Compare commits
30 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| efdc8182ca | |||
| c5a50eab36 | |||
| 991cdd5a85 | |||
| 674549b86e | |||
| 02f209474a | |||
| 80007117b0 | |||
| 9e26a70917 | |||
| 30ab91b0ca | |||
| 321e28d97f | |||
| ea068dfaff | |||
| d11b911872 | |||
| 41f4920f22 | |||
| 99811a4df8 | |||
| 423ab775fb | |||
| 9c1acd1e55 | |||
| 1806d78cb2 | |||
| a386050c22 | |||
| 8590cf6bbc | |||
| 70e4ce2c01 | |||
| 292c697304 | |||
| 2f0b995167 | |||
| 61ceb86b27 | |||
| 00fabdaf10 | |||
| 334d080bc2 | |||
| a4ee173417 | |||
| b769a6e449 | |||
| 2f8fecf36f | |||
| bf4f1a4e8c | |||
| e9e142bd3e | |||
| 31466f47b9 |
@@ -6,6 +6,7 @@ on:
|
|||||||
- 'main'
|
- 'main'
|
||||||
paths:
|
paths:
|
||||||
- '**.j2'
|
- '**.j2'
|
||||||
|
- '**/pr-ansible-config-deployment.yaml'
|
||||||
- 'ansible/**.yml'
|
- 'ansible/**.yml'
|
||||||
jobs:
|
jobs:
|
||||||
check-and-create-pr:
|
check-and-create-pr:
|
||||||
@@ -41,7 +42,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||||
@@ -49,7 +50,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -58,7 +59,7 @@ jobs:
|
|||||||
notification_title: 'GITEA: PR Check'
|
notification_title: 'GITEA: PR Check'
|
||||||
notification_message: 'PR Created 🎟️'
|
notification_message: 'PR Created 🎟️'
|
||||||
ansible-linting:
|
ansible-linting:
|
||||||
name: Docker Compose & Ansible Lints
|
name: Ansible Lint
|
||||||
needs: [check-and-create-pr]
|
needs: [check-and-create-pr]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
@@ -68,9 +69,6 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Fetch base branch
|
|
||||||
run: |
|
|
||||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
|
||||||
- name: Cache Ansible Galaxy Collections
|
- name: Cache Ansible Galaxy Collections
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
with:
|
with:
|
||||||
@@ -81,11 +79,12 @@ jobs:
|
|||||||
- name: Install Ansible
|
- name: Install Ansible
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
with:
|
with:
|
||||||
version: "11.0.0"
|
version: "11.4.0"
|
||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Install hvac
|
- name: Install hvac
|
||||||
run: pip install hvac
|
run: |
|
||||||
|
pip install hvac
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -94,16 +93,17 @@ jobs:
|
|||||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||||
notification_message: 'Starting Ansible dry run...'
|
notification_message: 'Starting Ansible dry run...'
|
||||||
- name: Ansible Playbook Dry Run
|
- name: Ansible Playbook Dry Run
|
||||||
uses: arillso/action.playbook@0.1.0
|
uses: dawidd6/action-ansible-playbook@v3
|
||||||
with:
|
with:
|
||||||
check: true
|
directory: ansible/
|
||||||
galaxy_collections_path: ansible/collections
|
playbook: docker_config_deploy.yml
|
||||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||||
inventory: ansible/inventory/hosts.yml
|
|
||||||
playbook: ansible/docker_config_deploy.yml
|
|
||||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
|
||||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||||
verbose: 0
|
requirements: collections/requirements.yml
|
||||||
|
options: |
|
||||||
|
--check
|
||||||
|
--inventory inventory/hosts.yml
|
||||||
|
-v
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -153,6 +153,10 @@ jobs:
|
|||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
ref: main
|
ref: main
|
||||||
|
- name: Set up Python
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: 3.12
|
||||||
- name: Cache Vault install
|
- name: Cache Vault install
|
||||||
id: cache-vault
|
id: cache-vault
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
@@ -162,11 +166,12 @@ jobs:
|
|||||||
- name: Install Ansible
|
- name: Install Ansible
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
with:
|
with:
|
||||||
version: "11.0.0"
|
version: "11.4.0"
|
||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Install hvac
|
- name: Install hvac
|
||||||
run: pip install hvac
|
run: |
|
||||||
|
pip install hvac
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -175,15 +180,15 @@ jobs:
|
|||||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||||
notification_message: 'Starting config deployment with Ansible...'
|
notification_message: 'Starting config deployment with Ansible...'
|
||||||
- name: Ansible Playbook Config Deploy
|
- name: Ansible Playbook Config Deploy
|
||||||
uses: arillso/action.playbook@0.1.0
|
uses: dawidd6/action-ansible-playbook@v3
|
||||||
with:
|
with:
|
||||||
check: false
|
directory: ansible/
|
||||||
galaxy_collections_path: ansible/collections
|
playbook: docker_config_deploy.yml
|
||||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||||
inventory: ansible/inventory/hosts.yml
|
|
||||||
playbook: ansible/docker_config_deploy.yml
|
|
||||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
|
||||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||||
|
requirements: collections/requirements.yml
|
||||||
|
options: |
|
||||||
|
--inventory inventory/hosts.yml
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||||
@@ -50,7 +50,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -317,10 +317,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
||||||
key: vault-${{ runner.os }}-1.18.0
|
key: vault-${{ runner.os }}-1.18.0
|
||||||
- name: Install Ansible
|
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
|
||||||
with:
|
|
||||||
version: "11.0.0"
|
|
||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Login to Gitea Container Registry
|
- name: Login to Gitea Container Registry
|
||||||
@@ -336,7 +332,7 @@ jobs:
|
|||||||
- name: Generate .env file for deployment
|
- name: Generate .env file for deployment
|
||||||
run: |
|
run: |
|
||||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||||
- name: Docker Compose Dry Run
|
- name: Docker Compose Deployment
|
||||||
timeout-minutes: 360
|
timeout-minutes: 360
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
uses: chaplyk/docker-compose-remote-action@v1.1
|
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||||
|
|||||||
@@ -1,7 +1,8 @@
|
|||||||
name: Auto-Unseal for Vault
|
name: Auto-Unseal for Vault
|
||||||
on:
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "30 2 * * *"
|
- cron: "0 5 * * *"
|
||||||
jobs:
|
jobs:
|
||||||
auto-unseal:
|
auto-unseal:
|
||||||
name: Unseal Vault
|
name: Unseal Vault
|
||||||
|
|||||||
@@ -39,7 +39,7 @@
|
|||||||
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
||||||
| freescout | tiredofit/freescout:latest |
|
| freescout | tiredofit/freescout:latest |
|
||||||
| ghost | ghost:latest |
|
| ghost | ghost:latest |
|
||||||
| gitea | gitea/gitea:1.23.1 |
|
| gitea | gitea/gitea:1.24.0 |
|
||||||
| gitea-db | postgres:14 |
|
| gitea-db | postgres:14 |
|
||||||
| gitea-runner | gitea/act_runner:latest |
|
| gitea-runner | gitea/act_runner:latest |
|
||||||
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
||||||
|
|||||||
@@ -1,199 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
http:
|
|
||||||
pprof:
|
|
||||||
port: 6060
|
|
||||||
enabled: false
|
|
||||||
address: 0.0.0.0:8008
|
|
||||||
session_ttl: 720h
|
|
||||||
users:
|
|
||||||
- name: admin
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_BCRYPT'] }}
|
|
||||||
auth_attempts: 5
|
|
||||||
block_auth_min: 15
|
|
||||||
http_proxy: ""
|
|
||||||
language: ""
|
|
||||||
theme: auto
|
|
||||||
dns:
|
|
||||||
bind_hosts:
|
|
||||||
- 0.0.0.0
|
|
||||||
port: 53
|
|
||||||
anonymize_client_ip: false
|
|
||||||
ratelimit: 20
|
|
||||||
ratelimit_subnet_len_ipv4: 24
|
|
||||||
ratelimit_subnet_len_ipv6: 56
|
|
||||||
ratelimit_whitelist: []
|
|
||||||
refuse_any: true
|
|
||||||
upstream_dns:
|
|
||||||
- 94.140.14.14
|
|
||||||
- 94.140.15.15
|
|
||||||
- https://dns.adguard-dns.com/dns-query
|
|
||||||
- tls://dns.adguard-dns.com
|
|
||||||
- quic://dns.adguard-dns.com
|
|
||||||
- 1.1.1.1
|
|
||||||
- 1.0.0.1
|
|
||||||
- 1.1.1.2
|
|
||||||
- 1.0.0.2
|
|
||||||
- 185.228.168.9
|
|
||||||
- 185.228.169.9
|
|
||||||
- 76.76.2.3
|
|
||||||
- tls://getdnsapi.net
|
|
||||||
- 185.49.141.37
|
|
||||||
- tls://dot.seby.io
|
|
||||||
upstream_dns_file: ""
|
|
||||||
bootstrap_dns:
|
|
||||||
- 9.9.9.10
|
|
||||||
- 149.112.112.10
|
|
||||||
- 2620:fe::10
|
|
||||||
- 2620:fe::fe:10
|
|
||||||
fallback_dns: []
|
|
||||||
upstream_mode: load_balance
|
|
||||||
fastest_timeout: 1s
|
|
||||||
allowed_clients: []
|
|
||||||
disallowed_clients: []
|
|
||||||
blocked_hosts:
|
|
||||||
- version.bind
|
|
||||||
- id.server
|
|
||||||
- hostname.bind
|
|
||||||
trusted_proxies:
|
|
||||||
- 127.0.0.0/8
|
|
||||||
- ::1/128
|
|
||||||
cache_size: 4194304
|
|
||||||
cache_ttl_min: 0
|
|
||||||
cache_ttl_max: 0
|
|
||||||
cache_optimistic: false
|
|
||||||
bogus_nxdomain: []
|
|
||||||
aaaa_disabled: false
|
|
||||||
enable_dnssec: false
|
|
||||||
edns_client_subnet:
|
|
||||||
custom_ip: ""
|
|
||||||
enabled: false
|
|
||||||
use_custom: false
|
|
||||||
max_goroutines: 300
|
|
||||||
handle_ddr: true
|
|
||||||
ipset: []
|
|
||||||
ipset_file: ""
|
|
||||||
bootstrap_prefer_ipv6: false
|
|
||||||
upstream_timeout: 10s
|
|
||||||
private_networks: []
|
|
||||||
use_private_ptr_resolvers: false
|
|
||||||
local_ptr_upstreams: []
|
|
||||||
use_dns64: false
|
|
||||||
dns64_prefixes: []
|
|
||||||
serve_http3: false
|
|
||||||
use_http3_upstreams: false
|
|
||||||
serve_plain_dns: true
|
|
||||||
hostsfile_enabled: true
|
|
||||||
pending_requests:
|
|
||||||
enabled: true
|
|
||||||
tls:
|
|
||||||
enabled: true
|
|
||||||
server_name: ""
|
|
||||||
force_https: false
|
|
||||||
port_https: 446
|
|
||||||
port_dns_over_tls: 853
|
|
||||||
port_dns_over_quic: 853
|
|
||||||
port_dnscrypt: 0
|
|
||||||
dnscrypt_config_file: ""
|
|
||||||
allow_unencrypted_doh: false
|
|
||||||
certificate_chain: ""
|
|
||||||
private_key: ""
|
|
||||||
certificate_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
|
|
||||||
private_key_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
|
|
||||||
strict_sni_check: false
|
|
||||||
querylog:
|
|
||||||
dir_path: ""
|
|
||||||
ignored: []
|
|
||||||
interval: 2160h
|
|
||||||
size_memory: 1000
|
|
||||||
enabled: true
|
|
||||||
file_enabled: true
|
|
||||||
statistics:
|
|
||||||
dir_path: ""
|
|
||||||
ignored: []
|
|
||||||
interval: 24h
|
|
||||||
enabled: true
|
|
||||||
filters:
|
|
||||||
- enabled: true
|
|
||||||
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
|
|
||||||
name: AdGuard DNS filter
|
|
||||||
id: 1
|
|
||||||
- enabled: false
|
|
||||||
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
|
|
||||||
name: AdAway Default Blocklist
|
|
||||||
id: 2
|
|
||||||
whitelist_filters: []
|
|
||||||
user_rules: []
|
|
||||||
dhcp:
|
|
||||||
enabled: false
|
|
||||||
interface_name: ""
|
|
||||||
local_domain_name: lan
|
|
||||||
dhcpv4:
|
|
||||||
gateway_ip: 192.168.1.1
|
|
||||||
subnet_mask: 255.255.255.0
|
|
||||||
range_start: 192.168.1.2
|
|
||||||
range_end: 192.168.1.240
|
|
||||||
lease_duration: 86400
|
|
||||||
icmp_timeout_msec: 1000
|
|
||||||
options: []
|
|
||||||
dhcpv6:
|
|
||||||
range_start: ""
|
|
||||||
lease_duration: 86400
|
|
||||||
ra_slaac_only: false
|
|
||||||
ra_allow_slaac: false
|
|
||||||
filtering:
|
|
||||||
blocking_ipv4: ""
|
|
||||||
blocking_ipv6: ""
|
|
||||||
blocked_services:
|
|
||||||
schedule:
|
|
||||||
time_zone: America/New_York
|
|
||||||
ids: []
|
|
||||||
protection_disabled_until: null
|
|
||||||
safe_search:
|
|
||||||
enabled: false
|
|
||||||
bing: true
|
|
||||||
duckduckgo: true
|
|
||||||
ecosia: true
|
|
||||||
google: true
|
|
||||||
pixabay: true
|
|
||||||
yandex: true
|
|
||||||
youtube: true
|
|
||||||
blocking_mode: default
|
|
||||||
parental_block_host: family-block.dns.adguard.com
|
|
||||||
safebrowsing_block_host: standard-block.dns.adguard.com
|
|
||||||
rewrites: []
|
|
||||||
safe_fs_patterns:
|
|
||||||
- /opt/adguardhome/work/userfilters/*
|
|
||||||
safebrowsing_cache_size: 1048576
|
|
||||||
safesearch_cache_size: 1048576
|
|
||||||
parental_cache_size: 1048576
|
|
||||||
cache_time: 30
|
|
||||||
filters_update_interval: 24
|
|
||||||
blocked_response_ttl: 10
|
|
||||||
filtering_enabled: true
|
|
||||||
parental_enabled: false
|
|
||||||
safebrowsing_enabled: false
|
|
||||||
protection_enabled: true
|
|
||||||
clients:
|
|
||||||
runtime_sources:
|
|
||||||
whois: true
|
|
||||||
arp: true
|
|
||||||
rdns: true
|
|
||||||
dhcp: true
|
|
||||||
hosts: true
|
|
||||||
persistent: []
|
|
||||||
log:
|
|
||||||
enabled: true
|
|
||||||
file: ""
|
|
||||||
max_backups: 0
|
|
||||||
max_size: 100
|
|
||||||
max_age: 3
|
|
||||||
compress: false
|
|
||||||
local_time: false
|
|
||||||
verbose: false
|
|
||||||
os:
|
|
||||||
group: ""
|
|
||||||
user: ""
|
|
||||||
rlimit_nofile: 0
|
|
||||||
schema_version: 29
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
urls:
|
|
||||||
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
|
||||||
- mailto://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
|
|
||||||
@@ -1,172 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
|
|
||||||
---
|
|
||||||
theme: auto
|
|
||||||
default_2fa_method: "totp"
|
|
||||||
server:
|
|
||||||
address: '0.0.0.0:9091'
|
|
||||||
endpoints:
|
|
||||||
enable_pprof: false
|
|
||||||
enable_expvars: false
|
|
||||||
disable_healthcheck: false
|
|
||||||
tls:
|
|
||||||
key: ""
|
|
||||||
certificate: ""
|
|
||||||
client_certificates: []
|
|
||||||
headers:
|
|
||||||
csp_template: ""
|
|
||||||
log:
|
|
||||||
level: debug
|
|
||||||
telemetry:
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
address: tcp://0.0.0.0:9959
|
|
||||||
totp:
|
|
||||||
disable: false
|
|
||||||
issuer: authelia.com
|
|
||||||
algorithm: sha256
|
|
||||||
digits: 6
|
|
||||||
period: 30
|
|
||||||
skew: 1
|
|
||||||
secret_size: 32
|
|
||||||
webauthn:
|
|
||||||
disable: false
|
|
||||||
timeout: 60s
|
|
||||||
display_name: Authelia
|
|
||||||
attestation_conveyance_preference: indirect
|
|
||||||
selection_criteria:
|
|
||||||
user_verification: preferred
|
|
||||||
ntp:
|
|
||||||
address: "time.cloudflare.com:123"
|
|
||||||
version: 4
|
|
||||||
max_desync: 3s
|
|
||||||
disable_startup_check: false
|
|
||||||
disable_failure: false
|
|
||||||
authentication_backend:
|
|
||||||
password_reset:
|
|
||||||
disable: false
|
|
||||||
custom_url: ""
|
|
||||||
ldap:
|
|
||||||
implementation: custom
|
|
||||||
address: ldap://lldap:3890
|
|
||||||
timeout: 5s
|
|
||||||
start_tls: false
|
|
||||||
base_dn: dc=trez,dc=wtf
|
|
||||||
additional_users_dn: ou=people
|
|
||||||
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
|
||||||
additional_groups_dn: ou=groups
|
|
||||||
groups_filter: "(member={dn})"
|
|
||||||
attributes:
|
|
||||||
username: uid
|
|
||||||
group_name: cn
|
|
||||||
mail: mail
|
|
||||||
display_name: displayName
|
|
||||||
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
|
||||||
refresh_interval: 5m
|
|
||||||
identity_validation:
|
|
||||||
reset_password:
|
|
||||||
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
|
|
||||||
password_policy:
|
|
||||||
standard:
|
|
||||||
enabled: true
|
|
||||||
min_length: 8
|
|
||||||
max_length: 0
|
|
||||||
require_uppercase: true
|
|
||||||
require_lowercase: true
|
|
||||||
require_number: true
|
|
||||||
require_special: false
|
|
||||||
zxcvbn:
|
|
||||||
enabled: false
|
|
||||||
min_score: 3
|
|
||||||
access_control:
|
|
||||||
default_policy: deny
|
|
||||||
networks:
|
|
||||||
- name: 'internal'
|
|
||||||
networks:
|
|
||||||
- '172.17.0.0/16'
|
|
||||||
- '172.18.0.0/16'
|
|
||||||
- '192.168.1.0/24'
|
|
||||||
rules:
|
|
||||||
- domain_regex:
|
|
||||||
- '^trez.wtf$'
|
|
||||||
- ^www.trez.wtf$''
|
|
||||||
policy: bypass
|
|
||||||
- domain: '*.trez.wtf'
|
|
||||||
policy: bypass
|
|
||||||
networks:
|
|
||||||
- 'internal'
|
|
||||||
- domain: '*.trez.wtf'
|
|
||||||
policy: one_factor
|
|
||||||
subject:
|
|
||||||
- ['user:the.trezured.one']
|
|
||||||
session:
|
|
||||||
name: authelia_session
|
|
||||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
|
||||||
expiration: 1h
|
|
||||||
inactivity: 5m
|
|
||||||
remember_me: 1M
|
|
||||||
cookies:
|
|
||||||
- domain: 'trez.wtf'
|
|
||||||
authelia_url: 'https://auth.trez.wtf'
|
|
||||||
redis:
|
|
||||||
host: redis
|
|
||||||
port: 6379
|
|
||||||
storage:
|
|
||||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
|
||||||
postgres:
|
|
||||||
address: 'tcp://authelia-pg:5432'
|
|
||||||
database: authelia
|
|
||||||
username: authelia
|
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
|
||||||
timeout: '5s'
|
|
||||||
regulation:
|
|
||||||
max_retries: 3
|
|
||||||
find_time: 2m
|
|
||||||
ban_time: 5m
|
|
||||||
notifier:
|
|
||||||
disable_startup_check: true
|
|
||||||
smtp:
|
|
||||||
address: 'smtp://postal-smtp:25'
|
|
||||||
timeout: '5s'
|
|
||||||
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
|
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
|
||||||
sender: "Authelia <noreply@trez.wtf>"
|
|
||||||
identifier: 'localhost'
|
|
||||||
subject: "[Authelia] {title}"
|
|
||||||
startup_check_address: 'test@authelia.com'
|
|
||||||
disable_require_tls: true
|
|
||||||
disable_starttls: true
|
|
||||||
disable_html_emails: false
|
|
||||||
identity_providers:
|
|
||||||
oidc:
|
|
||||||
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
|
||||||
jwks:
|
|
||||||
- key: |
|
|
||||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
|
|
||||||
cors:
|
|
||||||
allowed_origins_from_client_redirect_uris: true
|
|
||||||
endpoints:
|
|
||||||
- 'userinfo'
|
|
||||||
- 'authorization'
|
|
||||||
- 'token'
|
|
||||||
- 'revocation'
|
|
||||||
- 'introspection'
|
|
||||||
clients:
|
|
||||||
- client_id: 'netbird'
|
|
||||||
client_name: 'NetBird'
|
|
||||||
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'two_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://vpn.trez.wtf/peers'
|
|
||||||
- 'https://vpn.trez.wtf/add-peers'
|
|
||||||
- 'http://localhost'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
tunnel: 52bdee6e-8ccb-47be-ba9e-f8010b905e41
|
|
||||||
credentials-file: /etc/cloudflared/52bdee6e-8ccb-47be-ba9e-f8010b905e41.json
|
|
||||||
warp-routing:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
- hostname: git-ssh.trez.wtf
|
|
||||||
service: ssh://gitea:22
|
|
||||||
- hostname: gist-ssh.trez.wtf
|
|
||||||
service: ssh://gitea-opengist:2222
|
|
||||||
- hostname: ssh.trez.wtf
|
|
||||||
service: ssh://192.168.1.254:22
|
|
||||||
- service: http_status:404 # Default for unmatched requests
|
|
||||||
@@ -1,9 +1,7 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
|
||||||
source: journalctl
|
source: journalctl
|
||||||
journalctl_filter:
|
journalctl_filter:
|
||||||
- "--directory=/var/log/host/"
|
- "--directory=/var/log/host/"
|
||||||
labels:
|
labels:
|
||||||
type: syslog
|
type: syslog
|
||||||
@@ -13,3 +11,55 @@ filenames:
|
|||||||
labels:
|
labels:
|
||||||
type: nginx
|
type: nginx
|
||||||
---
|
---
|
||||||
|
filenames:
|
||||||
|
- /var/log/auth/auth.log
|
||||||
|
labels:
|
||||||
|
type: syslog
|
||||||
|
---
|
||||||
|
filenames:
|
||||||
|
- /var/lib/mysql/log/mysql/*
|
||||||
|
- /var/lib/mysql/databases/*.err
|
||||||
|
- /var/lib/mysql/databases/*.log
|
||||||
|
labels:
|
||||||
|
type: mariadb
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- adguard
|
||||||
|
labels:
|
||||||
|
type: adguardhome
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- mongodb
|
||||||
|
labels:
|
||||||
|
type: mongodb
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- immich-server
|
||||||
|
labels:
|
||||||
|
type: immich
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- uptimekuma
|
||||||
|
labels:
|
||||||
|
type: uptime-kuma
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- jellyfin
|
||||||
|
labels:
|
||||||
|
type: jellyfin
|
||||||
|
---
|
||||||
|
source: docker
|
||||||
|
container_name:
|
||||||
|
- navidrome
|
||||||
|
labels:
|
||||||
|
type: navidrome
|
||||||
|
---
|
||||||
|
filenames:
|
||||||
|
- /var/log/audiobookshelf/*.txt
|
||||||
|
labels:
|
||||||
|
type: audiobookshelf
|
||||||
@@ -1,3 +1,5 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
common:
|
common:
|
||||||
daemonize: false
|
daemonize: false
|
||||||
log_media: stdout
|
log_media: stdout
|
||||||
|
|||||||
@@ -1,15 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
source: journalctl
|
|
||||||
journalctl_filter:
|
|
||||||
- "--directory=/var/log/host/"
|
|
||||||
labels:
|
|
||||||
type: syslog
|
|
||||||
---
|
|
||||||
filenames:
|
|
||||||
- /var/log/swag/*
|
|
||||||
labels:
|
|
||||||
type: nginx
|
|
||||||
---
|
|
||||||
@@ -1,49 +0,0 @@
|
|||||||
common:
|
|
||||||
daemonize: false
|
|
||||||
log_media: stdout
|
|
||||||
log_level: info
|
|
||||||
log_dir: /var/log/
|
|
||||||
config_paths:
|
|
||||||
config_dir: /etc/crowdsec/
|
|
||||||
data_dir: /var/lib/crowdsec/data/
|
|
||||||
simulation_path: /etc/crowdsec/simulation.yaml
|
|
||||||
hub_dir: /etc/crowdsec/hub/
|
|
||||||
index_path: /etc/crowdsec/hub/.index.json
|
|
||||||
notification_dir: /etc/crowdsec/notifications/
|
|
||||||
plugin_dir: /usr/local/lib/crowdsec/plugins/
|
|
||||||
crowdsec_service:
|
|
||||||
acquisition_path: /etc/crowdsec/acquis.yaml
|
|
||||||
acquisition_dir: /etc/crowdsec/acquis.d
|
|
||||||
parser_routines: 1
|
|
||||||
plugin_config:
|
|
||||||
user: nobody
|
|
||||||
group: nobody
|
|
||||||
cscli:
|
|
||||||
output: human
|
|
||||||
db_config:
|
|
||||||
log_level: info
|
|
||||||
type: sqlite
|
|
||||||
db_path: /var/lib/crowdsec/data/crowdsec.db
|
|
||||||
flush:
|
|
||||||
max_items: 5000
|
|
||||||
max_age: 7d
|
|
||||||
use_wal: false
|
|
||||||
api:
|
|
||||||
client:
|
|
||||||
insecure_skip_verify: false
|
|
||||||
credentials_path: /etc/crowdsec/local_api_credentials.yaml
|
|
||||||
server:
|
|
||||||
log_level: info
|
|
||||||
listen_uri: 0.0.0.0:8080
|
|
||||||
profiles_path: /etc/crowdsec/profiles.yaml
|
|
||||||
trusted_ips: # IP ranges, or IPs which can have admin API access
|
|
||||||
- 127.0.0.1
|
|
||||||
- ::1
|
|
||||||
online_client: # Central API credentials (to push signals and receive bad IPs)
|
|
||||||
credentials_path: /etc/crowdsec/online_api_credentials.yaml
|
|
||||||
enable: true
|
|
||||||
prometheus:
|
|
||||||
enabled: true
|
|
||||||
level: full
|
|
||||||
listen_addr: 0.0.0.0
|
|
||||||
listen_port: 6060
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
url: http://0.0.0.0:8080
|
|
||||||
login: localhost
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }}
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
url: https://api.crowdsec.net/
|
|
||||||
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
name: default_ip_remediation
|
|
||||||
#debug: true
|
|
||||||
filters:
|
|
||||||
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
|
||||||
decisions:
|
|
||||||
- type: ban
|
|
||||||
duration: 4h
|
|
||||||
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
|
|
||||||
# notifications:
|
|
||||||
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
|
||||||
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
|
||||||
# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
|
||||||
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
|
||||||
on_success: break
|
|
||||||
@@ -1,42 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"url": "blog.trez.wtf",
|
|
||||||
"database": {
|
|
||||||
"client": "mysql",
|
|
||||||
"connection": {
|
|
||||||
"host" : "mariadb",
|
|
||||||
"port" : 3306,
|
|
||||||
"user" : "ghost",
|
|
||||||
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
|
|
||||||
"database" : "ghost_db"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"mail": {
|
|
||||||
"from": "'Ghost @ Rinoa' <noreply@trez.wtf>",
|
|
||||||
"transport": "SMTP",
|
|
||||||
"options": {
|
|
||||||
"host": "postal-smtp",
|
|
||||||
"port": 25,
|
|
||||||
"secure": false,
|
|
||||||
"auth": {
|
|
||||||
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
|
|
||||||
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"paths": {
|
|
||||||
"contentPath": "content/"
|
|
||||||
},
|
|
||||||
"privacy": {
|
|
||||||
"useGravatar": true
|
|
||||||
},
|
|
||||||
"logging": {
|
|
||||||
"level": "info",
|
|
||||||
"rotation": {
|
|
||||||
"enabled": true
|
|
||||||
},
|
|
||||||
"transports": ["file"]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,101 +0,0 @@
|
|||||||
# Example configuration file, it's safe to copy this as the default config file without any modification.
|
|
||||||
|
|
||||||
# You don't have to copy this file to your instance,
|
|
||||||
# just run `./act_runner generate-config > config.yaml` to generate a config file.
|
|
||||||
|
|
||||||
log:
|
|
||||||
# The level of logging, can be trace, debug, info, warn, error, fatal
|
|
||||||
level: info
|
|
||||||
|
|
||||||
runner:
|
|
||||||
# Where to store the registration result.
|
|
||||||
file: .runner
|
|
||||||
# Execute how many tasks concurrently at the same time.
|
|
||||||
capacity: 3
|
|
||||||
# Extra environment variables to run jobs.
|
|
||||||
# envs:
|
|
||||||
# A_TEST_ENV_NAME_1: a_test_env_value_1
|
|
||||||
# A_TEST_ENV_NAME_2: a_test_env_value_2
|
|
||||||
# Extra environment variables to run jobs from a file.
|
|
||||||
# It will be ignored if it's empty or the file doesn't exist.
|
|
||||||
# env_file: .env
|
|
||||||
# The timeout for a job to be finished.
|
|
||||||
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
|
|
||||||
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
|
|
||||||
timeout: 3h
|
|
||||||
# The timeout for the runner to wait for running jobs to finish when shutting down.
|
|
||||||
# Any running jobs that haven't finished after this timeout will be cancelled.
|
|
||||||
shutdown_timeout: 0s
|
|
||||||
# Whether skip verifying the TLS certificate of the Gitea instance.
|
|
||||||
insecure: false
|
|
||||||
# The timeout for fetching the job from the Gitea instance.
|
|
||||||
fetch_timeout: 5s
|
|
||||||
# The interval for fetching the job from the Gitea instance.
|
|
||||||
fetch_interval: 2s
|
|
||||||
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
|
||||||
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
|
||||||
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
|
|
||||||
# If it's empty when registering, it will ask for inputting labels.
|
|
||||||
# If it's empty when execute `daemon`, will use labels in `.runner` file.
|
|
||||||
labels:
|
|
||||||
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
|
||||||
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
|
||||||
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
|
|
||||||
|
|
||||||
cache:
|
|
||||||
# Enable cache server to use actions/cache.
|
|
||||||
enabled: true
|
|
||||||
# The directory to store the cache data.
|
|
||||||
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
|
|
||||||
dir: ""
|
|
||||||
# The host of the cache server.
|
|
||||||
# It's not for the address to listen, but the address to connect from job containers.
|
|
||||||
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
|
|
||||||
host: "192.168.1.254"
|
|
||||||
# The port of the cache server.
|
|
||||||
# 0 means to use a random available port.
|
|
||||||
port: 63604
|
|
||||||
# The external cache server URL. Valid only when enable is true.
|
|
||||||
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
|
|
||||||
# The URL should generally end with "/".
|
|
||||||
external_server: ""
|
|
||||||
|
|
||||||
container:
|
|
||||||
# Specifies the network to which the container will connect.
|
|
||||||
# Could be host, bridge or the name of a custom network.
|
|
||||||
# If it's empty, act_runner will create a network automatically.
|
|
||||||
network: "compose_default"
|
|
||||||
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
|
|
||||||
privileged: false
|
|
||||||
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
|
|
||||||
options:
|
|
||||||
# The parent directory of a job's working directory.
|
|
||||||
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
|
|
||||||
# If the path starts with '/', the '/' will be trimmed.
|
|
||||||
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
|
|
||||||
# If it's empty, /workspace will be used.
|
|
||||||
workdir_parent:
|
|
||||||
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
|
|
||||||
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
|
|
||||||
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
|
|
||||||
# valid_volumes:
|
|
||||||
# - data
|
|
||||||
# - /src/*.json
|
|
||||||
# If you want to allow any volume, please use the following configuration:
|
|
||||||
# valid_volumes:
|
|
||||||
# - '**'
|
|
||||||
valid_volumes: []
|
|
||||||
# overrides the docker client host with the specified one.
|
|
||||||
# If it's empty, act_runner will find an available docker host automatically.
|
|
||||||
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
|
|
||||||
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
|
|
||||||
docker_host: ""
|
|
||||||
# Pull docker image(s) even if already present
|
|
||||||
force_pull: false
|
|
||||||
# Rebuild docker image(s) even if already present
|
|
||||||
force_rebuild: false
|
|
||||||
|
|
||||||
host:
|
|
||||||
# The parent directory of a job's working directory.
|
|
||||||
# If it's empty, $HOME/.cache/act/ will be used.
|
|
||||||
workdir_parent:
|
|
||||||
@@ -1,125 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
APP_NAME = Gitea: Git with a cup of tea
|
|
||||||
RUN_MODE = prod
|
|
||||||
RUN_USER = git
|
|
||||||
WORK_PATH = /data/gitea
|
|
||||||
|
|
||||||
[repository]
|
|
||||||
ROOT = /data/git/repositories
|
|
||||||
DEFAULT_PRIVATE = last
|
|
||||||
EMABLE_PUSH_CREATE_USER = true
|
|
||||||
|
|
||||||
[repository.local]
|
|
||||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
|
||||||
|
|
||||||
[repository.upload]
|
|
||||||
TEMP_PATH = /data/gitea/uploads
|
|
||||||
|
|
||||||
[server]
|
|
||||||
APP_DATA_PATH = /data/gitea
|
|
||||||
DOMAIN = git.trez.wtf
|
|
||||||
SSH_DOMAIN = git-ssh.trez.wtf
|
|
||||||
HTTP_PORT = 3000
|
|
||||||
ROOT_URL = https://git.trez.wtf/
|
|
||||||
DISABLE_SSH = false
|
|
||||||
SSH_PORT = 22
|
|
||||||
SSH_LISTEN_PORT = 22
|
|
||||||
LFS_START_SERVER = true
|
|
||||||
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
|
|
||||||
OFFLINE_MODE = true
|
|
||||||
|
|
||||||
[database]
|
|
||||||
PATH = /data/gitea/gitea.db
|
|
||||||
DB_TYPE = postgres
|
|
||||||
HOST = gitea-db:5432
|
|
||||||
NAME = gitea
|
|
||||||
USER = gitea
|
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
|
|
||||||
LOG_SQL = false
|
|
||||||
SCHEMA =
|
|
||||||
SSL_MODE = disable
|
|
||||||
|
|
||||||
[indexer]
|
|
||||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
|
||||||
REPO_INDEXER_ENABLED = true
|
|
||||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
|
||||||
MAX_FILE_SIZE = 1048576
|
|
||||||
REPO_INDEXER_INCLUDE =
|
|
||||||
REPO_INDEXER_EXCLUDE = resources/bin/**
|
|
||||||
|
|
||||||
[session]
|
|
||||||
PROVIDER_CONFIG = /data/gitea/sessions
|
|
||||||
PROVIDER = file
|
|
||||||
|
|
||||||
[picture]
|
|
||||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
|
||||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
|
||||||
|
|
||||||
[attachment]
|
|
||||||
PATH = /data/gitea/attachments
|
|
||||||
|
|
||||||
[log]
|
|
||||||
MODE = console
|
|
||||||
LEVEL = info
|
|
||||||
ROOT_PATH = root
|
|
||||||
|
|
||||||
[security]
|
|
||||||
INSTALL_LOCK = true
|
|
||||||
SECRET_KEY =
|
|
||||||
REVERSE_PROXY_LIMIT = 1
|
|
||||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
|
||||||
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
|
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
|
||||||
|
|
||||||
[service]
|
|
||||||
DISABLE_REGISTRATION = false
|
|
||||||
REQUIRE_SIGNIN_VIEW = false
|
|
||||||
REGISTER_EMAIL_CONFIRM = true
|
|
||||||
ENABLE_NOTIFY_MAIL = true
|
|
||||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
|
||||||
ENABLE_CAPTCHA = true
|
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
|
||||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
|
|
||||||
DEFAULT_ENABLE_TIMETRACKING = false
|
|
||||||
NO_REPLY_ADDRESS = noreply@trez.wtf
|
|
||||||
|
|
||||||
[lfs]
|
|
||||||
PATH = /data/git/lfs
|
|
||||||
|
|
||||||
[mailer]
|
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
|
||||||
PROTOCOL = smtp
|
|
||||||
ENABLED = true
|
|
||||||
FROM = '"Gitea" <noreply@trez.wtf>'
|
|
||||||
SMTP_PORT = 25
|
|
||||||
USER = rinoa/postal-smtp
|
|
||||||
SMTP_ADDR = postal-smtp
|
|
||||||
IS_TLS_ENABLED = faLse
|
|
||||||
|
|
||||||
[openid]
|
|
||||||
ENABLE_OPENID_SIGNIN = true
|
|
||||||
ENABLE_OPENID_SIGNUP = true
|
|
||||||
|
|
||||||
[cron.update_checker]
|
|
||||||
ENABLED = false
|
|
||||||
|
|
||||||
[repository.pull-request]
|
|
||||||
DEFAULT_MERGE_STYLE = merge
|
|
||||||
|
|
||||||
[repository.signing]
|
|
||||||
DEFAULT_TRUST_MODEL = committer
|
|
||||||
|
|
||||||
[oauth2]
|
|
||||||
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
|
|
||||||
|
|
||||||
[ui]
|
|
||||||
THEMES =
|
|
||||||
|
|
||||||
[actions]
|
|
||||||
ENABLED = true
|
|
||||||
|
|
||||||
[webhook]
|
|
||||||
ALLOWED_HOST_LIST = private,104.21.1.234,172.67.152.146
|
|
||||||
SKIP_TLS_VERIFY = true
|
|
||||||
@@ -1,81 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
|
||||||
gitea:
|
|
||||||
# Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
|
|
||||||
url: https://git.trez.wtf
|
|
||||||
|
|
||||||
# Created access token for the user that shall be used as bot account.
|
|
||||||
# User needs "Read project" permissions with access to "Pull Requests"
|
|
||||||
token:
|
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
|
||||||
# # or path to file containing the plain text secret
|
|
||||||
# file: /path/to/gitea/token
|
|
||||||
|
|
||||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
|
||||||
# request will be ignored.
|
|
||||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
|
||||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
|
||||||
webhook:
|
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
|
||||||
# # or path to file containing the plain text secret
|
|
||||||
# secretFile: /path/to/gitea/webhook/secret
|
|
||||||
|
|
||||||
# Pull Request status check settings.
|
|
||||||
statusCheck:
|
|
||||||
# Configure the label/name of the PR status check.
|
|
||||||
name: "gitea-sonarqube-bot"
|
|
||||||
|
|
||||||
# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
|
|
||||||
sonarqube:
|
|
||||||
# Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
|
|
||||||
url: https://sqube.trez.wtf
|
|
||||||
|
|
||||||
# Created access token for the user that shall be used as bot account.
|
|
||||||
# User needs "Browse on project" permissions
|
|
||||||
token:
|
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
|
||||||
# # or path to file containing the plain text secret
|
|
||||||
# file: /path/to/sonarqube/token
|
|
||||||
|
|
||||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
|
||||||
# request will be ignored.
|
|
||||||
# The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
|
|
||||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
|
||||||
# validated.
|
|
||||||
webhook:
|
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
|
||||||
# # or path to file containing the plain text secret
|
|
||||||
# secretFile: /path/to/sonarqube/webhook/secret
|
|
||||||
|
|
||||||
# Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
|
|
||||||
# By default, the bot will extract "bugs,vulnerabilities,code_smells"
|
|
||||||
# Setting this option you can extend that default list by your own metrics.
|
|
||||||
# additionalMetrics: []
|
|
||||||
# - "new_security_hotspots"
|
|
||||||
|
|
||||||
# List of project mappings to take care of. Webhooks for other projects will be ignored.
|
|
||||||
# At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
|
|
||||||
projects:
|
|
||||||
- sonarqube:
|
|
||||||
key: rinoa-docker
|
|
||||||
# A repository specification contains the owner name and the repository name itself. The owner can be the name of a
|
|
||||||
# real account or an organization in which the repository is located.
|
|
||||||
gitea:
|
|
||||||
owner: Trez.One
|
|
||||||
name: rinoa-docker
|
|
||||||
|
|
||||||
# Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
|
|
||||||
namingPattern:
|
|
||||||
# Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR.
