Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| cc9c76d958 |
@@ -6,7 +6,6 @@ on:
|
|||||||
- 'main'
|
- 'main'
|
||||||
paths:
|
paths:
|
||||||
- '**.j2'
|
- '**.j2'
|
||||||
- '**/pr-ansible-config-deployment.yaml'
|
|
||||||
- 'ansible/**.yml'
|
- 'ansible/**.yml'
|
||||||
jobs:
|
jobs:
|
||||||
check-and-create-pr:
|
check-and-create-pr:
|
||||||
@@ -42,7 +41,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||||
@@ -50,7 +49,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -58,8 +57,8 @@ jobs:
|
|||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||||
notification_title: 'GITEA: PR Check'
|
notification_title: 'GITEA: PR Check'
|
||||||
notification_message: 'PR Created 🎟️'
|
notification_message: 'PR Created 🎟️'
|
||||||
ansible-dry-run:
|
ansible-linting:
|
||||||
name: Ansible Dry Run
|
name: Docker Compose & Ansible Lints
|
||||||
needs: [check-and-create-pr]
|
needs: [check-and-create-pr]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
@@ -69,6 +68,9 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
- name: Fetch base branch
|
||||||
|
run: |
|
||||||
|
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||||
- name: Cache Ansible Galaxy Collections
|
- name: Cache Ansible Galaxy Collections
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
with:
|
with:
|
||||||
@@ -79,12 +81,11 @@ jobs:
|
|||||||
- name: Install Ansible
|
- name: Install Ansible
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
with:
|
with:
|
||||||
version: "11.4.0"
|
version: "11.0.0"
|
||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Install hvac
|
- name: Install hvac
|
||||||
run: |
|
run: pip install hvac
|
||||||
pip install hvac
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -93,26 +94,26 @@ jobs:
|
|||||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||||
notification_message: 'Starting Ansible dry run...'
|
notification_message: 'Starting Ansible dry run...'
|
||||||
- name: Ansible Playbook Dry Run
|
- name: Ansible Playbook Dry Run
|
||||||
uses: dawidd6/action-ansible-playbook@v3
|
uses: arillso/action.playbook@0.1.0
|
||||||
with:
|
with:
|
||||||
directory: ansible/
|
check: true
|
||||||
playbook: docker_config_deploy.yml
|
galaxy_collections_path: ansible/collections
|
||||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||||
|
inventory: ansible/inventory/hosts.yml
|
||||||
|
playbook: ansible/docker_config_deploy.yml
|
||||||
|
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||||
requirements: collections/requirements.yml
|
verbose: 0
|
||||||
options: |
|
|
||||||
--check
|
|
||||||
--inventory inventory/hosts.yml
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||||
notification_title: 'GITEA: Ansible Dry Run @ Rinoa'
|
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
||||||
notification_message: 'Ansible dry run completed successfully.'
|
notification_message: 'Docker Compose dry run completed successfully.'
|
||||||
pr-merge:
|
pr-merge:
|
||||||
name: PR Merge
|
name: PR Merge
|
||||||
needs: [ansible-dry-run]
|
needs: [regenerate-readme-modified-services]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
@@ -152,10 +153,6 @@ jobs:
|
|||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
ref: main
|
ref: main
|
||||||
- name: Set up Python
|
|
||||||
uses: actions/setup-python@v4
|
|
||||||
with:
|
|
||||||
python-version: 3.12
|
|
||||||
- name: Cache Vault install
|
- name: Cache Vault install
|
||||||
id: cache-vault
|
id: cache-vault
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
@@ -165,12 +162,11 @@ jobs:
|
|||||||
- name: Install Ansible
|
- name: Install Ansible
|
||||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
with:
|
with:
|
||||||
version: "11.4.0"
|
version: "11.0.0"
|
||||||
- name: Install Vault
|
- name: Install Vault
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
- name: Install hvac
|
- name: Install hvac
|
||||||
run: |
|
run: pip install hvac
|
||||||
pip install hvac
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -179,15 +175,15 @@ jobs:
|
|||||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||||
notification_message: 'Starting config deployment with Ansible...'
|
notification_message: 'Starting config deployment with Ansible...'
|
||||||
- name: Ansible Playbook Config Deploy
|
- name: Ansible Playbook Config Deploy
|
||||||
uses: dawidd6/action-ansible-playbook@v3
|
uses: arillso/action.playbook@0.1.0
|
||||||
with:
|
with:
|
||||||
directory: ansible/
|
check: false
|
||||||
playbook: docker_config_deploy.yml
|
galaxy_collections_path: ansible/collections
|
||||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||||
|
inventory: ansible/inventory/hosts.yml
|
||||||
|
playbook: ansible/docker_config_deploy.yml
|
||||||
|
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||||
requirements: collections/requirements.yml
|
|
||||||
options: |
|
|
||||||
--inventory inventory/hosts.yml
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -8,10 +8,6 @@ on:
|
|||||||
- '**/docker-compose.yml'
|
- '**/docker-compose.yml'
|
||||||
- '**/pr-cloudflare-docker-deploy.yml'
|
- '**/pr-cloudflare-docker-deploy.yml'
|
||||||
- '!ansible/**.yml'
|
- '!ansible/**.yml'
|
||||||
env:
|
|
||||||
FLARECTL_VERSION: '0.115.0'
|
|
||||||
HC_VAULT_VERSION: '1.20.0'
|
|
||||||
TEA_VERSION: '0.10.1'
|
|
||||||
jobs:
|
jobs:
|
||||||
check-and-create-pr:
|
check-and-create-pr:
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/main'
|
||||||
@@ -26,14 +22,14 @@ jobs:
|
|||||||
id: cache-tea
|
id: cache-tea
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
with:
|
with:
|
||||||
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
|
path: /opt/hostedtoolcache/tea/0.9.2/x64
|
||||||
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
|
key: tea-${{ runner.os }}-0.9.2
|
||||||
- name: Install tea
|
- name: Install tea
|
||||||
uses: supplypike/setup-bin@v4
|
uses: supplypike/setup-bin@v4
|
||||||
with:
|
with:
|
||||||
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
|
uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
|
||||||
name: tea
|
name: 'tea'
|
||||||
version: ${{ env.TEA_VERSION }}
|
version: '0.9.2'
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -46,7 +42,7 @@ jobs:
|
|||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||||
@@ -54,7 +50,7 @@ jobs:
|
|||||||
tea login default gitea-rinoa
|
tea login default gitea-rinoa
|
||||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||||
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -62,25 +58,26 @@ jobs:
|
|||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||||
notification_title: 'GITEA: PR Check'
|
notification_title: 'GITEA: PR Check'
|
||||||
notification_message: 'PR Created 🎟️'
|
notification_message: 'PR Created 🎟️'
|
||||||
generate-service-list:
|
docker-compose-dry-run:
|
||||||
name: Generate list of added/modified/deleted services
|
name: Docker Compose Dry Run
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: [check-and-create-pr]
|
needs: [check-and-create-pr]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||||
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||||
|
VAULT_NAMESPACE: ""
|
||||||
|
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||||
outputs:
|
outputs:
|
||||||
svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
|
svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Fetch base branch
|
- name: Fetch base branch
|
||||||
run: |
|
run: |
|
||||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||||
- name: Gotify Notification
|
- name: Login to Gitea Container Registry
|
||||||
uses: eikendev/gotify-action@master
|
run: |
|
||||||
with:
|
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
|
||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
|
||||||
notification_title: 'GITEA: Services TBD'
|
|
||||||
notification_message: 'Generating list of services to deploy...'
|
|
||||||
- name: Save both versions of docker-compose.yml
|
- name: Save both versions of docker-compose.yml
|
||||||
run: |
|
run: |
|
||||||
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
||||||
@@ -110,40 +107,10 @@ jobs:
|
|||||||
echo "Detected service changes:"
|
echo "Detected service changes:"
|
||||||
cat service_changes.txt
|
cat service_changes.txt
|
||||||
|
|
||||||
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
|
svc_list=$(paste -sd '|' service_changes.txt)
|
||||||
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
|
||||||
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
|
- name: Install Vault
|
||||||
echo "EOF" >> "$GITHUB_OUTPUT"
|
|
||||||
- name: List of Services for (Re)Deployment
|
|
||||||
run: |
|
|
||||||
echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
|
|
||||||
docker-compose-dry-run:
|
|
||||||
name: Docker Compose Dry Run
|
|
||||||
needs: [generate-service-list]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
env:
|
|
||||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
|
||||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
|
||||||
VAULT_NAMESPACE: ""
|
|
||||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
|
||||||
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
- name: Login to Gitea Container Registry
|
|
||||||
run: |
|
|
||||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
|
||||||
- name: Cache Vault install
|
|
||||||
id: cache-vault
|
|
||||||
uses: actions/cache@v4
|
|
||||||
with:
|
|
||||||
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
|
|
||||||
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
|
|
||||||
- name: Install Vault (only if not cached)
|
|
||||||
if: steps.cache-vault.outputs.cache-hit != 'true'
|
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
with:
|
|
||||||
version: ${{ env.HC_VAULT_VERSION }}
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -151,20 +118,37 @@ jobs:
|
|||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||||
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
||||||
notification_message: 'Starting Docker Compose dry run...'
|
notification_message: 'Starting Docker Compose dry run...'
|
||||||
- name: Generate .env file for Docker Compose
|
- name: Cache .env Files
|
||||||
|
uses: actions/cache@v4
|
||||||
|
with:
|
||||||
|
path: .env
|
||||||
|
key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
|
||||||
|
- name: Generate modified services list & .env file for Docker Compose Dry Run
|
||||||
|
id: modded_svcs
|
||||||
run: |
|
run: |
|
||||||
|
mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
|
||||||
|
echo ${mod_svcs}
|
||||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||||
echo ${DOCKER_SVC_LIST}
|
echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
|
||||||
|
- name: Testing service list output
|
||||||
|
run: |
|
||||||
|
echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||||
- name: Docker Compose Dry Run
|
- name: Docker Compose Dry Run
|
||||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
timeout-minutes: 360
|
||||||
|
continue-on-error: true
|
||||||
|
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||||
|
with:
|
||||||
|
ssh_host: 192.168.1.254
|
||||||
|
ssh_port: 22
|
||||||
|
ssh_user: gitea-deploy
|
||||||
|
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||||
|
service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||||
|
compose_file: docker-compose.yml
|
||||||
|
pull: false
|
||||||
|
build: false
|
||||||
|
options: -d --remove-orphans
|
||||||
env:
|
env:
|
||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
with:
|
|
||||||
services: |
|
|
||||||
${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
|
||||||
up-flags: -d --remove-orphans --dry-run
|
|
||||||
down-flags: --dry-run
|
|
||||||
compose-flags: --dry-run
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
@@ -174,7 +158,7 @@ jobs:
|
|||||||
notification_message: 'Docker Compose dry run completed successfully.'
|
notification_message: 'Docker Compose dry run completed successfully.'
|
||||||
cloudflare-dns-setup:
|
cloudflare-dns-setup:
|
||||||
name: Cloudflare DNS Setup
|
name: Cloudflare DNS Setup
|
||||||
needs: [docker-compose-dry-run]
|
needs: [docker-compose-ansible-lints]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
@@ -185,13 +169,13 @@ jobs:
|
|||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
with:
|
with:
|
||||||
path: ~/.flarectl
|
path: ~/.flarectl
|
||||||
key: flarectl-${{ runner.os }}-${{ env.FLARECTL_VERSION }}-${{ hashFiles('workflow-config.yml') }}
|
key: flarectl-${{ runner.os }}-${{ hashFiles('workflow-config.yml') }}
|
||||||
- name: Install flarectl
|
- name: Install flarectl
|
||||||
uses: supplypike/setup-bin@v4
|
uses: supplypike/setup-bin@v4
|
||||||
with:
|
with:
|
||||||
uri: https://github.com/cloudflare/cloudflare-go/releases/download/v${{ env.FLARECTL_VERSION }}/flarectl_${{ env.FLARECTL_VERSION }}_linux_amd64.tar.gz
|
uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
|
||||||
name: flarectl
|
name: 'flarectl'
|
||||||
version: ${{ env.FLARECTL_VERSION }}
|
version: '0.113.0'
|
||||||
- name: Cache Subdomain Files
|
- name: Cache Subdomain Files
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
with:
|
with:
|
||||||
@@ -290,18 +274,12 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Cache tea CLI
|
|
||||||
id: cache-tea
|
|
||||||
uses: actions/cache@v4
|
|
||||||
with:
|
|
||||||
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
|
|
||||||
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
|
|
||||||
- name: Install tea
|
- name: Install tea
|
||||||
uses: supplypike/setup-bin@v4
|
uses: supplypike/setup-bin@v4
|
||||||
with:
|
with:
|
||||||
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
|
uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
|
||||||
name: tea
|
name: 'tea'
|
||||||
version: ${{ env.TEA_VERSION }}
|
version: '0.9.2'
|
||||||
- name: PR Merge
|
- name: PR Merge
|
||||||
id: pr_merge
|
id: pr_merge
|
||||||
run: |
|
run: |
|
||||||
@@ -321,13 +299,13 @@ jobs:
|
|||||||
docker-compose-deploy:
|
docker-compose-deploy:
|
||||||
name: Docker Compose Deployment
|
name: Docker Compose Deployment
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: [generate-service-list, docker-compose-dry-run, pr-merge]
|
needs: [docker-compose-dry-run, pr-merge]
|
||||||
env:
|
env:
|
||||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||||
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
DOCKER_SVC_LIST: ${{ needs.docker-compose-dry-run.outputs.svc_deploy_list }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
@@ -337,13 +315,14 @@ jobs:
|
|||||||
id: cache-vault
|
id: cache-vault
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
with:
|
with:
|
||||||
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
|
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
||||||
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
|
key: vault-${{ runner.os }}-1.18.0
|
||||||
- name: Install Vault (only if not cached)
|
- name: Install Ansible
|
||||||
if: steps.cache-vault.outputs.cache-hit != 'true'
|
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||||
uses: cpanato/vault-installer@main
|
|
||||||
with:
|
with:
|
||||||
version: ${{ env.HC_VAULT_VERSION }}
|
version: "11.0.0"
|
||||||
|
- name: Install Vault
|
||||||
|
uses: cpanato/vault-installer@main
|
||||||
- name: Login to Gitea Container Registry
|
- name: Login to Gitea Container Registry
|
||||||
run: |
|
run: |
|
||||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||||
@@ -357,24 +336,22 @@ jobs:
|
|||||||
- name: Generate .env file for deployment
|
- name: Generate .env file for deployment
|
||||||
run: |
|
run: |
|
||||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||||
echo ${DOCKER_SVC_LIST}
|
- name: Docker Compose Dry Run
|
||||||
- name: Docker Compose Deployment
|
timeout-minutes: 360
|
||||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
continue-on-error: true
|
||||||
|
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||||
env:
|
env:
|
||||||
DOCKER_HOST: tcp://dockerproxy:2375
|
DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
with:
|
with:
|
||||||
services: |
|
ssh_host: 192.168.1.254
|
||||||
${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
ssh_port: 22
|
||||||
up-flags: -d --remove-orphans
|
ssh_user: gitea-deploy
|
||||||
down-flags: --dry-run
|
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||||
- name: Docker Compose Healthcheck
|
service: ${DOCKER_SVC_LIST}
|
||||||
uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
|
compose_file: docker-compose.yml
|
||||||
with:
|
pull: false
|
||||||
max-retries: 30
|
build: false
|
||||||
retry-interval: 10
|
options: -d --remove-orphans
|
||||||
compose-file: "docker-compose.yml"
|
|
||||||
skip-exited: "true"
|
|
||||||
skip-no-healthcheck: "true"
|
|
||||||
- name: Gotify Notification
|
- name: Gotify Notification
|
||||||
uses: eikendev/gotify-action@master
|
uses: eikendev/gotify-action@master
|
||||||
with:
|
with:
|
||||||
|
|||||||
@@ -1,10 +1,7 @@
|
|||||||
name: Auto-Unseal for Vault
|
name: Auto-Unseal for Vault
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '30 5 * * *'
|
- cron: "30 2 * * *"
|
||||||
env:
|
|
||||||
HC_VAULT_VERSION: '1.20.0'
|
|
||||||
jobs:
|
jobs:
|
||||||
auto-unseal:
|
auto-unseal:
|
||||||
name: Unseal Vault
|
name: Unseal Vault
|
||||||
@@ -12,36 +9,20 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||||
VAULT_SHARDS: ${{ secrets.VAULT_UNSEAL_SHARDS }}
|
VAULT_SHARDS: |
|
||||||
|
${{ secrets.VAULT_UNSEAL_SHARDS }}
|
||||||
VAULT_NAMESPACE: ""
|
VAULT_NAMESPACE: ""
|
||||||
steps:
|
steps:
|
||||||
- name: Vault Unseal Start
|
|
||||||
uses: eikendev/gotify-action@master
|
|
||||||
with:
|
|
||||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
|
||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
|
||||||
notification_title: 'GITEA: HC Vault @ Rinoa'
|
|
||||||
notification_message: 'Hashicorp Vault unsealing started... 🔐'
|
|
||||||
- name: Cache Vault install
|
- name: Cache Vault install
|
||||||
id: cache-vault
|
id: cache-vault
|
||||||
uses: actions/cache@v4
|
uses: actions/cache@v4
|
||||||
with:
|
with:
|
||||||
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
|
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
||||||
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
|
key: vault-${{ runner.os }}-1.18.0
|
||||||
- name: Install Vault (only if not cached)
|
- name: Install Vault
|
||||||
if: steps.cache-vault.outputs.cache-hit != 'true'
|
|
||||||
uses: cpanato/vault-installer@main
|
uses: cpanato/vault-installer@main
|
||||||
with:
|
|
||||||
version: ${{ env.HC_VAULT_VERSION }}
|
|
||||||
- name: Unseal Vault
|
- name: Unseal Vault
|
||||||
run: |
|
run: |
|
||||||
for vault_shard in $VAULT_SHARDS; do
|
for vault_shard in $(echo ${VAULT_SHARDS}); do
|
||||||
vault operator unseal -address="${VAULT_ADDR}" -non-interactive "${vault_shard}"
|
vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
|
||||||
done
|
done
|
||||||
- name: Vault Unseal Completion
|
|
||||||
uses: eikendev/gotify-action@master
|
|
||||||
with:
|
|
||||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
