Adding cron workflow for unsealing HC Vault.

Auto Merge of PR 38 - dawarich-misc-fixes
Merged by Trez.One
2025-04-20 11:13:39 -04:00 · 2025-04-17 12:12:41 -04:00 · 2025-04-17 16:08:36 +00:00 · 2025-04-17 10:55:04 -04:00 · 2025-04-17 09:53:32 -04:00 · 2025-04-17 09:30:32 -04:00
8 changed files with 508 additions and 398 deletions
@@ -0,0 +1,28 @@
+name: Auto-Unseal for Vault
+on:
+  schedule:
+    - cron: "30 2 * * *"
+jobs:
+  auto-unseal:
+    name: Unseal Vault
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_SHARDS: |
+        ${{ secrets.VAULT_UNSEAL_SHARDS }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Unseal Vault
+        run: |
+          for vault_shard in $(cat ${VAULT_SHARDS}); do
+            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
+          done
@@ -6,6 +6,7 @@
 | --- | --- |
 | actual_server | docker.io/actualbudget/actual-server:latest |
 | adguard | adguard/adguardhome:latest |
+| apprise-api | lscr.io/linuxserver/apprise-api:latest |
 | archivebox | archivebox/archivebox:latest |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
@@ -18,10 +19,6 @@
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
 | browserless | ghcr.io/browserless/chromium:latest |
-| bunkerweb | bunkerity/bunkerweb:1.6.0 |
-| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:1.6.0 |
-| bunkerweb-autoconf | bunkerity/bunkerweb-autoconf:1.6.0 |
-| bunkerweb-ui | bunkerity/bunkerweb-ui:1.6.0 |
 | bytebase | bytebase/bytebase:3.5.0 |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
@@ -39,8 +36,8 @@
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
 | docker-volume-backup | offen/docker-volume-backup:v2 |
-| docuseal | docuseal/docuseal:latest |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
+| explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
 | ghost | ghost:latest |
@@ -83,6 +80,7 @@
 | lidify | thewicklowwolf/lidify:latest |
 | linkstack | linkstackorg/linkstack:latest |
 | lldap | lldap/lldap:stable |
+| loggifly | ghcr.io/clemcer/loggifly:latest |
 | maloja | krateng/maloja:latest |
 | manyfold | lscr.io/linuxserver/manyfold:latest |
 | mariadb | linuxserver/mariadb |
@@ -96,11 +94,6 @@
 | n8n | docker.n8n.io/n8nio/n8n |
 | navidrome | deluan/navidrome:latest |
 | netalertx | jokobsk/netalertx:latest |
-| netbird-dashboard | netbirdio/dashboard:latest |
-| netbird-signal | netbirdio/signal:latest |
-| netbird-relay | netbirdio/relay:latest |
-| netbird-management | netbirdio/management:latest |
-| netbird-coturn | coturn/coturn:latest |
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
@@ -108,7 +101,7 @@
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
-| portainer | portainer/portainer-ce:2.27.0-alpine |
+| portainer | portainer/portainer-ce:alpine |
 | portall | need4swede/portall:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
@@ -132,10 +125,6 @@
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
 | sonashow | thewicklowwolf/sonashow:latest |
-| soularr | mrusse08/soularr:latest |
-| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
-| soulseek | slskd/slskd |
-| sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
 | stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
 | stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
@@ -150,6 +139,5 @@
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
-| your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |

@@ -0,0 +1,3 @@
+urls:
+  - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
+  - mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
@@ -9,7 +9,7 @@
      "host"     : "mariadb",
      "user"     : "ghost",
      "password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
-      "database" : "ghost"
+      "database" : "ghost_db"
    }
  },
  "mail": {
@@ -30,7 +30,7 @@
  },
  "privacy": {
    "useGravatar": true
-  }
+  },
  "logging": {
    "level": "info",
    "rotation": {
@@ -11,10 +11,10 @@ providers:
 title: Rinoa Dashboard (trez.WTF)
 headerStyle: underlined
 color: slate
-showStats: true
+showStats: false
 statusStyle: "dot"
 favicon: /icons/favicon.ico
-useEqualHeights: false
+useEqualHeights: true
 hideErrors: false
 searchDescriptions: true
 showSearchSuggestions: true
@@ -26,10 +26,10 @@ layout:
    columns: 4
  Infrastructure/App Performance Monitoring:
    style: row
-    columns: 4
+    columns: 3
  Code/DevOps:
    style: row
-    columns: 4
+    columns: 3
  Social:
    style: row
    columns: 4
@@ -41,7 +41,7 @@ layout:
    columns: 5
  Privacy/Security:
    style: row
-    columns: 3