|
|
||||||
# That integer part is identical to the pull request ID in Gitea.
|
|
||||||
regex: "^.*$"
|
|
||||||
|
|
||||||
# Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID.
|
|
||||||
# See: https://pkg.go.dev/fmt#hdr-Printing
|
|
||||||
template: "%s"
|
|
||||||
|
|
||||||
# Example for integer-only names
|
|
||||||
# # regex: "^(\\d+)$"
|
|
||||||
# # template: "%d"
|
|
||||||
@@ -1,404 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// Agent globals
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
local.file "endpoints" {
|
|
||||||
// The endpoints file is used to define the endpoints, credentials and options
|
|
||||||
// for the Agent export to.
|
|
||||||
filename = "/etc/alloy/endpoints.json"
|
|
||||||
}
|
|
||||||
|
|
||||||
discovery.docker "rinoadocker" {
|
|
||||||
host = env("DOCKER_HOST")
|
|
||||||
}
|
|
||||||
|
|
||||||
tracing {
|
|
||||||
write_to = [otelcol.exporter.otlp.tempo.input]
|
|
||||||
}
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// Metrics
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
prometheus.remote_write "mimir" {
|
|
||||||
endpoint {
|
|
||||||
url = json_path(local.file.endpoints.content, ".metrics.url")[0]
|
|
||||||
basic_auth {
|
|
||||||
username = json_path(local.file.endpoints.content, ".metrics.basicAuth.username")[0]
|
|
||||||
password = json_path(local.file.endpoints.content, ".metrics.basicAuth.password")[0]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.scrape "prometheus" {
|
|
||||||
targets = [{
|
|
||||||
__address__ = "localhost:12345",
|
|
||||||
}]
|
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
|
||||||
job_name = "prometheus"
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.exporter.unix "rinoa" {
|
|
||||||
procfs_path = "/host/proc"
|
|
||||||
sysfs_path = "/host/sys"
|
|
||||||
rootfs_path = "/rootfs"
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.scrape "rinoa" {
|
|
||||||
targets = prometheus.exporter.unix.rinoa.targets
|
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
|
||||||
job_name = "rinoa_host"
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.exporter.cadvisor "docker" {
|
|
||||||
docker_host = env("DOCKER_HOST")
|
|
||||||
storage_duration = "5m"
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.scrape "docker" {
|
|
||||||
targets = prometheus.exporter.cadvisor.docker.targets
|
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
|
||||||
job_name = "docker_stats"
|
|
||||||
}
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// Logging
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
loki.write "loki" {
|
|
||||||
endpoint {
|
|
||||||
url = json_path(local.file.endpoints.content, ".logs.url")[0]
|
|
||||||
basic_auth {
|
|
||||||
username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
|
|
||||||
password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
external_labels = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
loki.source.journal "hostjournal" {
|
|
||||||
forward_to = [loki.write.loki.receiver]
|
|
||||||
max_age = "24h"
|
|
||||||
path = "/rootfs/var/log/journal/"
|
|
||||||
labels = {
|
|
||||||
job = "host-journal",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
local.file_match "system" {
|
|
||||||
path_targets = [{
|
|
||||||
__address__ = "localhost",
|
|
||||||
__path__ = "/rootfs/var/log/*log",
|
|
||||||
job = "varlogs",
|
|
||||||
}]
|
|
||||||
}
|
|
||||||
|
|
||||||
loki.source.file "system" {
|
|
||||||
targets = local.file_match.system.targets
|
|
||||||
forward_to = [loki.write.loki.receiver]
|
|
||||||
}
|
|
||||||
|
|
||||||
loki.source.docker "containers" {
|
|
||||||
host = env("DOCKER_HOST")
|
|
||||||
targets = discovery.docker.rinoadocker.targets
|
|
||||||
forward_to = [loki.write.loki.receiver]
|
|
||||||
labels = {
|
|
||||||
job = "containerlogs",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
loki.process "containers" {
|
|
||||||
forward_to = [loki.write.loki.receiver]
|
|
||||||
// stage.docker {}
|
|
||||||
stage.json {
|
|
||||||
expressions = {
|
|
||||||
attrs = "",
|
|
||||||
output = "log",
|
|
||||||
stream = "stream",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
stage.json {
|
|
||||||
expressions = {
|
|
||||||
tag = "",
|
|
||||||
}
|
|
||||||
source = "attrs"
|
|
||||||
}
|
|
||||||
|
|
||||||
stage.regex {
|
|
||||||
expression = "(?P<image_name>(?:[^|]*[^|])).(?P<container_name>(?:[^|]*[^|])).(?P<image_id>(?:[^|]*[^|])).(?P<container_id>(?:[^|]*[^|]))"
|
|
||||||
source = "tag"
|
|
||||||
}
|
|
||||||
|
|
||||||
stage.timestamp {
|
|
||||||
source = "time"
|
|
||||||
format = "RFC3339Nano"
|
|
||||||
}
|
|
||||||
|
|
||||||
stage.labels {
|
|
||||||
values = {
|
|
||||||
container_id = null,
|
|
||||||
container_name = null,
|
|
||||||
image_id = null,
|
|
||||||
image_name = null,
|
|
||||||
stream = null,
|
|
||||||
tag = null,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
stage.output {
|
|
||||||
source = "output"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// Traces
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
beyla.ebpf "rinoadocker" {
|
|
||||||
open_port = "80-65535"
|
|
||||||
routes {
|
|
||||||
unmatched = "heauristic"
|
|
||||||
}
|
|
||||||
output {
|
|
||||||
traces = [
|
|
||||||
otelcol.connector.servicegraph.tracemetrics.input,
|
|
||||||
otelcol.connector.spanmetrics.tracemetrics.input,
|
|
||||||
otelcol.processor.batch.default.input,
|
|
||||||
otelcol.connector.spanlogs.autologging.input,
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
prometheus.scrape "beyla" {
|
|
||||||
targets = beyla.ebpf.rinoadocker.targets
|
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
|
||||||
}
|
|
||||||
|
|
||||||
otelcol.auth.headers "tempo" {
|
|
||||||
header {
|
|
||||||
key = "Authorization"
|
|
||||||
value = join(["Basic ", json_path(local.file.endpoints.content, ".traces.basicAuthToken")[0]], "")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
otelcol.processor.batch "default" {
|
|
||||||
// Wait until we've received 16K of data.
|
|
||||||
send_batch_size = 16384
|
|
||||||
send_batch_max_size = 16384
|
|
||||||
// Or until 2 seconds have elapsed.
|
|
||||||
timeout = "2s"
|
|
||||||
// When the Agent has enough batched data, send it to the OpenTelemetry exporter named 'tempo'.
|
|
||||||
output {
|
|
||||||
traces = [otelcol.exporter.otlp.tempo.input]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
otelcol.exporter.otlp "tempo" {
|
|
||||||
// Define the client for exporting.
|
|
||||||
client {
|
|
||||||
// Authentication block.
|
|
||||||
auth = otelcol.auth.headers.tempo.handler
|
|
||||||
|
|
||||||
// Send to the locally running Tempo instance, on port 4317 (OTLP gRPC).
|
|
||||||
endpoint = json_path(local.file.endpoints.content, ".traces.url")[0]
|
|
||||||
|
|
||||||
// Configure TLS settings for communicating with the endpoint.
|
|
||||||
tls {
|
|
||||||
// The connection is insecure.
|
|
||||||
insecure = json_path(local.file.endpoints.content, ".traces.tls.insecure")[0]
|
|
||||||
// Do not verify TLS certificates when connecting.
|
|
||||||
insecure_skip_verify = json_path(local.file.endpoints.content, ".traces.tls.insecureSkipVerify")[0]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
otelcol.connector.spanlogs "autologging" {
|
|
||||||
// We only want to output a line for each root span (ie. every single trace), and not for every
|
|
||||||
// process or span (outputting a line for every span would be extremely verbose).
|
|
||||||
spans = false
|
|
||||||
roots = true
|
|
||||||
processes = false
|
|
||||||
// We want to ensure that the following three span attributes are included in the log line, if
|
|
||||||
// present.
|
|
||||||
span_attributes = [ "http.method", "http.target", "http.status_code" ]
|
|
||||||
|
|
||||||
// Overrides the default key in the log line to be `traceId`, which is then used by Grafana to
|
|
||||||
// identify the trace ID for correlation with the Tempo datasource.
|
|
||||||
overrides {
|
|
||||||
trace_id_key = "traceId"
|
|
||||||
}
|
|
||||||
// Send to the OpenTelemetry Loki exporter.
|
|
||||||
output {
|
|
||||||
logs = [otelcol.exporter.loki.autologging.input]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Simply forwards the incoming OpenTelemetry log format out as a Loki log.
|
|
||||||
// We need this stage to ensure we can then process the logline as a Loki object.
|
|
||||||
otelcol.exporter.loki "autologging" {
|
|
||||||
forward_to = [loki.process.autologging.receiver]
|
|
||||||
}
|
|
||||||
|
|
||||||
// The Loki processor allows us to accept a correctly formatted Loki log and mutate it into
|
|
||||||
// a set of fields for output.
|
|
||||||
loki.process "autologging" {
|
|
||||||
// The JSON stage simply extracts the `body` (the actual logline) from the Loki log, ignoring
|
|
||||||
// all other fields.
|
|
||||||
stage.json {
|
|
||||||
expressions = { "body" = "" }
|
|
||||||
}
|
|
||||||
// The output stage takes the body (the main logline) and uses this as the source for the output
|
|
||||||
// logline. In this case, it essentially turns it into logfmt.
|
|
||||||
stage.output {
|
|
||||||
source = "body"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Finally send the processed logline onto the Loki exporter.
|
|
||||||
forward_to = [loki.write.autologging.receiver]
|
|
||||||
}
|
|
||||||
|
|
||||||
// The Loki writer receives a processed Loki log and then writes it to a Loki instance.
|
|
||||||
loki.write "autologging" {
|
|
||||||
// Add the `agent` value to the `job` label, so we can identify it as having been generated
|
|
||||||
// by Grafana Agent when querying.
|
|
||||||
external_labels = {
|
|
||||||
job = "agent",
|
|
||||||
}
|
|
||||||
|
|
||||||
// Output the Loki log to the local Loki instance.
|
|
||||||
endpoint {
|
|
||||||
url = json_path(local.file.endpoints.content, ".logs.url")[0]
|
|
||||||
|
|
||||||
// The basic auth credentials for the Loki instance.
|
|
||||||
basic_auth {
|
|
||||||
username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
|
|
||||||
password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// The Tail Sampling processor will use a set of policies to determine which received traces to keep
|
|
||||||
// and send to Tempo.
|
|
||||||
otelcol.processor.tail_sampling "errors" {
|
|
||||||
// Total wait time from the start of a trace before making a sampling decision. Note that smaller time
|
|
||||||
// periods can potentially cause a decision to be made before the end of a trace has occurred.
|
|
||||||
decision_wait = "30s"
|
|
||||||
|
|
||||||
// The following policies follow a logical OR pattern, meaning that if any of the policies match,
|
|
||||||
// the trace will be kept. For logical AND, you can use the `and` policy. Every span of a trace is
|
|
||||||
// examined by each policy in turn. A match will cause a short-circuit.
|
|
||||||
|
|
||||||
// This policy defines that traces that contain errors should be kept.
|
|
||||||
policy {
|
|
||||||
// The name of the policy can be used for logging purposes.
|
|
||||||
name = "sample-erroring-traces"
|
|
||||||
// The type must match the type of policy to be used, in this case examing the status code
|
|
||||||
// of every span in the trace.
|
|
||||||
type = "status_code"
|
|
||||||
// This block determines the error codes that should match in order to keep the trace,
|
|
||||||
// in this case the OpenTelemetry 'ERROR' code.
|
|
||||||
status_code {
|
|
||||||
status_codes = [ "ERROR" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// This policy defines that only traces that are longer than 200ms in total should be kept.
|
|
||||||
policy {
|
|
||||||
// The name of the policy can be used for logging purposes.
|
|
||||||
name = "sample-long-traces"
|
|
||||||
// The type must match the policy to be used, in this case the total latency of the trace.
|
|
||||||
type = "latency"
|
|
||||||
// This block determines the total length of the trace in milliseconds.
|
|
||||||
latency {
|
|
||||||
threshold_ms = 200
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// The output block forwards the kept traces onto the batch processor, which will marshall them
|
|
||||||
// for exporting to Tempo.
|
|
||||||
output {
|
|
||||||
traces = [otelcol.processor.batch.default.input]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// The Spanmetrics Connector will generate RED metrics based on the incoming trace span data.
|
|
||||||
otelcol.connector.spanmetrics "tracemetrics" {
|
|
||||||
// The namespace explicit adds a prefix to all the generated span metrics names.
|
|
||||||
// In this case, we'll ensure they match as closely as possible those generated by Tempo.
|
|
||||||
namespace = "traces.spanmetrics"
|
|
||||||
|
|
||||||
// Each extra dimension (metrics label) to be added to the generated metrics from matching span attributes. These
|
|
||||||
// need to be defined with a name and optionally a default value (in the following cases, we do not want a default
|
|
||||||
// value if the span attribute is not present).
|
|
||||||
dimension {
|
|
||||||
name = "http.method"
|
|
||||||
}
|
|
||||||
dimension {
|
|
||||||
name = "http.target"
|
|
||||||
}
|
|
||||||
dimension {
|
|
||||||
name = "http.status_code"
|
|
||||||
}
|
|
||||||
dimension {
|
|
||||||
name = "service.version"
|
|
||||||
}
|
|
||||||
|
|
||||||
// A histogram block must be present, either explicitly defining bucket values or via an exponential block.
|
|
||||||
// We do the latter here.
|
|
||||||
histogram {
|
|
||||||
explicit {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// The exemplar block is added to ensure we generate exemplars for traces on relevant metric values.
|
|
||||||
exemplars {
|
|
||||||
enabled = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
|
|
||||||
// it gets transformed into Prometheus format data.
|
|
||||||
output {
|
|
||||||
metrics = [otelcol.exporter.prometheus.tracemetrics.input]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// The Servicegraph Connector will generate service graph metrics (edges and nodes) based on incoming trace spans.
|
|
||||||
otelcol.connector.servicegraph "tracemetrics" {
|
|
||||||
// Extra dimensions (metrics labels) to be added to the generated metrics from matching span attributes.
|
|
||||||
// For this component, this is defined as an array. There are no default values and the labels will not be generated
|
|
||||||
// for missing span attributes.
|
|
||||||
dimensions = [
|
|
||||||
"http.method",
|
|
||||||
"http.target",
|
|
||||||
"http.status_code",
|
|
||||||
"service.version",
|
|
||||||
]
|
|
||||||
|
|
||||||
// Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
|
|
||||||
// it gets transformed into Prometheus format data.
|
|
||||||
output {
|
|
||||||
metrics = [otelcol.exporter.prometheus.tracemetrics.input]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
otelcol.exporter.prometheus "tracemetrics" {
|
|
||||||
// Forward to our local Prometheus remote writer which will send the metrics to Mimir.
|
|
||||||
forward_to = [prometheus.remote_write.mimir.receiver]
|
|
||||||
}
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
// Profiling
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
|
|
||||||
pyroscope.write "pyroscope" {
|
|
||||||
endpoint {
|
|
||||||
url = json_path(local.file.endpoints.content, ".profiles.url")[0]
|
|
||||||
basic_auth {
|
|
||||||
username = json_path(local.file.endpoints.content, ".profiles.basicAuth.username")[0]
|
|
||||||
password = json_path(local.file.endpoints.content, ".profiles.basicAuth.password")[0]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
external_labels = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
pyroscope.ebpf "rinoadocker" {
|
|
||||||
forward_to = [pyroscope.write.pyroscope.receiver]
|
|
||||||
targets = discovery.docker.rinoadocker.targets
|
|
||||||
}
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"metrics": {
|
|
||||||
"url": "http://grafana-mimir:9009/api/v1/push",
|
|
||||||
"basicAuth": {
|
|
||||||
"username": "",
|
|
||||||
"password": ""
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"logs": {
|
|
||||||
"url": "http://grafana-loki:3100/loki/api/v1/push",
|
|
||||||
"basicAuth": {
|
|
||||||
"username": "",
|
|
||||||
"password": ""
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"traces": {
|
|
||||||
"url": "http://grafana-tempo:4317",
|
|
||||||
"basicAuthToken": "",
|
|
||||||
"tls": {
|
|
||||||
"insecure": true,
|
|
||||||
"insecureSkipVerify": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"profiles": {
|
|
||||||
"url": "http://grafana-pyroscope:4040",
|
|
||||||
"basicAuth": {
|
|
||||||
"username": "",
|
|
||||||
"password": ""
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
routes:
|
|
||||||
patterns:
|
|
||||||
- /*
|
|
||||||
unmatched: heuristic
|
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
multitenancy_enabled: false
|
|
||||||
no_auth_tenant: rinoa_mimir
|
|
||||||
# target: query-frontend
|
|
||||||
# api:
|
|
||||||
# prometheus_http_prefix: '/prometheus'
|
|
||||||
server:
|
|
||||||
http_listen_port: 9009
|
|
||||||
# frontend:
|
|
||||||
# split_queries_by_interval: 24h
|
|
||||||
# align_queries_with_step: true
|
|
||||||
# cache_results: true
|
|
||||||
# results_cache:
|
|
||||||
# backend: "memcached"
|
|
||||||
# memcached:
|
|
||||||
# addresses: "memcached-mimir:11211"
|
|
||||||
# downstream_url: http://grafana-agent:12345
|
|
||||||
|
|
||||||
common:
|
|
||||||
storage:
|
|
||||||
backend: s3
|
|
||||||
s3:
|
|
||||||
endpoint: minio:9000
|
|
||||||
access_key_id: "Q8KAihuXtGgmretKNh7C"
|
|
||||||
secret_access_key: "hOlRODtnvFlNlL26Bj3GizZG6Ys3rlpG8p6Vo3NX"
|
|
||||||
bucket_name: "mimir"
|
|
||||||
insecure: true
|
|
||||||
|
|
||||||
blocks_storage:
|
|
||||||
storage_prefix: rinoa
|
|
||||||
tsdb:
|
|
||||||
dir: /tmp/mimir/tsdb
|
|
||||||
|
|
||||||
memberlist:
|
|
||||||
tls_enabled: false
|
|
||||||
|
|
||||||
compactor:
|
|
||||||
# Directory to temporarily store blocks underdoing compaction.
|
|
||||||
data_dir: /tmp/mimir/compactor
|
|
||||||
# The sharding ring type used to share the hashed ring for the compactor.
|
|
||||||
sharding_ring:
|
|
||||||
# Use memberlist backend store (the default).
|
|
||||||
kvstore:
|
|
||||||
store: memberlist
|
|
||||||
|
|
||||||
# The distributor receives incoming metrics data for the system.
|
|
||||||
distributor:
|
|
||||||
# The ring to share hash ring data across instances.
|
|
||||||
ring:
|
|
||||||
# The address advertised in the ring. Localhost.
|
|
||||||
instance_addr: 127.0.0.1
|
|
||||||
# Use memberlist backend store (the default).
|
|
||||||
kvstore:
|
|
||||||
store: memberlist
|
|
||||||
|
|
||||||
# The ingester receives data from the distributor and processes it into indices and blocks.
|
|
||||||
ingester:
|
|
||||||
# The ring to share hash ring data across instances.
|
|
||||||
ring:
|
|
||||||
# The address advertised in the ring. Localhost.
|
|
||||||
instance_addr: 127.0.0.1
|
|
||||||
# Use memberlist backend store (the default).
|
|
||||||
kvstore:
|
|
||||||
store: memberlist
|
|
||||||
# Only run one instance of the ingesters.
|
|
||||||
# Note: It is highly recommended to run more than one ingester in production, the default is an RF of 3.
|
|
||||||
replication_factor: 1
|
|
||||||
|
|
||||||
# The store gateway block configures gateway storage.
|
|
||||||
store_gateway:
|
|
||||||
# Configuration for the hash ring.
|
|
||||||
sharding_ring:
