Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b15306539f | |||
| 9b6aaacdac | |||
| 22ba4743ef | |||
| a708d28446 | |||
| 2cf916fa05 | |||
| 05eb209229 | |||
| 9c30f3972b | |||
| f96433be4f | |||
| 296d4b6c35 | |||
| 711d9cbfa9 | |||
| cd5f996f39 | |||
| 305f81bbdc | |||
| 77bb59f594 | |||
| 6245e88edc | |||
| 48f9659ede | |||
| 6e5eb45ffe | |||
| 0c314a5000 | |||
| c443d73f6f | |||
| 124d4a86ba | |||
| d08563b985 | |||
| 6b37ad8ea4 |
+12
-11
@@ -6,6 +6,7 @@ on:
|
|||||||
paths:
|
paths:
|
||||||
- '**.j2'
|
- '**.j2'
|
||||||
- 'ansible/**.yml'
|
- 'ansible/**.yml'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check-and-create-pr:
|
check-and-create-pr:
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/main'
|
||||||
@@ -57,7 +58,7 @@ jobs:
|
|||||||
notification_title: 'GITEA: PR Check'
|
notification_title: 'GITEA: PR Check'
|
||||||
notification_message: 'PR Created 🎟️'
|
notification_message: 'PR Created 🎟️'
|
||||||
ansible-linting:
|
ansible-linting:
|
||||||
name: Docker Compose & Ansible Lints
|
name: Ansible Linting
|
||||||
needs: [check-and-create-pr]
|
needs: [check-and-create-pr]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
@@ -70,13 +71,13 @@ jobs:
|
|||||||
- name: Fetch base branch
|
- name: Fetch base branch
|
||||||
run: |
|
run: |
|
||||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||||
- name: Cache Ansible Galaxy Collections
|
# - name: Cache Ansible Galaxy Collections
|
||||||
uses: actions/cache@v3
|
# uses: actions/cache@v3
|
||||||
with:
|
# with:
|
||||||
path: ansible/collections
|
# path: ansible/collections
|
||||||
key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
|
# key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
|
||||||
restore-keys: |
|
# restore-keys: |
|
||||||
${{ runner.os }}-ansible-
|
# ${{ runner.os }}-ansible-
|
||||||
- name: Install Ansible
|
- name: Install Ansible
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
with:
|
with:
|
||||||
@@ -112,7 +113,7 @@ jobs:
|
|||||||
notification_message: 'Docker Compose dry run completed successfully.'
|
notification_message: 'Docker Compose dry run completed successfully.'
|
||||||
pr-merge:
|
pr-merge:
|
||||||
name: PR Merge
|
name: PR Merge
|
||||||
needs: [regenerate-readme-modified-services]
|
needs: [ansible-linting]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
@@ -139,8 +140,8 @@ jobs:
|
|||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||||
notification_title: 'GITEA: PR Merge Successful'
|
notification_title: 'GITEA: PR Merge Successful'
|
||||||
notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
|
notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
|
||||||
ansible-config-docker-compose-deploy:
|
ansible-config-deploy:
|
||||||
name: Ansible Configs & Docker Compose Deployment
|
name: Ansible Playbook Run (Service Configs)
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [pr-merge]
|
needs: [pr-merge]
|
||||||
env:
|
env:
|
||||||
@@ -2,5 +2,5 @@
|
|||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
urls:
|
urls:
|
||||||
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
- gotify://gotify/{{ vault_secrets['APPRISE_GOTIFY_TOKEN'] }}
|
||||||
- mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
|
- mailtos://{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}:{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
|
||||||
@@ -64,11 +64,11 @@ authentication_backend:
|
|||||||
mail: mail
|
mail: mail
|
||||||
display_name: displayName
|
display_name: displayName
|
||||||
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
password: '{{ vault_secrets['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
||||||
refresh_interval: 5m
|
refresh_interval: 5m
|
||||||
identity_validation:
|
identity_validation:
|
||||||
reset_password:
|
reset_password:
|
||||||
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
|
jwt_secret: '{{ vault_secrets['AUTHELIA_JWT_SECRET'] }}'
|
||||||
password_policy:
|
password_policy:
|
||||||
standard:
|
standard:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -104,7 +104,7 @@ access_control:
|
|||||||
- ['user:the.trezured.one']
|
- ['user:the.trezured.one']
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
secret: '{{ vault_secrets['AUTHELIA_SESSION_SECRET'] }}'
|
||||||
expiration: 1h
|
expiration: 1h
|
||||||
inactivity: 5m
|
inactivity: 5m
|
||||||
remember_me: 1M
|
remember_me: 1M
|
||||||
@@ -115,12 +115,12 @@ session:
|
|||||||
host: redis
|
host: redis
|
||||||
port: 6379
|
port: 6379
|
||||||
storage:
|
storage:
|
||||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
encryption_key: '{{ vault_secrets['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
||||||
postgres:
|
postgres:
|
||||||
address: 'tcp://authelia-pg:5432'
|
address: 'tcp://authelia-pg:5432'
|
||||||
database: authelia
|
database: authelia
|
||||||
username: authelia
|
username: authelia
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
password: '{{ vault_secrets['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
||||||
timeout: '5s'
|
timeout: '5s'
|
||||||
regulation:
|
regulation:
|
||||||
max_retries: 3
|
max_retries: 3
|
||||||
@@ -131,8 +131,8 @@ notifier:
|
|||||||
smtp:
|
smtp:
|
||||||
address: 'smtp://postal-smtp:25'
|
address: 'smtp://postal-smtp:25'
|
||||||
timeout: '5s'
|
timeout: '5s'
|
||||||
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
|
username: '{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}'
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
password: '{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
||||||
sender: "Authelia <noreply@trez.wtf>"
