av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Compare commits

base: av:da0a261ddd321e03afb6b60df4964b8d80b4472d
Branches Tags
av:master
...
compare: av:master
Branches Tags
av:master

22 Commits
da0a261ddd ... master

Author SHA1 Message Date
Anton Vakhrushev
8a9b3db287 Gramps: upgrade to 25.7.0 2025-07-02 13:43:33 +03:00
Anton Vakhrushev
a72c67f070 Wakapi: install 2.14.0 
And transfer data from local
 2025-07-01 11:21:05 +03:00
Anton Vakhrushev
47745b7bc9 RSS-Bridge: install version 2025-06-03 2025-06-30 19:18:45 +03:00
Anton Vakhrushev
c568f00db1 Miniflux: install and configure rss reader 2025-06-28 12:12:19 +03:00
Anton Vakhrushev
99b6959c84 Tasks: add quick commands for authelia 2025-06-28 11:00:32 +03:00
Anton Vakhrushev
fa65726096 Authelia: upgrade to 4.39.4 2025-06-28 10:02:57 +03:00
Anton Vakhrushev
f9eaf7a41e Rename encrypted vars to secrets 2025-06-28 09:59:04 +03:00
Anton Vakhrushev
d825b1f391 Netdata: upgrade to 2.5.4 2025-06-28 09:57:19 +03:00
Anton Vakhrushev
b296a3f2fe Netdata: upgrade to 2.5.3 2025-06-22 09:34:57 +03:00
Anton Vakhrushev
8ff89c9ee1 Gitea: upgrade to 1.24.2 2025-06-22 09:31:46 +03:00
Anton Vakhrushev
62a4e598bd Gitea: upgrade to v1.24.0 2025-06-11 20:48:51 +03:00
Anton Vakhrushev
b65aaa5072 Gramps: upgrade to v25.6.0 2025-06-11 20:48:27 +03:00
Anton Vakhrushev
98b7aff274 Gramps: upgrade to v25.5.2 2025-05-24 12:04:45 +03:00
Anton Vakhrushev
6eaf7f7390 Netdata: upgrade to 2.5.1 2025-05-21 21:24:22 +03:00
Anton Vakhrushev
32e80282ef Update ansible roles 2025-05-17 17:17:01 +03:00
Anton Vakhrushev
c8bd9f4ec3 Netdata: add fail2ban monitoring 2025-05-17 16:58:12 +03:00
Anton Vakhrushev
d3d189e284 Gitea: upgrade to 1.23.8 2025-05-17 13:51:10 +03:00
Anton Vakhrushev
71fe688ef8 Caddy: upgrade to 2.10.0 2025-05-17 13:50:47 +03:00
Anton Vakhrushev
c5d0f96bdf Netdata + Authelia: add monitoring 2025-05-17 13:33:35 +03:00
Anton Vakhrushev
eea8db6499 Netdata + Caddy: add monitoring for http-server 2025-05-17 11:55:38 +03:00
Anton Vakhrushev
7893349da4 Netdata: refactoring as docker compose app 2025-05-17 10:27:41 +03:00
Anton Vakhrushev
a4c61f94e6 Gramps: upgrade to 25.5.1 (with Gramps API 3.0.0) 2025-05-12 15:56:23 +03:00
41 changed files with 5132 additions and 3915 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,6 +5,7 @@
/galaxy.roles/
/ansible-vault-password-file
/temp
*.retry
test_smtp.py

33
Taskfile.yml
View File

@ -12,8 +12,13 @@ vars:
sh: 'yq .ungrouped.hosts.server.ansible_user {{.HOSTS_FILE}}'
REMOTE_HOST:
sh: 'yq .ungrouped.hosts.server.ansible_host {{.HOSTS_FILE}}'
AUTHELIA_DOCKER: 'docker run --rm -v $PWD:/data authelia/authelia:4.39.4 authelia'
tasks:
install-roles:
cmds:
- ansible-galaxy role install --role-file requirements.yml --force
ssh:
cmds:
- ssh {{.REMOTE_USER}}@{{.REMOTE_HOST}}
@ -32,7 +37,33 @@ tasks:
authelia-cli:
cmds:
- docker run --rm authelia/authelia:latest authelia {{.CLI_ARGS}}
- "{{.AUTHELIA_DOCKER}} {{.CLI_ARGS}}"
authelia-validate-config:
vars:
DEST_FILE: "temp/configuration.yml"
cmds:
- >
ansible localhost
--module-name template
--args "src=files/authelia/configuration.yml.j2 dest={{.DEST_FILE}}"
--extra-vars "@vars/secrets.yml"
- defer: rm -f {{.DEST_FILE}}
- >
{{.AUTHELIA_DOCKER}}
validate-config --config /data/{{.DEST_FILE}}
authelia-gen-random-string:
cmds:
- >
{{.AUTHELIA_DOCKER}}
crypto rand --length 32 --charset alphanumeric
authelia-gen-secret-and-hash:
cmds:
- >
{{.AUTHELIA_DOCKER}}
crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
format-py-files:
cmds:

3685
files/authelia/configuration.yml
View File

File diff suppressed because it is too large Load Diff

3725
files/authelia/configuration.yml.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

2
files/authelia/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@ services:
authelia_app:
container_name: 'authelia_app'
image: 'docker.io/authelia/authelia:4.39.3'
image: 'docker.io/authelia/authelia:4.39.4'
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'
restart: 'unless-stopped'
networks:

71
files/authelia/users.yml
View File

@ -1,36 +1,37 @@
$ANSIBLE_VAULT;1.1;AES256
62333333383237396435306539366633646534333231666238326561306439316632383862646132
3938353633633131396535333764396238356561373739630a353662343534383761383132373530
31343032633261636136313562333331336531386165313264363536363866653562303131313831
6632346465646231360a363264653964633738323637323130366264643639633965636632623933
64383734623763303330313231316535646635646232386663613833653337396538623363303838
30656263346165643632646662363865373531336339393435383935363333393764373664373630
33303435303530656432326634623034616633326432613361333236663661393035623961613035
39376339393935626637316461636263333666616261646661316631376365356562633063636665
63626362336632393235333838313933353637393064616562333235656232613162636631343962
37623930666534373437353231353631333430363865333937356666313062336630396538333832
35353032333461616635616561656330626664306565313462656532393035353439366437336332
37363732373961386533323633323330626533383438663466313438636662343064306236396163
31383430643233393939656631646538663833336239323564363563356234306534343465316466
61333534363862376539626639353634343234623061316265333763633362336336316534643236
61303862386161346533386233303335333136653836666633363738643030633262313232336136
38363561376464313066373631356262626234653464356330646666336536623032333634613863
32303731396365646138343132623534336366633036623231386439376133656235633035663964
36366130633331353464643264383231306639326133633464306638653139666563636563343539
65383261396537383438646237633737343236666662633664346332383264646537643535376638
66653639633762356566306435383039326630373431343935383766303338363438643135616563
33613837613461343036363365356336336631663230326235623965663133336263636636333735
64646162326566643536323165363531633330373536656531666334336364313231393234333631
38363630653439393065316662306463333563323339313438366238653865653265363535616630
64613031653831616666666533346134656630646337633661623163653731656231363232663763
61386566356635663561356264633462643265643361343535303365396537363134303438393234
34633037356162663933396339373932303138633165323438643230666434363666313361386530
38623463663237363335316363333631616133363336326333346436376462663839303961643462
61396433383966356635613663636663383264666165373137346234646236623339323738303263
63623739303037386363623739623034623435643534353765656535323134656263633066313735
35646338613530663633366437353563636364393063386237316265386538616137343735363333
61376434303037323236323761376235633631633036653639333862636466653337303662663234
30613362386338663531616261386265616131356535346437326436326638346636343666303431
63313638313739623761333665616434356561653031666430623530363539626661646638316637
35393531363863333737303865323765636633633633623032353061373838376564393136336662
643366643665653265323065373536653536
33323463653739626134366261626263396338333966376262313263613131343962326432613263
6430616564313432666436376432383539626231616438330a646161313364353566373833353337
64633361306564646564663736663937303435356332316432666135353863393439663235646462
3136303031383835390a396531366636386133656366653835633833633733326561383066656464
31613933333731643065316130303561383563626636346633396266346332653234373732326535
39663765353938333835646563663633393835633163323435303164663261303661666435306239
34353264633736383565306336633565376436646536623835613330393466363935303031346664
63626465656435383162633761333131393934666632336539386435613362353135383538643836
66373261306139353134393839333539366531393163393266386531613732366431663865343134
64363933616338663966353431396133316561653366396130653232636561343739336265386339
38646238653436663531633465616164303633356233363433623038666465326339656238653233
36323162303233633935646132353835336364303833636563346535316166346533636536656665
64323030616665316133363739393364306462316135636630613262646436643062373138656431
35663334616239623534383564643738616264373762663034376332323637626337306639653830
65386339666465343931303933663561643664313364386662656663643336636264636333666435
66366531613538363233346137383462326334306534333564636232393931393433386664363036
39623134636331646536323531653063326231613363366562643561353939633062663132303035
38303265326136303633666566613966636133666336396133333033643434303138303065666463
36643765316134636133333937396332613233383932663265386264623133633364646237346465
32623965653662336335366639643765393636623236323036396538353666646132393636663536
65646638643236313762373135336430643731643961386264303134366633353934366431333430
34313362633836613166336437323835626537653237666139383230663835626630623933383834
32636136663830643661363663303136393733646133626538333836666135653936323832336433
64396234396430326334656561393264366263313730306631383037643135613765373861356561
37363933383238316232336564363364376637626630373963666262376165343838303530653764
64343937666365646666363939383662313334656236326566373565643637313434616261616635
35646131396432623534396133666239613036386332663038353531313935636139363136666562
62616234663935383262626235313337623332333733383035666633393965336535316234323561
37353563623138343339616565653465633633383563636631356333303435376536393634343031
63653062303432366230643333353634383061313135616533643935316263393366653335353964
36363135356365373064613338393261326265396330323930613538326330663532616163666564
39313631633434353938626637626462376139383536306531633733646331303030333238373161
36336364383939663132366461383264346631366566363638333738386235623264623331343738
34316436393363323165396430343163653837623035626236313663643038336666633535666462
33323566353062653964643362363233346264396365336637376661323730336437333031363830
38303962646561346262

