Auto Merge of PR 97 - patchmon-proxy-conf_2026-05-19T15-38-07
Merged by Trez.One
This commit was merged in pull request #97.
This commit is contained in:
@@ -4,3 +4,4 @@ collections_path = ./collections
|
||||
host_key_checking = False
|
||||
retry_files_enabled = False
|
||||
strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy
|
||||
strategy = mitogen_free
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{% macro kv2_field(term, field, mount_point) -%}
|
||||
{{ lookup(
|
||||
'community.hashi_vault.vault_kv2_get',
|
||||
term,
|
||||
engine_mount_point=mount_point
|
||||
)['secret'][field] }}
|
||||
{%- endmacro %}
|
||||
@@ -1,11 +1,11 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
name: mariadb-backup
|
||||
description: "Backup of all databases from MariaDB container"
|
||||
schedule: "30 23 * * *"
|
||||
|
||||
env:
|
||||
MARIADB_ROOT_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD'] }}
|
||||
MARIADB_ROOT_PASSWORD: \{\{ vault.kv2_field\('env', 'MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD', vault_engine_mount_point) }}
|
||||
|
||||
steps:
|
||||
- name: list-all-databases
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rikku-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
http:
|
||||
pprof:
|
||||
@@ -9,7 +9,7 @@ http:
|
||||
session_ttl: 720h
|
||||
users:
|
||||
- name: admin
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rikku-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
|
||||
auth_attempts: 5
|
||||
block_auth_min: 15
|
||||
http_proxy: ""
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
http:
|
||||
pprof:
|
||||
@@ -9,7 +9,7 @@ http:
|
||||
session_ttl: 720h
|
||||
users:
|
||||
- name: admin
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
|
||||
auth_attempts: 5
|
||||
block_auth_min: 15
|
||||
http_proxy: ""
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
urls:
|
||||
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
||||
- hassio://192.168.1.252/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_HA_TOKEN'] }}
|
||||
- mailto://postal-smtp:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@postal-smtp:25?from=noreply@trez.wtf
|
||||
- gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
|
||||
- hassio://192.168.1.252/\{\{ vault.kv2_field\('env', 'APPRISE_HA_TOKEN', vault_engine_mount_point) }}
|
||||
- mailto://postal-smtp:\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}@postal-smtp:25?from=noreply@trez.wtf
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
|
||||
---
|
||||
@@ -64,11 +64,11 @@ authentication_backend:
|
||||
mail: mail
|
||||
display_name: displayName
|
||||
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
||||
password: "{{ vault.kv2_field('env', 'AUTHELIA_AUTH_BIND_LDAP_PASSWORD', vault_engine_mount_point) }}"
|
||||
refresh_interval: 5m
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_JWT_SECRET'] }}'
|
||||
jwt_secret: "{{ vault.kv2_field('env', 'AUTHELIA_JWT_SECRET', vault_engine_mount_point) }}"
|
||||
password_policy:
|
||||
standard:
|
||||
enabled: true
|
||||
@@ -92,7 +92,7 @@ access_control:
|
||||
rules:
|
||||
- domain_regex:
|
||||
- '^trez.wtf$'
|
||||
- ^www.trez.wtf$''
|
||||
- ^www.trez.wtf$'
|
||||
policy: bypass
|
||||
- domain: '*.trez.wtf'
|
||||
policy: bypass
|
||||
@@ -112,7 +112,7 @@ access_control:
|
||||
policy: bypass
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
||||
secret: "{{ vault.kv2_field('env', 'AUTHELIA_SESSION_SECRET', vault_engine_mount_point) }}"
|
||||
expiration: 1h
|
||||
inactivity: 5m
|
||||
remember_me: 1M
|
||||
@@ -124,12 +124,12 @@ session:
|
||||
port: 6379
|
||||
database_index: 0
|
||||
storage:
|
||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
||||
encryption_key: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', vault_engine_mount_point) }}"
|
||||
postgres:
|
||||
address: 'tcp://authelia-pg:5432'
|
||||
database: authelia
|
||||
username: authelia
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
||||
password: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', vault_engine_mount_point) }}"
|
||||
timeout: '5s'
|
||||
regulation:
|
||||
max_retries: 3
|
||||
@@ -140,8 +140,8 @@ notifier:
|
||||
smtp:
|
||||
address: 'smtp://postal-smtp:25'
|
||||
timeout: '5s'
|
||||
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
|
||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
||||
username: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}"
|
||||
password: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||
sender: "Authelia <noreply@trez.wtf>"
|
||||
identifier: 'localhost'
|
||||
subject: "[Authelia] {title}"
|
||||
@@ -151,10 +151,10 @@ notifier:
|
||||
disable_html_emails: false
|
||||
identity_providers:
|
||||
oidc:
|
||||
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
||||
hmac_secret: "{{ vault.kv2_field('env', 'AUTHELIA_OIDC_HMAC_SECRET', vault_engine_mount_point) }}"
|
||||