|
sender: "Authelia <noreply@trez.wtf>"
|
||||||
identifier: 'localhost'
|
identifier: 'localhost'
|
||||||
subject: "[Authelia] {title}"
|
subject: "[Authelia] {title}"
|
||||||
@@ -142,10 +142,10 @@ notifier:
|
|||||||
disable_html_emails: false
|
disable_html_emails: false
|
||||||
identity_providers:
|
identity_providers:
|
||||||
oidc:
|
oidc:
|
||||||
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
hmac_secret: '{{ vault_secrets['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
||||||
jwks:
|
jwks:
|
||||||
- key: |
|
- key: |
|
||||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
|
{{ vault_secrets["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
|
||||||
cors:
|
cors:
|
||||||
allowed_origins_from_client_redirect_uris: true
|
allowed_origins_from_client_redirect_uris: true
|
||||||
endpoints:
|
endpoints:
|
||||||
@@ -157,7 +157,7 @@ identity_providers:
|
|||||||
clients:
|
clients:
|
||||||
- client_id: 'netbird'
|
- client_id: 'netbird'
|
||||||
client_name: 'NetBird'
|
client_name: 'NetBird'
|
||||||
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
client_secret: '{{ vault_secrets['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
||||||
public: false
|
public: false
|
||||||
authorization_policy: 'two_factor'
|
authorization_policy: 'two_factor'
|
||||||
redirect_uris:
|
redirect_uris:
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
|
||||||
source: journalctl
|
source: journalctl
|
||||||
journalctl_filter:
|
journalctl_filter:
|
||||||
- "--directory=/var/log/host/"
|
- "--directory=/var/log/host/"
|
||||||
|
|||||||
@@ -3,4 +3,4 @@
|
|||||||
|
|
||||||
url: http://0.0.0.0:8080
|
url: http://0.0.0.0:8080
|
||||||
login: localhost
|
login: localhost
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }}
|
password: {{ vault_secrets['CROWDSEC_LOCAL_API_KEY'] }}
|
||||||
@@ -9,7 +9,7 @@
|
|||||||
"host" : "mariadb",
|
"host" : "mariadb",
|
||||||
"port" : 3306,
|
"port" : 3306,
|
||||||
"user" : "ghost",
|
"user" : "ghost",
|
||||||
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
|
"password" : "{{ vault_secrets['GHOST_DB_PASSWORD'] }}",
|
||||||
"database" : "ghost_db"
|
"database" : "ghost_db"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -21,8 +21,8 @@
|
|||||||
"port": 25,
|
"port": 25,
|
||||||
"secure": false,
|
"secure": false,
|
||||||
"auth": {
|
"auth": {
|
||||||
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
|
"user": "{{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}",
|
||||||
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
"pass": "{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ DISABLE_SSH = false
|
|||||||
SSH_PORT = 22
|
SSH_PORT = 22
|
||||||
SSH_LISTEN_PORT = 22
|
SSH_LISTEN_PORT = 22
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
|
LFS_JWT_SECRET = {{ vault_secrets['GITEA_LFS_JWT_SECRET'] }}
|
||||||
OFFLINE_MODE = true
|
OFFLINE_MODE = true
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
@@ -36,7 +36,7 @@ DB_TYPE = postgres
|
|||||||
HOST = gitea-db:5432
|
HOST = gitea-db:5432
|
||||||
NAME = gitea
|
NAME = gitea
|
||||||
USER = gitea
|
USER = gitea
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
|
PASSWD = {{ vault_secrets['GITEA_PG_DB_PASSWORD'] }}
|
||||||
LOG_SQL = false
|
LOG_SQL = false
|
||||||
SCHEMA =
|
SCHEMA =
|
||||||
SSL_MODE = disable
|
SSL_MODE = disable
|
||||||
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
|
|||||||
SECRET_KEY =
|
SECRET_KEY =
|
||||||
REVERSE_PROXY_LIMIT = 1
|
REVERSE_PROXY_LIMIT = 1
|
||||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||||
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
|
INTERNAL_TOKEN = {{ vault_secrets['GITEA_INTERNAL_TOKEN'] }}
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
PASSWORD_HASH_ALGO = pbkdf2
|
||||||
|
|
||||||
[service]
|
[service]
|
||||||
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
|
|||||||
PATH = /data/git/lfs
|
PATH = /data/git/lfs
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
PASSWD = {{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||||
PROTOCOL = smtp
|
PROTOCOL = smtp
|
||||||
ENABLED = true
|
ENABLED = true
|
||||||
FROM = '"Gitea" <noreply@trez.wtf>'
|
FROM = '"Gitea" <noreply@trez.wtf>'
|
||||||
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
|
|||||||
DEFAULT_TRUST_MODEL = committer
|
DEFAULT_TRUST_MODEL = committer
|
||||||
|
|
||||||
[oauth2]
|
[oauth2]
|
||||||
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
|
JWT_SECRET = {{ vault_secrets['GITEA_OAUTH2_JWT_SECRET'] }}
|
||||||
|
|
||||||
[ui]
|
[ui]
|
||||||
THEMES =
|
THEMES =
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ gitea:
|
|||||||
# Created access token for the user that shall be used as bot account.
|
# Created access token for the user that shall be used as bot account.
|
||||||
# User needs "Read project" permissions with access to "Pull Requests"
|
# User needs "Read project" permissions with access to "Pull Requests"
|
||||||
token:
|
token:
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
value: "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# file: /path/to/gitea/token
|
# file: /path/to/gitea/token
|
||||||
|
|
||||||
@@ -18,7 +18,7 @@ gitea:
|
|||||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
||||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
||||||
webhook:
|
webhook:
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
secret: "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# secretFile: /path/to/gitea/webhook/secret
|
# secretFile: /path/to/gitea/webhook/secret
|
||||||
|
|
||||||
@@ -35,7 +35,7 @@ sonarqube:
|
|||||||
# Created access token for the user that shall be used as bot account.
|
# Created access token for the user that shall be used as bot account.
|
||||||
# User needs "Browse on project" permissions
|
# User needs "Browse on project" permissions
|
||||||
token:
|
token:
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
value: "{{ vault_secrets['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# file: /path/to/sonarqube/token
|
# file: /path/to/sonarqube/token
|
||||||
|
|
||||||
@@ -45,7 +45,7 @@ sonarqube:
|
|||||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
||||||
# validated.
|
# validated.
|
||||||
webhook:
|
webhook:
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
secret: "{{ vault_secrets['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# secretFile: /path/to/sonarqube/webhook/secret
|
# secretFile: /path/to/sonarqube/webhook/secret
|
||||||
|
|
||||||
|
|||||||
@@ -4,8 +4,8 @@ storage:
|
|||||||
bucket_name: pyroscope
|
bucket_name: pyroscope
|
||||||
endpoint: minio:9000
|
endpoint: minio:9000
|
||||||
region: us-east-fh-pln
|
region: us-east-fh-pln
|
||||||
access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
|
access_key_id: {{ vault_secrets['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
|
||||||
secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
|
secret_access_key: {{ vault_secrets['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
|
||||||
insecure: true
|
insecure: true
|
||||||
|
|
||||||
analytics:
|
analytics:
|
||||||
|
|||||||
@@ -46,8 +46,8 @@ storage:
|
|||||||
s3:
|
s3:
|
||||||
bucket: tempo # how to store data in s3
|
bucket: tempo # how to store data in s3
|
||||||
endpoint: minio:9000
|
endpoint: minio:9000
|
||||||
access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
|
access_key: {{ vault_secrets['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
|
||||||
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
|
secret_key: {{ vault_secrets['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
|
||||||
insecure: true
|
insecure: true
|
||||||
|
|
||||||
usage_report:
|
usage_report:
|
||||||
|
|||||||
@@ -29,5 +29,5 @@
|
|||||||
widget:
|
widget:
|
||||||
type: homeassistant
|
type: homeassistant
|
||||||
url: http://192.168.1.252:8123
|
url: http://192.168.1.252:8123
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
|
key: {{ vault_secrets['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
|
||||||
|
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
# https://gethomepage.dev/en/configs/settings
|
# https://gethomepage.dev/en/configs/settings
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
openweathermap: {{ vault_secrets['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
||||||
# weatherapi: weatherapiapikey
|
# weatherapi: weatherapiapikey
|
||||||
title: Rinoa Dashboard (trez.WTF)
|
title: Rinoa Dashboard (trez.WTF)
|
||||||
headerStyle: underlined
|
headerStyle: underlined
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ db:
|
|||||||
host: invidious-db
|
host: invidious-db
|
||||||
port: 5432
|
port: 5432
|
||||||
dbname: invidious
|
dbname: invidious
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PG_DB_PASSWORD'] }}
|
password: {{ vault_secrets['INVID_PG_DB_PASSWORD'] }}
|
||||||
|
|
||||||
##
|
##
|
||||||
## Database configuration using a single URI. This is an
|
## Database configuration using a single URI. This is an
|
||||||
@@ -210,8 +210,8 @@ https_only: false
|
|||||||
## Accepted values: String
|
## Accepted values: String
|
||||||
## Default: <none>
|
## Default: <none>
|
||||||
##
|
##
|
||||||
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PO_TOKEN'] }}
|
po_token: {{ vault_secrets['INVID_PO_TOKEN'] }}
|
||||||
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_VISITOR_DATA'] }}
|
visitor_data: {{ vault_secrets['INVID_VISITOR_DATA'] }}
|
||||||
|
|
||||||
# -----------------------------
|
# -----------------------------
|
||||||
# Logging
|
# Logging
|
||||||
@@ -471,7 +471,7 @@ jobs:
|
|||||||
## Accepted values: a string
|
## Accepted values: a string
|
||||||
## Default: <none>
|
## Default: <none>
|
||||||
##
|
##
|
||||||
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_HMAC_KEY'] }}
|
hmac_key: {{ vault_secrets['INVID_HMAC_KEY'] }}
|
||||||
|
|
||||||
##
|
##
|
||||||
## List of video IDs where the "download" widget must be
|
## List of video IDs where the "download" widget must be
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# IN application vars
|
# IN application vars
|
||||||
IN_APP_URL=https://biz.trez.wtf
|
IN_APP_URL=https://biz.trez.wtf
|
||||||
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }}
|
IN_APP_KEY={{ vault_secrets['IN_APP_KEY'] }}
|
||||||
IN_APP_DEBUG=true
|
IN_APP_DEBUG=true
|
||||||
IN_REQUIRE_HTTPS=false
|
IN_REQUIRE_HTTPS=false
|
||||||
IN_PHANTOMJS_PDF_GENERATION=false
|
IN_PHANTOMJS_PDF_GENERATION=false
|
||||||
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
|
|||||||
IN_DB_PORT=3306
|
IN_DB_PORT=3306
|
||||||
IN_DB_DATABASE=invoice_ninja
|
IN_DB_DATABASE=invoice_ninja
|
||||||
IN_DB_USERNAME=ininja
|
IN_DB_USERNAME=ininja
|
||||||
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }}
|
IN_DB_PASSWORD={{ vault_secrets['IN_MYSQL_PASSWORD'] }}
|
||||||
|
|
||||||
# Create initial user
|
# Create initial user
|
||||||
# Default to these values if empty
|
# Default to these values if empty
|
||||||
@@ -31,8 +31,8 @@ IN_PASSWORD=
|
|||||||
IN_MAIL_MAILER=log
|
IN_MAIL_MAILER=log
|
||||||
IN_MAIL_HOST=postal-smtp
|
IN_MAIL_HOST=postal-smtp
|
||||||
IN_MAIL_PORT=25
|
IN_MAIL_PORT=25
|
||||||
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
IN_MAIL_USERNAME={{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}
|
||||||
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
IN_MAIL_PASSWORD={{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||||
IN_MAIL_ENCRYPTION=null
|
IN_MAIL_ENCRYPTION=null
|
||||||
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
||||||
IN_MAIL_FROM_NAME='Treasured IT'
|
IN_MAIL_FROM_NAME='Treasured IT'
|
||||||
|
|||||||
@@ -17,7 +17,7 @@
|
|||||||
HOST=localhost
|
HOST=localhost
|
||||||
PORT=3080
|
PORT=3080
|
||||||
|
|
||||||
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
|
MONGO_URI=mongodb://librechat:{{ vault_secrets['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
