Auto Merge of PR 97 - patchmon-proxy-conf_2026-05-19T15-38-07

Merged by Trez.One
This commit was merged in pull request #97.
This commit is contained in:
2026-07-13 16:31:25 -04:00
61 changed files with 295 additions and 210 deletions
+1
View File
@@ -4,3 +4,4 @@ collections_path = ./collections
host_key_checking = False
retry_files_enabled = False
strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy
strategy = mitogen_free
+7
View File
@@ -0,0 +1,7 @@
{% macro kv2_field(term, field, mount_point) -%}
{{ lookup(
'community.hashi_vault.vault_kv2_get',
term,
engine_mount_point=mount_point
)['secret'][field] }}
{%- endmacro %}
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
name: mariadb-backup
description: "Backup of all databases from MariaDB container"
schedule: "30 23 * * *"
env:
MARIADB_ROOT_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD'] }}
MARIADB_ROOT_PASSWORD: \{\{ vault.kv2_field\('env', 'MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD', vault_engine_mount_point) }}
steps:
- name: list-all-databases
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rikku-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
http:
pprof:
@@ -9,7 +9,7 @@ http:
session_ttl: 720h
users:
- name: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rikku-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
http:
pprof:
@@ -9,7 +9,7 @@ http:
session_ttl: 720h
users:
- name: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
urls:
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
- hassio://192.168.1.252/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_HA_TOKEN'] }}
- mailto://postal-smtp:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@postal-smtp:25?from=noreply@trez.wtf
- gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
- hassio://192.168.1.252/\{\{ vault.kv2_field\('env', 'APPRISE_HA_TOKEN', vault_engine_mount_point) }}
- mailto://postal-smtp:\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}@postal-smtp:25?from=noreply@trez.wtf
+13 -13
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
---
@@ -64,11 +64,11 @@ authentication_backend:
mail: mail
display_name: displayName
user: uid=authelia,ou=people,dc=trez,dc=wtf
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
password: "{{ vault.kv2_field('env', 'AUTHELIA_AUTH_BIND_LDAP_PASSWORD', vault_engine_mount_point) }}"
refresh_interval: 5m
identity_validation:
reset_password:
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_JWT_SECRET'] }}'
jwt_secret: "{{ vault.kv2_field('env', 'AUTHELIA_JWT_SECRET', vault_engine_mount_point) }}"
password_policy:
standard:
enabled: true
@@ -92,7 +92,7 @@ access_control:
rules:
- domain_regex:
- '^trez.wtf$'
- ^www.trez.wtf$''
- ^www.trez.wtf$'
policy: bypass
- domain: '*.trez.wtf'
policy: bypass
@@ -112,7 +112,7 @@ access_control:
policy: bypass
session:
name: authelia_session
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_SESSION_SECRET'] }}'
secret: "{{ vault.kv2_field('env', 'AUTHELIA_SESSION_SECRET', vault_engine_mount_point) }}"
expiration: 1h
inactivity: 5m
remember_me: 1M
@@ -124,12 +124,12 @@ session:
port: 6379
database_index: 0
storage:
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
encryption_key: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', vault_engine_mount_point) }}"
postgres:
address: 'tcp://authelia-pg:5432'
database: authelia
username: authelia
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
password: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', vault_engine_mount_point) }}"
timeout: '5s'
regulation:
max_retries: 3
@@ -140,8 +140,8 @@ notifier:
smtp:
address: 'smtp://postal-smtp:25'
timeout: '5s'
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
username: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}"
password: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
sender: "Authelia <noreply@trez.wtf>"
identifier: 'localhost'
subject: "[Authelia] {title}"
@@ -151,10 +151,10 @@ notifier:
disable_html_emails: false
identity_providers:
oidc:
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
hmac_secret: "{{ vault.kv2_field('env', 'AUTHELIA_OIDC_HMAC_SECRET', vault_engine_mount_point) }}"
jwks:
- key: |
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
{{ vault.kv2_field('env', 'AUTHELIA_OIDC_JWKS_KEY', vault_engine_mount_point) | replace("\\n", "\n") | indent(10) }}
cors:
allowed_origins_from_client_redirect_uris: true
endpoints:
@@ -166,7 +166,7 @@ identity_providers:
clients:
- client_id: 'netbird'
client_name: 'NetBird'
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