jwks:
|
||||
- key: |
|
||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
|
||||
{{ vault.kv2_field('env', 'AUTHELIA_OIDC_JWKS_KEY', vault_engine_mount_point) | replace("\\n", "\n") | indent(10) }}
|
||||
cors:
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
endpoints:
|
||||
@@ -166,7 +166,7 @@ identity_providers:
|
||||
clients:
|
||||
- client_id: 'netbird'
|
||||
client_name: 'NetBird'
|
||||
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
||||
client_secret: "{{ vault.kv2_field('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET', vault_engine_mount_point) }}"
|
||||
public: false
|
||||
authorization_policy: 'two_factor'
|
||||
redirect_uris:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
source: journalctl
|
||||
journalctl_filter:
|
||||
- "--directory=/var/log/host/"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
common:
|
||||
daemonize: false
|
||||
log_media: stdout
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
url: http://0.0.0.0:8080
|
||||
login: localhost
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_LOCAL_API_KEY'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_LOCAL_API_KEY', vault_engine_mount_point) }}
|
||||
@@ -1,6 +1,6 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
url: https://api.crowdsec.net/
|
||||
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
||||
login: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
|
||||
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
name: default_ip_remediation
|
||||
#debug: true
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
EXPLO_SYSTEM: subsonic
|
||||
SYSTEM_URL: http://navidrome:4533
|
||||
SYSTEM_USERNAME: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_USERNAME'] }}
|
||||
SYSTEM_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}
|
||||
SYSTEM_USERNAME: \{\{ vault.kv2_field\('env', 'NAVIDROME_USERNAME', vault_engine_mount_point) }}
|
||||
SYSTEM_PASSWORD: \{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}
|
||||
DOWNLOAD_DIR: /downloads
|
||||
PLAYLIST_DIR: /playlists
|
||||
LISTENBRAINZ_USER: Trez.One
|
||||
YOUTUBE_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUTUBE_DATA_API_V3_KEY'] }}
|
||||
YOUTUBE_API_KEY: \{\{ vault.kv2_field\('env', 'YOUTUBE_DATA_API_V3_KEY', vault_engine_mount_point) }}
|
||||
SLSKD_URL: http://gluetun:5030
|
||||
SLSK_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
||||
SLSK_API_KEY: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||
DOWNLOAD_SERVICES:
|
||||
# Assign a custom path to yt-dlp
|
||||
# YTDLP_PATH=
|
||||
|
||||
@@ -9,7 +9,7 @@ compression_level = 10
|
||||
|
||||
rpc_bind_addr = "[::]:3901"
|
||||
rpc_public_addr = "localhost:3901"
|
||||
rpc_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_RPC_SECRET'] }}"
|
||||
rpc_secret = "\{\{ vault.kv2_field\('env', 'GARAGE_RPC_SECRET', vault_engine_mount_point) }}"
|
||||
|
||||
[s3_api]
|
||||
s3_region = "us-east-fh-pln"
|
||||
@@ -22,5 +22,5 @@ root_domain = ".garage.trez.wtf"
|
||||
|
||||
[admin]
|
||||
api_bind_addr = "[::]:3903"
|
||||
admin_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_ADMIN_TOKEN'] }}"
|
||||
metrics_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_METRICS_TOKEN'] }}"
|
||||
admin_token = "\{\{ vault.kv2_field\('env', 'GARAGE_ADMIN_TOKEN', vault_engine_mount_point) }}"
|
||||
metrics_token = "\{\{ vault.kv2_field\('env', 'GARAGE_METRICS_TOKEN', vault_engine_mount_point) }}"
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
{
|
||||
"url": "blog.trez.wtf",
|
||||
@@ -9,7 +9,7 @@
|
||||
"host" : "mariadb",
|
||||
"port" : 3306,
|
||||
"user" : "ghost",
|
||||
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GHOST_DB_PASSWORD'] }}",
|
||||
"password" : "\{\{ vault.kv2_field\('env', 'GHOST_DB_PASSWORD', vault_engine_mount_point) }}",
|
||||
"database" : "ghost_db"
|
||||
}
|
||||
},
|
||||
@@ -21,8 +21,8 @@
|
||||
"port": 25,
|
||||
"secure": false,
|
||||
"auth": {
|
||||
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
|
||||
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
||||
"user": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}",
|
||||
"pass": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
APP_NAME = Gitea: Git with a cup of tea
|
||||
RUN_MODE = prod
|
||||
@@ -27,7 +27,7 @@ DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_LFS_JWT_SECRET'] }}
|
||||
LFS_JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_LFS_JWT_SECRET', vault_engine_mount_point) }}
|
||||
OFFLINE_MODE = true
|
||||
|
||||
[database]
|
||||
@@ -36,7 +36,7 @@ DB_TYPE = postgres
|
||||
HOST = gitea-db:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_PG_DB_PASSWORD'] }}
|
||||
PASSWD = \{\{ vault.kv2_field\('env', 'GITEA_PG_DB_PASSWORD', vault_engine_mount_point) }}
|
||||
LOG_SQL = false
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
|
||||
SECRET_KEY =
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_INTERNAL_TOKEN'] }}