|
||||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
|
||||||
notification_title: 'GITEA: HC Vault @ Rinoa'
|
|
||||||
notification_message: 'Hashicorp Vault unsealed! 🔓'
|
|
||||||
@@ -4,16 +4,13 @@
|
|||||||
|
|
||||||
| Service | Image |
|
| Service | Image |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| 13ft | ghcr.io/wasi-master/13ft:latest |
|
|
||||||
| actual_server | docker.io/actualbudget/actual-server:latest |
|
| actual_server | docker.io/actualbudget/actual-server:latest |
|
||||||
| adguard | adguard/adguardhome:latest |
|
| adguard | adguard/adguardhome:latest |
|
||||||
| apprise-api | lscr.io/linuxserver/apprise-api:latest |
|
| apprise-api | lscr.io/linuxserver/apprise-api:latest |
|
||||||
| archivebox | archivebox/archivebox:latest |
|
| archivebox | archivebox/archivebox:latest |
|
||||||
| argus | quay.io/argus-io/argus:latest |
|
|
||||||
| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
|
| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
|
||||||
| authelia | authelia/authelia:master |
|
| authelia | authelia/authelia:master |
|
||||||
| authelia-pg | postgres:16-alpine |
|
| authelia-pg | postgres:16-alpine |
|
||||||
| authelia-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| bazarr | lscr.io/linuxserver/bazarr:latest |
|
| bazarr | lscr.io/linuxserver/bazarr:latest |
|
||||||
| beszel | henrygd/beszel:latest |
|
| beszel | henrygd/beszel:latest |
|
||||||
| beszel-agent | henrygd/beszel-agent:latest |
|
| beszel-agent | henrygd/beszel-agent:latest |
|
||||||
@@ -22,35 +19,27 @@
|
|||||||
| browserless | ghcr.io/browserless/chromium:latest |
|
| browserless | ghcr.io/browserless/chromium:latest |
|
||||||
| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
|
| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
|
||||||
| castopod | castopod/castopod:latest |
|
| castopod | castopod/castopod:latest |
|
||||||
| castopod-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| changedetection | ghcr.io/dgtlmoon/changedetection.io |
|
|
||||||
| changedetection-chrome | dgtlmoon/sockpuppetbrowser:latest |
|
|
||||||
| chrome | gcr.io/zenika-hub/alpine-chrome:123 |
|
|
||||||
| clipcascade | sathvikrao/clipcascade:latest |
|
|
||||||
| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
|
| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
|
||||||
| convertx | ghcr.io/c4illin/convertx |
|
| convertx | ghcr.io/c4illin/convertx |
|
||||||
|
| cronicle | elestio/cronicle:latest |
|
||||||
| crowdsec | crowdsecurity/crowdsec:latest |
|
| crowdsec | crowdsecurity/crowdsec:latest |
|
||||||
| crowdsec-dashboard | metabase/metabase |
|
| crowdsec-dashboard | metabase/metabase |
|
||||||
| cyber-chef | mpepping/cyberchef:latest |
|
| cyber-chef | mpepping/cyberchef:latest |
|
||||||
| czkawka | jlesage/czkawka |
|
| czkawka | jlesage/czkawka |
|
||||||
| dagu | ghcr.io/dagu-org/dagu:alpine |
|
|
||||||
| dawarich-app | freikin/dawarich:latest |
|
| dawarich-app | freikin/dawarich:latest |
|
||||||
| dawarich-pg-db | postgis/postgis:17-3.5-alpine |
|
| dawarich-pg-db | postgis/postgis:17-3.5-alpine |
|
||||||
| dawarich-sidekiq | freikin/dawarich:latest |
|
| dawarich-sidekiq | freikin/dawarich:latest |
|
||||||
| dawarich-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
|
| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
|
||||||
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
|
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
|
||||||
| dockflare | alplat/dockflare:stable |
|
| dockflare | alplat/dockflare:stable |
|
||||||
| duplicati | lscr.io/linuxserver/duplicati:latest |
|
| duplicati | lscr.io/linuxserver/duplicati:latest |
|
||||||
| easyappointments | alextselegidis/easyappointments:1.5.1 |
|
|
||||||
| excalidraw | excalidraw/excalidraw:latest |
|
| excalidraw | excalidraw/excalidraw:latest |
|
||||||
| explo | ghcr.io/lumepart/explo:latest |
|
| explo | ghcr.io/lumepart/explo:latest |
|
||||||
| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
|
| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
|
||||||
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
|
||||||
| garage | dxflrs/garage:v2.0.0 |
|
| freescout | tiredofit/freescout:latest |
|
||||||
| garage-webui | khairul169/garage-webui:latest |
|
|
||||||
| ghost | ghost:latest |
|
| ghost | ghost:latest |
|
||||||
| gitea | gitea/gitea:1.24.3 |
|
| gitea | gitea/gitea:1.24.0 |
|
||||||
| gitea-db | postgres:14 |
|
| gitea-db | postgres:14 |
|
||||||
| gitea-runner | gitea/act_runner:latest |
|
| gitea-runner | gitea/act_runner:latest |
|
||||||
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
|
||||||
@@ -60,13 +49,12 @@
|
|||||||
| graylog-datanode | graylog/graylog-datanode:6.1 |
|
| graylog-datanode | graylog/graylog-datanode:6.1 |
|
||||||
| guacamole | flcontainers/guacamole:latest |
|
| guacamole | flcontainers/guacamole:latest |
|
||||||
| homepage | ghcr.io/gethomepage/homepage:latest |
|
| homepage | ghcr.io/gethomepage/homepage:latest |
|
||||||
| hugo | hugomods/hugo:exts |
|
| hugo | hugomods/hugo:exts-0.145.0 |
|
||||||
| immich-server | ghcr.io/immich-app/immich-server:release |
|
| immich-server | ghcr.io/immich-app/immich-server:release |
|
||||||
| immich-machine-learning | ghcr.io/immich-app/immich-machine-learning:release |
|
| immich-machine-learning | ghcr.io/immich-app/immich-machine-learning:release |
|
||||||
| immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
|
| immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
|
||||||
| immich-public-proxy | alangrainger/immich-public-proxy:latest |
|
| immich-public-proxy | alangrainger/immich-public-proxy:latest |
|
||||||
| immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
|
| immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
|
||||||
| immich-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| influxdb2 | influxdb:2-alpine |
|
| influxdb2 | influxdb:2-alpine |
|
||||||
| invidious | quay.io/invidious/invidious:latest |
|
| invidious | quay.io/invidious/invidious:latest |
|
||||||
| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
|
| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
|
||||||
@@ -84,12 +72,10 @@
|
|||||||
| jitsi-web | jitsi/web:stable |
|
| jitsi-web | jitsi/web:stable |
|
||||||
| joplin-db | postgres:17-alpine |
|
| joplin-db | postgres:17-alpine |
|
||||||
| joplin | joplin/server:latest |
|
| joplin | joplin/server:latest |
|
||||||
| karakeep | ghcr.io/karakeep-app/karakeep:release |
|
|
||||||
| languagetool | elestio/languagetool:latest |
|
| languagetool | elestio/languagetool:latest |
|
||||||
| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
|
| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
|
||||||
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
|
|
||||||
| librechat-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| librechat-vectordb | ankane/pgvector:latest |
|
| librechat-vectordb | ankane/pgvector:latest |
|
||||||
|
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
|
||||||
| libretranslate | libretranslate/libretranslate |
|
| libretranslate | libretranslate/libretranslate |
|
||||||
| lidarr | lscr.io/linuxserver/lidarr:latest |
|
| lidarr | lscr.io/linuxserver/lidarr:latest |
|
||||||
| lidify | thewicklowwolf/lidify:latest |
|
| lidify | thewicklowwolf/lidify:latest |
|
||||||
@@ -98,23 +84,15 @@
|
|||||||
| loggifly | ghcr.io/clemcer/loggifly:latest |
|
| loggifly | ghcr.io/clemcer/loggifly:latest |
|
||||||
| maloja | krateng/maloja:latest |
|
| maloja | krateng/maloja:latest |
|
||||||
| manyfold | lscr.io/linuxserver/manyfold:latest |
|
| manyfold | lscr.io/linuxserver/manyfold:latest |
|
||||||
| manyfold-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| mariadb | linuxserver/mariadb |
|
| mariadb | linuxserver/mariadb |
|
||||||
| mastodon | lscr.io/linuxserver/mastodon:latest |
|
| mastodon | lscr.io/linuxserver/mastodon:latest |
|
||||||
| mastodon-pg-db | postgres:17-alpine |
|
| mastodon-pg-db | postgres:17-alpine |
|
||||||
| mastodon-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| maxun-backend | getmaxun/maxun-backend:latest |
|
| maxun-backend | getmaxun/maxun-backend:latest |
|
||||||
| maxun-frontend | getmaxun/maxun-frontend:latest |
|
| maxun-frontend | getmaxun/maxun-frontend:latest |
|
||||||
| maxun-pg-db | postgres:13-alpine |
|
| maxun-pg-db | postgres:13-alpine |
|
||||||
| maxun-valkey | docker.io/bitnami/valkey:latest |
|
| meilisearch | getmeili/meilisearch:v1.12.3 |
|
||||||
| meilisearch | getmeili/meilisearch:v1.15 |
|
|
||||||
| meme-search-pro | ghcr.io/neonwatty/meme_search_pro:latest |
|
|
||||||
| meme-search-pro-img2txt-gen | ghcr.io/neonwatty/image_to_text_generator:latest |
|
|
||||||
| meme-search-db | pgvector/pgvector:pg17 |
|
|
||||||
| mini-qr | ghcr.io/lyqht/mini-qr:latest |
|
|
||||||
| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
|
| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
|
||||||
| mixpost | inovector/mixpost:latest |
|
| mixpost | inovector/mixpost:latest |
|
||||||
| mixpost-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| mongodb | bitnami/mongodb:7.0 |
|
| mongodb | bitnami/mongodb:7.0 |
|
||||||
| multi-scrobbler | foxxmd/multi-scrobbler |
|
| multi-scrobbler | foxxmd/multi-scrobbler |
|
||||||
| n8n | docker.n8n.io/n8nio/n8n |
|
| n8n | docker.n8n.io/n8nio/n8n |
|
||||||
@@ -123,29 +101,13 @@
|
|||||||
| nextcloud | nextcloud/all-in-one:latest |
|
| nextcloud | nextcloud/all-in-one:latest |
|
||||||
| ollama | ollama/ollama |
|
| ollama | ollama/ollama |
|
||||||
| ombi | lscr.io/linuxserver/ombi:latest |
|
| ombi | lscr.io/linuxserver/ombi:latest |
|
||||||
| omnitools | iib0011/omni-tools:latest |
|
| omni-tools | iib0011/omni-tools:latest |
|
||||||
| omnipoly | kweg/omnipoly:latest |
|
| omnipoly | kweg/omnipoly:latest |
|
||||||
| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
|
| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
|
||||||
| paperless-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| patchman-server | ghcr.io/tigattack/patchman |
|
|
||||||
| patchman-worker | ghcr.io/tigattack/patchman |
|
|
||||||
| patchman-memcached | memcached:1.6-alpine |
|
|
||||||
| patchman-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| penpot-frontend | penpotapp/frontend:latest |
|
|
||||||
| penpot-backend | penpotapp/backend:latest |
|
|
||||||
| penpot-exporter | penpotapp/exporter:latest |
|
|
||||||
| penpot-pg-db | postgres:15-alpine |
|
|
||||||
| penpot-redis | redis:7.2 |
|
|
||||||
| pgbackweb | eduardolat/pgbackweb:latest |
|
| pgbackweb | eduardolat/pgbackweb:latest |
|
||||||
| pgbackweb-db | postgres:16-alpine |
|
| pgbackweb-db | postgres:16-alpine |
|
||||||
| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
|
|
||||||
| planka-pg-db | postgres:16-alpine |
|
|
||||||
| plant-it | msdeluise/plant-it-server:latest |
|
|
||||||
| plant-it-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| plantuml-server | plantuml/plantuml-server:jetty |
|
| plantuml-server | plantuml/plantuml-server:jetty |
|
||||||
| portainer | portainer/portainer-ce:alpine |
|
| portainer | portainer/portainer-ce:alpine |
|
||||||
| portchecker-web | ghcr.io/dsgnr/portcheckerio-web:latest |
|
|
||||||
| portchecker-api | ghcr.io/dsgnr/portcheckerio-api:latest |
|
|
||||||
| portnote-web | haedlessdev/portnote:latest |
|
| portnote-web | haedlessdev/portnote:latest |
|
||||||
| portnote-agent | haedlessdev/portnote-agent:latest |
|
| portnote-agent | haedlessdev/portnote-agent:latest |
|
||||||
| portnote-pg-db | postgres:17-alpine |
|
| portnote-pg-db | postgres:17-alpine |
|
||||||
@@ -153,65 +115,46 @@
|
|||||||
| postal-web | ghcr.io/postalserver/postal:latest |
|
| postal-web | ghcr.io/postalserver/postal:latest |
|
||||||
| postal-worker | ghcr.io/postalserver/postal:latest |
|
| postal-worker | ghcr.io/postalserver/postal:latest |
|
||||||
| prowlarr | lscr.io/linuxserver/prowlarr:latest |
|
| prowlarr | lscr.io/linuxserver/prowlarr:latest |
|
||||||
| qbit-manage | ghcr.io/stuffanthings/qbit_manage:latest |
|
|
||||||
| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
|
| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
|
||||||
| radarec | thewicklowwolf/radarec:latest |
|
| radarec | thewicklowwolf/radarec:latest |
|
||||||
| radarr | lscr.io/linuxserver/radarr:latest |
|
| radarr | lscr.io/linuxserver/radarr:latest |
|
||||||
| reactive-resume | amruthpillai/reactive-resume:latest |
|
| reactive-resume | amruthpillai/reactive-resume:latest |
|
||||||
| reactive-resume-pg | postgres:16-alpine |
|
| reactive-resume-pg | postgres:16-alpine |
|
||||||
| readarr | lscr.io/linuxserver/readarr:develop |
|
| readarr | lscr.io/linuxserver/readarr:develop |
|
||||||
|
| redis | redis:alpine |
|
||||||
| redlib | quay.io/redlib/redlib:latest |
|
| redlib | quay.io/redlib/redlib:latest |
|
||||||
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
|
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
|
||||||
| romm | rommapp/romm:latest |
|
| romm | rommapp/romm:latest |
|
||||||
| romm-valkey | docker.io/bitnami/valkey:latest |
|
|
||||||
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
|
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
|
||||||
| sablier | sablierapp/sablier:latest |
|
| sablier | sablierapp/sablier:latest |
|
||||||
| scraparr | ghcr.io/thecfu/scraparr:latest |
|
|
||||||
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
|
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
|
||||||
| searxng | searxng/searxng:latest |
|
| searxng | searxng/searxng:latest |
|
||||||
| searxng-valkey | docker.io/bitnami/valkey:latest |
|
| semaphore | semaphoreui/semaphore:v2.12.14 |
|
||||||
| semaphore-ui | semaphoreui/semaphore:v2.12.14 |
|
|
||||||
| signoz-app | signoz/signoz:v0.91.0 |
|
|
||||||
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
|
||||||
| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
||||||
| signoz-logspout | pavanputhra/logspout-signoz |
|
|
||||||
| signoz-otel-collector | signoz/signoz-otel-collector:v0.128.2 |
|
|
||||||
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.128.2 |
|
|
||||||
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.128.2 |
|
|
||||||
| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
|
| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
|
||||||
|
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
||||||
|
| signoz-app | signoz/signoz:v0.86.2 |
|
||||||
|
| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
|
||||||
|
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
|
||||||
|
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
|
||||||
| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
|
| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
|
||||||
| sonarqube-pg-db | postgres:17-alpine |
|
| sonarqube-pg-db | postgres:17-alpine |
|
||||||
| sonarr | lscr.io/linuxserver/sonarr:latest |
|
| sonarr | lscr.io/linuxserver/sonarr:latest |
|
||||||
| sonashow | thewicklowwolf/sonashow:latest |
|
| sonashow | thewicklowwolf/sonashow:latest |
|
||||||
| soularr | mrusse08/soularr:latest |
|
|
||||||
| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
|
|
||||||
| soulseek | slskd/slskd |
|
|
||||||
| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
|
| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
|
||||||
| stable-diffusion-download | git./trez.one/stable-diffusion-download:v9.0.0 |
|
| stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
|
||||||
| stable-diffusion-webui | git./trez.one/stable-diffusion-ui:v9.0.1 |
|
| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
|
||||||
| stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
|
| stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
|
||||||
| swag | lscr.io/linuxserver/swag:latest |
|
| swag | lscr.io/linuxserver/swag:latest |
|
||||||
| tandoor | vabene1111/recipes |
|
| tandoor | vabene1111/recipes |
|
||||||
| tandoor-pg | postgres:16-alpine |
|
| tandoor-pg | postgres:16-alpine |
|
||||||
| umami | ghcr.io/umami-software/umami:postgresql-latest |
|
|
||||||
| umami-pg-db | postgres:15-alpine |
|
|
||||||
| unmanic | josh5/unmanic:latest |
|
| unmanic | josh5/unmanic:latest |
|
||||||
| uptimekuma | louislam/uptime-kuma:latest |
|
| uptimekuma | louislam/uptime-kuma:latest |
|
||||||
| vault | hashicorp/vault:latest |
|
| vault | hashicorp/vault:latest |
|
||||||
|
| wallabag | wallabag/wallabag |
|
||||||
| wallos | bellamy/wallos:latest |
|
| wallos | bellamy/wallos:latest |
|
||||||
| watchtower | ghcr.io/containrrr/watchtower:latest |
|
| watchtower | ghcr.io/containrrr/watchtower:latest |
|
||||||
| web-check | lissy93/web-check |
|
| web-check | lissy93/web-check |
|
||||||
| whodb | clidey/whodb |
|
| whodb | clidey/whodb |
|
||||||
| wizarr | ghcr.io/wizarrrr/wizarr |
|
|
||||||
| youtubedl | nbr23/youtube-dl-server:latest |
|
| youtubedl | nbr23/youtube-dl-server:latest |
|
||||||
| zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-elasticsearch | elasticsearch:8.18.0 |
|
|
||||||
| zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-memcached | memcached:1.6.38-alpine |
|
|
||||||
| zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-postgresql | postgres:17.5-alpine |
|
|
||||||
| zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-redis | redis:7.4.2-alpine |
|
|
||||||
| zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
| zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
|
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,45 @@
|
|||||||
|
# Rinoa Docker_configs Ansible Project
|
||||||
|
|
||||||
|
## Included content/ Directory Structure
|
||||||
|
|
||||||
|
The directory structure follows best practices recommended by the Ansible community. Feel free to customize this template according to your specific project requirements.
|
||||||
|
|
||||||
|
```
|
||||||
|
ansible-project/
|
||||||
|
|── .devcontainer/
|
||||||
|
| └── docker/
|
||||||
|
| └── devcontainer.json
|
||||||
|
| └── podman/
|
||||||
|
| └── devcontainer.json
|
||||||
|
| └── devcontainer.json
|
||||||
|
|── .github/
|
||||||
|
| └── workflows/
|
||||||
|
| └── tests.yml
|
||||||
|
| └── ansible-code-bot.yml
|
||||||
|
|── .vscode/
|
||||||
|
| └── extensions.json
|
||||||
|
|── collections/
|
||||||
|
| └── requirements.yml
|
||||||
|
| └── ansible_collections/
|
||||||
|
| └── project_org/
|
||||||
|
| └── project_repo/
|
||||||
|
| └── README.md
|
||||||
|
| └── roles/sample_role/
|
||||||
|
| └── README.md
|
||||||
|
| └── tasks/main.yml
|
||||||
|
|── inventory/
|
||||||
|
| └── groups_vars/
|
||||||
|
| └── host_vars/
|
||||||
|
| └── hosts.yml
|
||||||
|
|── ansible-navigator.yml
|
||||||
|
|── ansible.cfg
|
||||||
|
|── devfile.yaml
|
||||||
|
|── linux_playbook.yml
|
||||||
|
|── network_playbook.yml
|
||||||
|
|── README.md
|
||||||
|
|── site.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
## Compatible with Ansible-lint
|
||||||
|
|
||||||
|
Tested with ansible-lint >=24.2.0 releases and the current development version of ansible-core.