12
files/backups/backup-all.sh.j2
View File

@ -4,23 +4,23 @@ set -eu
set -o pipefail
echo "Backup: perform gitea backup"
su --login gitea --command '/home/gitea/backup.sh'
echo "Backup: perform outline backup"
su --login outline --command '/home/outline/backup.sh'
echo "Backup: perform gramps backup"
su --login gramps --command '/home/gramps/backup.sh'
echo "Backup: perform miniflux backup"
su --login miniflux --command '/home/miniflux/backup.sh'
echo "Backup: perform wakapi backup"
su --login wakapi --command '/home/wakapi/backup.sh'
echo "Backup: send backups to remote storage with retic"
restic-shell.sh backup --verbose /home/gitea/backups /home/outline/backups /home/gramps/backups \
restic-shell.sh backup --verbose /home/gitea/backups /home/outline/backups /home/gramps/backups /home/miniflux/backups /home/wakapi/backups \
&& restic-shell.sh check \
&& restic-shell.sh forget --compact --prune --keep-daily 90 --keep-monthly 36 \
&& restic-shell.sh check

33
files/caddyproxy/Caddyfile.j2
View File

@ -4,6 +4,12 @@
{
grace_period 15s
admin :2019
# Enable metrics in Prometheus format
# https://caddyserver.com/docs/metrics
metrics
}
# -------------------------------------------------------------------
# Applications
@ -58,3 +64,30 @@ gramps.vakhrushev.me {
}
}
miniflux.vakhrushev.me {
tls anwinged@ya.ru
reverse_proxy {
to miniflux_app:8080
}
}
wakapi.vakhrushev.me {
tls anwinged@ya.ru
reverse_proxy {
to wakapi_app:3000
}
}
rssbridge.vakhrushev.me {
tls anwinged@ya.ru
forward_auth authelia_app:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy rssbridge_app:80
}
}

2
files/caddyproxy/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
services:
{{ service_name }}:
image: caddy:2.9.1
image: caddy:2.10.0
restart: unless-stopped
container_name: {{ service_name }}
ports:

2
files/gitea/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
services:
gitea_app:
image: gitea/gitea:1.23.7
image: gitea/gitea:1.24.2
restart: unless-stopped
container_name: gitea_app
ports:

4
files/gramps/docker-compose.yml.j2
View File

@ -3,13 +3,11 @@
services:
gramps_app: &gramps_app
image: ghcr.io/gramps-project/grampsweb:v25.4.1
image: ghcr.io/gramps-project/grampsweb:25.7.0
container_name: gramps_app
depends_on:
- gramps_redis
restart: unless-stopped
ports:
- "127.0.0.1:{{ gramps_port }}:5000" # host:docker
networks:
- "gramps_network"
- "{{ web_proxy_network }}"

2
files/keep-files.py
View File

@ -32,7 +32,7 @@ def main():
sorted_files = sorted(files)
# Identify files to delete
to_delete = sorted_files[: -args.keep] if args.keep > 0 else sorted_files.copy()
to_delete = sorted_files[:-args.keep] if args.keep > 0 else sorted_files.copy()
# Delete files and print results
for filename in to_delete:

25
files/miniflux/backup.sh.j2 Normal file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -eu
set -o pipefail
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="miniflux_postgres_${TIMESTAMP}.sql.gz"
echo "miniflux: backing up postgresql database"
docker compose --file "{{ base_dir }}/docker-compose.yml" exec \
miniflux_postgres \
pg_dump \
-U "{{ miniflux_postgres_user }}" \
"{{ miniflux_postgres_database }}" \
| gzip > "{{ postgres_backups_dir }}/${BACKUP_FILE}"
echo "miniflux: PostgreSQL backup saved to {{ postgres_backups_dir }}/${BACKUP_FILE}"
echo "miniflux: removing old backups"
# Keep only the 3 most recent backups
keep-files.py "{{ postgres_backups_dir }}" --keep 3
echo "miniflux: backup completed successfully."

52
files/miniflux/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,52 @@
# See sample https://miniflux.app/docs/docker.html#docker-compose
# See env https://miniflux.app/docs/configuration.html
services:
miniflux_app:
image: miniflux/miniflux:2.2.10
container_name: miniflux_app
depends_on:
miniflux_postgres:
condition: service_healthy
networks:
- "miniflux_network"
- "{{ web_proxy_network }}"
environment:
- DATABASE_URL=postgres://{{ miniflux_postgres_user }}:{{ miniflux_postgres_password }}@miniflux_postgres/{{ miniflux_postgres_database }}?sslmode=disable
- RUN_MIGRATIONS=1
- CREATE_ADMIN=1
- ADMIN_USERNAME={{ miniflux_admin_user }}
- ADMIN_PASSWORD={{ miniflux_admin_password }}
- BASE_URL=https://miniflux.vakhrushev.me
- DISABLE_LOCAL_AUTH=1
- OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://auth.vakhrushev.me
- OAUTH2_CLIENT_ID={{ miniflux_oidc_client_id }}
- OAUTH2_CLIENT_SECRET={{ miniflux_oidc_client_secret }}
- OAUTH2_OIDC_PROVIDER_NAME=Authelia
- OAUTH2_PROVIDER=oidc
- OAUTH2_REDIRECT_URL=https://miniflux.vakhrushev.me/oauth2/oidc/callback
- OAUTH2_USER_CREATION=1
- METRICS_COLLECTOR=1
- METRICS_ALLOWED_NETWORKS=0.0.0.0/0
miniflux_postgres:
image: postgres:16.3-bookworm
container_name: miniflux_postgres
environment:
- POSTGRES_USER={{ miniflux_postgres_user }}
- POSTGRES_PASSWORD={{ miniflux_postgres_password }}
- POSTGRES_DB={{ miniflux_postgres_database }}
networks:
- "miniflux_network"
volumes:
- {{ postgres_data_dir }}:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "miniflux"]
interval: 10s
start_period: 30s
networks:
miniflux_network:
driver: bridge
{{ web_proxy_network }}:
external: true

37
files/netdata/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,37 @@
services:
netdata:
image: netdata/netdata:v2.5.4
container_name: netdata
restart: unless-stopped
cap_add:
- SYS_PTRACE
- SYS_ADMIN
security_opt:
- apparmor:unconfined
networks:
- "{{ web_proxy_network }}"
volumes:
- "{{ config_dir }}:/etc/netdata"
- "{{ (data_dir, 'lib') | path_join }}:/var/lib/netdata"
- "{{ (data_dir, 'cache') | path_join }}:/var/cache/netdata"
# Netdata system volumes
- "/:/host/root:ro,rslave"
- "/etc/group:/host/etc/group:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/os-release:/host/etc/os-release:ro"
- "/etc/passwd:/host/etc/passwd:ro"
- "/proc:/host/proc:ro"
- "/run/dbus:/run/dbus:ro"
- "/sys:/host/sys:ro"
- "/var/log:/host/var/log:ro"
- "/var/run:/host/var/run:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
environment:
PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
NETDATA_EXTRA_DEB_PACKAGES: "fail2ban"
networks:
{{ web_proxy_network }}:
external: true

3
files/netdata/go.d/fail2ban.conf Normal file
View File

@ -0,0 +1,3 @@
jobs:
- name: fail2ban
update_every: 5 # Collect Fail2Ban jails statistics every 5 seconds