client_secret: "{{ vault.kv2_field('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET', vault_engine_mount_point) }}"
public: false
authorization_policy: 'two_factor'
redirect_uris:
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
source: journalctl
journalctl_filter:
- "--directory=/var/log/host/"
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
common:
daemonize: false
log_media: stdout
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
url: http://0.0.0.0:8080
login: localhost
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_LOCAL_API_KEY'] }}
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_LOCAL_API_KEY', vault_engine_mount_point) }}
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
url: https://api.crowdsec.net/
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
login: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
name: default_ip_remediation
#debug: true
+6 -6
View File
@@ -1,15 +1,15 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
EXPLO_SYSTEM: subsonic
SYSTEM_URL: http://navidrome:4533
SYSTEM_USERNAME: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_USERNAME'] }}
SYSTEM_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}
SYSTEM_USERNAME: \{\{ vault.kv2_field\('env', 'NAVIDROME_USERNAME', vault_engine_mount_point) }}
SYSTEM_PASSWORD: \{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}
DOWNLOAD_DIR: /downloads
PLAYLIST_DIR: /playlists
LISTENBRAINZ_USER: Trez.One
YOUTUBE_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUTUBE_DATA_API_V3_KEY'] }}
YOUTUBE_API_KEY: \{\{ vault.kv2_field\('env', 'YOUTUBE_DATA_API_V3_KEY', vault_engine_mount_point) }}
SLSKD_URL: http://gluetun:5030
SLSK_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
SLSK_API_KEY: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
DOWNLOAD_SERVICES:
# Assign a custom path to yt-dlp
# YTDLP_PATH=
+3 -3
View File
@@ -9,7 +9,7 @@ compression_level = 10
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "localhost:3901"
rpc_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_RPC_SECRET'] }}"
rpc_secret = "\{\{ vault.kv2_field\('env', 'GARAGE_RPC_SECRET', vault_engine_mount_point) }}"
[s3_api]
s3_region = "us-east-fh-pln"
@@ -22,5 +22,5 @@ root_domain = ".garage.trez.wtf"
[admin]
api_bind_addr = "[::]:3903"
admin_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_ADMIN_TOKEN'] }}"
metrics_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_METRICS_TOKEN'] }}"
admin_token = "\{\{ vault.kv2_field\('env', 'GARAGE_ADMIN_TOKEN', vault_engine_mount_point) }}"
metrics_token = "\{\{ vault.kv2_field\('env', 'GARAGE_METRICS_TOKEN', vault_engine_mount_point) }}"
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"url": "blog.trez.wtf",
@@ -9,7 +9,7 @@
"host" : "mariadb",
"port" : 3306,
"user" : "ghost",
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GHOST_DB_PASSWORD'] }}",
"password" : "\{\{ vault.kv2_field\('env', 'GHOST_DB_PASSWORD', vault_engine_mount_point) }}",
"database" : "ghost_db"
}
},
@@ -21,8 +21,8 @@
"port": 25,
"secure": false,
"auth": {
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
"user": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}",
"pass": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
}
}
},
+7 -7
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod
@@ -27,7 +27,7 @@ DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_LFS_JWT_SECRET'] }}
LFS_JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_LFS_JWT_SECRET', vault_engine_mount_point) }}
OFFLINE_MODE = true
[database]
@@ -36,7 +36,7 @@ DB_TYPE = postgres
HOST = gitea-db:5432
NAME = gitea
USER = gitea
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_PG_DB_PASSWORD'] }}
PASSWD = \{\{ vault.kv2_field\('env', 'GITEA_PG_DB_PASSWORD', vault_engine_mount_point) }}
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_INTERNAL_TOKEN'] }}
INTERNAL_TOKEN = \{\{ vault.kv2_field\('env', 'GITEA_INTERNAL_TOKEN', vault_engine_mount_point) }}
PASSWORD_HASH_ALGO = pbkdf2
[service]
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
PATH = /data/git/lfs
[mailer]
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
PASSWD = \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
PROTOCOL = smtp
ENABLED = true
FROM = '"Gitea" <noreply@trez.wtf>'
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
DEFAULT_TRUST_MODEL = committer
[oauth2]
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_OAUTH2_JWT_SECRET', vault_engine_mount_point) }}
[ui]
THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
gitea:
@@ -9,7 +9,7 @@ gitea:
# Created access token for the user that shall be used as bot account.
# User needs "Read project" permissions with access to "Pull Requests"
token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_TOKEN', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret
# file: /path/to/gitea/token
@@ -18,7 +18,7 @@ gitea:
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret
# secretFile: /path/to/gitea/webhook/secret
@@ -35,7 +35,7 @@ sonarqube:
# Created access token for the user that shall be used as bot account.
# User needs "Browse on project" permissions
token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_TOKEN', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret
# file: /path/to/sonarqube/token
@@ -45,7 +45,7 @@ sonarqube:
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
# validated.
webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret
# secretFile: /path/to/sonarqube/webhook/secret
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
+22 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
# For configuration options and examples, please see:
@@ -20,6 +20,25 @@
# href: http://localhost/
# description: Homepage is 😎
- System Administration:
- PatchMon
href: https://patch.trez.wtf
description: Patch management for *NIX and Windows
icon: patchmon.svg
weight: 0
widget:
type: customapi
url: http://192.168.1.252:3000/api/v1/gethomepage/stats
headers:
Authorization: Basic \{\{ vault.kv2_field\('env', 'PATCHMON_API_BASE64_CREDS', vault_engine_mount_point) }}
mappings:
- field: total_hosts
label: Total Hosts
- field: hosts_needing_updates
label: Needs Updates
- field: security_updates
label: Security Updates
- Automation:
- Home Assistant (Rikku):
href: https://ha.trez.wtf
@@ -29,7 +48,7 @@
widget:
type: homeassistant
url: http://192.168.1.252:8123
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
key: \{\{ vault.kv2_field\('env', 'HOMEPAGE_HOME_ASSISTANT_API_KEY', vault_engine_mount_point) }}
- Media Library:
- Audiomuse:
+4 -4
View File
@@ -1,12 +1,12 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
# For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/settings
providers:
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
openweathermap: \{\{ vault.kv2_field\('env', 'HOMEPAGE_OPENWEATHERMAP_API_KEY', vault_engine_mount_point) }}
# weatherapi: weatherapiapikey
title: Rinoa Dashboard (trez.WTF)
headerStyle: underlined
@@ -23,7 +23,7 @@ provider: duckduckgo
layout:
System Administration:
style: row
columns: 5
columns: 4
Infrastructure/App Performance Monitoring:
style: row
columns: 5
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
---
# For configuration options and examples, please see:
+8 -8
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
#########################################
#
# Database and other external servers
@@ -15,7 +15,7 @@ db:
host: invidious-db
port: 5432
dbname: invidious
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PG_DB_PASSWORD'] }}
password: \{\{ vault.kv2_field\('env', 'INVID_PG_DB_PASSWORD', vault_engine_mount_point) }}
##
## Database configuration using a single URI. This is an
@@ -88,7 +88,7 @@ check_tables: true
invidious_companion:
- private_url: "http://invidious-companion:8282"