|
||||||
@@ -1,337 +0,0 @@
|
|||||||
settings:
|
|
||||||
log:
|
|
||||||
level: INFO
|
|
||||||
timestamps: true
|
|
||||||
data:
|
|
||||||
database_file: data/argus.db
|
|
||||||
web:
|
|
||||||
listen_host: 0.0.0.0
|
|
||||||
listen_port: 8080
|
|
||||||
route_prefix: /
|
|
||||||
basic_auth:
|
|
||||||
username: 'admin'
|
|
||||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}"
|
|
||||||
disabled_routes: []
|
|
||||||
favicon:
|
|
||||||
png: ''
|
|
||||||
svg: ''
|
|
||||||
notify:
|
|
||||||
rinoa-gotify:
|
|
||||||
type: gotify
|
|
||||||
url_fields:
|
|
||||||
Host: gotify
|
|
||||||
Token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}
|
|
||||||
params:
|
|
||||||
Title: Argus @ Rinoa
|
|
||||||
service:
|
|
||||||
AdguardTeam/AdGuardHome:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: AdguardTeam/AdGuardHome
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://adguard.trez.wtf/control/status"
|
|
||||||
basic_auth:
|
|
||||||
username: admin
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_PASSWORD'] }}
|
|
||||||
json: version
|
|
||||||
regex: v([0-9.]+)
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/AdguardTeam/AdGuardHome/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://avatars.githubusercontent.com/u/8361145?s=200&v=4"
|
|
||||||
advplyr/audiobookshelf:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: advplyr/audiobookshelf
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
method: GET
|
|
||||||
url: "https://abs.trez.wtf/status"
|
|
||||||
json: serverVersion
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/advplyr/audiobookshelf/master/client/static/icon.svg"
|
|
||||||
web_url: "https://github.com/advplyr/audiobookshelf/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
dani-garcia/vaultwarden:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: dani-garcia/vaultwarden
|
|
||||||
deployed_version:
|
|
||||||
url: "https://bitwarden.trez.wtf/api/version"
|
|
||||||
regex: ([0-9.]+)
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/dani-garcia/vaultwarden/releases/{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png"
|
|
||||||
ellite/Wallos:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: ellite/Wallos
|
|
||||||
deployed_version:
|
|
||||||
method: GET
|
|
||||||
url: http://wallos.com/api/status/version.php?api_key=xxx
|
|
||||||
json: version_number
|
|
||||||
dashboard:
|
|
||||||
icon: "https://github.com/ellite/Wallos/raw/main/images/siteicons/wallos.png"
|
|
||||||
web_url: "https://github.com/ellite/Wallos/releases"
|
|
||||||
FlareSolverr/FlareSolverr:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: FlareSolverr/FlareSolverr
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
method: GET
|
|
||||||
url: "https://flaresolverr.trez.wtf"
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.png"
|
|
||||||
web_url: "https://github.com/FlareSolverr/FlareSolverr/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
go-gitea/gitea:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: go-gitea/gitea
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
require:
|
|
||||||
regex_content: gitea-{% raw %}{{ version }}{% endraw %}-linux-amd64
|
|
||||||
regex_version: ^[0-9.]+[0-9]$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://git.trez.wtf"
|
|
||||||
regex: 'Powered by Gitea\s+Version:\s+([0-9.]+) '
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/go-gitea/gitea/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/logo.png"
|
|
||||||
gohugoio/hugo:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: gohugoio/hugo
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
require:
|
|
||||||
regex_content: hugo_{% raw %}{{ version }}{% endraw %}_Linux-64bit\.deb
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/gohugoio/hugo/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/gohugoio/hugo/master/docs/static/img/hugo.png"
|
|
||||||
gotify/server:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: gotify/server
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://gotify.trez.wtf/version"
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/gotify/server/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://github.com/gotify/logo/raw/master/gotify-logo.png"
|
|
||||||
hashicorp/vault:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: hashicorp/vault
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://vault.trez.wtf/v1/sys/health"
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/hashicorp/vault/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/hashicorp/vault/main/ui/public/vault-logo.svg"
|
|
||||||
immich-app/immich:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: immich-app/immich
|
|
||||||
deployed_version:
|
|
||||||
url: "https://pics.trez.wtf/api/server/about"
|
|
||||||
json: version
|
|
||||||
regex: ^v([0-9.]+)$
|
|
||||||
headers:
|
|
||||||
- key: x-api-key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IMMICH_POWER_TOOLS_KEY'] }}
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/immich-app/immich/main/web/static/immich-logo.svg"
|
|
||||||
web_url: "https://github.com/immich-app/immich/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
influxdata/influxdb:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: influxdata/influxdb
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://influxdb.trez.wtf/health"
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/influxdata/influxdb/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://github.com/influxdata/ui/raw/master/src/writeData/graphics/influxdb.svg"
|
|
||||||
jellyfin/jellyfin:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: jellyfin/jellyfin
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://jellyfin.trez.wtf/System/Info/Public"
|
|
||||||
json: Version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/jellyfin/jellyfin/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://avatars.githubusercontent.com/u/45698031?s=200&v=4"
|
|
||||||
Lidarr/Lidarr:
|
|
||||||
options:
|
|
||||||
semantic_versioning: false
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: Lidarr/Lidarr
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
method: GET
|
|
||||||
url: "https://lidarr.trez.wtf/api/v1/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-Api-Key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/Lidarr/Lidarr/develop/Logo/1024.png"
|
|
||||||
web_url: "https://github.com/Lidarr/Lidarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
louislam/uptime-kuma:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: louislam/uptime-kuma
|
|
||||||
deployed_version:
|
|
||||||
url: "https://status.trez.wtf/metrics"
|
|
||||||
regex: app_version{version=\"([0-9.]+)\",major=\"[0-9]+\",minor=\"[0-9]+\",patch=\"[0-9]+\"}
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/louislam/uptime-kuma/releases/{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png"
|
|
||||||
morpheus65535/bazarr:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: morpheus65535/bazarr
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://bazarr.trez.wtf/api/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-API-KEY
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['BAZARR_API_KEY'] }}
|
|
||||||
json: data.bazarr_version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/morpheus65535/bazarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://raw.githubusercontent.com/morpheus65535/bazarr/master/frontend/public/images/logo128.png"
|
|
||||||
n8n-io/n8n:
|
|
||||||
latest_version:
|
|
||||||
type: url
|
|
||||||
url: "https://github.com/n8n-io/n8n/tags"
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: n8n\%40([0-9.]+)
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/n8n-io/n8n/blob/master/CHANGELOG.md"
|
|
||||||
icon: "https://raw.githubusercontent.com/n8n-io/n8n-docs/main/docs/_images/n8n-docs-icon.svg"
|
|
||||||
nextcloud/server:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: nextcloud/server
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://cloud.trez.wtf/status.php"
|
|
||||||
json: versionstring
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://nextcloud.com/changelog/"
|
|
||||||
icon: "https://github.com/nextcloud/server/raw/master/core/img/favicon.png"
|
|
||||||
Prowlarr/Prowlarr:
|
|
||||||
options:
|
|
||||||
semantic_versioning: false
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: Prowlarr/Prowlarr
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
use_prerelease: true
|
|
||||||
deployed_version:
|
|
||||||
url: "https://prowlarr.trez.wtf/api/v1/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-Api-Key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/Prowlarr/Prowlarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://avatars.githubusercontent.com/u/73049443?s=200&v=4"
|
|
||||||
Radarr/Radarr:
|
|
||||||
options:
|
|
||||||
semantic_versioning: false
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: Radarr/Radarr
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
url: "https://radarr.trez.wtf/api/v3/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-Api-Key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://github.com/Radarr/Radarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
icon: "https://avatars.githubusercontent.com/u/25025331?s=200&v=4"
|
|
||||||
Readarr/Readarr:
|
|
||||||
options:
|
|
||||||
semantic_versioning: false
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: Readarr/Readarr
|
|
||||||
use_prerelease: true
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: v([0-9.]+)$
|
|
||||||
deployed_version:
|
|
||||||
method: GET
|
|
||||||
url: "https://readarr.trez.wtf/api/v1/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-Api-Key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/Readarr/Readarr/develop/Logo/1024.png"
|
|
||||||
web_url: "https://github.com/Readarr/Readarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
|
||||||
Sonarr/Sonarr:
|
|
||||||
options:
|
|
||||||
semantic_versioning: false
|
|
||||||
latest_version:
|
|
||||||
type: url
|
|
||||||
url: "https://github.com/Sonarr/Sonarr/tags"
|
|
||||||
url_commands:
|
|
||||||
- type: regex
|
|
||||||
regex: \/releases\/tag\/v?([0-9.]+)\"
|
|
||||||
deployed_version:
|
|
||||||
url: "https://sonarr.trez.wtf/api/v3/system/status"
|
|
||||||
headers:
|
|
||||||
- key: X-Api-Key
|
|
||||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}
|
|
||||||
json: version
|
|
||||||
dashboard:
|
|
||||||
web_url: "https://sonarr.trez.wtf/system/updates"
|
|
||||||
icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
|
|
||||||
release-argus/argus:
|
|
||||||
latest_version:
|
|
||||||
type: github
|
|
||||||
url: release-argus/argus
|
|
||||||
dashboard:
|
|
||||||
icon: "https://raw.githubusercontent.com/release-argus/Argus/master/web/ui/react-app/public/favicon.svg"
|
|
||||||
icon_link-to: "https://release-argus.io"
|
|
||||||
web_url: "https://github.com/release-argus/Argus/blob/master/CHANGELOG.md"
|
|
||||||
+1
-10
@@ -102,14 +102,6 @@ access_control:
|
|||||||
policy: one_factor
|
policy: one_factor
|
||||||
subject:
|
subject:
|
||||||
- ['user:the.trezured.one']
|
- ['user:the.trezured.one']
|
||||||
- domain: wizarr.trez.wtf
|
|
||||||
resources:
|
|
||||||
- '^/join(/.*)?$'
|
|
||||||
- '^/j(/.*)?$'
|
|
||||||
- '^/static(/.*)?$'
|
|
||||||
- '^/setup(/.*)?$'
|
|
||||||
- '^/wizard(/.*)?$'
|
|
||||||
policy: bypass
|
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
||||||
@@ -120,9 +112,8 @@ session:
|
|||||||
- domain: 'trez.wtf'
|
- domain: 'trez.wtf'
|
||||||
authelia_url: 'https://auth.trez.wtf'
|
authelia_url: 'https://auth.trez.wtf'
|
||||||
redis:
|
redis:
|
||||||
host: authelia-valkey
|
host: redis
|
||||||
port: 6379
|
port: 6379
|
||||||
database_index: 0
|
|
||||||
storage:
|
storage:
|
||||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
||||||
postgres:
|
postgres:
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
source: journalctl
|
|
||||||
journalctl_filter:
|
|
||||||
- "--directory=/var/log/host/"
|
|
||||||
labels:
|
|
||||||
type: syslog
|
|
||||||
---
|
|
||||||
filenames:
|
|
||||||
- /var/log/swag/*
|
|
||||||
labels:
|
|
||||||
type: nginx
|
|
||||||
---
|
|
||||||
filenames:
|
|
||||||
- /var/log/auth/auth.log
|
|
||||||
labels:
|
|
||||||
type: syslog
|
|
||||||
---
|
|
||||||
filenames:
|
|
||||||
- /var/lib/mysql/log/mysql/*
|
|
||||||
- /var/lib/mysql/databases/*.err
|
|
||||||
- /var/lib/mysql/databases/*.log
|
|
||||||
labels:
|
|
||||||
type: mariadb
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- adguard
|
|
||||||
labels:
|
|
||||||
type: adguardhome
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- mongodb
|
|
||||||
labels:
|
|
||||||
type: mongodb
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- immich-server
|
|
||||||
labels:
|
|
||||||
type: immich
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- uptimekuma
|
|
||||||
labels:
|
|
||||||
type: uptime-kuma
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- jellyfin
|
|
||||||
labels:
|
|
||||||
type: jellyfin
|
|
||||||
---
|
|
||||||
source: docker
|
|
||||||
container_name:
|
|
||||||
- navidrome
|
|
||||||
labels:
|
|
||||||
type: navidrome
|
|
||||||
---
|
|
||||||
filenames:
|
|
||||||
- /var/log/audiobookshelf/*.txt
|
|
||||||
labels:
|
|
||||||
type: audiobookshelf
|
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
|
||||||
|
source: journalctl
|
||||||
|
journalctl_filter:
|
||||||
|
- "--directory=/var/log/host/"
|
||||||
|
labels:
|
||||||
|
type: syslog
|
||||||
|
---
|
||||||
|
filenames:
|
||||||
|
- /var/log/swag/*
|
||||||
|
labels:
|
||||||
|
type: nginx
|
||||||
|
---
|
||||||
-2
@@ -1,5 +1,3 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
common:
|
common:
|
||||||
daemonize: false
|
daemonize: false
|
||||||
log_media: stdout
|
log_media: stdout
|
||||||
@@ -1,25 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
EXPLO_SYSTEM: subsonic
|
|
||||||
SYSTEM_URL: http://navidrome:4533
|
|
||||||
SYSTEM_USERNAME: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_USERNAME'] }}
|
|
||||||
SYSTEM_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}
|
|
||||||
DOWNLOAD_DIR: /downloads
|
|
||||||
PLAYLIST_DIR: /playlists
|
|
||||||
LISTENBRAINZ_USER: Trez.One
|
|
||||||
YOUTUBE_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUTUBE_DATA_API_V3_KEY'] }}
|
|
||||||
# Assign a custom path to yt-dlp
|
|
||||||
# YTDLP_PATH=
|
|
||||||
# Keywords to ignore on videos downloaded by youtube (separated by only commas)
|
|
||||||
FILTER_LIST: live,remix,instrumental,extended
|
|
||||||
# Define a custom filename sepatator for special characters
|
|
||||||
# FILENAME_SEPARATOR=
|
|
||||||
# true to keep pervious weeks discoveries, only set to false if the parent folder only contains discovered songs (deletes every file in folder)
|
|
||||||
PERSIST: true
|
|
||||||
# 'playlist' to get tracks from Weekly Exploration playlist, anything else gets it from API (not the best recommendations). 'test' will download 1 song
|
|
||||||
LISTENBRAINZ_DISCOVERY: playlist
|
|
||||||
# Time to sleep (in minutes) between scanning and querying tracks from your system (If using Subsonic, Jellyfin)
|
|
||||||
SLEEP: 5
|
|
||||||
# Whether to provide additional info for debugging
|
|
||||||
DEBUG: true
|
|
||||||
SINGLE_ARTIST: true
|
|
||||||
@@ -1,26 +0,0 @@
|
|||||||
metadata_dir = "/var/lib/garage/meta"
|
|
||||||
data_dir = "/var/lib/garage/data"
|
|
||||||
db_engine = "lmdb"
|
|
||||||
metadata_auto_snapshot_interval = "6h"
|
|
||||||
|
|
||||||
replication_factor = 1
|
|
||||||
|
|
||||||
compression_level = 10
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_public_addr = "localhost:3901"
|
|
||||||
rpc_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GARAGE_RPC_SECRET'] }}"
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
s3_region = "us-east-fh-pln"
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
root_domain = ".s3.trez.wtf"
|
|
||||||
|
|
||||||
[s3_web]
|
|
||||||
bind_addr = "[::]:3902"
|
|
||||||
root_domain = ".garage.trez.wtf"
|
|
||||||
|
|
||||||
[admin]
|
|
||||||
api_bind_addr = "[::]:3903"
|
|
||||||
admin_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GARAGE_ADMIN_TOKEN'] }}"
|
|
||||||
metrics_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GARAGE_METRICS_TOKEN'] }}"
|
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
ui = true
|
|
||||||
disable_clustering = true
|
|
||||||
log_level = "debug"
|
|
||||||
api_addr = "http://127.0.0.1:8200"
|
|
||||||
// storage "raft" {
|
|
||||||
// path = "/path/to/raft/data"
|
|
||||||
// node_id = "raft_node_id"
|
|
||||||
// }
|
|
||||||
|
|
||||||
storage "s3" {
|
|
||||||
endpoint = "minio:9000"
|
|
||||||
bucket = "secrets-vault"
|
|
||||||
region = "us-east-fh-pln"
|
|
||||||
s3_force_path_style = "true"
|
|
||||||
disable_ssl = "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
listener "tcp" {
|
|
||||||
address = "0.0.0.0:8200"
|
|
||||||
proxy_protocol_behavior = "use_always"
|
|
||||||
tls_disable = 1
|
|
||||||
}
|
|
||||||
+6
-9
@@ -23,10 +23,10 @@ provider: duckduckgo
|
|||||||
layout:
|
layout:
|
||||||
System Administration:
|
System Administration:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 4
|
||||||
Infrastructure/App Performance Monitoring:
|
Infrastructure/App Performance Monitoring:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 3
|
||||||
Code/DevOps:
|
Code/DevOps:
|
||||||
style: row
|
style: row
|
||||||
columns: 3
|
columns: 3
|
||||||
@@ -35,25 +35,22 @@ layout:
|
|||||||
columns: 4
|
columns: 4
|
||||||
Lifestyle:
|
Lifestyle:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 3
|
||||||
Automation:
|
Automation:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 5
|
||||||
Privacy/Security:
|
Privacy/Security:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 5
|
||||||
Personal Tools:
|
Personal/Professional Services:
|
||||||
style: row
|
|
||||||
columns: 4
|
|
||||||
Professional Services:
|
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 5
|
||||||
Servarr Stack:
|
Servarr Stack:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 3
|
||||||
Downloaders:
|
Downloaders:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 2
|
||||||
Media Library:
|
Media Library:
|
||||||
style: row
|
style: row
|
||||||
columns: 3
|
columns: 3
|
||||||
@@ -0,0 +1,550 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
#=====================================================================#
|
||||||
|
# LibreChat Configuration #
|
||||||
|
#=====================================================================#
|
||||||
|
# Please refer to the reference documentation for assistance #
|
||||||
|
# with configuring your LibreChat environment. #
|
||||||
|
# #
|
||||||
|
# https://www.librechat.ai/docs/configuration/dotenv #
|
||||||
|
#=====================================================================#
|
||||||
|
|
||||||
|
#==================================================#
|
||||||
|
# Server Configuration #
|
||||||
|
#==================================================#
|
||||||
|
|
||||||
|
HOST=localhost
|
||||||
|
PORT=3080
|
||||||
|
|
||||||
|
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
|
||||||
|
|
||||||
|
DOMAIN_CLIENT=https://ai.trez.wtf
|
||||||
|
DOMAIN_SERVER=https://ai.trez.wtf
|
||||||
|
|
||||||
|
NO_INDEX=true
|
||||||
|
# Use the address that is at most n number of hops away from the Express application.
|
||||||
|
# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
|
||||||
|
# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
|
||||||
|
# Defaulted to 1.
|
||||||
|
TRUST_PROXY=1
|
||||||
|
|
||||||
|
#===============#
|
||||||
|
# JSON Logging #
|
||||||
|
#===============#
|
||||||
|
|
||||||
|
# Use when process console logs in cloud deployment like GCP/AWS
|
||||||
|
CONSOLE_JSON=true
|
||||||
|
|
||||||
|
#===============#
|
||||||
|
# Debug Logging #
|
||||||
|
#===============#
|
||||||
|
|
||||||
|
DEBUG_LOGGING=true
|
||||||
|
DEBUG_CONSOLE=false
|
||||||
|
|
||||||
|
#=============#
|
||||||
|
# Permissions #
|
||||||
|
#=============#
|
||||||
|
|
||||||
|
# UID=1000
|
||||||
|
# GID=1000
|
||||||
|
|
||||||
|
#===============#
|
||||||
|
# Configuration #
|
||||||
|
#===============#
|
||||||
|
# Use an absolute path, a relative path, or a URL
|
||||||
|
|
||||||
|
# CONFIG_PATH="/alternative/path/to/librechat.yaml"
|
||||||
|
|
||||||
|
#===================================================#
|
||||||
|
# Endpoints #
|
||||||
|
#===================================================#
|
||||||
|
|
||||||
|
# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
|
||||||
|
|
||||||
|
PROXY=
|
||||||
|
|
||||||
|
#===================================#
|
||||||
|
# Known Endpoints - librechat.yaml #
|
||||||
|
#===================================#
|
||||||
|
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
|
||||||
|
|
||||||
|
# ANYSCALE_API_KEY=
|
||||||
|
# APIPIE_API_KEY=
|
||||||
|
# COHERE_API_KEY=
|
||||||
|
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
|
||||||
|
# DATABRICKS_API_KEY=
|
||||||
|
# FIREWORKS_API_KEY=
|
||||||
|
# GROQ_API_KEY=
|
||||||
|
# HUGGINGFACE_TOKEN=
|
||||||
|
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
|
||||||
|
# OPENROUTER_KEY=
|
||||||
|
# PERPLEXITY_API_KEY=
|
||||||
|
# SHUTTLEAI_API_KEY=
|
||||||
|
# TOGETHERAI_API_KEY=
|
||||||
|
# UNIFY_API_KEY=
|
||||||
|
# XAI_API_KEY=
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# Anthropic #
|
||||||
|
#============#
|
||||||
|
|
||||||
|
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
|
||||||
|
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
|
||||||
|
# ANTHROPIC_REVERSE_PROXY=
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# Azure #
|
||||||
|
#============#
|
||||||
|
|
||||||
|
# Note: these variables are DEPRECATED
|
||||||
|
# Use the `librechat.yaml` configuration for `azureOpenAI` instead
|
||||||
|
# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
|
||||||
|
|
||||||
|
# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
|
||||||
|
# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
|
||||||
|
# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
|
||||||
|
# AZURE_API_KEY= # Deprecated
|
||||||
|
# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
|
||||||
|
# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
|
||||||
|
# AZURE_OPENAI_API_VERSION= # Deprecated
|
||||||
|
# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
|
||||||
|
# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
|
||||||
|
# PLUGINS_USE_AZURE="true" # Deprecated
|
||||||
|
|
||||||
|
#=================#
|
||||||
|
# AWS Bedrock #
|
||||||
|
#=================#
|
||||||
|
|
||||||
|
# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
|
||||||
|
# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
|
||||||
|
# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
|
||||||
|
# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
|
||||||
|
|
||||||
|
# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
|
||||||
|
# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
|
||||||
|
|
||||||
|
# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
|
||||||
|
|
||||||
|
# Notes on specific models:
|
||||||
|
# The following models are not support due to not supporting streaming:
|
||||||
|
# ai21.j2-mid-v1
|
||||||
|
|
||||||
|
# The following models are not support due to not supporting conversation history:
|
||||||
|
# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# Google #
|
||||||
|
#============#
|
||||||
|
|
||||||
|
{# GOOGLE_KEY=user_provided #}
|
||||||
|
|
||||||
|
# GOOGLE_REVERSE_PROXY=
|
||||||
|
# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
|
||||||
|
# GOOGLE_AUTH_HEADER=true
|
||||||
|
|
||||||
|
# Gemini API (AI Studio)
|
||||||
|
# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
|
||||||
|
|
||||||
|
# Vertex AI
|
||||||
|
# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
|
||||||
|
|
||||||
|
# GOOGLE_TITLE_MODEL=gemini-pro
|
||||||
|
|
||||||
|
# GOOGLE_LOC=us-central1
|
||||||
|
|
||||||
|
# Google Safety Settings
|
||||||
|
# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
|
||||||
|
#
|
||||||
|
# For Vertex AI:
|
||||||
|
# To use the BLOCK_NONE setting, you need either:
|
||||||
|
# (a) Access through an allowlist via your Google account team, or
|
||||||
|
# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
|
||||||
|
#
|
||||||
|
# For Gemini API (AI Studio):
|
||||||
|
# BLOCK_NONE is available by default, no special account requirements.
|
||||||
|
#
|
||||||
|
# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
|
||||||
|
#
|
||||||
|
# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
|
||||||
|
# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
|
||||||
|
# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
|
||||||
|
# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
|
||||||
|
# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# OpenAI #
|
||||||
|
#============#
|
||||||
|
|
||||||
|
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
|
||||||
|
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
|
||||||
|
|
||||||
|
DEBUG_OPENAI=false
|
||||||
|
|
||||||
|
# TITLE_CONVO=false
|
||||||
|
# OPENAI_TITLE_MODEL=gpt-4o-mini
|
||||||
|
|
||||||
|
# OPENAI_SUMMARIZE=true
|
||||||
|
# OPENAI_SUMMARY_MODEL=gpt-4o-mini
|
||||||
|
|
||||||
|
# OPENAI_FORCE_PROMPT=true
|
||||||
|
|
||||||
|
# OPENAI_REVERSE_PROXY=
|
||||||
|
|
||||||
|
# OPENAI_ORGANIZATION=
|
||||||
|
|
||||||
|
#====================#
|
||||||
|
# Assistants API #
|
||||||
|
#====================#
|
||||||
|
|
||||||
|
# ASSISTANTS_API_KEY=user_provided
|
||||||
|
# ASSISTANTS_BASE_URL=
|
||||||
|
# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
|
||||||
|
|
||||||
|
#==========================#
|
||||||
|
# Azure Assistants API #
|
||||||
|
#==========================#
|
||||||
|
|
||||||
|
# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
|
||||||
|
# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
|
||||||
|
|
||||||
|
# More info, including how to enable use of Assistants with Azure here:
|
||||||
|
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# OpenRouter #
|
||||||
|
#============#
|
||||||
|
# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
|
||||||
|
# OPENROUTER_API_KEY=
|
||||||
|
|
||||||
|
#============#
|
||||||
|
# Plugins #
|
||||||
|
#============#
|
||||||
|
|
||||||
|
# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
|
||||||
|
|
||||||
|
# DEBUG_PLUGINS=
|
||||||
|
|
||||||
|
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
|
||||||
|
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
|
||||||
|
|
||||||
|
# Azure AI Search
|
||||||
|
#-----------------
|
||||||
|
# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
|
||||||
|
# AZURE_AI_SEARCH_INDEX_NAME=
|
||||||
|
# AZURE_AI_SEARCH_API_KEY=
|
||||||
|
|
||||||
|
# AZURE_AI_SEARCH_API_VERSION=
|
||||||
|
# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
|
||||||
|
# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
|
||||||
|
# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
|
||||||
|
|
||||||
|
# DALL·E
|
||||||
|
#----------------
|
||||||
|
# DALLE_API_KEY=
|
||||||
|
# DALLE3_API_KEY=
|
||||||
|
# DALLE2_API_KEY=
|
||||||
|
# DALLE3_SYSTEM_PROMPT=
|
||||||
|
# DALLE2_SYSTEM_PROMPT=
|
||||||
|
# DALLE_REVERSE_PROXY=
|
||||||
|
# DALLE3_BASEURL=
|
||||||
|
# DALLE2_BASEURL=
|
||||||
|
|
||||||
|
# DALL·E (via Azure OpenAI)
|
||||||
|
# Note: requires some of the variables above to be set
|
||||||
|
#----------------
|
||||||
|
# DALLE3_AZURE_API_VERSION=
|
||||||
|
# DALLE2_AZURE_API_VERSION=
|
||||||
|
|
||||||
|
|
||||||
|
# Google
|
||||||
|
#-----------------
|
||||||
|
GOOGLE_SEARCH_API_KEY=
|
||||||
|
GOOGLE_CSE_ID=
|
||||||
|
|
||||||
|
# YOUTUBE
|
||||||
|
#-----------------
|
||||||
|
YOUTUBE_API_KEY=
|
||||||
|
|
||||||
|
# SerpAPI
|
||||||
|
#-----------------
|
||||||
|
SERPAPI_API_KEY=
|
||||||
|
|
||||||
|
# Stable Diffusion
|
||||||
|
#-----------------
|
||||||
|
SD_WEBUI_URL=http://stable-diffusion-webui:7860
|
||||||
|
|
||||||
|
# Tavily
|
||||||
|
#-----------------
|
||||||
|
TAVILY_API_KEY=
|
||||||
|
|
||||||
|
# Traversaal
|
||||||
|
#-----------------
|
||||||
|
TRAVERSAAL_API_KEY=
|
||||||
|
|
||||||
|
# WolframAlpha
|
||||||
|
#-----------------
|
||||||
|
WOLFRAM_APP_ID=
|
||||||
|
|
||||||
|
# Zapier
|
||||||
|
#-----------------
|
||||||
|
ZAPIER_NLA_API_KEY=
|
||||||
|
|
||||||
|
#==================================================#
|
||||||
|
# Search #
|
||||||
|
#==================================================#
|
||||||
|
|
||||||
|
SEARCH=true
|
||||||
|
MEILI_NO_ANALYTICS=true
|
||||||
|
MEILI_HOST=http://meilisearch:7700
|
||||||
|
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
|
||||||
|
|
||||||
|
# Optional: Disable indexing, useful in a multi-node setup
|
||||||
|
# where only one instance should perform an index sync.
|
||||||
|
# MEILI_NO_SYNC=true
|
||||||
|
|
||||||
|
#==================================================#
|
||||||
|
# Speech to Text & Text to Speech #
|
||||||
|
#==================================================#
|
||||||
|
|
||||||
|
STT_API_KEY=
|
||||||
|
TTS_API_KEY=
|
||||||
|
|
||||||
|
#==================================================#
|
||||||
|
# RAG #
|
||||||
|
#==================================================#
|
||||||
|
# More info: https://www.librechat.ai/docs/configuration/rag_api
|
||||||
|
|
||||||
|
# RAG_OPENAI_BASEURL=
|
||||||
|
# RAG_OPENAI_API_KEY=
|
||||||
|
# RAG_USE_FULL_CONTEXT=
|
||||||
|
# EMBEDDINGS_PROVIDER=openai
|
||||||
|
# EMBEDDINGS_MODEL=text-embedding-3-small
|
||||||
|
|
||||||
|
#===================================================#
|
||||||
|
# User System #
|
||||||
|
#===================================================#
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Moderation #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
OPENAI_MODERATION=false
|
||||||
|
OPENAI_MODERATION_API_KEY=
|
||||||
|
# OPENAI_MODERATION_REVERSE_PROXY=
|
||||||
|
|
||||||
|
BAN_VIOLATIONS=true
|
||||||
|
BAN_DURATION=1000 * 60 * 60 * 2
|
||||||
|
BAN_INTERVAL=20
|
||||||
|
|
||||||
|
LOGIN_VIOLATION_SCORE=1
|
||||||
|
REGISTRATION_VIOLATION_SCORE=1
|
||||||
|
CONCURRENT_VIOLATION_SCORE=1
|
||||||
|
MESSAGE_VIOLATION_SCORE=1
|
||||||
|
NON_BROWSER_VIOLATION_SCORE=20
|
||||||
|
|
||||||
|
LOGIN_MAX=7
|
||||||
|
LOGIN_WINDOW=5
|
||||||
|
REGISTER_MAX=5
|
||||||
|
REGISTER_WINDOW=60
|
||||||
|
|
||||||
|
LIMIT_CONCURRENT_MESSAGES=true
|
||||||
|
CONCURRENT_MESSAGE_MAX=2
|
||||||
|
|
||||||
|
LIMIT_MESSAGE_IP=true
|
||||||
|
MESSAGE_IP_MAX=40
|
||||||
|
MESSAGE_IP_WINDOW=1
|
||||||
|
|
||||||
|
LIMIT_MESSAGE_USER=false
|
||||||
|
MESSAGE_USER_MAX=40
|
||||||
|
MESSAGE_USER_WINDOW=1
|
||||||
|
|
||||||
|
ILLEGAL_MODEL_REQ_SCORE=5
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Balance #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
CHECK_BALANCE=false
|
||||||
|
# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Registration and Login #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
ALLOW_EMAIL_LOGIN=true
|
||||||
|
ALLOW_REGISTRATION=true
|
||||||
|
ALLOW_SOCIAL_LOGIN=false
|
||||||
|
ALLOW_SOCIAL_REGISTRATION=false
|
||||||
|
ALLOW_PASSWORD_RESET=false
|
||||||
|
# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
|
||||||
|
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
|
||||||
|
|
||||||
|
SESSION_EXPIRY=1000 * 60 * 15
|
||||||
|
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
||||||
|
|
||||||
|
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
|
||||||
|
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
|
||||||
|
|
||||||
|
|
||||||
|
# Discord
|
||||||
|
DISCORD_CLIENT_ID=
|
||||||
|
DISCORD_CLIENT_SECRET=
|
||||||
|
DISCORD_CALLBACK_URL=/oauth/discord/callback
|
||||||
|
|
||||||
|
# Facebook
|
||||||
|
FACEBOOK_CLIENT_ID=
|
||||||
|
FACEBOOK_CLIENT_SECRET=
|
||||||
|
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
|
||||||
|
|
||||||
|
# GitHub
|
||||||
|
GITHUB_CLIENT_ID=
|
||||||
|
GITHUB_CLIENT_SECRET=
|
||||||
|
GITHUB_CALLBACK_URL=/oauth/github/callback
|
||||||
|
# GitHub Enterprise
|
||||||
|
# GITHUB_ENTERPRISE_BASE_URL=
|
||||||
|
# GITHUB_ENTERPRISE_USER_AGENT=
|
||||||
|
|
||||||
|
# Google
|
||||||
|
GOOGLE_CLIENT_ID=
|
||||||
|
GOOGLE_CLIENT_SECRET=
|
||||||
|
GOOGLE_CALLBACK_URL=/oauth/google/callback
|
||||||
|
|
||||||
|
# Apple
|
||||||
|
APPLE_CLIENT_ID=
|
||||||
|
APPLE_TEAM_ID=
|
||||||
|
APPLE_KEY_ID=
|
||||||
|
APPLE_PRIVATE_KEY_PATH=
|
||||||
|
APPLE_CALLBACK_URL=/oauth/apple/callback
|
||||||
|
|
||||||
|
# OpenID
|
||||||
|
OPENID_CLIENT_ID=
|
||||||
|
OPENID_CLIENT_SECRET=
|
||||||
|
OPENID_ISSUER=
|
||||||
|
OPENID_SESSION_SECRET=
|
||||||
|
OPENID_SCOPE="openid profile email"
|
||||||
|
OPENID_CALLBACK_URL=/oauth/openid/callback
|
||||||
|
OPENID_REQUIRED_ROLE=
|
||||||
|
OPENID_REQUIRED_ROLE_TOKEN_KIND=
|
||||||
|
OPENID_REQUIRED_ROLE_PARAMETER_PATH=
|
||||||
|
# Set to determine which user info property returned from OpenID Provider to store as the User's username
|
||||||
|
OPENID_USERNAME_CLAIM=
|
||||||
|
# Set to determine which user info property returned from OpenID Provider to store as the User's name
|
||||||
|
OPENID_NAME_CLAIM=
|
||||||
|
|
||||||
|
OPENID_BUTTON_LABEL=
|
||||||
|
OPENID_IMAGE_URL=
|
||||||
|
|
||||||
|
# LDAP
|
||||||
|
# LDAP_URL=
|
||||||
|
# LDAP_BIND_DN=
|
||||||
|
# LDAP_BIND_CREDENTIALS=
|
||||||
|
# LDAP_USER_SEARCH_BASE=
|
||||||
|
# LDAP_SEARCH_FILTER=mail=
|
||||||
|
# LDAP_CA_CERT_PATH=
|
||||||
|
# LDAP_TLS_REJECT_UNAUTHORIZED=
|
||||||
|
# LDAP_LOGIN_USES_USERNAME=true
|
||||||
|
# LDAP_ID=
|
||||||
|
# LDAP_USERNAME=
|
||||||
|
# LDAP_EMAIL=
|
||||||
|
# LDAP_FULL_NAME=
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Email Password Reset #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
EMAIL_SERVICE=
|
||||||
|
EMAIL_HOST=postal-smtp
|
||||||
|
EMAIL_PORT=25
|
||||||
|
EMAIL_ENCRYPTION=
|
||||||
|
EMAIL_ENCRYPTION_HOSTNAME=
|
||||||
|
EMAIL_ALLOW_SELFSIGNED=
|
||||||
|
EMAIL_USERNAME=
|
||||||
|
EMAIL_PASSWORD=
|
||||||
|
EMAIL_FROM_NAME=
|
||||||
|
EMAIL_FROM=noreply@librechat.ai
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Firebase CDN #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
# FIREBASE_API_KEY=
|
||||||
|
# FIREBASE_AUTH_DOMAIN=
|
||||||
|
# FIREBASE_PROJECT_ID=
|
||||||
|
# FIREBASE_STORAGE_BUCKET=
|
||||||
|
# FIREBASE_MESSAGING_SENDER_ID=
|
||||||
|
# FIREBASE_APP_ID=
|
||||||
|
|
||||||
|
#========================#
|
||||||
|
# Shared Links #
|
||||||
|
#========================#
|
||||||
|
|
||||||
|
ALLOW_SHARED_LINKS=true
|
||||||
|
ALLOW_SHARED_LINKS_PUBLIC=true
|
||||||
|
|
||||||
|
#==============================#
|
||||||
|
# Static File Cache Control #
|
||||||
|
#==============================#
|
||||||
|
|
||||||
|
# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
|
||||||
|
# NODE_ENV must be set to production for these to take effect
|
||||||
|
# STATIC_CACHE_MAX_AGE=172800
|
||||||
|
# STATIC_CACHE_S_MAX_AGE=86400
|
||||||
|
|
||||||
|
# If you have another service in front of your LibreChat doing compression, disable express based compression here
|
||||||
|
# DISABLE_COMPRESSION=true
|
||||||
|
|
||||||
|
#===================================================#
|
||||||
|
# UI #
|
||||||
|
#===================================================#
|
||||||
|
|
||||||
|
APP_TITLE=LibreChat
|
||||||
|
# CUSTOM_FOOTER="My custom footer"
|
||||||
|
HELP_AND_FAQ_URL=https://librechat.ai
|
||||||
|
|
||||||
|
# SHOW_BIRTHDAY_ICON=true
|
||||||
|
|
||||||
|
# Google tag manager id
|
||||||
|
#ANALYTICS_GTM_ID=user provided google tag manager id
|
||||||
|
|
||||||
|
#===============#
|
||||||
|
# REDIS Options #
|
||||||
|
#===============#
|
||||||
|
|
||||||
|
REDIS_URI=redis:6379
|
||||||
|
USE_REDIS=true
|
||||||
|
|
||||||
|
# USE_REDIS_CLUSTER=true
|
||||||
|
# REDIS_CA=/path/to/ca.crt
|
||||||
|
|
||||||
|
#==================================================#
|
||||||
|
# Others #
|
||||||
|
#==================================================#
|
||||||
|
# You should leave the following commented out #
|
||||||
|
|
||||||
|
# NODE_ENV=
|
||||||
|
|
||||||
|
# E2E_USER_EMAIL=
|
||||||
|
# E2E_USER_PASSWORD=
|
||||||
|
|
||||||
|
#=====================================================#
|
||||||
|
# Cache Headers #
|
||||||
|
#=====================================================#
|
||||||
|
# Headers that control caching of the index.html #
|
||||||
|
# Default configuration prevents caching to ensure #
|
||||||
|
# users always get the latest version. Customize #
|
||||||
|
# only if you understand caching implications. #
|
||||||
|
|
||||||
|
# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
|
||||||
|
# INDEX_HTML_PRAGMA=no-cache
|
||||||
|
# INDEX_HTML_EXPIRES=0
|
||||||
|
|
||||||
|
# no-cache: Forces validation with server before using cached version
|
||||||
|
# no-store: Prevents storing the response entirely
|
||||||
|
# must-revalidate: Prevents using stale content when offline
|
||||||
|
|
||||||
|
#=====================================================#
|
||||||
|
# OpenWeather #
|
||||||
|
#=====================================================#
|
||||||
|
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
||||||
+11
-11
@@ -1,26 +1,26 @@
|
|||||||
version: 1.2.8
|
version: 1.0.0
|
||||||
endpoints:
|
endpoints:
|
||||||
custom:
|
custom:
|
||||||
- name: "rinoa-ollama"
|
- name: "ollama"
|
||||||
apiKey: "ollama"
|
apiKey: "ollama"
|
||||||
baseURL: "http://ollama:11434/v1/chat/completions"
|
baseURL: "http://ollama:11434/v1/chat/completions"
|
||||||
models:
|
models:
|
||||||
default: [
|
default: [
|
||||||
"codellama:7b",
|
|
||||||
"deepseek-coder-v2:16b",
|
|
||||||
"deepseek-r1:1.5b",
|
"deepseek-r1:1.5b",
|
||||||
|
"deepseek-coder-v2:16b",
|
||||||
"deepseek-v3:671b",
|
"deepseek-v3:671b",
|
||||||
"dolphin-mistral:7b",
|
|
||||||
"llama2:7b",
|
|
||||||
"llama3.3:70b",
|
"llama3.3:70b",
|
||||||
"mistral-openorca:7b",
|
|
||||||
"mistral:7b",
|
|
||||||
"orca-mini:3b",
|
|
||||||
"phi4:14b",
|
"phi4:14b",
|
||||||
"qwen2.5",
|
"qwen2.5",
|
||||||
"smollm2:1.7b",
|
"llama2:7b",
|
||||||
"starcoder2:3b",
|
"mistral:7b",
|
||||||
|
"codellama:7b",
|
||||||
"tinyllama:1.1b",
|
"tinyllama:1.1b",
|
||||||
|
"starcoder2:3b",
|
||||||
|
"dolphin-mistral:7b",
|
||||||
|
"smollm2:1.7b",
|
||||||
|
"orca-mini:3b",
|
||||||
|
"mistral-openorca:7b"
|
||||||
]
|
]
|
||||||
# fetching list of models is supported but the `name` field must start
|
# fetching list of models is supported but the `name` field must start
|
||||||
# with `ollama` (case-insensitive), as it does in this example.
|
# with `ollama` (case-insensitive), as it does in this example.
|
||||||
@@ -1,124 +0,0 @@
|
|||||||
[app]
|
|
||||||
# Log level: info, debug, warn, error, fatal
|
|
||||||
log_level = "debug"
|
|
||||||
# Environment: dev, prod.
|
|
||||||
# Setting to "dev" will enable color logging in terminal.
|
|
||||||
env = "dev"
|
|
||||||
# Whether to automatically check for application updates on start up, app updates are shown as a banner in the admin panel.
|
|
||||||
check_updates = true
|
|
||||||
|
|
||||||
# HTTP server.
|
|
||||||
[app.server]
|
|
||||||
# Address to bind the HTTP server to.
|
|
||||||
address = "0.0.0.0:9000"
|
|
||||||
# Unix socket path (leave empty to use TCP address instead)
|
|
||||||
socket = ""
|
|
||||||
# Do NOT disable secure cookies in production environment if you don't know exactly what you're doing!
|
|
||||||
disable_secure_cookies = false
|
|
||||||
# Request read and write timeouts.
|
|
||||||
read_timeout = "5s"
|
|
||||||
write_timeout = "5s"
|
|
||||||
# Maximum request body size in bytes (100MB)
|
|
||||||
# If you are using proxy, you may need to configure them to allow larger request bodies.
|
|
||||||
max_body_size = 104857600
|
|
||||||
# Size of the read buffer for incoming requests
|
|
||||||
read_buffer_size = 4096
|
|
||||||
# Keepalive settings.
|
|
||||||
keepalive_timeout = "10s"
|
|
||||||
|
|
||||||
# File upload provider to use, either `fs` or `s3`.
|
|
||||||
[upload]
|
|
||||||
provider = "s3"
|
|
||||||
|
|
||||||
# Filesystem provider.
|
|
||||||
[upload.fs]
|
|
||||||
# Directory where uploaded files are stored, make sure this directory exists and is writable by the application.
|
|
||||||
upload_path = 'uploads'
|
|
||||||
|
|
||||||
# S3 provider.
|
|
||||||
[upload.s3]
|
|
||||||
# S3 endpoint URL (required only for non-AWS S3-compatible providers like MinIO).
|
|
||||||
# Leave empty to use default AWS endpoints.
|
|
||||||
url = "http://minio:9000"
|
|
||||||
|
|
||||||
# AWS S3 credentials, keep empty to use attached IAM roles.
|
|
||||||
access_key = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBREDESK_S3_ACCESS_KEY'] }}"
|
|
||||||
secret_key = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBREDESK_S3_SECRET_KEY'] }}"
|
|
||||||
|
|
||||||
# AWS region, e.g., "us-east-1", "eu-west-1", etc.
|
|
||||||
region = "us-east-fh-pln"
|
|
||||||
# S3 bucket name where files will be stored.
|
|
||||||
bucket = "libredesk"
|
|
||||||
# Optional prefix path within the S3 bucket where files will be stored.
|
|
||||||
# Example, if set to "uploads/media", files will be stored under that path.
|
|
||||||
# Useful for organizing files inside a shared bucket.
|
|
||||||
bucket_path = ""
|
|
||||||
# S3 signed URL expiry duration (e.g., "30m", "1h")
|
|
||||||
expiry = "30m"
|
|
||||||
|
|
||||||
# Postgres.
|
|
||||||
[db]
|
|
||||||
# If running locally, use `localhost`.
|
|
||||||
host = "libredesk-pg-db"
|
|
||||||
# Database port, default is 5432.
|
|
||||||
port = 5432
|
|
||||||
# Update the following values with your database credentials.
|
|
||||||
user = "libredesk"
|
|
||||||
password = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBREDESK_PG_DB_PASSWD'] }}"
|
|
||||||
database = "libredesk"
|
|
||||||
ssl_mode = "disable"
|
|
||||||
# Maximum number of open database connections
|
|
||||||
max_open = 30
|
|
||||||
# Maximum number of idle connections in the pool
|
|
||||||
max_idle = 30
|
|
||||||
# Maximum time a connection can be reused before being closed
|
|
||||||
max_lifetime = "300s"
|
|
||||||
|
|
||||||
# Redis.
|
|
||||||
[redis]
|
|
||||||
# If running locally, use `localhost:6379`.
|
|
||||||
address = "libredesk-valkey:6379"
|
|
||||||
password = ""
|
|
||||||
db = 0
|
|
||||||
|
|
||||||
[message]
|
|
||||||
# Number of workers processing outgoing message queue
|
|
||||||
outgoing_queue_workers = 10
|
|
||||||
# Number of workers processing incoming message queue
|
|
||||||
incoming_queue_workers = 10
|
|
||||||
# How often to scan for outgoing messages to process, keep it low to process messages quickly.
|
|
||||||
message_outgoing_scan_interval = "50ms"
|
|
||||||
# Maximum number of messages that can be queued for incoming processing
|
|
||||||
incoming_queue_size = 5000
|
|
||||||
# Maximum number of messages that can be queued for outgoing processing
|
|
||||||
outgoing_queue_size = 5000
|
|
||||||
|
|
||||||
[notification]
|
|
||||||
# Number of concurrent notification workers
|
|
||||||
concurrency = 2
|
|
||||||
# Maximum number of notifications that can be queued
|
|
||||||
queue_size = 2000
|
|
||||||
|
|
||||||
[automation]
|
|
||||||
# Number of workers processing automation rules
|
|
||||||
worker_count = 10
|
|
||||||
|
|
||||||
[autoassigner]
|
|
||||||
# How often to run automatic conversation assignment
|
|
||||||
autoassign_interval = "5m"
|
|
||||||
|
|
||||||
[webhook]
|
|
||||||
# Number of webhook delivery workers
|
|
||||||
workers = 5
|
|
||||||
# Maximum number of webhook deliveries that can be queued
|
|
||||||
queue_size = 10000
|
|
||||||
# HTTP timeout for webhook requests
|
|
||||||
timeout = "15s"
|
|
||||||
|
|
||||||
[conversation]
|
|
||||||
# How often to check for conversations to unsnooze
|
|
||||||
unsnooze_interval = "5m"
|
|
||||||
|
|
||||||
[sla]
|
|
||||||
# How often to evaluate SLA compliance for conversations
|
|
||||||
evaluation_interval = "5m"
|
|
||||||
+5
-21
@@ -1,34 +1,18 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
ghost_blog:
|
ghost_blog:
|
||||||
action_keywords:
|
action_keywords:
|
||||||
- restart:
|
- restart:
|
||||||
regex: 'Connection Error.*ECONNRESET$'
|
regex: ':[0-9]{2}\] ERROR.*$'
|
||||||
immich-server:
|
immich-server:
|
||||||
action_keywords:
|
action_keywords:
|
||||||
- restart:
|
- restart:
|
||||||
regex: '(ENOTFOUND|Error|ECONNREFUSED)'
|
regex: 'ADVICE:.*error'
|
||||||
invidious:
|
invidious:
|
||||||
action_keywords:
|
keywords:
|
||||||
- restart:
|
- regex: 'Error reading.*Connection reset by peer trying to reconnect...'
|
||||||
regex: 'Error reading.*Connection reset by peer trying to reconnect\.\.\.'
