Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Trez.One
|
cc9c76d958 |
@@ -6,7 +6,6 @@ on:
|
||||
- 'main'
|
||||
paths:
|
||||
- '**.j2'
|
||||
- '**/pr-ansible-config-deployment.yaml'
|
||||
- 'ansible/**.yml'
|
||||
jobs:
|
||||
check-and-create-pr:
|
||||
@@ -42,7 +41,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
run: |
|
||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||
- name: Create PR
|
||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||
@@ -50,7 +49,7 @@ jobs:
|
||||
tea login default gitea-rinoa
|
||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||
tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -59,7 +58,7 @@ jobs:
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'PR Created 🎟️'
|
||||
ansible-linting:
|
||||
name: Ansible Lint
|
||||
name: Docker Compose & Ansible Lints
|
||||
needs: [check-and-create-pr]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
@@ -69,6 +68,9 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Fetch base branch
|
||||
run: |
|
||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||
- name: Cache Ansible Galaxy Collections
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
@@ -79,12 +81,11 @@ jobs:
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.4.0"
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: |
|
||||
pip install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -93,17 +94,16 @@ jobs:
|
||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||
notification_message: 'Starting Ansible dry run...'
|
||||
- name: Ansible Playbook Dry Run
|
||||
uses: dawidd6/action-ansible-playbook@v3
|
||||
uses: arillso/action.playbook@0.1.0
|
||||
with:
|
||||
directory: ansible/
|
||||
playbook: docker_config_deploy.yml
|
||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
check: true
|
||||
galaxy_collections_path: ansible/collections
|
||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||
inventory: ansible/inventory/hosts.yml
|
||||
playbook: ansible/docker_config_deploy.yml
|
||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||
requirements: collections/requirements.yml
|
||||
options: |
|
||||
--check
|
||||
--inventory inventory/hosts.yml
|
||||
-v
|
||||
verbose: 0
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -153,10 +153,6 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: main
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: 3.12
|
||||
- name: Cache Vault install
|
||||
id: cache-vault
|
||||
uses: actions/cache@v4
|
||||
@@ -166,12 +162,11 @@ jobs:
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.4.0"
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: |
|
||||
pip install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -180,15 +175,15 @@ jobs:
|
||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||
notification_message: 'Starting config deployment with Ansible...'
|
||||
- name: Ansible Playbook Config Deploy
|
||||
uses: dawidd6/action-ansible-playbook@v3
|
||||
uses: arillso/action.playbook@0.1.0
|
||||
with:
|
||||
directory: ansible/
|
||||
playbook: docker_config_deploy.yml
|
||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
check: false
|
||||
galaxy_collections_path: ansible/collections
|
||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||
inventory: ansible/inventory/hosts.yml
|
||||
playbook: ansible/docker_config_deploy.yml
|
||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||
requirements: collections/requirements.yml
|
||||
options: |
|
||||
--inventory inventory/hosts.yml
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
run: |
|
||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||
- name: Create PR
|
||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||
@@ -50,7 +50,7 @@ jobs:
|
||||
tea login default gitea-rinoa
|
||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -58,25 +58,26 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'PR Created 🎟️'
|
||||
generate-service-list:
|
||||
name: Generate list of added/modified/deleted services
|
||||
runs-on: ubuntu-latest
|
||||
docker-compose-dry-run:
|
||||
name: Docker Compose Dry Run
|
||||
needs: [check-and-create-pr]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
VAULT_NAMESPACE: ""
|
||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
outputs:
|
||||
svc_deploy_list: ${{ steps.detected_services.outputs.docker_svc_list }}
|
||||
svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Fetch base branch
|
||||
run: |
|
||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Services TBD'
|
||||
notification_message: 'Generating list of services to deploy...'
|
||||
- name: Login to Gitea Container Registry
|
||||
run: |
|
||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||
- name: Save both versions of docker-compose.yml
|
||||
run: |
|
||||
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
||||
@@ -106,27 +107,8 @@ jobs:
|
||||
echo "Detected service changes:"
|
||||
cat service_changes.txt
|
||||
|
||||
temp_svc_list=$(paste -sd '|' service_changes.txt)
|
||||
mod_svcs=$(echo "${temp_svc_list}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
|
||||
echo "docker_svc_list=$mod_svcs" >> "$GITHUB_OUTPUT"
|
||||
- name: Testing service list output
|
||||
run: |
|
||||
echo ${{ steps.detected_services.outputs.docker_svc_list }}
|
||||
docker-compose-dry-run:
|
||||
name: Docker Compose Dry Run
|
||||
needs: [generate-service-list]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
VAULT_NAMESPACE: ""
|
||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Login to Gitea Container Registry
|
||||
run: |
|
||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||
svc_list=$(paste -sd '|' service_changes.txt)
|
||||
echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Gotify Notification
|
||||
@@ -136,18 +118,37 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
||||
notification_message: 'Starting Docker Compose dry run...'
