
||||
services:
|
||||
|
||||
netdata:
|
||||
image: netdata/netdata:v2.7.1
|
||||
image: netdata/netdata:v2.7.3
|
||||
container_name: netdata
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
@@ -3,7 +3,7 @@ services:
|
||||
# See sample https://github.com/outline/outline/blob/main/.env.sample
|
||||
|
||||
outline_app:
|
||||
image: outlinewiki/outline:0.87.4
|
||||
image: outlinewiki/outline:1.0.1
|
||||
container_name: outline_app
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
@@ -66,14 +66,14 @@ services:
|
||||
container_name: outline_postgres
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- {{ postgres_data_dir }}:/var/lib/postgresql/data
|
||||
networks:
|
||||
- "outline_network"
|
||||
- "monitoring_network"
|
||||
- "{{ postgres_data_dir }}:/var/lib/postgresql/data"
|
||||
environment:
|
||||
POSTGRES_USER: '{{ outline_postgres_user }}'
|
||||
POSTGRES_PASSWORD: '{{ outline_postgres_password }}'
|
||||
POSTGRES_DB: '{{ outline_postgres_database }}'
|
||||
networks:
|
||||
- "outline_network"
|
||||
- "monitoring_network"
|
||||
|
||||
networks:
|
||||
outline_network:
|
||||
@@ -3,7 +3,7 @@
|
||||
services:
|
||||
|
||||
wakapi_app:
|
||||
image: ghcr.io/muety/wakapi:2.16.0
|
||||
image: ghcr.io/muety/wakapi:2.16.1
|
||||
container_name: wakapi_app
|
||||
restart: unless-stopped
|
||||
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'
|
||||
@@ -31,7 +31,6 @@ services:
|
||||
WAKAPI_MAIL_SMTP_PASS: "{{ postbox_pass }}"
|
||||
WAKAPI_MAIL_SMTP_TLS: "false"
|
||||
|
||||
|
||||
networks:
|
||||
web_proxy_network:
|
||||
external: true
|
||||
|
||||
@@ -49,7 +49,7 @@
|
||||
|
||||
- name: "Copy docker compose file"
|
||||
ansible.builtin.template:
|
||||
src: "./files/{{ app_name }}/docker-compose.yml.j2"
|
||||
src: "./files/{{ app_name }}/docker-compose.template.yml"
|
||||
dest: "{{ base_dir }}/docker-compose.yml"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
|
||||
64
playbook-memos.yml
Normal file
64
playbook-memos.yml
Normal file
@@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: "Configure memos application"
|
||||
hosts: all
|
||||
|
||||
vars_files:
|
||||
- vars/ports.yml
|
||||
- vars/secrets.yml
|
||||
|
||||
vars:
|
||||
app_name: "memos"
|
||||
app_user: "{{ app_name }}"
|
||||
base_dir: "/home/{{ app_user }}"
|
||||
data_dir: "{{ (base_dir, 'data') | path_join }}"
|
||||
backups_dir: "{{ (base_dir, 'backups') | path_join }}"
|
||||
gobackup_config: "{{ (base_dir, 'gobackup.yml') | path_join }}"
|
||||
|
||||
tasks:
|
||||
- name: "Create user and environment"
|
||||
ansible.builtin.import_role:
|
||||
name: owner
|
||||
vars:
|
||||
owner_name: "{{ app_user }}"
|
||||
owner_extra_groups: ["docker"]
|
||||
|
||||
- name: "Create application internal directories"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: "directory"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
mode: "0750"
|
||||
loop:
|
||||
- "{{ data_dir }}"
|
||||
- "{{ backups_dir }}"
|
||||
|
||||
- name: "Copy gobackup config"
|
||||
ansible.builtin.template:
|
||||
src: "./files/{{ app_name }}/gobackup.yml.j2"
|
||||
dest: "{{ gobackup_config }}"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
mode: "0640"
|
||||
|
||||
- name: "Copy backup script"
|
||||
ansible.builtin.template:
|
||||
src: "files/{{ app_name }}/backup.sh.j2"
|
||||
dest: "{{ base_dir }}/backup.sh"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: "Copy docker compose file"
|
||||
ansible.builtin.template:
|
||||
src: "./files/{{ app_name }}/docker-compose.template.yml"
|
||||
dest: "{{ base_dir }}/docker-compose.yml"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
mode: "0640"
|
||||
|
||||
- name: "Run application with docker compose"
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: "{{ base_dir }}"
|
||||
state: "present"
|
||||
remove_orphans: true
|
||||
@@ -82,7 +82,7 @@
|
||||
|
||||
- name: "Copy docker compose file"
|
||||
ansible.builtin.template:
|
||||
src: "./files/{{ app_name }}/docker-compose.yml.j2"
|
||||
src: "./files/{{ app_name }}/docker-compose.template.yml"
|
||||
dest: "{{ base_dir }}/docker-compose.yml"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
|
||||
@@ -20,10 +20,7 @@
|
||||
name: owner
|
||||
vars:
|
||||
owner_name: "{{ app_user }}"
|
||||
owner_extra_groups:
|
||||
- "docker"
|
||||
owner_ssh_keys:
|
||||
- "{{ lookup('file', 'files/av_id_rsa.pub') }}"
|
||||
owner_extra_groups: ["docker"]
|
||||
|
||||
- name: "Create internal directories"
|
||||
ansible.builtin.file:
|
||||
@@ -37,7 +34,7 @@
|
||||
|
||||
- name: "Copy docker compose file"
|
||||
ansible.builtin.template:
|
||||
src: "./files/{{ app_name }}/docker-compose.yml.j2"
|
||||
src: "./files/{{ app_name }}/docker-compose.template.yml"
|
||||
dest: "{{ base_dir }}/docker-compose.yml"
|
||||
owner: "{{ app_user }}"
|
||||
group: "{{ app_user }}"
|
||||
|
||||
Reference in New Issue
Block a user