|
|
||||||
maxun-backend:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: '[Ee]rror'
|
|
||||||
planka:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: 'Failed to lift app: Sails is taking too long to load.$'
|
|
||||||
scrutiny:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: '^s6-.*: fatal.*$'
|
|
||||||
swag:
|
|
||||||
action_keywords:
|
|
||||||
- restart:
|
|
||||||
regex: '^s6-.*: fatal.*$'
|
|
||||||
global_keywords:
|
global_keywords:
|
||||||
keywords:
|
keywords:
|
||||||
- panic
|
- panic
|
||||||
@@ -0,0 +1,159 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
const packageJson = require('../../package.json');
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
// Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
|
||||||
|
brand: {
|
||||||
|
app: {
|
||||||
|
language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
|
||||||
|
name: 'MiroTalk',
|
||||||
|
title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
|
||||||
|
description:
|
||||||
|
'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
|
||||||
|
joinDescription: 'Pick a room name.<br />How about this one?',
|
||||||
|
joinButtonLabel: 'JOIN ROOM',
|
||||||
|
joinLastLabel: 'Your recent room:',
|
||||||
|
},
|
||||||
|
og: {
|
||||||
|
type: 'app-webrtc',
|
||||||
|
siteName: 'MiroTalk',
|
||||||
|
title: 'Click the link to make a call.',
|
||||||
|
description:
|
||||||
|
'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
|
||||||
|
image: 'https://p2p.mirotalk.com/images/preview.png',
|
||||||
|
url: 'https://p2p.mirotalk.com',
|
||||||
|
},
|
||||||
|
site: {
|
||||||
|
shortcutIcon: '../images/logo.svg',
|
||||||
|
appleTouchIcon: '../images/logo.svg',
|
||||||
|
landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
||||||
|
newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
||||||
|
newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
|
||||||
|
newCallRoomDescription:
|
||||||
|
"Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
|
||||||
|
loginTitle: 'MiroTalk - Host Protected login required.',
|
||||||
|
clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
|
||||||
|
privacyPolicyTitle: 'MiroTalk - privacy and policy.',
|
||||||
|
stunTurnTitle: 'Test Stun/Turn Servers.',
|
||||||
|
notFoundTitle: 'MiroTalk - 404 Page not found.',
|
||||||
|
},
|
||||||
|
html: {
|
||||||
|
features: true,
|
||||||
|
browsers: true,
|
||||||
|
teams: true, // please keep me always true ;)
|
||||||
|
tryEasier: true,
|
||||||
|
poweredBy: true,
|
||||||
|
sponsors: true,
|
||||||
|
advertisers: true,
|
||||||
|
footer: true,
|
||||||
|
},
|
||||||
|
about: {
|
||||||
|
imageUrl: '../images/mirotalk-logo.gif',
|
||||||
|
title: `WebRTC P2P v${packageJson.version}`,
|
||||||
|
html: `
|
||||||
|
<button
|
||||||
|
id="support-button"
|
||||||
|
data-umami-event="Support button"
|
||||||
|
onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
|
||||||
|
<i class="fas fa-heart" ></i> Support
|
||||||
|
</button>
|
||||||
|
<br /><br /><br />
|
||||||
|
Author:<a
|
||||||
|
id="linkedin-button"
|
||||||
|
data-umami-event="Linkedin button"
|
||||||
|
href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
|
||||||
|
Miroslav Pejic
|
||||||
|
</a>
|
||||||
|
<br /><br />
|
||||||
|
Email:<a
|
||||||
|
id="email-button"
|
||||||
|
data-umami-event="Email button"
|
||||||
|
href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
|
||||||
|
miroslav.pejic.85@gmail.com
|
||||||
|
</a>
|
||||||
|
<br /><br />
|
||||||
|
<hr />
|
||||||
|
<span>© 2025 MiroTalk P2P, all rights reserved</span>
|
||||||
|
<hr />
|
||||||
|
`,
|
||||||
|
},
|
||||||
|
//...
|
||||||
|
},
|
||||||
|
/**
|
||||||
|
* Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
|
||||||
|
* Set properties to true to show the corresponding buttons, or false to hide them.
|
||||||
|
* captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
|
||||||
|
*/
|
||||||
|
buttons: {
|
||||||
|
main: {
|
||||||
|
showShareQr: true,
|
||||||
|
showShareRoomBtn: true, // For guests
|
||||||
|
showHideMeBtn: true,
|
||||||
|
showAudioBtn: true,
|
||||||
|
showVideoBtn: true,
|
||||||
|
showScreenBtn: true, // autodetected
|
||||||
|
showRecordStreamBtn: true,
|
||||||
|
showChatRoomBtn: true,
|
||||||
|
showCaptionRoomBtn: true,
|
||||||
|
showRoomEmojiPickerBtn: true,
|
||||||
|
showMyHandBtn: true,
|
||||||
|
showWhiteboardBtn: true,
|
||||||
|
showSnapshotRoomBtn: true,
|
||||||
|
showFileShareBtn: true,
|
||||||
|
showDocumentPipBtn: true,
|
||||||
|
showMySettingsBtn: true,
|
||||||
|
showAboutBtn: true, // Please keep me always true, Thank you!
|
||||||
|
},
|
||||||
|
chat: {
|
||||||
|
showTogglePinBtn: true,
|
||||||
|
showMaxBtn: true,
|
||||||
|
showSaveMessageBtn: true,
|
||||||
|
showMarkDownBtn: true,
|
||||||
|
showChatGPTBtn: true,
|
||||||
|
showFileShareBtn: true,
|
||||||
|
showShareVideoAudioBtn: true,
|
||||||
|
showParticipantsBtn: true,
|
||||||
|
},
|
||||||
|
caption: {
|
||||||
|
showTogglePinBtn: true,
|
||||||
|
showMaxBtn: true,
|
||||||
|
},
|
||||||
|
settings: {
|
||||||
|
showMicOptionsBtn: true,
|
||||||
|
showTabRoomPeerName: true,
|
||||||
|
showTabRoomParticipants: true,
|
||||||
|
showTabRoomSecurity: true,
|
||||||
|
showTabEmailInvitation: true,
|
||||||
|
showCaptionEveryoneBtn: true,
|
||||||
|
showMuteEveryoneBtn: true,
|
||||||
|
showHideEveryoneBtn: true,
|
||||||
|
showEjectEveryoneBtn: true,
|
||||||
|
showLockRoomBtn: true,
|
||||||
|
showUnlockRoomBtn: true,
|
||||||
|
showShortcutsBtn: true,
|
||||||
|
},
|
||||||
|
remote: {
|
||||||
|
showAudioVolume: true,
|
||||||
|
audioBtnClickAllowed: true,
|
||||||
|
videoBtnClickAllowed: true,
|
||||||
|
showVideoPipBtn: true,
|
||||||
|
showKickOutBtn: true,
|
||||||
|
showSnapShotBtn: true,
|
||||||
|
showFileShareBtn: true,
|
||||||
|
showShareVideoAudioBtn: true,
|
||||||
|
showPrivateMessageBtn: true,
|
||||||
|
showZoomInOutBtn: false,
|
||||||
|
showVideoFocusBtn: true,
|
||||||
|
},
|
||||||
|
local: {
|
||||||
|
showVideoPipBtn: true,
|
||||||
|
showSnapShotBtn: true,
|
||||||
|
showVideoCircleBtn: true,
|
||||||
|
showZoomInOutBtn: false,
|
||||||
|
},
|
||||||
|
whiteboard: {
|
||||||
|
whiteboardLockBtn: false,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
+12
-14
@@ -24,31 +24,30 @@
|
|||||||
{
|
{
|
||||||
"type": "spotify",
|
"type": "spotify",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"clients": ["lastfmClient", "ListenBrainzClient", "maloja"],
|
"clients": [],
|
||||||
"name": "spotifySource",
|
"name": "spotify",
|
||||||
"data": {
|
"data": {
|
||||||
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
"clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
|
||||||
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
||||||
"redirectUri": "https://scrobble.trez.wtf/callback"
|
"redirectUri": "http://localhost:9078/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "lastfm",
|
"type": "lastfm",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"clients": ["ListenBrainzClient", "maloja"],
|
"clients": [],
|
||||||
"configureAs": "source",
|
"name": "lastfm",
|
||||||
"name": "lastfmSource",
|
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "listenbrainz",
|
"type": "listenbrainz",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"clients": ["lastfmClient", "maloja"],
|
"clients": [],
|
||||||
"name": "listenBrainzSource",
|
"name": "listenBrainz",
|
||||||
"data": {
|
"data": {
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||||
"username": "Trez.One"
|
"username": "Trez.One"
|
||||||
@@ -57,8 +56,8 @@
|
|||||||
{
|
{
|
||||||
"type": "subsonic",
|
"type": "subsonic",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"clients": ["lastfmClient", "ListenBrainzClient", "maloja"],
|
"clients": [],
|
||||||
"name": "navidromeSource",
|
"name": "navidrome",
|
||||||
"data": {
|
"data": {
|
||||||
"url": "http://navidrome:4533",
|
"url": "http://navidrome:4533",
|
||||||
"user": "admin",
|
"user": "admin",
|
||||||
@@ -71,11 +70,10 @@
|
|||||||
"type": "lastfm",
|
"type": "lastfm",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"name": "lastFmClient",
|
"name": "lastFmClient",
|
||||||
"configureAs": "client",
|
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
|
||||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
"redirectUri": "http://localhost:9078/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -90,7 +88,7 @@
|
|||||||
{
|
{
|
||||||
"type": "maloja",
|
"type": "maloja",
|
||||||
"enable": true,
|
"enable": true,
|
||||||
"name": "malojaClient",
|
"name": "maloja",
|
||||||
"data": {
|
"data": {
|
||||||
"url": "http://maloja:42010",
|
"url": "http://maloja:42010",
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
|
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
|
||||||
@@ -0,0 +1,76 @@
|
|||||||
|
{
|
||||||
|
"Stuns": [
|
||||||
|
{
|
||||||
|
"Proto": "udp",
|
||||||
|
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
||||||
|
"Username": "",
|
||||||
|
"Password": null
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"TURNConfig": {
|
||||||
|
"Turns": [
|
||||||
|
{
|
||||||
|
"Proto": "udp",
|
||||||
|
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
||||||
|
"Username": "self",
|
||||||
|
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"CredentialsTTL": "12h",
|
||||||
|
"Secret": "secret",
|
||||||
|
"TimeBasedCredentials": false
|
||||||
|
},
|
||||||
|
"Relay": {
|
||||||
|
"Addresses": [
|
||||||
|
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
||||||
|
],
|
||||||
|
"CredentialsTTL": "24h",
|
||||||
|
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
||||||
|
},
|
||||||
|
"Signal": {
|
||||||
|
"Proto": "https",
|
||||||
|
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
||||||
|
"Username": "",
|
||||||
|
"Password": null
|
||||||
|
},
|
||||||
|
"ReverseProxy": {
|
||||||
|
"TrustedHTTPProxies": [],
|
||||||
|
"TrustedHTTPProxiesCount": 0,
|
||||||
|
"TrustedPeers": [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"Datadir": "",
|
||||||
|
"DataStoreEncryptionKey": "",
|
||||||
|
"StoreConfig": {
|
||||||
|
"Engine": "sqlite"
|
||||||
|
},
|
||||||
|
"HttpConfig": {
|
||||||
|
"Address": "0.0.0.0:33073",
|
||||||
|
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
||||||
|
"AuthAudience": "netbird",
|
||||||
|
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
||||||
|
"AuthUserIDClaim": "",
|
||||||
|
"CertFile": "",
|
||||||
|
"CertKey": "",
|
||||||
|
"IdpSignKeyRefreshEnabled": true,
|
||||||
|
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
||||||
|
},
|
||||||
|
"IdpManagerConfig": {},
|
||||||
|
"DeviceAuthorizationFlow": {},
|
||||||
|
"PKCEAuthorizationFlow": {
|
||||||
|
"ProviderConfig": {
|
||||||
|
"Audience": "netbird",
|
||||||
|
"ClientID": "netbird",
|
||||||
|
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
||||||
|
"Domain": "",
|
||||||
|
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
||||||
|
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
||||||
|
"Scope": "openid profile email offline_access api",
|
||||||
|
"RedirectURLs": [
|
||||||
|
"http://localhost:53000"
|
||||||
|
],
|
||||||
|
"UseIDToken": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,122 @@
|
|||||||
|
{
|
||||||
|
"issuer": "https://id.trez.wtf",
|
||||||
|
"authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
|
||||||
|
"token_endpoint": "https://id.trez.wtf/oauth/v2/token",
|
||||||
|
"introspection_endpoint": "https://id.trez.wtf/oauth/v2/introspect",
|
||||||
|
"userinfo_endpoint": "https://id.trez.wtf/oidc/v1/userinfo",
|
||||||
|
"revocation_endpoint": "https://id.trez.wtf/oauth/v2/revoke",
|
||||||
|
"end_session_endpoint": "https://id.trez.wtf/oidc/v1/end_session",
|
||||||
|
"device_authorization_endpoint": "https://id.trez.wtf/oauth/v2/device_authorization",
|
||||||
|
"jwks_uri": "https://id.trez.wtf/oauth/v2/keys",
|
||||||
|
"scopes_supported": [
|
||||||
|
"openid",
|
||||||
|
"profile",
|
||||||
|
"email",
|
||||||
|
"phone",
|
||||||
|
"address",
|
||||||
|
"offline_access"
|
||||||
|
],
|
||||||
|
"response_types_supported": [
|
||||||
|
"code",
|
||||||
|
"id_token",
|
||||||
|
"id_token token"
|
||||||
|
],
|
||||||
|
"response_modes_supported": [
|
||||||
|
"query",
|
||||||
|
"fragment",
|
||||||
|
"form_post"
|
||||||
|
],
|
||||||
|
"grant_types_supported": [
|
||||||
|
"authorization_code",
|
||||||
|
"implicit",
|
||||||
|
"refresh_token",
|
||||||
|
"client_credentials",
|
||||||
|
"urn:ietf:params:oauth:grant-type:jwt-bearer",
|
||||||
|
"urn:ietf:params:oauth:grant-type:device_code"
|
||||||
|
],
|
||||||
|
"subject_types_supported": [
|
||||||
|
"public"
|
||||||
|
],
|
||||||
|
"id_token_signing_alg_values_supported": [
|
||||||
|
"RS256"
|
||||||
|
],
|
||||||
|
"request_object_signing_alg_values_supported": [
|
||||||
|
"RS256"
|
||||||
|
],
|
||||||
|
"token_endpoint_auth_methods_supported": [
|
||||||
|
"none",
|
||||||
|
"client_secret_basic",
|
||||||
|
"client_secret_post",
|
||||||
|
"private_key_jwt"
|
||||||
|
],
|
||||||
|
"token_endpoint_auth_signing_alg_values_supported": [
|
||||||
|
"RS256"
|
||||||
|
],
|
||||||
|
"revocation_endpoint_auth_methods_supported": [
|
||||||
|
"none",
|
||||||
|
"client_secret_basic",
|
||||||
|
"client_secret_post",
|
||||||
|
"private_key_jwt"
|
||||||
|
],
|
||||||
|
"revocation_endpoint_auth_signing_alg_values_supported": [
|
||||||
|
"RS256"
|
||||||
|
],
|
||||||
|
"introspection_endpoint_auth_methods_supported": [
|
||||||
|
"client_secret_basic",
|
||||||
|
"private_key_jwt"
|
||||||
|
],
|
||||||
|
"introspection_endpoint_auth_signing_alg_values_supported": [
|
||||||
|
"RS256"
|
||||||
|
],
|
||||||
|
"claims_supported": [
|
||||||
|
"sub",
|
||||||
|
"aud",
|
||||||
|
"exp",
|
||||||
|
"iat",
|
||||||
|
"iss",
|
||||||
|
"auth_time",
|
||||||
|
"nonce",
|
||||||
|
"acr",
|
||||||
|
"amr",
|
||||||
|
"c_hash",
|
||||||
|
"at_hash",
|
||||||
|
"act",
|
||||||
|
"scopes",
|
||||||
|
"client_id",
|
||||||
|
"azp",
|
||||||
|
"preferred_username",
|
||||||
|
"name",
|
||||||
|
"family_name",
|
||||||
|
"given_name",
|
||||||
|
"locale",
|
||||||
|
"email",
|
||||||
|
"email_verified",
|
||||||
|
"phone_number",
|
||||||
|
"phone_number_verified"
|
||||||
|
],
|
||||||
|
"code_challenge_methods_supported": [
|
||||||
|
"S256"
|
||||||
|
],
|
||||||
|
"ui_locales_supported": [
|
||||||
|
"bg",
|
||||||
|
"cs",
|
||||||
|
"de",
|
||||||
|
"en",
|
||||||
|
"es",
|
||||||
|
"fr",
|
||||||
|
"hu",
|
||||||
|
"id",
|
||||||
|
"it",
|
||||||
|
"ja",
|
||||||
|
"ko",
|
||||||
|
"mk",
|
||||||
|
"nl",
|
||||||
|
"pl",
|
||||||
|
"pt",
|
||||||
|
"ru",
|
||||||
|
"sv",
|
||||||
|
"zh"
|
||||||
|
],
|
||||||
|
"request_parameter_supported": true,
|
||||||
|
"request_uri_parameter_supported": false
|
||||||
|
}
|
||||||
@@ -0,0 +1,725 @@
|
|||||||
|
# Coturn TURN SERVER configuration file
|
||||||
|
#
|
||||||
|
# Boolean values note: where a boolean value is supposed to be used,
|
||||||
|
# you can use '0', 'off', 'no', 'false', or 'f' as 'false,
|
||||||
|
# and you can use '1', 'on', 'yes', 'true', or 't' as 'true'
|
||||||
|
# If the value is missing, then it means 'true' by default.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Listener interface device (optional, Linux only).