|
||||
- name: Generate .env file for Docker Compose
|
||||
- name: Cache .env Files
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: .env
|
||||
key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
|
||||
- name: Generate modified services list & .env file for Docker Compose Dry Run
|
||||
id: modded_svcs
|
||||
run: |
|
||||
mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
|
||||
echo ${mod_svcs}
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
|
||||
- name: Testing service list output
|
||||
run: |
|
||||
echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
- name: Docker Compose Dry Run
|
||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
||||
timeout-minutes: 360
|
||||
continue-on-error: true
|
||||
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||
with:
|
||||
ssh_host: 192.168.1.254
|
||||
ssh_port: 22
|
||||
ssh_user: gitea-deploy
|
||||
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||
service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
compose_file: docker-compose.yml
|
||||
pull: false
|
||||
build: false
|
||||
options: -d --remove-orphans
|
||||
env:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
with:
|
||||
services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
up-flags: -d --remove-orphans --dry-run
|
||||
down-flags: --dry-run
|
||||
compose-flags: --dry-run
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -157,7 +158,7 @@ jobs:
|
||||
notification_message: 'Docker Compose dry run completed successfully.'
|
||||
cloudflare-dns-setup:
|
||||
name: Cloudflare DNS Setup
|
||||
needs: [docker-compose-dry-run]
|
||||
needs: [docker-compose-ansible-lints]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -298,7 +299,7 @@ jobs:
|
||||
docker-compose-deploy:
|
||||
name: Docker Compose Deployment
|
||||
runs-on: ubuntu-latest
|
||||
needs: [generate-service-list, docker-compose-dry-run, pr-merge]
|
||||
needs: [docker-compose-dry-run, pr-merge]
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
@@ -316,6 +317,10 @@ jobs:
|
||||
with:
|
||||
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
||||
key: vault-${{ runner.os }}-1.18.0
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Login to Gitea Container Registry
|
||||
@@ -331,15 +336,22 @@ jobs:
|
||||
- name: Generate .env file for deployment
|
||||
run: |
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
- name: Docker Compose Deployment
|
||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
||||
- name: Docker Compose Dry Run
|
||||
timeout-minutes: 360
|
||||
continue-on-error: true
|
||||
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||
env:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
with:
|
||||
docker-flags: -H "$DOCKER_HOST"
|
||||
services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
up-flags: -d --remove-orphans
|
||||
down-flags: --dry-run
|
||||
ssh_host: 192.168.1.254
|
||||
ssh_port: 22
|
||||
ssh_user: gitea-deploy
|
||||
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||
service: ${DOCKER_SVC_LIST}
|
||||
compose_file: docker-compose.yml
|
||||
pull: false
|
||||
build: false
|
||||
options: -d --remove-orphans
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
name: Auto-Unseal for Vault
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 5 * * *"
|
||||
- cron: "30 2 * * *"
|
||||
jobs:
|
||||
auto-unseal:
|
||||
name: Unseal Vault
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
source: journalctl
|
||||
journalctl_filter:
|
||||
- "--directory=/var/log/host/"
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/log/swag/*
|
||||
labels:
|
||||
type: nginx
|
||||
---
|
||||
filenames:
|
||||
- /var/log/auth/auth.log
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/lib/mysql/log/mysql/*
|
||||
- /var/lib/mysql/databases/*.err
|
||||
- /var/lib/mysql/databases/*.log
|
||||
labels:
|
||||
type: mariadb
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- adguard
|
||||
labels:
|
||||
type: adguardhome
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- mongodb
|
||||
labels:
|
||||
type: mongodb
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- immich-server
|
||||
labels:
|
||||
type: immich
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- uptimekuma
|
||||
labels:
|
||||
type: uptime-kuma
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- jellyfin
|
||||
labels:
|
||||
type: jellyfin
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- navidrome
|
||||
labels:
|
||||
type: navidrome
|
||||
---
|
||||
filenames:
|
||||
- /var/log/audiobookshelf/*.txt
|
||||
labels:
|
||||
type: audiobookshelf
|
||||
@@ -0,0 +1,15 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
|
||||
source: journalctl
|
||||
journalctl_filter:
|
||||
- "--directory=/var/log/host/"
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/log/swag/*
|
||||
labels:
|
||||
type: nginx
|
||||
---
|
||||
-2
@@ -1,5 +1,3 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
common:
|
||||
daemonize: false
|
||||
log_media: stdout
|
||||
-4
@@ -13,10 +13,6 @@ containers:
|
||||
invidious:
|
||||
keywords:
|
||||
- regex: 'Error reading.*Connection reset by peer trying to reconnect...'