|
||||||
|
|
||||||
DOMAIN_CLIENT=https://ai.trez.wtf
|
DOMAIN_CLIENT=https://ai.trez.wtf
|
||||||
DOMAIN_SERVER=https://ai.trez.wtf
|
DOMAIN_SERVER=https://ai.trez.wtf
|
||||||
@@ -73,12 +73,12 @@ PROXY=
|
|||||||
# ANYSCALE_API_KEY=
|
# ANYSCALE_API_KEY=
|
||||||
# APIPIE_API_KEY=
|
# APIPIE_API_KEY=
|
||||||
# COHERE_API_KEY=
|
# COHERE_API_KEY=
|
||||||
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
|
DEEPSEEK_API_KEY={{ vault_secrets['LIBRECHAT_DEEPSEEK_API_KEY'] }}
|
||||||
# DATABRICKS_API_KEY=
|
# DATABRICKS_API_KEY=
|
||||||
# FIREWORKS_API_KEY=
|
# FIREWORKS_API_KEY=
|
||||||
# GROQ_API_KEY=
|
# GROQ_API_KEY=
|
||||||
# HUGGINGFACE_TOKEN=
|
# HUGGINGFACE_TOKEN=
|
||||||
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
|
MISTRAL_API_KEY={{ vault_secrets['LIBRECHAT_MISTRAL_API_KEY'] }}
|
||||||
# OPENROUTER_KEY=
|
# OPENROUTER_KEY=
|
||||||
# PERPLEXITY_API_KEY=
|
# PERPLEXITY_API_KEY=
|
||||||
# SHUTTLEAI_API_KEY=
|
# SHUTTLEAI_API_KEY=
|
||||||
@@ -90,7 +90,7 @@ MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_m
|
|||||||
# Anthropic #
|
# Anthropic #
|
||||||
#============#
|
#============#
|
||||||
|
|
||||||
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
|
ANTHROPIC_API_KEY={{ vault_secrets['LIBRECHAT_ANTHROPIC_API_KEY'] }}
|
||||||
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
|
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
|
||||||
# ANTHROPIC_REVERSE_PROXY=
|
# ANTHROPIC_REVERSE_PROXY=
|
||||||
|
|
||||||
@@ -177,7 +177,7 @@ ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-
|
|||||||
# OpenAI #
|
# OpenAI #
|
||||||
#============#
|
#============#
|
||||||
|
|
||||||
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
|
OPENAI_API_KEY={{ vault_secrets['LIBRECHAT_OPENAI_API_KEY'] }}
|
||||||
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
|
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
|
||||||
|
|
||||||
DEBUG_OPENAI=false
|
DEBUG_OPENAI=false
|
||||||
@@ -226,8 +226,8 @@ DEBUG_OPENAI=false
|
|||||||
|
|
||||||
# DEBUG_PLUGINS=
|
# DEBUG_PLUGINS=
|
||||||
|
|
||||||
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
|
CREDS_KEY={{ vault_secrets['LIBRECHAT_CREDS_KEY'] }}
|
||||||
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
|
CREDS_IV={{ vault_secrets['LIBRECHAT_CREDS_IV'] }}
|
||||||
|
|
||||||
# Azure AI Search
|
# Azure AI Search
|
||||||
#-----------------
|
#-----------------
|
||||||
@@ -298,7 +298,7 @@ ZAPIER_NLA_API_KEY=
|
|||||||
SEARCH=true
|
SEARCH=true
|
||||||
MEILI_NO_ANALYTICS=true
|
MEILI_NO_ANALYTICS=true
|
||||||
MEILI_HOST=http://meilisearch:7700
|
MEILI_HOST=http://meilisearch:7700
|
||||||
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
|
MEILI_MASTER_KEY={{ vault_secrets['MEILISEARCH_MASTER_KEY'] }}
|
||||||
|
|
||||||
# Optional: Disable indexing, useful in a multi-node setup
|
# Optional: Disable indexing, useful in a multi-node setup
|
||||||
# where only one instance should perform an index sync.
|
# where only one instance should perform an index sync.
|
||||||
@@ -384,8 +384,8 @@ ALLOW_UNVERIFIED_EMAIL_LOGIN=true
|
|||||||
SESSION_EXPIRY=1000 * 60 * 15
|
SESSION_EXPIRY=1000 * 60 * 15
|
||||||
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
||||||
|
|
||||||
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
|
JWT_SECRET={{ vault_secrets['LIBRECHAT_JWT_SECRET'] }}
|
||||||
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
|
JWT_REFRESH_SECRET={{ vault_secrets['LIBRECHAT_JWT_REFRESH_SECRET'] }}
|
||||||
|
|
||||||
|
|
||||||
# Discord
|
# Discord
|
||||||
@@ -547,4 +547,4 @@ USE_REDIS=true
|
|||||||
#=====================================================#
|
#=====================================================#
|
||||||
# OpenWeather #
|
# OpenWeather #
|
||||||
#=====================================================#
|
#=====================================================#
|
||||||
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
OPENWEATHER_API_KEY={{ vault_secrets['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
||||||
@@ -7,7 +7,7 @@
|
|||||||
<SslPort>6868</SslPort>
|
<SslPort>6868</SslPort>
|
||||||
<EnableSsl>False</EnableSsl>
|
<EnableSsl>False</EnableSsl>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey>
|
<ApiKey>{{ vault_secrets['LIDARR_API_KEY'] }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<Branch>master</Branch>
|
<Branch>master</Branch>
|
||||||
<LogLevel>trace</LogLevel>
|
<LogLevel>trace</LogLevel>
|
||||||
|
|||||||
@@ -3,11 +3,11 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
"lidarr_address": "http://lidarr:8686",
|
"lidarr_address": "http://lidarr:8686",
|
||||||
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}",
|
"lidarr_api_key": "{{ vault_secrets['LIDARR_API_KEY'] }}",
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"spotify_client_secret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
|
||||||
"root_folder_path": "/data/media/music",