|
|
||||||
# Only run a single instance. In production setups, the replication factor must
|
|
||||||
# be set on the querier and ruler as well.
|
|
||||||
replication_factor: 1
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
storage:
|
|
||||||
backend: s3
|
|
||||||
s3:
|
|
||||||
bucket_name: pyroscope
|
|
||||||
endpoint: minio:9000
|
|
||||||
region: us-east-fh-pln
|
|
||||||
access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
|
|
||||||
secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
|
|
||||||
insecure: true
|
|
||||||
|
|
||||||
analytics:
|
|
||||||
reporting_enabled: false
|
|
||||||
@@ -1,787 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
target: all
|
|
||||||
http_api_prefix: ""
|
|
||||||
autocomplete_filtering_enabled: true
|
|
||||||
server:
|
|
||||||
http_listen_network: tcp
|
|
||||||
http_listen_address: ""
|
|
||||||
http_listen_port: 80
|
|
||||||
http_listen_conn_limit: 0
|
|
||||||
grpc_listen_network: tcp
|
|
||||||
grpc_listen_address: ""
|
|
||||||
grpc_listen_port: 9095
|
|
||||||
grpc_listen_conn_limit: 0
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
http_tls_config:
|
|
||||||
cert: ""
|
|
||||||
key: null
|
|
||||||
client_ca: ""
|
|
||||||
cert_file: ""
|
|
||||||
key_file: ""
|
|
||||||
client_auth_type: ""
|
|
||||||
client_ca_file: ""
|
|
||||||
grpc_tls_config:
|
|
||||||
cert: ""
|
|
||||||
key: null
|
|
||||||
client_ca: ""
|
|
||||||
cert_file: ""
|
|
||||||
key_file: ""
|
|
||||||
client_auth_type: ""
|
|
||||||
client_ca_file: ""
|
|
||||||
register_instrumentation: true
|
|
||||||
report_grpc_codes_in_instrumentation_label_enabled: false
|
|
||||||
graceful_shutdown_timeout: 30s
|
|
||||||
http_server_read_timeout: 30s
|
|
||||||
http_server_read_header_timeout: 0s
|
|
||||||
http_server_write_timeout: 30s
|
|
||||||
http_server_idle_timeout: 2m0s
|
|
||||||
http_log_closed_connections_without_response_enabled: false
|
|
||||||
grpc_server_max_recv_msg_size: 16777216
|
|
||||||
grpc_server_max_send_msg_size: 16777216
|
|
||||||
grpc_server_max_concurrent_streams: 100
|
|
||||||
grpc_server_max_connection_idle: 2562047h47m16.854775807s
|
|
||||||
grpc_server_max_connection_age: 2562047h47m16.854775807s
|
|
||||||
grpc_server_max_connection_age_grace: 2562047h47m16.854775807s
|
|
||||||
grpc_server_keepalive_time: 2h0m0s
|
|
||||||
grpc_server_keepalive_timeout: 20s
|
|
||||||
grpc_server_min_time_between_pings: 10s
|
|
||||||
grpc_server_ping_without_stream_allowed: true
|
|
||||||
grpc_server_num_workers: 0
|
|
||||||
log_format: logfmt
|
|
||||||
log_level: info
|
|
||||||
log_source_ips_enabled: false
|
|
||||||
log_source_ips_header: ""
|
|
||||||
log_source_ips_regex: ""
|
|
||||||
log_request_headers: false
|
|
||||||
log_request_at_info_level_enabled: false
|
|
||||||
log_request_exclude_headers_list: ""
|
|
||||||
http_path_prefix: ""
|
|
||||||
internal_server:
|
|
||||||
http_listen_network: tcp
|
|
||||||
http_listen_address: ""
|
|
||||||
http_listen_port: 3101
|
|
||||||
http_listen_conn_limit: 0
|
|
||||||
grpc_listen_network: ""
|
|
||||||
grpc_listen_address: ""
|
|
||||||
grpc_listen_port: 0
|
|
||||||
grpc_listen_conn_limit: 0
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
http_tls_config:
|
|
||||||
cert: ""
|
|
||||||
key: null
|
|
||||||
client_ca: ""
|
|
||||||
cert_file: ""
|
|
||||||
key_file: ""
|
|
||||||
client_auth_type: ""
|
|
||||||
client_ca_file: ""
|
|
||||||
grpc_tls_config:
|
|
||||||
cert: ""
|
|
||||||
key: null
|
|
||||||
client_ca: ""
|
|
||||||
cert_file: ""
|
|
||||||
key_file: ""
|
|
||||||
client_auth_type: ""
|
|
||||||
client_ca_file: ""
|
|
||||||
register_instrumentation: false
|
|
||||||
report_grpc_codes_in_instrumentation_label_enabled: false
|
|
||||||
graceful_shutdown_timeout: 30s
|
|
||||||
http_server_read_timeout: 30s
|
|
||||||
http_server_read_header_timeout: 0s
|
|
||||||
http_server_write_timeout: 30s
|
|
||||||
http_server_idle_timeout: 2m0s
|
|
||||||
http_log_closed_connections_without_response_enabled: false
|
|
||||||
grpc_server_max_recv_msg_size: 0
|
|
||||||
grpc_server_max_send_msg_size: 0
|
|
||||||
grpc_server_max_concurrent_streams: 0
|
|
||||||
grpc_server_max_connection_idle: 0s
|
|
||||||
grpc_server_max_connection_age: 0s
|
|
||||||
grpc_server_max_connection_age_grace: 0s
|
|
||||||
grpc_server_keepalive_time: 0s
|
|
||||||
grpc_server_keepalive_timeout: 0s
|
|
||||||
grpc_server_min_time_between_pings: 0s
|
|
||||||
grpc_server_ping_without_stream_allowed: false
|
|
||||||
grpc_server_num_workers: 0
|
|
||||||
log_format: logfmt
|
|
||||||
log_level: info
|
|
||||||
log_source_ips_enabled: false
|
|
||||||
log_source_ips_header: ""
|
|
||||||
log_source_ips_regex: ""
|
|
||||||
log_request_headers: false
|
|
||||||
log_request_at_info_level_enabled: false
|
|
||||||
log_request_exclude_headers_list: ""
|
|
||||||
http_path_prefix: ""
|
|
||||||
enable: false
|
|
||||||
distributor:
|
|
||||||
ring:
|
|
||||||
kvstore:
|
|
||||||
store: memberlist
|
|
||||||
prefix: collectors/
|
|
||||||
consul:
|
|
||||||
host: localhost:8500
|
|
||||||
acl_token: ""
|
|
||||||
http_client_timeout: 20s
|
|
||||||
consistent_reads: false
|
|
||||||
watch_rate_limit: 1
|
|
||||||
watch_burst_size: 1
|
|
||||||
cas_retry_delay: 1s
|
|
||||||
etcd:
|
|
||||||
endpoints: []
|
|
||||||
dial_timeout: 10s
|
|
||||||
max_retries: 10
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
multi:
|
|
||||||
primary: ""
|
|
||||||
secondary: ""
|
|
||||||
mirror_enabled: false
|
|
||||||
mirror_timeout: 2s
|
|
||||||
heartbeat_period: 5s
|
|
||||||
heartbeat_timeout: 5m0s
|
|
||||||
instance_id: local-instance
|
|
||||||
instance_interface_names:
|
|
||||||
- eth0
|
|
||||||
- en0
|
|
||||||
instance_port: 0
|
|
||||||
instance_addr: ""
|
|
||||||
receivers: {}
|
|
||||||
override_ring_key: distributor
|
|
||||||
forwarders: []
|
|
||||||
extend_writes: true
|
|
||||||
retry_after_on_resource_exhausted: 0s
|
|
||||||
ingester_client:
|
|
||||||
pool_config:
|
|
||||||
checkinterval: 15s
|
|
||||||
healthcheckenabled: true
|
|
||||||
healthchecktimeout: 1s
|
|
||||||
maxconcurrenthealthchecks: 0
|
|
||||||
remote_timeout: 5s
|
|
||||||
grpc_client_config:
|
|
||||||
max_recv_msg_size: 104857600
|
|
||||||
max_send_msg_size: 104857600
|
|
||||||
grpc_compression: snappy
|
|
||||||
rate_limit: 0
|
|
||||||
rate_limit_burst: 0
|
|
||||||
backoff_on_ratelimits: false
|
|
||||||
backoff_config:
|
|
||||||
min_period: 100ms
|
|
||||||
max_period: 10s
|
|
||||||
max_retries: 10
|
|
||||||
initial_stream_window_size: 63KiB1023B
|
|
||||||
initial_connection_window_size: 63KiB1023B
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
connect_timeout: 5s
|
|
||||||
connect_backoff_base_delay: 1s
|
|
||||||
connect_backoff_max_delay: 5s
|
|
||||||
metrics_generator_client:
|
|
||||||
pool_config:
|
|
||||||
checkinterval: 15s
|
|
||||||
healthcheckenabled: true
|
|
||||||
healthchecktimeout: 1s
|
|
||||||
maxconcurrenthealthchecks: 0
|
|
||||||
remote_timeout: 5s
|
|
||||||
grpc_client_config:
|
|
||||||
max_recv_msg_size: 104857600
|
|
||||||
max_send_msg_size: 104857600
|
|
||||||
grpc_compression: snappy
|
|
||||||
rate_limit: 0
|
|
||||||
rate_limit_burst: 0
|
|
||||||
backoff_on_ratelimits: false
|
|
||||||
backoff_config:
|
|
||||||
min_period: 100ms
|
|
||||||
max_period: 10s
|
|
||||||
max_retries: 10
|
|
||||||
initial_stream_window_size: 63KiB1023B
|
|
||||||
initial_connection_window_size: 63KiB1023B
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
connect_timeout: 5s
|
|
||||||
connect_backoff_base_delay: 1s
|
|
||||||
connect_backoff_max_delay: 5s
|
|
||||||
querier:
|
|
||||||
search:
|
|
||||||
query_timeout: 30s
|
|
||||||
prefer_self: 10
|
|
||||||
external_hedge_requests_at: 8s
|
|
||||||
external_hedge_requests_up_to: 2
|
|
||||||
external_backend: ""
|
|
||||||
google_cloud_run: null
|
|
||||||
external_endpoints: []
|
|
||||||
trace_by_id:
|
|
||||||
query_timeout: 10s
|
|
||||||
max_concurrent_queries: 20
|
|
||||||
frontend_worker:
|
|
||||||
frontend_address: 127.0.0.1:9095
|
|
||||||
dns_lookup_duration: 10s
|
|
||||||
parallelism: 2
|
|
||||||
match_max_concurrent: true
|
|
||||||
id: ""
|
|
||||||
grpc_client_config:
|
|
||||||
max_recv_msg_size: 104857600
|
|
||||||
max_send_msg_size: 16777216
|
|
||||||
grpc_compression: gzip
|
|
||||||
rate_limit: 0
|
|
||||||
rate_limit_burst: 0
|
|
||||||
backoff_on_ratelimits: false
|
|
||||||
backoff_config:
|
|
||||||
min_period: 100ms
|
|
||||||
max_period: 1s
|
|
||||||
max_retries: 5
|
|
||||||
initial_stream_window_size: 0B
|
|
||||||
initial_connection_window_size: 0B
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
connect_timeout: 0s
|
|
||||||
connect_backoff_base_delay: 0s
|
|
||||||
connect_backoff_max_delay: 0s
|
|
||||||
query_relevant_ingesters: false
|
|
||||||
query_frontend:
|
|
||||||
max_outstanding_per_tenant: 2000
|
|
||||||
querier_forget_delay: 0s
|
|
||||||
max_batch_size: 5
|
|
||||||
max_retries: 2
|
|
||||||
search:
|
|
||||||
concurrent_jobs: 1000
|
|
||||||
target_bytes_per_job: 104857600
|
|
||||||
default_result_limit: 20
|
|
||||||
max_result_limit: 0
|
|
||||||
max_duration: 168h0m0s
|
|
||||||
query_backend_after: 15m0s
|
|
||||||
query_ingesters_until: 30m0s
|
|
||||||
trace_by_id:
|
|
||||||
query_shards: 50
|
|
||||||
hedge_requests_at: 2s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
metrics:
|
|
||||||
concurrent_jobs: 1000
|
|
||||||
target_bytes_per_job: 104857600
|
|
||||||
max_duration: 0s
|
|
||||||
query_backend_after: 1h0m0s
|
|
||||||
interval: 5m0s
|
|
||||||
multi_tenant_queries_enabled: true
|
|
||||||
compactor:
|
|
||||||
ring:
|
|
||||||
kvstore:
|
|
||||||
store: ""
|
|
||||||
prefix: collectors/
|
|
||||||
consul:
|
|
||||||
host: localhost:8500
|
|
||||||
acl_token: ""
|
|
||||||
http_client_timeout: 20s
|
|
||||||
consistent_reads: false
|
|
||||||
watch_rate_limit: 1
|
|
||||||
watch_burst_size: 1
|
|
||||||
cas_retry_delay: 1s
|
|
||||||
etcd:
|
|
||||||
endpoints: []
|
|
||||||
dial_timeout: 10s
|
|
||||||
max_retries: 10
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
multi:
|
|
||||||
primary: ""
|
|
||||||
secondary: ""
|
|
||||||
mirror_enabled: false
|
|
||||||
mirror_timeout: 2s
|
|
||||||
heartbeat_period: 5s
|
|
||||||
heartbeat_timeout: 1m0s
|
|
||||||
wait_stability_min_duration: 1m0s
|
|
||||||
wait_stability_max_duration: 5m0s
|
|
||||||
instance_id: local-instance
|
|
||||||
instance_interface_names:
|
|
||||||
- eth0
|
|
||||||
- en0
|
|
||||||
instance_port: 0
|
|
||||||
instance_addr: ""
|
|
||||||
enable_inet6: false
|
|
||||||
wait_active_instance_timeout: 10m0s
|
|
||||||
compaction:
|
|
||||||
v2_in_buffer_bytes: 5242880
|
|
||||||
v2_out_buffer_bytes: 20971520
|
|
||||||
v2_prefetch_traces_count: 1000
|
|
||||||
compaction_window: 1h0m0s
|
|
||||||
max_compaction_objects: 6000000
|
|
||||||
max_block_bytes: 107374182400
|
|
||||||
block_retention: 336h0m0s
|
|
||||||
compacted_block_retention: 1h0m0s
|
|
||||||
retention_concurrency: 10
|
|
||||||
max_time_per_tenant: 5m0s
|
|
||||||
compaction_cycle: 30s
|
|
||||||
override_ring_key: compactor
|
|
||||||
ingester:
|
|
||||||
lifecycler:
|
|
||||||
ring:
|
|
||||||
kvstore:
|
|
||||||
store: inmemory
|
|
||||||
prefix: collectors/
|
|
||||||
consul:
|
|
||||||
host: localhost:8500
|
|
||||||
acl_token: ""
|
|
||||||
http_client_timeout: 20s
|
|
||||||
consistent_reads: false
|
|
||||||
watch_rate_limit: 1
|
|
||||||
watch_burst_size: 1
|
|
||||||
cas_retry_delay: 1s
|
|
||||||
etcd:
|
|
||||||
endpoints: []
|
|
||||||
dial_timeout: 10s
|
|
||||||
max_retries: 10
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
multi:
|
|
||||||
primary: ""
|
|
||||||
secondary: ""
|
|
||||||
mirror_enabled: false
|
|
||||||
mirror_timeout: 2s
|
|
||||||
heartbeat_timeout: 5m0s
|
|
||||||
replication_factor: 1
|
|
||||||
zone_awareness_enabled: false
|
|
||||||
excluded_zones: ""
|
|
||||||
num_tokens: 128
|
|
||||||
heartbeat_period: 5s
|
|
||||||
heartbeat_timeout: 1m0s
|
|
||||||
observe_period: 0s
|
|
||||||
join_after: 0s
|
|
||||||
min_ready_duration: 15s
|
|
||||||
interface_names:
|
|
||||||
- en0
|
|
||||||
- bridge100
|
|
||||||
enable_inet6: false
|
|
||||||
final_sleep: 0s
|
|
||||||
tokens_file_path: ""
|
|
||||||
availability_zone: ""
|
|
||||||
unregister_on_shutdown: true
|
|
||||||
readiness_check_ring_health: true
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 0
|
|
||||||
id: local-instance
|
|
||||||
concurrent_flushes: 4
|
|
||||||
flush_check_period: 10s
|
|
||||||
flush_op_timeout: 5m0s
|
|
||||||
trace_idle_period: 10s
|
|
||||||
max_block_duration: 30m0s
|
|
||||||
max_block_bytes: 524288000
|
|
||||||
complete_block_timeout: 15m0s
|
|
||||||
override_ring_key: ring
|
|
||||||
flush_all_on_shutdown: false
|
|
||||||
metrics_generator:
|
|
||||||
ring:
|
|
||||||
kvstore:
|
|
||||||
store: inmemory
|
|
||||||
prefix: collectors/
|
|
||||||
consul:
|
|
||||||
host: localhost:8500
|
|
||||||
acl_token: ""
|
|
||||||
http_client_timeout: 20s
|
|
||||||
consistent_reads: false
|
|
||||||
watch_rate_limit: 1
|
|
||||||
watch_burst_size: 1
|
|
||||||
cas_retry_delay: 1s
|
|
||||||
etcd:
|
|
||||||
endpoints: []
|
|
||||||
dial_timeout: 10s
|
|
||||||
max_retries: 10
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
multi:
|
|
||||||
primary: ""
|
|
||||||
secondary: ""
|
|
||||||
mirror_enabled: false
|
|
||||||
mirror_timeout: 2s
|
|
||||||
heartbeat_period: 5s
|
|
||||||
heartbeat_timeout: 1m0s
|
|
||||||
instance_id: local-instance
|
|
||||||
instance_interface_names:
|
|
||||||
- eth0
|
|
||||||
- en0
|
|
||||||
instance_addr: 127.0.0.1
|
|
||||||
instance_port: 0
|
|
||||||
enable_inet6: false
|
|
||||||
processor:
|
|
||||||
service_graphs:
|
|
||||||
wait: 10s
|
|
||||||
max_items: 10000
|
|
||||||
workers: 10
|
|
||||||
histogram_buckets:
|
|
||||||
- 0.1
|
|
||||||
- 0.2
|
|
||||||
- 0.4
|
|
||||||
- 0.8
|
|
||||||
- 1.6
|
|
||||||
- 3.2
|
|
||||||
- 6.4
|
|
||||||
- 12.8
|
|
||||||
dimensions: []
|
|
||||||
enable_client_server_prefix: false
|
|
||||||
peer_attributes:
|
|
||||||
- peer.service
|
|
||||||
- db.name
|
|
||||||
- db.system
|
|
||||||
span_multiplier_key: ""
|
|
||||||
span_metrics:
|
|
||||||
histogram_buckets:
|
|
||||||
- 0.002
|
|
||||||
- 0.004
|
|
||||||
- 0.008
|
|
||||||
- 0.016
|
|
||||||
- 0.032
|
|
||||||
- 0.064
|
|
||||||
- 0.128
|
|
||||||
- 0.256
|
|
||||||
- 0.512
|
|
||||||
- 1.024
|
|
||||||
- 2.048
|
|
||||||
- 4.096
|
|
||||||
- 8.192
|
|
||||||
- 16.384
|
|
||||||
intrinsic_dimensions:
|
|
||||||
service: true
|
|
||||||
span_name: true
|
|
||||||
span_kind: true
|
|
||||||
status_code: true
|
|
||||||
dimensions: []
|
|
||||||
dimension_mappings: []
|
|
||||||
enable_target_info: false
|
|
||||||
span_multiplier_key: ""
|
|
||||||
subprocessors:
|
|
||||||
0: true
|
|
||||||
1: true
|
|
||||||
2: true
|
|
||||||
filter_policies: []
|
|
||||||
target_info_excluded_dimensions: []
|
|
||||||
local_blocks:
|
|
||||||
block:
|
|
||||||
bloom_filter_false_positive: 0.01
|
|
||||||
bloom_filter_shard_size_bytes: 102400
|
|
||||||
version: vParquet3
|
|
||||||
search_encoding: snappy
|
|
||||||
search_page_size_bytes: 1048576
|
|
||||||
v2_index_downsample_bytes: 1048576
|
|
||||||
v2_index_page_size_bytes: 256000
|
|
||||||
v2_encoding: zstd
|
|
||||||
parquet_row_group_size_bytes: 100000000
|
|
||||||
parquet_dedicated_columns: []
|
|
||||||
search:
|
|
||||||
chunk_size_bytes: 1000000
|
|
||||||
prefetch_trace_count: 1000
|
|
||||||
read_buffer_count: 32
|
|
||||||
read_buffer_size_bytes: 1048576
|
|
||||||
cache_control:
|
|
||||||
footer: false
|
|
||||||
column_index: false
|
|
||||||
offset_index: false
|
|
||||||
flush_check_period: 10s
|
|
||||||
trace_idle_period: 10s
|
|
||||||
max_block_duration: 1m0s
|
|
||||||
max_block_bytes: 500000000
|
|
||||||
complete_block_timeout: 1h0m0s
|
|
||||||
max_live_traces: 0
|
|
||||||
concurrent_blocks: 10
|
|
||||||
filter_server_spans: true
|
|
||||||
registry:
|
|
||||||
collection_interval: 15s
|
|
||||||
stale_duration: 15m0s
|
|
||||||
max_label_name_length: 1024
|
|
||||||
max_label_value_length: 2048
|
|
||||||
storage:
|
|
||||||
path: ""
|
|
||||||
wal:
|
|
||||||
wal_segment_size: 134217728
|
|
||||||
wal_compression: none
|
|
||||||
stripe_size: 16384
|
|
||||||
truncate_frequency: 2h0m0s
|
|
||||||
min_wal_time: 300000
|
|
||||||
max_wal_time: 14400000
|
|
||||||
no_lockfile: false
|
|
||||||
remote_write_flush_deadline: 1m0s
|
|
||||||
remote_write_add_org_id_header: true
|
|
||||||
traces_storage:
|
|
||||||
path: ""
|
|
||||||
completedfilepath: ""
|
|
||||||
blocksfilepath: ""
|
|
||||||
v2_encoding: none
|
|
||||||
search_encoding: none
|
|
||||||
ingestion_time_range_slack: 0s
|
|
||||||
version: vParquet3
|
|
||||||
metrics_ingestion_time_range_slack: 30s
|
|
||||||
query_timeout: 30s
|
|
||||||
override_ring_key: metrics-generator
|
|
||||||
storage:
|
|
||||||
trace:
|
|
||||||
pool:
|
|
||||||
max_workers: 400
|
|
||||||
queue_depth: 20000
|
|
||||||
wal:
|
|
||||||
path: /tmp/tempo/wal
|
|
||||||
completedfilepath: /tmp/tempo/wal/completed
|
|
||||||
blocksfilepath: /tmp/tempo/wal/blocks
|
|
||||||
v2_encoding: snappy
|
|
||||||
search_encoding: none
|
|
||||||
ingestion_time_range_slack: 2m0s
|
|
||||||
version: vParquet3
|
|
||||||
block:
|
|
||||||
bloom_filter_false_positive: 0.01
|
|
||||||
bloom_filter_shard_size_bytes: 102400
|
|
||||||
version: vParquet3
|
|
||||||
search_encoding: snappy
|
|
||||||
search_page_size_bytes: 1048576
|
|
||||||
v2_index_downsample_bytes: 1048576
|
|
||||||
v2_index_page_size_bytes: 256000
|
|
||||||
v2_encoding: zstd
|
|
||||||
parquet_row_group_size_bytes: 100000000
|
|
||||||
parquet_dedicated_columns: []
|
|
||||||
search:
|
|
||||||
chunk_size_bytes: 1000000
|
|
||||||
prefetch_trace_count: 1000
|
|
||||||
read_buffer_count: 32
|
|
||||||
read_buffer_size_bytes: 1048576
|
|
||||||
cache_control:
|
|
||||||
footer: false
|
|
||||||
column_index: false
|
|
||||||
offset_index: false
|
|
||||||
blocklist_poll: 5m0s
|
|
||||||
blocklist_poll_concurrency: 50
|
|
||||||
blocklist_poll_fallback: true
|
|
||||||
blocklist_poll_tenant_index_builders: 2
|
|
||||||
blocklist_poll_stale_tenant_index: 0s
|
|
||||||
blocklist_poll_jitter_ms: 0
|
|
||||||
blocklist_poll_tolerate_consecutive_errors: 1
|
|
||||||
backend: local
|
|
||||||
local:
|
|
||||||
path: /tmp/tempo/traces
|
|
||||||
gcs:
|
|
||||||
bucket_name: ""
|
|
||||||
prefix: ""
|
|
||||||
chunk_buffer_size: 10485760
|
|
||||||
endpoint: ""
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
insecure: false
|
|
||||||
object_cache_control: ""
|
|
||||||
object_metadata: {}
|
|
||||||
list_blocks_concurrency: 3
|
|
||||||
s3:
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: VersionTLS12
|
|
||||||
bucket: ""
|
|
||||||
prefix: ""
|
|
||||||
endpoint: ""
|
|
||||||
region: ""
|
|
||||||
access_key: ""
|
|
||||||
secret_key: ""
|
|
||||||
session_token: ""
|
|
||||||
insecure: false
|
|
||||||
part_size: 0
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
signature_v2: false
|
|
||||||
forcepathstyle: false
|
|
||||||
bucket_lookup_type: 0
|
|
||||||
tags: {}
|
|
||||||
storage_class: ""
|
|
||||||
metadata: {}
|
|
||||||
native_aws_auth_enabled: false
|
|
||||||
list_blocks_concurrency: 3
|
|
||||||
azure:
|
|
||||||
storage_account_name: ""
|
|
||||||
storage_account_key: ""
|
|
||||||
use_managed_identity: false
|
|
||||||
use_federated_token: false
|
|
||||||
user_assigned_id: ""
|
|
||||||
container_name: ""
|
|
||||||
prefix: ""
|
|
||||||
endpoint_suffix: blob.core.windows.net
|
|
||||||
max_buffers: 4
|
|
||||||
buffer_size: 3145728
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
use_v2_sdk: false
|
|
||||||
cache: ""
|
|
||||||
background_cache:
|
|
||||||
writeback_goroutines: 10
|
|
||||||
writeback_buffer: 10000
|
|
||||||
memcached: null
|
|
||||||
redis: null
|
|
||||||
cache_min_compaction_level: 0
|
|
||||||
cache_max_block_age: 0s
|
|
||||||
overrides:
|
|
||||||
defaults:
|
|
||||||
ingestion:
|
|
||||||
rate_strategy: local
|
|
||||||
rate_limit_bytes: 15000000
|
|
||||||
burst_size_bytes: 20000000
|
|
||||||
max_traces_per_user: 10000
|
|
||||||
read:
|
|
||||||
max_bytes_per_tag_values_query: 5000000
|
|
||||||
global:
|
|
||||||
max_bytes_per_trace: 5000000
|
|
||||||
per_tenant_override_config: ""
|
|
||||||
per_tenant_override_period: 10s
|
|
||||||
user_configurable_overrides:
|
|
||||||
enabled: false
|
|
||||||
poll_interval: 1m0s
|
|
||||||
client:
|
|
||||||
backend: ""
|
|
||||||
confirm_versioning: true
|
|
||||||
local:
|
|
||||||
path: ""
|
|
||||||
gcs:
|
|
||||||
bucket_name: ""
|
|
||||||
prefix: ""
|
|
||||||
chunk_buffer_size: 10485760
|
|
||||||
endpoint: ""
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
insecure: false
|
|
||||||
object_cache_control: ""
|
|
||||||
object_metadata: {}
|
|
||||||
list_blocks_concurrency: 3
|
|
||||||
s3:
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: VersionTLS12
|
|
||||||
bucket: ""
|
|
||||||
prefix: ""
|
|
||||||
endpoint: ""
|
|
||||||
region: ""
|
|
||||||
access_key: ""
|
|
||||||
secret_key: ""
|
|
||||||
session_token: ""
|
|
||||||
insecure: false
|
|
||||||
part_size: 0
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
signature_v2: false
|
|
||||||
forcepathstyle: false
|
|
||||||
bucket_lookup_type: 0
|
|
||||||
tags: {}
|
|
||||||
storage_class: ""
|
|
||||||
metadata: {}
|
|
||||||
native_aws_auth_enabled: false
|
|
||||||
list_blocks_concurrency: 3
|
|
||||||
azure:
|
|
||||||
storage_account_name: ""
|
|
||||||
storage_account_key: ""
|
|
||||||
use_managed_identity: false
|
|
||||||
use_federated_token: false
|
|
||||||
user_assigned_id: ""
|
|
||||||
container_name: ""
|
|
||||||
prefix: ""
|
|
||||||
endpoint_suffix: blob.core.windows.net
|
|
||||||
max_buffers: 4
|
|
||||||
buffer_size: 3145728
|
|
||||||
hedge_requests_at: 0s
|
|
||||||
hedge_requests_up_to: 2
|
|
||||||
use_v2_sdk: false
|
|
||||||
api:
|
|
||||||
check_for_conflicting_runtime_overrides: false
|
|
||||||
memberlist:
|
|
||||||
node_name: ""
|
|
||||||
randomize_node_name: true
|
|
||||||
stream_timeout: 2s
|
|
||||||
retransmit_factor: 2
|
|
||||||
pull_push_interval: 30s
|
|
||||||
gossip_interval: 1s
|
|
||||||
gossip_nodes: 2
|
|
||||||
gossip_to_dead_nodes_time: 30s
|
|
||||||
dead_node_reclaim_time: 0s
|
|
||||||
compression_enabled: false
|
|
||||||
advertise_addr: ""
|
|
||||||
advertise_port: 7946
|
|
||||||
cluster_label: ""
|
|
||||||
cluster_label_verification_disabled: false
|
|
||||||
join_members: []
|
|
||||||
min_join_backoff: 1s
|
|
||||||
max_join_backoff: 1m0s
|
|
||||||
max_join_retries: 10
|
|
||||||
abort_if_cluster_join_fails: false
|
|
||||||
rejoin_interval: 0s
|
|
||||||
left_ingesters_timeout: 5m0s
|
|
||||||
leave_timeout: 20s
|
|
||||||
message_history_buffer_bytes: 0
|
|
||||||
bind_addr: []
|
|
||||||
bind_port: 7946
|
|
||||||
packet_dial_timeout: 2s
|
|
||||||
packet_write_timeout: 5s
|
|
||||||
tls_enabled: false
|
|
||||||
tls_cert_path: ""
|
|
||||||
tls_key_path: ""
|
|
||||||
tls_ca_path: ""
|
|
||||||
tls_server_name: ""
|
|
||||||
tls_insecure_skip_verify: false
|
|
||||||
tls_cipher_suites: ""
|
|
||||||
tls_min_version: ""
|
|
||||||
usage_report:
|
|
||||||
reporting_enabled: true
|
|
||||||
backoff:
|
|
||||||
min_period: 100ms
|
|
||||||
max_period: 10s
|
|
||||||
max_retries: 0
|
|
||||||
cache:
|
|
||||||
background:
|
|
||||||
writeback_goroutines: 10
|
|
||||||
writeback_buffer: 10000
|
|
||||||
caches: []
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
server:
|
|
||||||
http_listen_port: 3200
|
|
||||||
|
|
||||||
distributor:
|
|
||||||
receivers: # this configuration will listen on all ports and protocols that tempo is capable of.
|
|
||||||
jaeger: # the receives all come from the OpenTelemetry collector. more configuration information can
|
|
||||||
protocols: # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
|
|
||||||
thrift_http: #
|
|
||||||
grpc: # for a production deployment you should only enable the receivers you need!
|
|
||||||
thrift_binary:
|
|
||||||
thrift_compact:
|
|
||||||
zipkin:
|
|
||||||
otlp:
|
|
||||||
protocols:
|
|
||||||
http:
|
|
||||||
grpc:
|
|
||||||
opencensus:
|
|
||||||
|
|
||||||
ingester:
|
|
||||||
max_block_duration: 5m # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
|
|
||||||
|
|
||||||
compactor:
|
|
||||||
compaction:
|
|
||||||
block_retention: 1h # overall Tempo trace retention. set for demo purposes
|
|
||||||
|
|
||||||
# metrics_generator:
|
|
||||||
# registry:
|
|
||||||
# external_labels:
|
|
||||||
# source: tempo
|
|
||||||
# cluster: docker-compose
|
|
||||||
# storage:
|
|
||||||
# path: /tmp/tempo/generator/wal
|
|
||||||
# remote_write:
|
|
||||||
# - url: http://grafana-alloy:12345/api/v1/write
|
|
||||||
# send_exemplars: true
|
|
||||||
|
|
||||||
storage:
|
|
||||||
trace:
|
|
||||||
backend: s3 # backend configuration to use
|
|
||||||
wal:
|
|
||||||
path: /tmp/tempo/wal # where to store the the wal locally
|
|
||||||
s3:
|
|
||||||
bucket: tempo # how to store data in s3
|
|
||||||
endpoint: minio:9000
|
|
||||||
access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
|
|
||||||
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
|
|
||||||
insecure: true
|
|
||||||
|
|
||||||
usage_report:
|
|
||||||
reporting_enabled: false
|
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
# For configuration options and examples, please see:
|
|
||||||
# https://gethomepage.dev/en/configs/bookmarks
|
|
||||||
|
|
||||||
#- Developer:
|
|
||||||
# - Github:
|
|
||||||
# - abbr: GH
|
|
||||||
# href: https://github.com/
|
|
||||||
#
|
|
||||||
#- Social:
|
|
||||||
# - Reddit:
|
|
||||||
# - abbr: RE
|
|
||||||
# href: https://reddit.com/
|
|
||||||
#
|
|
||||||
#- Entertainment:
|
|
||||||
# - YouTube:
|
|
||||||
# - abbr: YT
|
|
||||||
# href: https://youtube.com/
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
# For configuration options and examples, please see:
|
|
||||||
# https://gethomepage.dev/en/configs/docker/
|
|
||||||
|
|
||||||
# my-docker:
|
|
||||||
# host: 127.0.0.1
|
|
||||||
# port: 2375
|
|
||||||
|
|
||||||
my-docker:
|
|
||||||
host: dockerproxy
|
|
||||||
port: 2375
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
# sample kubernetes config
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
|
||||||
# For configuration options and examples, please see:
|
|
||||||
# https://gethomepage.dev/en/configs/services
|
|
||||||
|
|
||||||
#- My First Group:
|
|
||||||
# - My First Service:
|
|
||||||
# href: http://localhost/
|
|
||||||
# description: Homepage is awesome
|
|
||||||
#
|
|
||||||
#- My Second Group:
|
|
||||||
# - My Second Service:
|
|
||||||
# href: http://localhost/
|
|
||||||
# description: Homepage is the best
|
|
||||||
#
|
|
||||||
#- My Third Group:
|
|
||||||
# - My Third Service:
|
|
||||||
# href: http://localhost/
|
|
||||||
# description: Homepage is 😎
|
|
||||||
|
|
||||||
- Automation:
|
|
||||||
- Home Assistant (Rikku):
|
|
||||||
href: https://ha.trez.wtf
|
|
||||||
description: Smart Home
|
|
||||||
icon: home-assistant.png
|
|
||||||
weight: 0
|
|
||||||
widget:
|
|
||||||
type: homeassistant
|
|
||||||
url: http://192.168.1.252:8123
|
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
|
|
||||||
|
|
||||||
@@ -1,56 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
|
||||||
# For configuration options and examples, please see:
|
|
||||||
# https://gethomepage.dev/en/configs/settings
|
|
||||||
|
|
||||||
providers:
|
|
||||||
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
|
||||||
# weatherapi: weatherapiapikey
|
|
||||||
title: Rinoa Dashboard (trez.WTF)
|
|
||||||
headerStyle: underlined
|
|
||||||
color: slate
|
|
||||||
showStats: false
|
|
||||||
statusStyle: "dot"
|
|
||||||
favicon: /icons/favicon.ico
|
|
||||||
useEqualHeights: true
|
|
||||||
hideErrors: false
|
|
||||||
searchDescriptions: true
|
|
||||||
showSearchSuggestions: true
|
|
||||||
provider: duckduckgo
|
|
||||||
|
|
||||||
layout:
|
|
||||||
System Administration:
|
|
||||||
style: row
|
|
||||||
columns: 4
|
|
||||||
Infrastructure/App Performance Monitoring:
|
|
||||||
style: row
|
|
||||||
columns: 3
|
|
||||||
Code/DevOps:
|
|
||||||
style: row
|
|
||||||
columns: 3
|
|
||||||
Social:
|
|
||||||
style: row
|
|
||||||
columns: 4
|
|
||||||
Lifestyle:
|
|
||||||
style: row
|
|
||||||
columns: 3
|
|
||||||
Automation:
|
|
||||||
style: row
|
|
||||||
columns: 5
|
|
||||||
Privacy/Security:
|
|
||||||
style: row
|
|
||||||
columns: 5
|
|
||||||
Personal/Professional Services:
|
|
||||||
style: row
|
|
||||||
columns: 5
|
|
||||||
Servarr Stack:
|
|
||||||
style: row
|
|
||||||
columns: 3
|
|
||||||
Downloaders:
|
|
||||||
style: row
|
|
||||||
columns: 2
|
|
||||||
Media Library:
|
|
||||||
style: row
|
|
||||||
columns: 3
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
|
||||||
# For configuration options and examples, please see:
|
|
||||||
# https://gethomepage.dev/en/configs/widgets
|
|
||||||
|
|
||||||
- resources:
|
|
||||||
label: System
|
|
||||||
cpu: true
|
|
||||||
memory: true
|
|
||||||
cputemp: true
|
|
||||||
uptime: true
|
|
||||||
|
|
||||||
- resources:
|
|
||||||
label: Storage
|
|
||||||
expanded: true
|
|
||||||
disk:
|
|
||||||
- /
|
|
||||||
- /rinoa-storage
|
|
||||||
|
|
||||||
- search:
|
|
||||||
provider: custom
|
|
||||||
url: https://search.trez.wtf/search?q=
|
|
||||||
target: _blank
|
|
||||||
|
|
||||||
- openweathermap:
|
|
||||||
label: New York
|
|
||||||
latitude: 40.72
|
|
||||||
longitude: -73.85
|
|
||||||
units: imperial
|
|
||||||
provider: openweathermap
|
|
||||||
cache: 10
|
|
||||||
@@ -1,952 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
#########################################
|
|
||||||
#
|
|
||||||
# Database and other external servers
|
|
||||||
#
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
##
|
|
||||||
## Database configuration with separate parameters.
|
|
||||||
## This setting is MANDATORY, unless 'database_url' is used.
|
|
||||||
##
|
|
||||||
db:
|
|
||||||
user: kemal
|
|
||||||
host: invidious-db
|
|
||||||
port: 5432
|
|
||||||
dbname: invidious
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PG_DB_PASSWORD'] }}
|
|
||||||
|
|
||||||
##
|
|
||||||
## Database configuration using a single URI. This is an
|
|
||||||
## alternative to the 'db' parameter above. If both forms
|
|
||||||
## are used, then only database_url is used.
|
|
||||||
## This setting is MANDATORY, unless 'db' is used.
|
|
||||||
##
|
|
||||||
## Note: The 'database_url' setting allows the use of UNIX
|
|
||||||
## sockets. To do so, remove the IP address (or FQDN) and port
|
|
||||||
## and append the 'host' parameter. E.g:
|
|
||||||
## postgres://kemal:kemal@/invidious?host=/var/run/postgresql
|
|
||||||
##
|
|
||||||
## Accepted values: a postgres:// URI
|
|
||||||
## Default: postgres://kemal:kemal@localhost:5432/invidious
|
|
||||||
##
|
|
||||||
#database_url: postgres://kemal:kemal@localhost:5432/invidious
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable automatic table integrity check. This will create
|
|
||||||
## the required tables and columns if anything is missing.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
check_tables: true
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Path to an external signature resolver, used to emulate
|
|
||||||
## the Youtube client's Javascript. If no such server is
|
|
||||||
## available, some videos will not be playable.
|
|
||||||
##
|
|
||||||
## When this setting is commented out, no external
|
|
||||||
## resolver will be used.
|
|
||||||
##
|
|
||||||
## Accepted values: a path to a UNIX socket or "<IP>:<Port>"
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
signature_server: invidious-sig-helper:12999
|
|
||||||
|
|
||||||
|
|
||||||
#########################################
|
|
||||||
#
|
|
||||||
# Server config
|
|
||||||
#
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Network (inbound)
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Port to listen on for incoming connections.
|
|
||||||
##
|
|
||||||
## Note: Ports lower than 1024 requires either root privileges
|
|
||||||
## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
|
|
||||||
## (See https://stackoverflow.com/a/414258 and `man capabilities`)
|
|
||||||
##
|
|
||||||
## Accepted values: 1-65535
|
|
||||||
## Default: 3000
|
|
||||||
##
|
|
||||||
#port: 3000
|
|
||||||
|
|
||||||
##
|
|
||||||
## When the invidious instance is behind a proxy, and the proxy
|
|
||||||
## listens on a different port than the instance does, this lets
|
|
||||||
## invidious know about it. This is used to craft absolute URLs
|
|
||||||
## to the instance (e.g in the API).
|
|
||||||
##
|
|
||||||
## Note: This setting is MANDATORY if invidious is behind a
|
|
||||||
## reverse proxy.
|
|
||||||
##
|
|
||||||
## Accepted values: 1-65535
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#external_port:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Interface address to listen on for incoming connections.
|
|
||||||
##
|
|
||||||
## Accepted values: a valid IPv4 or IPv6 address.
|
|
||||||
## default: 0.0.0.0 (listen on all interfaces)
|
|
||||||
##
|
|
||||||
#host_binding: 0.0.0.0
|
|
||||||
|
|
||||||
##
|
|
||||||
## Domain name under which this instance is hosted. This is
|
|
||||||
## used to craft absolute URLs to the instance (e.g in the API).
|
|
||||||
## The domain MUST be defined if your instance is accessed from
|
|
||||||
## a domain name (like 'example.com').
|
|
||||||
##
|
|
||||||
## Accepted values: a fully qualified domain name (FQDN)
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
# domain:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Tell Invidious that it is behind a proxy that provides only
|
|
||||||
## HTTPS, so all links must use the https:// scheme. This
|
|
||||||
## setting MUST be set to true if invidious is behind a
|
|
||||||
## reverse proxy serving HTTPs.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
https_only: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable 'Strict-Transport-Security'. Make sure that
|
|
||||||
## the domain specified under 'domain' is served securely.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#hsts: true
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Network (outbound)
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Disable proxying server-wide. Can be disable as a whole, or
|
|
||||||
## only for a single function.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false, dash, livestreams, downloads, local
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#disable_proxy: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Size of the HTTP pool used to connect to youtube. Each
|
|
||||||
## domain ('youtube.com', 'ytimg.com', ...) has its own pool.
|
|
||||||
##
|
|
||||||
## Accepted values: a positive integer
|
|
||||||
## Default: 100
|
|
||||||
##
|
|
||||||
#pool_size: 100
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Additional cookies to be sent when requesting the youtube API.
|
|
||||||
##
|
|
||||||
## Accepted values: a string in the format "name1=value1; name2=value2..."
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#cookies:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Force connection to youtube over a specific IP family.
|
|
||||||
##
|
|
||||||
## Note: This may sometimes resolve issues involving rate-limiting.
|
|
||||||
## See https://github.com/ytdl-org/youtube-dl/issues/21729.
|
|
||||||
##
|
|
||||||
## Accepted values: ipv4, ipv6
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#force_resolve:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Configuration for using a HTTP proxy
|
|
||||||
##
|
|
||||||
## If unset, then no HTTP proxy will be used.
|
|
||||||
##
|
|
||||||
#http_proxy:
|
|
||||||
# user:
|
|
||||||
# password:
|
|
||||||
# host:
|
|
||||||
# port:
|
|
||||||
|
|
||||||
|
|
||||||
##
|
|
||||||
## Use Innertube's transcripts API instead of timedtext for closed captions
|
|
||||||
##
|
|
||||||
## Useful for larger instances as InnerTube is **not ratelimited**. See https://github.com/iv-org/invidious/issues/2567
|
|
||||||
##
|
|
||||||
## Subtitle experience may differ slightly on Invidious.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
# use_innertube_for_captions: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Send Google session informations. This is useful when Invidious is blocked
|
|
||||||
## by the message "This helps protect our community."
|
|
||||||
## See https://github.com/iv-org/invidious/issues/4734.
|
|
||||||
##
|
|
||||||
## Warning: These strings gives much more identifiable information to Google!
|
|
||||||
##
|
|
||||||
## Accepted values: String
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PO_TOKEN'] }}
|
|
||||||
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_VISITOR_DATA'] }}
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Logging
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Path to log file. Can be absolute or relative to the invidious
|
|
||||||
## binary. This is overridden if "-o OUTPUT" or "--output=OUTPUT"
|
|
||||||
## are passed on the command line.
|
|
||||||
##
|
|
||||||
## Accepted values: a filesystem path or 'STDOUT'
|
|
||||||
## Default: STDOUT
|
|
||||||
##
|
|
||||||
#output: STDOUT
|
|
||||||
|
|
||||||
##
|
|
||||||
## Logging Verbosity. This is overridden if "-l LEVEL" or
|
|
||||||
## "--log-level=LEVEL" are passed on the command line.
|
|
||||||
##
|
|
||||||
## Accepted values: All, Trace, Debug, Info, Warn, Error, Fatal, Off
|
|
||||||
## Default: Info
|
|
||||||
##
|
|
||||||
#log_level: Info
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enables colors in logs. Useful for debugging purposes
|
|
||||||
## This is overridden if "-k" or "--colorize"
|
|
||||||
## are passed on the command line.
|
|
||||||
## Colors are also disabled if the environment variable
|
|
||||||
## NO_COLOR is present and has any value
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#colorize_logs: false
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Features
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable the "Popular" tab on the main page.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#popular_enabled: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable statstics (available at /api/v1/stats).