|
||||
scrutiny:
|
||||
action_keywords:
|
||||
- restart:
|
||||
regex: s6.*fatal
|
||||
global_keywords:
|
||||
keywords:
|
||||
- panic
|
||||
@@ -1,103 +0,0 @@
|
||||
receivers:
|
||||
otlp:
|
||||
protocols:
|
||||
grpc:
|
||||
endpoint: 0.0.0.0:4317
|
||||
http:
|
||||
endpoint: 0.0.0.0:4318
|
||||
prometheus:
|
||||
config:
|
||||
global:
|
||||
scrape_interval: 60s
|
||||
scrape_configs:
|
||||
- job_name: otel-collector
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:8888
|
||||
labels:
|
||||
job_name: otel-collector
|
||||
processors:
|
||||
batch:
|
||||
send_batch_size: 10000
|
||||
send_batch_max_size: 11000
|
||||
timeout: 10s
|
||||
resourcedetection:
|
||||
# Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
|
||||
detectors: [env, system]
|
||||
timeout: 2s
|
||||
signozspanmetrics/delta:
|
||||
metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
|
||||
metrics_flush_interval: 60s
|
||||
latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
|
||||
dimensions_cache_size: 100000
|
||||
aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
|
||||
enable_exp_histogram: true
|
||||
dimensions:
|
||||
- name: service.namespace
|
||||
default: default
|
||||
- name: deployment.environment
|
||||
default: default
|
||||
# This is added to ensure the uniqueness of the timeseries
|
||||
# Otherwise, identical timeseries produced by multiple replicas of
|
||||
# collectors result in incorrect APM metrics
|
||||
- name: signoz.collector.id
|
||||
- name: service.version
|
||||
- name: browser.platform
|
||||
- name: browser.mobile
|
||||
- name: k8s.cluster.name
|
||||
- name: k8s.node.name
|
||||
- name: k8s.namespace.name
|
||||
- name: host.name
|
||||
- name: host.type
|
||||
- name: container.name
|
||||
extensions:
|
||||
health_check:
|
||||
endpoint: 0.0.0.0:13133
|
||||
pprof:
|
||||
endpoint: 0.0.0.0:1777
|
||||
exporters:
|
||||
clickhousetraces:
|
||||
datasource: tcp://clickhouse:9000/signoz_traces
|
||||
low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
|
||||
use_new_schema: true
|
||||
clickhousemetricswrite:
|
||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
||||
disable_v2: true
|
||||
resource_to_telemetry_conversion:
|
||||
enabled: true
|
||||
clickhousemetricswrite/prometheus:
|
||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
||||
disable_v2: true
|
||||
signozclickhousemetrics:
|
||||
dsn: tcp://clickhouse:9000/signoz_metrics
|
||||
clickhouselogsexporter:
|
||||
dsn: tcp://clickhouse:9000/signoz_logs
|
||||
timeout: 10s
|
||||
use_new_schema: true
|
||||
# debug: {}
|
||||
service:
|
||||
telemetry:
|
||||
logs:
|
||||
encoding: json
|
||||
metrics:
|
||||
address: 0.0.0.0:8888
|
||||
extensions:
|
||||
- health_check
|
||||
- pprof
|
||||
pipelines:
|
||||
traces:
|
||||
receivers: [otlp]
|
||||
processors: [signozspanmetrics/delta, batch]
|
||||
exporters: [clickhousetraces]
|
||||
metrics:
|
||||
receivers: [otlp]
|
||||
processors: [batch]
|
||||
exporters: [clickhousemetricswrite, signozclickhousemetrics]
|
||||
metrics/prometheus:
|
||||
receivers: [prometheus]
|
||||
processors: [batch]
|
||||
exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
|
||||
logs:
|
||||
receivers: [otlp]
|
||||
processors: [batch]
|
||||
exporters: [clickhouselogsexporter]
|
||||
@@ -0,0 +1 @@
|
||||
server_endpoint: ws://signoz:4320/v1/opamp
|
||||
@@ -1,42 +1,20 @@
|
||||
---
|
||||
- name: Deploy Docker Service Configurations
|
||||
hosts: rinoa
|
||||
vars:
|
||||
appdata_base_path: "~/.docker/config/appdata"
|
||||
template_base_path: "{{ playbook_dir }}/app-configs"
|
||||
|
||||
tasks:
|
||||