+    columns: 5
  Personal/Professional Services:
    style: row
    columns: 5
@@ -50,7 +50,7 @@ layout:
    columns: 3
  Downloaders:
    style: row
-    columns: 3
+    columns: 2
  Media Library:
    style: row
-    columns: 3
+    columns: 4
@@ -0,0 +1,23 @@
+containers:
+  immich-server:
+    action_keywords:
+      - restart:
+          regex: 'ADVICE:.*error'
+global_keywords:
+  keywords:
+    - panic
+  keywords_with_attachment:
+    - fatal
+notifications:
+  apprise:
+    url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}    # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
+# settings are optional because they all have default values
+settings:
+  log_level: INFO               # DEBUG, INFO, WARNING, ERROR
+  notification_cooldown: 5      # Seconds between alerts for same keyword (per container)
+  attachment_lines: 20          # Number of Lines to include in log attachments
+  multi_line_entries: true      # Detect multi-line log entries
+  disable_restart: false        # Disable restart when a config change is detected
+  disable_start_message: false  # Suppress startup notification
+  disable_shutdown_message: false  # Suppress shutdown notification
+  disable_restart_message: false   # Suppress config reload notification
@@ -25,7 +25,7 @@
      "type": "spotify",
      "enable": true,
      "clients": [],
-      "name": "Spotify",
+      "name": "spotify",
      "data": {
        "clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
        "clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
@@ -34,7 +34,7 @@
    },
    {
      "type:": "lastfm",
-      "name": "Last.fm",
+      "name": "lastfm",
      "enable": true,
      "data": {
        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
@@ -44,7 +44,7 @@
    },
    {
      "type": "listenbrainz",
-      "name": "ListenBrainz",
+      "name": "listenBrainz",
      "enable": true,
      "data": {
        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
@@ -53,7 +53,7 @@
    },
    {
      "type": "subsonic",
-      "name": "Navidrome",
+      "name": "navidrome",
      "enable": true,
      "data": {
        "url": "http://navidrome:4533",
@@ -65,7 +65,7 @@
  "clients": [
    {
      "type": "lastfm",
-      "name": "Last.fm Client",
+      "name": "lastFmClient",
      "enable": true,
      "data": {
        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
@@ -75,7 +75,7 @@
    },
    {
      "type": "listenbrainz",
-      "name": "ListenBrainz Client",
+      "name": ";istenBrainzClient",
      "enable": true,
      "data": {
        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
@@ -85,7 +85,7 @@
    {
      "type": "maloja",
      "enable": true,
-      "name": "Maloja",
+      "name": "maloja",
      "data": {
        "url": "http://maloja:42010",
        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
Author	SHA1	Message	Date
Trez.One	66afa1519d	Adding cron workflow for unsealing HC Vault. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Has been cancelled Details	2025-04-20 11:13:39 -04:00
gitea-sonarqube-bot	4257aa7662	Auto Merge of PR 38 - dawarich-misc-fixes Merged by Trez.One	2025-04-17 12:12:41 -04:00
Trez.One	119153e4d6	chore: Update README	2025-04-17 16:08:36 +00:00
Trez.One	5389661934	Fixes for Sonashow, Dawarich, and Multi-Scrobbler services. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 20m33s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Successful in 18m44s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Successful in 3m22s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 9m52s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Successful in 2m8s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Successful in 18m24s Details	2025-04-17 10:55:04 -04:00
Trez.One	5a0ec9ff35	Dawarich fix.	2025-04-17 09:53:32 -04:00
Trez.One	90ec74b32b	Narrowing Loggifly scope for now.	2025-04-17 09:30:32 -04:00
Trez.One	1f90b9d6fe	AdGuard fix for DNS listener.	2025-04-17 06:51:41 -04:00
Trez.One	e9191b5949	AdGuard and Immich tweaks.	2025-04-17 06:07:44 -04:00
Trez.One	bd566ea665	AdGuard and Immich tweaks.	2025-04-17 06:04:11 -04:00
Trez.One	6e2fbfd217	Tweaks to AdGuard volumes.	2025-04-16 12:25:04 -04:00
Trez.One	c1a05f7387	Adguard changes.	2025-04-16 12:10:38 -04:00
Trez.One	25a2c240a7	Minor changes to Apprise and Explo services.	2025-04-11 06:07:41 -04:00
Trez.One	230054cb13	Adding containers to Loggifly monitoring.	2025-04-08 17:44:58 -04:00
Trez.One	a100484a44	Config change for apprise.	2025-04-07 09:09:45 -04:00