|
||||||
|
# NOT RECOMMENDED.
|
||||||
|
#
|
||||||
|
#listening-device=eth0
|
||||||
|
|
||||||
|
# TURN listener port for UDP and TCP (Default: 3478).
|
||||||
|
# Note: actually, TLS & DTLS sessions can connect to the
|
||||||
|
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
||||||
|
#
|
||||||
|
listening-port=3478
|
||||||
|
|
||||||
|
# TURN listener port for TLS (Default: 5349).
|
||||||
|
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
||||||
|
# port(s), too - if allowed by configuration. The TURN server
|
||||||
|
# "automatically" recognizes the type of traffic. Actually, two listening
|
||||||
|
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
|
||||||
|
# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
|
||||||
|
# For secure TCP connections, Coturn currently supports SSL version 3 and
|
||||||
|
# TLS version 1.0, 1.1 and 1.2.
|
||||||
|
# For secure UDP connections, Coturn supports DTLS version 1.
|
||||||
|
#
|
||||||
|
tls-listening-port=5349
|
||||||
|
|
||||||
|
# Alternative listening port for UDP and TCP listeners;
|
||||||
|
# default (or zero) value means "listening port plus one".
|
||||||
|
# This is needed for RFC 5780 support
|
||||||
|
# (STUN extension specs, NAT behavior discovery). The TURN Server
|
||||||
|
# supports RFC 5780 only if it is started with more than one
|
||||||
|
# listening IP address of the same family (IPv4 or IPv6).
|
||||||
|
# RFC 5780 is supported only by UDP protocol, other protocols
|
||||||
|
# are listening to that endpoint only for "symmetry".
|
||||||
|
#
|
||||||
|
#alt-listening-port=0
|
||||||
|
|
||||||
|
# Alternative listening port for TLS and DTLS protocols.
|
||||||
|
# Default (or zero) value means "TLS listening port plus one".
|
||||||
|
#
|
||||||
|
#alt-tls-listening-port=0
|
||||||
|
|
||||||
|
# Some network setups will require using a TCP reverse proxy in front
|
||||||
|
# of the STUN server. If the proxy port option is set a single listener
|
||||||
|
# is started on the given port that accepts connections using the
|
||||||
|
# haproxy proxy protocol v2.
|
||||||
|
# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
|
||||||
|
#
|
||||||
|
#tcp-proxy-port=5555
|
||||||
|
|
||||||
|
# Listener IP address of relay server. Multiple listeners can be specified.
|
||||||
|
# If no IP(s) specified in the config file or in the command line options,
|
||||||
|
# then all IPv4 and IPv6 system IPs will be used for listening.
|
||||||
|
#
|
||||||
|
#listening-ip=172.17.19.101
|
||||||
|
#listening-ip=10.207.21.238
|
||||||
|
#listening-ip=2607:f0d0:1002:51::4
|
||||||
|
|
||||||
|
# Auxiliary STUN/TURN server listening endpoint.
|
||||||
|
# Aux servers have almost full TURN and STUN functionality.
|
||||||
|
# The (minor) limitations are:
|
||||||
|
#
|
||||||
|
# 1) Auxiliary servers do not have alternative ports and
|
||||||
|
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
|
||||||
|
#
|
||||||
|
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
|
||||||
|
#
|
||||||
|
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
|
||||||
|
#
|
||||||
|
# There may be multiple aux-server options, each will be used for listening
|
||||||
|
# to client requests.
|
||||||
|
#
|
||||||
|
#aux-server=172.17.19.110:33478
|
||||||
|
#aux-server=[2607:f0d0:1002:51::4]:33478
|
||||||
|
|
||||||
|
# (recommended for older Linuxes only)
|
||||||
|
# Automatically balance UDP traffic over auxiliary servers (if configured).
|
||||||
|
# The load balancing is using the ALTERNATE-SERVER mechanism.
|
||||||
|
# The TURN client must support 300 ALTERNATE-SERVER response for this
|
||||||
|
# functionality.
|
||||||
|
#
|
||||||
|
#udp-self-balance
|
||||||
|
|
||||||
|
# Relay interface device for relay sockets (optional, Linux only).
|
||||||
|
# NOT RECOMMENDED.
|
||||||
|
#
|
||||||
|
#relay-device=eth1
|
||||||
|
|
||||||
|
# Relay address (the local IP address that will be used to relay the
|
||||||
|
# packets to the peer).
|
||||||
|
# Multiple relay addresses may be used.
|
||||||
|
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
|
||||||
|
#
|
||||||
|
# If no relay IP(s) specified, then the turnserver will apply the default
|
||||||
|
# policy: it will decide itself which relay addresses to be used, and it
|
||||||
|
# will always be using the client socket IP address as the relay IP address
|
||||||
|
# of the TURN session (if the requested relay address family is the same
|
||||||
|
# as the family of the client socket).
|
||||||
|
#
|
||||||
|
#relay-ip=172.17.19.105
|
||||||
|
#relay-ip=2607:f0d0:1002:51::5
|
||||||
|
|
||||||
|
# For Amazon EC2 users:
|
||||||
|
#
|
||||||
|
# TURN Server public/private address mapping, if the server is behind NAT.
|
||||||
|
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
|
||||||
|
# as relay IP address of all allocations. This scenario works only in a simple case
|
||||||
|
# when one single relay address is be used, and no RFC5780 functionality is required.
|
||||||
|
# That single relay address must be mapped by NAT to the 'external' IP.
|
||||||
|
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
|
||||||
|
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
|
||||||
|
# must be always mapped to the same 'external' port 12345).
|
||||||
|
#
|
||||||
|
# In more complex case when more than one IP address is involved,
|
||||||
|
# that option must be used several times, each entry must
|
||||||
|
# have form "-X <public-ip/private-ip>", to map all involved addresses.
|
||||||
|
# RFC5780 NAT discovery STUN functionality will work correctly,
|
||||||
|
# if the addresses are mapped properly, even when the TURN server itself
|
||||||
|
# is behind A NAT.
|
||||||
|
#
|
||||||
|
# By default, this value is empty, and no address mapping is used.
|
||||||
|
#
|
||||||
|
# external-ip=193.224.22.37
|
||||||
|
#
|
||||||
|
#OR:
|
||||||
|
#
|
||||||
|
#external-ip=60.70.80.91/172.17.19.101
|
||||||
|
#external-ip=60.70.80.92/172.17.19.102
|
||||||
|
|
||||||
|
external-ip=108.29.206.17
|
||||||
|
|
||||||
|
# Number of the relay threads to handle the established connections
|
||||||
|
# (in addition to authentication thread and the listener thread).
|
||||||
|
# If explicitly set to 0 then application runs relay process in a
|
||||||
|
# single thread, in the same thread with the listener process
|
||||||
|
# (the authentication thread will still be a separate thread).
|
||||||
|
#
|
||||||
|
# If this parameter is not set, then the default OS-dependent
|
||||||
|
# thread pattern algorithm will be employed. Usually the default
|
||||||
|
# algorithm is optimal, so you have to change this option
|
||||||
|
# if you want to make some fine tweaks.
|
||||||
|
#
|
||||||
|
# In the older systems (Linux kernel before 3.9),
|
||||||
|
# the number of UDP threads is always one thread per network listening
|
||||||
|
# endpoint - including the auxiliary endpoints - unless 0 (zero) or
|
||||||
|
# 1 (one) value is set.
|
||||||
|
#
|
||||||
|
#relay-threads=0
|
||||||
|
|
||||||
|
# Lower and upper bounds of the UDP relay endpoints:
|
||||||
|
# (default values are 49152 and 65535)
|
||||||
|
#
|
||||||
|
min-port=49152
|
||||||
|
max-port=65535
|
||||||
|
|
||||||
|
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
||||||
|
# By default the verbose mode is off.
|
||||||
|
#verbose
|
||||||
|
|
||||||
|
# Uncomment to run TURN server in 'extra' verbose mode.
|
||||||
|
# This mode is very annoying and produces lots of output.
|
||||||
|
# Not recommended under normal circumstances.
|
||||||
|
#
|
||||||
|
#Verbose
|
||||||
|
|
||||||
|
# Uncomment to use fingerprints in the TURN messages.
|
||||||
|
# By default the fingerprints are off.
|
||||||
|
#
|
||||||
|
fingerprint
|
||||||
|
|
||||||
|
# Uncomment to use long-term credential mechanism.
|
||||||
|
# By default no credentials mechanism is used (any user allowed).
|
||||||
|
#
|
||||||
|
lt-cred-mech
|
||||||
|
|
||||||
|
# This option is the opposite of lt-cred-mech.
|
||||||
|
# (TURN Server with no-auth option allows anonymous access).
|
||||||
|
# If neither option is defined, and no users are defined,
|
||||||
|
# then no-auth is default. If at least one user is defined,
|
||||||
|
# in this file, in command line or in usersdb file, then
|
||||||
|
# lt-cred-mech is default.
|
||||||
|
#
|
||||||
|
#no-auth
|
||||||
|
|
||||||
|
# TURN REST API flag.
|
||||||
|
# (Time Limited Long Term Credential)
|
||||||
|
# Flag that sets a special authorization option that is based upon authentication secret.
|
||||||
|
#
|
||||||
|
# This feature's purpose is to support "TURN Server REST API", see
|
||||||
|
# "TURN REST API" link in the project's page
|
||||||
|
# https://github.com/coturn/coturn/
|
||||||
|
#
|
||||||
|
# This option is used with timestamp:
|
||||||
|
#
|
||||||
|
# usercombo -> "timestamp:userid"
|
||||||
|
# turn user -> usercombo
|
||||||
|
# turn password -> base64(hmac(secret key, usercombo))
|
||||||
|
#
|
||||||
|
# This allows TURN credentials to be accounted for a specific user id.
|
||||||
|
# If you don't have a suitable id, then the timestamp alone can be used.
|
||||||
|
# This option is enabled by turning on secret-based authentication.
|
||||||
|
# The actual value of the secret is defined either by the option static-auth-secret,
|
||||||
|
# or can be found in the turn_secret table in the database (see below).
|
||||||
|
#
|
||||||
|
# Read more about it:
|
||||||
|
# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
|
||||||
|
# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
|
||||||
|
#
|
||||||
|
# Be aware that use-auth-secret overrides some parts of lt-cred-mech.
|
||||||
|
# The use-auth-secret feature depends internally on lt-cred-mech, so if you set
|
||||||
|
# this option then it automatically enables lt-cred-mech internally
|
||||||
|
# as if you had enabled both.
|
||||||
|
#
|
||||||
|
# Note that you can use only one auth mechanism at the same time! This is because,
|
||||||
|
# both mechanisms conduct username and password validation in different ways.
|
||||||
|
#
|
||||||
|
# Use either lt-cred-mech or use-auth-secret in the conf
|
||||||
|
# to avoid any confusion.
|
||||||
|
#
|
||||||
|
#use-auth-secret
|
||||||
|
|
||||||
|
# 'Static' authentication secret value (a string) for TURN REST API only.
|
||||||
|
# If not set, then the turn server
|
||||||
|
# will try to use the 'dynamic' value in the turn_secret table
|
||||||
|
# in the user database (if present). The database-stored value can be changed on-the-fly
|
||||||
|
# by a separate program, so this is why that mode is considered 'dynamic'.
|
||||||
|
#
|
||||||
|
#static-auth-secret=north
|
||||||
|
|
||||||
|
# Server name used for
|
||||||
|
# the oAuth authentication purposes.
|
||||||
|
# The default value is the realm name.
|
||||||
|
#
|
||||||
|
# server-name=stun.wiretrustee.com
|
||||||
|
|
||||||
|
# Flag that allows oAuth authentication.
|
||||||
|
#
|
||||||
|
#oauth
|
||||||
|
|
||||||
|
# 'Static' user accounts for the long term credentials mechanism, only.
|
||||||
|
# This option cannot be used with TURN REST API.
|
||||||
|
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
|
||||||
|
# so they can NOT be changed while the turnserver is running.
|
||||||
|
#
|
||||||
|
#user=username1:key1
|
||||||
|
#user=username2:key2
|
||||||
|
# OR:
|
||||||
|
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
|
||||||
|
#user=username2:password2
|
||||||
|
#
|
||||||
|
# Keys must be generated by turnadmin utility. The key value depends
|
||||||
|
# on user name, realm, and password:
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
|
||||||
|
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||||
|
# ('0x' in the beginning of the key is what differentiates the key from
|
||||||
|
# password. If it has 0x then it is a key, otherwise it is a password).
|
||||||
|
#
|
||||||
|
# The corresponding user account entry in the config file will be:
|
||||||
|
#
|
||||||
|
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
|
||||||
|
# Or, equivalently, with open clear password (less secure):
|
||||||
|
#user=ninefingers:youhavetoberealistic
|
||||||
|
#
|
||||||
|
|
||||||
|
# SQLite database file name.
|
||||||
|
#
|
||||||
|
# The default file name is /var/db/turndb or /usr/local/var/db/turndb or
|
||||||
|
# /var/lib/turn/turndb.
|
||||||
|
#
|
||||||
|
#userdb=/var/db/turndb
|
||||||
|
|
||||||
|
# PostgreSQL database connection string in the case that you are using PostgreSQL
|
||||||
|
# as the user database.
|
||||||
|
# This database can be used for the long-term credential mechanism
|
||||||
|
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
||||||
|
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
|
||||||
|
# versions connection string format, see
|
||||||
|
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
|
||||||
|
# for 9.x and newer connection string formats.
|
||||||
|
#
|
||||||
|
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
|
||||||
|
|
||||||
|
# MySQL database connection string in the case that you are using MySQL
|
||||||
|
# as the user database.
|
||||||
|
# This database can be used for the long-term credential mechanism
|
||||||
|
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
||||||
|
#
|
||||||
|
# Optional connection string parameters for the secure communications (SSL):
|
||||||
|
# ca, capath, cert, key, cipher
|
||||||
|
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
|
||||||
|
# command options description).
|
||||||
|
#
|
||||||
|
# Use the string format below (space separated parameters, all optional):
|
||||||
|
#
|
||||||
|
# mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
|
||||||
|
|
||||||
|
# If you want to use an encrypted password in the MySQL connection string,
|
||||||
|
# then set the MySQL password encryption secret key file with this option.
|
||||||
|
#
|
||||||
|
# Warning: If this option is set, then the mysql password must be set in "mysql-userdb" in an encrypted format!
|
||||||
|
# If you want to use a cleartext password then do not set this option!
|
||||||
|
#
|
||||||
|
# This is the file path for the aes encrypted secret key used for password encryption.
|
||||||
|
#
|
||||||
|
#secret-key-file=/path/
|
||||||
|
|
||||||
|
# MongoDB database connection string in the case that you are using MongoDB
|
||||||
|
# as the user database.
|
||||||
|
# This database can be used for long-term credential mechanism
|
||||||
|
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
||||||
|
# Use the string format described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
|
||||||
|
#
|
||||||
|
#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
|
||||||
|
|
||||||
|
# Redis database connection string in the case that you are using Redis
|
||||||
|
# as the user database.
|
||||||
|
# This database can be used for long-term credential mechanism
|
||||||
|
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
||||||
|
# Use the string format below (space separated parameters, all optional):
|
||||||
|
#
|
||||||
|
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
||||||
|
|
||||||
|
# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
|
||||||
|
# This database keeps allocations status information, and it can be also used for publishing
|
||||||
|
# and delivering traffic and allocation event notifications.
|
||||||
|
# The connection string has the same parameters as redis-userdb connection string.
|
||||||
|
# Use the string format below (space separated parameters, all optional):
|
||||||
|
#
|
||||||
|
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
||||||
|
|
||||||
|
# The default realm to be used for the users when no explicit
|
||||||
|
# origin/realm relationship is found in the database, or if the TURN
|
||||||
|
# server is not using any database (just the commands-line settings
|
||||||
|
# and the userdb file). Must be used with long-term credentials
|
||||||
|
# mechanism or with TURN REST API.
|
||||||
|
#
|
||||||
|
# Note: If the default realm is not specified, then realm falls back to the host domain name.
|
||||||
|
# If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
|
||||||
|
#
|
||||||
|
# realm=wiretrustee.com
|
||||||
|
# This flag sets the origin consistency
|
||||||
|
# check. Across the session, all requests must have the same
|
||||||
|
# main ORIGIN attribute value (if the ORIGIN was
|
||||||
|
# initially used by the session).
|
||||||
|
#
|
||||||
|
#check-origin-consistency
|
||||||
|
|
||||||
|
# Per-user allocation quota.
|
||||||
|
# default value is 0 (no quota, unlimited number of sessions per user).
|
||||||
|
# This option can also be set through the database, for a particular realm.
|
||||||
|
#
|
||||||
|
#user-quota=0
|
||||||
|
|
||||||
|
# Total allocation quota.
|
||||||
|
# default value is 0 (no quota).
|
||||||
|
# This option can also be set through the database, for a particular realm.
|
||||||
|
#
|
||||||
|
#total-quota=0
|
||||||
|
|
||||||
|
# Max bytes-per-second bandwidth a TURN session is allowed to handle
|
||||||
|
# (input and output network streams are treated separately). Anything above
|
||||||
|
# that limit will be dropped or temporarily suppressed (within
|
||||||
|
# the available buffer limits).
|
||||||
|
# This option can also be set through the database, for a particular realm.
|
||||||
|
#
|
||||||
|
#max-bps=0
|
||||||
|
|
||||||
|
#
|
||||||
|
# Maximum server capacity.
|
||||||
|
# Total bytes-per-second bandwidth the TURN server is allowed to allocate
|
||||||
|
# for the sessions, combined (input and output network streams are treated separately).
|
||||||
|
#
|
||||||
|
# bps-capacity=0
|
||||||
|
|
||||||
|
# Uncomment if no UDP client listener is desired.
|
||||||
|
# By default UDP client listener is always started.
|
||||||
|
#
|
||||||
|
#no-udp
|
||||||
|
|
||||||
|
# Uncomment if no TCP client listener is desired.
|
||||||
|
# By default TCP client listener is always started.
|
||||||
|
#
|
||||||
|
#no-tcp
|
||||||
|
|
||||||
|
# Uncomment if no TLS client listener is desired.
|
||||||
|
# By default TLS client listener is always started.
|
||||||
|
#
|
||||||
|
#no-tls
|
||||||
|
|
||||||
|
# Uncomment if no DTLS client listener is desired.
|
||||||
|
# By default DTLS client listener is always started.
|
||||||
|
#
|
||||||
|
#no-dtls
|
||||||
|
|
||||||
|
# Uncomment if no UDP relay endpoints are allowed.
|
||||||
|
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
||||||
|
#
|
||||||
|
#no-udp-relay
|
||||||
|
|
||||||
|
# Uncomment if no TCP relay endpoints are allowed.
|
||||||
|
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
||||||
|
#
|
||||||
|
#no-tcp-relay
|
||||||
|
|
||||||
|
# Uncomment if extra security is desired,
|
||||||
|
# with nonce value having a limited lifetime.
|
||||||
|
# The nonce value is unique for a session.
|
||||||
|
# Set this option to limit the nonce lifetime.
|
||||||
|
# Set it to 0 for unlimited lifetime.
|
||||||
|
# It defaults to 600 secs (10 min) if no value is provided. After that delay,
|
||||||
|
# the client will get 438 error and will have to re-authenticate itself.
|
||||||
|
#
|
||||||
|
#stale-nonce=600
|
||||||
|
|
||||||
|
# Uncomment if you want to set the maximum allocation
|
||||||
|
# time before it has to be refreshed.
|
||||||
|
# Default is 3600s.
|
||||||
|
#
|
||||||
|
#max-allocate-lifetime=3600
|
||||||
|
|
||||||
|
|
||||||
|
# Uncomment to set the lifetime for the channel.
|
||||||
|
# Default value is 600 secs (10 minutes).
|
||||||
|
# This value MUST not be changed for production purposes.
|
||||||
|
#
|
||||||
|
#channel-lifetime=600
|
||||||
|
|
||||||
|
# Uncomment to set the permission lifetime.
|
||||||
|
# Default to 300 secs (5 minutes).
|
||||||
|
# In production this value MUST not be changed,
|
||||||
|
# however it can be useful for test purposes.
|
||||||
|
#
|
||||||
|
#permission-lifetime=300
|
||||||
|
|
||||||
|
# Certificate file.
|
||||||
|
# Use an absolute path or path relative to the
|
||||||
|
# configuration file.
|
||||||
|
# Use PEM file format.
|
||||||
|
#
|
||||||
|
cert=/etc/coturn/certs/cert.pem
|
||||||
|
|
||||||
|
# Private key file.
|
||||||
|
# Use an absolute path or path relative to the
|
||||||
|
# configuration file.
|
||||||
|
# Use PEM file format.
|
||||||
|
#
|
||||||
|
pkey=/etc/coturn/private/privkey.pem
|
||||||
|
|
||||||
|
# Private key file password, if it is in encoded format.
|
||||||
|
# This option has no default value.
|
||||||
|
#
|
||||||
|
#pkey-pwd=...
|
||||||
|
|
||||||
|
# Allowed OpenSSL cipher list for TLS/DTLS connections.
|
||||||
|
# Default value is "DEFAULT".
|
||||||
|
#
|
||||||
|
#cipher-list="DEFAULT"
