From dd7ef3be03c41882d8a8fad29df12636cb38059e Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 13 Feb 2025 21:06:17 -0500 Subject: [PATCH 01/19] Nuking Zammad in favor of Peppermint. --- docker-compose.yml | 339 ++++++--------------------------------------- 1 file changed, 41 insertions(+), 298 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index da153a3d..35c99d11 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1469,266 +1469,6 @@ services: type: bind bind: create_host_path: true -# grafana: -# container_name: grafana -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# environment: -# GF_INSTALL_PLUGINS: grafana-piechart-panel -# TZ: America/New_York -# hostname: Rinoa -# image: grafana/grafana-enterprise:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana (LGTM) -# homepage.href: https://mon.${MY_TLD} -# homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles -# homepage.icon: grafana.png -# homepage.widget.type: grafana -# homepage.widget.url: http://grafana:3000 -# homepage.widget.username: admin -# homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD} -# swag: enable -# swag_proto: http -# swag_url: mon.${MY_TLD} -# swag.uptime-kuma.enabled: true -# swag.uptime-kuma.monitor.url: https://mon.${MY_TLD} -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "3006" -# target: 3000 -# restart: unless-stopped -# user: 1000:1000 -# volumes: -# - bind: -# create_host_path: true -# read_only: true -# source: /etc/localtime -# target: /etc/localtime -# type: bind -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/data -# target: /var/lib/grafana -# type: bind -# bind: -# create_host_path: true -# - bind: -# create_host_path: true -# source: /rinoa-storage -# target: /storage -# type: bind -# grafana-alloy: -# cap_add: -# - SYS_ADMIN -# - SYS_TIME -# - BPF -# - SYSLOG -# command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy -# container_name: grafana-alloy -# environment: -# DOCKER_HOST: tcp://dockerproxy:2375 -# image: grafana/alloy:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Alloy -# homepage.description: Agent for metric/log/trace/profile collection and writing -# homepage.href: http://192.168.1.254:12345 -# homepage.icon: sh-grafana-alloy.svg -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "12345" -# target: 12345 -# privileged: true -# restart: always -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy -# target: /etc/alloy/config.alloy -# type: bind -# bind: -# create_host_path: true -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json -# target: /etc/alloy/endpoints.json -# type: bind -# bind: -# create_host_path: true -# - bind: -# create_host_path: true -# read_only: true -# source: /proc -# target: /host/proc -# type: bind -# - bind: -# create_host_path: true -# read_only: true -# source: /sys -# target: /host/sys -# type: bind -# - bind: -# create_host_path: true -# read_only: true -# source: / -# target: /rootfs -# type: bind -# grafana-loki: -# command: -config.file=/etc/loki/loki-config.yaml -# container_name: grafana-loki -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/loki:latest -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "3100" -# target: 3100 -# restart: unless-stopped -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml -# target: /etc/loki/loki-config.yaml -# type: bind -# bind: -# create_host_path: true -# grafana-mimir: -# command: -# - -ingester.native-histograms-ingestion-enabled=true -# - -config.file=/etc/mimir.yaml -# container_name: grafana-mimir -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/mimir:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Mimir -# homepage.href: http://192.168.1.254:9009 -# homepage.description: Long-term metrics storage -# homepage.icon: /icons/grafana-mimir.png -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "9009" -# target: 9009 -# restart: unless-stopped -# volumes: -# - source: grafana-mimir-data -# target: /data -# type: volume -# volume: {} -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml -# target: /etc/mimir.yaml -# type: bind -# bind: -# create_host_path: true -# grafana-mimir-memcached: -# container_name: grafana-mimir-memcached -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# environment: -# MEMCACHED_MEMORY_LIMIT: 1g -# MEMCACHED_THREADS: 4 -# MEMCACHED_MAX_CONNECTIONS: 2048 -# MEMCACHED_TCP_PORT: 11211 -# MEMCACHED_UDP_PORT: 11211 -# image: memcached -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "11211" -# target: 11211 -# restart: unless-stopped -# grafana-pyroscope: -# command: -# - -config.file=/etc/pyroscope.yml -# container_name: grafana-pyroscope -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/pyroscope:latest -# labels: -# homepage.group: Infrastructure/App Performance Monitoring -# homepage.name: Grafana Pyroscope -# homepage.description: Profiling for applications -# homepage.href: http://192.168.1.254:4040 -# homepage.icon: /icons/grafana-pyroscope.svg -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "4040" -# target: 4040 -# restart: unless-stopped -# volumes: -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml -# target: /etc/pyroscope.yml -# type: bind -# bind: -# create_host_path: true -# grafana-tempo: -# command: -# - -config.file=/etc/tempo.yaml -# container_name: grafana-tempo -# depends_on: -# grafana-alloy: -# condition: service_started -# required: true -# image: grafana/tempo:latest -# networks: -# default: null -# ports: -# - mode: ingress -# protocol: tcp -# published: "14268" -# target: 14268 -# - mode: ingress -# protocol: tcp -# published: "3200" -# target: 3200 -# - mode: ingress -# protocol: tcp -# published: "9095" -# target: 9095 -# - mode: ingress -# protocol: tcp -# published: "4317" -# target: 4317 -# - mode: ingress -# protocol: tcp -# published: "4318" -# target: 4318 -# - mode: ingress -# protocol: tcp -# published: "9411" -# target: 9411 -# restart: unless-stopped -# volumes: -# - source: grafana-tempo-data -# target: /var/tempo -# type: volume -# volume: {} -# - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml -# target: /etc/tempo.yaml -# type: bind -# bind: -# create_host_path: true guacamole: container_name: guacamole environment: @@ -3745,6 +3485,44 @@ services: - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging ports: - 14453:8000 + peppermint: + container_name: peppermint + depends_on: + - peppermint-pg-db + environment: + DB_USERNAME: peppermint + DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD} + DB_HOST: peppermint-pg-db + SECRET: ${PEPPERMINT_SECRET_KEY} + image: pepperlabs/peppermint:latest + labels: + swag: enable + swag_proto: http + swag_port: 8080 + swag_url: support.${MY_TLD} + swag.uptime-kuma.enabled: true + swag.uptime-kuma.monitor.url: https://support.${MY_TLD} + homepage.group: Professional Services + homepage.name: Peppermint + homepage.href: https://support.${MY_TLD} + homepage.icon: peppermint.svg + homepage.description: Open-source ticket management and help desk solution + ports: + - 3000:3000 + - 5003:5003 + restart: always + peppermint-pg-db: + container_name: peppermint-pg-db + environment: + POSTGRES_USER: peppermint + POSTGRES_PASSWORD: ${PEPPERMINT_PG_PASSWORD} + POSTGRES_DB: peppermint + expose: + - 5432 + image: postgres:17-alpine + restart: always + volumes: + - peppermint-pg-data:/var/lib/postgresql/data pgbackweb: container_name: pgbackweb depends_on: @@ -7118,6 +6896,8 @@ volumes: name: paperless-ngx-media paperless-ngx-pg: name: paperless-ngx-pg + peppermint-pg-data: + name: peppermint-pg-data pgbackweb-data: name: pgbackweb-data plausible-db-data: @@ -7192,41 +6972,4 @@ volumes: driver: local name: zammad-storage zitadel-pg-db: - name: zitadel-pg-db -x-shared: - zammad-service: - depends_on: - - zammad-memcached - - zammad-postgresql - - zammad-redis - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - restart: ${ZAMMAD_RESTART} - volumes: - - zammad-storage:/opt/zammad/storage + name: zitadel-pg-db \ No newline at end of file From 2a2fd9cd470da240941fffa932fc9f19f49eb64a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 15 Feb 2025 20:38:55 -0500 Subject: [PATCH 02/19] Ansible Lint tweaks. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 02400a1e..65bd7f77 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -74,7 +74,7 @@ jobs: with: directory: ansible/ playbook: docker_config_deploy.yml - key: ${{secrets.RINOA_GITEA_PRIVATE_SSH_KEY}} + key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} options: | --inventory inventory/hosts.yml --check From 007ab15ff05daf6ecb28ce9812b8c46c5dec5bdd Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 09:51:26 -0500 Subject: [PATCH 03/19] Yet more pipeline tweaks. --- .../workflows/pr-cloudflare-docker-deploy.yml | 2 +- docker-compose.yml | 415 +----------------- 2 files changed, 4 insertions(+), 413 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 65bd7f77..56ad464f 