22
files/netdata/go.d/prometheus.conf Normal file
View File

@ -0,0 +1,22 @@
update_every: 5
autodetection_retry: 0
jobs:
- name: caddyproxy
url: http://caddyproxy:2019/metrics
selector:
allow:
- "caddy_http_*"
- name: authelia
url: http://authelia_app:9959/metrics
selector:
allow:
- "authelia_*"
- name: miniflux
url: http://miniflux_app:8080/metrics
selector:
allow:
- "miniflux_*"

687
files/netdata/netdata.conf.j2 Normal file
View File

@ -0,0 +1,687 @@
# netdata configuration
#
# You can download the latest version of this file, using:
#
# wget -O /etc/netdata/netdata.conf http://localhost:19999/netdata.conf
# or
# curl -o /etc/netdata/netdata.conf http://localhost:19999/netdata.conf
#
# You can uncomment and change any of the options below.
# The value shown in the commented settings, is the default value.
#
# global netdata configuration
[global]
# run as user = netdata
# host access prefix = /host
# pthread stack size = 8MiB
# cpu cores = 2
# libuv worker threads = 16
# profile = standalone
hostname = {{ host_name }}
# glibc malloc arena max for plugins = 1
# glibc malloc arena max for netdata = 1
# crash reports = all
# timezone = Etc/UTC
# OOM score = 0
# process scheduling policy = keep
# is ephemeral node = no
# has unstable connection = no
[db]
# enable replication = yes
# replication period = 1d
# replication step = 1h
# replication threads = 1
# replication prefetch = 10
# update every = 1s
# db = dbengine
# memory deduplication (ksm) = auto
# cleanup orphan hosts after = 1h
# cleanup ephemeral hosts after = off
# cleanup obsolete charts after = 1h
# gap when lost iterations above = 1
# dbengine page type = gorilla
# dbengine page cache size = 32MiB
# dbengine extent cache size = off
# dbengine enable journal integrity check = no
# dbengine use all ram for caches = no
# dbengine out of memory protection = 391.99MiB
# dbengine use direct io = yes
# dbengine journal v2 unmount time = 2m
# dbengine pages per extent = 109
# storage tiers = 3
# dbengine tier backfill = new
# dbengine tier 1 update every iterations = 60
# dbengine tier 2 update every iterations = 60
# dbengine tier 0 retention size = 1024MiB
# dbengine tier 0 retention time = 14d
# dbengine tier 1 retention size = 1024MiB
# dbengine tier 1 retention time = 3mo
# dbengine tier 2 retention size = 1024MiB
# dbengine tier 2 retention time = 2y
# extreme cardinality protection = yes
# extreme cardinality keep instances = 1000
# extreme cardinality min ephemerality = 50
[directories]
# config = /etc/netdata
# stock config = /usr/lib/netdata/conf.d
# log = /var/log/netdata
# web = /usr/share/netdata/web
# cache = /var/cache/netdata
# lib = /var/lib/netdata
# cloud.d = /var/lib/netdata/cloud.d
# plugins = "/usr/libexec/netdata/plugins.d" "/etc/netdata/custom-plugins.d"
# registry = /var/lib/netdata/registry
# home = /etc/netdata
# stock health config = /usr/lib/netdata/conf.d/health.d
# health config = /etc/netdata/health.d
[logs]
# facility = daemon
# logs flood protection period = 1m
# logs to trigger flood protection = 1000
# level = info
# debug = /var/log/netdata/debug.log
# daemon = /var/log/netdata/daemon.log
# collector = /var/log/netdata/collector.log
# access = /var/log/netdata/access.log
# health = /var/log/netdata/health.log
# debug flags = 0x0000000000000000
[environment variables]
# PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# PYTHONPATH =
# TZ = :/etc/localtime
[host labels]
# name = value
[cloud]
# conversation log = no
# scope = full
# query threads = 6
# proxy = env
[ml]
# enabled = auto
# maximum num samples to train = 21600
# minimum num samples to train = 900
# train every = 3h
# number of models per dimension = 18
# delete models older than = 7d
# num samples to diff = 1
# num samples to smooth = 3
# num samples to lag = 5
# random sampling ratio = 0.20000
# maximum number of k-means iterations = 1000
# dimension anomaly score threshold = 0.99000
# host anomaly rate threshold = 1.00000
# anomaly detection grouping method = average
# anomaly detection grouping duration = 5m
# num training threads = 1
# flush models batch size = 256
# dimension anomaly rate suppression window = 15m
# dimension anomaly rate suppression threshold = 450
# enable statistics charts = yes
# hosts to skip from training = !*
# charts to skip from training = netdata.*
# stream anomaly detection charts = yes
[health]
# silencers file = /var/lib/netdata/health.silencers.json
# enabled = yes
# enable stock health configuration = yes
# use summary for notifications = yes
# default repeat warning = off
# default repeat critical = off
# in memory max health log entries = 1000
# health log retention = 5d
# script to execute on alarm = /usr/libexec/netdata/plugins.d/alarm-notify.sh
# enabled alarms = *
# run at least every = 10s
# postpone alarms during hibernation for = 1m
[web]
#| >>> [web].default port <<<
#| migrated from: [global].default port
# default port = 19999
# ssl key = /etc/netdata/ssl/key.pem
# ssl certificate = /etc/netdata/ssl/cert.pem
# tls version = 1.3
# tls ciphers = none
# ses max tg_des_window = 15
# des max tg_des_window = 15
# mode = static-threaded
# listen backlog = 4096
# bind to = *
# bearer token protection = no
# disconnect idle clients after = 1m
# timeout for first request = 1m
# accept a streaming request every = off
# respect do not track policy = no
# x-frame-options response header =
# allow connections from = localhost *
# allow connections by dns = heuristic
# allow dashboard from = localhost *
# allow dashboard by dns = heuristic
# allow badges from = *
# allow badges by dns = heuristic
# allow streaming from = *
# allow streaming by dns = heuristic
# allow netdata.conf from = localhost fd* 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.* UNKNOWN
# allow netdata.conf by dns = no
# allow management from = localhost
# allow management by dns = heuristic
# enable gzip compression = yes
# gzip compression strategy = default
# gzip compression level = 3
# ssl skip certificate verification = no
# web server threads = 6
# web server max sockets = 262144
[registry]
# enabled = no
# registry db file = /var/lib/netdata/registry/registry.db
# registry log file = /var/lib/netdata/registry/registry-log.db
# registry save db every new entries = 1000000
# registry expire idle persons = 1y
# registry domain =
# registry to announce = https://registry.my-netdata.io
# registry hostname = 7171b7f9fc69
# verify browser cookies support = yes
# enable cookies SameSite and Secure = yes
# max URL length = 1024
# max URL name length = 50
# netdata management api key file = /var/lib/netdata/netdata.api.key
# allow from = *
# allow by dns = heuristic
[pulse]
# extended = no
# update every = 1s
[plugins]
# idlejitter = yes
# netdata pulse = yes
# profile = no
# tc = yes
# diskspace = yes
# proc = yes
# cgroups = yes
# timex = yes
# statsd = yes
# enable running new plugins = yes
# check for new plugins every = 1m
# slabinfo = no
# freeipmi = no
# python.d = yes
# go.d = yes
# apps = yes
# systemd-journal = yes
# network-viewer = yes
# charts.d = yes
# debugfs = yes
# perf = yes
# ioping = yes
[statsd]