|
||||||
|
|
||||||
|
# CA file in OpenSSL format.
|
||||||
|
# Forces TURN server to verify the client SSL certificates.
|
||||||
|
# By default this is not set: there is no default value and the client
|
||||||
|
# certificate is not checked.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#CA-file=/etc/ssh/id_rsa.cert
|
||||||
|
|
||||||
|
# Curve name for EC ciphers, if supported by OpenSSL
|
||||||
|
# library (TLS and DTLS). The default value is prime256v1,
|
||||||
|
# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
|
||||||
|
# an optimal curve will be automatically calculated, if not defined
|
||||||
|
# by this option.
|
||||||
|
#
|
||||||
|
#ec-curve-name=prime256v1
|
||||||
|
|
||||||
|
# Use 566 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
|
#
|
||||||
|
#dh566
|
||||||
|
|
||||||
|
# Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
|
#
|
||||||
|
#dh1066
|
||||||
|
|
||||||
|
# Use custom DH TLS key, stored in PEM format in the file.
|
||||||
|
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
|
||||||
|
#
|
||||||
|
#dh-file=<DH-PEM-file-name>
|
||||||
|
|
||||||
|
# Flag to prevent stdout log messages.
|
||||||
|
# By default, all log messages go to both stdout and to
|
||||||
|
# the configured log file. With this option everything will
|
||||||
|
# go to the configured log only (unless the log file itself is stdout).
|
||||||
|
#
|
||||||
|
#no-stdout-log
|
||||||
|
|
||||||
|
# Option to set the log file name.
|
||||||
|
# By default, the turnserver tries to open a log file in
|
||||||
|
# /var/log, /var/tmp, /tmp and the current directory
|
||||||
|
# (Whichever file open operation succeeds first will be used).
|
||||||
|
# With this option you can set the definite log file name.
|
||||||
|
# The special names are "stdout" and "-" - they will force everything
|
||||||
|
# to the stdout. Also, the "syslog" name will force everything to
|
||||||
|
# the system log (syslog).
|
||||||
|
# In the runtime, the logfile can be reset with the SIGHUP signal
|
||||||
|
# to the turnserver process.
|
||||||
|
#
|
||||||
|
log-file=stdout
|
||||||
|
|
||||||
|
# Option to redirect all log output into system log (syslog).
|
||||||
|
#
|
||||||
|
# syslog
|
||||||
|
|
||||||
|
# This flag means that no log file rollover will be used, and the log file
|
||||||
|
# name will be constructed as-is, without PID and date appendage.
|
||||||
|
# This option can be used, for example, together with the logrotate tool.
|
||||||
|
#
|
||||||
|
#simple-log
|
||||||
|
|
||||||
|
# Option to set the "redirection" mode. The value of this option
|
||||||
|
# will be the address of the alternate server for UDP & TCP service in the form of
|
||||||
|
# <ip>[:<port>]. The server will send this value in the attribute
|
||||||
|
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
|
||||||
|
# Client will receive only values with the same address family
|
||||||
|
# as the client network endpoint address family.
|
||||||
|
# See RFC 5389 and RFC 5766 for the description of ALTERNATE-SERVER functionality.
|
||||||
|
# The client must use the obtained value for subsequent TURN communications.
|
||||||
|
# If more than one --alternate-server option is provided, then the functionality
|
||||||
|
# can be more accurately described as "load-balancing" than a mere "redirection".
|
||||||
|
# If the port number is omitted, then the default port
|
||||||
|
# number 3478 for the UDP/TCP protocols will be used.
|
||||||
|
# Colon (:) characters in IPv6 addresses may conflict with the syntax of
|
||||||
|
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
|
||||||
|
# in square brackets in such resource identifiers, for example:
|
||||||
|
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
|
||||||
|
# Multiple alternate servers can be set. They will be used in the
|
||||||
|
# round-robin manner. All servers in the pool are considered of equal weight and
|
||||||
|
# the load will be distributed equally. For example, if you have 4 alternate servers,
|
||||||
|
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
|
||||||
|
# address can be used more than one time with the alternate-server option, so this
|
||||||
|
# can emulate "weighting" of the servers.
|
||||||
|
#
|
||||||
|
# Examples:
|
||||||
|
#alternate-server=1.2.3.4:5678
|
||||||
|
#alternate-server=11.22.33.44:56789
|
||||||
|
#alternate-server=5.6.7.8
|
||||||
|
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
||||||
|
|
||||||
|
# Option to set alternative server for TLS & DTLS services in form of
|
||||||
|
# <ip>:<port>. If the port number is omitted, then the default port
|
||||||
|
# number 5349 for the TLS/DTLS protocols will be used. See the previous
|
||||||
|
# option for the functionality description.
|
||||||
|
#
|
||||||
|
# Examples:
|
||||||
|
#tls-alternate-server=1.2.3.4:5678
|
||||||
|
#tls-alternate-server=11.22.33.44:56789
|
||||||
|
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
||||||
|
|
||||||
|
# Option to suppress TURN functionality, only STUN requests will be processed.
|
||||||
|
# Run as STUN server only, all TURN requests will be ignored.
|
||||||
|
# By default, this option is NOT set.
|
||||||
|
#
|
||||||
|
#stun-only
|
||||||
|
|
||||||
|
# Option to hide software version. Enhance security when used in production.
|
||||||
|
# Revealing the specific software version of the agent through the
|
||||||
|
# SOFTWARE attribute might allow them to become more vulnerable to
|
||||||
|
# attacks against software that is known to contain security holes.
|
||||||
|
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
||||||
|
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
||||||
|
#
|
||||||
|
no-software-attribute
|
||||||
|
|
||||||
|
# Option to suppress STUN functionality, only TURN requests will be processed.
|
||||||
|
# Run as TURN server only, all STUN requests will be ignored.
|
||||||
|
# By default, this option is NOT set.
|
||||||
|
#
|
||||||
|
#no-stun
|
||||||
|
|
||||||
|
# This is the timestamp/username separator symbol (character) in TURN REST API.
|
||||||
|
# The default value is ':'.
|
||||||
|
# rest-api-separator=:
|
||||||
|
|
||||||
|
# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
|
||||||
|
# This is an extra security measure.
|
||||||
|
#
|
||||||
|
# (To avoid any security issue that allowing loopback access may raise,
|
||||||
|
# the no-loopback-peers option is replaced by allow-loopback-peers.)
|
||||||
|
#
|
||||||
|
# Allow it only for testing in a development environment!
|
||||||
|
# In production it adds a possible security vulnerability, so for security reasons
|
||||||
|
# it is not allowed using it together with empty cli-password.
|
||||||
|
#
|
||||||
|
#allow-loopback-peers
|
||||||
|
|
||||||
|
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
|
||||||
|
# This is an extra security measure.
|
||||||
|
#
|
||||||
|
#no-multicast-peers
|
||||||
|
|
||||||
|
# Option to set the max time, in seconds, allowed for full allocation establishment.
|
||||||
|
# Default is 60 seconds.
|
||||||
|
#
|
||||||
|
#max-allocate-timeout=60
|
||||||
|
|
||||||
|
# Option to allow or ban specific ip addresses or ranges of ip addresses.
|
||||||
|
# If an ip address is specified as both allowed and denied, then the ip address is
|
||||||
|
# considered to be allowed. This is useful when you wish to ban a range of ip
|
||||||
|
# addresses, except for a few specific ips within that range.
|
||||||
|
#
|
||||||
|
# This can be used when you do not want users of the turn server to be able to access
|
||||||
|
# machines reachable by the turn server, but would otherwise be unreachable from the
|
||||||
|
# internet (e.g. when the turn server is sitting behind a NAT)
|
||||||
|
#
|
||||||
|
# Examples:
|
||||||
|
# denied-peer-ip=83.166.64.0-83.166.95.255
|
||||||
|
# allowed-peer-ip=83.166.68.45
|
||||||
|
|
||||||
|
# File name to store the pid of the process.
|
||||||
|
# Default is /var/run/turnserver.pid (if superuser account is used) or
|
||||||
|
# /var/tmp/turnserver.pid .
|
||||||
|
#
|
||||||
|
pidfile="/var/tmp/turnserver.pid"
|
||||||
|
|
||||||
|
# Require authentication of the STUN Binding request.
|
||||||
|
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
|
||||||
|
#
|
||||||
|
#secure-stun
|
||||||
|
|
||||||
|
# Mobility with ICE (MICE) specs support.
|
||||||
|
#
|
||||||
|
#mobility
|
||||||
|
|
||||||
|
# Allocate Address Family according
|
||||||
|
# If enabled then TURN server allocates address family according the TURN
|
||||||
|
# Client <=> Server communication address family.
|
||||||
|
# (By default Coturn works according RFC 6156.)
|
||||||
|
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
||||||
|
#
|
||||||
|
#keep-address-family
|
||||||
|
|
||||||
|
|
||||||
|
# User name to run the process. After the initialization, the turnserver process
|
||||||
|
# will attempt to change the current user ID to that user.
|
||||||
|
#
|
||||||
|
#proc-user=<user-name>
|
||||||
|
|
||||||
|
# Group name to run the process. After the initialization, the turnserver process
|
||||||
|
# will attempt to change the current group ID to that group.
|
||||||
|
#
|
||||||
|
#proc-group=<group-name>
|
||||||
|
|
||||||
|
# Turn OFF the CLI support.
|
||||||
|
# By default it is always ON.
|
||||||
|
# See also options cli-ip and cli-port.
|
||||||
|
#
|
||||||
|
no-cli
|
||||||
|
|
||||||
|
#Local system IP address to be used for CLI server endpoint. Default value
|
||||||
|
# is 127.0.0.1.
|
||||||
|
#
|
||||||
|
# cli-ip=127.0.0.1
|
||||||
|
|
||||||
|
# CLI server port. Default is 5766.
|
||||||
|
#
|
||||||
|
# cli-port=5766
|
||||||
|
|
||||||
|
# CLI access password. Default is empty (no password).
|
||||||
|
# For the security reasons, it is recommended that you use the encrypted
|
||||||
|
# form of the password (see the -P command in the turnadmin utility).
|
||||||
|
#
|
||||||
|
# Secure form for password 'qwerty':
|
||||||
|
#
|
||||||
|
#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
|
||||||
|
#
|
||||||
|
# Or insecure form for the same password:
|
||||||
|
#
|
||||||
|
# cli-password=CHANGE_ME
|
||||||
|
|
||||||
|
# Enable Web-admin support on https. By default it is Disabled.
|
||||||
|
# If it is enabled it also enables a http a simple static banner page
|
||||||
|
# with a small reminder that the admin page is available only on https.
|
||||||
|
#
|
||||||
|
#web-admin
|
||||||
|
|
||||||
|
# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
|
||||||
|
#
|
||||||
|
#web-admin-ip=127.0.0.1
|
||||||
|
|
||||||
|
# Web-admin server port. Default is 8080.
|
||||||
|
#
|
||||||
|
#web-admin-port=8080
|
||||||
|
|
||||||
|
# Web-admin server listen on STUN/TURN worker threads
|
||||||
|
# By default it is disabled for security reasons! (Not recommended in any production environment!)
|
||||||
|
#
|
||||||
|
#web-admin-listen-on-workers
|
||||||
|
|
||||||
|
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
|
||||||
|
# Only for those applications when you want to run
|
||||||
|
# server applications on the relay endpoints.
|
||||||
|
# This option eliminates the IP permissions check on
|
||||||
|
# the packets incoming to the relay endpoints.
|
||||||
|
#
|
||||||
|
#server-relay
|
||||||
|
|
||||||
|
# Maximum number of output sessions in ps CLI command.
|
||||||
|
# This value can be changed on-the-fly in CLI. The default value is 256.
|
||||||
|
#
|
||||||
|
#cli-max-output-sessions
|
||||||
|
|
||||||
|
# Set network engine type for the process (for internal purposes).
|
||||||
|
#
|
||||||
|
#ne=[1|2|3]
|
||||||
|
|
||||||
|
# Do not allow an TLS/DTLS version of protocol
|
||||||
|
#
|
||||||
|
#no-tlsv1
|
||||||
|
#no-tlsv1_1
|
||||||
|
#no-tlsv1_2
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
<clickhouse>
|
||||||
|
<profiles>
|
||||||
|
<default>
|
||||||
|
<log_queries>0</log_queries>
|
||||||
|
<log_query_threads>0</log_query_threads>
|
||||||
|
</default>
|
||||||
|
</profiles>
|
||||||
|
</clickhouse>
|
||||||
@@ -1,225 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
# This is an example configuration file that documents all the options.
|
|
||||||
# It will need to be modified for your specific use case.
|
|
||||||
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
|
|
||||||
# Please refer to the link below for more details on how to set up the configuration file
|
|
||||||
# https://github.com/StuffAnThings/qbit_manage/wiki/Config-Setup
|
|
||||||
|
|
||||||
commands:
|
|
||||||
# The commands defined below will OVERRIDE any commands used in command line and docker env variables.
|
|
||||||
dry_run: True
|
|
||||||
recheck: False
|
|
||||||
cat_update: False
|
|
||||||
tag_update: False
|
|
||||||
rem_unregistered: False
|
|
||||||
tag_tracker_error: False
|
|
||||||
rem_orphaned: False
|
|
||||||
tag_nohardlinks: False
|
|
||||||
share_limits: False
|
|
||||||
skip_qb_version_check: False
|
|
||||||
skip_cleanup: False
|
|
||||||
|
|
||||||
qbt:
|
|
||||||
# qBittorrent parameters
|
|
||||||
# Pass environment variables to the config via !ENV tag
|
|
||||||
host: qbittorrentvpn:8080
|
|
||||||
user: admin
|
|
||||||
pass: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['DELUGEVPN_PASSWORD'] }}
|
|
||||||
|
|
||||||
settings:
|
|
||||||
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
|
|
||||||
force_auto_tmm_ignore_tags: #Torrents with these tags will be ignored when force_auto_tmm is enabled.
|
|
||||||
- cross-seed
|
|
||||||
- Upload
|
|
||||||
tracker_error_tag: issue # Will set the tag of any torrents that do not have a working tracker.
|
|
||||||
nohardlinks_tag: noHL # Will set the tag of any torrents with no hardlinks.
|
|
||||||
stalled_tag: stalledDL # Will set the tag of any torrents stalled downloading.
|
|
||||||
share_limits_tag: ~share_limit # Will add this tag when applying share limits to provide an easy way to filter torrents by share limit group/priority for each torrent
|
|
||||||
share_limits_min_seeding_time_tag: MinSeedTimeNotReached # Tag to be added to torrents that have not yet reached the minimum seeding time
|
|
||||||
share_limits_min_num_seeds_tag: MinSeedsNotMet # Tag to be added to torrents that have not yet reached the minimum number of seeds
|
|
||||||
share_limits_last_active_tag: LastActiveLimitNotReached # Tag to be added to torrents that have not yet reached the last active limit
|
|
||||||
cat_filter_completed: True # Filters for completed torrents only when running cat_update command
|
|
||||||
share_limits_filter_completed: True # Filters for completed torrents only when running share_limits command
|
|
||||||
tag_nohardlinks_filter_completed: True # Filters for completed torrents only when running tag_nohardlinks command
|
|
||||||
rem_unregistered_filter_completed: False # Filters for completed torrents only when running rem_unregistered command
|
|
||||||
cat_update_all: True # Checks and updates all torrent categories if set to True when running cat_update command, otherwise only update torrents that are uncategorized
|
|
||||||
disable_qbt_default_share_limits: True # Allows QBM to handle share limits by disabling qBittorrents default Share limits. Only active when the share_limits command is set to True
|
|
||||||
tag_stalled_torrents: True # Tags any downloading torrents that are stalled with the `stalledDL` tag when running the tag_update command
|
|
||||||
rem_unregistered_ignore_list: # Ignores a list of words found in the status of the tracker when running rem_unregistered command and will not remove the torrent if matched
|
|
||||||
- example placeholder words
|
|
||||||
- ignore if found
|
|
||||||
|
|
||||||
directory:
|
|
||||||
# Do not remove these
|
|
||||||
# root_dir var: </your/path/here/> # Root downloads directory used to check for orphaned files, noHL, and RecycleBin.
|
|
||||||
# <OPTIONAL> remote_dir var: </your/path/here/> # Path of docker host mapping of root_dir.
|
|
||||||
# remote_dir must be set if you're running qbit_manage locally and qBittorrent/cross_seed is in a docker
|
|
||||||
# remote_dir should not be set if qbit_manage is running in a container
|
|
||||||
# <OPTIONAL> recycle_bin var: </your/path/here/> # Path of the RecycleBin folder. Default location is set to remote_dir/.RecycleBin
|
|
||||||
# <OPTIONAL> torrents_dir var: </your/path/here/> # Path of the your qbittorrent torrents directory. Required for `save_torrents` attribute in recyclebin
|
|
||||||
# <OPTIONAL> orphaned_dir var: </your/path/here/> # Path of the the Orphaned Data folder. This is similar to RecycleBin, but only for orphaned data.
|
|
||||||
root_dir: "/downloads"
|
|
||||||
# remote_dir: "/host/path/to/torrents/ifdocker/torrents/"
|
|
||||||
# recycle_bin: "/path/to/.RecycleBin"
|
|
||||||
torrents_dir: "/downloads/completed/torrent"
|
|
||||||
|
|
||||||
cat:
|
|
||||||
# Category & Path Parameters
|
|
||||||
# All save paths in qbittorent must be populated below.
|
|
||||||
# If you want to leave a save_path as uncategorized you can use the key 'Uncategorized' as the name of the category.
|
|
||||||
# You can use Unix filename pattern matching as well when specifying the save_path
|
|
||||||
# <Category Name> : <save_path> # Path of your save directory.
|
|
||||||
lidarr: "/downloads/completed/torrent/music"
|
|
||||||
# prowlarr: "/data/torrents"
|
|
||||||
radarr: "/downloads/completed/torrent/movies"
|
|
||||||
readarr: "/downloads/completed/torrent/ebooks"
|
|
||||||
tv-sonarr: "/downloads/completed/torrent//tv"
|
|
||||||
|
|
||||||
cat_change:
|
|
||||||
# This moves all the torrents from one category to another category. This executes on --cat-update
|
|
||||||
# WARNING: if the paths are different and Default Torrent Management Mode is set to automatic the files could be moved !!!
|
|
||||||
# <Old Category Name> : <New Category>
|
|
||||||
CatA.cross-seed: CatA
|
|
||||||
CatB.cross-seed: CatB
|
|
||||||
|
|
||||||
tracker:
|
|
||||||
# Mandatory
|
|
||||||
# Tag Parameters
|
|
||||||
# <Tracker URL Keyword>: # <MANDATORY> This is the keyword in the tracker url. You can define multiple tracker urls by splitting with `|` delimiter
|
|
||||||
# <MANDATORY> Set tag name. Can be a list of tags or a single tag
|
|
||||||
# tag: <Tag Name>
|
|
||||||
# <OPTIONAL> Set the category based on tracker URL. This category option takes priority over the category defined by save directory
|
|
||||||
# cat: <Category Name>
|
|
||||||
# <OPTIONAL> Set this to the notifiarr react name. This is used to add indexer reactions to the notifications sent by Notifiarr
|
|
||||||
# notifiarr: <notifiarr indexer>
|
|
||||||
animebytes.tv:
|
|
||||||
tag: AnimeBytes
|
|
||||||
notifiarr: animebytes
|
|
||||||
avistaz:
|
|
||||||
tag:
|
|
||||||
- Avistaz
|
|
||||||
- tag2
|
|
||||||
- tag3
|
|
||||||
notifiarr: avistaz
|
|
||||||
beyond-hd:
|
|
||||||
tag: [Beyond-HD, tag2, tag3]
|
|
||||||
cat: movies
|
|
||||||
notifiarr: beyondhd
|
|
||||||
blutopia:
|
|
||||||
tag: Blutopia
|
|
||||||
notifiarr: blutopia
|
|
||||||
cartoonchaos:
|
|
||||||
tag: CartoonChaos
|
|
||||||
digitalcore:
|
|
||||||
tag: DigitalCore
|
|
||||||
notifiarr: digitalcore
|
|
||||||
gazellegames:
|
|
||||||
tag: GGn
|
|
||||||
hdts:
|
|
||||||
tag: HDTorrents
|
|
||||||
landof.tv:
|
|
||||||
tag: BroadcasTheNet
|
|
||||||
notifiarr: broadcasthenet
|
|
||||||
myanonamouse:
|
|
||||||
tag: MaM
|
|
||||||
passthepopcorn:
|
|
||||||
tag: PassThePopcorn
|
|
||||||
notifiarr: passthepopcorn
|
|
||||||
privatehd:
|
|
||||||
tag: PrivateHD
|
|
||||||
notifiarr:
|
|
||||||
torrentdb:
|
|
||||||
tag: TorrentDB
|
|
||||||
notifiarr: torrentdb
|
|
||||||
torrentleech|tleechreload:
|
|
||||||
tag: TorrentLeech
|
|
||||||
notifiarr: torrentleech
|
|
||||||
tv-vault:
|
|
||||||
tag: TV-Vault
|
|
||||||
# The "other" key is a special keyword and if defined will tag any other trackers that don't match the above trackers into this tag
|
|
||||||
other:
|
|
||||||
tag: other
|
|
||||||
|
|
||||||
nohardlinks:
|
|
||||||
# Tag Movies/Series that are not hard linked outside the root directory
|
|
||||||
# Mandatory to fill out directory parameter above to use this function (root_dir/remote_dir)
|
|
||||||
# This variable should be set to your category name of your completed movies/completed series in qbit. Acceptable variable can be any category you would like to tag if there are no hardlinks found
|
|
||||||
movies-completed-4k:
|
|
||||||
series-completed-4k:
|
|
||||||
movies-completed:
|
|
||||||
# <OPTIONAL> exclude_tags var: Will exclude torrents with any of the following tags when searching through the category.
|
|
||||||
exclude_tags:
|
|
||||||
- Beyond-HD
|
|
||||||
- AnimeBytes
|
|
||||||
- MaM
|
|
||||||
# <OPTIONAL> ignore_root_dir var: Will ignore any hardlinks detected in the same root_dir (Default True).
|
|
||||||
ignore_root_dir: true
|
|
||||||
# Can have additional categories set with separate ratio/seeding times defined.
|
|
||||||
series-completed:
|
|
||||||
# <OPTIONAL> exclude_tags var: Will exclude torrents with any of the following tags when searching through the category.
|
|
||||||
exclude_tags:
|
|
||||||
- Beyond-HD
|
|
||||||
- BroadcasTheNet
|
|
||||||
# <OPTIONAL> ignore_root_dir var: Will ignore any hardlinks detected in the same root_dir (Default True).
|
|
||||||
ignore_root_dir: true
|
|
||||||
|
|
||||||
share_limits:
|
|
||||||
# Control how torrent share limits are set depending on the priority of your grouping
|
|
||||||
# Each torrent will be matched with the share limit group with the highest priority that meets the group filter criteria.
|
|
||||||
# Each torrent can only be matched with one share limit group
|
|
||||||
# This variable is mandatory and is a text defining the name of your grouping. This can be any string you want
|
|
||||||
spacesaver:
|
|
||||||
priority: 2
|
|
||||||
max_ratio: 3
|
|
||||||
min_last_active: 24h
|
|
||||||
cleanup: false
|
|
||||||
default:
|
|
||||||
priority: 999
|
|
||||||
max_ratio: -1
|
|
||||||
max_seeding_time: -1
|
|
||||||
cleanup: false
|
|
||||||
recyclebin:
|
|
||||||
# Recycle Bin method of deletion will move files into the recycle bin (Located in /root_dir/.RecycleBin) instead of directly deleting them in qbit
|
|
||||||
# By default the Recycle Bin will be emptied on every run of the qbit_manage script if empty_after_x_days is defined.
|
|
||||||
enabled: true
|
|
||||||
# <OPTIONAL> empty_after_x_days var:
|
|
||||||
# Will automatically remove all files and folders in recycle bin after x days. (Checks every script run)
|
|
||||||
# If this variable is not defined it, the RecycleBin will never be emptied.
|
|
||||||
# WARNING: Setting this variable to 0 will delete all files immediately upon script run!
|
|
||||||
empty_after_x_days: 60
|
|
||||||
# <OPTIONAL> save_torrents var:
|
|
||||||
# If this option is set to true you MUST fill out the torrents_dir in the directory attribute.
|
|
||||||
# This will save a copy of your .torrent and .fastresume file in the recycle bin before deleting it from qbittorrent
|
|
||||||
save_torrents: true
|
|
||||||
# <OPTIONAL> split_by_category var:
|
|
||||||
# This will split the recycle bin folder by the save path defined in the `cat` attribute
|
|
||||||
# and add the base folder name of the recycle bin that was defined in the `recycle_bin` sub-attribute under directory.
|
|
||||||
split_by_category: false
|
|
||||||
|
|
||||||
orphaned:
|
|
||||||
# Orphaned files are those in the root_dir download directory that are not referenced by any active torrents.
|
|
||||||
# Will automatically remove all files and folders in orphaned data after x days. (Checks every script run)
|
|
||||||
# If this variable is not defined it, the orphaned data will never be emptied.
|
|
||||||
# WARNING: Setting this variable to 0 will delete all files immediately upon script run!
|
|
||||||
empty_after_x_days: 60
|
|
||||||
# File patterns that will not be considered orphaned files. Handy for generated files that aren't part of the torrent but belong with the torrent's files
|
|
||||||
exclude_patterns:
|
|
||||||
- "**/.DS_Store"
|
|
||||||
- "**/Thumbs.db"
|
|
||||||
- "**/@eaDir"
|
|
||||||
- "/data/torrents/temp/**"
|
|
||||||
- "**/*.!qB"
|
|
||||||
- "**/*_unpackerred"
|
|
||||||
# Set your desired threshold for the maximum number of orphaned files qbm will delete in a single run. (-1 to disable safeguards)
|
|
||||||
# This will help reduce the number of accidental large amount orphaned deletions in a single run
|
|
||||||
# WARNING: Setting this variable to -1 will not safeguard against any deletions
|
|
||||||
max_orphaned_files_to_delete: 50
|
|
||||||
|
|
||||||
apprise:
|
|
||||||
# Apprise integration with webhooks
|
|
||||||
# Leave Empty/Blank to disable
|
|
||||||
# Mandatory to fill out the url of your apprise API endpoint
|
|
||||||
api_url: http://apprise-api:8000
|
|
||||||
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
|
|
||||||
notify_url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
|
||||||
+1
-1
@@ -100,7 +100,7 @@ server:
|
|||||||
redis:
|
redis:
|
||||||
# URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
|
# URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
|
||||||
# https://docs.searxng.org/admin/settings/settings_redis.html#settings-redis
|
# https://docs.searxng.org/admin/settings/settings_redis.html#settings-redis
|
||||||
url: redis://searxng-valkey:6379/0
|
url: redis://redis:6379/0
|
||||||
|
|
||||||
ui:
|
ui:
|
||||||
# Custom static path - leave it blank if you didn't change
|
# Custom static path - leave it blank if you didn't change
|
||||||
@@ -1,222 +0,0 @@
|
|||||||
receivers:
|
|
||||||
httplogreceiver/json:
|
|
||||||
endpoint: 0.0.0.0:8082
|
|
||||||
source: json
|
|
||||||
otlp:
|
|
||||||
protocols:
|
|
||||||
grpc:
|
|
||||||
endpoint: 0.0.0.0:4317
|
|
||||||
http:
|
|
||||||
endpoint: 0.0.0.0:4318
|
|
||||||
hostmetrics:
|
|
||||||
collection_interval: 60s # Frequency of metrics collection.