|
||||
INTERNAL_TOKEN = \{\{ vault.kv2_field\('env', 'GITEA_INTERNAL_TOKEN', vault_engine_mount_point) }}
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
||||
|
||||
[service]
|
||||
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
|
||||
PATH = /data/git/lfs
|
||||
|
||||
[mailer]
|
||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||
PASSWD = \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||
PROTOCOL = smtp
|
||||
ENABLED = true
|
||||
FROM = '"Gitea" <noreply@trez.wtf>'
|
||||
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
|
||||
DEFAULT_TRUST_MODEL = committer
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
|
||||
JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_OAUTH2_JWT_SECRET', vault_engine_mount_point) }}
|
||||
|
||||
[ui]
|
||||
THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
||||
gitea:
|
||||
@@ -9,7 +9,7 @@ gitea:
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Read project" permissions with access to "Pull Requests"
|
||||
token:
|
||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
||||
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_TOKEN', vault_engine_mount_point) }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/gitea/token
|
||||
|
||||
@@ -18,7 +18,7 @@ gitea:
|
||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
||||
webhook:
|
||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
||||
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET', vault_engine_mount_point) }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# secretFile: /path/to/gitea/webhook/secret
|
||||
|
||||
@@ -35,7 +35,7 @@ sonarqube:
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Browse on project" permissions
|
||||
token:
|
||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
||||
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_TOKEN', vault_engine_mount_point) }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/sonarqube/token
|
||||
|
||||
@@ -45,7 +45,7 @@ sonarqube:
|
||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
||||
# validated.
|
||||
webhook:
|
||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
||||
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET', vault_engine_mount_point) }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# secretFile: /path/to/sonarqube/webhook/secret
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
@@ -20,6 +20,25 @@
|
||||
# href: http://localhost/
|
||||
# description: Homepage is 😎
|
||||
|
||||
- System Administration:
|
||||
- PatchMon
|
||||
href: https://patch.trez.wtf
|
||||
description: Patch management for *NIX and Windows
|
||||
icon: patchmon.svg
|
||||
weight: 0
|
||||
widget:
|
||||
type: customapi
|
||||
url: http://192.168.1.252:3000/api/v1/gethomepage/stats
|
||||
headers:
|
||||
Authorization: Basic \{\{ vault.kv2_field\('env', 'PATCHMON_API_BASE64_CREDS', vault_engine_mount_point) }}
|
||||
mappings:
|
||||
- field: total_hosts
|
||||
label: Total Hosts
|
||||
- field: hosts_needing_updates
|
||||
label: Needs Updates
|
||||
- field: security_updates
|
||||
label: Security Updates
|
||||
|
||||
- Automation:
|
||||
- Home Assistant (Rikku):
|
||||
href: https://ha.trez.wtf
|
||||
@@ -29,7 +48,7 @@
|
||||
widget:
|
||||
type: homeassistant
|
||||
url: http://192.168.1.252:8123
|
||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
|
||||
key: \{\{ vault.kv2_field\('env', 'HOMEPAGE_HOME_ASSISTANT_API_KEY', vault_engine_mount_point) }}
|
||||
|
||||
- Media Library:
|
||||
- Audiomuse:
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
# https://gethomepage.dev/en/configs/settings
|
||||
|
||||
providers:
|
||||
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
||||
openweathermap: \{\{ vault.kv2_field\('env', 'HOMEPAGE_OPENWEATHERMAP_API_KEY', vault_engine_mount_point) }}
|
||||
# weatherapi: weatherapiapikey
|
||||
title: Rinoa Dashboard (trez.WTF)
|
||||
headerStyle: underlined
|
||||
@@ -23,7 +23,7 @@ provider: duckduckgo
|
||||
layout:
|
||||
System Administration:
|
||||
style: row
|
||||
columns: 5
|
||||
columns: 4
|
||||
Infrastructure/App Performance Monitoring:
|
||||
style: row
|
||||
columns: 5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
---
|
||||
# For configuration options and examples, please see:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
#########################################
|
||||
#
|
||||
# Database and other external servers
|
||||
@@ -15,7 +15,7 @@ db:
|
||||
host: invidious-db
|
||||
port: 5432
|
||||
dbname: invidious
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PG_DB_PASSWORD'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'INVID_PG_DB_PASSWORD', vault_engine_mount_point) }}
|
||||
|
||||
##
|
||||
## Database configuration using a single URI. This is an
|
||||
@@ -88,7 +88,7 @@ check_tables: true
|
||||
invidious_companion:
|
||||
- private_url: "http://invidious-companion:8282"