# update every (flushInterval) = 1s
# udp messages to process at once = 10
# create private charts for metrics matching = *
# max private charts hard limit = 1000
# set charts as obsolete after = off
# decimal detail = 1000
# disconnect idle tcp clients after = 10m
# private charts hidden = no
# histograms and timers percentile (percentThreshold) = 95.00000
# dictionaries max unique dimensions = 200
# add dimension for number of events received = no
# gaps on gauges (deleteGauges) = no
# gaps on counters (deleteCounters) = no
# gaps on meters (deleteMeters) = no
# gaps on sets (deleteSets) = no
# gaps on histograms (deleteHistograms) = no
# gaps on timers (deleteTimers) = no
# gaps on dictionaries (deleteDictionaries) = no
# statsd server max TCP sockets = 262144
# listen backlog = 4096
# default port = 8125
# bind to = udp:localhost tcp:localhost
[plugin:idlejitter]
# loop time = 20ms
[plugin:timex]
# update every = 10s
# clock synchronization state = yes
# time offset = yes
[plugin:proc]
# /proc/net/dev = yes
# /proc/pagetypeinfo = no
# /proc/stat = yes
# /proc/uptime = yes
# /proc/loadavg = yes
# /proc/sys/fs/file-nr = yes
# /proc/sys/kernel/random/entropy_avail = yes
# /run/reboot_required = yes
# /proc/pressure = yes
# /proc/interrupts = yes
# /proc/softirqs = yes
# /proc/vmstat = yes
# /proc/meminfo = yes
# /sys/kernel/mm/ksm = yes
# /sys/block/zram = yes
# /sys/devices/system/edac/mc = yes
# /sys/devices/pci/aer = yes
# /sys/devices/system/node = yes
# /proc/net/wireless = yes
# /proc/net/sockstat = yes
# /proc/net/sockstat6 = yes
# /proc/net/netstat = yes
# /proc/net/sctp/snmp = yes
# /proc/net/softnet_stat = yes
# /proc/net/ip_vs/stats = yes
# /sys/class/infiniband = yes
# /proc/net/stat/conntrack = yes
# /proc/net/stat/synproxy = yes
# /proc/diskstats = yes
# /proc/mdstat = yes
# /proc/net/rpc/nfsd = yes
# /proc/net/rpc/nfs = yes
# /proc/spl/kstat/zfs/arcstats = yes
# /sys/fs/btrfs = yes
# ipc = yes
# /sys/class/power_supply = yes
# /sys/class/drm = yes
[plugin:cgroups]
# update every = 1s
# check for new cgroups every = 10s
# use unified cgroups = auto
# max cgroups to allow = 1000
# max cgroups depth to monitor = 0
# enable by default cgroups matching = !*/init.scope !/system.slice/run-*.scope *user.slice/docker-* !*user.slice* *.scope !/machine.slice/*/.control !/machine.slice/*/payload* !/machine.slice/*/supervisor /machine.slice/*.service */kubepods/pod*/* */kubepods/*/pod*/* */*-kubepods-pod*/* */*-kubepods-*-pod*/* !*kubepods* !*kubelet* !*/vcpu* !*/emulator !*.mount !*.partition !*.service !*.service/udev !*.socket !*.slice !*.swap !*.user !/ !/docker !*/libvirt !/lxc !/lxc/*/* !/lxc.monitor* !/lxc.pivot !/lxc.payload !*lxcfs.service/.control !/machine !/qemu !/system !/systemd !/user *
# enable by default cgroups names matching = *
# search for cgroups in subpaths matching = !*/init.scope !*-qemu !*.libvirt-qemu !/init.scope !/system !/systemd !/user !/lxc/*/* !/lxc.monitor !/lxc.payload/*/* !/lxc.payload.* *
# script to get cgroup names = /usr/libexec/netdata/plugins.d/cgroup-name.sh
# script to get cgroup network interfaces = /usr/libexec/netdata/plugins.d/cgroup-network
# run script to rename cgroups matching = !/ !*.mount !*.socket !*.partition /machine.slice/*.service !*.service !*.slice !*.swap !*.user !init.scope !*.scope/vcpu* !*.scope/emulator *.scope *docker* *lxc* *qemu* */kubepods/pod*/* */kubepods/*/pod*/* */*-kubepods-pod*/* */*-kubepods-*-pod*/* !*kubepods* !*kubelet* *.libvirt-qemu *
# cgroups to match as systemd services = !/system.slice/*/*.service /system.slice/*.service
[plugin:proc:diskspace]
# remove charts of unmounted disks = yes
# update every = 1s
# check for new mount points every = 15s
# exclude space metrics on paths = /dev /dev/shm /proc/* /sys/* /var/run/user/* /run/lock /run/user/* /snap/* /var/lib/docker/* /var/lib/containers/storage/* /run/credentials/* /run/containerd/* /rpool /rpool/*
# exclude space metrics on filesystems = *gvfs *gluster* *s3fs *ipfs *davfs2 *httpfs *sshfs *gdfs *moosefs fusectl autofs cgroup cgroup2 hugetlbfs devtmpfs fuse.lxcfs
# exclude inode metrics on filesystems = msdosfs msdos vfat overlayfs aufs* *unionfs
# space usage for all disks = auto
# inodes usage for all disks = auto
[plugin:tc]
# script to run to get tc values = /usr/libexec/netdata/plugins.d/tc-qos-helper.sh
[plugin:python.d]
# update every = 1s
# command options =
[plugin:go.d]
# update every = 1s
# command options =
[plugin:apps]
# update every = 1s
# command options =
[plugin:systemd-journal]
# update every = 1s
# command options =
[plugin:network-viewer]
# update every = 1s
# command options =
[plugin:charts.d]
# update every = 1s
# command options =
[plugin:debugfs]
# update every = 1s
# command options =
[plugin:perf]
# update every = 1s
# command options =
[plugin:ioping]
# update every = 1s
# command options =
[plugin:proc:/proc/net/dev]
# compressed packets for all interfaces = no
# disable by default interfaces matching = lo fireqos* *-ifb fwpr* fwbr* fwln* ifb4*
[plugin:proc:/proc/stat]
# cpu utilization = yes
# per cpu core utilization = no
# cpu interrupts = yes
# context switches = yes
# processes started = yes
# processes running = yes
# keep per core files open = yes
# keep cpuidle files open = yes
# core_throttle_count = auto
# package_throttle_count = no
# cpu frequency = yes
# cpu idle states = no
# core_throttle_count filename to monitor = /host/sys/devices/system/cpu/%s/thermal_throttle/core_throttle_count
# package_throttle_count filename to monitor = /host/sys/devices/system/cpu/%s/thermal_throttle/package_throttle_count
# scaling_cur_freq filename to monitor = /host/sys/devices/system/cpu/%s/cpufreq/scaling_cur_freq
# time_in_state filename to monitor = /host/sys/devices/system/cpu/%s/cpufreq/stats/time_in_state
# schedstat filename to monitor = /host/proc/schedstat
# cpuidle name filename to monitor = /host/sys/devices/system/cpu/cpu%zu/cpuidle/state%zu/name
# cpuidle time filename to monitor = /host/sys/devices/system/cpu/cpu%zu/cpuidle/state%zu/time
# filename to monitor = /host/proc/stat
[plugin:proc:/proc/uptime]
# filename to monitor = /host/proc/uptime
[plugin:proc:/proc/loadavg]
# filename to monitor = /host/proc/loadavg
# enable load average = yes
# enable total processes = yes
[plugin:proc:/proc/sys/fs/file-nr]
# filename to monitor = /host/proc/sys/fs/file-nr
[plugin:proc:/proc/sys/kernel/random/entropy_avail]
# filename to monitor = /host/proc/sys/kernel/random/entropy_avail
[plugin:proc:/proc/pressure]
# base path of pressure metrics = /proc/pressure
# enable cpu some pressure = yes
# enable cpu full pressure = no
# enable memory some pressure = yes
# enable memory full pressure = yes
# enable io some pressure = yes
# enable io full pressure = yes
# enable irq some pressure = no
# enable irq full pressure = yes
[plugin:proc:/proc/interrupts]
# interrupts per core = no
# filename to monitor = /host/proc/interrupts
[plugin:proc:/proc/softirqs]
# interrupts per core = no
# filename to monitor = /host/proc/softirqs
[plugin:proc:/proc/vmstat]
# filename to monitor = /host/proc/vmstat
# swap i/o = auto
# disk i/o = yes
# memory page faults = yes
# out of memory kills = yes
# system-wide numa metric summary = auto
# transparent huge pages = auto
# zswap i/o = auto
# memory ballooning = auto
# kernel same memory = auto
[plugin:proc:/sys/devices/system/node]
# directory to monitor = /host/sys/devices/system/node
# enable per-node numa metrics = auto
[plugin:proc:/proc/meminfo]