|
|
||||||
## The following data is available:
|
|
||||||
## - Software name ("invidious") and version+branch (same data as
|
|
||||||
## displayed in the footer, e.g: "2021.05.13-75e5b49" / "master")
|
|
||||||
## - The value of the 'registration_enabled' config (true/false)
|
|
||||||
## - Number of currently registered users
|
|
||||||
## - Number of registered users who connected in the last month
|
|
||||||
## - Number of registered users who connected in the last 6 months
|
|
||||||
## - Timestamp of the last server restart
|
|
||||||
## - Timestamp of the last "Channel Refresh" job execution
|
|
||||||
##
|
|
||||||
## Warning: This setting MUST be set to true if you plan to run
|
|
||||||
## a public instance. It is used by api.invidious.io to refresh
|
|
||||||
## your instance's status.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#statistics_enabled: false
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Users and accounts
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Allow/Forbid Invidious (local) account creation. Invidious
|
|
||||||
## accounts allow users to subscribe to channels and to create
|
|
||||||
## playlists without a Google account.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#registration_enabled: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Allow/Forbid users to log-in.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#login_enabled: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable the captcha challenge on the login page.
|
|
||||||
##
|
|
||||||
## Note: this is a basic captcha challenge that doesn't
|
|
||||||
## depend on any third parties.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#captcha_enabled: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## List of usernames that will be granted administrator rights.
|
|
||||||
## A user with administrator rights will be able to change the
|
|
||||||
## server configuration options listed below in /preferences,
|
|
||||||
## in addition to the usual user preferences.
|
|
||||||
##
|
|
||||||
## Server-wide settings:
|
|
||||||
## - popular_enabled
|
|
||||||
## - captcha_enabled
|
|
||||||
## - login_enabled
|
|
||||||
## - registration_enabled
|
|
||||||
## - statistics_enabled
|
|
||||||
## Default user preferences:
|
|
||||||
## - default_home
|
|
||||||
## - feed_menu
|
|
||||||
##
|
|
||||||
## Accepted values: an array of strings
|
|
||||||
## Default: [""]
|
|
||||||
##
|
|
||||||
#admins: [""]
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable the user notifications for all users
|
|
||||||
##
|
|
||||||
## Note: On large instances, it is recommended to set this option to 'false'
|
|
||||||
## in order to reduce the amount of data written to the database, and hence
|
|
||||||
## improve the overall performance of the instance.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#enable_user_notifications: true
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Background jobs
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Number of threads to use when crawling channel videos (during
|
|
||||||
## subscriptions update).
|
|
||||||
##
|
|
||||||
## Notes: This setting is overridden if either "-c THREADS" or
|
|
||||||
## "--channel-threads=THREADS" is passed on the command line.
|
|
||||||
##
|
|
||||||
## Accepted values: a positive integer
|
|
||||||
## Default: 1
|
|
||||||
##
|
|
||||||
channel_threads: 1
|
|
||||||
|
|
||||||
##
|
|
||||||
## Time interval between two executions of the job that crawls
|
|
||||||
## channel videos (subscriptions update).
|
|
||||||
##
|
|
||||||
## Accepted values: a valid time interval (like 1h30m or 90m)
|
|
||||||
## Default: 30m
|
|
||||||
##
|
|
||||||
#channel_refresh_interval: 30m
|
|
||||||
|
|
||||||
##
|
|
||||||
## Forcefully dump and re-download the entire list of uploaded
|
|
||||||
## videos when crawling channel (during subscriptions update).
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
full_refresh: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Number of threads to use when updating RSS feeds.
|
|
||||||
##
|
|
||||||
## Notes: This setting is overridden if either "-f THREADS" or
|
|
||||||
## "--feed-threads=THREADS" is passed on the command line.
|
|
||||||
##
|
|
||||||
## Accepted values: a positive integer
|
|
||||||
## Default: 1
|
|
||||||
##
|
|
||||||
feed_threads: 1
|
|
||||||
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
|
|
||||||
## Options for the database cleaning job
|
|
||||||
clear_expired_items:
|
|
||||||
|
|
||||||
## Enable/Disable job
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
enable: true
|
|
||||||
|
|
||||||
## Options for the channels updater job
|
|
||||||
refresh_channels:
|
|
||||||
|
|
||||||
## Enable/Disable job
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
enable: true
|
|
||||||
|
|
||||||
## Options for the RSS feeds updater job
|
|
||||||
refresh_feeds:
|
|
||||||
|
|
||||||
## Enable/Disable job
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
enable: true
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Miscellaneous
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## custom banner displayed at the top of every page. This can
|
|
||||||
## used for instance announcements, e.g.
|
|
||||||
##
|
|
||||||
## Accepted values: any string. HTML is accepted.
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#banner:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Subscribe to channels using PubSubHub (Google PubSubHubbub service).
|
|
||||||
## PubSubHub allows Invidious to be instantly notified when a new video
|
|
||||||
## is published on any subscribed channels. When PubSubHub is not used,
|
|
||||||
## Invidious will check for new videos every minute.
|
|
||||||
##
|
|
||||||
## Note: This setting is recommended for public instances.
|
|
||||||
##
|
|
||||||
## Note 2:
|
|
||||||
## - Requires a public instance (it uses /feed/webhook/v1)
|
|
||||||
## - Requires 'domain' and 'hmac_key' to be set.
|
|
||||||
## - Setting this parameter to any number greater than zero will
|
|
||||||
## enable channel subscriptions via PubSubHub, but will limit the
|
|
||||||
## amount of concurrent subscriptions.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false, a positive integer
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#use_pubsub_feeds: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## HMAC signing key used for CSRF tokens, cookies and pubsub
|
|
||||||
## subscriptions verification.
|
|
||||||
##
|
|
||||||
## Note: This parameter is mandatory and should be a random string.
|
|
||||||
## Such random string can be generated on linux with the following
|
|
||||||
## command: `pwgen 20 1`
|
|
||||||
##
|
|
||||||
## Accepted values: a string
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_HMAC_KEY'] }}
|
|
||||||
|
|
||||||
##
|
|
||||||
## List of video IDs where the "download" widget must be
|
|
||||||
## disabled, in order to comply with DMCA requests.
|
|
||||||
##
|
|
||||||
## Accepted values: an array of string
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#dmca_content:
|
|
||||||
|
|
||||||
##
|
|
||||||
## Cache video annotations in the database.
|
|
||||||
##
|
|
||||||
## Warning: empty annotations or annotations that only contain
|
|
||||||
## cards won't be cached.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#cache_annotations: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Source code URL. If your instance is running a modified source
|
|
||||||
## code, you MUST publish it somewhere and set this option.
|
|
||||||
##
|
|
||||||
## Accepted values: a string
|
|
||||||
## Default: <none>
|
|
||||||
##
|
|
||||||
#modified_source_code_url: ""
|
|
||||||
|
|
||||||
##
|
|
||||||
## Maximum custom playlist length limit.
|
|
||||||
##
|
|
||||||
## Accepted values: Integer
|
|
||||||
## Default: 500
|
|
||||||
##
|
|
||||||
#playlist_length_limit: 500
|
|
||||||
|
|
||||||
#########################################
|
|
||||||
#
|
|
||||||
# Default user preferences
|
|
||||||
#
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
##
|
|
||||||
## NOTE: All the settings below define the default user
|
|
||||||
## preferences. They will apply to ALL users connecting
|
|
||||||
## without a preferences cookie (so either on the first
|
|
||||||
## connection to the instance or after clearing the
|
|
||||||
## browser's cookies).
|
|
||||||
##
|
|
||||||
|
|
||||||
default_user_preferences:
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Internationalization
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default user interface language (locale).
|
|
||||||
##
|
|
||||||
## Note: When hosting a public instance, overriding the
|
|
||||||
## default (english) is not recommended, as it may
|
|
||||||
## people using other languages.
|
|
||||||
##
|
|
||||||
## Accepted values:
|
|
||||||
## ar (Arabic)
|
|
||||||
## da (Danish)
|
|
||||||
## de (German)
|
|
||||||
## en-US (english, US)
|
|
||||||
## el (Greek)
|
|
||||||
## eo (Esperanto)
|
|
||||||
## es (Spanish)
|
|
||||||
## fa (Persian)
|
|
||||||
## fi (Finnish)
|
|
||||||
## fr (French)
|
|
||||||
## he (Hebrew)
|
|
||||||
## hr (Hungarian)
|
|
||||||
## id (Indonesian)
|
|
||||||
## is (Icelandic)
|
|
||||||
## it (Italian)
|
|
||||||
## ja (Japanese)
|
|
||||||
## nb-NO (Norwegian, Bokmål)
|
|
||||||
## nl (Dutch)
|
|
||||||
## pl (Polish)
|
|
||||||
## pt-BR (Portuguese, Brazil)
|
|
||||||
## pt-PT (Portuguese, Portugal)
|
|
||||||
## ro (Romanian)
|
|
||||||
## ru (Russian)
|
|
||||||
## sv (Swedish)
|
|
||||||
## tr (Turkish)
|
|
||||||
## uk (Ukrainian)
|
|
||||||
## zh-CN (Chinese, China) (a.k.a "Simplified Chinese")
|
|
||||||
## zh-TW (Chinese, Taiwan) (a.k.a "Traditional Chinese")
|
|
||||||
##
|
|
||||||
## Default: en-US
|
|
||||||
##
|
|
||||||
#locale: en-US
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default geographical location for content.
|
|
||||||
##
|
|
||||||
## Accepted values:
|
|
||||||
## AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
|
|
||||||
## CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
|
|
||||||
## HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
|
|
||||||
## LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
|
|
||||||
## OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
|
|
||||||
## SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
|
|
||||||
##
|
|
||||||
## Default: US
|
|
||||||
##
|
|
||||||
#region: US
|
|
||||||
|
|
||||||
##
|
|
||||||
## Top 3 preferred languages for video captions.
|
|
||||||
##
|
|
||||||
## Note: overriding the default (no preferred
|
|
||||||
## caption language) is not recommended, in order
|
|
||||||
## to not penalize people using other languages.
|
|
||||||
##
|
|
||||||
## Accepted values: a three-entries array.
|
|
||||||
## Each entry can be one of:
|
|
||||||
## "English", "English (auto-generated)",
|
|
||||||
## "Afrikaans", "Albanian", "Amharic", "Arabic",
|
|
||||||
## "Armenian", "Azerbaijani", "Bangla", "Basque",
|
|
||||||
## "Belarusian", "Bosnian", "Bulgarian", "Burmese",
|
|
||||||
## "Catalan", "Cebuano", "Chinese (Simplified)",
|
|
||||||
## "Chinese (Traditional)", "Corsican", "Croatian",
|
|
||||||
## "Czech", "Danish", "Dutch", "Esperanto", "Estonian",
|
|
||||||
## "Filipino", "Finnish", "French", "Galician", "Georgian",
|
|
||||||
## "German", "Greek", "Gujarati", "Haitian Creole", "Hausa",
|
|
||||||
## "Hawaiian", "Hebrew", "Hindi", "Hmong", "Hungarian",
|
|
||||||
## "Icelandic", "Igbo", "Indonesian", "Irish", "Italian",
|
|
||||||
## "Japanese", "Javanese", "Kannada", "Kazakh", "Khmer",
|
|
||||||
## "Korean", "Kurdish", "Kyrgyz", "Lao", "Latin", "Latvian",
|
|
||||||
## "Lithuanian", "Luxembourgish", "Macedonian",
|
|
||||||
## "Malagasy", "Malay", "Malayalam", "Maltese", "Maori",
|
|
||||||
## "Marathi", "Mongolian", "Nepali", "Norwegian Bokmål",
|
|
||||||
## "Nyanja", "Pashto", "Persian", "Polish", "Portuguese",
|
|
||||||
## "Punjabi", "Romanian", "Russian", "Samoan",
|
|
||||||
## "Scottish Gaelic", "Serbian", "Shona", "Sindhi",
|
|
||||||
## "Sinhala", "Slovak", "Slovenian", "Somali",
|
|
||||||
## "Southern Sotho", "Spanish", "Spanish (Latin America)",
|
|
||||||
## "Sundanese", "Swahili", "Swedish", "Tajik", "Tamil",
|
|
||||||
## "Telugu", "Thai", "Turkish", "Ukrainian", "Urdu",
|
|
||||||
## "Uzbek", "Vietnamese", "Welsh", "Western Frisian",
|
|
||||||
## "Xhosa", "Yiddish", "Yoruba", "Zulu"
|
|
||||||
##
|
|
||||||
## Default: ["", "", ""]
|
|
||||||
##
|
|
||||||
#captions: ["", "", ""]
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Interface
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable dark mode.
|
|
||||||
##
|
|
||||||
## Accepted values: "dark", "light", "auto"
|
|
||||||
## Default: "auto"
|
|
||||||
##
|
|
||||||
#dark_mode: "auto"
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable thin mode (no video thumbnails).
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#thin_mode: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## List of feeds available on the home page.
|
|
||||||
##
|
|
||||||
## Note: "Subscriptions" and "Playlists" are only visible
|
|
||||||
## when the user is logged in.
|
|
||||||
##
|
|
||||||
## Accepted values: A list of strings
|
|
||||||
## Each entry can be one of: "Popular", "Trending",
|
|
||||||
## "Subscriptions", "Playlists"
|
|
||||||
##
|
|
||||||
## Default: ["Popular", "Trending", "Subscriptions", "Playlists"] (show all feeds)
|
|
||||||
##
|
|
||||||
#feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"]
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default feed to display on the home page.
|
|
||||||
##
|
|
||||||
## Note: setting this option to "Popular" has no
|
|
||||||
## effect when 'popular_enabled' is set to false.
|
|
||||||
##
|
|
||||||
## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
|
|
||||||
## Default: Popular
|
|
||||||
##
|
|
||||||
#default_home: Popular
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default number of results to display per page.
|
|
||||||
##
|
|
||||||
## Note: this affects invidious-generated pages only, such
|
|
||||||
## as watch history and subscription feeds. Playlists, search
|
|
||||||
## results and channel videos depend on the data returned by
|
|
||||||
## the Youtube API.
|
|
||||||
##
|
|
||||||
## Accepted values: any positive integer
|
|
||||||
## Default: 40
|
|
||||||
##
|
|
||||||
#max_results: 40
|
|
||||||
|
|
||||||
##
|
|
||||||
## Show/hide annotations.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#annotations: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Show/hide annotation.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#annotations_subscribed: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Type of comments to display below video.
|
|
||||||
##
|
|
||||||
## Accepted values: a two-entries array.
|
|
||||||
## Each entry can be one of: "youtube", "reddit", ""
|
|
||||||
##
|
|
||||||
## Default: ["youtube", ""]
|
|
||||||
##
|
|
||||||
#comments: ["youtube", ""]
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default player style.
|
|
||||||
##
|
|
||||||
## Accepted values: invidious, youtube
|
|
||||||
## Default: invidious
|
|
||||||
##
|
|
||||||
#player_style: invidious
|
|
||||||
|
|
||||||
##
|
|
||||||
## Show/Hide the "related videos" sidebar when
|
|
||||||
## watching a video.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#related_videos: true
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Video player behavior
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## This option controls the value of the HTML5 <video> element's
|
|
||||||
## "preload" attribute.
|
|
||||||
##
|
|
||||||
## If set to 'false', no video data will be loaded until the user
|
|
||||||
## explicitly starts the video by clicking the "Play" button.
|
|
||||||
## If set to 'true', the web browser will buffer some video data
|
|
||||||
## while the page is loading.
|
|
||||||
##
|
|
||||||
## See: https://www.w3schools.com/tags/att_video_preload.asp
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#preload: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Automatically play videos on page load.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#autoplay: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Automatically load the "next" video (either next in
|
|
||||||
## playlist or proposed) when the current video ends.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#continue: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Autoplay next video by default.
|
|
||||||
##
|
|
||||||
## Note: Only effective if 'continue' is set to true.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#continue_autoplay: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Play videos in Audio-only mode by default.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#listen: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Loop videos automatically.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#video_loop: false
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Video playback settings
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default video quality.
|
|
||||||
##
|
|
||||||
## Accepted values: dash, hd720, medium, small
|
|
||||||
## Default: hd720
|
|
||||||
##
|
|
||||||
#quality: hd720
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default dash video quality.
|
|
||||||
##
|
|
||||||
## Note: this setting only takes effet if the
|
|
||||||
## 'quality' parameter is set to "dash".
|
|
||||||
##
|
|
||||||
## Accepted values:
|
|
||||||
## auto, best, 4320p, 2160p, 1440p, 1080p,
|
|
||||||
## 720p, 480p, 360p, 240p, 144p, worst
|
|
||||||
## Default: auto
|
|
||||||
##
|
|
||||||
#quality_dash: auto
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default video playback speed.
|
|
||||||
##
|
|
||||||
## Accepted values: 0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0
|
|
||||||
## Default: 1.0
|
|
||||||
##
|
|
||||||
#speed: 1.0
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default volume.
|
|
||||||
##
|
|
||||||
## Accepted values: 0-100
|
|
||||||
## Default: 100
|
|
||||||
##
|
|
||||||
#volume: 100
|
|
||||||
|
|
||||||
##
|
|
||||||
## Allow 360° videos to be played.
|
|
||||||
##
|
|
||||||
## Note: This feature requires a WebGL-enabled browser.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#vr_mode: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Save the playback position
|
|
||||||
## Allow to continue watching at the previous position when
|
|
||||||
## watching the same video.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#save_player_pos: false
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Subscription feed
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## In the "Subscription" feed, only show the latest video
|
|
||||||
## of each channel the user is subscribed to.
|
|
||||||
##
|
|
||||||
## Note: when combined with 'unseen_only', the latest unseen
|
|
||||||
## video of each channel will be displayed instead of the
|
|
||||||
## latest by date.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#latest_only: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Enable/Disable user subscriptions desktop notifications.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#notifications_only: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## In the "Subscription" feed, Only show the videos that the
|
|
||||||
## user haven't watched yet (i.e which are not in their watch
|
|
||||||
## history).
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#unseen_only: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Default sorting parameter for subscription feeds.
|
|
||||||
##
|
|
||||||
## Accepted values:
|
|
||||||
## 'alphabetically'
|
|
||||||
## 'alphabetically - reverse'
|
|
||||||
## 'channel name'
|
|
||||||
## 'channel name - reverse'
|
|
||||||
## 'published'
|
|
||||||
## 'published - reverse'
|
|
||||||
##
|
|
||||||
## Default: published
|
|
||||||
##
|
|
||||||
#sort: published
|
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------
|
|
||||||
# Miscellaneous
|
|
||||||
# -----------------------------
|
|
||||||
|
|
||||||
##
|
|
||||||
## Proxy videos through instance by default.
|
|
||||||
##
|
|
||||||
## Warning: As most users won't change this setting in their
|
|
||||||
## preferences, defaulting to true will significantly
|
|
||||||
## increase the instance's network usage, so make sure that
|
|
||||||
## your server's connection can handle it.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#local: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Show the connected user's nick at the top right.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: true
|
|
||||||
##
|
|
||||||
#show_nick: true
|
|
||||||
|
|
||||||
##
|
|
||||||
## Automatically redirect to a random instance when the user uses
|
|
||||||
## any "switch invidious instance" link (For videos, it's the plane
|
|
||||||
## icon, next to "watch on youtube" and "listen"). When set to false,
|
|
||||||
## the user is sent to https://redirect.invidious.io instead, where
|
|
||||||
## they can manually select an instance.
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#automatic_instance_redirect: false
|
|
||||||
|
|
||||||
##
|
|
||||||
## Show the entire video description by default (when set to 'false',
|
|
||||||
## only the first few lines of the description are shown and a
|
|
||||||
## "show more" button allows to expand it).
|
|
||||||
##
|
|
||||||
## Accepted values: true, false
|
|
||||||
## Default: false
|
|
||||||
##
|
|
||||||
#extend_desc: false
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# IN application vars
|
|
||||||
IN_APP_URL=https://biz.trez.wtf
|
|
||||||
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }}
|
|
||||||
IN_APP_DEBUG=true
|
|
||||||
IN_REQUIRE_HTTPS=false
|
|
||||||
IN_PHANTOMJS_PDF_GENERATION=false
|
|
||||||
IN_PDF_GENERATOR=snappdf
|
|
||||||
IN_TRUSTED_PROXIES='*'
|
|
||||||
|
|
||||||
|
|
||||||
IN_QUEUE_CONNECTION=database
|
|
||||||
|
|
||||||
# DB connection
|
|
||||||
IN_DB_HOST=mariadb
|
|
||||||
IN_DB_PORT=3306
|
|
||||||
IN_DB_DATABASE=invoice_ninja
|
|
||||||
IN_DB_USERNAME=ininja
|
|
||||||
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }}
|
|
||||||
|
|
||||||
# Create initial user
|
|
||||||
# Default to these values if empty
|
|
||||||
# IN_USER_EMAIL=admin@example.com
|
|
||||||
# IN_PASSWORD=changeme!
|
|
||||||
IN_USER_EMAIL=
|
|
||||||
IN_PASSWORD=
|
|
||||||
|
|
||||||
# Mail options
|
|
||||||
IN_MAIL_MAILER=log
|
|
||||||
IN_MAIL_HOST=postal-smtp
|
|
||||||
IN_MAIL_PORT=25
|
|
||||||
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
|
||||||
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
|
||||||
IN_MAIL_ENCRYPTION=null
|
|
||||||
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
|
||||||
IN_MAIL_FROM_NAME='Treasured IT'