|
||||
# # Uncomment for advanced reverse proxy configuration (see above).
|
||||
- public_url: https://invid.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MY_TLD'] }}/companion
|
||||
- public_url: https://invid.\{\{ vault.kv2_field\('env', 'MY_TLD', vault_engine_mount_point) }}/companion
|
||||
|
||||
##
|
||||
## API key for Invidious companion, used for securing the communication
|
||||
@@ -103,7 +103,7 @@ invidious_companion:
|
||||
## Accepted values: a string (of length 16)
|
||||
## Default: <none>
|
||||
##
|
||||
invidious_companion_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_COMPANION_KEY'] }}
|
||||
invidious_companion_key: \{\{ vault.kv2_field\('env', 'INVID_COMPANION_KEY', vault_engine_mount_point) }}
|
||||
|
||||
#########################################
|
||||
#
|
||||
@@ -271,8 +271,8 @@ https_only: false
|
||||
## Accepted values: String
|
||||
## Default: <none>
|
||||
##
|
||||
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PO_TOKEN'] }}
|
||||
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_VISITOR_DATA'] }}
|
||||
po_token: \{\{ vault.kv2_field\('env', 'INVID_PO_TOKEN', vault_engine_mount_point) }}
|
||||
visitor_data: \{\{ vault.kv2_field\('env', 'INVID_VISITOR_DATA', vault_engine_mount_point) }}
|
||||
|
||||
# -----------------------------
|
||||
# Logging
|
||||
@@ -532,7 +532,7 @@ jobs:
|
||||
## Accepted values: a string
|
||||
## Default: <none>
|
||||
##
|
||||
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_HMAC_KEY'] }}
|
||||
hmac_key: \{\{ vault.kv2_field\('env', 'INVID_HMAC_KEY', vault_engine_mount_point) }}
|
||||
|
||||
##
|
||||
## List of video IDs where the "download" widget must be
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
# IN application vars
|
||||
IN_APP_URL=https://biz.trez.wtf
|
||||
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_APP_KEY'] }}
|
||||
IN_APP_KEY=\{\{ vault.kv2_field\('env', 'IN_APP_KEY', vault_engine_mount_point) }}
|
||||
IN_APP_DEBUG=true
|
||||
IN_REQUIRE_HTTPS=false
|
||||
IN_PHANTOMJS_PDF_GENERATION=false
|
||||
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
|
||||
IN_DB_PORT=3306
|
||||
IN_DB_DATABASE=invoice_ninja
|
||||
IN_DB_USERNAME=ininja
|
||||
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_MYSQL_PASSWORD'] }}
|
||||
IN_DB_PASSWORD=\{\{ vault.kv2_field\('env', 'IN_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||
|
||||
# Create initial user
|
||||
# Default to these values if empty
|
||||
@@ -31,8 +31,8 @@ IN_PASSWORD=
|
||||
IN_MAIL_MAILER=log
|
||||
IN_MAIL_HOST=postal-smtp
|
||||
IN_MAIL_PORT=25
|
||||
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
||||
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||
IN_MAIL_USERNAME=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
|
||||
IN_MAIL_PASSWORD=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||
IN_MAIL_ENCRYPTION=null
|
||||
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
||||
IN_MAIL_FROM_NAME='Treasured IT'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
<Config>
|
||||
<BindAddress>*</BindAddress>
|
||||
@@ -7,7 +7,7 @@
|
||||
<SslPort>6868</SslPort>
|
||||
<EnableSsl>False</EnableSsl>
|
||||
<LaunchBrowser>True</LaunchBrowser>
|
||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}</ApiKey>
|
||||
<ApiKey>\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||
<Branch>master</Branch>
|
||||
<LogLevel>trace</LogLevel>
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
{
|
||||
"lidarr_address": "http://lidarr:8686",
|
||||
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}",
|
||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
||||
"lidarr_api_key": "\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}",
|
||||
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
|
||||
"root_folder_path": "/data/media/music",
|
||||
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_ID'] }}",
|
||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
||||
"spotify_client_id": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_ID', vault_engine_mount_point) }}",
|
||||
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
|
||||
"fallback_to_top_result": false,
|
||||
"lidarr_api_timeout": 120.0,
|
||||
"quality_profile_id": 1,
|
||||
@@ -17,8 +17,8 @@
|
||||
"app_name": "lidify",
|
||||
"app_rev": "0.09",
|
||||
"app_url": "lidify.trez.wtf",
|
||||
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
||||
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"last_fm_api_key": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||
"last_fm_api_secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||
"mode": "LastFM",
|
||||
"auto_start": false,
|
||||
"auto_start_delay": 60
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
containers:
|
||||
# adguard:
|
||||
# action_keywords:
|
||||
@@ -44,7 +44,7 @@ global_keywords:
|
||||
- fatal
|
||||
notifications:
|
||||
apprise:
|
||||
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
||||
url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
||||
# settings are optional because they all have default values
|
||||
settings:
|
||||
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
scheduler:
|
||||
cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC
|
||||
retention: 14 # Retains 14 local backups
|
||||
timeout: 60 # Operation timeout: 60 minutes
|
||||
target:
|
||||
uri: mongodb://root:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGO_INITDB_ROOT_PASSWORD'] }}@mongodb:27017/admin?replicaSet=rinoa
|
||||
uri: mongodb://root:\{\{ vault.kv2_field\('env', 'MONGO_INITDB_ROOT_PASSWORD', vault_engine_mount_point) }}@mongodb:27017/admin?replicaSet=rinoa
|
||||
noGzip: false # Disable gzip compression (false means compression is enabled)
|
||||
|
||||
retry:
|
||||
@@ -23,8 +23,8 @@ validation:
|
||||
smtp:
|
||||
server: postal-stmp
|
||||
port: 25
|
||||
username: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||
username: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
|
||||
password: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||
from: noreply@trez.wtf
|
||||
to:
|
||||
- charish.patel@trez.wtf
|
||||
|
||||
@@ -1 +1 @@
|
||||
{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGODB_REPLICA_SET_KEY'] }}
|
||||
\{\{ vault.kv2_field\('env', 'MONGODB_REPLICA_SET_KEY', vault_engine_mount_point) }}
|
||||
@@ -32,8 +32,8 @@
|
||||
"name": "lastfmSource",
|
||||
"clients": ["ListenBrainzClient", "malojaClient"],
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
||||
}
|
||||
},
|
||||
@@ -43,7 +43,7 @@
|
||||
"name": "listenBrainzSource",
|
||||
"clients": ["lastFmClient", "malojaClient"],
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
},
|
||||
@@ -55,7 +55,7 @@
|
||||
"data": {
|
||||
"url": "http://navidrome:4533",
|
||||
"user": "admin",
|
||||
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}"
|
||||
"password": "\{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}"
|
||||
}
|
||||
}
|
||||
],
|
||||
@@ -66,8 +66,8 @@
|
||||
"enabled": true,
|
||||
"name": "lastFmClient",
|
||||
"data": {
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
||||
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
||||
}
|
||||
},
|
||||
@@ -76,7 +76,7 @@
|
||||
"enabled": true,
|
||||
"name": "ListenBrainzClient",
|
||||
"data": {
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
||||
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
|
||||
"username": "Trez.One"
|
||||
}
|
||||
},
|
||||
@@ -86,7 +86,7 @@
|
||||
"name": "malojaClient",
|
||||
"data": {
|
||||
"url": "http://maloja:42010",
|
||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_API_KEY'] }}"
|
||||
"apiKey": "\{\{ vault.kv2_field\('env', 'MALOJA_API_KEY', vault_engine_mount_point) }}"
|
||||
}
|
||||
}
|
||||
],
|
||||
@@ -96,7 +96,7 @@
|
||||
"name": "Gotify",
|
||||
"type": "gotify",
|
||||
"url": "http://gotify",
|
||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
||||
"token": "\{\{ vault.kv2_field\('env', 'MULTI_SCROBBLER_GOTIFY_TOKEN', vault_engine_mount_point) }}",
|
||||
"priorities": {
|
||||
"info": 5,
|
||||
"warn": 7,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
version: 2
|
||||
|
||||
@@ -18,13 +18,13 @@ web_server:
|
||||
main_db:
|
||||
host: mariadb
|
||||
username: postal
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||
database: postal
|
||||
|
||||
message_db:
|
||||
host: mariadb
|
||||
username: postal
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||
prefix: postal
|
||||
|
||||
smtp_server:
|
||||
@@ -52,11 +52,11 @@ smtp:
|
||||
host: postal-smtp
|
||||
port: 25
|
||||
username: rinoa/postal-smtp
|
||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
||||
password: "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||
from_name: Postal @ Rinoa
|
||||
from_address: noreply@trez.wtf
|
||||
|
||||
rails:
|
||||
# This is generated automatically by the config initialization. It should be a random
|
||||
# string unique to your installation.
|
||||
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
|
||||
secret_key: "\{\{ vault.kv2_field\('env', 'POSTAL_RAILS_SECRET_KEY', vault_engine_mount_point) }}"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
<Config>
|
||||
<BindAddress>*</BindAddress>
|
||||
@@ -7,7 +7,7 @@
|
||||
<SslPort>6969</SslPort>
|
||||
<EnableSsl>False</EnableSsl>
|
||||
<LaunchBrowser>True</LaunchBrowser>
|
||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
|
||||
<ApiKey>\{\{ vault.kv2_field\('env', 'PROWLARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