- name: Recursively collect all Jinja2 templates (*.j2)
|
||||
ansible.builtin.find:
|
||||
paths: "{{ template_base_path }}"
|
||||
patterns: "*.j2"
|
||||
recurse: true
|
||||
register: template_files
|
||||
|
||||
- name: Set relative template path (without .j2) for each file
|
||||
ansible.builtin.set_fact:
|
||||
rel_template_path: >-
|
||||
{{ item.path
|
||||
| regex_replace('^' + (template_base_path | regex_escape) + '/', '')
|
||||
| regex_replace('\\.j2$', '') }}
|
||||
loop: "{{ template_files.files }}"
|
||||
loop_control:
|
||||
loop_var: item
|
||||
register: rel_paths
|
||||
|
||||
- name: Ensure target directories exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ appdata_base_path }}/{{ item.ansible_facts.rel_template_path | dirname }}"
|
||||
path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
loop: "{{ rel_paths.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.ansible_facts.rel_template_path }}"
|
||||
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||
|
||||
- name: Deploy rendered templates
|
||||
- name: Deploy configuration templates
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.item.path | regex_replace('^' + (playbook_dir | regex_escape) + '/', '') }}"
|
||||
dest: "{{ appdata_base_path }}/{{ item.ansible_facts.rel_template_path }}"
|
||||
src: "{{ item }}"
|
||||
dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
|
||||
mode: '0644'
|
||||
loop: "{{ rel_paths.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.ansible_facts.rel_template_path }}"
|
||||
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||
|
||||
+28
-74
@@ -33,9 +33,9 @@ x-maxun: &maxun-env
|
||||
REDIS_PORT: 6379
|
||||
BACKEND_PORT: 8080
|
||||
FRONTEND_PORT: 5173
|
||||
BACKEND_URL: https://scrape.trez.wtf/api
|
||||
BACKEND_URL: http://maxun-backend:8080
|
||||
PUBLIC_URL: https://scrape.trez.wtf
|
||||
VITE_BACKEND_URL: https://scrape.trez.wtf/api
|
||||
VITE_BACKEND_URL: http://maxun-backend:8080
|
||||
VITE_PUBLIC_URL: https://scrape.trez.wtf
|
||||
MAXUN_TELEMETRY: true
|
||||
PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
|
||||
@@ -179,11 +179,6 @@ services:
|
||||
APPRISE_STATEFUL_MODE: simple
|
||||
image: lscr.io/linuxserver/apprise-api:latest
|
||||
labels:
|
||||
cloudflare.tunnel.enable: true
|
||||
cloudflare.tunnel.hostname: apprise.trez.wtf
|
||||
cloudflare.tunnel.service: http://apprise:8000
|
||||
cloudflare.tunnel.zonename: trez.wtf
|
||||
cloudflare.tunnel.no_tls_verify: true
|
||||
homepage.group: Infrastructure/App Performance Monitoring
|
||||
homepage.name: Apprise
|
||||
homepage.icon: apprise.png
|
||||
@@ -453,8 +448,8 @@ services:
|
||||
image: vaultwarden/server:latest
|
||||
labels:
|
||||
homepage.group: Privacy/Security
|
||||
homepage.name: Vaultwarden
|
||||
homepage.icon: vaultwarden.svg
|
||||
homepage.name: Bitwarden
|
||||
homepage.icon: bitwarden.png
|
||||
homepage.href: https://bitwarden.${MY_TLD}
|
||||
homepage.description: Credential/Information Vault
|
||||
swag: enable
|
||||
@@ -713,35 +708,11 @@ services:
|
||||
- ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
|
||||
crowdsec:
|
||||
container_name: crowdsec
|
||||
depends_on:
|
||||
- swag
|
||||
environment:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
GID: 1000
|
||||
BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
|
||||
COLLECTIONS: >-
|
||||
corvese/apache-guacamole
|
||||
crowdsecurity/home-assistant
|
||||
crowdsecurity/http-cve
|
||||
crowdsecurity/iptables
|
||||
crowdsecurity/linux
|
||||
crowdsecurity/mariadb
|
||||
crowdsecurity/nextcloud
|
||||
crowdsecurity/nginx
|
||||
crowdsecurity/whitelist-good-actors