|
"root_folder_path": "/data/media/music",
|
||||||
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
"spotify_client_id": "{{ vault_secrets['YOUR_SPOTIFY_ID'] }}",
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"spotify_client_secret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"lidarr_api_timeout": 120.0,
|
"lidarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
@@ -17,8 +17,8 @@
|
|||||||
"app_name": "lidify",
|
"app_name": "lidify",
|
||||||
"app_rev": "0.09",
|
"app_rev": "0.09",
|
||||||
"app_url": "lidify.trez.wtf",
|
"app_url": "lidify.trez.wtf",
|
||||||
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
"last_fm_api_key": "{{ vault_secrets['LASTFM_API_KEY'] }}",
|
||||||
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
"last_fm_api_secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
|
||||||
"mode": "LastFM",
|
"mode": "LastFM",
|
||||||
"auto_start": false,
|
"auto_start": false,
|
||||||
"auto_start_delay": 60
|
"auto_start_delay": 60
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ global_keywords:
|
|||||||
- fatal
|
- fatal
|
||||||
notifications:
|
notifications:
|
||||||
apprise:
|
apprise:
|
||||||
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
url: gotify://gotify/{{ vault_secrets['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
||||||
# settings are optional because they all have default values
|
# settings are optional because they all have default values
|
||||||
settings:
|
settings:
|
||||||
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
||||||
|
|||||||
@@ -27,8 +27,8 @@
|
|||||||
"clients": [],
|
"clients": [],
|
||||||
"name": "spotify",
|
"name": "spotify",
|
||||||
"data": {
|
"data": {
|
||||||
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
"clientId": "{{ vault_secrets['YOUR_SPOTIFY_ID'] }}",
|
||||||
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"clientSecret": "{{ vault_secrets['YOUR_SPOTIFY_SECRET'] }}",
|
||||||
"redirectUri": "http://localhost:9078/callback"
|
"redirectUri": "http://localhost:9078/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -38,8 +38,8 @@
|
|||||||
"clients": [],
|
"clients": [],
|
||||||
"name": "lastfm",
|
"name": "lastfm",
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "{{ vault_secrets['LASTFM_API_KEY'] }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
|
||||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -49,7 +49,7 @@
|
|||||||
"clients": [],
|
"clients": [],
|
||||||
"name": "listenBrainz",
|
"name": "listenBrainz",
|
||||||
"data": {
|
"data": {
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
"token": "{{ vault_secrets['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||||
"username": "Trez.One"
|
"username": "Trez.One"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -61,7 +61,7 @@
|
|||||||
"data": {
|
"data": {
|
||||||
"url": "http://navidrome:4533",
|
"url": "http://navidrome:4533",
|
||||||
"user": "admin",
|
"user": "admin",
|
||||||
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}"
|
"password": "{{ vault_secrets['NAVIDROME_PASSWORD'] }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -71,8 +71,8 @@
|
|||||||
"enable": true,
|
"enable": true,
|
||||||
"name": "lastFmClient",
|
"name": "lastFmClient",
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "{{ vault_secrets['LASTFM_API_KEY'] }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "{{ vault_secrets['LASTFM_API_SECRET'] }}",
|
||||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -81,7 +81,7 @@
|
|||||||
"enable": true,
|
"enable": true,
|
||||||
"name": "ListenBrainzClient",
|
"name": "ListenBrainzClient",
|
||||||
"data": {
|
"data": {
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
"token": "{{ vault_secrets['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||||
"username": "Trez.One"
|
"username": "Trez.One"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -91,7 +91,7 @@
|
|||||||
"name": "maloja",
|
"name": "maloja",
|
||||||
"data": {
|
"data": {
|
||||||
"url": "http://maloja:42010",
|
"url": "http://maloja:42010",
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
|
"apiKey": "{{ vault_secrets['MALOJA_API_KEY'] }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -100,7 +100,7 @@
|
|||||||
"name": "Gotify",
|
"name": "Gotify",
|
||||||
"type": "gotify",
|
"type": "gotify",
|
||||||
"url": "http://gotify",
|
"url": "http://gotify",
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
"token": "{{ vault_secrets['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
||||||
"priorities": {
|
"priorities": {
|
||||||
"info": 5,
|
"info": 5,
|
||||||
"warn": 7,
|
"warn": 7,
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
"Stuns": [
|
"Stuns": [
|
||||||
{
|
{
|
||||||
"Proto": "udp",
|
"Proto": "udp",
|
||||||
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
"URI": "stun:netbird.{{ vault_secrets['MY_TLD'] }}:3478",
|
||||||
"Username": "",
|
"Username": "",