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -74,7 +74,7 @@ jobs: with: directory: ansible/ playbook: docker_config_deploy.yml - key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }} + key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }} options: | --inventory inventory/hosts.yml --check diff --git a/docker-compose.yml b/docker-compose.yml index 35c99d11..08b0a49c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3488,7 +3488,9 @@ services: peppermint: container_name: peppermint depends_on: - - peppermint-pg-db + peppermint-pg-db: + condition: service_started + required: true environment: DB_USERNAME: peppermint DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD} @@ -6397,362 +6399,6 @@ services: source: /rinoa-storage target: /storage type: bind - zammad-backup: - command: - - zammad-backup - container_name: zammad-backup - depends_on: - zammad-postgresql: - condition: service_started - required: true - zammad-railsserver: - condition: service_started - required: true - entrypoint: /usr/local/bin/backup.sh - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - BACKUP_TIME: "03:00" - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - HOLD_DAYS: "10" - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - TZ: Europe/Berlin - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: postgres:${ZAMMAD_POSTGRES_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-backup - target: /var/tmp/zammad - type: volume - volume: {} - - read_only: true - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - - read_only: true - source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh - target: /usr/local/bin/backup.sh - type: bind - volume: {} - zammad-elasticsearch: - container_name: zammad-elasticsearch - expose: - - 9200 - image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-es-data - target: /bitnami/elasticsearch/data - type: volume - volume: {} - zammad-init: - command: - - zammad-init - container_name: zammad-init - depends_on: - zammad-postgresql: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - hostname: init - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: on-failure - user: "0:0" - volumes: - - zammad-storage:/opt/zammad/storage - zammad-memcached: - command: memcached -m 256M - container_name: zammad-memcached - image: memcached:${ZAMMAD_MEMCACHE_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - zammad-nginx: - command: - - zammad-nginx - container_name: zammad-nginx - depends_on: - zammad-railsserver: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - expose: - - "8080" - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - labels: - swag: enable - swag_proto: http - swag_port: 8080 - swag_url: support.${MY_TLD} - swag.uptime-kuma.enabled: true - swag.uptime-kuma.monitor.url: https://support.${MY_TLD} - homepage.group: Professional Services - homepage.name: Zammad - homepage.href: https://support.${MY_TLD} - homepage.icon: zammad.svg - homepage.description: Open-source helpdesk/customer support system - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - zammad-storage:/opt/zammad/storage - zammad-postgresql: - container_name: zammad-postgresql - environment: - POSTGRES_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS} - POSTGRES_USER: ${ZAMMAD_POSTGRES_USER} - hostname: postgresql - image: postgres:${ZAMMAD_POSTGRES_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-pg-data - target: /var/lib/postgresql/data - type: volume - volume: {} - zammad-railsserver: - command: - - zammad-railsserver - container_name: zammad-railserver - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - zammad-redis: - container_name: zammad-redis - image: redis:${ZAMMAD_REDIS_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-redis-data - target: /data - type: volume - volume: {} - zammad-scheduler: - command: - - zammad-scheduler - container_name: zammad-scheduler - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} - zammad-websocket: - command: - - zammad-websocket - container_name: zammad-websocket - depends_on: - zammad-memcached: - condition: service_started - required: true - zammad-postgresql: - condition: service_started - required: true - zammad-redis: - condition: service_started - required: true - environment: - AUTOWIZARD_JSON: null - AUTOWIZARD_RELATIVE_PATH: null - ELASTICSEARCH_ENABLED: true - ELASTICSEARCH_HOST: zammad-elasticsearch - ELASTICSEARCH_NAMESPACE: trez_it - ELASTICSEARCH_PORT: 9200 - ELASTICSEARCH_REINDEX: true - ELASTICSEARCH_SCHEMA: http - ELASTICSEARCH_SSL_VERIFY: false - MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS} - POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB} - POSTGRESQL_DB_CREATE: true - POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST} - POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS} - POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS} - POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT} - POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER} - RAILS_LOG_TO_STDOUT: true - RAILS_TRUSTED_PROXIES: 172.18.0.0/16 - REDIS_URL: ${ZAMMAD_REDIS_URL} - S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true - ZAMMAD_BIND_IP: 0.0.0.0 - ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null - ZAMMAD_PROCESS_SCHEDULED: null - ZAMMAD_SESSION_JOBS: null - ZAMMAD_WEB_CONCURRENCY: null - image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION} - networks: - default: null - restart: ${ZAMMAD_RESTART} - volumes: - - source: zammad-storage - target: /opt/zammad/storage - type: volume - volume: {} zitadel: container_name: zitadel image: ghcr.io/zitadel/zitadel:latest @@ -6810,10 +6456,6 @@ volumes: name: crowdsec-config crowdsec-db: name: crowdsec-db - dagu_config: - name: dagu_config - dagu_data: - name: dagu_data dbgate-data: name: dbgate-data fastenhealth-cache: @@ -6826,12 +6468,6 @@ volumes: name: filebeat_var gitea-pg-db: name: gitea-pg-db - grafana-mimir-data: - name: grafana-mimir-data - grafana-tempo-data: - name: grafana-tempo-data - hortusfox_app_backup: - name: hortusfox_app_backup hortusfox_app_images: name: hortusfox_app_images hortusfox_app_logs: @@ -6878,12 +6514,6 @@ volumes: name: netbird-signal netbird-letsencrypt: name: netbird-letsencrypt - netbox-pg-db: - name: netbox-pg-db - netdata-cache: - name: netdata-cache - netdata-lib: - name: netdata-lib nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer ollama: @@ -6932,44 +6562,5 @@ volumes: name: wallos-db wallos-logos: name: wallos-logos - wazuh-dashboard-config: - name: wazuh-dashboard-config - wazuh-dashboard-custom: - name: wazuh-dashboard-custom - wazuh-indexer-data: - name: wazuh-indexer-data - wazuh_active_response: - name: wazuh_active_response - wazuh_agentless: - name: wazuh_agentless - wazuh_api_configuration: - name: wazuh_api_configuration - wazuh_etc: - name: wazuh_etc - wazuh_integrations: - name: wazuh_integrations - wazuh_logs: - name: wazuh_logs - wazuh_queue: - name: wazuh_queue - wazuh_var_multigroups: - name: wazuh_var_multigroups - wazuh_wodles: - name: wazuh_wodles - zammad-backup: - driver: local - name: zammad-backup - zammad-es-data: - driver: local - name: zammad-es-data - zammad-pg-data: - driver: local - name: zammad-pg-data - zammad-redis-data: - driver: local - name: zammad-redis-data - zammad-storage: - driver: local - name: zammad-storage zitadel-pg-db: name: zitadel-pg-db \ No newline at end of file From 6398e431f762f25b29a3e47f6a2566e035905187 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 11:19:28 -0500 Subject: [PATCH 04/19] . --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 56ad464f..80a0a58d 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -69,6 +69,9 @@ jobs: uses: cpanato/vault-installer@main - name: Install hvac run: pip install hvac + - name: Install Ansible Collections + run: ansible-galaxy collection install -r ansible/collections/requirements.yml + - name: Ansible Playbook Dry Run uses: dawidd6/action-ansible-playbook@v2 with: From 00efe3c9bd715dca5af4c6bf3a98e0744a6a313a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 11:44:51 -0500 Subject: [PATCH 05/19] . --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 80a0a58d..56ad464f 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -69,9 +69,6 @@ jobs: uses: cpanato/vault-installer@main - name: Install hvac run: pip install hvac - - name: Install Ansible Collections - run: ansible-galaxy collection install -r ansible/collections/requirements.yml - - name: Ansible Playbook Dry Run uses: dawidd6/action-ansible-playbook@v2 with: From 6eeb052fba5e26b12f1faefd8bec6d4e0f89f341 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 11:54:20 -0500 Subject: [PATCH 06/19] . --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 56ad464f..25876d2d 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -69,6 +69,9 @@ jobs: uses: cpanato/vault-installer@main - name: Install hvac run: pip install hvac + - name: Validate Vault Authentication + run: | + vault status || echo "Vault authentication failed!" - name: Ansible Playbook Dry Run uses: dawidd6/action-ansible-playbook@v2 with: From 2d14959aef48bce7531eec8f863682d249d08fb1 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 12:18:16 -0500 Subject: [PATCH 07/19] . --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 25876d2d..8bf01e46 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -69,9 +69,6 @@ jobs: uses: cpanato/vault-installer@main - name: Install hvac run: pip install hvac - - name: Validate Vault Authentication - run: | - vault status || echo "Vault authentication failed!" - name: Ansible Playbook Dry Run uses: dawidd6/action-ansible-playbook@v2 with: @@ -81,6 +78,7 @@ jobs: options: | --inventory inventory/hosts.yml --check + -vvv requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification From 95024fa51826b668b90cef0adce44137e9eda160 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 12:42:18 -0500 Subject: [PATCH 08/19] Tweaking refs in Gitea config to test lookup. --- ansible/app-configs/gitea_app.ini.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/app-configs/gitea_app.ini.j2 b/ansible/app-configs/gitea_app.ini.j2 index bc4e810b..683305a2 100644 --- a/ansible/app-configs/gitea_app.ini.j2 +++ b/ansible/app-configs/gitea_app.ini.j2 @@ -70,7 +70,7 @@ INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * -INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }} +INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', '', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }} PASSWORD_HASH_ALGO = pbkdf2 [service] @@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf PATH = /data/git/lfs [mailer] -PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} +PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/env', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} PROTOCOL = smtp ENABLED = true FROM = '"Gitea" ' @@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge DEFAULT_TRUST_MODEL = committer [oauth2] -JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} +JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} [ui] THEMES = From a17f0d58bbaef2b6391f4b675e97a40846a5f023 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 12:42:25 -0500 Subject: [PATCH 09/19] Tweaking refs in Gitea config to test lookup. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 8bf01e46..b32120a5 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -78,7 +78,7 @@ jobs: options: | --inventory inventory/hosts.yml --check - -vvv + -v requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification From 111bae22f7703a50f8200e107d0ea08c98ef25ec Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 13:01:48 -0500 Subject: [PATCH 10/19] Tweaking refs in Gitea config to test lookup. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index b32120a5..56ad464f 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -78,7 +78,6 @@ jobs: options: | --inventory inventory/hosts.yml --check - -v requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification From a349548ec8a8a44428f474a7a8418ab7c9447d40 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 13:33:04 -0500 Subject: [PATCH 11/19] ... --- ansible/app-configs/gitea_app.ini.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/app-configs/gitea_app.ini.j2 b/ansible/app-configs/gitea_app.ini.j2 index 683305a2..bc4e810b 100644 --- a/ansible/app-configs/gitea_app.ini.j2 +++ b/ansible/app-configs/gitea_app.ini.j2 @@ -70,7 +70,7 @@ INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * -INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', '', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }} +INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }} PASSWORD_HASH_ALGO = pbkdf2 [service] @@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf PATH = /data/git/lfs [mailer] -PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/env', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} +PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} PROTOCOL = smtp ENABLED = true FROM = '"Gitea" ' @@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge DEFAULT_TRUST_MODEL = committer [oauth2] -JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} +JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} [ui] THEMES = From 7cb31a1b9cd03ec8e13fcfce0c33477cab4c0ef6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 14:21:16 -0500 Subject: [PATCH 12/19] Ansible tweaks. --- ansible/group_vars/all.