|
|
||||||
|
|
||||||
# MySQL
|
|
||||||
IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
|
|
||||||
IN_MYSQL_USER=ninja
|
|
||||||
IN_MYSQL_PASSWORD=ninja
|
|
||||||
IN_MYSQL_DATABASE=ninja
|
|
||||||
|
|
||||||
# GoCardless/Nordigen API key for banking integration
|
|
||||||
NORDIGEN_SECRET_ID=
|
|
||||||
NORDIGEN_SECRET_KEY=
|
|
||||||
|
|
||||||
# V4 env vars
|
|
||||||
# DB_STRICT=false
|
|
||||||
# APP_CIPHER=AES-256-CBC
|
|
||||||
@@ -1,550 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
#=====================================================================#
|
|
||||||
# LibreChat Configuration #
|
|
||||||
#=====================================================================#
|
|
||||||
# Please refer to the reference documentation for assistance #
|
|
||||||
# with configuring your LibreChat environment. #
|
|
||||||
# #
|
|
||||||
# https://www.librechat.ai/docs/configuration/dotenv #
|
|
||||||
#=====================================================================#
|
|
||||||
|
|
||||||
#==================================================#
|
|
||||||
# Server Configuration #
|
|
||||||
#==================================================#
|
|
||||||
|
|
||||||
HOST=localhost
|
|
||||||
PORT=3080
|
|
||||||
|
|
||||||
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
|
|
||||||
|
|
||||||
DOMAIN_CLIENT=https://ai.trez.wtf
|
|
||||||
DOMAIN_SERVER=https://ai.trez.wtf
|
|
||||||
|
|
||||||
NO_INDEX=true
|
|
||||||
# Use the address that is at most n number of hops away from the Express application.
|
|
||||||
# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
|
|
||||||
# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
|
|
||||||
# Defaulted to 1.
|
|
||||||
TRUST_PROXY=1
|
|
||||||
|
|
||||||
#===============#
|
|
||||||
# JSON Logging #
|
|
||||||
#===============#
|
|
||||||
|
|
||||||
# Use when process console logs in cloud deployment like GCP/AWS
|
|
||||||
CONSOLE_JSON=true
|
|
||||||
|
|
||||||
#===============#
|
|
||||||
# Debug Logging #
|
|
||||||
#===============#
|
|
||||||
|
|
||||||
DEBUG_LOGGING=true
|
|
||||||
DEBUG_CONSOLE=false
|
|
||||||
|
|
||||||
#=============#
|
|
||||||
# Permissions #
|
|
||||||
#=============#
|
|
||||||
|
|
||||||
# UID=1000
|
|
||||||
# GID=1000
|
|
||||||
|
|
||||||
#===============#
|
|
||||||
# Configuration #
|
|
||||||
#===============#
|
|
||||||
# Use an absolute path, a relative path, or a URL
|
|
||||||
|
|
||||||
# CONFIG_PATH="/alternative/path/to/librechat.yaml"
|
|
||||||
|
|
||||||
#===================================================#
|
|
||||||
# Endpoints #
|
|
||||||
#===================================================#
|
|
||||||
|
|
||||||
# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
|
|
||||||
|
|
||||||
PROXY=
|
|
||||||
|
|
||||||
#===================================#
|
|
||||||
# Known Endpoints - librechat.yaml #
|
|
||||||
#===================================#
|
|
||||||
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
|
|
||||||
|
|
||||||
# ANYSCALE_API_KEY=
|
|
||||||
# APIPIE_API_KEY=
|
|
||||||
# COHERE_API_KEY=
|
|
||||||
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
|
|
||||||
# DATABRICKS_API_KEY=
|
|
||||||
# FIREWORKS_API_KEY=
|
|
||||||
# GROQ_API_KEY=
|
|
||||||
# HUGGINGFACE_TOKEN=
|
|
||||||
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
|
|
||||||
# OPENROUTER_KEY=
|
|
||||||
# PERPLEXITY_API_KEY=
|
|
||||||
# SHUTTLEAI_API_KEY=
|
|
||||||
# TOGETHERAI_API_KEY=
|
|
||||||
# UNIFY_API_KEY=
|
|
||||||
# XAI_API_KEY=
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# Anthropic #
|
|
||||||
#============#
|
|
||||||
|
|
||||||
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
|
|
||||||
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
|
|
||||||
# ANTHROPIC_REVERSE_PROXY=
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# Azure #
|
|
||||||
#============#
|
|
||||||
|
|
||||||
# Note: these variables are DEPRECATED
|
|
||||||
# Use the `librechat.yaml` configuration for `azureOpenAI` instead
|
|
||||||
# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
|
|
||||||
|
|
||||||
# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
|
|
||||||
# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
|
|
||||||
# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
|
|
||||||
# AZURE_API_KEY= # Deprecated
|
|
||||||
# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
|
|
||||||
# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
|
|
||||||
# AZURE_OPENAI_API_VERSION= # Deprecated
|
|
||||||
# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
|
|
||||||
# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
|
|
||||||
# PLUGINS_USE_AZURE="true" # Deprecated
|
|
||||||
|
|
||||||
#=================#
|
|
||||||
# AWS Bedrock #
|
|
||||||
#=================#
|
|
||||||
|
|
||||||
# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
|
|
||||||
# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
|
|
||||||
# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
|
|
||||||
# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
|
|
||||||
|
|
||||||
# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
|
|
||||||
# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
|
|
||||||
|
|
||||||
# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
|
|
||||||
|
|
||||||
# Notes on specific models:
|
|
||||||
# The following models are not support due to not supporting streaming:
|
|
||||||
# ai21.j2-mid-v1
|
|
||||||
|
|
||||||
# The following models are not support due to not supporting conversation history:
|
|
||||||
# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# Google #
|
|
||||||
#============#
|
|
||||||
|
|
||||||
{# GOOGLE_KEY=user_provided #}
|
|
||||||
|
|
||||||
# GOOGLE_REVERSE_PROXY=
|
|
||||||
# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
|
|
||||||
# GOOGLE_AUTH_HEADER=true
|
|
||||||
|
|
||||||
# Gemini API (AI Studio)
|
|
||||||
# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
|
|
||||||
|
|
||||||
# Vertex AI
|
|
||||||
# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
|
|
||||||
|
|
||||||
# GOOGLE_TITLE_MODEL=gemini-pro
|
|
||||||
|
|
||||||
# GOOGLE_LOC=us-central1
|
|
||||||
|
|
||||||
# Google Safety Settings
|
|
||||||
# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
|
|
||||||
#
|
|
||||||
# For Vertex AI:
|
|
||||||
# To use the BLOCK_NONE setting, you need either:
|
|
||||||
# (a) Access through an allowlist via your Google account team, or
|
|
||||||
# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
|
|
||||||
#
|
|
||||||
# For Gemini API (AI Studio):
|
|
||||||
# BLOCK_NONE is available by default, no special account requirements.
|
|
||||||
#
|
|
||||||
# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
|
|
||||||
#
|
|
||||||
# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
|
|
||||||
# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
|
|
||||||
# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
|
|
||||||
# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
|
|
||||||
# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# OpenAI #
|
|
||||||
#============#
|
|
||||||
|
|
||||||
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
|
|
||||||
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
|
|
||||||
|
|
||||||
DEBUG_OPENAI=false
|
|
||||||
|
|
||||||
# TITLE_CONVO=false
|
|
||||||
# OPENAI_TITLE_MODEL=gpt-4o-mini
|
|
||||||
|
|
||||||
# OPENAI_SUMMARIZE=true
|
|
||||||
# OPENAI_SUMMARY_MODEL=gpt-4o-mini
|
|
||||||
|
|
||||||
# OPENAI_FORCE_PROMPT=true
|
|
||||||
|
|
||||||
# OPENAI_REVERSE_PROXY=
|
|
||||||
|
|
||||||
# OPENAI_ORGANIZATION=
|
|
||||||
|
|
||||||
#====================#
|
|
||||||
# Assistants API #
|
|
||||||
#====================#
|
|
||||||
|
|
||||||
# ASSISTANTS_API_KEY=user_provided
|
|
||||||
# ASSISTANTS_BASE_URL=
|
|
||||||
# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
|
|
||||||
|
|
||||||
#==========================#
|
|
||||||
# Azure Assistants API #
|
|
||||||
#==========================#
|
|
||||||
|
|
||||||
# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
|
|
||||||
# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
|
|
||||||
|
|
||||||
# More info, including how to enable use of Assistants with Azure here:
|
|
||||||
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# OpenRouter #
|
|
||||||
#============#
|
|
||||||
# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
|
|
||||||
# OPENROUTER_API_KEY=
|
|
||||||
|
|
||||||
#============#
|
|
||||||
# Plugins #
|
|
||||||
#============#
|
|
||||||
|
|
||||||
# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
|
|
||||||
|
|
||||||
# DEBUG_PLUGINS=
|
|
||||||
|
|
||||||
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
|
|
||||||
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
|
|
||||||
|
|
||||||
# Azure AI Search
|
|
||||||
#-----------------
|
|
||||||
# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
|
|
||||||
# AZURE_AI_SEARCH_INDEX_NAME=
|
|
||||||
# AZURE_AI_SEARCH_API_KEY=
|
|
||||||
|
|
||||||
# AZURE_AI_SEARCH_API_VERSION=
|
|
||||||
# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
|
|
||||||
# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
|
|
||||||
# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
|
|
||||||
|
|
||||||
# DALL·E
|
|
||||||
#----------------
|
|
||||||
# DALLE_API_KEY=
|
|
||||||
# DALLE3_API_KEY=
|
|
||||||
# DALLE2_API_KEY=
|
|
||||||
# DALLE3_SYSTEM_PROMPT=
|
|
||||||
# DALLE2_SYSTEM_PROMPT=
|
|
||||||
# DALLE_REVERSE_PROXY=
|
|
||||||
# DALLE3_BASEURL=
|
|
||||||
# DALLE2_BASEURL=
|
|
||||||
|
|
||||||
# DALL·E (via Azure OpenAI)
|
|
||||||
# Note: requires some of the variables above to be set
|
|
||||||
#----------------
|
|
||||||
# DALLE3_AZURE_API_VERSION=
|
|
||||||
# DALLE2_AZURE_API_VERSION=
|
|
||||||
|
|
||||||
|
|
||||||
# Google
|
|
||||||
#-----------------
|
|
||||||
GOOGLE_SEARCH_API_KEY=
|
|
||||||
GOOGLE_CSE_ID=
|
|
||||||
|
|
||||||
# YOUTUBE
|
|
||||||
#-----------------
|
|
||||||
YOUTUBE_API_KEY=
|
|
||||||
|
|
||||||
# SerpAPI
|
|
||||||
#-----------------
|
|
||||||
SERPAPI_API_KEY=
|
|
||||||
|
|
||||||
# Stable Diffusion
|
|
||||||
#-----------------
|
|
||||||
SD_WEBUI_URL=http://stable-diffusion-webui:7860
|
|
||||||
|
|
||||||
# Tavily
|
|
||||||
#-----------------
|
|
||||||
TAVILY_API_KEY=
|
|
||||||
|
|
||||||
# Traversaal
|
|
||||||
#-----------------
|
|
||||||
TRAVERSAAL_API_KEY=
|
|
||||||
|
|
||||||
# WolframAlpha
|
|
||||||
#-----------------
|
|
||||||
WOLFRAM_APP_ID=
|
|
||||||
|
|
||||||
# Zapier
|
|
||||||
#-----------------
|
|
||||||
ZAPIER_NLA_API_KEY=
|
|
||||||
|
|
||||||
#==================================================#
|
|
||||||
# Search #
|
|
||||||
#==================================================#
|
|
||||||
|
|
||||||
SEARCH=true
|
|
||||||
MEILI_NO_ANALYTICS=true
|
|
||||||
MEILI_HOST=http://meilisearch:7700
|
|
||||||
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
|
|
||||||
|
|
||||||
# Optional: Disable indexing, useful in a multi-node setup
|
|
||||||
# where only one instance should perform an index sync.
|
|
||||||
# MEILI_NO_SYNC=true
|
|
||||||
|
|
||||||
#==================================================#
|
|
||||||
# Speech to Text & Text to Speech #
|
|
||||||
#==================================================#
|
|
||||||
|
|
||||||
STT_API_KEY=
|
|
||||||
TTS_API_KEY=
|
|
||||||
|
|
||||||
#==================================================#
|
|
||||||
# RAG #
|
|
||||||
#==================================================#
|
|
||||||
# More info: https://www.librechat.ai/docs/configuration/rag_api
|
|
||||||
|
|
||||||
# RAG_OPENAI_BASEURL=
|
|
||||||
# RAG_OPENAI_API_KEY=
|
|
||||||
# RAG_USE_FULL_CONTEXT=
|
|
||||||
# EMBEDDINGS_PROVIDER=openai
|
|
||||||
# EMBEDDINGS_MODEL=text-embedding-3-small
|
|
||||||
|
|
||||||
#===================================================#
|
|
||||||
# User System #
|
|
||||||
#===================================================#
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Moderation #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
OPENAI_MODERATION=false
|
|
||||||
OPENAI_MODERATION_API_KEY=
|
|
||||||
# OPENAI_MODERATION_REVERSE_PROXY=
|
|
||||||
|
|
||||||
BAN_VIOLATIONS=true
|
|
||||||
BAN_DURATION=1000 * 60 * 60 * 2
|
|
||||||
BAN_INTERVAL=20
|
|
||||||
|
|
||||||
LOGIN_VIOLATION_SCORE=1
|
|
||||||
REGISTRATION_VIOLATION_SCORE=1
|
|
||||||
CONCURRENT_VIOLATION_SCORE=1
|
|
||||||
MESSAGE_VIOLATION_SCORE=1
|
|
||||||
NON_BROWSER_VIOLATION_SCORE=20
|
|
||||||
|
|
||||||
LOGIN_MAX=7
|
|
||||||
LOGIN_WINDOW=5
|
|
||||||
REGISTER_MAX=5
|
|
||||||
REGISTER_WINDOW=60
|
|
||||||
|
|
||||||
LIMIT_CONCURRENT_MESSAGES=true
|
|
||||||
CONCURRENT_MESSAGE_MAX=2
|
|
||||||
|
|
||||||
LIMIT_MESSAGE_IP=true
|
|
||||||
MESSAGE_IP_MAX=40
|
|
||||||
MESSAGE_IP_WINDOW=1
|
|
||||||
|
|
||||||
LIMIT_MESSAGE_USER=false
|
|
||||||
MESSAGE_USER_MAX=40
|
|
||||||
MESSAGE_USER_WINDOW=1
|
|
||||||
|
|
||||||
ILLEGAL_MODEL_REQ_SCORE=5
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Balance #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
CHECK_BALANCE=false
|
|
||||||
# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Registration and Login #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
ALLOW_EMAIL_LOGIN=true
|
|
||||||
ALLOW_REGISTRATION=true
|
|
||||||
ALLOW_SOCIAL_LOGIN=false
|
|
||||||
ALLOW_SOCIAL_REGISTRATION=false
|
|
||||||
ALLOW_PASSWORD_RESET=false
|
|
||||||
# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
|
|
||||||
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
|
|
||||||
|
|
||||||
SESSION_EXPIRY=1000 * 60 * 15
|
|
||||||
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
|
||||||
|
|
||||||
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
|
|
||||||
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
|
|
||||||
|
|
||||||
|
|
||||||
# Discord
|
|
||||||
DISCORD_CLIENT_ID=
|
|
||||||
DISCORD_CLIENT_SECRET=
|
|
||||||
DISCORD_CALLBACK_URL=/oauth/discord/callback
|
|
||||||
|
|
||||||
# Facebook
|
|
||||||
FACEBOOK_CLIENT_ID=
|
|
||||||
FACEBOOK_CLIENT_SECRET=
|
|
||||||
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
|
|
||||||
|
|
||||||
# GitHub
|
|
||||||
GITHUB_CLIENT_ID=
|
|
||||||
GITHUB_CLIENT_SECRET=
|
|
||||||
GITHUB_CALLBACK_URL=/oauth/github/callback
|
|
||||||
# GitHub Enterprise
|
|
||||||
# GITHUB_ENTERPRISE_BASE_URL=
|
|
||||||
# GITHUB_ENTERPRISE_USER_AGENT=
|
|
||||||
|
|
||||||
# Google
|
|
||||||
GOOGLE_CLIENT_ID=
|
|
||||||
GOOGLE_CLIENT_SECRET=
|
|
||||||
GOOGLE_CALLBACK_URL=/oauth/google/callback
|
|
||||||
|
|
||||||
# Apple
|
|
||||||
APPLE_CLIENT_ID=
|
|
||||||
APPLE_TEAM_ID=
|
|
||||||
APPLE_KEY_ID=
|
|
||||||
APPLE_PRIVATE_KEY_PATH=
|
|
||||||
APPLE_CALLBACK_URL=/oauth/apple/callback
|
|
||||||
|
|
||||||
# OpenID
|
|
||||||
OPENID_CLIENT_ID=
|
|
||||||
OPENID_CLIENT_SECRET=
|
|
||||||
OPENID_ISSUER=
|
|
||||||
OPENID_SESSION_SECRET=
|
|
||||||
OPENID_SCOPE="openid profile email"
|
|
||||||
OPENID_CALLBACK_URL=/oauth/openid/callback
|
|
||||||
OPENID_REQUIRED_ROLE=
|
|
||||||
OPENID_REQUIRED_ROLE_TOKEN_KIND=
|
|
||||||
OPENID_REQUIRED_ROLE_PARAMETER_PATH=
|
|
||||||
# Set to determine which user info property returned from OpenID Provider to store as the User's username
|
|
||||||
OPENID_USERNAME_CLAIM=
|
|
||||||
# Set to determine which user info property returned from OpenID Provider to store as the User's name
|
|
||||||
OPENID_NAME_CLAIM=
|
|
||||||
|
|
||||||
OPENID_BUTTON_LABEL=
|
|
||||||
OPENID_IMAGE_URL=
|
|
||||||
|
|
||||||
# LDAP
|
|
||||||
# LDAP_URL=
|
|
||||||
# LDAP_BIND_DN=
|
|
||||||
# LDAP_BIND_CREDENTIALS=
|
|
||||||
# LDAP_USER_SEARCH_BASE=
|
|
||||||
# LDAP_SEARCH_FILTER=mail=
|
|
||||||
# LDAP_CA_CERT_PATH=
|
|
||||||
# LDAP_TLS_REJECT_UNAUTHORIZED=
|
|
||||||
# LDAP_LOGIN_USES_USERNAME=true
|
|
||||||
# LDAP_ID=
|
|
||||||
# LDAP_USERNAME=
|
|
||||||
# LDAP_EMAIL=
|
|
||||||
# LDAP_FULL_NAME=
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Email Password Reset #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
EMAIL_SERVICE=
|
|
||||||
EMAIL_HOST=postal-smtp
|
|
||||||
EMAIL_PORT=25
|
|
||||||
EMAIL_ENCRYPTION=
|
|
||||||
EMAIL_ENCRYPTION_HOSTNAME=
|
|
||||||
EMAIL_ALLOW_SELFSIGNED=
|
|
||||||
EMAIL_USERNAME=
|
|
||||||
EMAIL_PASSWORD=
|
|
||||||
EMAIL_FROM_NAME=
|
|
||||||
EMAIL_FROM=noreply@librechat.ai
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Firebase CDN #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
# FIREBASE_API_KEY=
|
|
||||||
# FIREBASE_AUTH_DOMAIN=
|
|
||||||
# FIREBASE_PROJECT_ID=
|
|
||||||
# FIREBASE_STORAGE_BUCKET=
|
|
||||||
# FIREBASE_MESSAGING_SENDER_ID=
|
|
||||||
# FIREBASE_APP_ID=
|
|
||||||
|
|
||||||
#========================#
|
|
||||||
# Shared Links #
|
|
||||||
#========================#
|
|
||||||
|
|
||||||
ALLOW_SHARED_LINKS=true
|
|
||||||
ALLOW_SHARED_LINKS_PUBLIC=true
|
|
||||||
|
|
||||||
#==============================#
|
|
||||||
# Static File Cache Control #
|
|
||||||
#==============================#
|
|
||||||
|
|
||||||
# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
|
|
||||||
# NODE_ENV must be set to production for these to take effect
|
|
||||||
# STATIC_CACHE_MAX_AGE=172800
|
|
||||||
# STATIC_CACHE_S_MAX_AGE=86400
|
|
||||||
|
|
||||||
# If you have another service in front of your LibreChat doing compression, disable express based compression here
|
|
||||||
# DISABLE_COMPRESSION=true
|
|
||||||
|
|
||||||
#===================================================#
|
|
||||||
# UI #
|
|
||||||
#===================================================#
|
|
||||||
|
|
||||||
APP_TITLE=LibreChat
|
|
||||||
# CUSTOM_FOOTER="My custom footer"
|
|
||||||
HELP_AND_FAQ_URL=https://librechat.ai
|
|
||||||
|
|
||||||
# SHOW_BIRTHDAY_ICON=true
|
|
||||||
|
|
||||||
# Google tag manager id
|
|
||||||
#ANALYTICS_GTM_ID=user provided google tag manager id
|
|
||||||
|
|
||||||
#===============#
|
|
||||||
# REDIS Options #
|
|
||||||
#===============#
|
|
||||||
|
|
||||||
REDIS_URI=redis:6379
|
|
||||||
USE_REDIS=true
|
|
||||||
|
|
||||||
# USE_REDIS_CLUSTER=true
|
|
||||||
# REDIS_CA=/path/to/ca.crt
|
|
||||||
|
|
||||||
#==================================================#
|
|
||||||
# Others #
|
|
||||||
#==================================================#
|
|
||||||
# You should leave the following commented out #
|
|
||||||
|
|
||||||
# NODE_ENV=
|
|
||||||
|
|
||||||
# E2E_USER_EMAIL=
|
|
||||||
# E2E_USER_PASSWORD=
|
|
||||||
|
|
||||||
#=====================================================#
|
|
||||||
# Cache Headers #
|
|
||||||
#=====================================================#
|
|
||||||
# Headers that control caching of the index.html #
|
|
||||||
# Default configuration prevents caching to ensure #
|
|
||||||
# users always get the latest version. Customize #
|
|
||||||
# only if you understand caching implications. #
|
|
||||||
|
|
||||||
# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
|
|
||||||
# INDEX_HTML_PRAGMA=no-cache
|
|
||||||
# INDEX_HTML_EXPIRES=0
|
|
||||||
|
|
||||||
# no-cache: Forces validation with server before using cached version
|
|
||||||
# no-store: Prevents storing the response entirely
|
|
||||||
# must-revalidate: Prevents using stale content when offline
|
|
||||||
|
|
||||||
#=====================================================#
|
|
||||||
# OpenWeather #
|
|
||||||
#=====================================================#
|
|
||||||
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
version: 1.0.0
|
|
||||||
endpoints:
|
|
||||||
custom:
|
|
||||||
- name: "ollama"
|
|
||||||
apiKey: "ollama"
|
|
||||||
baseURL: "http://ollama:11434/v1/chat/completions"
|
|
||||||
models:
|
|
||||||
default: [
|
|
||||||
"deepseek-r1:1.5b",
|
|
||||||
"deepseek-coder-v2:16b",
|
|
||||||
"deepseek-v3:671b",
|
|
||||||
"llama3.3:70b",
|
|
||||||
"phi4:14b",
|
|
||||||
"qwen2.5",
|
|
||||||
"llama2:7b",
|
|
||||||
"mistral:7b",
|
|
||||||
"codellama:7b",
|
|
||||||
"tinyllama:1.1b",
|
|
||||||
"starcoder2:3b",
|
|
||||||
"dolphin-mistral:7b",
|
|
||||||
"smollm2:1.7b",
|
|
||||||
"orca-mini:3b",
|
|
||||||
"mistral-openorca:7b"
|
|
||||||
]
|
|
||||||
# fetching list of models is supported but the `name` field must start
|
|
||||||
# with `ollama` (case-insensitive), as it does in this example.
|
|
||||||
fetch: true
|
|
||||||
titleConvo: true
|
|
||||||
titleModel: "current_model"
|
|
||||||
summarize: false
|
|
||||||
summaryModel: "current_model"
|
|
||||||
forcePrompt: false
|
|
||||||
modelDisplayLabel: "Ollama"
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
|
||||||
<BindAddress>*</BindAddress>
|
|
||||||
<Port>8686</Port>
|
|
||||||
<SslPort>6868</SslPort>
|
|
||||||
<EnableSsl>False</EnableSsl>
|
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey>
|
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
|
||||||
<Branch>master</Branch>
|
|
||||||
<LogLevel>trace</LogLevel>
|
|
||||||
<SslCertPath></SslCertPath>
|
|
||||||
<SslCertPassword></SslCertPassword>
|
|
||||||
<UrlBase></UrlBase>
|
|
||||||
<InstanceName>Lidarr</InstanceName>
|
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
|
||||||
<Theme>auto</Theme>
|
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
|
||||||
</Config>
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"lidarr_address": "http://lidarr:8686",
|
|
||||||
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}",
|
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
|
||||||
"root_folder_path": "/data/media/music",
|
|
||||||
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
|
||||||
"fallback_to_top_result": false,
|
|
||||||
"lidarr_api_timeout": 120.0,
|
|
||||||
"quality_profile_id": 1,
|
|
||||||
"metadata_profile_id": 1,
|
|
||||||
"search_for_missing_albums": false,
|
|
||||||
"dry_run_adding_to_lidarr": true,
|
|
||||||
"app_name": "lidify",
|
|
||||||
"app_rev": "0.09",
|
|
||||||
"app_url": "lidify.trez.wtf",
|
|
||||||
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
|
||||||
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
|
||||||
"mode": "LastFM",
|
|
||||||
"auto_start": false,
|
|
||||||
"auto_start_delay": 60
|
|
||||||
}
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
containers:
|
|
||||||
ghost_blog:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: ':[0-9]{2}\] ERROR.*$'
|
|
||||||
immich-server:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: 'ADVICE:.*error'
|
|
||||||
invidious:
|
|
||||||
keywords:
|
|
||||||
- regex: 'Error reading.*Connection reset by peer trying to reconnect...'
|
|
||||||
global_keywords:
|
|
||||||
keywords:
|
|
||||||
- panic
|
|
||||||
keywords_with_attachment:
|
|
||||||
- fatal
|
|
||||||
notifications:
|
|
||||||
apprise:
|
|
||||||
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
|
||||||
# settings are optional because they all have default values
|
|
||||||
settings:
|
|
||||||
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
|
||||||
notification_cooldown: 5 # Seconds between alerts for same keyword (per container)
|
|
||||||
attachment_lines: 20 # Number of Lines to include in log attachments
|
|
||||||
multi_line_entries: true # Detect multi-line log entries
|
|
||||||
disable_restart: false # Disable restart when a config change is detected
|
|
||||||
disable_start_message: false # Suppress startup notification
|
|
||||||
disable_shutdown_message: false # Suppress shutdown notification
|
|
||||||
disable_restart_message: false # Suppress config reload notification
|
|
||||||
@@ -1,159 +0,0 @@
|
|||||||
'use strict';
|
|
||||||
|
|
||||||
const packageJson = require('../../package.json');
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
// Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
|
|
||||||
brand: {
|
|
||||||
app: {
|
|
||||||
language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
|
|
||||||
name: 'MiroTalk',
|
|
||||||
title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
|
|
||||||
description:
|
|
||||||
'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
|
|
||||||
joinDescription: 'Pick a room name.<br />How about this one?',
|
|
||||||
joinButtonLabel: 'JOIN ROOM',
|
|
||||||
joinLastLabel: 'Your recent room:',
|
|
||||||
},
|
|
||||||
og: {
|
|
||||||
type: 'app-webrtc',
|
|
||||||
siteName: 'MiroTalk',
|
|
||||||
title: 'Click the link to make a call.',
|
|
||||||
description:
|
|
||||||
'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
|
|
||||||
image: 'https://p2p.mirotalk.com/images/preview.png',
|
|
||||||
url: 'https://p2p.mirotalk.com',
|
|
||||||
},
|
|
||||||
site: {
|
|
||||||
shortcutIcon: '../images/logo.svg',
|
|
||||||
appleTouchIcon: '../images/logo.svg',
|
|
||||||
landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
|
||||||
newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
|
||||||
newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
|
|
||||||
newCallRoomDescription:
|
|
||||||
"Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
|
|
||||||
loginTitle: 'MiroTalk - Host Protected login required.',
|
|
||||||
clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
|
|
||||||
privacyPolicyTitle: 'MiroTalk - privacy and policy.',
|
|
||||||
stunTurnTitle: 'Test Stun/Turn Servers.',
|
|
||||||
notFoundTitle: 'MiroTalk - 404 Page not found.',
|
|
||||||
},
|
|
||||||
html: {
|
|
||||||
features: true,
|
|
||||||
browsers: true,
|
|
||||||
teams: true, // please keep me always true ;)
|
|
||||||
tryEasier: true,
|
|
||||||
poweredBy: true,
|
|
||||||
sponsors: true,
|
|
||||||
advertisers: true,
|
|
||||||
footer: true,
|
|
||||||
},
|
|
||||||
about: {
|
|
||||||
imageUrl: '../images/mirotalk-logo.gif',
|
|
||||||
title: `WebRTC P2P v${packageJson.version}`,
|
|
||||||
html: `
|
|
||||||
<button
|
|
||||||
id="support-button"
|
|
||||||
data-umami-event="Support button"
|
|
||||||
onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
|
|
||||||
<i class="fas fa-heart" ></i> Support
|
|
||||||
</button>
|
|
||||||
<br /><br /><br />
|
|
||||||
Author:<a
|
|
||||||
id="linkedin-button"
|
|
||||||
data-umami-event="Linkedin button"
|
|
||||||
href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
|
|
||||||
Miroslav Pejic
|
|
||||||
</a>
|
|
||||||
<br /><br />
|
|
||||||
Email:<a
|
|
||||||
id="email-button"
|
|
||||||
data-umami-event="Email button"
|
|
||||||
href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
|
|
||||||
miroslav.pejic.85@gmail.com
|
|
||||||
</a>
|
|
||||||
<br /><br />
|
|
||||||
<hr />
|
|
||||||
<span>© 2025 MiroTalk P2P, all rights reserved</span>
|
|
||||||
<hr />
|
|
||||||
`,
|
|
||||||
},
|
|
||||||
//...
|
|
||||||
},
|
|
||||||
/**
|
|
||||||
* Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
|
|
||||||
* Set properties to true to show the corresponding buttons, or false to hide them.
|
|
||||||
* captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
|
|
||||||
*/
|
|
||||||
buttons: {
|
|
||||||
main: {
|
|
||||||
showShareQr: true,
|
|
||||||
showShareRoomBtn: true, // For guests
|
|
||||||
showHideMeBtn: true,
|
|
||||||
showAudioBtn: true,
|
|
||||||
showVideoBtn: true,
|
|
||||||
showScreenBtn: true, // autodetected
|
|
||||||
showRecordStreamBtn: true,
|
|
||||||
showChatRoomBtn: true,
|
|
||||||
showCaptionRoomBtn: true,
|
|
||||||
showRoomEmojiPickerBtn: true,
|
|
||||||
showMyHandBtn: true,
|
|
||||||
showWhiteboardBtn: true,
|
|
||||||
showSnapshotRoomBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showDocumentPipBtn: true,
|
|
||||||
showMySettingsBtn: true,
|
|
||||||
showAboutBtn: true, // Please keep me always true, Thank you!
|
|
||||||
},
|
|
||||||
chat: {
|
|
||||||
showTogglePinBtn: true,
|
|
||||||
showMaxBtn: true,
|
|
||||||
showSaveMessageBtn: true,
|
|
||||||
showMarkDownBtn: true,
|
|
||||||
showChatGPTBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showShareVideoAudioBtn: true,
|
|
||||||
showParticipantsBtn: true,
|
|
||||||
},
|
|
||||||
caption: {
|
|
||||||
showTogglePinBtn: true,
|
|
||||||
showMaxBtn: true,
|
|
||||||
},
|
|
||||||
settings: {
|
|
||||||
showMicOptionsBtn: true,
|
|
||||||
showTabRoomPeerName: true,
|
|
||||||
showTabRoomParticipants: true,
|
|
||||||
showTabRoomSecurity: true,
|
|
||||||
showTabEmailInvitation: true,
|
|
||||||
showCaptionEveryoneBtn: true,
|
|
||||||
showMuteEveryoneBtn: true,
|
|
||||||
showHideEveryoneBtn: true,
|
|
||||||
showEjectEveryoneBtn: true,
|
|
||||||
showLockRoomBtn: true,
|
|
||||||
showUnlockRoomBtn: true,
|
|
||||||
showShortcutsBtn: true,
|
|
||||||
},
|
|
||||||
remote: {
|
|
||||||
showAudioVolume: true,
|
|
||||||
audioBtnClickAllowed: true,
|
|
||||||
videoBtnClickAllowed: true,
|
|
||||||
showVideoPipBtn: true,
|
|
||||||
showKickOutBtn: true,
|
|
||||||
showSnapShotBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showShareVideoAudioBtn: true,
|
|
||||||
showPrivateMessageBtn: true,
|
|
||||||
showZoomInOutBtn: false,
|
|
||||||
showVideoFocusBtn: true,
|
|
||||||
},
|
|
||||||
local: {
|
|
||||||
showVideoPipBtn: true,
|
|
||||||
showSnapShotBtn: true,
|
|
||||||
showVideoCircleBtn: true,
|
|
||||||
showZoomInOutBtn: false,
|
|
||||||
},
|
|
||||||
whiteboard: {
|
|
||||||
whiteboardLockBtn: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
};
|
|
||||||
@@ -1,111 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"debugMode": false,
|
|
||||||
"disableWeb": false,
|
|
||||||
"sourceDefaults": {
|
|
||||||
"logPayload": false,
|
|
||||||
"logFilterFailure": "warn",
|
|
||||||
"logPlayerState": false,
|
|
||||||
"scrobbleThresholds": {
|
|
||||||
"duration": 30,
|
|
||||||
"percent": 20
|
|
||||||
},
|
|
||||||
"maxPollRetries": 1,
|
|
||||||
"maxRequestRetries": 1,
|
|
||||||
"retryMultiplier": 1.5
|
|
||||||
},
|
|
||||||
"clientDefaults": {
|
|
||||||
"maxRequestRetries": 1,
|
|
||||||
"retryMultiplier": 1.5
|
|
||||||
},
|
|
||||||
"sources": [
|
|
||||||
{
|
|
||||||
"type": "spotify",
|
|
||||||
"enable": true,
|
|
||||||
"clients": [],
|
|
||||||
"name": "spotify",
|
|
||||||
"data": {
|
|
||||||
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
|
||||||
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
|
||||||
"redirectUri": "http://localhost:9078/callback"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "lastfm",
|
|
||||||
"enable": true,
|
|
||||||
"clients": [],
|
|
||||||
"name": "lastfm",
|
|
||||||
"data": {
|
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
|
||||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "listenbrainz",
|
|
||||||
"enable": true,
|
|
||||||
"clients": [],
|
|
||||||
"name": "listenBrainz",
|
|
||||||
"data": {
|
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
|
||||||
"username": "Trez.One"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "subsonic",
|
|
||||||
"enable": true,
|
|
||||||
"clients": [],
|
|
||||||
"name": "navidrome",
|
|
||||||
"data": {
|
|
||||||
"url": "http://navidrome:4533",
|
|
||||||
"user": "admin",
|
|
||||||
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"clients": [
|
|
||||||
{
|
|
||||||
"type": "lastfm",
|
|
||||||
"enable": true,
|
|
||||||
"name": "lastFmClient",
|
|
||||||
"data": {
|
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
|
||||||
"redirectUri": "http://localhost:9078/lastfm/callback"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "listenbrainz",
|
|
||||||
"enable": true,
|
|
||||||
"name": "ListenBrainzClient",
|
|
||||||
"data": {
|
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
|
||||||
"username": "Trez.One"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "maloja",
|
|
||||||
"enable": true,
|
|
||||||
"name": "maloja",
|
|
||||||
"data": {
|
|
||||||
"url": "http://maloja:42010",
|
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"webhooks": [
|
|
||||||
{
|
|
||||||
"name": "Gotify",
|
|
||||||
"type": "gotify",
|
|
||||||
"url": "http://gotify",
|
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
|
||||||
"priorities": {
|
|
||||||
"info": 5,
|
|
||||||
"warn": 7,
|
|
||||||
"error": 10
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
{
|
|
||||||
"Stuns": [
|
|
||||||
{
|
|
||||||
"Proto": "udp",
|
|
||||||
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
||||||
"Username": "",
|
|
||||||
"Password": null
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"TURNConfig": {
|
|
||||||
"Turns": [
|
|
||||||
{
|
|
||||||
"Proto": "udp",
|
|
||||||
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
||||||
"Username": "self",
|
|
||||||
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"CredentialsTTL": "12h",
|
|
||||||
"Secret": "secret",
|
|
||||||
"TimeBasedCredentials": false
|
|
||||||
},
|
|
||||||
"Relay": {
|
|
||||||
"Addresses": [
|
|
||||||
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
|
||||||
],
|
|
||||||
"CredentialsTTL": "24h",
|
|
||||||
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
|
||||||
},
|
|
||||||
"Signal": {
|
|
||||||
"Proto": "https",
|
|
||||||
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
|
||||||
"Username": "",
|
|
||||||
"Password": null
|
|
||||||
},
|
|
||||||
"ReverseProxy": {
|
|
||||||
"TrustedHTTPProxies": [],
|
|
||||||
"TrustedHTTPProxiesCount": 0,
|
|
||||||
"TrustedPeers": [
|
|
||||||
"0.0.0.0/0"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"Datadir": "",
|
|
||||||
"DataStoreEncryptionKey": "",
|
|
||||||
"StoreConfig": {
|
|
||||||
"Engine": "sqlite"
|
|
||||||
},
|
|
||||||
"HttpConfig": {
|
|
||||||
"Address": "0.0.0.0:33073",
|
|
||||||
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
|
||||||
"AuthAudience": "netbird",
|
|
||||||
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
|
||||||
"AuthUserIDClaim": "",
|
|
||||||
"CertFile": "",
|
|
||||||
"CertKey": "",
|
|
||||||
"IdpSignKeyRefreshEnabled": true,
|
|
||||||
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
|
||||||
},
|
|
||||||
"IdpManagerConfig": {},
|
|
||||||
"DeviceAuthorizationFlow": {},
|
|
||||||
"PKCEAuthorizationFlow": {
|
|
||||||
"ProviderConfig": {
|
|
||||||
"Audience": "netbird",
|
|
||||||
"ClientID": "netbird",
|
|
||||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
|
||||||
"Domain": "",
|
|
||||||
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
|
||||||
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
|
||||||
"Scope": "openid profile email offline_access api",
|
|
||||||
"RedirectURLs": [
|
|
||||||
"http://localhost:53000"
|
|
||||||
],
|
|
||||||
"UseIDToken": true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,122 +0,0 @@
|
|||||||
{
|
|
||||||
"issuer": "https://id.trez.wtf",
|
|
||||||
"authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
|
|
||||||
"token_endpoint": "https://id.trez.wtf/oauth/v2/token",
|
|
||||||
"introspection_endpoint": "https://id.trez.wtf/oauth/v2/introspect",
|
|
||||||
"userinfo_endpoint": "https://id.trez.wtf/oidc/v1/userinfo",
|
|
||||||
"revocation_endpoint": "https://id.trez.wtf/oauth/v2/revoke",
|
|
||||||
"end_session_endpoint": "https://id.trez.wtf/oidc/v1/end_session",
|
|
||||||
"device_authorization_endpoint": "https://id.trez.wtf/oauth/v2/device_authorization",
|
|
||||||
"jwks_uri": "https://id.trez.wtf/oauth/v2/keys",
|
|
||||||
"scopes_supported": [
|
|
||||||
"openid",
|
|
||||||
"profile",
|
|
||||||
"email",
|
|
||||||
"phone",
|
|
||||||
"address",
|
|
||||||
"offline_access"
|
|
||||||
],
|
|
||||||
"response_types_supported": [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"id_token token"
|
|
||||||
],
|
|
||||||
"response_modes_supported": [
|
|
||||||
"query",
|
|
||||||
"fragment",
|
|
||||||
"form_post"
|
|
||||||
],
|
|
||||||
"grant_types_supported": [
|
|
||||||
"authorization_code",
|
|
||||||
"implicit",
|
|
||||||
"refresh_token",
|
|
||||||
"client_credentials",
|
|
||||||
"urn:ietf:params:oauth:grant-type:jwt-bearer",
|
|
||||||
"urn:ietf:params:oauth:grant-type:device_code"
|
|
||||||
],
|
|
||||||
"subject_types_supported": [
|
|
||||||
"public"
|
|
||||||
],
|
|
||||||
"id_token_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"request_object_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"token_endpoint_auth_methods_supported": [
|
|
||||||
"none",
|
|
||||||
"client_secret_basic",
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"token_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"revocation_endpoint_auth_methods_supported": [
|
|
||||||
"none",
|
|
||||||
"client_secret_basic",
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"revocation_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"introspection_endpoint_auth_methods_supported": [
|
|
||||||
"client_secret_basic",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"introspection_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"claims_supported": [
|
|
||||||
"sub",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"iss",
|
|
||||||
"auth_time",
|
|
||||||
"nonce",
|
|
||||||
"acr",
|
|
||||||
"amr",
|
|
||||||
"c_hash",
|
|
||||||
"at_hash",
|
|
||||||
"act",
|
|
||||||
"scopes",
|
|
||||||
"client_id",
|
|
||||||
"azp",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"family_name",
|
|
||||||
"given_name",
|
|
||||||
"locale",
|
|
||||||
"email",
|
|
||||||
"email_verified",
|
|
||||||
"phone_number",
|
|
||||||
"phone_number_verified"
|
|
||||||
],
|
|
||||||
"code_challenge_methods_supported": [
|
|
||||||
"S256"
|
|
||||||
],
|
|
||||||
"ui_locales_supported": [
|
|
||||||
"bg",
|
|
||||||
"cs",
|
|
||||||
"de",
|
|
||||||
"en",
|
|
||||||
"es",
|
|
||||||
"fr",
|
|
||||||
"hu",
|
|
||||||
"id",
|
|
||||||
"it",
|
|
||||||
"ja",
|
|
||||||
"ko",
|
|
||||||
"mk",
|
|
||||||
"nl",
|
|
||||||
"pl",
|
|
||||||
"pt",
|
|
||||||
"ru",
|
|
||||||
"sv",
|
|
||||||
"zh"
|
|
||||||
],
|
|
||||||
"request_parameter_supported": true,
|
|
||||||
"request_uri_parameter_supported": false
|
|
||||||
}
|
|
||||||
@@ -1,725 +0,0 @@
|
|||||||
# Coturn TURN SERVER configuration file
|
|
||||||
#
|
|
||||||
# Boolean values note: where a boolean value is supposed to be used,
|
|
||||||
# you can use '0', 'off', 'no', 'false', or 'f' as 'false,
|
|
||||||
# and you can use '1', 'on', 'yes', 'true', or 't' as 'true'
|
|
||||||
# If the value is missing, then it means 'true' by default.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Listener interface device (optional, Linux only).
|
|
||||||
# NOT RECOMMENDED.
|
|
||||||
#
|
|
||||||
#listening-device=eth0
|
|
||||||
|
|
||||||
# TURN listener port for UDP and TCP (Default: 3478).
|
|
||||||
# Note: actually, TLS & DTLS sessions can connect to the
|
|
||||||
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
|
||||||
#
|
|
||||||
listening-port=3478
|
|
||||||
|
|
||||||
# TURN listener port for TLS (Default: 5349).
|
|
||||||
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
|
||||||
# port(s), too - if allowed by configuration. The TURN server
|
|
||||||
# "automatically" recognizes the type of traffic. Actually, two listening
|
|
||||||
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
|
|
||||||
# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
|
|
||||||
# For secure TCP connections, Coturn currently supports SSL version 3 and
|
|
||||||
# TLS version 1.0, 1.1 and 1.2.
|
|
||||||
# For secure UDP connections, Coturn supports DTLS version 1.
|
|
||||||
#
|
|
||||||
tls-listening-port=5349
|
|
||||||
|
|
||||||
# Alternative listening port for UDP and TCP listeners;
|
|
||||||
# default (or zero) value means "listening port plus one".
|
|
||||||
# This is needed for RFC 5780 support
|
|
||||||
# (STUN extension specs, NAT behavior discovery). The TURN Server
|
|
||||||
# supports RFC 5780 only if it is started with more than one
|
|
||||||
# listening IP address of the same family (IPv4 or IPv6).
|
|
||||||
# RFC 5780 is supported only by UDP protocol, other protocols
|
|
||||||
# are listening to that endpoint only for "symmetry".
|
|
||||||
#
|
|
||||||
#alt-listening-port=0
|
|
||||||
|
|
||||||
# Alternative listening port for TLS and DTLS protocols.
|
|
||||||
# Default (or zero) value means "TLS listening port plus one".
|
|
||||||
#
|
|
||||||
#alt-tls-listening-port=0
|
|
||||||
|
|
||||||
# Some network setups will require using a TCP reverse proxy in front
|
|
||||||
# of the STUN server. If the proxy port option is set a single listener
|
|
||||||
# is started on the given port that accepts connections using the
|
|
||||||
# haproxy proxy protocol v2.
|
|
||||||
# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
|
|
||||||
#
|
|
||||||
#tcp-proxy-port=5555
|
|
||||||
|
|
||||||
# Listener IP address of relay server. Multiple listeners can be specified.
|
|
||||||
# If no IP(s) specified in the config file or in the command line options,
|
|
||||||
# then all IPv4 and IPv6 system IPs will be used for listening.
|
|
||||||
#
|
|
||||||
#listening-ip=172.17.19.101
|
|
||||||
#listening-ip=10.207.21.238
|
|
||||||
#listening-ip=2607:f0d0:1002:51::4
|
|
||||||
|
|
||||||
# Auxiliary STUN/TURN server listening endpoint.
|
|
||||||
# Aux servers have almost full TURN and STUN functionality.
|
|
||||||
# The (minor) limitations are:
|
|
||||||
#
|
|
||||||
# 1) Auxiliary servers do not have alternative ports and
|
|
||||||
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
|
|
||||||
#
|
|
||||||
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
|
|
||||||
#
|
|
||||||
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
|
|
||||||
#
|
|
||||||
# There may be multiple aux-server options, each will be used for listening
|
|
||||||
# to client requests.
|
|
||||||
#
|
|
||||||
#aux-server=172.17.19.110:33478
|
|
||||||
#aux-server=[2607:f0d0:1002:51::4]:33478
|
|
||||||
|
|
||||||
# (recommended for older Linuxes only)
|
|
||||||
# Automatically balance UDP traffic over auxiliary servers (if configured).
|
|
||||||
# The load balancing is using the ALTERNATE-SERVER mechanism.
|
|
||||||
# The TURN client must support 300 ALTERNATE-SERVER response for this
|
|
||||||
# functionality.
|
|
||||||
#
|
|
||||||
#udp-self-balance
|
|
||||||
|
|
||||||
# Relay interface device for relay sockets (optional, Linux only).
|
|
||||||
# NOT RECOMMENDED.
|
|
||||||
#
|
|
||||||
#relay-device=eth1
|
|
||||||
|
|
||||||
# Relay address (the local IP address that will be used to relay the
|
|
||||||
# packets to the peer).
|
|
||||||
# Multiple relay addresses may be used.
|
|
||||||
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
|
|
||||||
#
|
|
||||||
# If no relay IP(s) specified, then the turnserver will apply the default
|
|
||||||
# policy: it will decide itself which relay addresses to be used, and it
|
|
||||||
# will always be using the client socket IP address as the relay IP address
|
|
||||||
# of the TURN session (if the requested relay address family is the same
|
|
||||||
# as the family of the client socket).
|
|
||||||
#
|
|
||||||
#relay-ip=172.17.19.105
|
|
||||||
#relay-ip=2607:f0d0:1002:51::5
|
|
||||||
|
|
||||||
# For Amazon EC2 users:
|
|
||||||
#
|
|
||||||
# TURN Server public/private address mapping, if the server is behind NAT.
|
|
||||||
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
|
|
||||||
# as relay IP address of all allocations. This scenario works only in a simple case
|
|
||||||
# when one single relay address is be used, and no RFC5780 functionality is required.
|
|
||||||
# That single relay address must be mapped by NAT to the 'external' IP.
|
|
||||||
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
|
|
||||||
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
|
|
||||||
# must be always mapped to the same 'external' port 12345).
|
|
||||||
#
|
|
||||||
# In more complex case when more than one IP address is involved,
|
|
||||||
# that option must be used several times, each entry must
|
|
||||||
# have form "-X <public-ip/private-ip>", to map all involved addresses.
|
|
||||||
# RFC5780 NAT discovery STUN functionality will work correctly,
|
|
||||||
# if the addresses are mapped properly, even when the TURN server itself
|
|
||||||
# is behind A NAT.
|
|
||||||
#
|
|
||||||
# By default, this value is empty, and no address mapping is used.
|
|
||||||
#
|
|
||||||
# external-ip=193.224.22.37
|
|
||||||
#
|
|
||||||
#OR:
|
|
||||||
#
|
|
||||||
#external-ip=60.70.80.91/172.17.19.101
|
|
||||||
#external-ip=60.70.80.92/172.17.19.102
|
|
||||||
|
|
||||||
external-ip=108.29.206.17
|
|
||||||
|
|
||||||
# Number of the relay threads to handle the established connections
|
|
||||||
# (in addition to authentication thread and the listener thread).
|
|
||||||
# If explicitly set to 0 then application runs relay process in a
|
|
||||||
# single thread, in the same thread with the listener process
|
|
||||||
# (the authentication thread will still be a separate thread).
|
|
||||||
#
|
|
||||||
# If this parameter is not set, then the default OS-dependent
|
|
||||||
# thread pattern algorithm will be employed. Usually the default
|
|
||||||
# algorithm is optimal, so you have to change this option
|
|
||||||
# if you want to make some fine tweaks.
|
|
||||||
#
|
|
||||||
# In the older systems (Linux kernel before 3.9),
|
|
||||||
# the number of UDP threads is always one thread per network listening
|
|
||||||
# endpoint - including the auxiliary endpoints - unless 0 (zero) or
|
|
||||||
# 1 (one) value is set.
|
|
||||||
#
|
|
||||||
#relay-threads=0
|
|
||||||
|
|
||||||
# Lower and upper bounds of the UDP relay endpoints:
|
|
||||||
# (default values are 49152 and 65535)
|
|
||||||
#
|
|
||||||
min-port=49152
|
|
||||||
max-port=65535
|
|
||||||
|
|
||||||
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
|
||||||
# By default the verbose mode is off.
|
|
||||||
#verbose
|
|
||||||
|
|
||||||
# Uncomment to run TURN server in 'extra' verbose mode.
|
|
||||||
# This mode is very annoying and produces lots of output.
|
|
||||||
# Not recommended under normal circumstances.
|
|
||||||
#
|
|
||||||
#Verbose
|
|
||||||
|
|
||||||
# Uncomment to use fingerprints in the TURN messages.
|
|
||||||
# By default the fingerprints are off.
|
|
||||||
#
|
|
||||||
fingerprint
|
|
||||||
|
|
||||||
# Uncomment to use long-term credential mechanism.
|
|
||||||
# By default no credentials mechanism is used (any user allowed).
|
|
||||||
#
|
|
||||||
lt-cred-mech
|
|
||||||
|
|
||||||
# This option is the opposite of lt-cred-mech.
|
|
||||||
# (TURN Server with no-auth option allows anonymous access).
|
|
||||||
# If neither option is defined, and no users are defined,
|
|
||||||
# then no-auth is default. If at least one user is defined,
|
|
||||||
# in this file, in command line or in usersdb file, then
|
|
||||||
# lt-cred-mech is default.
|
|
||||||
#
|
|
||||||
#no-auth
|
|
||||||
|
|
||||||
# TURN REST API flag.
|
|
||||||
# (Time Limited Long Term Credential)
|
|
||||||
# Flag that sets a special authorization option that is based upon authentication secret.
|
|
||||||
#
|
|
||||||
# This feature's purpose is to support "TURN Server REST API", see
|
|
||||||
# "TURN REST API" link in the project's page
|
|
||||||
# https://github.com/coturn/coturn/
|
|
||||||
#
|
|
||||||
# This option is used with timestamp:
|
|
||||||
#
|
|
||||||
# usercombo -> "timestamp:userid"
|
|
||||||
# turn user -> usercombo
|
|
||||||
# turn password -> base64(hmac(secret key, usercombo))
|
|
||||||
#
|
|
||||||
# This allows TURN credentials to be accounted for a specific user id.
|
|
||||||
# If you don't have a suitable id, then the timestamp alone can be used.
|
|
||||||
# This option is enabled by turning on secret-based authentication.
|
|
||||||
# The actual value of the secret is defined either by the option static-auth-secret,
|
|
||||||
# or can be found in the turn_secret table in the database (see below).
|
|
||||||
#
|
|
||||||
# Read more about it:
|
|
||||||
# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
|
|
||||||
# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
|
|
||||||
#
|
|
||||||
# Be aware that use-auth-secret overrides some parts of lt-cred-mech.
|
|
||||||
# The use-auth-secret feature depends internally on lt-cred-mech, so if you set
|
|
||||||
# this option then it automatically enables lt-cred-mech internally
|
|
||||||
# as if you had enabled both.
|
|
||||||
#
|
|
||||||
# Note that you can use only one auth mechanism at the same time! This is because,
|
|
||||||
# both mechanisms conduct username and password validation in different ways.
|
|
||||||
#
|
|
||||||
# Use either lt-cred-mech or use-auth-secret in the conf
|
|
||||||
# to avoid any confusion.
|
|
||||||
#
|
|
||||||
#use-auth-secret
|
|
||||||
|
|
||||||
# 'Static' authentication secret value (a string) for TURN REST API only.
|
|
||||||
# If not set, then the turn server
|
|
||||||
# will try to use the 'dynamic' value in the turn_secret table
|
|
||||||
# in the user database (if present). The database-stored value can be changed on-the-fly
|
|
||||||
# by a separate program, so this is why that mode is considered 'dynamic'.
|
|
||||||
#
|
|
||||||
#static-auth-secret=north
|
|
||||||
|
|
||||||
# Server name used for
|
|
||||||
# the oAuth authentication purposes.
|
|
||||||
# The default value is the realm name.
|
|
||||||
#
|
|
||||||
# server-name=stun.wiretrustee.com
|
|
||||||
|
|
||||||
# Flag that allows oAuth authentication.
|
|
||||||
#
|
|
||||||
#oauth
|
|
||||||
|
|
||||||
# 'Static' user accounts for the long term credentials mechanism, only.
|
|
||||||
# This option cannot be used with TURN REST API.
|
|
||||||
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
|
|
||||||
# so they can NOT be changed while the turnserver is running.
|
|
||||||
#
|
|
||||||
#user=username1:key1
|
|
||||||
#user=username2:key2
|
|
||||||
# OR:
|
|
||||||
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
|
|
||||||
#user=username2:password2
|
|
||||||
#
|
|
||||||
# Keys must be generated by turnadmin utility. The key value depends
|
|
||||||
# on user name, realm, and password:
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
|
|
||||||
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
|
|
||||||
# ('0x' in the beginning of the key is what differentiates the key from
|
|
||||||
# password. If it has 0x then it is a key, otherwise it is a password).
|
|
||||||
#
|
|
||||||
# The corresponding user account entry in the config file will be:
|
|
||||||
#
|
|
||||||
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
|
|
||||||
# Or, equivalently, with open clear password (less secure):
|
|
||||||
#user=ninefingers:youhavetoberealistic
|
|
||||||
#
|
|
||||||
|
|
||||||
# SQLite database file name.
|
|
||||||
#
|
|
||||||
# The default file name is /var/db/turndb or /usr/local/var/db/turndb or
|
|
||||||
# /var/lib/turn/turndb.
|
|
||||||
#
|
|
||||||
#userdb=/var/db/turndb
|
|
||||||
|
|
||||||
# PostgreSQL database connection string in the case that you are using PostgreSQL
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for the long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
|
|
||||||
# versions connection string format, see
|
|
||||||
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
|
|
||||||
# for 9.x and newer connection string formats.
|
|
||||||
#
|
|
||||||
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
|
|
||||||
|
|
||||||
# MySQL database connection string in the case that you are using MySQL
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for the long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
#
|
|
||||||
# Optional connection string parameters for the secure communications (SSL):
|
|
||||||
# ca, capath, cert, key, cipher
|
|
||||||
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
|
|
||||||
# command options description).
|
|
||||||
#
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
# mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
|
|
||||||
|
|
||||||
# If you want to use an encrypted password in the MySQL connection string,
|
|
||||||
# then set the MySQL password encryption secret key file with this option.
|
|
||||||
#
|
|
||||||
# Warning: If this option is set, then the mysql password must be set in "mysql-userdb" in an encrypted format!
|
|
||||||
# If you want to use a cleartext password then do not set this option!
|
|
||||||
#
|
|
||||||
# This is the file path for the aes encrypted secret key used for password encryption.
|
|
||||||
#
|
|
||||||
#secret-key-file=/path/
|
|
||||||
|
|
||||||
# MongoDB database connection string in the case that you are using MongoDB
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# Use the string format described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
|
|
||||||
#
|
|
||||||
#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
|
|
||||||
|
|
||||||
# Redis database connection string in the case that you are using Redis
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
|
||||||
|
|
||||||
# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
|
|
||||||
# This database keeps allocations status information, and it can be also used for publishing
|
|
||||||
# and delivering traffic and allocation event notifications.
|
|
||||||
# The connection string has the same parameters as redis-userdb connection string.
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
|
||||||
|
|
||||||
# The default realm to be used for the users when no explicit
|
|
||||||
# origin/realm relationship is found in the database, or if the TURN
|
|
||||||
# server is not using any database (just the commands-line settings
|
|
||||||
# and the userdb file). Must be used with long-term credentials
|
|
||||||
# mechanism or with TURN REST API.
|
|
||||||
#
|
|
||||||
# Note: If the default realm is not specified, then realm falls back to the host domain name.
|
|
||||||
# If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
|
|
||||||
#
|
|
||||||
# realm=wiretrustee.com
|
|
||||||
# This flag sets the origin consistency
|
|
||||||
# check. Across the session, all requests must have the same
|
|
||||||
# main ORIGIN attribute value (if the ORIGIN was
|
|
||||||
# initially used by the session).
|
|
||||||
#
|
|
||||||
#check-origin-consistency
|
|
||||||
|
|
||||||
# Per-user allocation quota.
|
|
||||||
# default value is 0 (no quota, unlimited number of sessions per user).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#user-quota=0
|
|
||||||
|
|
||||||
# Total allocation quota.
|
|
||||||
# default value is 0 (no quota).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#total-quota=0
|
|
||||||
|
|
||||||
# Max bytes-per-second bandwidth a TURN session is allowed to handle
|
|
||||||
# (input and output network streams are treated separately). Anything above
|
|
||||||
# that limit will be dropped or temporarily suppressed (within
|
|
||||||
# the available buffer limits).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#max-bps=0
|
|
||||||
|
|
||||||
#
|
|
||||||
# Maximum server capacity.
|
|
||||||
# Total bytes-per-second bandwidth the TURN server is allowed to allocate
|
|
||||||
# for the sessions, combined (input and output network streams are treated separately).
|
|
||||||
#
|
|
||||||
# bps-capacity=0
|
|
||||||
|
|
||||||
# Uncomment if no UDP client listener is desired.
|
|
||||||
# By default UDP client listener is always started.
|
|
||||||
#
|
|
||||||
#no-udp
|
|
||||||
|
|
||||||
# Uncomment if no TCP client listener is desired.
|
|
||||||
# By default TCP client listener is always started.
|
|
||||||
#
|
|
||||||
#no-tcp
|
|
||||||
|
|
||||||
# Uncomment if no TLS client listener is desired.
|
|
||||||
# By default TLS client listener is always started.
|
|
||||||
#
|
|
||||||
#no-tls
|
|
||||||
|
|
||||||
# Uncomment if no DTLS client listener is desired.
|
|
||||||
# By default DTLS client listener is always started.
|
|
||||||
#
|
|
||||||
#no-dtls
|
|
||||||
|
|
||||||
# Uncomment if no UDP relay endpoints are allowed.
|
|
||||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
|
||||||
#
|
|
||||||
#no-udp-relay
|
|
||||||
|
|
||||||
# Uncomment if no TCP relay endpoints are allowed.
|
|
||||||
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
|
||||||
#
|
|
||||||
#no-tcp-relay
|
|
||||||
|
|
||||||
# Uncomment if extra security is desired,
|
|
||||||
# with nonce value having a limited lifetime.
|
|
||||||
# The nonce value is unique for a session.
|
|
||||||
# Set this option to limit the nonce lifetime.
|
|
||||||
# Set it to 0 for unlimited lifetime.
|
|
||||||
# It defaults to 600 secs (10 min) if no value is provided. After that delay,
|
|
||||||
# the client will get 438 error and will have to re-authenticate itself.
|
|
||||||
#
|
|
||||||
#stale-nonce=600
|
|
||||||
|
|
||||||
# Uncomment if you want to set the maximum allocation
|
|
||||||
# time before it has to be refreshed.
|
|
||||||
# Default is 3600s.
|
|
||||||
#
|
|
||||||
#max-allocate-lifetime=3600
|
|
||||||
|
|
||||||
|
|
||||||
# Uncomment to set the lifetime for the channel.
|
|
||||||
# Default value is 600 secs (10 minutes).
|
|
||||||
# This value MUST not be changed for production purposes.
|
|
||||||
#
|
|
||||||
#channel-lifetime=600
|
|
||||||
|
|
||||||
# Uncomment to set the permission lifetime.
|
|
||||||
# Default to 300 secs (5 minutes).
|
|
||||||
# In production this value MUST not be changed,
|
|
||||||
# however it can be useful for test purposes.
|
|
||||||
#
|
|
||||||
#permission-lifetime=300
|
|
||||||
|
|
||||||
# Certificate file.
|
|
||||||
# Use an absolute path or path relative to the
|
|
||||||
# configuration file.
|
|
||||||
# Use PEM file format.
|
|
||||||
#
|
|
||||||
cert=/etc/coturn/certs/cert.pem
|
|
||||||
|
|
||||||
# Private key file.
|
|
||||||
# Use an absolute path or path relative to the
|
|
||||||
# configuration file.
|
|
||||||
# Use PEM file format.
|
|
||||||
#
|
|
||||||
pkey=/etc/coturn/private/privkey.pem
|
|
||||||
|
|
||||||
# Private key file password, if it is in encoded format.
|
|
||||||
# This option has no default value.
|
|
||||||
#
|
|
||||||
#pkey-pwd=...
|
|
||||||
|
|
||||||
# Allowed OpenSSL cipher list for TLS/DTLS connections.
|
|
||||||
# Default value is "DEFAULT".
|
|
||||||
#
|
|
||||||
#cipher-list="DEFAULT"
|
|
||||||
|
|
||||||
# CA file in OpenSSL format.
|
|
||||||
# Forces TURN server to verify the client SSL certificates.
|
|
||||||
# By default this is not set: there is no default value and the client
|
|
||||||
# certificate is not checked.
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
#CA-file=/etc/ssh/id_rsa.cert
|
|
||||||
|
|
||||||
# Curve name for EC ciphers, if supported by OpenSSL
|
|
||||||
# library (TLS and DTLS). The default value is prime256v1,
|
|
||||||
# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
|
|
||||||
# an optimal curve will be automatically calculated, if not defined
|
|
||||||
# by this option.
|
|
||||||
#
|
|
||||||
#ec-curve-name=prime256v1
|
|
||||||
|
|
||||||
# Use 566 bits predefined DH TLS key. Default size of the key is 2066.
|
|
||||||
#
|
|
||||||
#dh566
|
|
||||||
|
|
||||||
# Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
|
|
||||||
#
|
|
||||||
#dh1066
|
|
||||||
|
|
||||||
# Use custom DH TLS key, stored in PEM format in the file.
|
|
||||||
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
|
|
||||||
#
|
|
||||||
#dh-file=<DH-PEM-file-name>
|
|
||||||
|
|
||||||
# Flag to prevent stdout log messages.
|
|
||||||
# By default, all log messages go to both stdout and to
|
|
||||||
# the configured log file. With this option everything will
|
|
||||||
# go to the configured log only (unless the log file itself is stdout).
|
|
||||||
#
|
|
||||||
#no-stdout-log
|
|
||||||
|
|
||||||
# Option to set the log file name.
|
|
||||||
# By default, the turnserver tries to open a log file in
|
|
||||||
# /var/log, /var/tmp, /tmp and the current directory
|
|
||||||
# (Whichever file open operation succeeds first will be used).
|
|
||||||
# With this option you can set the definite log file name.
|
|
||||||
# The special names are "stdout" and "-" - they will force everything
|
|
||||||
# to the stdout. Also, the "syslog" name will force everything to
|
|
||||||
# the system log (syslog).
|
|
||||||
# In the runtime, the logfile can be reset with the SIGHUP signal
|
|
||||||
# to the turnserver process.
|
|
||||||
#
|
|
||||||
log-file=stdout
|
|
||||||
|
|
||||||
# Option to redirect all log output into system log (syslog).
|
|
||||||
#
|
|
||||||
# syslog
|
|
||||||
|
|
||||||
# This flag means that no log file rollover will be used, and the log file
|
|
||||||
# name will be constructed as-is, without PID and date appendage.
|
|
||||||
# This option can be used, for example, together with the logrotate tool.
|
|
||||||
#
|
|
||||||
#simple-log
|
|
||||||
|
|
||||||
# Option to set the "redirection" mode. The value of this option
|
|
||||||
# will be the address of the alternate server for UDP & TCP service in the form of
|
|
||||||
# <ip>[:<port>]. The server will send this value in the attribute
|
|
||||||
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
|
|
||||||
# Client will receive only values with the same address family
|
|
||||||
# as the client network endpoint address family.
|
|
||||||
# See RFC 5389 and RFC 5766 for the description of ALTERNATE-SERVER functionality.
|
|
||||||
# The client must use the obtained value for subsequent TURN communications.
|
|
||||||
# If more than one --alternate-server option is provided, then the functionality
|
|
||||||
# can be more accurately described as "load-balancing" than a mere "redirection".
|
|
||||||
# If the port number is omitted, then the default port
|
|
||||||
# number 3478 for the UDP/TCP protocols will be used.
|
|
||||||
# Colon (:) characters in IPv6 addresses may conflict with the syntax of
|
|
||||||
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
|
|
||||||
# in square brackets in such resource identifiers, for example:
|
|
||||||
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
|
|
||||||
# Multiple alternate servers can be set. They will be used in the
|
|
||||||
# round-robin manner. All servers in the pool are considered of equal weight and
|
|
||||||
# the load will be distributed equally. For example, if you have 4 alternate servers,
|
|
||||||
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
|
|
||||||
# address can be used more than one time with the alternate-server option, so this
|
|
||||||
# can emulate "weighting" of the servers.
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
#alternate-server=1.2.3.4:5678
|
|
||||||
#alternate-server=11.22.33.44:56789
|
|
||||||
#alternate-server=5.6.7.8
|
|
||||||
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
|
||||||
|
|
||||||
# Option to set alternative server for TLS & DTLS services in form of
|
|
||||||
# <ip>:<port>. If the port number is omitted, then the default port
|
|
||||||
# number 5349 for the TLS/DTLS protocols will be used. See the previous
|
|
||||||
# option for the functionality description.
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
#tls-alternate-server=1.2.3.4:5678
|
|
||||||
#tls-alternate-server=11.22.33.44:56789
|
|
||||||
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
|
||||||
|
|
||||||
# Option to suppress TURN functionality, only STUN requests will be processed.
|
|
||||||
# Run as STUN server only, all TURN requests will be ignored.
|
|
||||||
# By default, this option is NOT set.
|
|
||||||
#
|
|
||||||
#stun-only
|
|
||||||
|
|
||||||
# Option to hide software version. Enhance security when used in production.
|
|
||||||
# Revealing the specific software version of the agent through the
|
|
||||||
# SOFTWARE attribute might allow them to become more vulnerable to
|
|
||||||
# attacks against software that is known to contain security holes.
|
|
||||||
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
|
||||||
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
|
||||||
#
|
|
||||||
no-software-attribute
|
|
||||||
|
|
||||||
# Option to suppress STUN functionality, only TURN requests will be processed.
|
|
||||||
# Run as TURN server only, all STUN requests will be ignored.
|
|
||||||
# By default, this option is NOT set.
|
|
||||||
#
|
|
||||||
#no-stun
|
|
||||||
|
|
||||||
# This is the timestamp/username separator symbol (character) in TURN REST API.
|
|
||||||
# The default value is ':'.
|
|
||||||
# rest-api-separator=:
|
|
||||||
|
|
||||||
# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
|
|
||||||
# This is an extra security measure.
|
|
||||||
#
|
|
||||||
# (To avoid any security issue that allowing loopback access may raise,
|
|
||||||
# the no-loopback-peers option is replaced by allow-loopback-peers.)
|
|
||||||
#
|
|
||||||
# Allow it only for testing in a development environment!
|
|
||||||
# In production it adds a possible security vulnerability, so for security reasons
|
|
||||||
# it is not allowed using it together with empty cli-password.
|
|
||||||
#
|
|
||||||
#allow-loopback-peers
|
|
||||||
|
|
||||||
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
|
|
||||||
# This is an extra security measure.
|
|
||||||
#
|
|
||||||
#no-multicast-peers
|
|
||||||
|
|
||||||
# Option to set the max time, in seconds, allowed for full allocation establishment.
|
|
||||||
# Default is 60 seconds.
|
|
||||||
#
|
|
||||||
#max-allocate-timeout=60
|
|
||||||
|
|
||||||
# Option to allow or ban specific ip addresses or ranges of ip addresses.
|
|
||||||
# If an ip address is specified as both allowed and denied, then the ip address is
|
|
||||||
# considered to be allowed. This is useful when you wish to ban a range of ip
|
|
||||||
# addresses, except for a few specific ips within that range.
|
|
||||||
#
|
|
||||||
# This can be used when you do not want users of the turn server to be able to access
|
|
||||||
# machines reachable by the turn server, but would otherwise be unreachable from the
|
|
||||||
# internet (e.g. when the turn server is sitting behind a NAT)
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
# denied-peer-ip=83.166.64.0-83.166.95.255
|
|
||||||
# allowed-peer-ip=83.166.68.45
|
|
||||||
|
|
||||||
# File name to store the pid of the process.
|
|
||||||
# Default is /var/run/turnserver.pid (if superuser account is used) or
|
|
||||||
# /var/tmp/turnserver.pid .
|
|
||||||
#
|
|
||||||
pidfile="/var/tmp/turnserver.pid"
|
|
||||||
|
|
||||||
# Require authentication of the STUN Binding request.
|
|
||||||
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
|
|
||||||
#
|
|
||||||
#secure-stun
|
|
||||||
|
|
||||||
# Mobility with ICE (MICE) specs support.
|
|
||||||
#
|
|
||||||
#mobility
|
|
||||||
|
|
||||||
# Allocate Address Family according
|
|
||||||
# If enabled then TURN server allocates address family according the TURN
|
|
||||||
# Client <=> Server communication address family.
|
|
||||||
# (By default Coturn works according RFC 6156.)
|
|
||||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
|
||||||
#
|
|
||||||
#keep-address-family
|
|
||||||
|
|
||||||
|
|
||||||
# User name to run the process. After the initialization, the turnserver process
|
|
||||||
# will attempt to change the current user ID to that user.
|
|
||||||
#
|
|
||||||
#proc-user=<user-name>
|
|
||||||
|
|
||||||
# Group name to run the process. After the initialization, the turnserver process
|
|
||||||
# will attempt to change the current group ID to that group.
|
|
||||||
#
|
|
||||||
#proc-group=<group-name>
|
|
||||||
|
|
||||||
# Turn OFF the CLI support.
|
|
||||||
# By default it is always ON.
|
|
||||||
# See also options cli-ip and cli-port.
|
|
||||||
#
|
|
||||||
no-cli
|
|
||||||
|
|
||||||
#Local system IP address to be used for CLI server endpoint. Default value
|
|
||||||
# is 127.0.0.1.
|
|
||||||
#
|
|
||||||
# cli-ip=127.0.0.1
|
|
||||||
|
|
||||||
# CLI server port. Default is 5766.
|
|
||||||
#
|
|
||||||
# cli-port=5766
|
|
||||||
|
|
||||||
# CLI access password. Default is empty (no password).
|
|
||||||
# For the security reasons, it is recommended that you use the encrypted
|
|
||||||
# form of the password (see the -P command in the turnadmin utility).
|
|
||||||
#
|
|
||||||
# Secure form for password 'qwerty':
|
|
||||||
#
|
|
||||||
#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
|
|
||||||
#
|
|
||||||
# Or insecure form for the same password:
|
|
||||||
#
|
|
||||||
# cli-password=CHANGE_ME
|
|
||||||
|
|
||||||
# Enable Web-admin support on https. By default it is Disabled.
|
|
||||||
# If it is enabled it also enables a http a simple static banner page
|
|
||||||
# with a small reminder that the admin page is available only on https.
|
|
||||||
#
|
|
||||||
#web-admin
|
|
||||||
|
|
||||||
# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
|
|
||||||
#
|
|
||||||
#web-admin-ip=127.0.0.1
|
|
||||||
|
|
||||||
# Web-admin server port. Default is 8080.
|
|
||||||
#
|
|
||||||
#web-admin-port=8080
|
|
||||||
|
|
||||||
# Web-admin server listen on STUN/TURN worker threads
|
|
||||||
# By default it is disabled for security reasons! (Not recommended in any production environment!)
|
|
||||||
#
|
|
||||||
#web-admin-listen-on-workers
|
|
||||||
|
|
||||||
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
|
|
||||||
# Only for those applications when you want to run
|
|
||||||
# server applications on the relay endpoints.
|
|
||||||
# This option eliminates the IP permissions check on
|
|
||||||
# the packets incoming to the relay endpoints.
|
|
||||||
#
|
|
||||||
#server-relay
|
|
||||||
|
|
||||||
# Maximum number of output sessions in ps CLI command.
|
|
||||||
# This value can be changed on-the-fly in CLI. The default value is 256.
|
|
||||||
#
|
|
||||||
#cli-max-output-sessions
|
|
||||||
|
|
||||||
# Set network engine type for the process (for internal purposes).
|
|
||||||
#
|
|
||||||
#ne=[1|2|3]
|
|
||||||
|
|
||||||
# Do not allow an TLS/DTLS version of protocol
|
|
||||||
#
|
|
||||||
#no-tlsv1
|
|
||||||
#no-tlsv1_1
|
|
||||||
#no-tlsv1_2
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<clickhouse>
|
|
||||||
<profiles>
|
|
||||||
<default>
|
|
||||||
<log_queries>0</log_queries>
|
|
||||||
<log_query_threads>0</log_query_threads>
|
|
||||||
</default>
|
|
||||||
</profiles>
|
|
||||||
</clickhouse>
|
|
||||||
@@ -1,62 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
version: 2
|
|
||||||
|
|
||||||
postal:
|
|
||||||
web_hostname: post.trez.wtf
|
|
||||||
web_protocol: http
|
|
||||||
smtp_hostname: post.trez.wtf
|
|
||||||
use_ip_pools: false
|
|
||||||
signing_key_path: /config/signing.key
|
|
||||||
trusted_proxies: [ "172.18.0.0/16" ]
|
|
||||||
|
|
||||||
web_server:
|
|
||||||
default_port: 5000
|
|
||||||
default_bind_address: 0.0.0.0
|
|
||||||
|
|
||||||
main_db:
|
|
||||||
host: mariadb
|
|
||||||
username: postal
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
|
||||||
database: postal
|
|
||||||
|
|
||||||
message_db:
|
|
||||||
host: mariadb
|
|
||||||
username: postal
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
|
||||||
prefix: postal
|
|
||||||
|
|
||||||
smtp_server:
|
|
||||||
default_port: 25
|
|
||||||
default_bind_address: "::"
|
|
||||||
tls_enabled: true
|
|
||||||
tls_certificate_path: /config/certs/fullchain.pem
|
|
||||||
tls_private_key_path: /config/certs/privkey.pem
|
|
||||||
|
|
||||||
dns:
|
|
||||||
# Specify the DNS records that you have configured. Refer to the documentation at
|
|
||||||
# https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
|
|
||||||
# information about these.
|
|
||||||
mx_records:
|
|
||||||
- mx.post.trez.wtf
|
|
||||||
spf_include: spf.post.trez.wtf
|
|
||||||
return_path_domain: rp.post.trez.wtf
|
|
||||||
route_domain: routes.post.trez.wtf
|
|
||||||
track_domain: track.post.trez.wtf
|
|
||||||
|
|
||||||
smtp:
|
|
||||||
# Specify an SMTP server that can be used to send messages from the Postal management
|
|
||||||
# system to users. You can configure this to use a Postal mail server once the
|
|
||||||
# your installation has been set up.
|
|
||||||
host: postal-smtp
|
|
||||||
port: 25
|
|
||||||
username: rinoa/postal-smtp
|
|
||||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
|
||||||
from_name: Postal @ Rinoa
|
|
||||||
from_address: noreply@trez.wtf
|
|
||||||
|
|
||||||
rails:
|
|
||||||
# This is generated automatically by the config initialization. It should be a random
|
|
||||||
# string unique to your installation.
|
|
||||||
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
|
||||||
<BindAddress>*</BindAddress>
|
|
||||||
<Port>9696</Port>
|
|
||||||
<SslPort>6969</SslPort>
|
|
||||||
<EnableSsl>False</EnableSsl>
|
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
|
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
|
||||||
<Branch>master</Branch>
|
|
||||||
<LogLevel>info</LogLevel>
|
|
||||||
<SslCertPath></SslCertPath>
|
|
||||||
<SslCertPassword></SslCertPassword>
|
|
||||||
<UrlBase></UrlBase>
|
|
||||||
<InstanceName>Prowlarr</InstanceName>
|
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
|
||||||
<Theme>light</Theme>
|
|
||||||
</Config>
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"radarr_address": "http://radarr:7878",
|
|
||||||
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}",
|
|
||||||
"root_folder_path": "/data/media/movies",
|
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
|
|
||||||
"fallback_to_top_result": false,
|
|
||||||
"radarr_api_timeout": 120.0,
|
|
||||||
"quality_profile_id": 1,
|
|
||||||
"metadata_profile_id": 1,
|
|
||||||
"search_for_movie": true,
|
|
||||||
"dry_run_adding_to_radarr": false,
|
|
||||||
"minimum_rating": 4.5,
|
|
||||||
"minimum_votes": 50,
|
|
||||||
"language_choice": "all",
|
|
||||||
"auto_start": true,
|
|
||||||
"auto_start_delay": 60.0
|
|
||||||
}
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
|
||||||
<LogLevel>info</LogLevel>
|
|
||||||
<BindAddress>*</BindAddress>
|
|
||||||
<EnableSsl>False</EnableSsl>
|
|
||||||
<SslCertPath></SslCertPath>
|
|
||||||
<Port>7878</Port>
|
|
||||||
<UrlBase></UrlBase>
|
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey>
|
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
|
||||||
<SslPort>9898</SslPort>
|
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
|
||||||
<Branch>master</Branch>
|
|
||||||
<SslCertPassword></SslCertPassword>
|
|
||||||
<InstanceName>Radarr</InstanceName>
|
|
||||||
<Theme>auto</Theme>
|
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
|
||||||
</Config>
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
|
||||||
<BindAddress>*</BindAddress>
|
|
||||||
<Port>8787</Port>
|
|
||||||
<SslPort>6868</SslPort>
|
|
||||||
<EnableSsl>False</EnableSsl>
|
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey>
|
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
|
||||||
<Branch>develop</Branch>
|
|
||||||
<LogLevel>info</LogLevel>
|
|
||||||
<SslCertPath></SslCertPath>
|
|
||||||
<SslCertPassword></SslCertPassword>
|
|
||||||
<UrlBase></UrlBase>
|
|
||||||
<InstanceName>Readarr</InstanceName>
|
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
|
||||||
<Theme>auto</Theme>
|
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
|
||||||
</Config>
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
# This is a generic example of a configuration file
|
|
||||||
# Rename this file to `config.yml`, copy it to a `config` folder, and mount that folder as per the docker-compose.example.yml
|
|
||||||
# Only uncomment the lines you want to use/modify, or add new ones where needed
|
|
||||||
|
|
||||||
exclude:
|
|
||||||
# Exclude platforms to be scanned
|
|
||||||
platforms: [] # ['my_excluded_platform_1', 'my_excluded_platform_2']
|
|
||||||
|
|
||||||
# Exclude roms or parts of roms to be scanned
|
|
||||||
roms:
|
|
||||||
# Single file games section.
|
|
||||||
# Will not apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
|
|
||||||
single_file:
|
|
||||||
# Exclude all files with certain extensions to be scanned
|
|
||||||
extensions: [] # ['xml', 'txt']
|
|
||||||
|
|
||||||
# Exclude matched file names to be scanned.
|
|
||||||
# Supports unix filename pattern matching
|
|
||||||
# Can also exclude files by extension
|
|
||||||
names: [] # ['info.txt', '._*', '*.nfo']
|
|
||||||
|
|
||||||
# Multi files games section
|
|
||||||
# Will apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
|
|
||||||
multi_file:
|
|
||||||
# Exclude matched 'folder' names to be scanned (RomM identifies folders as multi file games)
|
|
||||||
names: [] # ['my_multi_file_game', 'DLC']
|
|
||||||
|
|
||||||
# Exclude files within sub-folders.
|
|
||||||
parts:
|
|
||||||
# Exclude matched file names to be scanned from multi file roms
|
|
||||||
# Keep in mind that RomM doesn't scan folders inside multi files games,
|
|
||||||
# so there is no need to exclude folders from inside of multi files games.
|
|
||||||
names: [] # ['data.xml', '._*'] # Supports unix filename pattern matching
|
|
||||||
|
|
||||||
# Exclude all files with certain extensions to be scanned from multi file roms
|
|
||||||
extensions: [] # ['xml', 'txt']
|
|
||||||
|
|
||||||
system:
|
|
||||||
# Asociate different platform names to your current file system platform names
|
|
||||||
# [your custom platform folder name]: [RomM platform name]
|
|
||||||
# In this example if you have a 'gc' folder, RomM will treat it like the 'ngc' folder and if you have a 'psx' folder, RomM will treat it like the 'ps' folder
|
|
||||||
platforms: {} # { gc: 'ngc', psx: 'ps' }
|
|
||||||
|
|
||||||
# Asociate one platform to it's main version
|
|
||||||
versions: {} # { naomi: 'arcade' }
|
|
||||||
|
|
||||||
# The folder name where your roms are located
|
|
||||||
filesystem: {} # { roms_folder: 'roms' } For example if your folder structure is /home/user/library/roms_folder
|
|
||||||
@@ -1,482 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
__version__ = 19
|
|
||||||
__encoding__ = utf-8
|
|
||||||
[misc]
|
|
||||||
pre_script = None
|
|
||||||
queue_complete = ""
|
|
||||||
queue_complete_pers = 0
|
|
||||||
bandwidth_perc = 0
|
|
||||||
refresh_rate = 1
|
|
||||||
queue_limit = 20
|
|
||||||
config_lock = 0
|
|
||||||
sched_converted = 2
|
|
||||||
notified_new_skin = 2
|
|
||||||
direct_unpack_tested = 1
|
|
||||||
check_new_rel = 1
|
|
||||||
auto_browser = 0
|
|
||||||
language = en
|
|
||||||
enable_https_verification = 1
|
|
||||||
host = 0.0.0.0
|
|
||||||
port = 8080
|
|
||||||
https_port = 8090
|
|
||||||
username = thetrezuredone
|
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }}
|
|
||||||
bandwidth_max = 1000M
|
|
||||||
cache_limit = 1G
|
|
||||||
web_dir = Glitter
|
|
||||||
web_color = Auto
|
|
||||||
https_cert = server.cert
|
|
||||||
https_key = server.key
|
|
||||||
https_chain = ""
|
|
||||||
enable_https = 1
|
|
||||||
inet_exposure = 0
|
|
||||||
local_ranges = ,
|
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }}
|
|
||||||
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
|
||||||
permissions = 775
|
|
||||||
download_dir = /storage/downloads/incomplete
|
|
||||||
download_free = ""
|
|
||||||
complete_dir = /storage/downloads/completed/nzb
|
|
||||||
script_dir = ""
|
|
||||||
nzb_backup_dir = ""
|
|
||||||
admin_dir = admin
|
|
||||||
dirscan_dir = /storage/downloads/watch
|
|
||||||
dirscan_speed = 5
|
|
||||||
password_file = ""
|
|
||||||
log_dir = logs
|
|
||||||
max_art_tries = 3
|
|
||||||
load_balancing = 2
|
|
||||||
top_only = 0
|
|
||||||
sfv_check = 1
|
|
||||||
quick_check_ext_ignore = nfo, sfv, srr
|
|
||||||
script_can_fail = 0
|
|
||||||
ssl_ciphers = ""
|
|
||||||
enable_recursive = 1
|
|
||||||
flat_unpack = 0
|
|
||||||
par_option = ""
|
|
||||||
pre_check = 1
|
|
||||||
nice = ""
|
|
||||||
win_process_prio = 3
|
|
||||||
ionice = ""
|
|
||||||
fail_hopeless_jobs = 1
|
|
||||||
fast_fail = 1
|
|
||||||
auto_disconnect = 1
|
|
||||||
no_dupes = 3
|
|
||||||
no_series_dupes = 0
|
|
||||||
series_propercheck = 1
|
|
||||||
pause_on_pwrar = 2
|
|
||||||
ignore_samples = 1
|
|
||||||
deobfuscate_final_filenames = 0
|
|
||||||
auto_sort = ""
|
|
||||||
direct_unpack = 1
|
|
||||||
direct_unpack_threads = 3
|
|
||||||
propagation_delay = 0
|
|
||||||
folder_rename = 1
|
|
||||||
replace_spaces = 1
|
|
||||||
replace_dots = 1
|
|
||||||
safe_postproc = 1
|
|
||||||
pause_on_post_processing = 0
|
|
||||||
sanitize_safe = 0
|
|
||||||
cleanup_list = ,
|
|
||||||
unwanted_extensions = ,
|
|
||||||
action_on_unwanted_extensions = 0
|
|
||||||
new_nzb_on_failure = 1
|
|
||||||
history_retention = ""
|
|
||||||
enable_meta = 1
|
|
||||||
quota_size = ""
|
|
||||||
quota_day = ""
|
|
||||||
quota_resume = 0
|
|
||||||
quota_period = m
|
|
||||||
rating_enable = 0
|
|
||||||
rating_host = ""
|
|
||||||
rating_api_key = ""
|
|
||||||
rating_filter_enable = 0
|
|
||||||
rating_filter_abort_audio = 0
|
|
||||||
rating_filter_abort_video = 0
|
|
||||||
rating_filter_abort_encrypted = 0
|
|
||||||
rating_filter_abort_encrypted_confirm = 0
|
|
||||||
rating_filter_abort_spam = 0
|
|
||||||
rating_filter_abort_spam_confirm = 0
|
|
||||||
rating_filter_abort_downvoted = 0
|
|
||||||
rating_filter_abort_keywords = ""
|
|
||||||
rating_filter_pause_audio = 0
|
|
||||||
rating_filter_pause_video = 0
|
|
||||||
rating_filter_pause_encrypted = 0
|
|
||||||
rating_filter_pause_encrypted_confirm = 0
|
|
||||||
rating_filter_pause_spam = 0
|
|
||||||
rating_filter_pause_spam_confirm = 0
|
|
||||||
rating_filter_pause_downvoted = 0
|
|
||||||
rating_filter_pause_keywords = ""
|
|
||||||
enable_tv_sorting = 1
|
|
||||||
tv_sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
|
|
||||||
tv_sort_countries = 1
|
|
||||||
tv_categories = tv,
|
|
||||||
enable_movie_sorting = 0
|
|
||||||
movie_sort_string = ""
|
|
||||||
movie_sort_extra = -cd%1
|
|
||||||
movie_extra_folder = 0
|
|
||||||
movie_categories = movies,
|
|
||||||
enable_date_sorting = 0
|
|
||||||
date_sort_string = ""
|
|
||||||
date_categories = tv,
|
|
||||||
schedlines = ,
|
|
||||||
rss_rate = 60
|
|
||||||
ampm = 0
|
|
||||||
replace_illegal = 1
|
|
||||||
start_paused = 0
|
|
||||||
enable_all_par = 1
|
|
||||||
enable_par_cleanup = 1
|
|
||||||
enable_unrar = 1
|
|
||||||
enable_unzip = 1
|
|
||||||
enable_7zip = 1
|
|
||||||
enable_filejoin = 1
|
|
||||||
enable_tsjoin = 1
|
|
||||||
overwrite_files = 0
|
|
||||||
ignore_unrar_dates = 0
|
|
||||||
backup_for_duplicates = 1
|
|
||||||
empty_postproc = 0
|
|
||||||
wait_for_dfolder = 0
|
|
||||||
rss_filenames = 0
|
|
||||||
api_logging = 1
|
|
||||||
html_login = 1
|
|
||||||
osx_menu = 1
|
|
||||||
osx_speed = 1
|
|
||||||
warn_dupl_jobs = 1
|
|
||||||
helpfull_warnings = 1
|
|
||||||
keep_awake = 1
|
|
||||||
win_menu = 1
|
|
||||||
allow_incomplete_nzb = 0
|
|
||||||
enable_bonjour = 1
|
|
||||||
max_art_opt = 0
|
|
||||||
ipv6_hosting = 0
|
|
||||||
fixed_ports = 1
|
|
||||||
api_warnings = 1
|
|
||||||
disable_api_key = 0
|
|
||||||
no_penalties = 0
|
|
||||||
x_frame_options = 1
|
|
||||||
require_modern_tls = 0
|
|
||||||
num_decoders = 3
|
|
||||||
rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/
|
|
||||||
req_completion_rate = 100.2
|
|
||||||
selftest_host = self-test.sabnzbd.org
|
|
||||||
movie_rename_limit = 100M
|
|
||||||
size_limit = 0
|
|
||||||
show_sysload = 2
|
|
||||||
history_limit = 10
|
|
||||||
wait_ext_drive = 5
|
|
||||||
max_foldername_length = 246
|
|
||||||
nomedia_marker = ""
|
|
||||||
ipv6_servers = 1
|
|
||||||
url_base = /sabnzbd
|
|
||||||
host_whitelist = rinoa, sabnzbd.trez.wtf
|
|
||||||
max_url_retries = 10
|
|
||||||
email_server = ""
|
|
||||||
email_to = ,
|
|
||||||
email_from = ""
|
|
||||||
email_account = ""
|
|
||||||
email_pwd = ""
|
|
||||||
email_endjob = 0
|
|
||||||
email_full = 0
|
|
||||||
email_dir = ""
|
|
||||||
email_rss = 0
|
|
||||||
email_cats = *,
|
|
||||||
interface_settings = '{"dateFormat":"fromNow","extraQueueColumns":["category"],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}'
|
|
||||||
complete_free = ""
|
|
||||||
fulldisk_autoresume = 0
|
|
||||||
enable_broadcast = 1
|
|
||||||
downloader_sleep_time = 10
|
|
||||||
ssdp_broadcast_interval = 15
|
|
||||||
unwanted_extensions_mode = 0
|
|
||||||
process_unpacked_par2 = 1
|
|
||||||
episode_rename_limit = 20M
|
|
||||||
socks5_proxy_url = ""
|
|
||||||
preserve_paused_state = 0
|
|
||||||
helpful_warnings = 1
|
|
||||||
allow_old_ssl_tls = 0
|
|
||||||
num_simd_decoders = 2
|
|
||||||
ext_rename_ignore = ,
|
|
||||||
backup_dir = ""
|
|
||||||
replace_underscores = 0
|
|
||||||
tray_icon = 1
|
|
||||||
sorters_converted = 1
|
|
||||||
enable_season_sorting = 1
|
|
||||||
receive_threads = 2
|
|
||||||
switchinterval = 0.005
|
|
||||||
end_queue_script = None
|
|
||||||
no_smart_dupes = 1
|
|
||||||
dupes_propercheck = 1
|
|
||||||
enable_multipar = 1
|
|
||||||
verify_xff_header = 0
|
|
||||||
history_retention_option = all
|
|
||||||
history_retention_number = 1
|
|
||||||
ipv6_staging = 0
|
|
||||||
disable_archive = 0
|
|
||||||
config_conversion_version = 4
|
|
||||||
disable_par2cmdline = 0
|
|
||||||
[logging]
|
|
||||||
log_level = 1
|
|
||||||
max_log_size = 5242880
|
|
||||||
log_backups = 5
|
|
||||||
[ncenter]
|
|
||||||
ncenter_enable = 0
|
|
||||||
ncenter_cats = *,
|
|
||||||
ncenter_prio_startup = 0
|
|
||||||
ncenter_prio_download = 0
|
|
||||||
ncenter_prio_pause_resume = 0
|
|
||||||
ncenter_prio_pp = 0
|
|
||||||
ncenter_prio_complete = 0
|
|
||||||
ncenter_prio_failed = 0
|
|
||||||
ncenter_prio_disk_full = 0
|
|
||||||
ncenter_prio_new_login = 0
|
|
||||||
ncenter_prio_warning = 0
|
|
||||||
ncenter_prio_error = 0
|
|
||||||
ncenter_prio_queue_done = 0
|
|
||||||
ncenter_prio_other = 0
|
|
||||||
[acenter]
|
|
||||||
acenter_enable = 0
|
|
||||||
acenter_cats = *,
|
|
||||||
acenter_prio_startup = 0
|
|
||||||
acenter_prio_download = 0
|
|
||||||
acenter_prio_pause_resume = 0
|
|
||||||
acenter_prio_pp = 0
|
|
||||||
acenter_prio_complete = 0
|
|
||||||
acenter_prio_failed = 0
|
|
||||||
acenter_prio_disk_full = 0
|
|
||||||
acenter_prio_new_login = 0
|
|
||||||
acenter_prio_warning = 0
|
|
||||||
acenter_prio_error = 0
|
|
||||||
acenter_prio_queue_done = 0
|
|
||||||
acenter_prio_other = 0
|
|
||||||
[ntfosd]
|
|
||||||
ntfosd_enable = 0
|
|
||||||
ntfosd_cats = *,
|
|
||||||
ntfosd_prio_startup = 0
|
|
||||||
ntfosd_prio_download = 0
|
|
||||||
ntfosd_prio_pause_resume = 0
|
|
||||||
ntfosd_prio_pp = 0
|
|
||||||
ntfosd_prio_complete = 0
|
|
||||||
ntfosd_prio_failed = 0
|
|
||||||
ntfosd_prio_disk_full = 0
|
|
||||||
ntfosd_prio_new_login = 0
|
|
||||||
ntfosd_prio_warning = 0
|
|
||||||
ntfosd_prio_error = 0
|
|
||||||
ntfosd_prio_queue_done = 0
|
|
||||||
ntfosd_prio_other = 0
|
|
||||||
[prowl]
|
|
||||||
prowl_enable = 0
|
|
||||||
prowl_cats = *,
|
|
||||||
prowl_apikey = ""
|
|
||||||
prowl_prio_startup = -3
|
|
||||||
prowl_prio_download = -3
|
|
||||||
prowl_prio_pause_resume = -3
|
|
||||||
prowl_prio_pp = -3
|
|
||||||
prowl_prio_complete = 0
|
|
||||||
prowl_prio_failed = 1
|
|
||||||
prowl_prio_disk_full = 1
|
|
||||||
prowl_prio_new_login = -3
|
|
||||||
prowl_prio_warning = -3
|
|
||||||
prowl_prio_error = -3
|
|
||||||
prowl_prio_queue_done = 0
|
|
||||||
prowl_prio_other = -3
|
|
||||||
[pushover]
|
|
||||||
pushover_token = ""
|
|
||||||
pushover_userkey = ""
|
|
||||||
pushover_device = ""
|
|
||||||
pushover_emergency_expire = 3600
|
|
||||||
pushover_emergency_retry = 60
|
|
||||||
pushover_enable = 0
|
|
||||||
pushover_cats = *,
|
|
||||||
pushover_prio_startup = -3
|
|
||||||
pushover_prio_download = -2
|
|
||||||
pushover_prio_pause_resume = -2
|
|
||||||
pushover_prio_pp = -3
|
|
||||||
pushover_prio_complete = -1
|
|
||||||
pushover_prio_failed = -1
|
|
||||||
pushover_prio_disk_full = 1
|
|
||||||
pushover_prio_new_login = -3
|
|
||||||
pushover_prio_warning = 1
|
|
||||||
pushover_prio_error = 1
|
|
||||||
pushover_prio_queue_done = -1
|
|
||||||
pushover_prio_other = -3
|
|
||||||
[pushbullet]
|
|
||||||
pushbullet_enable = 0
|
|
||||||
pushbullet_cats = *,
|
|
||||||
pushbullet_apikey = ""
|
|
||||||
pushbullet_device = ""
|
|
||||||
pushbullet_prio_startup = 0
|
|
||||||
pushbullet_prio_download = 0
|
|
||||||
pushbullet_prio_pause_resume = 0
|
|
||||||
pushbullet_prio_pp = 0
|
|
||||||
pushbullet_prio_complete = 1
|
|
||||||
pushbullet_prio_failed = 1
|
|
||||||
pushbullet_prio_disk_full = 1
|
|
||||||
pushbullet_prio_new_login = 0
|
|
||||||
pushbullet_prio_warning = 0
|
|
||||||
pushbullet_prio_error = 0
|
|
||||||
pushbullet_prio_queue_done = 0
|
|
||||||
pushbullet_prio_other = 0
|
|
||||||
[nscript]
|
|
||||||
nscript_enable = 0
|
|
||||||
nscript_cats = *,
|
|
||||||
nscript_script = None
|
|
||||||
nscript_parameters = ""
|
|
||||||
nscript_prio_startup = 1
|
|
||||||
nscript_prio_download = 0
|
|
||||||
nscript_prio_pause_resume = 0
|
|
||||||
nscript_prio_pp = 0
|
|
||||||
nscript_prio_complete = 1
|
|
||||||
nscript_prio_failed = 1
|
|
||||||
nscript_prio_disk_full = 1
|
|
||||||
nscript_prio_new_login = 0
|
|
||||||
nscript_prio_warning = 0
|
|
||||||
nscript_prio_error = 0
|
|
||||||
nscript_prio_queue_done = 1
|
|
||||||
nscript_prio_other = 0
|
|
||||||
[servers]
|
|
||||||
[[news.newshosting.com]]
|
|
||||||
name = news.newshosting.com
|
|
||||||
displayname = Newshosting
|
|
||||||
host = news.newshosting.com
|
|
||||||
port = 563
|
|
||||||
timeout = 60
|
|
||||||
username = thetrezuredone
|
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
|
|
||||||
connections = 8
|
|
||||||
ssl = 1
|
|
||||||
ssl_verify = 3
|
|
||||||
ssl_ciphers = ""
|
|
||||||
enable = 1
|
|
||||||
required = 0
|
|
||||||
optional = 0
|
|
||||||
retention = 0
|
|
||||||
expire_date = ""
|
|
||||||
quota = ""
|
|
||||||
usage_at_start = 0
|
|
||||||
priority = 0
|
|
||||||
notes = ""
|
|
||||||
[[news.easynews.com]]
|
|
||||||
name = news.easynews.com
|
|
||||||
displayname = EasyNews
|
|
||||||
host = news.easynews.com
|
|
||||||
port = 443
|
|
||||||
timeout = 60
|
|
||||||
username = TrezOne
|
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
|
|
||||||
connections = 60
|
|
||||||
ssl = 0
|
|
||||||
ssl_verify = 3
|
|
||||||
ssl_ciphers = ""
|
|
||||||
enable = 1
|
|
||||||
required = 0
|
|
||||||
optional = 0
|
|
||||||
retention = 0
|
|
||||||
expire_date = ""
|
|
||||||
quota = ""
|
|
||||||
usage_at_start = 0
|
|
||||||
priority = 0
|
|
||||||
notes = ""
|
|
||||||
[categories]
|
|
||||||
[[software]]
|
|
||||||
name = software
|
|
||||||
order = 0
|
|
||||||
pp = ""
|
|
||||||
script = Default
|
|
||||||
dir = ""
|
|
||||||
newzbin = ""
|
|
||||||
priority = -100
|
|
||||||
[[*]]
|
|
||||||
name = *
|
|
||||||
order = 0
|
|
||||||
pp = 3
|
|
||||||
script = Default
|
|
||||||
dir = ""
|
|
||||||
newzbin = ""
|
|
||||||
priority = 0
|
|
||||||
[[tv]]
|
|
||||||
name = tv
|
|
||||||
order = 0
|
|
||||||
pp = ""
|
|
||||||
script = Default
|
|
||||||
dir = tv
|
|
||||||
newzbin = ""
|
|
||||||
priority = -100
|
|
||||||
[[audio]]
|
|
||||||
name = audio
|
|
||||||
order = 0
|
|
||||||
pp = 2
|
|
||||||
script = Default
|
|
||||||
dir = music
|
|
||||||
newzbin = ""
|
|
||||||
priority = 1
|
|
||||||
[[movies]]
|
|
||||||
name = movies
|
|
||||||
order = 0
|
|
||||||
pp = ""
|
|
||||||
script = Default
|
|
||||||
dir = movies
|
|
||||||
newzbin = ""
|
|
||||||
priority = -100
|
|
||||||
[[ebook]]
|
|
||||||
name = ebook
|
|
||||||
order = 0
|
|
||||||
pp = 2
|
|
||||||
script = Default
|
|
||||||
dir = ebooks
|
|
||||||
newzbin = ""
|
|
||||||
priority = -100
|
|
||||||
[[prowlarr]]
|
|
||||||
name = prowlarr
|
|
||||||
order = 0
|
|
||||||
pp = ""
|
|
||||||
script = Default
|
|
||||||
dir = ""
|
|
||||||
newzbin = ""
|
|
||||||
priority = -1
|
|
||||||
[[sonarr]]
|
|
||||||
name = sonarr
|
|
||||||
order = 1
|
|
||||||
pp = ""
|
|
||||||
script = Default
|
|
||||||
dir = tv
|
|
||||||
newzbin = ""
|
|
||||||
priority = -100
|
|
||||||
[sorters]
|
|
||||||
[[Series Sorting]]
|
|
||||||
name = Series Sorting
|
|
||||||
order = 0
|
|
||||||
min_size = 20M
|
|
||||||
multipart_label = ""
|
|
||||||
sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
|
|
||||||
sort_cats = tv,
|
|
||||||
sort_type = 1,
|
|
||||||
is_active = 1
|
|
||||||
[apprise]
|
|
||||||
apprise_enable = 1
|
|
||||||
apprise_cats = *,
|
|
||||||
apprise_urls = apprise://apprise:8000/aef1ab3765b857585e13340f1f5f879b2babcc47b0eccead98a19e0a93fe1a35
|
|
||||||
apprise_target_startup = ""
|
|
||||||
apprise_target_startup_enable = 0
|
|
||||||
apprise_target_download = ""
|
|
||||||
apprise_target_download_enable = 0
|
|
||||||
apprise_target_pause_resume = ""
|
|
||||||
apprise_target_pause_resume_enable = 1
|
|
||||||
apprise_target_pp = ""
|
|
||||||
apprise_target_pp_enable = 0
|
|
||||||
apprise_target_complete = ""
|
|
||||||
apprise_target_complete_enable = 1
|
|
||||||
apprise_target_failed = ""
|
|
||||||
apprise_target_failed_enable = 1
|
|
||||||
apprise_target_disk_full = ""
|
|
||||||
apprise_target_disk_full_enable = 0
|
|
||||||
apprise_target_new_login = ""
|
|
||||||
apprise_target_new_login_enable = 1
|
|
||||||
apprise_target_warning = ""
|
|
||||||
apprise_target_warning_enable = 1
|
|
||||||
apprise_target_error = ""
|
|
||||||
apprise_target_error_enable = 1
|
|
||||||
apprise_target_queue_done = ""
|
|
||||||
apprise_target_queue_done_enable = 0
|
|
||||||
apprise_target_other = ""
|
|
||||||
apprise_target_other_enable = 1
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
bolt-path: /opt/scrutiny/influxdb/influxd.bolt
|
|
||||||
engine-path: /opt/scrutiny/influxdb/engine
|
|
||||||
http-bind-address: ":8086"
|
|
||||||
reporting-disabled: true
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1,49 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
[uwsgi]
|
|
||||||
# Who will run the code
|
|
||||||
uid = searxng
|
|
||||||
gid = searxng
|
|
||||||
|
|
||||||
# Number of workers (usually CPU count)
|
|
||||||
workers = %k
|
|
||||||
threads = 4
|
|
||||||
|
|
||||||
# The right granted on the created socket
|
|
||||||
chmod-socket = 666
|
|
||||||
|
|
||||||
# Plugin to use and interpreter config
|
|
||||||
single-interpreter = true
|
|
||||||
master = true
|
|
||||||
plugin = python3
|
|
||||||
lazy-apps = true
|
|
||||||
enable-threads = 4
|
|
||||||
|
|
||||||
# Module to import
|
|
||||||
module = searx.webapp
|
|
||||||
|
|
||||||
# Virtualenv and python path
|
|
||||||
pythonpath = /usr/local/searxng/
|
|
||||||
chdir = /usr/local/searxng/searx/
|
|
||||||
|
|
||||||
# automatically set processes name to something meaningful
|
|
||||||
auto-procname = true
|
|
||||||
|
|
||||||
# Disable request logging for privacy
|
|
||||||
disable-logging = true
|
|
||||||
log-5xx = true
|
|
||||||
|
|
||||||
# Set the max size of a request (request-body excluded)
|
|
||||||
buffer-size = 8192
|
|
||||||
|
|
||||||
# No keep alive
|
|
||||||
# See https://github.com/searx/searx-docker/issues/24
|
|
||||||
add-header = Connection: close
|
|
||||||
|
|
||||||
# uwsgi serves the static files
|
|
||||||
static-map = /static=/usr/local/searxng/searx/static
|
|
||||||
# expires set to one day
|
|
||||||
static-expires = /* 86400
|
|
||||||
static-gzip-all = True
|
|
||||||
offload-threads = 4
|
|
||||||
@@ -1,75 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<clickhouse>
|
|
||||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
|
||||||
Optional. If you don't use replicated tables, you could omit that.
|
|
||||||
|
|
||||||
See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
|
|
||||||
-->
|
|
||||||
<zookeeper>
|
|
||||||
<node index="1">
|
|
||||||
<host>signoz-zookeeper-1</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node>
|
|
||||||
<node index="2">
|
|
||||||
<host>zookeeper-2</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node>
|
|
||||||
<node index="3">
|
|
||||||
<host>zookeeper-3</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node>
|
|
||||||
</zookeeper>
|
|
||||||
|
|
||||||
<!-- Configuration of clusters that could be used in Distributed tables.
|
|
||||||
https://clickhouse.com/docs/en/operations/table_engines/distributed/
|
|
||||||
-->
|
|
||||||
<remote_servers>
|
|
||||||
<cluster>
|
|
||||||
<!-- Inter-server per-cluster secret for Distributed queries
|
|
||||||
default: no secret (no authentication will be performed)
|
|
||||||
|
|
||||||
If set, then Distributed queries will be validated on shards, so at least:
|
|
||||||
- such cluster should exist on the shard,
|
|
||||||
- such cluster should have the same secret.
|
|
||||||
|
|
||||||
And also (and which is more important), the initial_user will
|
|
||||||
be used as current user for the query.
|
|
||||||
|
|
||||||
Right now the protocol is pretty simple and it only takes into account:
|
|
||||||
- cluster name
|
|
||||||
- query
|
|
||||||
|
|
||||||
Also it will be nice if the following will be implemented:
|
|
||||||
- source hostname (see interserver_http_host), but then it will depends from DNS,
|
|
||||||
it can use IP address instead, but then the you need to get correct on the initiator node.
|
|
||||||
- target hostname / ip address (same notes as for source hostname)
|
|
||||||
- time-based security tokens
|
|
||||||
-->
|
|
||||||
<!-- <secret></secret> -->
|
|
||||||
<shard>
|
|
||||||
<!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
|
|
||||||
<!-- <internal_replication>false</internal_replication> -->
|
|
||||||
<!-- Optional. Shard weight when writing data. Default: 1. -->
|
|
||||||
<!-- <weight>1</weight> -->
|
|
||||||
<replica>
|
|
||||||
<host>signoz-clickhouse</host>
|
|
||||||
<port>9000</port>
|
|
||||||
<!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
|
|
||||||
<!-- <priority>1</priority> -->
|
|
||||||
</replica>
|
|
||||||
</shard>
|
|
||||||
<shard>
|
|
||||||
<replica>
|
|
||||||
<host>clickhouse-2</host>
|
|
||||||
<port>9000</port>
|
|
||||||
</replica>
|
|
||||||
</shard>
|
|
||||||
<shard>
|
|
||||||
<replica>
|
|
||||||
<host>clickhouse-3</host>
|
|
||||||
<port>9000</port>
|
|
||||||
</replica>
|
|
||||||
</shard>
|
|
||||||
</cluster>
|
|
||||||
</remote_servers>
|
|
||||||
</clickhouse>
|
|
||||||
@@ -1,75 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<clickhouse>
|
|
||||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
|
||||||
Optional. If you don't use replicated tables, you could omit that.
|
|
||||||
|
|
||||||
See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
|
|
||||||
-->
|
|
||||||
<zookeeper>
|
|
||||||
<node index="1">
|
|
||||||
<host>signoz-zookeeper-1</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node>
|
|
||||||
<!-- <node index="2">
|
|
||||||
<host>zookeeper-2</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node>
|
|
||||||
<node index="3">
|
|
||||||
<host>zookeeper-3</host>
|
|
||||||
<port>2181</port>
|
|
||||||
</node> -->
|
|
||||||
</zookeeper>
|
|
||||||
|
|
||||||
<!-- Configuration of clusters that could be used in Distributed tables.
|
|
||||||
https://clickhouse.com/docs/en/operations/table_engines/distributed/
|
|
||||||
-->
|
|
||||||
<remote_servers>
|
|
||||||
<cluster>
|
|
||||||
<!-- Inter-server per-cluster secret for Distributed queries
|
|
||||||
default: no secret (no authentication will be performed)
|
|
||||||
|
|
||||||
If set, then Distributed queries will be validated on shards, so at least:
|
|
||||||
- such cluster should exist on the shard,
|
|
||||||
- such cluster should have the same secret.
|
|
||||||
|
|
||||||
And also (and which is more important), the initial_user will
|
|
||||||
be used as current user for the query.
|
|
||||||
|
|
||||||
Right now the protocol is pretty simple and it only takes into account:
|
|
||||||
- cluster name
|
|
||||||
- query
|
|
||||||
|
|
||||||
Also it will be nice if the following will be implemented:
|
|
||||||
- source hostname (see interserver_http_host), but then it will depends from DNS,
|
|
||||||
it can use IP address instead, but then the you need to get correct on the initiator node.
|
|
||||||
- target hostname / ip address (same notes as for source hostname)
|
|
||||||
- time-based security tokens
|
|
||||||
-->
|
|
||||||
<!-- <secret></secret> -->
|
|
||||||
<shard>
|
|
||||||
<!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
|
|
||||||
<!-- <internal_replication>false</internal_replication> -->
|
|
||||||
<!-- Optional. Shard weight when writing data. Default: 1. -->
|
|
||||||
<!-- <weight>1</weight> -->
|
|
||||||
<replica>
|
|
||||||
<host>signoz-clickhouse</host>
|
|
||||||
<port>9000</port>
|
|
||||||
<!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
|
|
||||||
<!-- <priority>1</priority> -->
|
|
||||||
</replica>
|
|
||||||
</shard>
|
|
||||||
<!-- <shard>
|
|
||||||
<replica>
|
|
||||||
<host>clickhouse-2</host>
|
|
||||||
<port>9000</port>
|
|
||||||
</replica>
|
|
||||||
</shard>
|
|
||||||
<shard>
|
|
||||||
<replica>
|
|
||||||
<host>clickhouse-3</host>
|
|
||||||
<port>9000</port>
|
|
||||||
</replica>
|
|
||||||
</shard> -->
|
|
||||||
</cluster>
|
|
||||||
</remote_servers>
|
|
||||||
</clickhouse>
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1,21 +0,0 @@
|
|||||||
<functions>
|
|
||||||
<function>
|
|
||||||
<type>executable</type>
|
|
||||||
<name>histogramQuantile</name>
|
|
||||||
<return_type>Float64</return_type>
|
|
||||||
<argument>
|
|
||||||
<type>Array(Float64)</type>
|
|
||||||
<name>buckets</name>
|
|
||||||
</argument>
|
|
||||||
<argument>
|
|
||||||
<type>Array(Float64)</type>
|
|
||||||
<name>counts</name>
|
|
||||||
</argument>
|
|
||||||
<argument>
|
|
||||||
<type>Float64</type>
|
|
||||||
<name>quantile</name>
|
|
||||||
</argument>
|
|
||||||
<format>CSV</format>
|
|
||||||
<command>./histogramQuantile</command>
|
|
||||||
</function>
|
|
||||||
</functions>
|
|
||||||
@@ -1,41 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<clickhouse>
|
|
||||||
<storage_configuration>
|
|
||||||
<disks>
|
|
||||||
<default>
|
|
||||||
<keep_free_space_bytes>10485760</keep_free_space_bytes>
|
|
||||||
</default>
|
|
||||||
<s3>
|
|
||||||
<type>s3</type>
|
|
||||||
<!-- For S3 cold storage,
|
|
||||||
if region is us-east-1, endpoint can be https://<bucket-name>.s3.amazonaws.com
|
|
||||||
if region is not us-east-1, endpoint should be https://<bucket-name>.s3-<region>.amazonaws.com
|
|
||||||
For GCS cold storage,
|
|
||||||
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
|
|
||||||
-->
|
|
||||||
<endpoint>https://BUCKET-NAME.s3-REGION-NAME.amazonaws.com/data/</endpoint>
|
|
||||||
<access_key_id>ACCESS-KEY-ID</access_key_id>
|
|
||||||
<secret_access_key>SECRET-ACCESS-KEY</secret_access_key>
|
|
||||||
<!-- In case of S3, uncomment the below configuration in case you want to read
|
|
||||||
AWS credentials from the Environment variables if they exist. -->
|
|
||||||
<!-- <use_environment_credentials>true</use_environment_credentials> -->
|
|
||||||
<!-- In case of GCS, uncomment the below configuration, since GCS does
|
|
||||||
not support batch deletion and result in error messages in logs. -->
|
|
||||||
<!-- <support_batch_delete>false</support_batch_delete> -->
|
|
||||||
</s3>
|
|
||||||
</disks>
|
|
||||||
<policies>
|
|
||||||
<tiered>
|
|
||||||
<volumes>
|
|
||||||
<default>
|
|
||||||
<disk>default</disk>
|
|
||||||
</default>
|
|
||||||
<s3>
|
|
||||||
<disk>s3</disk>
|
|
||||||
<perform_ttl_move_on_insert>0</perform_ttl_move_on_insert>
|
|
||||||
</s3>
|
|
||||||
</volumes>
|
|
||||||
</tiered>
|
|
||||||
</policies>
|
|
||||||
</storage_configuration>
|
|
||||||
</clickhouse>
|
|
||||||
@@ -1,123 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<clickhouse>
|
|
||||||
<!-- See also the files in users.d directory where the settings can be overridden. -->
|
|
||||||
|
|
||||||
<!-- Profiles of settings. -->
|
|
||||||
<profiles>
|
|
||||||
<!-- Default settings. -->
|
|
||||||
<default>
|
|
||||||
<!-- Maximum memory usage for processing single query, in bytes. -->
|
|
||||||
<max_memory_usage>10000000000</max_memory_usage>
|
|
||||||
|
|
||||||
<!-- How to choose between replicas during distributed query processing.
|
|
||||||
random - choose random replica from set of replicas with minimum number of errors
|
|
||||||
nearest_hostname - from set of replicas with minimum number of errors, choose replica
|
|
||||||
with minimum number of different symbols between replica's hostname and local hostname
|
|
||||||
(Hamming distance).
|
|
||||||
in_order - first live replica is chosen in specified order.
|
|
||||||
first_or_random - if first replica one has higher number of errors, pick a random one from replicas with minimum number of errors.
|
|
||||||
-->
|
|
||||||
<load_balancing>random</load_balancing>
|
|
||||||
</default>
|
|
||||||
|
|
||||||
<!-- Profile that allows only read queries. -->
|
|
||||||
<readonly>
|
|
||||||
<readonly>1</readonly>
|
|
||||||
</readonly>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
<!-- Users and ACL. -->
|
|
||||||
<users>
|
|
||||||
<!-- If user name was not specified, 'default' user is used. -->
|
|
||||||
<default>
|
|
||||||
<!-- See also the files in users.d directory where the password can be overridden.
|
|
||||||
|
|
||||||
Password could be specified in plaintext or in SHA256 (in hex format).
|
|
||||||
|
|
||||||
If you want to specify password in plaintext (not recommended), place it in 'password' element.
|
|
||||||
Example: <password>qwerty</password>.
|
|
||||||
Password could be empty.
|
|
||||||
|
|
||||||
If you want to specify SHA256, place it in 'password_sha256_hex' element.
|
|
||||||
Example: <password_sha256_hex>65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5</password_sha256_hex>
|
|
||||||
Restrictions of SHA256: impossibility to connect to ClickHouse using MySQL JS client (as of July 2019).
|
|
||||||
|
|
||||||
If you want to specify double SHA1, place it in 'password_double_sha1_hex' element.
|
|
||||||
Example: <password_double_sha1_hex>e395796d6546b1b65db9d665cd43f0e858dd4303</password_double_sha1_hex>
|
|
||||||
|
|
||||||
If you want to specify a previously defined LDAP server (see 'ldap_servers' in the main config) for authentication,
|
|
||||||
place its name in 'server' element inside 'ldap' element.
|
|
||||||
Example: <ldap><server>my_ldap_server</server></ldap>
|
|
||||||
|
|
||||||
If you want to authenticate the user via Kerberos (assuming Kerberos is enabled, see 'kerberos' in the main config),
|
|
||||||
place 'kerberos' element instead of 'password' (and similar) elements.
|
|
||||||
The name part of the canonical principal name of the initiator must match the user name for authentication to succeed.
|
|
||||||
You can also place 'realm' element inside 'kerberos' element to further restrict authentication to only those requests
|
|
||||||
whose initiator's realm matches it.
|
|
||||||
Example: <kerberos />
|
|
||||||
Example: <kerberos><realm>EXAMPLE.COM</realm></kerberos>
|
|
||||||
|
|
||||||
How to generate decent password:
|
|
||||||
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
|
|
||||||
In first line will be password and in second - corresponding SHA256.
|
|
||||||
|
|
||||||
How to generate double SHA1:
|
|
||||||
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
|
|
||||||
In first line will be password and in second - corresponding double SHA1.
|
|
||||||
-->
|
|
||||||
<password></password>
|
|
||||||
|
|
||||||
<!-- List of networks with open access.
|
|
||||||
|
|
||||||
To open access from everywhere, specify:
|
|
||||||
<ip>::/0</ip>
|
|
||||||
|
|
||||||
To open access only from localhost, specify:
|
|
||||||
<ip>::1</ip>
|
|
||||||
<ip>127.0.0.1</ip>
|
|
||||||
|
|
||||||
Each element of list has one of the following forms:
|
|
||||||
<ip> IP-address or network mask. Examples: 213.180.204.3 or 10.0.0.1/8 or 10.0.0.1/255.255.255.0
|
|
||||||
2a02:6b8::3 or 2a02:6b8::3/64 or 2a02:6b8::3/ffff:ffff:ffff:ffff::.