# system ram = yes
# system swap = auto
# hardware corrupted ECC = auto
# committed memory = yes
# writeback memory = yes
# kernel memory = yes
# slab memory = yes
# hugepages = auto
# transparent hugepages = auto
# memory reclaiming = yes
# high low memory = yes
# cma memory = auto
# direct maps = yes
# filename to monitor = /host/proc/meminfo
[plugin:proc:/sys/kernel/mm/ksm]
# /sys/kernel/mm/ksm/pages_shared = /host/sys/kernel/mm/ksm/pages_shared
# /sys/kernel/mm/ksm/pages_sharing = /host/sys/kernel/mm/ksm/pages_sharing
# /sys/kernel/mm/ksm/pages_unshared = /host/sys/kernel/mm/ksm/pages_unshared
# /sys/kernel/mm/ksm/pages_volatile = /host/sys/kernel/mm/ksm/pages_volatile
[plugin:proc:/sys/devices/system/edac/mc]
# directory to monitor = /host/sys/devices/system/edac/mc
[plugin:proc:/sys/class/pci/aer]
# enable root ports = no
# enable pci slots = no
[plugin:proc:/proc/net/wireless]
# filename to monitor = /host/proc/net/wireless
# status for all interfaces = auto
# quality for all interfaces = auto
# discarded packets for all interfaces = auto
# missed beacon for all interface = auto
[plugin:proc:/proc/net/sockstat]
# ipv4 sockets = auto
# ipv4 TCP sockets = auto
# ipv4 TCP memory = auto
# ipv4 UDP sockets = auto
# ipv4 UDP memory = auto
# ipv4 UDPLITE sockets = auto
# ipv4 RAW sockets = auto
# ipv4 FRAG sockets = auto
# ipv4 FRAG memory = auto
# update constants every = 1m
# filename to monitor = /host/proc/net/sockstat
[plugin:proc:/proc/net/sockstat6]
# ipv6 TCP sockets = auto
# ipv6 UDP sockets = auto
# ipv6 UDPLITE sockets = auto
# ipv6 RAW sockets = auto
# ipv6 FRAG sockets = auto
# filename to monitor = /host/proc/net/sockstat6
[plugin:proc:/proc/net/netstat]
# bandwidth = auto
# input errors = auto
# multicast bandwidth = auto
# broadcast bandwidth = auto
# multicast packets = auto
# broadcast packets = auto
# ECN packets = auto
# TCP reorders = auto
# TCP SYN cookies = auto
# TCP out-of-order queue = auto
# TCP connection aborts = auto
# TCP memory pressures = auto
# TCP SYN queue = auto
# TCP accept queue = auto
# filename to monitor = /host/proc/net/netstat
[plugin:proc:/proc/net/snmp]
# ipv4 packets = auto
# ipv4 fragments sent = auto
# ipv4 fragments assembly = auto
# ipv4 errors = auto
# ipv4 TCP connections = auto
# ipv4 TCP packets = auto
# ipv4 TCP errors = auto
# ipv4 TCP opens = auto
# ipv4 TCP handshake issues = auto
# ipv4 UDP packets = auto
# ipv4 UDP errors = auto
# ipv4 ICMP packets = auto
# ipv4 ICMP messages = auto
# ipv4 UDPLite packets = auto
# filename to monitor = /host/proc/net/snmp
[plugin:proc:/proc/net/snmp6]
# ipv6 packets = auto
# ipv6 fragments sent = auto
# ipv6 fragments assembly = auto
# ipv6 errors = auto
# ipv6 UDP packets = auto
# ipv6 UDP errors = auto
# ipv6 UDPlite packets = auto
# ipv6 UDPlite errors = auto
# bandwidth = auto
# multicast bandwidth = auto
# broadcast bandwidth = auto
# multicast packets = auto
# icmp = auto
# icmp redirects = auto
# icmp errors = auto
# icmp echos = auto
# icmp group membership = auto
# icmp router = auto
# icmp neighbor = auto
# icmp mldv2 = auto
# icmp types = auto
# ect = auto
# filename to monitor = /host/proc/net/snmp6
[plugin:proc:/proc/net/sctp/snmp]
# established associations = auto
# association transitions = auto
# fragmentation = auto
# packets = auto
# packet errors = auto
# chunk types = auto
# filename to monitor = /host/proc/net/sctp/snmp
[plugin:proc:/proc/net/softnet_stat]
# softnet_stat per core = no
# filename to monitor = /host/proc/net/softnet_stat
[plugin:proc:/proc/net/ip_vs_stats]
# IPVS bandwidth = yes
# IPVS connections = yes
# IPVS packets = yes
# filename to monitor = /host/proc/net/ip_vs_stats
[plugin:proc:/sys/class/infiniband]
# dirname to monitor = /host/sys/class/infiniband
# bandwidth counters = yes
# packets counters = yes
# errors counters = yes
# hardware packets counters = auto
# hardware errors counters = auto
# monitor only active ports = auto
# disable by default interfaces matching =
# refresh ports state every = 30s
[plugin:proc:/proc/net/stat/nf_conntrack]
# filename to monitor = /host/proc/net/stat/nf_conntrack
# netfilter new connections = no
# netfilter connection changes = no
# netfilter connection expectations = no
# netfilter connection searches = no
# netfilter errors = no
# netfilter connections = yes
[plugin:proc:/proc/sys/net/netfilter/nf_conntrack_max]
# filename to monitor = /host/proc/sys/net/netfilter/nf_conntrack_max
# read every seconds = 10
[plugin:proc:/proc/sys/net/netfilter/nf_conntrack_count]
# filename to monitor = /host/proc/sys/net/netfilter/nf_conntrack_count
[plugin:proc:/proc/net/stat/synproxy]
# SYNPROXY cookies = auto
# SYNPROXY SYN received = auto
# SYNPROXY connections reopened = auto
# filename to monitor = /host/proc/net/stat/synproxy
[plugin:proc:/proc/diskstats]
# enable new disks detected at runtime = yes
# performance metrics for physical disks = auto
# performance metrics for virtual disks = auto
# performance metrics for partitions = no
# bandwidth for all disks = auto
# operations for all disks = auto
# merged operations for all disks = auto
# i/o time for all disks = auto
# queued operations for all disks = auto
# utilization percentage for all disks = auto
# extended operations for all disks = auto
# backlog for all disks = auto
# bcache for all disks = auto
# bcache priority stats update every = off
# remove charts of removed disks = yes
# path to get block device = /host/sys/block/%s
# path to get block device bcache = /host/sys/block/%s/bcache
# path to get virtual block device = /host/sys/devices/virtual/block/%s
# path to get block device infos = /host/sys/dev/block/%lu:%lu/%s
# path to device mapper = /host/dev/mapper
# path to /dev/disk = /host/dev/disk
# path to /sys/block = /host/sys/block
# path to /dev/disk/by-label = /host/dev/disk/by-label
# path to /dev/disk/by-id = /host/dev/disk/by-id
# path to /dev/vx/dsk = /host/dev/vx/dsk
# name disks by id = no
# preferred disk ids = *
# exclude disks = loop* ram*
# filename to monitor = /host/proc/diskstats
# performance metrics for disks with major 252 = yes
[plugin:proc:/proc/mdstat]
# faulty devices = yes
# nonredundant arrays availability = yes
# mismatch count = auto
# disk stats = yes
# operation status = yes
# make charts obsolete = yes
# filename to monitor = /host/proc/mdstat
# mismatch_cnt filename to monitor = /host/sys/block/%s/md/mismatch_cnt
[plugin:proc:/proc/net/rpc/nfsd]
# filename to monitor = /host/proc/net/rpc/nfsd
[plugin:proc:/proc/net/rpc/nfs]
# filename to monitor = /host/proc/net/rpc/nfs
[plugin:proc:/proc/spl/kstat/zfs/arcstats]
# filename to monitor = /host/proc/spl/kstat/zfs/arcstats
[plugin:proc:/sys/fs/btrfs]
# path to monitor = /host/sys/fs/btrfs
# check for btrfs changes every = 1m
# physical disks allocation = auto
# data allocation = auto
# metadata allocation = auto
# system allocation = auto
# commit stats = auto
# error stats = auto
[plugin:proc:ipc]
# message queues = yes
# semaphore totals = yes
# shared memory totals = yes
# msg filename to monitor = /host/proc/sysvipc/msg
# shm filename to monitor = /host/proc/sysvipc/shm
# max dimensions in memory allowed = 50
[plugin:proc:/sys/class/power_supply]
# battery capacity = yes
# battery power = yes
# battery charge = no
# battery energy = no
# power supply voltage = no
# keep files open = auto
# directory to monitor = /host/sys/class/power_supply
[plugin:proc:/sys/class/drm]
# directory to monitor = /host/sys/class/drm