|
||||
Dominic-Wagner/vaultwarden
|
||||
gauth-fr/immich
|
||||
LePresidente/adguardhome
|
||||
LePresidente/authelia
|
||||
LePresidente/gitea
|
||||
LePresidente/jellyfin
|
||||
LePresidente/ombi
|
||||
plague-doctor/audiobookshelf
|
||||
schiz0phr3ne/sonarr
|
||||
sdwilsh/navidrome
|
||||
timokoessler/mongodb
|
||||
timokoessler/uptime-kuma
|
||||
xs539/joplin-server
|
||||
BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
|
||||
COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
|
||||
image: crowdsecurity/crowdsec:latest
|
||||
networks:
|
||||
default: null
|
||||
@@ -751,14 +722,13 @@ services:
|
||||
security_opt:
|
||||
- no-new-privileges=true
|
||||
volumes:
|
||||
# - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
||||
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
|
||||
- ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
|
||||
- ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
|
||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
|
||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
|
||||
- ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro
|
||||
- crowdsec-config:/etc/crowdsec
|
||||
- crowdsec-db:/var/lib/crowdsec/data
|
||||
- /var/log/journal:/var/log/host/journal:ro
|
||||
- /var/log/auth.log:/var/log/host/auth.log:ro
|
||||
- /var/log/journal:/var/log/host:ro
|
||||
crowdsec-dashboard:
|
||||
container_name: crowdsec-dashboard
|
||||
depends_on:
|
||||
@@ -793,7 +763,11 @@ services:
|
||||
- 8908:3000
|
||||
restart: always
|
||||
volumes:
|
||||
- crowdsec-db:/data/
|
||||
- ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
|
||||
- source: crowdsec-db
|
||||
target: /data/
|
||||
type: volume
|
||||
volume: {}
|
||||
cyber-chef:
|
||||
container_name: cyber-chef
|
||||
image: mpepping/cyberchef:latest
|
||||
@@ -871,7 +845,7 @@ services:
|
||||
entrypoint: web-entrypoint.sh
|
||||
environment:
|
||||
RAILS_ENV: development
|
||||
REDIS_URL: redis://redis:6379
|
||||
REDIS_URL: redis://redis:6379/
|
||||
DATABASE_HOST: dawarich-pg-db
|
||||
DATABASE_USERNAME: dawarich
|
||||
DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
|
||||
@@ -923,7 +897,7 @@ services:
|
||||
POSTGRES_USER: dawarich
|
||||
POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
|
||||
healthcheck:
|
||||
test: [ "CMD-SHELL", "pg_isready -U dawarich -d dawarich" ]
|
||||
test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
|
||||
interval: 10s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
@@ -955,7 +929,7 @@ services:
|
||||
entrypoint: sidekiq-entrypoint.sh
|
||||
environment:
|
||||
RAILS_ENV: development
|
||||
REDIS_URL: redis://redis:6379
|
||||
REDIS_URL: redis://redis:6379/
|
||||
DATABASE_HOST: dawarich-pg-db
|
||||
DATABASE_USERNAME: dawarich
|
||||
DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
|
||||
@@ -1373,10 +1347,6 @@ services:
|
||||
GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
|
||||
image: gitea/gitea:1.24.0
|
||||
labels:
|
||||
cloudflare.tunnel.enable: true
|
||||
cloudflare.tunnel.hostname: git-ssh.trez.wtf
|
||||
cloudflare.tunnel.service: http://gitea:22
|
||||
cloudflare.tunnel.no_tls_verify: true
|
||||
homepage.group: Code/DevOps
|
||||
homepage.name: Gitea
|
||||
homepage.href: https://git.${MY_TLD}
|
||||
@@ -3192,12 +3162,10 @@ services:
|
||||
- 8080
|
||||
image: getmaxun/maxun-backend:latest
|
||||
mem_limit: 2g # Set a 2GB memory limit
|
||||
ports:
|
||||
- 8369:8080
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- seccomp=unconfined # This might help with browser sandbox issues
|
||||
shm_size: '2gb' # Increase shared memory size for Chromium