|
|
||||||
scrapers:
|
|
||||||
cpu: {}
|
|
||||||
load: {}
|
|
||||||
memory: {}
|
|
||||||
disk: {}
|
|
||||||
filesystem: {}
|
|
||||||
network: {}
|
|
||||||
docker_stats:
|
|
||||||
endpoint: unix:///var/run/docker.sock
|
|
||||||
collection_interval: 30s
|
|
||||||
timeout: 10s
|
|
||||||
api_version: "1.51"
|
|
||||||
metrics:
|
|
||||||
container.uptime:
|
|
||||||
enabled: true
|
|
||||||
container.restarts:
|
|
||||||
enabled: true
|
|
||||||
container.network.io.usage.rx_errors:
|
|
||||||
enabled: true
|
|
||||||
container.network.io.usage.tx_errors:
|
|
||||||
enabled: true
|
|
||||||
container.network.io.usage.rx_packets:
|
|
||||||
enabled: true
|
|
||||||
container.network.io.usage.tx_packets:
|
|
||||||
enabled: true
|
|
||||||
filelog/nginx-access-logs:
|
|
||||||
include: ["${env:NGINX_ACCESS_LOG_FILE}"]
|
|
||||||
operators:
|
|
||||||
# Parse the default nginx access log format. Nginx defaults to the "combined" log format
|
|
||||||
# $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
|
|
||||||
# For more details, see https://nginx.org/en/docs/http/ngx_http_log_module.html
|
|
||||||
- type: regex_parser
|
|
||||||
if: body matches '^(?P<remote_addr>[0-9\\.]+) - (?P<remote_user>[^\\s]+) \\[(?P<ts>.+)\\] "(?P<request_method>\\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
|
|
||||||
parse_from: body
|
|
||||||
parse_to: attributes
|
|
||||||
regex: '^(?P<remote_addr>[0-9\.]+) - (?P<remote_user>[^\s]+) \[(?P<ts>.+)\] "(?P<request_method>\w+?) (?P<request_path>.+?)" (?P<status>[0-9]+) (?P<body_bytes_sent>[0-9]+) "(?P<http_referrer>.+?)" "(?P<http_user_agent>.+?)"$'
|
|
||||||
timestamp:
|
|
||||||
parse_from: attributes.ts
|
|
||||||
layout: "02/Jan/2006:15:04:05 -0700"
|
|
||||||
layout_type: gotime
|
|
||||||
severity:
|
|
||||||
parse_from: attributes.status
|
|
||||||
overwrite_text: true
|
|
||||||
mapping:
|
|
||||||
debug: "1xx"
|
|
||||||
info:
|
|
||||||
- "2xx"
|
|
||||||
- "3xx"
|
|
||||||
warn: "4xx"
|
|
||||||
error: "5xx"
|
|
||||||
- type: remove
|
|
||||||
if: attributes.ts != nil
|
|
||||||
field: attributes.ts
|
|
||||||
- type: add
|
|
||||||
field: attributes.source
|
|
||||||
value: nginx
|
|
||||||
|
|
||||||
filelog/nginx-error-logs:
|
|
||||||
include: ["${env:NGINX_ERROR_LOG_FILE}"]
|
|
||||||
operators:
|
|
||||||
# Parse the default nginx error log format.
|
|
||||||
# YYYY/MM/DD HH:MM:SS [LEVEL] PID#TID: *CID MESSAGE
|
|
||||||
# For more details, see https://github.com/phusion/nginx/blob/master/src/core/ngx_log.c
|
|
||||||
- type: regex_parser
|
|
||||||
if: body matches '^(?P<ts>.+?) \\[(?P<log_level>\\w+)\\] (?P<pid>\\d+)#(?P<tid>\\d+). \\*(?P<cid>\\d+) (?P<message>.+)$'
|
|
||||||
parse_from: body
|
|
||||||
parse_to: attributes
|
|
||||||
regex: '^(?P<ts>.+?) \[(?P<log_level>\w+)\] (?P<pid>\d+)#(?P<tid>\d+). \*(?P<cid>\d+) (?P<message>.+)$'
|
|
||||||
timestamp:
|
|
||||||
parse_from: attributes.ts
|
|
||||||
layout: "2006/01/02 15:04:05"
|
|
||||||
layout_type: gotime
|
|
||||||
severity:
|
|
||||||
parse_from: attributes.log_level
|
|
||||||
overwrite_text: true
|
|
||||||
mapping:
|
|
||||||
debug: "debug"
|
|
||||||
info:
|
|
||||||
- "info"
|
|
||||||
- "notice"
|
|
||||||
warn: "warn"
|
|
||||||
error:
|
|
||||||
- "error"
|
|
||||||
- "crit"
|
|
||||||
- "alert"
|
|
||||||
fatal: "emerg"
|
|
||||||
- type: remove
|
|
||||||
if: attributes.ts != nil
|
|
||||||
field: attributes.ts
|
|
||||||
- type: move
|
|
||||||
if: attributes.message != nil
|
|
||||||
from: attributes.message
|
|
||||||
to: body
|
|
||||||
- type: add
|
|
||||||
field: attributes.source
|
|
||||||
value: nginx
|
|
||||||
prometheus:
|
|
||||||
config:
|
|
||||||
global:
|
|
||||||
scrape_interval: 60s
|
|
||||||
scrape_configs:
|
|
||||||
- job_name: otel-collector
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
- localhost:8888
|
|
||||||
labels:
|
|
||||||
job_name: otel-collector
|
|
||||||
processors:
|
|
||||||
batch:
|
|
||||||
send_batch_size: 10000
|
|
||||||
send_batch_max_size: 11000
|
|
||||||
timeout: 10s
|
|
||||||
resourcedetection:
|
|
||||||
detectors: [env, system]
|
|
||||||
system:
|
|
||||||
hostname_sources: [os]
|
|
||||||
resourcedetection/env:
|
|
||||||
detectors: [env]
|
|
||||||
timeout: 2s
|
|
||||||
override: false
|
|
||||||
resourcedetection/system:
|
|
||||||
detectors: ["system"]
|
|
||||||
system:
|
|
||||||
hostname_sources: ["dns", "os"]
|
|
||||||
resourcedetection/docker:
|
|
||||||
detectors: [env, docker]
|
|
||||||
timeout: 2s
|
|
||||||
override: false
|
|
||||||
signozspanmetrics/delta:
|
|
||||||
metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
|
|
||||||
metrics_flush_interval: 60s
|
|
||||||
latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
|
|
||||||
dimensions_cache_size: 100000
|
|
||||||
aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
|
|
||||||
enable_exp_histogram: true
|
|
||||||
dimensions:
|
|
||||||
- name: service.namespace
|
|
||||||
default: default
|
|
||||||
- name: deployment.environment
|
|
||||||
default: default
|
|
||||||
# This is added to ensure the uniqueness of the timeseries
|
|
||||||
# Otherwise, identical timeseries produced by multiple replicas of
|
|
||||||
# collectors result in incorrect APM metrics
|
|
||||||
- name: signoz.collector.id
|
|
||||||
- name: service.version
|
|
||||||
- name: browser.platform
|
|
||||||
- name: browser.mobile
|
|
||||||
- name: k8s.cluster.name
|
|
||||||
- name: k8s.node.name
|
|
||||||
- name: k8s.namespace.name
|
|
||||||
- name: host.name
|
|
||||||
- name: host.type
|
|
||||||
- name: container.name
|
|
||||||
extensions:
|
|
||||||
health_check:
|
|
||||||
endpoint: 0.0.0.0:13133
|
|
||||||
pprof:
|
|
||||||
endpoint: 0.0.0.0:1777
|
|
||||||
exporters:
|
|
||||||
clickhousetraces:
|
|
||||||
datasource: tcp://clickhouse:9000/signoz_traces
|
|
||||||
low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
|
|
||||||
use_new_schema: true
|
|
||||||
clickhousemetricswrite:
|
|
||||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
|
||||||
disable_v2: true
|
|
||||||
resource_to_telemetry_conversion:
|
|
||||||
enabled: true
|
|
||||||
clickhousemetricswrite/prometheus:
|
|
||||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
|
||||||
disable_v2: true
|
|
||||||
signozclickhousemetrics:
|
|
||||||
dsn: tcp://clickhouse:9000/signoz_metrics
|
|
||||||
clickhouselogsexporter:
|
|
||||||
dsn: tcp://clickhouse:9000/signoz_logs
|
|
||||||
timeout: 10s
|
|
||||||
use_new_schema: true
|
|
||||||
# debug: {}
|
|
||||||
otlp/nginx-logs:
|
|
||||||
endpoint: "localhost:4317"
|
|
||||||
tls:
|
|
||||||
insecure: true
|
|
||||||
service:
|
|
||||||
telemetry:
|
|
||||||
logs:
|
|
||||||
encoding: json
|
|
||||||
extensions:
|
|
||||||
- health_check
|
|
||||||
- pprof
|
|
||||||
pipelines:
|
|
||||||
traces:
|
|
||||||
receivers: [otlp]
|
|
||||||
processors: [signozspanmetrics/delta, batch]
|
|
||||||
exporters: [clickhousetraces]
|
|
||||||
metrics:
|
|
||||||
receivers: [otlp]
|
|
||||||
processors: [batch]
|
|
||||||
exporters: [clickhousemetricswrite, signozclickhousemetrics, resourcedetection/docker, resourcedetection/system]
|
|
||||||
metrics/hostmetrics:
|
|
||||||
receivers: [hostmetrics]
|
|
||||||
processors: [resourcedetection, resource/env]
|
|
||||||
exporters: [otlp]
|
|
||||||
metrics/prometheus:
|
|
||||||
receivers: [prometheus]
|
|
||||||
processors: [batch]
|
|
||||||
exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
|
|
||||||
logs:
|
|
||||||
receivers: [otlp, tcplog/docker, httplogreceiver/json]
|
|
||||||
processors: [batch]
|
|
||||||
exporters: [clickhouselogsexporter]
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
server_endpoint: ws://signoz-app:4320/v1/opamp
|
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
server_endpoint: ws://signoz:4320/v1/opamp
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
server_endpoint: ws://signoz:4320/v1/opamp
|
||||||
@@ -0,0 +1,19 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
{
|
||||||
|
"$schema": "../schemas/v2/index.json",
|
||||||
|
"repos": [
|
||||||
|
{
|
||||||
|
"type": "gitea",
|
||||||
|
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
|
||||||
|
"url": "https://git.trez.wtf",
|
||||||
|
"revisions": {
|
||||||
|
"branches": [
|
||||||
|
"main",
|
||||||
|
"*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
|
||||||
|
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
|
||||||
|
<entry key='config.default'>./conf/default.xml</entry>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
|
||||||
|
This is the main configuration file. All your configuration parameters should be placed in this file.
|
||||||
|
|
||||||
|
Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
|
||||||
|
with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
|
||||||
|
remove "config.default" parameter from this file unless you know what you are doing.
|
||||||
|
|
||||||
|
For list of available parameters see following page: https://www.traccar.org/configuration-file/
|
||||||
|
|
||||||
|
-->
|
||||||
|
|
||||||
|
<entry key='database.driver'>org.postgresql.Driver</entry>
|
||||||
|
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
|
||||||
|
<entry key='database.user'>traccar</entry>
|
||||||
|
<entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
|
||||||
|
|
||||||
|
</properties>
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
sources:
|
||||||
|
rinoa_docker_logs:
|
||||||
|
type: docker_logs
|
||||||
|
exclude_containers:
|
||||||
|
- vector
|
||||||
|
|
||||||
|
sinks:
|
||||||
|
parseable:
|
||||||
|
type: http
|
||||||
|
method: post
|
||||||
|
batch:
|
||||||
|
max_bytes: 10485760
|
||||||
|
max_events: 1000
|
||||||
|
timeout_secs: 10
|
||||||
|
compression: gzip
|
||||||
|
inputs:
|
||||||
|
- rinoa_docker_logs
|
||||||
|
encoding:
|
||||||
|
codec: json
|
||||||
|
uri: http://parseable:8000/api/v1/ingest'
|
||||||
|
auth:
|
||||||
|
strategy: basic
|
||||||
|
user: admin
|
||||||
|
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
|
||||||
|
request:
|
||||||
|
headers:
|
||||||
|
X-P-Stream: rinoa-docker-logs
|
||||||
|
healthcheck:
|
||||||
|
enabled: true
|
||||||
|
path: 'http://parseable:8000/api/v1/liveness'
|
||||||
|
port: 80
|
||||||
@@ -0,0 +1,19 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
nodes:
|
||||||
|
# Wazuh indexer server nodes
|
||||||
|
indexer:
|
||||||
|
- name: wazuh.indexer
|
||||||
|
ip: wazuh.indexer
|
||||||
|
|
||||||
|
# Wazuh server nodes
|
||||||
|
# Use node_type only with more than one Wazuh manager
|
||||||
|
server:
|
||||||
|
- name: wazuh.manager
|
||||||
|
ip: wazuh.manager
|
||||||
|
|
||||||
|
# Wazuh dashboard node
|
||||||
|
dashboard:
|
||||||
|
- name: wazuh.dashboard
|
||||||
|
ip: wazuh.dashboard
|
||||||
@@ -0,0 +1,33 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
network.host: "0.0.0.0"
|
||||||
|
node.name: "wazuh.indexer"
|
||||||
|
path.data: /var/lib/wazuh-indexer
|
||||||
|
path.logs: /var/log/wazuh-indexer
|
||||||
|
discovery.type: single-node
|
||||||
|
http.port: 9200-9299
|
||||||
|
transport.tcp.port: 9300-9399
|
||||||
|
compatibility.override_main_response_version: true
|
||||||
|
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
||||||
|
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
||||||
|
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
||||||
|
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
||||||
|
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
||||||
|
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
||||||
|
plugins.security.ssl.http.enabled: true
|
||||||
|
plugins.security.ssl.transport.enforce_hostname_verification: false
|
||||||
|
plugins.security.ssl.transport.resolve_hostname: false
|
||||||
|
plugins.security.authcz.admin_dn:
|
||||||
|
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
|
||||||
|
plugins.security.check_snapshot_restore_write_privileges: true
|
||||||
|
plugins.security.enable_snapshot_restore_privilege: true
|
||||||
|
plugins.security.nodes_dn:
|
||||||
|
- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
|
||||||
|
plugins.security.restapi.roles_enabled:
|
||||||
|
- "all_access"
|
||||||
|
- "security_rest_api_access"
|
||||||
|
plugins.security.system_indices.enabled: true
|
||||||
|
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
|
||||||
|
plugins.security.allow_default_init_securityindex: true
|
||||||
|
cluster.routing.allocation.disk.threshold_enabled: false
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
hosts:
|
||||||
|
- 1513629884013:
|
||||||
|
url: "https://wazuh.manager"
|
||||||
|
port: 55000
|
||||||
|
username: wazuh-wui
|
||||||
|
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
|
||||||
|
run_as: false
|
||||||
@@ -0,0 +1,43 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
|
||||||
|
Log:
|
||||||
|
Level: 'debug'
|
||||||
|
|
||||||
|
# Make ZITADEL accessible over HTTPs, not HTTP
|
||||||
|
ExternalSecure: true
|
||||||
|
ExternalDomain: 'id.trez.wtf'
|
||||||
|
ExternalPort: 443
|
||||||
|
|
||||||
|
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
||||||
|
Database:
|
||||||
|
postgres:
|
||||||
|
Host: 'zitadel-pg-db'
|
||||||
|
Port: 5432
|
||||||
|
Database: zitadel
|
||||||
|
User:
|
||||||
|
SSL:
|
||||||
|
Mode: 'disable'
|
||||||
|
Admin:
|
||||||
|
SSL:
|
||||||
|
Mode: 'disable'
|
||||||
|
|
||||||
|
DefaultInstance:
|
||||||
|
DomainPolicy:
|
||||||
|
UserLoginMustBeDomain: false
|
||||||
|
|
||||||
|
LogStore:
|
||||||
|
Access:
|
||||||
|
Stdout:
|
||||||
|
Enabled: true
|
||||||
|
|
||||||
|
SMTPConfiguration:
|
||||||
|
# Configuration of the host
|
||||||
|
SMTP:
|
||||||
|
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
||||||
|
Host: 'postal-smtp:25'
|
||||||
|
User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
||||||
|
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||||
|
From: 'noreply@trez.wtf'
|
||||||
|
FromName: 'Zitadel @ Rinoa'
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
|
||||||
|
FirstInstance:
|
||||||
|
Org:
|
||||||
|
Human:
|
||||||
|
# use the loginname root@my-org.my.domain
|
||||||
|
Username: 'root'
|
||||||
|
Password: 'RootPassword1!'
|
||||||
|
Email:
|
||||||
|
Address: 'charish.patel@trez.wtf'
|
||||||
|
Verified: true
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||||
|
{% set secrets_path = 'rinoa-docker/env' %}
|
||||||
|
|
||||||
|
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
||||||
|
Database:
|
||||||
|
postgres:
|
||||||
|
User:
|
||||||
|
# If the user doesn't exist already, it is created
|
||||||
|
Username: 'zitadel'
|
||||||
|
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
|
||||||
|
Admin:
|
||||||
|
Username: 'root'
|
||||||
|
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
|
||||||
@@ -1,54 +1,20 @@
|
|||||||
---
|
---
|
||||||
- name: Deploy Docker Service Configurations (Modified in Last 10 Minutes)
|
- name: Deploy Docker Service Configurations
|
||||||
hosts: rinoa
|
hosts: rinoa
|
||||||
vars:
|
vars:
|
||||||
template_base_path: "{{ playbook_dir }}/app-configs"
|
|
||||||
appdata_base_path: "~/.docker/config/appdata"
|
appdata_base_path: "~/.docker/config/appdata"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Find all Jinja2 templates
|
|
||||||
ansible.builtin.find:
|
|
||||||
paths: "{{ template_base_path }}"
|
|
||||||
patterns: "*.j2"
|
|
||||||
recurse: yes
|
|
||||||
register: jinja_templates
|
|
||||||
delegate_to: localhost
|
|
||||||
run_once: true
|
|
||||||
|
|
||||||
- name: Get parent directories modified in the last 10 minutes
|
|
||||||
ansible.builtin.command: >
|
|
||||||
find {{ template_base_path }} -mindepth 1 -maxdepth 1
|
|
||||||
-type d -mmin -10
|
|
||||||
register: modified_dirs
|
|
||||||
changed_when: false
|
|
||||||
delegate_to: localhost
|
|
||||||
run_once: true
|
|
||||||
|
|
||||||
- name: Set fact for recent directories
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
recent_dirs: "{{ modified_dirs.stdout_lines }}"
|
|
||||||
|
|
||||||
- name: Filter templates within recently modified folders
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
selected_templates: >-
|
|
||||||
{{ jinja_templates.files
|
|
||||||
| selectattr('path', 'search', recent_dirs | map('regex_escape') | map('regex_replace', '^', '') | join('|'))
|
|
||||||
| list }}
|
|
||||||
|
|
||||||
- name: Ensure target directories exist
|
- name: Ensure target directories exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') | dirname }}"
|
path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
loop: "{{ selected_templates }}"
|
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||||
loop_control:
|
|
||||||
label: "{{ item.path }}"
|
|
||||||
|
|
||||||
- name: Render and deploy templates
|
- name: Deploy configuration templates
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.path }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') }}"
|
dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
loop: "{{ selected_templates }}"
|
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||||
loop_control:
|
|
||||||
label: "{{ item.path }}"
|
|
||||||
|
|||||||
@@ -1,14 +1,14 @@
|
|||||||
vault_addr: "https://vault.trez.wtf"
|
vault_addr: "https://vault.trez.wtf"
|
||||||
vault_token: !vault |
|
vault_token: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
31616264333530373062366539333738643937326562616130636266646532653862663966663862
|
62353532343234343230663331623062376533346166343963383464303535646362376233663361
|
||||||
6336343130363932316237373939656530663339383061360a626433656432633734363635313236
|
3532343530653365663331393339646337653564316337390a646264353561623132366635343032
|
||||||
36646161663939393035333066656435663064313031636430386163653438336165663432393563
|
63326535376434353837663334366336613631346161363034646134333439613531376362646161
|
||||||
3032316331653662310a653930623965303835396239383663306438633738356563633834623036
|
6438316662626566340a346665666234386630633764376336333063363934643162393565386330
|
||||||
35616132656166663233613937346364343439306561306661633239623837373564323430386635
|
35333139303939613232303264646236326637613862303339353334623066393966353032333839
|
||||||
31663762303234326363643262633761363661656538373333396139376132303564336635623632
|
33323962303635333335376364366336663035303530396262356130373537363134303937353433
|
||||||
30303166336432653038333733386334323262623736626435623933653035363035383930366166
|
34393338336666396338616465666466613931373461663761366235643437646136373039353939
|
||||||
64376639396664303034656533656339363436306638396462333230636136396538303638323338
|
33643133313264303637646336653537383337336661313765663366356262343064316334313337
|
||||||
3138
|
35306232303132653566356130343366313139336665313737363732613261623439
|
||||||
vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
|
vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
|
||||||
secrets_path: "rinoa-docker/env"
|
secrets_path: "rinoa-docker/env"
|
||||||
|
|||||||
+507
-2090
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user