12
files/rssbridge/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,12 @@
services:
rssbridge_app:
image: rssbridge/rss-bridge:2025-06-03
container_name: rssbridge_app
restart: unless-stopped
networks:
- "{{ web_proxy_network }}"
networks:
{{ web_proxy_network }}:
external: true

10
files/wakapi/backup.sh.j2 Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env bash
set -eu
set -o pipefail
echo "{{ app_name }}: backup data with gobackups"
(cd "{{ base_dir }}" && gobackup perform --config "{{ gobackup_config }}")
echo "{{ app_name }}: done."

32
files/wakapi/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,32 @@
# See versions: https://github.com/gramps-project/gramps-web/pkgs/container/grampsweb
services:
wakapi_app:
image: ghcr.io/muety/wakapi:2.14.0
container_name: wakapi_app
restart: unless-stopped
user: '{{ user_create_result.uid }}:{{ user_create_result.group }}'
networks:
- "{{ web_proxy_network }}"
volumes:
- "{{ data_dir }}:/data"
environment:
WAKAPI_PUBLIC_URL: "https://wakapi.vakhrushev.me"
WAKAPI_PASSWORD_SALT: "{{ wakapi_password_salt }}"
WAKAPI_ALLOW_SIGNUP: "false"
WAKAPI_DISABLE_FRONTPAGE: "true"
WAKAPI_COOKIE_MAX_AGE: 31536000
# Mail
WAKAPI_MAIL_SENDER: "Wakapi <wakapi@vakhrushev.me>"
WAKAPI_MAIL_PROVIDER: "smtp"
WAKAPI_MAIL_SMTP_HOST: "{{ postbox_host }}"
WAKAPI_MAIL_SMTP_PORT: "{{ postbox_port }}"
WAKAPI_MAIL_SMTP_USER: "{{ postbox_user }}"
WAKAPI_MAIL_SMTP_PASS: "{{ postbox_pass }}"
WAKAPI_MAIL_SMTP_TLS: "false"
networks:
{{ web_proxy_network }}:
external: true

16
files/wakapi/gobackup.yml.j2 Normal file
View File

@ -0,0 +1,16 @@
# https://gobackup.github.io/configuration
models:
gramps:
compress_with:
type: 'tgz'
storages:
local:
type: 'local'
path: '{{ backups_dir }}'
keep: 3
databases:
wakapi:
type: sqlite
path: "{{ (data_dir, 'wakapi.db') | path_join }}"

11
playbook-authelia.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
app_name: "authelia"
@ -38,9 +38,16 @@
group: "{{ app_user }}"
mode: "0600"
loop:
- "configuration.yml"
- "users.yml"
- name: "Copy configuration files (templates)"
ansible.builtin.template:
src: "files/{{ app_name }}/configuration.yml.j2"
dest: "{{ (config_dir, 'configuration.yml') | path_join }}"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0600"
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"

2
playbook-backups.yml
View File

@ -3,7 +3,7 @@
hosts: all
vars_files:
- vars/vars.yml
- vars/secrets.yml
- vars/secrets.yml
vars:

17
playbook-caddyproxy.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
app_name: "caddyproxy"
@ -60,8 +60,13 @@
state: "present"
remove_orphans: true
- name: "Reload caddy"
community.docker.docker_compose_v2_exec:
project_src: '{{ base_dir }}'
service: "{{ service_name }}"
command: caddy reload --config /etc/caddy/Caddyfile
# - name: "Reload caddy"
# community.docker.docker_compose_v2_exec:
# project_src: '{{ base_dir }}'
# service: "{{ service_name }}"
# command: caddy reload --config /etc/caddy/Caddyfile
- name: "Restart application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "restarted"

2
playbook-docker.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
tasks:
- name: "Install python docker lib from pip"

2
playbook-eget.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
# See: https://github.com/zyedidia/eget/releases

2
playbook-gitea.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
app_name: "gitea"

2
playbook-gramps.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
app_name: "gramps"

4
playbook-homepage.yml
View File

@ -4,7 +4,7 @@
hosts: all
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
- vars/homepage.yml
tags:
- setup
@ -28,7 +28,7 @@
hosts: all
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
- vars/homepage.yml
tags:
- deploy

55
playbook-miniflux.yml Normal file
View File

@ -0,0 +1,55 @@
---
- name: "Configure miniflux application"
hosts: all
vars_files:
- vars/ports.yml
- vars/secrets.yml
vars:
app_name: "miniflux"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
data_dir: "{{ (base_dir, 'data') | path_join }}"
postgres_data_dir: "{{ (base_dir, 'data', 'postgres') | path_join }}"
postgres_backups_dir: "{{ (base_dir, 'backups', 'postgres') | path_join }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Create internal directories"
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0770"
loop:
- "{{ postgres_backups_dir }}"
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Copy backup script"
ansible.builtin.template:
src: "./files/{{ app_name }}/backup.sh.j2"
dest: "{{ base_dir }}/backup.sh"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0750"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true

100
playbook-netdata.yml
View File

@ -4,14 +4,60 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
netdata_version: "v2.4.0"
netdata_image: "netdata/netdata:{{ netdata_version }}"
netdata_exposed_port: "{{ netdata_port }}"
app_name: "netdata"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
config_dir: "{{ (base_dir, 'config') | path_join }}"
config_go_d_dir: "{{ (config_dir, 'go.d') | path_join }}"
data_dir: "{{ (base_dir, 'data') | path_join }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Create internal application directories"
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0770"
loop:
- "{{ config_dir }}"
- "{{ config_go_d_dir }}"
- "{{ data_dir }}"
- name: "Copy netdata config file"
ansible.builtin.template:
src: "files/{{ app_name }}/netdata.conf.j2"
dest: "{{ config_dir }}/netdata.conf"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Copy prometheus plugin config file"
ansible.builtin.copy:
src: "files/{{ app_name }}/go.d/prometheus.conf"
dest: "{{ config_go_d_dir }}/prometheus.conf"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Copy fail2ban plugin config file"
ansible.builtin.copy:
src: "files/{{ app_name }}/go.d/fail2ban.conf"
dest: "{{ config_go_d_dir }}/fail2ban.conf"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Grab docker group id."
ansible.builtin.shell:
cmd: |
@ -21,31 +67,21 @@
register: netdata_docker_group_output
changed_when: netdata_docker_group_output.rc != 0
- name: "Create NetData container from {{ netdata_image }}"
community.docker.docker_container:
name: netdata
image: "{{ netdata_image }}"
image_name_mismatch: "recreate"
restart_policy: "unless-stopped"
published_ports:
- "127.0.0.1:{{ netdata_exposed_port }}:19999"
networks:
- name: "{{ web_proxy_network }}"
volumes:
- "/:/host/root:ro,rslave"
- "/etc/group:/host/etc/group:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/os-release:/host/etc/os-release:ro"
- "/etc/passwd:/host/etc/passwd:ro"
- "/proc:/host/proc:ro"
- "/run/dbus:/run/dbus:ro"
- "/sys:/host/sys:ro"
- "/var/log:/host/var/log:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
capabilities:
- "SYS_PTRACE"
- "SYS_ADMIN"
security_opts:
- "apparmor:unconfined"
env:
PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true
- name: "Restart application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "restarted"

2
playbook-outline.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
app_name: "outline"

2
playbook-remove-user-and-app.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
user_name: "<put-name-here>"

34
playbook-rssbridge.yml Normal file
View File

@ -0,0 +1,34 @@
---
- name: "Configure rssbridge application"
hosts: all
vars_files:
- vars/ports.yml
- vars/secrets.yml
vars:
app_name: "rssbridge"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true

12
playbook-system.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
vars:
apt_packages:
@ -25,21 +25,13 @@
name: "{{ apt_packages }}"
update_cache: true
- name: "Configure timezone"
ansible.builtin.import_role:
name: yatesr.timezone
vars:
timezone: UTC
tags:
- skip_ansible_lint
- name: "Configure security settings"
ansible.builtin.import_role:
name: geerlingguy.security
vars:
security_ssh_permit_root_login: "yes"
security_autoupdate_enabled: "no"
security_fail2ban_enabled: "yes"
security_fail2ban_enabled: true
- name: "Copy keep files script"
ansible.builtin.copy:

2
playbook-upgrade.yml
View File

@ -4,7 +4,7 @@
vars_files:
- vars/ports.yml
- vars/vars.yml
- vars/secrets.yml
tasks:
- name: Perform an upgrade of packages

64
playbook-wakapi.yml Normal file
View File

@ -0,0 +1,64 @@
---
- name: "Configure wakapi application"
hosts: all
vars_files:
- vars/ports.yml
- vars/secrets.yml
vars:
app_name: "wakapi"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_user }}"
data_dir: "{{ (base_dir, 'data') | path_join }}"
backups_dir: "{{ (base_dir, 'backups') | path_join }}"
gobackup_config: "{{ (base_dir, 'gobackup.yml') | path_join }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups: ["docker"]
- name: "Create application internal directories"
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0750"
loop:
- "{{ data_dir }}"
- "{{ backups_dir }}"
- name: "Copy gobackup config"
ansible.builtin.template:
src: "./files/{{ app_name }}/gobackup.yml.j2"
dest: "{{ gobackup_config }}"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Copy backup script"
ansible.builtin.template:
src: "files/{{ app_name }}/backup.sh.j2"
dest: "{{ base_dir }}/backup.sh"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0750"
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0640"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true

4
requirements.yml
View File

@ -3,7 +3,7 @@
version: 1.2.2
- src: geerlingguy.security
version: 2.4.0
version: 3.0.0
- src: geerlingguy.docker
version: 7.4.3
version: 7.4.7