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/dbus:/var/run/dbus
|
||||
maxun-frontend:
|
||||
@@ -3208,10 +3176,6 @@ services:
|
||||
image: getmaxun/maxun-frontend:latest
|
||||
labels:
|
||||
swag: enable
|
||||
swag_server_custom_directive:
|
||||
location /api {
|
||||
proxy_pass http://maxun-backend:8080;
|
||||
}
|
||||
swag_proto: http
|
||||
swag_port: 5173
|
||||
swag_url: scrape.${MY_TLD}
|
||||
@@ -3478,11 +3442,6 @@ services:
|
||||
PORT: 20211
|
||||
image: jokobsk/netalertx:latest
|
||||
labels:
|
||||
cloudflare.tunnel.enable: true
|
||||
cloudflare.tunnel.hostname: net.trez.wtf
|
||||
cloudflare.tunnel.service: http://192.168.1.254:20211
|
||||
cloudflare.tunnel.zonename: trez.wtf
|
||||
cloudflare.tunnel.no_tls_verify: true
|
||||
homepage.group: Infrastructure/App Performance Monitoring
|
||||
homepage.name: NetAlertX
|
||||
homepage.href: http://192.168.1.254:20211
|
||||
@@ -3959,12 +3918,12 @@ services:
|
||||
homepage.group: Downloaders
|
||||
homepage.name: qBittorrent
|
||||
homepage.href: https://qbit.${MY_TLD}
|
||||
homepage.icon: qbittorrent.svg
|
||||
homepage.description: Fast and stable torrent client
|
||||
homepage.icon: qBittorrent.svg
|
||||
homepage.description: qbittorrentvpn over VPN
|
||||
homepage.widget.type: qbittorrent
|
||||
homepage.widget.url: http://qbittorrentvpn:8080
|
||||
homepage.widget.user: admin
|
||||
homepage.widget.password: ${DELUGEVPN_PASSWORD}
|
||||
homepage.widget.password: "${DELUGEVPN_PASSWORD}"
|
||||
swag: enable
|
||||
swag_port: 8080
|
||||
swag_proto: http
|
||||
@@ -4446,14 +4405,9 @@ services:
|
||||
- "/dev/sdf:/dev/sdf:rwm"
|
||||
image: ghcr.io/analogj/scrutiny:master-omnibus
|
||||
labels:
|
||||
cloudflare.tunnel.enable: true
|
||||
cloudflare.tunnel.hostname: smartd.trez.wtf
|
||||
cloudflare.tunnel.service: http://scrutiny:8080
|
||||
cloudflare.tunnel.zonename: trez.wtf
|
||||
cloudflare.tunnel.no_tls_verify: true
|
||||
homepage.group: Infrastructure/App Performance Monitoring
|
||||
homepage.name: Scrutiny
|
||||
homepage.href: https://smartd.trez.wtf
|
||||
homepage.href: http://192.168.1.254:8909
|
||||
homepage.icon: scrutiny.png
|
||||
homepage.description: WebUI for smartd S.M.A.R.T monitoring
|
||||
homepage.widget.type: scrutiny
|
||||
@@ -4681,7 +4635,7 @@ services:
|
||||
signoz-schema-migrator-sync:
|
||||
<<: *signoz-common
|
||||
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
||||
container_name: signoz-schema-migrator-sync
|
||||
container_name: schema-migrator-sync
|
||||
command:
|
||||
- sync
|
||||
- --dsn=tcp://signoz-clickhouse:9000
|
||||
@@ -4693,7 +4647,7 @@ services:
|
||||
signoz-schema-migrator-async:
|
||||
<<: *signoz-db-depend
|
||||
image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
|
||||
container_name: signoz-schema-migrator-async
|
||||
container_name: schema-migrator-async
|
||||
command:
|
||||
- async
|
||||
- --dsn=tcp://signoz-clickhouse:9000
|
||||
@@ -4951,9 +4905,9 @@ services:
|
||||
TZ: America/New_York
|
||||
URL: trez.wtf
|
||||
VALIDATION: dns
|
||||
CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
|
||||
CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||
CROWDSEC_LAPI_URL: http://crowdsec:8080
|
||||
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma
|
||||
DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install #|ghcr.io/linuxserver/mods:swag-crowdsec#|linuxserver/mods:swag-auto-uptime-kuma
|
||||
INSTALL_PACKAGES: nginx-mod-http-js
|
||||
PROPAGATION: 30
|
||||
UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
|
||||
|
||||
Reference in New Issue
Block a user