||||
<Branch>master</Branch>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
# This is an example configuration file that documents all the options.
|
||||
# It will need to be modified for your specific use case.
|
||||
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
|
||||
@@ -25,7 +25,7 @@ qbt:
|
||||
# Pass environment variables to the config via !ENV tag
|
||||
host: qbittorrentvpn:8080
|
||||
user: admin
|
||||
pass: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['DELUGEVPN_PASSWORD'] }}
|
||||
pass: \{\{ vault.kv2_field\('env', 'DELUGEVPN_PASSWORD', vault_engine_mount_point) }}
|
||||
|
||||
settings:
|
||||
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
|
||||
@@ -222,4 +222,4 @@ apprise:
|
||||
# Mandatory to fill out the url of your apprise API endpoint
|
||||
api_url: http://apprise-api:8000
|
||||
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
|
||||
notify_url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
||||
notify_url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
|
||||
@@ -1,11 +1,11 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
{
|
||||
"radarr_address": "http://radarr:7878",
|
||||
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}",
|
||||
"radarr_api_key": "\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}",
|
||||
"root_folder_path": "/data/media/movies",
|
||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
|
||||
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
|
||||
"fallback_to_top_result": false,
|
||||
"radarr_api_timeout": 120.0,
|
||||
"quality_profile_id": 1,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
<Config>
|
||||
<LogLevel>info</LogLevel>
|
||||
@@ -8,7 +8,7 @@
|
||||
<SslCertPath></SslCertPath>
|
||||
<Port>7878</Port>
|
||||
<UrlBase></UrlBase>
|
||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}</ApiKey>
|
||||
<ApiKey>\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||
<UpdateMechanism>Docker</UpdateMechanism>
|
||||
<SslPort>9898</SslPort>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
__version__ = 19
|
||||
__encoding__ = utf-8
|
||||
@@ -22,7 +22,7 @@ host = 0.0.0.0
|
||||
port = 8080
|
||||
https_port = 8090
|
||||
username = thetrezuredone
|
||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_PASSWORD'] }}
|
||||
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_PASSWORD', vault_engine_mount_point) }}
|
||||
bandwidth_max = 1000M
|
||||
cache_limit = 1G
|
||||
web_dir = Glitter
|
||||
@@ -33,7 +33,7 @@ https_chain = ""
|
||||
enable_https = 1
|
||||
inet_exposure = 0
|
||||
local_ranges = ,
|
||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_API_KEY'] }}
|
||||
api_key = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_API_KEY', vault_engine_mount_point) }}
|
||||
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
||||
permissions = 775
|
||||
download_dir = /storage/downloads/incomplete
|
||||
@@ -342,7 +342,7 @@ host = news.newshosting.com
|
||||
port = 563
|
||||
timeout = 60
|
||||
username = thetrezuredone
|
||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
|
||||
password = \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
|
||||
connections = 8
|
||||
ssl = 1
|
||||
ssl_verify = 3
|
||||
@@ -363,7 +363,7 @@ host = news.easynews.com
|
||||
port = 443
|
||||
timeout = 60
|
||||
username = TrezOne
|
||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
|
||||
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_EASYNEWS_PASSWORD', vault_engine_mount_point) }}
|
||||
connections = 60
|
||||
ssl = 0
|
||||
ssl_verify = 3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
bolt-path: /opt/scrutiny/influxdb/influxd.bolt
|
||||
engine-path: /opt/scrutiny/influxdb/engine
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
general:
|
||||
# Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
|
||||
@@ -51,7 +51,7 @@ server:
|
||||
limiter: false
|
||||
public_instance: false
|
||||
|
||||
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
|
||||
secret_key: \{\{ vault.kv2_field\('env', 'SEARXNG_SECRET_KEY', vault_engine_mount_point) }} # Is overwritten by ${SEARXNG_SECRET}
|
||||
image_proxy: true
|
||||
http_protocol_version: "1.0"
|
||||
method: "POST"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
[uwsgi]
|
||||
# Listening address
|
||||
# default value: [::]:8080 (see Dockerfile)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<clickhouse>
|
||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<clickhouse>
|
||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<!--
|
||||
NOTE: User and query level settings are set up in "users.xml" file.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<functions>
|
||||
<function>
|
||||
<type>executable</type>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<clickhouse>
|
||||
<storage_configuration>
|
||||
@@ -16,8 +16,8 @@
|
||||
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
|
||||
-->
|
||||
<endpoint>http://minio:9000/signoz/data</endpoint>
|
||||
<access_key_id>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_ACCESS_KEY'] }}</access_key_id>
|
||||