# # Uncomment for advanced reverse proxy configuration (see above).
- public_url: https://invid.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MY_TLD'] }}/companion
- public_url: https://invid.\{\{ vault.kv2_field\('env', 'MY_TLD', vault_engine_mount_point) }}/companion
##
## API key for Invidious companion, used for securing the communication
@@ -103,7 +103,7 @@ invidious_companion:
## Accepted values: a string (of length 16)
## Default: <none>
##
invidious_companion_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_COMPANION_KEY'] }}
invidious_companion_key: \{\{ vault.kv2_field\('env', 'INVID_COMPANION_KEY', vault_engine_mount_point) }}
#########################################
#
@@ -271,8 +271,8 @@ https_only: false
## Accepted values: String
## Default: <none>
##
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PO_TOKEN'] }}
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_VISITOR_DATA'] }}
po_token: \{\{ vault.kv2_field\('env', 'INVID_PO_TOKEN', vault_engine_mount_point) }}
visitor_data: \{\{ vault.kv2_field\('env', 'INVID_VISITOR_DATA', vault_engine_mount_point) }}
# -----------------------------
# Logging
@@ -532,7 +532,7 @@ jobs:
## Accepted values: a string
## Default: <none>
##
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_HMAC_KEY'] }}
hmac_key: \{\{ vault.kv2_field\('env', 'INVID_HMAC_KEY', vault_engine_mount_point) }}
##
## List of video IDs where the "download" widget must be
@@ -1,9 +1,9 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
# IN application vars
IN_APP_URL=https://biz.trez.wtf
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_APP_KEY'] }}
IN_APP_KEY=\{\{ vault.kv2_field\('env', 'IN_APP_KEY', vault_engine_mount_point) }}
IN_APP_DEBUG=true
IN_REQUIRE_HTTPS=false
IN_PHANTOMJS_PDF_GENERATION=false
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
IN_DB_PORT=3306
IN_DB_DATABASE=invoice_ninja
IN_DB_USERNAME=ininja
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_MYSQL_PASSWORD'] }}
IN_DB_PASSWORD=\{\{ vault.kv2_field\('env', 'IN_MYSQL_PASSWORD', vault_engine_mount_point) }}
# Create initial user
# Default to these values if empty
@@ -31,8 +31,8 @@ IN_PASSWORD=
IN_MAIL_MAILER=log
IN_MAIL_HOST=postal-smtp
IN_MAIL_PORT=25
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
IN_MAIL_USERNAME=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
IN_MAIL_PASSWORD=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
IN_MAIL_ENCRYPTION=null
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
IN_MAIL_FROM_NAME='Treasured IT'
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<Config>
<BindAddress>*</BindAddress>
@@ -7,7 +7,7 @@
<SslPort>6868</SslPort>
<EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}</ApiKey>
<ApiKey>\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod>
<Branch>master</Branch>
<LogLevel>trace</LogLevel>
+8 -8
View File
@@ -1,13 +1,13 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"lidarr_address": "http://lidarr:8686",
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
"lidarr_api_key": "\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}",
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/music",
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_ID'] }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
"spotify_client_id": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_ID', vault_engine_mount_point) }}",
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
"fallback_to_top_result": false,
"lidarr_api_timeout": 120.0,
"quality_profile_id": 1,
@@ -17,8 +17,8 @@
"app_name": "lidify",
"app_rev": "0.09",
"app_url": "lidify.trez.wtf",
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
"last_fm_api_key": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"last_fm_api_secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"mode": "LastFM",
"auto_start": false,
"auto_start_delay": 60
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
containers:
# adguard:
# action_keywords:
@@ -44,7 +44,7 @@ global_keywords:
- fatal
notifications:
apprise:
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
# settings are optional because they all have default values
settings:
log_level: INFO # DEBUG, INFO, WARNING, ERROR
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
scheduler:
cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC
retention: 14 # Retains 14 local backups
timeout: 60 # Operation timeout: 60 minutes
target:
uri: mongodb://root:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGO_INITDB_ROOT_PASSWORD'] }}@mongodb:27017/admin?replicaSet=rinoa
uri: mongodb://root:\{\{ vault.kv2_field\('env', 'MONGO_INITDB_ROOT_PASSWORD', vault_engine_mount_point) }}@mongodb:27017/admin?replicaSet=rinoa
noGzip: false # Disable gzip compression (false means compression is enabled)