142
vars/secrets.yml Normal file
View File

@ -0,0 +1,142 @@
$ANSIBLE_VAULT;1.1;AES256
62653431636461623338643536653736633166303934626565363963373637396534303130373035
6565376162653735313737333439633862643366336264650a633265316463323062653032363861
32626536343138663837633334316537373662653262366163633334623764633938323363363962
6230333564643665320a613862653632363363616266336338346539323964383736366235306437
33306363353163383663643062656330313134353836666232616532316264303564336235356661
30653262363866653139646436333036393837383262643537313933613939326433313565393465
31373036353133663337613935343038616164316132303833363338623863633234656537653039
62626436346238636234393939366139363034306432326538656264343733356537393332633836
38636639626665666238656338363633383566616638353235383465623232646537616230626630
63303130316438353934656636393366306566346362356564393661643064323630636463383061
37636461386432323136393739633862313337333261306664323361393835323034643134383461
31313762616538336666656137373631336132383364646163633732323431613239333563653332
65616664333839363834333362626238633833666430653738613636333432333430333861356339
61323865663661383534343964346238383134613532616637346235616139383434623564333361
31636165653261363830623162623738333937316664633434346431626630393837366666643434
61643734653834326434353431393732376266626266313264376235323838313539306463653864
36393461366230643234376161623330326365616539323965633431633238386262373562383161
39323634633166643038356434616461613864303334393932663730303839373530643933323839
66353337326336656635636362356531613634623633303461336565363564393964663430393666
64326439346233346132653230343234653430653239636362616561636166343030303863373337
36363633646432613138313062346164663730313061363432396138323561366430316439343036
32353931393064666231323863656165363066313236613332356161363139616636333963386130
37363030383765613132353161613766633635363033656561343038633839313933646264383730
64336339646264383332373639326164373163383966626363653762643037353636376336626136
33346533303036326531316332306461646361376435316438376161663162336335353938366565
30633133653431393066393961313138383337313731653031323432633766356338316366373432
32373937663961623739633439636661336461346132376533373961666432353937373066643165
61663063363661633938373365393665356665636562646265313834373962336566393835633339
34396666396162613162326331313037303933366564623837386338363063636564656339336639
66346465366233663534373465313930323134313835316464363263383866313563396263616535
63383265623865636162346635613863356266336664343434393437656134353639353535383332
62623934643930313939646466663336633034343534396137333264623263663866663339663266
30343234356536663262616363376663646264353331646164376331376639363135373137396437
37363166386233356434656237373535326162303437346233623263663534383032363638376134
61653939306433393437656465343066613530396265396262373433383637656266303064623234
64333062353435373863636439663561393763333538303836303631666262326430623835656138
37653562353562373935333235316430613737653862303933333062643663333364333966643461
33323335346566363337643161303835356336306232653763346639323265373432376239363566
64373562653238333865326335613133636335373739396335633631313431363061616139303463
37333364393438666532396131343637373833353766396234383739306565646439366438653032
33656330343061636338643465653664326338663233316631303465666632653436633135643664
64616132366632666431653262393035393163343664303961396431666236303864303865343634
35616634613165373637653235323164323666343436646339646637646234306163333462393063
32346534636165656436353036316232303266616135303663343631303565623562616237306365
65303938646239393564333461343238636335336533633265383066653734613332656563666434
31316665613630336263613934316361383332363164323266373565323239343033666663396534
39323739313636616232663535386439363065333766623837336230303334656466656262613363
37386664336436376530373436353235616437333834646563353830626162336261333135383866
64383930316531373366646335306131633166353161336463376530353066356530393665393063
31613636386532623035373866373065633233633135343439616662616232366337313764646436
64626262643532613136373238316561616361393433323066326333663663353236393662396539
31653036303031303462643231333965653536666136313638613832393361666131363435633932
31663864326563663230626237643763333737613239373134626433636564386231383961316162
39383165336433626466393935383363396333636131643733663866356434366664613766396263
34313934626133653361633665323131613736306331373732323434323535346136393964356231
62346136356331393238346333393266613365633563626238353530333931613330663765393936
32333261353634646366323238353238643837633735636662356630373464343330626630656130
36356565356430643133386461313335343436316263303064366139316638663161356332386362
37376431393661386231313763303266313630323362363664336366633035353562303439373630
33343265633630343065363461363064653933303932613761303538393734373962613633386539
66636534333537313135356665633966326430373062346136326532666638303334653263646431
38393131653338316663313265653861663334326635353137623739396636333637343137636339
32303836373535326363396434326233623532633931653039643763326263616232333462616631
36666564623030396134346665386661386433366266363739626161653062323963313365353161
35643530343439326133613939353737653165326538666530366530323963363839373032326462
34666235376263616364656130633637346334353934396132353263313237316366303137386430
64653563333963313361303239666361336136356363306266633833366262326431616161613238
38653538613032386238623839663332613064333031303939363733396635373238666562386536
32316566666435376239386637396334643861643634316338613063656465373164646530363865
34373130636435326130633437303539646535336131393339613139383636333763336530636534
34636666666265373636326666333130623863316465663333653466353063313134386262333739
62626264393362353663303531313061643538663532333164336662343732373463623166396539
39396531376338616538633633343733343765306237656466666232623163303738643431633763
61656335616430653936303831393664653365363764333362373337323364323039363163353461
61336536316466396636306266353830316665343739613033346538333830306263386134613737
64316339613462346438656362346664303762643766373364343931626530626439336634666537
31633964386564663531343764326666666261643464353438353035333665363434646661646663
38636239373331623061343730376632393963303732393533396464633131633435373161303163
66383461343861326665623463636262336562633936623563373136613063356362383862663232
37333331373431393137363735613366656434323065346661366433663464666363343231393863
64633530316230653065356165366135396531663731323866376162306238343962376362633234
61626563306431623336623737353931316236623333623337383366613262346631646330313637
39366239396330303461303666396431663062626533336136643039353034633230353765353334
38613362653963336162326163356662356661386630353664333265373032316531656131376665
37376262363130336161613230333863653662623436666361396561613935323432663665643138
38616564636634613164313666393532396265396135326538336665373232316461326635306131
34343632636637653835653131613161316237346239363830386536363933643532333533373333
39643364306163666366376535653333323435383332633961343930633635383030356463333964
39626130666166313234386439383833616265316265363430343134633730336261383435356138
62373063346238613061363033343366623633373034346531303538396335653938646664303962
31336634623135616237323837623831306535316463613266326262663934303938373132343735
37656335333263326531646162393738653632376164323165393563656138613830633936396433
61353332343134636564333233393863643837353366386234376237623435663765343366363033
63326233383962633266303962613361643464613764303531333930363736323535386632393766
61353666303134663466333330383031333933666137346364656364313965656164303065303530
34616130653061613934393831373130333566363736626261316330303966656162326638333130
66373133613536623566303432356666346535636237616561323063643439616436393666376536
32613830343636393031333737376332396230313034393062663437613838363263333233613439
30623039336339373234326261306435366332656164613439376139346333616331326561383963
30643133376632656564616536323863373237623263366266396264633464373765316164346165
37636233633661643362636630356333333766613036663335613264333439323239633861363034
34663937376530653837653236303839336631313863363239626632646436653638366638366566
39306538353231623434373537313862386335393262633062313432646232623863383731313031
30656366363837366666393933346238363336363030373836386230343062363661306263633163
33626562623935643665626239386133636531393536336661613430343630333961303233343430
63656666346138643163393663316134666336323961626163376461663635633834333337393062
61656163613234633965356133666335343065626137633137333266613561633936386136643134
37383562663031393133326662623136386539633066323336306262346236613161613637626162
36636133666334333636653535623732343233396430653566393165353431303739656239373738
33323939633264303139323162613964306237376461383261646635343036313639626539373238
32336537373436373338386432646139303831383138326564333739353761616336346461356532
38303138656533386231303336336564656135346162376662663962663763353830663237323138
33373331656637363139626132393231313136303936633161636261643264313230356261366165
39666331306262643566663830626663656530303831343231323336306266363735393966613062
63353938386263376166316335656164633233633465303065663565373764343031663866653135
64663766386436653665356265333565323336636539656237303334383636353161643366656637
66356532373130323236313936623964663433333965326662333833316437326461326165376661
66396537653032346666363965313339323331303864616230646361386335663138613433326261
35613430363864336635343434333761656639633863323534653862383936653762646134356664
38326463326239636162333435656561343739366364313738663535636136323439373462643832
62633661663337343538393466613734633531666532353161616231323161646237653736346561
64323063656366373931396639393261643333393333626539663561636661393936316539633263
63343331313464623636353031343232613534663565303538333164306531303438616539386364
30376233333630336431336364663834633734636261353364343564333639623737363538313462
61616233663335303062336635376435643965373039336231346234363436356238356162613138
65326532663461616263626238346535623136633039613939353132313836373962646463333535
65313562346631633435616232366166373763346337303561326130333936346130363431383036
62356435616630396539303633343166646461393030336462366463636138316333633363643636
65376131333731356566333237363266656466376539326438313930376363386231616138336335
65333735653830373035656265336331346562353233663465343935383235303930633831613137
64303130666532303733633133386334613733383562613661643931636136386264396438316366
61653964643135646332343764666134336666336232376465353462356632346533633961636534
32643234396636303135663562656435376561336235303837643932366334616265383639343733
65633833653763643366646232343765306131313465326263623636386131376463356139623334
39343163366439643334646663393434353333316234623530393431643539346435616263303734
61633066653838363933646230623238653431393061646430383537343363643562653831336362
37626630633161653763386663373630306564663339393265663732623434643231326335376562
37663234643466366535326461396631633430613431346134316635653032663033623465346338
61353331393631343365663233376330333730366161353362626166646232313666336333386265
33373761313536326165343339346263316636363362393365663034353964373164643763383037
3666