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index c8cea766..0bcf1db1 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,14 +1,14 @@ vault_addr: "https://vault.trez.wtf" vault_token: !vault | $ANSIBLE_VAULT;1.1;AES256 - 66373236656261373330343233616231386539616566613864306436613635323533336365383232 - 6636653139393566643265303135343864363632393035380a643566373137316363626438356431 - 64653237313866316537326565386164373564353166346334663638636531353337303937346466 - 3539366634393337620a653133336530333963343638643934303336653935363932643665353234 - 63343565663632633563396131346139666236313863663332386131633831633566373366613738 - 63343634313539336534666632313736343338623538303434316230383764643432646663356238 - 61373132633062346436363036333533623931313037306633616662623032616137613734343638 - 63633031616161623437623935346366636433653435646333313638376161663237323130636433 - 31383031646666626163323966393738386233346137326231366263316532343563 + 61663033616664396338626363313832386331323565323336643537646632623965616362366566 + 6435646461336330646139393236333663356661393930380a343430636339633938343337393861 + 63363964326131366434616139313238336237613231613062613632373063393139366464666335 + 3936396634613063660a313964303862323130633764323564366239656135306237343237363139 + 35313965633737373937316664666532393531356566393966666535663561316466356436633962 + 62363966633638343134333531363333646462643934383666393865653034343362316632613038 + 34316332313437343734343335613730623363346364666661313337613666346664623136636637 + 37393662656630323239383161373061326638623239666238616238616638313165613132663937 + 38353666306338656334313739323037626234613932373733643936333731306139 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}" secrets_path: "rinoa-docker/env" From c2d08c4eebbc37ca9d9c5de8a9e577dd8d1a9615 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 14:54:26 -0500 Subject: [PATCH 13/19] Ansible tweaks. --- ansible/app-configs/gitea_app.ini.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/app-configs/gitea_app.ini.j2 b/ansible/app-configs/gitea_app.ini.j2 index bc4e810b..ea9855ac 100644 --- a/ansible/app-configs/gitea_app.ini.j2 +++ b/ansible/app-configs/gitea_app.ini.j2 @@ -36,7 +36,7 @@ DB_TYPE = postgres HOST = gitea-db:5432 NAME = gitea USER = gitea -PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }} +PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/data/env', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }} LOG_SQL = false SCHEMA = SSL_MODE = disable From d2b930ef53c7aa04e8917d7fd171c311bcf3661a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 15:19:06 -0500 Subject: [PATCH 14/19] Ansible tweaks. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 56ad464f..8bf01e46 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -78,6 +78,7 @@ jobs: options: | --inventory inventory/hosts.yml --check + -vvv requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification From 691e2d56b69f90c6ce77c6ee9ced5281ab6a39a1 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 15:42:56 -0500 Subject: [PATCH 15/19] Ansible tweaks. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 8bf01e46..4f338703 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -51,6 +51,7 @@ jobs: env: VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + VAULT_NAMESPACE: "" steps: - name: Checkout uses: actions/checkout@v4 From 6359ba4636b6cde3be2d91e00371469df2d26469 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 16:17:07 -0500 Subject: [PATCH 16/19] Ansible vault password tweak. --- ansible/group_vars/all.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 0bcf1db1..3bf03244 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,14 +1,14 @@ vault_addr: "https://vault.trez.wtf" vault_token: !vault | $ANSIBLE_VAULT;1.1;AES256 - 61663033616664396338626363313832386331323565323336643537646632623965616362366566 - 6435646461336330646139393236333663356661393930380a343430636339633938343337393861 - 63363964326131366434616139313238336237613231613062613632373063393139366464666335 - 3936396634613063660a313964303862323130633764323564366239656135306237343237363139 - 35313965633737373937316664666532393531356566393966666535663561316466356436633962 - 62363966633638343134333531363333646462643934383666393865653034343362316632613038 - 34316332313437343734343335613730623363346364666661313337613666346664623136636637 - 