retry:
@@ -23,8 +23,8 @@ validation:
smtp:
server: postal-stmp
port: 25
username: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
username: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
password: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
from: noreply@trez.wtf
to:
- charish.patel@trez.wtf
+1 -1
View File
@@ -1 +1 @@
{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGODB_REPLICA_SET_KEY'] }}
\{\{ vault.kv2_field\('env', 'MONGODB_REPLICA_SET_KEY', vault_engine_mount_point) }}
@@ -32,8 +32,8 @@
"name": "lastfmSource",
"clients": ["ListenBrainzClient", "malojaClient"],
"data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
}
},
@@ -43,7 +43,7 @@
"name": "listenBrainzSource",
"clients": ["lastFmClient", "malojaClient"],
"data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
"username": "Trez.One"
}
},
@@ -55,7 +55,7 @@
"data": {
"url": "http://navidrome:4533",
"user": "admin",
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}"
"password": "\{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}"
}
}
],
@@ -66,8 +66,8 @@
"enabled": true,
"name": "lastFmClient",
"data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
}
},
@@ -76,7 +76,7 @@
"enabled": true,
"name": "ListenBrainzClient",
"data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
"username": "Trez.One"
}
},
@@ -86,7 +86,7 @@
"name": "malojaClient",
"data": {
"url": "http://maloja:42010",
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_API_KEY'] }}"
"apiKey": "\{\{ vault.kv2_field\('env', 'MALOJA_API_KEY', vault_engine_mount_point) }}"
}
}
],
@@ -96,7 +96,7 @@
"name": "Gotify",
"type": "gotify",
"url": "http://gotify",
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
"token": "\{\{ vault.kv2_field\('env', 'MULTI_SCROBBLER_GOTIFY_TOKEN', vault_engine_mount_point) }}",
"priorities": {
"info": 5,
"warn": 7,
+6 -6
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
version: 2
@@ -18,13 +18,13 @@ web_server:
main_db:
host: mariadb
username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
database: postal
message_db:
host: mariadb
username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
prefix: postal
smtp_server:
@@ -52,11 +52,11 @@ smtp:
host: postal-smtp
port: 25
username: rinoa/postal-smtp
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
password: "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
from_name: Postal @ Rinoa
from_address: noreply@trez.wtf
rails:
# This is generated automatically by the config initialization. It should be a random
# string unique to your installation.
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
secret_key: "\{\{ vault.kv2_field\('env', 'POSTAL_RAILS_SECRET_KEY', vault_engine_mount_point) }}"
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<Config>
<BindAddress>*</BindAddress>
@@ -7,7 +7,7 @@
<SslPort>6969</SslPort>
<EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
<ApiKey>\{\{ vault.kv2_field\('env', 'PROWLARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod>
<AuthenticationRequired>Enabled</AuthenticationRequired>
<Branch>master</Branch>
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
# This is an example configuration file that documents all the options.
# It will need to be modified for your specific use case.
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
@@ -25,7 +25,7 @@ qbt:
# Pass environment variables to the config via !ENV tag
host: qbittorrentvpn:8080
user: admin
pass: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['DELUGEVPN_PASSWORD'] }}
pass: \{\{ vault.kv2_field\('env', 'DELUGEVPN_PASSWORD', vault_engine_mount_point) }}
settings:
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
@@ -222,4 +222,4 @@ apprise:
# Mandatory to fill out the url of your apprise API endpoint
api_url: http://apprise-api:8000
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
notify_url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
notify_url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
+4 -4
View File
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"radarr_address": "http://radarr:7878",
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}",
"radarr_api_key": "\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/movies",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
"fallback_to_top_result": false,
"radarr_api_timeout": 120.0,
"quality_profile_id": 1,
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<Config>
<LogLevel>info</LogLevel>
@@ -8,7 +8,7 @@
<SslCertPath></SslCertPath>
<Port>7878</Port>
<UrlBase></UrlBase>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}</ApiKey>
<ApiKey>\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism>
<SslPort>9898</SslPort>
+6 -6
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