118
vars/vars.yml
View File

@ -1,118 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
33323766373637333861393930366564333561663231636433373131353535386464643763396633
6261626463656534366434613865336366323036643731650a306466306261303831356534343133
36386134346137333762646363393532666239386339393131326164366363386531613935356634
6362633333613839380a323666643935313437613161623338373734323438613062623831613565
64666231316139653463666234633262393430633231373564623862376566636134626333393034
61343461383739626130353931306536353739353165383737656133383738363235376331636135
64626561386362646334663232313132343534353533313663313836373435316634336539313562
66333732366666663163343263636664326663623135633338616638353532623832356464366137
32383165396562613162373430356331396631323630396263393637373566393935333632386465
38623135316164333563633262666361663234383935343735393637323834356561336633373333
31633333323132393339336365393433663266373363666339643632353232363762326633363661
66373861376561303038636135393132353639386530383338386237383433663334623533636162
32396562653031396463393862633062346463643466353865393933373533323661623039626538
30343438326462626137643835643466643236373836383665396362346135333466623264633033
66626430646632346139663431643930646361363262366436353861643838663764643363306633
30303462316666646261343439336131336234326236356666323336356131386263303333633863
66623834356263623766386431336165653034623264623263626536626333363534323064323037
34393066663664353837346333663162623864383730323566646534336537623162303339653235
34343262373364313361316539653661656435343532353237313465653832313366383338333639
61386230626534386438386262396464656533303630306432376133636132376635613939343838
36393539343431326132616561366466663966386537633537386138623937343932653937623939
39663366306635346233323830643066386565616461346132613835343264353662613233353231
63343066663731663630343034363632663964323831336532663831663065326462613264343665
32386339313563363730303231643166326635323137393134323732353936626438663161333338
64626237656132653364663661363466613861306430333039343030616631663735383836303436
65383334386337626633643135353830306639353162306463313036313263613330316534376266
33326463623539393531303033356237613331663830663636323630383666333964626130333966
31343731356234396165633330613362363339653837633038616330366635363863333332656133
38636238383664653566613737373731313264633632656536656234653766613036343134386636
38643735613762383530363732303738613062336363383038313337326266376461393663633333
30316433613338373362333333383538376631383335346536366338663438313736313564663531
64313331623238313438636563313662623231346439393066386361353236306265343865323066
66383463396134633731643332383064663761653430313935646236386162313366643937633938
62656461363635366139343463653435363161393862353034616562363237636638346565636362
37616365636338616430313638656562613162346163356238306532396333306564633232383535
38613561363664653333626561373661376232363930643934333566313662613835376163616461
36656164656563333662616339663333353466636266633130386334643338346332326334376630
66373031383637353562653837316561373338306438333534376165356663613330316661383137
34386634626663326135383434383762656165393065323136326432613533626338396161623631
31633565373065333834363363363430633162376334343763393639653862363537313432383037
33646333386237306662313066343635386636323964366463386434653263353539393732303134
33383735363331386431303537666139383539326237313535353466393436633061313761386534
65333936613665616139343965366239306132636131393964656136363232656630626234653962
62623363323331383035393266343563383730386166353464323837633063366536376631313166
35613236326232396239626238396161386232363261376366303637326239383330663736633766
63363562383464326138663738383464343131343636363735303866373937653839663264396431
63373232343366356339626466336262383538626366653738313564303034373537383863363166
36363039666534333237353535323438356135303730336233323636396539666436306661613236
62653966653965383233376537666562643736646261636336633661653931636536663765373330
33366536663536613536626466363165396461616231316663653739373233323763373631333161
31383337653634343465616566353665363163316534646132636133373633623866353236313931
66323939633737353037643365653531313131346366316234656464396131333939373362646361
65396230646535336638623066393734623964663933653930386438383237666636303135616334
38366333663334363733386237313233373664373534363930396237323837376332656364666261
31323866666564653861386464343335396663646234386362333562396564636434376261376531
66613437666131346262383861383139396665623264363639336664303863343665636239373331
66333361393539313535656532383032653130633565356534353034613036336566636237333164
31633831646433313930323665373165663639393662383561363133636134383237646235613035
65666438303236366435613562636133383365653630343563303036373033346135343064383433
34356666313264303763663665333761376539346462656635356537616532663339373532376362
64636233306665353066306632363737653034636535363533666464366264383963313937313833
65643064646463313763343366373066663130623866333432366135353132356231366436333733
37373535306134663239313035303832333438363233646239656266346132656364383361313066
32386161326336356331323330326139333938393739383362386239316237346137666231633164
37383638363864303131626461393936616332646239623434376161353736656231633233313964
38383136626337383339303835363130346236323131366564333836303564633735623530663934
35626430303631613565383266363163343563323232653838323365613131663163646432653332
35376335666463646661623864343639393035643636623963343936623963316339623864386538
33373737306437383861633131656131616461333432616235346335316162386534316263303639
37646538356163336636353864623830336532366139306532356133616165336461323737383062
32666164353237363237363232633431376437343832363838386264623965663131326534383461
63343764323231333036663733303634383030383836653462303336656337313662306564373132
35353930343734646633613131623230363662316434373337333434326230383364626165643066
66343461303732663938303966656434653737366338623966373538313936636363353733613931
34323764613131636632653066663533356636363636373064326536376163393231313763363632
37353964323763386233623438386636353930396562653863643161343439636437366535393434
66303763373537323039336430343564663666313131643036623064363837613937336161323562
65363238373462613730653363333566636361303264633461356432313830353238633766396566
38393333653038643836373331646332633364666630613762623163353434326165303038653635
30646231663636653637386138643233666136636438613234333535666161643035663863656466
32353166353165666161663830643331393466333031613233303262623863623861333431313436
30313361613832336532653537653632623633653838393736646539633738363263653165623430
65306366333936323262663365643734356332336430383961363863396134326430303563346462
34303363626435383534653963353636393330373839356438336139616662616462633764363034
65346530636530383163663136386363336366663230316264346664386534633837653436323630
34363666663764313463393635393863623865353035616433356263653664363838666164396234
30333730643162633832303533623531326561373935346234646433363335646562613066343062
36336234653333643830653062343831633033323561313566613866326135316338656133333239
65363664623261636239616439613361346433313133333831616532343130383833353332633331
34383437666335663266303161636162626663303263366261653966623761396235636264346666
35366431643535373462616235313034353864366662643837353163353763636564663862316332
65323133373539313531326137356362356334386332336438373763363836623863393239633030
66386637303430623836636235653138633033346166326335383934643433363563303939666133
62333232376335356564363135656339333337303565356565376337326632346130643631616132
64633037326562393236616236663434623939646535336634646637316632306138383834363032
65383336343533663638616535613638303236613563316635383238376636306266643037333432
62363864613230306335656562356130613966313263646566373864356135653830393431323664
38313234386630653834386531393862386533643339666365626466353332373539653736653333
35396265393736393939633663613965356263343234303437393862356161363832336334303764
65393136656630366262616264613464613436613938646433363864643838663835393638313731
32343835396361626366636362636630633330356263316265326632666434386365356234646131
38316338636339613138623232363361663430303136323734376135366431336364643063303566
35366263633433333537373733313830313433633162333166346435363539353862313464316263
63653263373133633237653633326363656330373838306432333936656564323231376235663839
63353331636531366138646539323565316362656365303139616364393264643130383137383361
61343935373138393632663031633865663733353064343232376565363831356263306532363866
38323366316432366632656237656564396636656331653334323763663035313735343361383833
65333961663766636635353137666239323636373761653864396433393866336432366435336537
35333935636537376363663166316630613331643231653038356362323039643731363436356362
33306131303432343432323566653561303036616631383737366338393761333737653635633463
61633235313831353337323333343062343865343235313538303034346233376466316437343834
38643338653166613262326230646364343362303731316431316432663530623436346665336137
63666230323035653734353431616364363733313033376532323633386630356665633732656662
35633366376237616536386631386433333561623832386236393062663033643439396535373866
64313663643734376632363661653433376464653933636333626530613964613234666530663063
36643335396561336161656562303333323866663466323437303731376561643666336439666563
6637