37393662656630323239383161373061326638623239666238616238616638313165613132663937 - 38353666306338656334313739323037626234613932373733643936333731306139 + 30623330336664656231653066343930303830343530323930613666643863623837633738346639 + 3734386663383333386635623931343361343363396434660a633637666539626264653437636134 + 36616334386264383330323164333432623538366234326563323664353338646331353233396161 + 3030623162373232320a386432393337613431303432613065626163326363316365613937623031 + 39316566343238363934383833376136323461336666663762383663633531303138616132333938 + 30316334363436333164303035643835316238313038663761636338313433303766626238656234 + 34373436396430646339326361366634363735346637303865373164363663663263646661366663 + 36336334393535386332646461313262646131383932353534363936623961613761333762376561 + 31366662626231346638346339626565653831613865646436643233653066366534 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}" secrets_path: "rinoa-docker/env" From 9a6d3e5e1e82f72a0495c268f44ea52d31753516 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 16:43:49 -0500 Subject: [PATCH 17/19] Tweaks to Gitea config template. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 1 - ansible/app-configs/gitea_app.ini.j2 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 4f338703..055735f9 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -79,7 +79,6 @@ jobs: options: | --inventory inventory/hosts.yml --check - -vvv requirements: collections/requirements.yml vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} - name: Gotify Notification diff --git a/ansible/app-configs/gitea_app.ini.j2 b/ansible/app-configs/gitea_app.ini.j2 index ea9855ac..bc4e810b 100644 --- a/ansible/app-configs/gitea_app.ini.j2 +++ b/ansible/app-configs/gitea_app.ini.j2 @@ -36,7 +36,7 @@ DB_TYPE = postgres HOST = gitea-db:5432 NAME = gitea USER = gitea -PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'rinoa-docker/data/env', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }} +PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }} LOG_SQL = false SCHEMA = SSL_MODE = disable From b1c355a8950a6bc51f9618407a947e45ce6c9a5c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 17:18:36 -0500 Subject: [PATCH 18/19] Volume fixes. --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 08b0a49c..158e330b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6468,6 +6468,8 @@ volumes: name: filebeat_var gitea-pg-db: name: gitea-pg-db + hortusfox_app_backup: + name: hortusfox_app_backup hortusfox_app_images: name: hortusfox_app_images hortusfox_app_logs: From 006196840fb1802a331739515a3427488fe4b1ef Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 16 Feb 2025 22:45:59 +0000 Subject: [PATCH 19/19] chore: Update README --- README.md | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index ba43bf5f..2b26ce62 100644 --- a/README.md +++ b/README.md @@ -39,13 +39,6 @@ | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 | | gluetun | qmcgaw/gluetun:latest | | gotify | gotify/server | -| grafana | grafana/grafana-enterprise:latest | -| grafana-alloy | grafana/alloy:latest | -| grafana-loki | grafana/loki:latest | -| grafana-mimir | grafana/mimir:latest | -| grafana-mimir-memcached | memcached | -| grafana-pyroscope | grafana/pyroscope:latest | -| grafana-tempo | grafana/tempo:latest | | guacamole | flcontainers/guacamole:latest | | homepage | ghcr.io/gethomepage/homepage:latest | | hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest | @@ -95,6 +88,8 @@ | open-webui | ghcr.io/open-webui/open-webui:main | | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest | | parseable | containers.parseable.com/parseable/parseable:latest | +| peppermint | pepperlabs/peppermint:latest | +| peppermint-pg-db | postgres:17-alpine | | pgbackweb | eduardolat/pgbackweb:latest | | pgbackweb-db | postgres:16-alpine | | plantuml-server | plantuml/plantuml-server:jetty | @@ -144,16 +139,6 @@ | web-check | lissy93/web-check | | your_spotify | lscr.io/linuxserver/your_spotify:latest | | youtubedl | nbr23/youtube-dl-server:latest | -| zammad-backup | postgres: | -| zammad-elasticsearch | bitnami/elasticsearch: | -| zammad-init | : | -| zammad-memcached | memcached: | -| zammad-nginx | : | -| zammad-postgresql | postgres: | -| zammad-railsserver | : | -| zammad-redis | redis: | -| zammad-scheduler | : | -| zammad-websocket | : | | zitadel | ghcr.io/zitadel/zitadel:latest | | zitadel-pg-db | postgres:16-alpine |