<secret_access_key>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_SECRET_KEY'] }}</secret_access_key>
|
||||
<access_key_id>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_ACCESS_KEY', vault_engine_mount_point) }}</access_key_id>
|
||||
<secret_access_key>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_SECRET_KEY', vault_engine_mount_point) }}</secret_access_key>
|
||||
<!-- In case of S3, uncomment the below configuration in case you want to read
|
||||
AWS credentials from the Environment variables if they exist. -->
|
||||
<!-- <use_environment_credentials>true</use_environment_credentials> -->
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<clickhouse>
|
||||
<!-- See also the files in users.d directory where the settings can be overridden. -->
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
<Config>
|
||||
<LogLevel>info</LogLevel>
|
||||
@@ -8,7 +8,7 @@
|
||||
<SslPort>9898</SslPort>
|
||||
<UrlBase></UrlBase>
|
||||
<BindAddress>*</BindAddress>
|
||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}</ApiKey>
|
||||
<ApiKey>\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||
<UpdateMechanism>Docker</UpdateMechanism>
|
||||
<LaunchBrowser>True</LaunchBrowser>
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
{
|
||||
"sonarr_address": "http://192.168.1.2:8989",
|
||||
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}",
|
||||
"sonarr_api_key": "\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}",
|
||||
"root_folder_path": "/data/media/shows",
|
||||
"tvdb_api_key": "",
|
||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
|
||||
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
|
||||
"fallback_to_top_result": false,
|
||||
"sonarr_api_timeout": 120.0,
|
||||
"quality_profile_id": 1,
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
[Lidarr]
|
||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}
|
||||
api_key = \{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}
|
||||
host_url = http://lidarr:8686
|
||||
#This should be the path mounted in lidarr that points to your slskd download directory.
|
||||
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
||||
@@ -10,7 +10,7 @@ download_dir = /storage
|
||||
|
||||
[Slskd]
|
||||
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
||||
api_key = \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||
host_url = http://gluetun:5030
|
||||
#Slskd download directory. Should have set it up when installing Slskd.
|
||||
download_dir = /app/downloads
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
directories:
|
||||
incomplete: /app/incomplete
|
||||
@@ -198,15 +198,15 @@ rooms:
|
||||
web:
|
||||
authentication:
|
||||
username: slskd
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_WEB_PASSSWORD'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'SLSKD_WEB_PASSSWORD', vault_engine_mount_point) }}
|
||||
api_keys:
|
||||
my_api_key:
|
||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
||||
key: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||
role: readwrite
|
||||
cidr: 0.0.0.0/0,::/0
|
||||
soulseek:
|
||||
address: vps.slsknet.org
|
||||
port: 2271
|
||||
username: Trez.One
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
|
||||
password: \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
|
||||
diagnostic_level: Info
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
## Version 2025/07/18
|
||||
# make sure that your <container_name> container is named <container_name>
|
||||
# make sure that your dns has a cname set for <container_name>
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
# listen 443 quic;
|
||||
listen [::]:443 ssl;
|
||||
# listen [::]:443 quic;
|
||||
|
||||
server_name patch.*;
|
||||
|
||||
include /config/nginx/ssl.conf;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
# enable for ldap auth (requires ldap-location.conf in the location block)
|
||||
#include /config/nginx/ldap-server.conf;
|
||||
|
||||
# enable for Authelia (requires authelia-location.conf in the location block)
|
||||
#include /config/nginx/authelia-server.conf;
|
||||
# enable for Authentik (requires authentik-location.conf in the location block)
|
||||
#include /config/nginx/authentik-server.conf;
|
||||
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
|
||||
#include /config/nginx/tinyauth-server.conf;
|
||||
location / {
|
||||
# enable the next two lines for http auth
|
||||
#auth_basic "Restricted";
|
||||
#auth_basic_user_file /config/nginx/.htpasswd;
|
||||
|
||||
# enable for ldap auth (requires ldap-server.conf in the server block)
|
||||
#include /config/nginx/ldap-location.conf;
|
||||
|
||||
# enable for Authelia (requires authelia-server.conf in the server block)
|
||||
#include /config/nginx/authelia-location.conf;
|
||||
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||
#include /config/nginx/authentik-location.conf;
|
||||
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
|
||||
#include /config/nginx/tinyauth-location.conf;
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_app 192.168.1.252;
|
||||
set $upstream_port 3000;
|
||||
set $upstream_proto http;
|
||||
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