Trez.One	f98ef75dc6	Minor fixes for Loggifly and other services.	2025-04-06 19:03:54 -04:00
gitea-sonarqube-bot	bfcf9a8cda	Auto Merge of PR 37 - loggifly-apprise-deployment Merged by Trez.One	2025-04-06 14:48:03 -04:00
Trez.One	609e9f62ba	Typo fixes. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 10m30s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Successful in 24m10s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Successful in 8m21s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 37s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Successful in 3m56s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Successful in 29m0s Details	2025-04-06 14:03:02 -04:00
Trez.One	e4409f164a	Merge remote-tracking branch 'refs/remotes/origin/loggifly-apprise-deployment' into loggifly-apprise-deployment Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 1m52s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Failing after 31m55s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Has been skipped Details	2025-04-06 13:26:09 -04:00
Trez.One	364a501073	Apprise and Loggifly filename fixes; adding labels for Apprise.	2025-04-06 13:25:51 -04:00
gitea-sonarqube-bot	ccfb6a9b31	Auto Merge of PR 36 - loggifly-apprise-deployment Merged by Trez.One	2025-04-06 10:56:59 -04:00
Trez.One	f07db816fa	chore: Update README	2025-04-06 14:55:51 +00:00
Trez.One	c34fddc96f	Adding Apprise and Loggifly services. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 15m12s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Successful in 20m44s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Successful in 1m28s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 2m56s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Successful in 46s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Successful in 29m53s Details	2025-04-06 09:52:28 -04:00
Trez.One	4ca0e6d491	Adding configs for Apprise and Loggifly.	2025-04-06 09:52:28 -04:00
Trez.One	171303b2ca	Merge remote-tracking branch 'refs/remotes/origin/main'	2025-04-05 08:43:35 -04:00
Trez.One	37f1a624f8	Adding port for AdGuard.	2025-04-05 08:42:06 -04:00
gitea-sonarqube-bot	6f4f0f0b5a	Auto Merge of PR 35 - uptimekuma-monitor-swag-log-adjustments-explo-deploy Merged by Trez.One	2025-04-03 18:43:28 -04:00
Trez.One	966dd5571d	chore: Update README	2025-04-03 22:36:52 +00:00
Trez.One	86e2fb1ff5	Fixing volume typo for Explo. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 6m51s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Successful in 37m45s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Successful in 11m51s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Successful in 9m0s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Successful in 5m34s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Successful in 34m32s Details	2025-04-03 12:59:48 -04:00
Trez.One	f767111741	Adding longer interval for Uptime-Kuma checks, nginx access/error logging per-service; service Explo. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Successful in 10m59s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Failing after 32m20s Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README & Generate List of Modified Services (push) Has been skipped Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Ansible Configs & Docker Compose Deployment (push) Has been skipped Details	2025-04-02 20:05:30 -04:00
Trez.One	cdc39625e6	...	2025-04-02 10:42:12 -04:00
Trez.One	ebadf586cc	Removing a few unused services.	2025-03-29 19:49:37 -04:00
Trez.One	d893d57aaf	...	2025-03-26 07:38:17 -04:00
Trez.One	c3872c22a7	Removing Bunkerweb and Netbird.	2025-03-23 11:32:44 -04:00
Trez.One	2f77378334	Merge remote-tracking branch 'refs/remotes/origin/main'	2025-03-22 11:57:12 -04:00
Trez.One	823a455718	Readding envs for Ghost.	2025-03-22 11:56:10 -04:00
Trez.One	0898c75458	Disabling Docker stats for Homepage.	2025-03-22 11:51:31 -04:00
Trez.One	5a13640f38	Merge remote-tracking branch 'refs/remotes/origin/main'	2025-03-21 12:29:06 -04:00
Trez.One	d261db50b6	Reverting back to env vars for Ghost.	2025-03-21 12:28:42 -04:00
Trez.One	cd9ee63a0a	Merge remote-tracking branch 'refs/remotes/origin/main'	2025-03-21 09:58:24 -04:00
Trez.One	8835d29fa5	Tweaks to Ghost.	2025-03-21 09:51:48 -04:00
Trez.One	8371737c46	Correction in Ghost config.	2025-03-21 06:33:44 -04:00
gitea-sonarqube-bot	0f6795d296	Auto Merge of PR 34 - ghost-config-redeploy Merged by Trez.One	2025-03-20 22:27:59 -04:00
Trez.One	cb10b4073f	chore: Update README	2025-03-21 02:24:40 +00:00