__version__ = 19
__encoding__ = utf-8
@@ -22,7 +22,7 @@ host = 0.0.0.0
port = 8080
https_port = 8090
username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_PASSWORD'] }}
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_PASSWORD', vault_engine_mount_point) }}
bandwidth_max = 1000M
cache_limit = 1G
web_dir = Glitter
@@ -33,7 +33,7 @@ https_chain = ""
enable_https = 1
inet_exposure = 0
local_ranges = ,
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_API_KEY'] }}
api_key = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_API_KEY', vault_engine_mount_point) }}
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
permissions = 775
download_dir = /storage/downloads/incomplete
@@ -342,7 +342,7 @@ host = news.newshosting.com
port = 563
timeout = 60
username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
password = \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
connections = 8
ssl = 1
ssl_verify = 3
@@ -363,7 +363,7 @@ host = news.easynews.com
port = 443
timeout = 60
username = TrezOne
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_EASYNEWS_PASSWORD', vault_engine_mount_point) }}
connections = 60
ssl = 0
ssl_verify = 3
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
bolt-path: /opt/scrutiny/influxdb/influxd.bolt
engine-path: /opt/scrutiny/influxdb/engine
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
general:
# Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
@@ -51,7 +51,7 @@ server:
limiter: false
public_instance: false
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
secret_key: \{\{ vault.kv2_field\('env', 'SEARXNG_SECRET_KEY', vault_engine_mount_point) }} # Is overwritten by ${SEARXNG_SECRET}
image_proxy: true
http_protocol_version: "1.0"
method: "POST"
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
[uwsgi]
# Listening address
# default value: [::]:8080 (see Dockerfile)
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<?xml version="1.0"?>
<clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<?xml version="1.0"?>
<clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<?xml version="1.0"?>
<!--
NOTE: User and query level settings are set up in "users.xml" file.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<functions>
<function>
<type>executable</type>
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<?xml version="1.0"?>
<clickhouse>
<storage_configuration>
@@ -16,8 +16,8 @@
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
-->
<endpoint>http://minio:9000/signoz/data</endpoint>
<access_key_id>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_ACCESS_KEY'] }}</access_key_id>
<secret_access_key>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_SECRET_KEY'] }}</secret_access_key>
<access_key_id>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_ACCESS_KEY', vault_engine_mount_point) }}</access_key_id>
<secret_access_key>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_SECRET_KEY', vault_engine_mount_point) }}</secret_access_key>
<!-- In case of S3, uncomment the below configuration in case you want to read
AWS credentials from the Environment variables if they exist. -->
<!-- <use_environment_credentials>true</use_environment_credentials> -->
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<?xml version="1.0"?>
<clickhouse>
<!-- See also the files in users.d directory where the settings can be overridden. -->
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
<Config>
<LogLevel>info</LogLevel>
@@ -8,7 +8,7 @@
<SslPort>9898</SslPort>
<UrlBase></UrlBase>
<BindAddress>*</BindAddress>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}</ApiKey>
<ApiKey>\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism>
<LaunchBrowser>True</LaunchBrowser>
+4 -4
View File
@@ -1,12 +1,12 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"sonarr_address": "http://192.168.1.2:8989",
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}",
"sonarr_api_key": "\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/shows",
"tvdb_api_key": "",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
"fallback_to_top_result": false,
"sonarr_api_timeout": 120.0,
"quality_profile_id": 1,
+4 -4
View File
@@ -1,8 +1,8 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
[Lidarr]
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}
api_key = \{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}
host_url = http://lidarr:8686
#This should be the path mounted in lidarr that points to your slskd download directory.
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
@@ -10,7 +10,7 @@ download_dir = /storage
[Slskd]
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
api_key = \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
host_url = http://gluetun:5030
#Slskd download directory. Should have set it up when installing Slskd.