|
||||||
"Password": null
|
"Password": null
|
||||||
}
|
}
|
||||||
@@ -11,9 +11,9 @@
|
|||||||
"Turns": [
|
"Turns": [
|
||||||
{
|
{
|
||||||
"Proto": "udp",
|
"Proto": "udp",
|
||||||
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
"URI": "turn:netbird.{{ vault_secrets['MY_TLD'] }}:3478",
|
||||||
"Username": "self",
|
"Username": "self",
|
||||||
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
"Password": "{{ vault_secrets['NETBIRD_TURN_PASSWORD'] }}"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"CredentialsTTL": "12h",
|
"CredentialsTTL": "12h",
|
||||||
@@ -22,14 +22,14 @@
|
|||||||
},
|
},
|
||||||
"Relay": {
|
"Relay": {
|
||||||
"Addresses": [
|
"Addresses": [
|
||||||
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
"rel://netbird.{{ vault_secrets['MY_TLD'] }}:33080"
|
||||||
],
|
],
|
||||||
"CredentialsTTL": "24h",
|
"CredentialsTTL": "24h",
|
||||||
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
"Secret": "{{ vault_secrets['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
||||||
},
|
},
|
||||||
"Signal": {
|
"Signal": {
|
||||||
"Proto": "https",
|
"Proto": "https",
|
||||||
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
"URI": "netbird.{{ vault_secrets['MY_TLD'] }}:10001",
|
||||||
"Username": "",
|
"Username": "",
|
||||||
"Password": null
|
"Password": null
|
||||||
},
|
},
|
||||||
@@ -47,14 +47,14 @@
|
|||||||
},
|
},
|
||||||
"HttpConfig": {
|
"HttpConfig": {
|
||||||
"Address": "0.0.0.0:33073",
|
"Address": "0.0.0.0:33073",
|
||||||
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
"AuthIssuer": "https://auth.{{ vault_secrets['MY_TLD'] }}",
|
||||||
"AuthAudience": "netbird",
|
"AuthAudience": "netbird",
|
||||||
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
"AuthKeysLocation": "https://auth.{{ vault_secrets['MY_TLD'] }}/jwks.json",
|
||||||
"AuthUserIDClaim": "",
|
"AuthUserIDClaim": "",
|
||||||
"CertFile": "",
|
"CertFile": "",
|
||||||
"CertKey": "",
|
"CertKey": "",
|
||||||
"IdpSignKeyRefreshEnabled": true,
|
"IdpSignKeyRefreshEnabled": true,
|
||||||
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
"OIDCConfigEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/.well-known/openid-configuration"
|
||||||
},
|
},
|
||||||
"IdpManagerConfig": {},
|
"IdpManagerConfig": {},
|
||||||
"DeviceAuthorizationFlow": {},
|
"DeviceAuthorizationFlow": {},
|
||||||
@@ -62,10 +62,10 @@
|
|||||||
"ProviderConfig": {
|
"ProviderConfig": {
|
||||||
"Audience": "netbird",
|
"Audience": "netbird",
|
||||||
"ClientID": "netbird",
|
"ClientID": "netbird",
|
||||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
"ClientSecret": "{{ vault_secrets['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
||||||
"Domain": "",
|
"Domain": "",
|
||||||
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
"AuthorizationEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/api/oidc/authorization",
|
||||||
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
"TokenEndpoint": "https://auth.{{ vault_secrets['MY_TLD'] }}/api/oidc/token",
|
||||||
"Scope": "openid profile email offline_access api",
|
"Scope": "openid profile email offline_access api",
|
||||||
"RedirectURLs": [
|
"RedirectURLs": [
|
||||||
"http://localhost:53000"
|
"http://localhost:53000"
|
||||||
|
|||||||
@@ -250,7 +250,7 @@ lt-cred-mech
|
|||||||
#user=username1:key1
|
#user=username1:key1
|
||||||
#user=username2:key2
|
#user=username2:key2
|
||||||
# OR:
|
# OR:
|
||||||
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
|
user=self:{{ vault_secrets['NETBIRD_TURN_PASSWORD'] }}
|
||||||
#user=username2:password2
|
#user=username2:password2
|
||||||
#
|
#
|
||||||
# Keys must be generated by turnadmin utility. The key value depends
|
# Keys must be generated by turnadmin utility. The key value depends
|
||||||
|
|||||||
@@ -18,13 +18,13 @@ web_server:
|
|||||||
main_db:
|
main_db:
|
||||||
host: mariadb
|
host: mariadb
|
||||||
username: postal
|
username: postal
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
password: {{ vault_secrets['POSTAL_MYSQL_PASSWORD'] }}
|
||||||
database: postal
|
database: postal
|
||||||
|
|
||||||
message_db:
|
message_db:
|
||||||
host: mariadb
|
host: mariadb
|
||||||
username: postal
|
username: postal
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
password: {{ vault_secrets['POSTAL_MYSQL_PASSWORD'] }}
|
||||||
prefix: postal
|
prefix: postal
|
||||||
|
|
||||||
smtp_server:
|
smtp_server:
|
||||||
@@ -52,11 +52,11 @@ smtp:
|
|||||||
host: postal-smtp
|
host: postal-smtp
|
||||||
port: 25
|
port: 25
|
||||||
username: rinoa/postal-smtp
|
username: rinoa/postal-smtp
|
||||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
password: "{{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
||||||
from_name: Postal @ Rinoa
|
from_name: Postal @ Rinoa
|
||||||
from_address: noreply@trez.wtf
|
from_address: noreply@trez.wtf
|
||||||
|
|
||||||
rails:
|
rails:
|
||||||
# This is generated automatically by the config initialization. It should be a random
|
# This is generated automatically by the config initialization. It should be a random
|
||||||
# string unique to your installation.
|
# string unique to your installation.
|
||||||
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
|
secret_key: "{{ vault_secrets['POSTAL_RAILS_SECRET_KEY'] }}"
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
<SslPort>6969</SslPort>
|
<SslPort>6969</SslPort>
|
||||||
<EnableSsl>False</EnableSsl>
|
<EnableSsl>False</EnableSsl>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
|
<ApiKey>{{ vault_secrets['PROWLARR_API_KEY'] }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
||||||
<Branch>master</Branch>
|
<Branch>master</Branch>
|
||||||
|
|||||||
@@ -3,9 +3,9 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
"radarr_address": "http://radarr:7878",
|
"radarr_address": "http://radarr:7878",
|
||||||
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}",
|
"radarr_api_key": "{{ vault_secrets['RADARR_API_KEY'] }}",
|
||||||
"root_folder_path": "/data/media/movies",
|
"root_folder_path": "/data/media/movies",
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
|
"tmdb_api_key": "{{ vault_secrets['TMDB_API_KEY'] }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"radarr_api_timeout": 120.0,
|
"radarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
<SslCertPath></SslCertPath>
|
<SslCertPath></SslCertPath>
|
||||||
<Port>7878</Port>
|
<Port>7878</Port>
|
||||||
<UrlBase></UrlBase>
|
<UrlBase></UrlBase>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey>
|
<ApiKey>{{ vault_secrets['RADARR_API_KEY'] }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
<UpdateMechanism>Docker</UpdateMechanism>
|
||||||
<SslPort>9898</SslPort>
|
<SslPort>9898</SslPort>
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
<SslPort>6868</SslPort>
|
<SslPort>6868</SslPort>
|
||||||
<EnableSsl>False</EnableSsl>
|
<EnableSsl>False</EnableSsl>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey>
|
<ApiKey>{{ vault_secrets['READARR_API_KEY'] }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<Branch>develop</Branch>
|
<Branch>develop</Branch>
|
||||||
<LogLevel>info</LogLevel>
|
<LogLevel>info</LogLevel>
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ host = 0.0.0.0
|
|||||||
port = 8080
|
port = 8080
|
||||||
https_port = 8090
|
https_port = 8090
|
||||||
username = thetrezuredone
|
username = thetrezuredone
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }}
|
password = {{ vault_secrets['SABNZBDVPN_PASSWORD'] }}
|
||||||
bandwidth_max = 1000M
|
bandwidth_max = 1000M
|
||||||
cache_limit = 1G
|
cache_limit = 1G
|
||||||
web_dir = Glitter
|
web_dir = Glitter
|
||||||
@@ -33,7 +33,7 @@ https_chain = ""
|
|||||||
enable_https = 1
|
enable_https = 1
|
||||||
inet_exposure = 0
|
inet_exposure = 0
|
||||||
local_ranges = ,
|
local_ranges = ,
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }}
|
api_key = {{ vault_secrets['SABNZBDVPN_API_KEY'] }}
|
||||||
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
||||||
permissions = 775
|
permissions = 775
|
||||||
download_dir = /storage/downloads/incomplete
|
download_dir = /storage/downloads/incomplete
|
||||||
@@ -342,7 +342,7 @@ host = news.newshosting.com
|
|||||||
port = 563
|
port = 563
|
||||||
timeout = 60
|
timeout = 60
|
||||||
username = thetrezuredone
|
username = thetrezuredone
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
|
password = {{ vault_secrets['SLSK_USER_PASSWORD'] }}
|
||||||
connections = 8
|
connections = 8
|
||||||
ssl = 1
|
ssl = 1
|
||||||
ssl_verify = 3
|
ssl_verify = 3
|
||||||
@@ -363,7 +363,7 @@ host = news.easynews.com
|
|||||||
port = 443
|
port = 443
|
||||||
timeout = 60
|
timeout = 60
|
||||||
username = TrezOne
|
username = TrezOne
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
|
password = {{ vault_secrets['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
|
||||||
connections = 60
|
connections = 60
|
||||||
ssl = 0
|
ssl = 0
|
||||||
ssl_verify = 3
|
ssl_verify = 3
|
||||||
|
|||||||
@@ -82,7 +82,7 @@ server:
|
|||||||
# If your instance owns a /etc/searxng/settings.yml file, then set the following
|
# If your instance owns a /etc/searxng/settings.yml file, then set the following
|
||||||
# values there.
|
# values there.
|
||||||
|
|
||||||
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
|
secret_key: {{ vault_secrets['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
|
||||||
# Proxying image results through searx
|
# Proxying image results through searx
|
||||||
image_proxy: true
|
image_proxy: true
|
||||||
# 1.0 and 1.1 are supported
|
# 1.0 and 1.1 are supported
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
<SslPort>9898</SslPort>
|
<SslPort>9898</SslPort>
|
||||||
<UrlBase></UrlBase>
|
<UrlBase></UrlBase>
|
||||||
<BindAddress>*</BindAddress>
|
<BindAddress>*</BindAddress>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}</ApiKey>
|
<ApiKey>{{ vault_secrets['SONARR_API_KEY'] }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
<UpdateMechanism>Docker</UpdateMechanism>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
|
|||||||
@@ -3,10 +3,10 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
"sonarr_address": "http://192.168.1.2:8989",
|
"sonarr_address": "http://192.168.1.2:8989",
|
||||||
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}",
|
"sonarr_api_key": "{{ vault_secrets['SONARR_API_KEY'] }}",
|
||||||
"root_folder_path": "/data/media/shows",
|
"root_folder_path": "/data/media/shows",
|
||||||
"tvdb_api_key": "",
|
"tvdb_api_key": "",
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
|
"tmdb_api_key": "{{ vault_secrets['TMDB_API_KEY'] }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"sonarr_api_timeout": 120.0,
|
"sonarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
[Lidarr]
|
[Lidarr]
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
|
api_key = {{ vault_secrets['LIDARR_API_KEY'] }}
|
||||||
host_url = http://lidarr:8686
|
host_url = http://lidarr:8686
|
||||||
#This should be the path mounted in lidarr that points to your slskd download directory.