{
|
||||
"always_keep_failed_tasks": true,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
|
||||
ydl_server: # youtube-dl-server specific settings
|
||||
port: 8080 # Port youtube-dl-server should listen on
|
||||
|
||||
+3
-3
@@ -1,7 +1,7 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'benedikta-docker/env' %}
|
||||
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||
|
||||
{
|
||||
"api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='benedikta-docker', url=vault_addr, token=vault_token)['secret']['HOME_ASSISTANT_LONG_LIVED_TOKEN'] }}",
|
||||
"api_key": "{{ vault.kv2_field('env', 'HOME_ASSISTANT_LONG_LIVED_TOKEN', vault_engine_mount_point) }}",
|
||||
"host": "192.168.1.252:8123",
|
||||
"__mycroft_skill_firstrun": false
|
||||
}
|
||||
+18
-10
@@ -3,14 +3,22 @@
|
||||
template_base_path: "{{ playbook_dir }}/app-configs"
|
||||
# Vault server address
|
||||
vault_addr: "https://vault.trez.wtf"
|
||||
vault_token: !vault |
|
||||
vault_env: "env"
|
||||
ansible_hashi_vault_url: "https://vault.trez.wtf"
|
||||
ansible_hashi_vault_auth_method: "approle"
|
||||
ansible_hashi_vault_role_id: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
33356331366463343032656164363437313263623962303365306632336362353038653738336338
|
||||
3261303838386531653661353231343361316566633531300a326637636135383832386466656235
|
||||
32316564653863346336316331306130333739663832613536323264336530383834323461313064
|
||||
6639383633643866310a343332616235343462346436373035636266636239346438346633303932
|
||||
64383135616261326466643661356539346233633639343865303964366236373161393764353838
|
||||
65633631346166323961393532393133353838393332663963383566663136613232383662626165
|
||||
63643838306332373237393938326131633838613331363663653638623830633364373464376463
|
||||
39623034306164393863343133313135653839363236613232663563346334303333313634333334
|
||||
6635
|
||||
30363130386561646336636635623233636561653537343264396430646133653162633465656534
|
||||
3530623161663966623438303363313361303833313030610a363831666334666633313437323965
|
||||
33666235306361333935316330623830393561636361316635653036636632623637316334616536
|
||||
3662346361333537340a323334386666353265623130343234396565646532303365646236636466
|
||||
33393539336230373764363865313863373733313563313966376435383938336635666536643439
|
||||
6531303137623765343263303534633562643435393864313662
|
||||
ansible_hashi_vault_secret_id: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65303663656662666661663939343535336163366537623261346332353130613664633261376131
|
||||
6264313136653263333938383866626432633262313764330a393130353566626433333036313965
|
||||
61666565633561383862373231646462353336316430613561663031383930313232646263623065
|
||||
3033313738363866390a636539346337333066616434653633333339343961303935643766633034
|
||||
61356234643138313330313466383462396338306238396230386139396230383131343766313830
|
||||
3761346335636564373637353364333935653934393532373833
|
||||
|
||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
||||
39333338306565383435326465386366356164643834303431623961653731303139633332326133
|
||||
6561653432656462330a303966633132366637633235316631353839383331333765336237353135
|
||||
39363465623933393535643862316262303333363038636634326233316636396666
|
||||
secrets_path: aranea-docker/env
|
||||
vault_engine_mount_point: aranea-docker/env
|
||||
|
||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
||||
66376165623634653966313033613230306365393334663334363730653330313031326231383739
|
||||
3036633032376133370a316463653162633566303363376631383033396234383366633737383066
|
||||
35393931393132323062386262623966646139613838373536313631643330313761
|
||||
secrets_path: benedikta-docker/env
|
||||
vault_engine_mount_point: benedikta-docker/env
|
||||
|
||||
+1
-1
@@ -1,2 +1,2 @@
|
||||
appdata_base_path: /home/pi/.config/docker
|
||||
secrets_path: rikku-docker/env
|
||||
vault_engine_mount_point: rikku-docker/env
|
||||
|
||||
+1
-1
@@ -6,7 +6,7 @@ ansible_become_password: !vault |
|
||||
31623863633966303738643733643633353265396264613734333461643862663965663230663437
|
||||
6136373035303834630a653263626365623838363236303931643565656232326536643239653238
|
||||
64313034313663653332343464383565383964373438663661346538366636323162
|
||||
secrets_path: rinoa-docker/env
|
||||
vault_engine_mount_point: rinoa-docker
|
||||
file_metadata:
|
||||
"hashicorp-vault/config/vault-config.hcl.j2":
|
||||
owner: "100"
|
||||
|
||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
||||
64623239343238363763386466626632383230633062383263323433353634373539373861383038
|
||||
3837383436363138330a653566653731653065343538363733353432646136336335643666376133
|
||||
31623634636561636635396136636538613338313862396439376435613337373637
|
||||
secrets_path: ultima-docker/env
|
||||
vault_engine_mount_point: ultima-docker
|
||||
|
||||
@@ -117,6 +117,9 @@
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker')['secret']['AUTHELIA_SESSION_SECRET'] }}"
|
||||
|
||||
- name: Deploy template files
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
|
||||
Reference in New Issue
Block a user