download_dir = /app/downloads
+5 -5
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
directories:
incomplete: /app/incomplete
@@ -198,15 +198,15 @@ rooms:
web:
authentication:
username: slskd
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_WEB_PASSSWORD'] }}
password: \{\{ vault.kv2_field\('env', 'SLSKD_WEB_PASSSWORD', vault_engine_mount_point) }}
api_keys:
my_api_key:
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
key: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
role: readwrite
cidr: 0.0.0.0/0,::/0
soulseek:
address: vps.slsknet.org
port: 2271
username: Trez.One
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
password: \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
diagnostic_level: Info
@@ -0,0 +1,47 @@
## Version 2025/07/18
# make sure that your <container_name> container is named <container_name>
# make sure that your dns has a cname set for <container_name>
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name patch.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.1.252;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"always_keep_failed_tasks": true,
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
ydl_server: # youtube-dl-server specific settings
port: 8080 # Port youtube-dl-server should listen on
@@ -1,7 +1,7 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'benedikta-docker/env' %}
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{
"api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='benedikta-docker', url=vault_addr, token=vault_token)['secret']['HOME_ASSISTANT_LONG_LIVED_TOKEN'] }}",
"api_key": "{{ vault.kv2_field('env', 'HOME_ASSISTANT_LONG_LIVED_TOKEN', vault_engine_mount_point) }}",
"host": "192.168.1.252:8123",
"__mycroft_skill_firstrun": false
}
+18 -10
View File
@@ -3,14 +3,22 @@
template_base_path: "{{ playbook_dir }}/app-configs"
# Vault server address
vault_addr: "https://vault.trez.wtf"
vault_token: !vault |
vault_env: "env"
ansible_hashi_vault_url: "https://vault.trez.wtf"
ansible_hashi_vault_auth_method: "approle"
ansible_hashi_vault_role_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
33356331366463343032656164363437313263623962303365306632336362353038653738336338
3261303838386531653661353231343361316566633531300a326637636135383832386466656235
32316564653863346336316331306130333739663832613536323264336530383834323461313064
6639383633643866310a343332616235343462346436373035636266636239346438346633303932
64383135616261326466643661356539346233633639343865303964366236373161393764353838
65633631346166323961393532393133353838393332663963383566663136613232383662626165
63643838306332373237393938326131633838613331363663653638623830633364373464376463
39623034306164393863343133313135653839363236613232663563346334303333313634333334
6635
30363130386561646336636635623233636561653537343264396430646133653162633465656534
3530623161663966623438303363313361303833313030610a363831666334666633313437323965
33666235306361333935316330623830393561636361316635653036636632623637316334616536
3662346361333537340a323334386666353265623130343234396565646532303365646236636466
33393539336230373764363865313863373733313563313966376435383938336635666536643439
6531303137623765343263303534633562643435393864313662
ansible_hashi_vault_secret_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
65303663656662666661663939343535336163366537623261346332353130613664633261376131
6264313136653263333938383866626432633262313764330a393130353566626433333036313965
61666565633561383862373231646462353336316430613561663031383930313232646263623065
3033313738363866390a636539346337333066616434653633333339343961303935643766633034
61356234643138313330313466383462396338306238396230386139396230383131343766313830
3761346335636564373637353364333935653934393532373833
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
39333338306565383435326465386366356164643834303431623961653731303139633332326133
6561653432656462330a303966633132366637633235316631353839383331333765336237353135
39363465623933393535643862316262303333363038636634326233316636396666
secrets_path: aranea-docker/env
vault_engine_mount_point: aranea-docker/env
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
66376165623634653966313033613230306365393334663334363730653330313031326231383739
3036633032376133370a316463653162633566303363376631383033396234383366633737383066
35393931393132323062386262623966646139613838373536313631643330313761
secrets_path: benedikta-docker/env
vault_engine_mount_point: benedikta-docker/env
+1 -1
View File
@@ -1,2 +1,2 @@
appdata_base_path: /home/pi/.config/docker
secrets_path: rikku-docker/env
vault_engine_mount_point: rikku-docker/env
+1 -1
View File
@@ -6,7 +6,7 @@ ansible_become_password: !vault |
31623863633966303738643733643633353265396264613734333461643862663965663230663437
6136373035303834630a653263626365623838363236303931643565656232326536643239653238
64313034313663653332343464383565383964373438663661346538366636323162
secrets_path: rinoa-docker/env
vault_engine_mount_point: rinoa-docker
file_metadata:
"hashicorp-vault/config/vault-config.hcl.j2":
owner: "100"
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
64623239343238363763386466626632383230633062383263323433353634373539373861383038
3837383436363138330a653566653731653065343538363733353432646136336335643666376133
31623634636561636635396136636538613338313862396439376435613337373637
secrets_path: ultima-docker/env
vault_engine_mount_point: ultima-docker
+3
View File
@@ -117,6 +117,9 @@
loop_control:
label: "{{ item }}"
- debug:
msg: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker')['secret']['AUTHELIA_SESSION_SECRET'] }}"
- name: Deploy template files
ansible.builtin.template:
src: "{{ item.src }}"