|
#This should be the path mounted in lidarr that points to your slskd download directory.
|
||||||
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
||||||
@@ -10,7 +10,7 @@ download_dir = /storage
|
|||||||
|
|
||||||
[Slskd]
|
[Slskd]
|
||||||
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
|
api_key = {{ vault_secrets['SLSKD_API_KEY'] }}
|
||||||
host_url = http://gluetun:5030
|
host_url = http://gluetun:5030
|
||||||
#Slskd download directory. Should have set it up when installing Slskd.
|
#Slskd download directory. Should have set it up when installing Slskd.
|
||||||
download_dir = /app/downloads
|
download_dir = /app/downloads
|
||||||
|
|||||||
@@ -198,15 +198,15 @@ rooms:
|
|||||||
web:
|
web:
|
||||||
authentication:
|
authentication:
|
||||||
username: slskd
|
username: slskd
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }}
|
password: {{ vault_secrets['SLSKD_WEB_PASSSWORD'] }}
|
||||||
api_keys:
|
api_keys:
|
||||||
my_api_key:
|
my_api_key:
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
|
key: {{ vault_secrets['SLSKD_API_KEY'] }}
|
||||||
role: readwrite
|
role: readwrite
|
||||||
cidr: 0.0.0.0/0,::/0
|
cidr: 0.0.0.0/0,::/0
|
||||||
soulseek:
|
soulseek:
|
||||||
address: vps.slsknet.org
|
address: vps.slsknet.org
|
||||||
port: 2271
|
port: 2271
|
||||||
username: Trez.One
|
username: Trez.One
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
|
password: {{ vault_secrets['SLSK_USER_PASSWORD'] }}
|
||||||
diagnostic_level: Info
|
diagnostic_level: Info
|
||||||
|
|||||||
@@ -6,7 +6,7 @@
|
|||||||
"repos": [
|
"repos": [
|
||||||
{
|
{
|
||||||
"type": "gitea",
|
"type": "gitea",
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
|
"token": "{{ vault_secrets['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
|
||||||
"url": "https://git.trez.wtf",
|
"url": "https://git.trez.wtf",
|
||||||
"revisions": {
|
"revisions": {
|
||||||
"branches": [
|
"branches": [
|
||||||
|
|||||||
@@ -24,6 +24,6 @@
|
|||||||
<entry key='database.driver'>org.postgresql.Driver</entry>
|
<entry key='database.driver'>org.postgresql.Driver</entry>
|
||||||
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
|
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
|
||||||
<entry key='database.user'>traccar</entry>
|
<entry key='database.user'>traccar</entry>
|
||||||
<entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
|
<entry key='database.password'>{{ vault_secrets['WAZUH_API_PASSWORD'] }}</entry>
|
||||||
|
|
||||||
</properties>
|
</properties>
|
||||||
|
|||||||
@@ -21,7 +21,7 @@
|
|||||||
auth:
|
auth:
|
||||||
strategy: basic
|
strategy: basic
|
||||||
user: admin
|
user: admin
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
|
password: {{ vault_secrets['PARSEABLE_PASSWORD'] }}
|
||||||
request:
|
request:
|
||||||
headers:
|
headers:
|
||||||
X-P-Stream: rinoa-docker-logs
|
X-P-Stream: rinoa-docker-logs
|
||||||
|
|||||||
@@ -6,5 +6,5 @@ hosts:
|
|||||||
url: "https://wazuh.manager"
|
url: "https://wazuh.manager"
|
||||||
port: 55000
|
port: 55000
|
||||||
username: wazuh-wui
|
username: wazuh-wui
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
|
password: {{ vault_secrets['WAZUH_API_PASSWORD'] }}
|
||||||
run_as: false
|
run_as: false
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ SMTPConfiguration:
|
|||||||
SMTP:
|
SMTP:
|
||||||
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
||||||
Host: 'postal-smtp:25'
|
Host: 'postal-smtp:25'
|
||||||
User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
User: {{ vault_secrets['POSTAL_SMTP_AUTH_USER'] }}
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
Password: {{ vault_secrets['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||||
From: 'noreply@trez.wtf'
|
From: 'noreply@trez.wtf'
|
||||||
FromName: 'Zitadel @ Rinoa'
|
FromName: 'Zitadel @ Rinoa'
|
||||||
@@ -7,7 +7,7 @@ Database:
|
|||||||
User:
|
User:
|
||||||
# If the user doesn't exist already, it is created
|
# If the user doesn't exist already, it is created
|
||||||
Username: 'zitadel'
|
Username: 'zitadel'
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
|
Password: {{ vault_secrets['ZITADEL_DB_PASSWORD'] }}
|
||||||
Admin:
|
Admin:
|
||||||
Username: 'root'
|
Username: 'root'
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
|
Password: {{ vault_secrets['ZITADEL_DB_ADMIN_PASSWORD'] }}
|
||||||
@@ -12,6 +12,12 @@
|
|||||||
mode: '0755'
|
mode: '0755'
|
||||||
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||||
|
|
||||||
|
- name: Fetch Vault secrets once
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
vault_secrets: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env',
|
||||||
|
engine_mount_point='rinoa-docker', url=vault_addr,
|
||||||
|
token=vault_token_cleaned)['secret'] }}"
|
||||||
|
|
||||||
- name: Deploy configuration templates
|
- name: Deploy configuration templates
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user