|
|
||||||
<host> Hostname. Example: server01.clickhouse.com.
|
|
||||||
To check access, DNS query is performed, and all received addresses compared to peer address.
|
|
||||||
<host_regexp> Regular expression for host names. Example, ^server\d\d-\d\d-\d\.clickhouse\.com$
|
|
||||||
To check access, DNS PTR query is performed for peer address and then regexp is applied.
|
|
||||||
Then, for result of PTR query, another DNS query is performed and all received addresses compared to peer address.
|
|
||||||
Strongly recommended that regexp is ends with $
|
|
||||||
All results of DNS requests are cached till server restart.
|
|
||||||
-->
|
|
||||||
<networks>
|
|
||||||
<ip>::/0</ip>
|
|
||||||
</networks>
|
|
||||||
|
|
||||||
<!-- Settings profile for user. -->
|
|
||||||
<profile>default</profile>
|
|
||||||
|
|
||||||
<!-- Quota for user. -->
|
|
||||||
<quota>default</quota>
|
|
||||||
|
|
||||||
<!-- User can create other users and grant rights to them. -->
|
|
||||||
<!-- <access_management>1</access_management> -->
|
|
||||||
</default>
|
|
||||||
</users>
|
|
||||||
|
|
||||||
<!-- Quotas. -->
|
|
||||||
<quotas>
|
|
||||||
<!-- Name of quota. -->
|
|
||||||
<default>
|
|
||||||
<!-- Limits for time interval. You could specify many intervals with different limits. -->
|
|
||||||
<interval>
|
|
||||||
<!-- Length of interval. -->
|
|
||||||
<duration>3600</duration>
|
|
||||||
|
|
||||||
<!-- No limits. Just calculate resource usage for time interval. -->
|
|
||||||
<queries>0</queries>
|
|
||||||
<errors>0</errors>
|
|
||||||
<result_rows>0</result_rows>
|
|
||||||
<read_rows>0</read_rows>
|
|
||||||
<execution_time>0</execution_time>
|
|
||||||
</interval>
|
|
||||||
</default>
|
|
||||||
</quotas>
|
|
||||||
</clickhouse>
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
server_endpoint: ws://signoz:4320/v1/opamp
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
server_endpoint: ws://signoz:4320/v1/opamp
|
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
# my global config
|
|
||||||
global:
|
|
||||||
scrape_interval: 5s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
|
|
||||||
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
|
|
||||||
# scrape_timeout is set to the global default (10s).
|
|
||||||
|
|
||||||
# Alertmanager configuration
|
|
||||||
alerting:
|
|
||||||
alertmanagers:
|
|
||||||
- static_configs:
|
|
||||||
- targets:
|
|
||||||
- alertmanager:9093
|
|
||||||
|
|
||||||
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
|
||||||
rule_files: []
|
|
||||||
# - "first_rules.yml"
|
|
||||||
# - "second_rules.yml"
|
|
||||||
# - 'alerts.yml'
|
|
||||||
|
|
||||||
# A scrape configuration containing exactly one endpoint to scrape:
|
|
||||||
# Here it's Prometheus itself.
|
|
||||||
scrape_configs: []
|
|
||||||
|
|
||||||
remote_read:
|
|
||||||
- url: tcp://clickhouse:9000/signoz_metrics
|
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
|
||||||
<LogLevel>info</LogLevel>
|
|
||||||
<EnableSsl>False</EnableSsl>
|
|
||||||
<Port>8989</Port>
|
|
||||||
<SslPort>9898</SslPort>
|
|
||||||
<UrlBase></UrlBase>
|
|
||||||
<BindAddress>*</BindAddress>
|
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}</ApiKey>
|
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
|
||||||
<Branch>main</Branch>
|
|
||||||
<InstanceName>Sonarr</InstanceName>
|
|
||||||
<SyslogPort>514</SyslogPort>
|
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
|
||||||
<SslCertPath></SslCertPath>
|
|
||||||
<SslCertPassword></SslCertPassword>
|
|
||||||
<Theme>auto</Theme>
|
|
||||||
</Config>
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"sonarr_address": "http://192.168.1.2:8989",
|
|
||||||
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}",
|
|
||||||
"root_folder_path": "/data/media/shows",
|
|
||||||
"tvdb_api_key": "",
|
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
|
|
||||||
"fallback_to_top_result": false,
|
|
||||||
"sonarr_api_timeout": 120.0,
|
|
||||||
"quality_profile_id": 1,
|
|
||||||
"metadata_profile_id": 1,
|
|
||||||
"search_for_missing_episodes": true,
|
|
||||||
"dry_run_adding_to_sonarr": false,
|
|
||||||
"minimum_rating": 4.5,
|
|
||||||
"minimum_votes": 50,
|
|
||||||
"language_choice": "all",
|
|
||||||
"auto_start": true,
|
|
||||||
"auto_start_delay": 60.0
|
|
||||||
}
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
[Lidarr]
|
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
|
|
||||||
host_url = http://lidarr:8686
|
|
||||||
#This should be the path mounted in lidarr that points to your slskd download directory.
|
|
||||||
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
|
||||||
download_dir = /storage
|
|
||||||
|
|
||||||
[Slskd]
|
|
||||||
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
|
|
||||||
host_url = http://gluetun:5030
|
|
||||||
#Slskd download directory. Should have set it up when installing Slskd.
|
|
||||||
download_dir = /app/downloads
|
|
||||||
#Removes searches from Slskd after the search finishes.
|
|
||||||
delete_searches = False
|
|
||||||
#Maximum time (in seconds) that the script will wait for downloads to complete.
|
|
||||||
#This is used to prevent the script from running forever due to a stalled download. Defaults to 1 hour.
|
|
||||||
stalled_timeout = 3600
|
|
||||||
|
|
||||||
[Release Settings]
|
|
||||||
#Selects the release with the most common amount of tracks out of all the releases.
|
|
||||||
use_most_common_tracknum = True
|
|
||||||
allow_multi_disc = True
|
|
||||||
#See full list of countries below.
|
|
||||||
accepted_countries = Europe,Japan,United Kingdom,United States,[Worldwide],Australia,Canada
|
|
||||||
#See full list of formats below.
|
|
||||||
accepted_formats = CD,Digital Media,Vinyl
|
|
||||||
|
|
||||||
[Search Settings]
|
|
||||||
search_timeout = 5000
|
|
||||||
maximum_peer_queue = 50
|
|
||||||
#Min upload speed in bit/s
|
|
||||||
minimum_peer_upload_speed = 0
|
|
||||||
#Min match ratio accepted when comparing lidarr track names to soulseek filenames.
|
|
||||||
minimum_filename_match_ratio = 0.5
|
|
||||||
#Specify the file types you prefer from most to least. As well as their attributes such as bitrate / samplerate / bitdepth.
|
|
||||||
#For flacs you can choose the bitdepth/samplerate. And for mp3s the bitrate.
|
|
||||||
#If you do not care about the specific quality you can still just put "flac" or "mp3".
|
|
||||||
#Soularr will then just look at the filetype and ignore file attributes.
|
|
||||||
allowed_filetypes = flac 24/192,flac 16/44.1,flac,mp3 320,mp3
|
|
||||||
ignored_users = User1,User2,Fred,Bob
|
|
||||||
#Set to False if you only want to search for complete albums
|
|
||||||
search_for_tracks = True
|
|
||||||
#Set to True if you want to add the artist's name to the beginning of the search for albums
|
|
||||||
album_prepend_artist = False
|
|
||||||
track_prepend_artist = True
|
|
||||||
#Valid search types: all || incrementing_page || first_page
|
|
||||||
#"all" will search for every wanted record everytime soularr is run.
|
|
||||||
#"incrementing_page" will start with the first page and increment to the next on each run.
|
|
||||||
#"first_page" will repeatedly search the first page.
|
|
||||||
#If using the search type "first_page" remove_wanted_on_failure should be enabled.
|
|
||||||
search_type = incrementing_page
|
|
||||||
#How mancy records to grab each run, must be a number between 1 - 2,147,483,647
|
|
||||||
number_of_albums_to_grab = 10
|
|
||||||
#Unmonitors the album if Soularr can't find it and places it in "failure_list.txt".
|
|
||||||
#Failed albums can be re monitored by filtering "Unmonitored" in the Lidarr wanted list.
|
|
||||||
remove_wanted_on_failure = False
|
|
||||||
#Comma separated list of words that can't be in the title of albums or tracks. Case insensitive.
|
|
||||||
title_blacklist = BlacklistWord1,blacklistword2
|
|
||||||
#Lidarr source to use for searching. Accepted values are "all", "missing", or "cutoff_unmet". If "all" is selected
|
|
||||||
# then both missing and cutoff_unme will be searched. The default value is "missing".
|
|
||||||
search_source = missing
|
|
||||||
|
|
||||||
[Logging]
|
|
||||||
#These options are passed into the logger's basicConfig() method as-is.
|
|
||||||
#This means, if you're familiar with Python's logging module, you can configure
|
|
||||||
#the logger with options beyond what's listed here by default.
|
|
||||||
#For more information on available options -- https://docs.python.org/3/library/logging.html#logging.basicConfig
|
|
||||||
level = INFO
|
|
||||||
# Format of log message -- https://docs.python.org/3/library/logging.html#logrecord-attributes
|
|
||||||
format = [%(levelname)s|%(module)s|L%(lineno)d] %(asctime)s: %(message)s
|
|
||||||
# Format of datetimes -- https://docs.python.org/3/library/time.html#time.strftime
|
|
||||||
datefmt = %Y-%m-%dT%H:%M:%S%z
|
|
||||||
@@ -1,212 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
directories:
|
|
||||||
incomplete: /app/incomplete
|
|
||||||
downloads: /app/downloads
|
|
||||||
shares:
|
|
||||||
directories:
|
|
||||||
- /music
|
|
||||||
rooms:
|
|
||||||
- '! meow chat :3'
|
|
||||||
- '#ANUS'
|
|
||||||
- '#CORONAVIRUS'
|
|
||||||
- '#Horrorcore'
|
|
||||||
- '#La France'
|
|
||||||
- '#icilombre-hardcore'
|
|
||||||
- '#polska'
|
|
||||||
- '#vegan'
|
|
||||||
- $$RARE RAP MUSIC$$
|
|
||||||
- ([6)]
|
|
||||||
- +Autism+
|
|
||||||
- +BlackMetal+
|
|
||||||
- +HIP_HOP_SCENE_RELEASES+
|
|
||||||
- /mu/
|
|
||||||
- 60lover
|
|
||||||
- 60lover v2
|
|
||||||
- 70 Rare groove Soul Jazz
|
|
||||||
- 80's 12 Inches & More
|
|
||||||
- 90's Rare Riddim !!
|
|
||||||
- 90's emo
|
|
||||||
- <>Electronics Labels<>
|
|
||||||
- ACID
|
|
||||||
- ARGENTINA
|
|
||||||
- "ATLLUMINATI\u201Cawareness"
|
|
||||||
- AUSTRALIA
|
|
||||||
- Alcohol
|
|
||||||
- Ambient
|
|
||||||
- Anime
|
|
||||||
- Audiobooks
|
|
||||||
- Avantgarde
|
|
||||||
- BDSM
|
|
||||||
- BLUES BUNKER MUSIC
|
|
||||||
- BOB DYLAN ROOM
|
|
||||||
- BigEdsClassicRock
|
|
||||||
- BigedsSixties
|
|
||||||
- Blues&Soul
|
|
||||||
- Bootlegged concerts
|
|
||||||
- Brasil
|
|
||||||
- Breakcore
|
|
||||||
- CHILE
|
|
||||||
- Canada
|
|
||||||
- China Room
|
|
||||||
- Chiptunes
|
|
||||||
- Christians
|
|
||||||
- Classical
|
|
||||||
- Come To The Sabbath !
|
|
||||||
- Communism
|
|
||||||
- DEATH METAL CLUB
|
|
||||||
- Dark Ambient
|
|
||||||
- De Koffie Shop
|
|
||||||
- De Kroeg
|
|
||||||
- Deathrock
|
|
||||||
- DieMilitarmusik
|
|
||||||
- Disco Classics
|
|
||||||
- Doom Metal
|
|
||||||
- Doujin Music
|
|
||||||
- Dub Techno
|
|
||||||
- Dubstep
|
|
||||||
- EBM-GOTHIC-INDUSTRIAL
|
|
||||||
- EBooks
|
|
||||||
- Emo
|
|
||||||
- Eurodance
|
|
||||||
- Eurovision Song Contest
|
|
||||||
- Experimental Electronica
|
|
||||||
- FOLK MUSIC
|
|
||||||
- Free Jazz
|
|
||||||
- Furry
|
|
||||||
- Gay
|
|
||||||
- Gothic
|
|
||||||
- Greece
|
|
||||||
- Grindcore
|
|
||||||
- HEE cum eaters 1! !
|
|
||||||
- HOUSE MUSIC LOVERS (AG)
|
|
||||||
- Happy Hardcore
|
|
||||||
- Hardcore NL
|
|
||||||
- Hardcore/punk
|
|
||||||
- Hip Hop
|
|
||||||
- Horror movies
|
|
||||||
- IDM
|
|
||||||
- INDUSTRIAL
|
|
||||||
- IReGGaeGaLaXy
|
|
||||||
- Incredibly Strange Music
|
|
||||||
- Israel
|
|
||||||
- Jaz (Full CDs)
|
|
||||||
- Jazz
|
|
||||||
- Jazz-Rock-Fusion-Guitar
|
|
||||||
- Juggalo Family
|
|
||||||
- Jungle
|
|
||||||
- Korean Music
|
|
||||||
- LANGUAGE EXCHANGE here
|
|
||||||
- LGBTQ+!!
|
|
||||||
- Last.fm
|
|
||||||
- Linux
|
|
||||||
- Lossless Scores
|
|
||||||
- MOVIES
|
|
||||||
- Mac Users
|
|
||||||
- Metal
|
|
||||||
- MovieMusic
|
|
||||||
- NORWAY
|
|
||||||
- New Crystal Vibrations
|
|
||||||
- New Wave
|
|
||||||
- New Zealand
|
|
||||||
- OLD SKOOL GANGSTA SHIT
|
|
||||||
- OLDSCHOOL 88-94
|
|
||||||
- OLI SHOTA CUB ROOM!
|
|
||||||
- Original Blues Bunker
|
|
||||||
- PSYCHEDELIA
|
|
||||||
- PUNK/HARDCORE/GRIND
|
|
||||||
- Portugal
|
|
||||||
- Post Punk
|
|
||||||
- Post-Hardcore (modern)
|
|
||||||
- Progressive Rock
|
|
||||||
- Psychedelic/Acid Rock
|
|
||||||
- Psytrance
|
|
||||||
- Quebec
|
|
||||||
- REGGAE
|
|
||||||
- Rare Music
|
|
||||||
- RareVHS/DVD/Rips
|
|
||||||
- Retro Gaming
|
|
||||||
- Romania
|
|
||||||
- Room Name
|
|
||||||
- SIsk Idiots !!
|
|
||||||
- SLUDGE!
|
|
||||||
- Slovenia
|
|
||||||
- Soundtracks&Scores
|
|
||||||
- Spain
|
|
||||||
- Stoner HiVe
|
|
||||||
- Stoner Rock
|
|
||||||
- Strange Music
|
|
||||||
- TECHNO, Mixes and Tunes
|
|
||||||
- THC
|
|
||||||
- Talia
|
|
||||||
- The Dangerous Kitchen
|
|
||||||
- TheScoreZone
|
|
||||||
- Thrash Metal
|
|
||||||
- Tinmans Movie Room
|
|
||||||
- Trip-Hop
|
|
||||||
- Ttalian_dancefloor
|
|
||||||
- Twee Folks
|
|
||||||
- UK DUB
|
|
||||||
- URIDDIM!!
|
|
||||||
- Ukraine
|
|
||||||
- Underground Hiphop
|
|
||||||
- VAPORWAVE
|
|
||||||
- Video Game Chat
|
|
||||||
- Vinyl Addicts
|
|
||||||
- Vocaloid
|
|
||||||
- WHATCDs
|
|
||||||
- World Music
|
|
||||||
- Yacht Rock
|
|
||||||
- '[German] [Deutsch]'
|
|
||||||
- abbey road Itd
|
|
||||||
- anime cunny
|
|
||||||
- bleeps&klonks
|
|
||||||
- breakbeat
|
|
||||||
- comics
|
|
||||||
- deep house connection
|
|
||||||
- drum'n'bass
|
|
||||||
- eesti mehed
|
|
||||||
- electro
|
|
||||||
- flacfield
|
|
||||||
- food
|
|
||||||
- for Losers
|
|
||||||
- hungary
|
|
||||||
- indie
|
|
||||||
- japanese music
|
|
||||||
- library music
|
|
||||||
- lossless
|
|
||||||
- minimal music
|
|
||||||
- museek
|
|
||||||
- noise
|
|
||||||
- 'on'
|
|
||||||
- postrock
|
|
||||||
- programming
|
|
||||||
- progressive house
|
|
||||||
- public porn
|
|
||||||
- r/musichoarder
|
|
||||||
- ru
|
|
||||||
- shoegaze
|
|
||||||
- tapekvit
|
|
||||||
- test
|
|
||||||
- trancEaddict
|
|
||||||
- trivia
|
|
||||||
- what.cd
|
|
||||||
- what.cd electronic
|
|
||||||
- what.cd-flac
|
|
||||||
- '{Italo Disco'
|
|
||||||
web:
|
|
||||||
authentication:
|
|
||||||
username: slskd
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }}
|
|
||||||
api_keys:
|
|
||||||
my_api_key:
|
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
|
|
||||||
role: readwrite
|
|
||||||
cidr: 0.0.0.0/0,::/0
|
|
||||||
soulseek:
|
|
||||||
address: vps.slsknet.org
|
|
||||||
port: 2271
|
|
||||||
username: Trez.One
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
|
|
||||||
diagnostic_level: Info
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"$schema": "../schemas/v2/index.json",
|
|
||||||
"repos": [
|
|
||||||
{
|
|
||||||
"type": "gitea",
|
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
|
|
||||||
"url": "https://git.trez.wtf",
|
|
||||||
"revisions": {
|
|
||||||
"branches": [
|
|
||||||
"main",
|
|
||||||
"*"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
|
|
||||||
|
|
||||||
<properties>
|
|
||||||
|
|
||||||
<entry key='config.default'>./conf/default.xml</entry>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
|
|
||||||
This is the main configuration file. All your configuration parameters should be placed in this file.
|
|
||||||
|
|
||||||
Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
|
|
||||||
with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
|
|
||||||
remove "config.default" parameter from this file unless you know what you are doing.
|
|
||||||
|
|
||||||
For list of available parameters see following page: https://www.traccar.org/configuration-file/
|
|
||||||
|
|
||||||
-->
|
|
||||||
|
|
||||||
<entry key='database.driver'>org.postgresql.Driver</entry>
|
|
||||||
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
|
|
||||||
<entry key='database.user'>traccar</entry>
|
|
||||||
<entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
|
|
||||||
|
|
||||||
</properties>
|
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"always_keep_failed_tasks": true,
|
|
||||||
"auto_manage_completed_tasks": false,
|
|
||||||
"cache_path": "/tmp/unmanic",
|
|
||||||
"clear_pending_tasks_on_restart": false,
|
|
||||||
"concurrent_file_testers": 2,
|
|
||||||
"config_path": "/config/.unmanic/config",
|
|
||||||
"debugging": false,
|
|
||||||
"distributed_worker_count_target": 0,
|
|
||||||
"enable_library_scanner": false,
|
|
||||||
"first_run": false,
|
|
||||||
"follow_symlinks": true,
|
|
||||||
"installation_name": "Unmanic @ Rinoa",
|
|
||||||
"library_path": "/library",
|
|
||||||
"log_path": "/config/.unmanic/logs",
|
|
||||||
"max_age_of_completed_tasks": 91,
|
|
||||||
"number_of_workers": null,
|
|
||||||
"plugins_path": "/config/.unmanic/plugins",
|
|
||||||
"release_notes_viewed": "0.2.8",
|
|
||||||
"remote_installations": [],
|
|
||||||
"run_full_scan_on_start": false,
|
|
||||||
"schedule_full_scan_minutes": 1440,
|
|
||||||
"ui_port": 8888,
|
|
||||||
"userdata_path": "/config/.unmanic/userdata",
|
|
||||||
"worker_event_schedules": null
|
|
||||||
}
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
sources:
|
|
||||||
rinoa_docker_logs:
|
|
||||||
type: docker_logs
|
|
||||||
exclude_containers:
|
|
||||||
- vector
|
|
||||||
|
|
||||||
sinks:
|
|
||||||
parseable:
|
|
||||||
type: http
|
|
||||||
method: post
|
|
||||||
batch:
|
|
||||||
max_bytes: 10485760
|
|
||||||
max_events: 1000
|
|
||||||
timeout_secs: 10
|
|
||||||
compression: gzip
|
|
||||||
inputs:
|
|
||||||
- rinoa_docker_logs
|
|
||||||
encoding:
|
|
||||||
codec: json
|
|
||||||
uri: http://parseable:8000/api/v1/ingest'
|
|
||||||
auth:
|
|
||||||
strategy: basic
|
|
||||||
user: admin
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
|
|
||||||
request:
|
|
||||||
headers:
|
|
||||||
X-P-Stream: rinoa-docker-logs
|
|
||||||
healthcheck:
|
|
||||||
enabled: true
|
|
||||||
path: 'http://parseable:8000/api/v1/liveness'
|
|
||||||
port: 80
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
nodes:
|
|
||||||
# Wazuh indexer server nodes
|
|
||||||
indexer:
|
|
||||||
- name: wazuh.indexer
|
|
||||||
ip: wazuh.indexer
|
|
||||||
|
|
||||||
# Wazuh server nodes
|
|
||||||
# Use node_type only with more than one Wazuh manager
|
|
||||||
server:
|
|
||||||
- name: wazuh.manager
|
|
||||||
ip: wazuh.manager
|
|
||||||
|
|
||||||
# Wazuh dashboard node
|
|
||||||
dashboard:
|
|
||||||
- name: wazuh.dashboard
|
|
||||||
ip: wazuh.dashboard
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
network.host: "0.0.0.0"
|
|
||||||
node.name: "wazuh.indexer"
|
|
||||||
path.data: /var/lib/wazuh-indexer
|
|
||||||
path.logs: /var/log/wazuh-indexer
|
|
||||||
discovery.type: single-node
|
|
||||||
http.port: 9200-9299
|
|
||||||
transport.tcp.port: 9300-9399
|
|
||||||
compatibility.override_main_response_version: true
|
|
||||||
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
||||||
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
||||||
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
|
||||||
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
||||||
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
||||||
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
|
||||||
plugins.security.ssl.http.enabled: true
|
|
||||||
plugins.security.ssl.transport.enforce_hostname_verification: false
|
|
||||||
plugins.security.ssl.transport.resolve_hostname: false
|
|
||||||
plugins.security.authcz.admin_dn:
|
|
||||||
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
|
|
||||||
plugins.security.check_snapshot_restore_write_privileges: true
|
|
||||||
plugins.security.enable_snapshot_restore_privilege: true
|
|
||||||
plugins.security.nodes_dn:
|
|
||||||
- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
|
|
||||||
plugins.security.restapi.roles_enabled:
|
|
||||||
- "all_access"
|
|
||||||
- "security_rest_api_access"
|
|
||||||
plugins.security.system_indices.enabled: true
|
|
||||||
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
|
|
||||||
plugins.security.allow_default_init_securityindex: true
|
|
||||||
cluster.routing.allocation.disk.threshold_enabled: false
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
hosts:
|
|
||||||
- 1513629884013:
|
|
||||||
url: "https://wazuh.manager"
|
|
||||||
port: 55000
|
|
||||||
username: wazuh-wui
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
|
|
||||||
run_as: false
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
ydl_server: # youtube-dl-server specific settings
|
|
||||||
port: 8080 # Port youtube-dl-server should listen on
|
|
||||||
host: 0.0.0.0 # IP youtube-dl-server should bind to
|
|
||||||
debug: False # Enable/Disable debug mode
|
|
||||||
metadata_db_path: '/youtube-dl/.ydl-metadata.db' # Path to metadata DB
|
|
||||||
output_playlist: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # Playlist output directory template
|
|
||||||
update_poll_delay_min: 1440 # Automatically check for updates every 24h
|
|
||||||
max_log_entries: 100 # Maximum number of job log history to keep
|
|
||||||
forwarded_allow_ips: None # uvicorn Comma seperated list of IPs to trust with proxy headers.
|
|
||||||
proxy_headers: True # uvicorn flag Enable/Disable X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.
|
|
||||||
|
|
||||||
ydl_options: # youtube-dl options
|
|
||||||
output: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # output directory template
|
|
||||||
cache-dir: '/youtube-dl/.cache' # youtube-dl cache directory
|
|
||||||
ignore-errors: True # instruct youtube-dl to skip errors
|
|
||||||
age-limit: 6 # minimal age requirement / parental control setting
|
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
|
|
||||||
Log:
|
|
||||||
Level: 'debug'
|
|
||||||
|
|
||||||
# Make ZITADEL accessible over HTTPs, not HTTP
|
|
||||||
ExternalSecure: true
|
|
||||||
ExternalDomain: 'id.trez.wtf'
|
|
||||||
ExternalPort: 443
|
|
||||||
|
|
||||||
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
|
||||||
Database:
|
|
||||||
postgres:
|
|
||||||
Host: 'zitadel-pg-db'
|
|
||||||
Port: 5432
|
|
||||||
Database: zitadel
|
|
||||||
User:
|
|
||||||
SSL:
|
|
||||||
Mode: 'disable'
|
|
||||||
Admin:
|
|
||||||
SSL:
|
|
||||||
Mode: 'disable'
|
|
||||||
|
|
||||||
DefaultInstance:
|
|
||||||
DomainPolicy:
|
|
||||||
UserLoginMustBeDomain: false
|
|
||||||
|
|
||||||
LogStore:
|
|
||||||
Access:
|
|
||||||
Stdout:
|
|
||||||
Enabled: true
|
|
||||||
|
|
||||||
SMTPConfiguration:
|
|
||||||
# Configuration of the host
|
|
||||||
SMTP:
|
|
||||||
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
|
||||||
Host: 'postal-smtp:25'
|
|
||||||
User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
|
||||||
From: 'noreply@trez.wtf'
|
|
||||||
FromName: 'Zitadel @ Rinoa'
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
|
|
||||||
FirstInstance:
|
|
||||||
Org:
|
|
||||||
Human:
|
|
||||||
# use the loginname root@my-org.my.domain
|
|
||||||
Username: 'root'
|
|
||||||
Password: 'RootPassword1!'
|
|
||||||
Email:
|
|
||||||
Address: 'charish.patel@trez.wtf'
|
|
||||||
Verified: true
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
|
||||||
Database:
|
|
||||||
postgres:
|
|
||||||
User:
|
|
||||||
# If the user doesn't exist already, it is created
|
|
||||||
Username: 'zitadel'
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
|
|
||||||
Admin:
|
|
||||||
Username: 'root'
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
|
|
||||||
@@ -1,27 +1,42 @@
|
|||||||
---
|
|
||||||
- name: Deploy Docker Service Configurations
|
- name: Deploy Docker Service Configurations
|
||||||
hosts: rinoa
|
hosts: rinoa
|
||||||
vars:
|
vars:
|
||||||
appdata_base_path: "~/.docker/config/appdata"
|
appdata_base_path: "~/.docker/config/appdata"
|
||||||
|
template_base_path: "{{ playbook_dir }}/app-configs"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Recursively collect all Jinja2 templates (*.j2)
|
- name: Recursively collect all Jinja2 templates (*.j2)
|
||||||
ansible.builtin.find:
|
ansible.builtin.find:
|
||||||
paths: "app-configs"
|
paths: "{{ template_base_path }}"
|
||||||
patterns: "*.j2"
|
patterns: "*.j2"
|
||||||
recurse: true
|
recurse: true
|
||||||
register: template_files
|
register: template_files
|
||||||
|
|
||||||
|
- name: Set relative template path (without .j2) for each file
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
rel_template_path: >-
|
||||||
|
{{ item.path
|
||||||
|
| regex_replace('^' + (template_base_path | regex_escape) + '/', '')
|
||||||
|
| regex_replace('\\.j2$', '') }}
|
||||||
|
loop: "{{ template_files.files }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: item
|
||||||
|
register: rel_paths
|
||||||
|
|
||||||
- name: Ensure target directories exist
|
- name: Ensure target directories exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ appdata_base_path }}/{{ item.path | regex_replace('^app-configs/', '') | regex_replace('\\.j2$', '') | dirname }}"
|
path: "{{ appdata_base_path }}/{{ item.ansible_facts.rel_template_path | dirname }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
loop: "{{ template_files.files }}"
|
loop: "{{ rel_paths.results }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.ansible_facts.rel_template_path }}"
|
||||||
|
|
||||||
- name: Deploy rendered templates
|
- name: Deploy rendered templates
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.path }}"
|
src: "{{ item.item.path | regex_replace('^' + (playbook_dir | regex_escape) + '/', '') }}"
|
||||||
dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^app-configs/', '') | regex_replace('\\.j2$', '') }}"
|
dest: "{{ appdata_base_path }}/{{ item.ansible_facts.rel_template_path }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
loop: "{{ template_files.files }}"
|
loop: "{{ rel_paths.results }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.ansible_facts.rel_template_path }}"
|
||||||
|
|||||||
+40
-5
@@ -712,7 +712,29 @@ services:
|
|||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
GID: 1000
|
GID: 1000
|
||||||
BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
|
BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
|
||||||
COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
|
COLLECTIONS: >-
|
||||||
|
corvese/apache-guacamole
|
||||||
|
crowdsecurity/home-assistant
|
||||||
|
crowdsecurity/http-cve
|
||||||
|
crowdsecurity/iptables
|
||||||
|
crowdsecurity/linux
|
||||||
|
crowdsecurity/mariadb
|
||||||
|
crowdsecurity/nextcloud
|
||||||
|
crowdsecurity/nginx
|
||||||
|
crowdsecurity/whitelist-good-actors
|
||||||
|
Dominic-Wagner/vaultwarden
|
||||||
|
gauth-fr/immich
|
||||||
|
LePresidente/adguardhome
|
||||||
|
LePresidente/authelia
|
||||||
|
LePresidente/gitea
|
||||||
|
LePresidente/jellyfin
|
||||||
|
LePresidente/ombi
|
||||||
|
plague-doctor/audiobookshelf
|
||||||
|
schiz0phr3ne/sonarr
|
||||||
|
sdwilsh/navidrome
|
||||||
|
timokoessler/mongodb
|
||||||
|
timokoessler/uptime-kuma
|
||||||
|
xs539/joplin-server
|
||||||
image: crowdsecurity/crowdsec:latest
|
image: crowdsecurity/crowdsec:latest
|
||||||
networks:
|
networks:
|
||||||
default: null
|
default: null
|
||||||
@@ -725,10 +747,13 @@ services:
|
|||||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
||||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
||||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
|
- ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
|
||||||
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro
|
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
|
||||||
- crowdsec-config:/etc/crowdsec
|
- crowdsec-config:/etc/crowdsec
|
||||||
- crowdsec-db:/var/lib/crowdsec/data
|
- crowdsec-db:/var/lib/crowdsec/data
|
||||||
- /var/log/journal:/var/log/host:ro
|
- /var/log/journal:/var/log/host:ro
|
||||||
|
- /var/log/auth.log:/var/log/host/auth.log:ro
|
||||||
crowdsec-dashboard:
|
crowdsec-dashboard:
|
||||||
container_name: crowdsec-dashboard
|
container_name: crowdsec-dashboard
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -1347,6 +1372,11 @@ services:
|
|||||||
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
||||||
image: gitea/gitea:1.24.0
|
image: gitea/gitea:1.24.0
|
||||||
labels:
|
labels:
|
||||||
|
cloudflare.tunnel.enable: true
|
||||||
|
cloudflare.tunnel.hostname: git-ssh.trez.wtf
|
||||||
|
cloudflare.tunnel.service: http://gitea:22
|
||||||
|
cloudflare.tunnel.zonename: trez.wtf
|
||||||
|
cloudflare.tunnel.no_tls_verify: true
|
||||||
homepage.group: Code/DevOps
|
homepage.group: Code/DevOps
|
||||||
homepage.name: Gitea
|
homepage.name: Gitea
|
||||||
homepage.href: https://git.${MY_TLD}
|
homepage.href: https://git.${MY_TLD}
|
||||||
@@ -4405,6 +4435,11 @@ services:
|
|||||||
- "/dev/sdf:/dev/sdf:rwm"
|
- "/dev/sdf:/dev/sdf:rwm"
|
||||||
image: ghcr.io/analogj/scrutiny:master-omnibus
|
image: ghcr.io/analogj/scrutiny:master-omnibus
|
||||||
labels:
|
labels:
|
||||||
|
cloudflare.tunnel.enable: true
|
||||||
|
cloudflare.tunnel.hostname: smartd.trez.wtf
|
||||||
|
cloudflare.tunnel.service: http://scrutiny:8080
|
||||||
|
cloudflare.tunnel.zonename: trez.wtf
|
||||||
|
cloudflare.tunnel.no_tls_verify: true
|
||||||
homepage.group: Infrastructure/App Performance Monitoring
|
homepage.group: Infrastructure/App Performance Monitoring
|
||||||
homepage.name: Scrutiny
|
homepage.name: Scrutiny
|
||||||
homepage.href: http://192.168.1.254:8909
|
homepage.href: http://192.168.1.254:8909
|
||||||
@@ -4635,7 +4670,7 @@ services:
|
|||||||
signoz-schema-migrator-sync:
|
signoz-schema-migrator-sync:
|
||||||
<<: *signoz-common
|
<<: *signoz-common
|
||||||
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
||||||
container_name: schema-migrator-sync
|
container_name: signoz-schema-migrator-sync
|
||||||
command:
|
command:
|
||||||
- sync
|
- sync
|
||||||
- --dsn=tcp://signoz-clickhouse:9000
|
- --dsn=tcp://signoz-clickhouse:9000
|
||||||
@@ -4647,7 +4682,7 @@ services:
|
|||||||
signoz-schema-migrator-async:
|
signoz-schema-migrator-async:
|
||||||
<<: *signoz-db-depend
|
<<: *signoz-db-depend
|
||||||
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
||||||
container_name: schema-migrator-async
|
container_name: signoz-schema-migrator-async
|
||||||
command:
|
command:
|
||||||
- async
|
- async
|
||||||
- --dsn=tcp://signoz-clickhouse:9000
|
- --dsn=tcp://signoz-clickhouse:9000
|
||||||
@@ -4907,7 +4942,7 @@ services:
|
|||||||
VALIDATION: dns
|
VALIDATION: dns
|
||||||
CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||||
CROWDSEC_LAPI_URL: http://crowdsec:8080
|
CROWDSEC_LAPI_URL: http://crowdsec:8080
|
||||||
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install #|ghcr.io/linuxserver/mods:swag-crowdsec#|linuxserver/mods:swag-auto-uptime-kuma
|
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma
|
||||||
INSTALL_PACKAGES: nginx-mod-http-js
|
INSTALL_PACKAGES: nginx-mod-http-js
|
||||||
PROPAGATION: 30
|
PROPAGATION: 30
|
||||||
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
|
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
|
||||||
|
|||||||
Reference in New Issue
Block a user