Auto Merge of PR 97 - patchmon-proxy-conf_2026-05-19T15-38-07
Merged by Trez.One
This commit was merged in pull request #97.
This commit is contained in:
@@ -4,3 +4,4 @@ collections_path = ./collections
|
|||||||
host_key_checking = False
|
host_key_checking = False
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy
|
strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy
|
||||||
|
strategy = mitogen_free
|
||||||
|
|||||||
@@ -0,0 +1,7 @@
|
|||||||
|
{% macro kv2_field(term, field, mount_point) -%}
|
||||||
|
{{ lookup(
|
||||||
|
'community.hashi_vault.vault_kv2_get',
|
||||||
|
term,
|
||||||
|
engine_mount_point=mount_point
|
||||||
|
)['secret'][field] }}
|
||||||
|
{%- endmacro %}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
name: mariadb-backup
|
name: mariadb-backup
|
||||||
description: "Backup of all databases from MariaDB container"
|
description: "Backup of all databases from MariaDB container"
|
||||||
schedule: "30 23 * * *"
|
schedule: "30 23 * * *"
|
||||||
|
|
||||||
env:
|
env:
|
||||||
MARIADB_ROOT_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD'] }}
|
MARIADB_ROOT_PASSWORD: \{\{ vault.kv2_field\('env', 'MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD', vault_engine_mount_point) }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: list-all-databases
|
- name: list-all-databases
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rikku-docker/env' %}
|
|
||||||
|
|
||||||
http:
|
http:
|
||||||
pprof:
|
pprof:
|
||||||
@@ -9,7 +9,7 @@ http:
|
|||||||
session_ttl: 720h
|
session_ttl: 720h
|
||||||
users:
|
users:
|
||||||
- name: admin
|
- name: admin
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rikku-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
|
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
|
||||||
auth_attempts: 5
|
auth_attempts: 5
|
||||||
block_auth_min: 15
|
block_auth_min: 15
|
||||||
http_proxy: ""
|
http_proxy: ""
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
http:
|
http:
|
||||||
pprof:
|
pprof:
|
||||||
@@ -9,7 +9,7 @@ http:
|
|||||||
session_ttl: 720h
|
session_ttl: 720h
|
||||||
users:
|
users:
|
||||||
- name: admin
|
- name: admin
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }}
|
password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
|
||||||
auth_attempts: 5
|
auth_attempts: 5
|
||||||
block_auth_min: 15
|
block_auth_min: 15
|
||||||
http_proxy: ""
|
http_proxy: ""
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
urls:
|
urls:
|
||||||
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
- gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
|
||||||
- hassio://192.168.1.252/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_HA_TOKEN'] }}
|
- hassio://192.168.1.252/\{\{ vault.kv2_field\('env', 'APPRISE_HA_TOKEN', vault_engine_mount_point) }}
|
||||||
- mailto://postal-smtp:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@postal-smtp:25?from=noreply@trez.wtf
|
- mailto://postal-smtp:\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}@postal-smtp:25?from=noreply@trez.wtf
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
|
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
|
||||||
---
|
---
|
||||||
@@ -64,11 +64,11 @@ authentication_backend:
|
|||||||
mail: mail
|
mail: mail
|
||||||
display_name: displayName
|
display_name: displayName
|
||||||
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
user: uid=authelia,ou=people,dc=trez,dc=wtf
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
|
password: "{{ vault.kv2_field('env', 'AUTHELIA_AUTH_BIND_LDAP_PASSWORD', vault_engine_mount_point) }}"
|
||||||
refresh_interval: 5m
|
refresh_interval: 5m
|
||||||
identity_validation:
|
identity_validation:
|
||||||
reset_password:
|
reset_password:
|
||||||
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_JWT_SECRET'] }}'
|
jwt_secret: "{{ vault.kv2_field('env', 'AUTHELIA_JWT_SECRET', vault_engine_mount_point) }}"
|
||||||
password_policy:
|
password_policy:
|
||||||
standard:
|
standard:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -92,7 +92,7 @@ access_control:
|
|||||||
rules:
|
rules:
|
||||||
- domain_regex:
|
- domain_regex:
|
||||||
- '^trez.wtf$'
|
- '^trez.wtf$'
|
||||||
- ^www.trez.wtf$''
|
- ^www.trez.wtf$'
|
||||||
policy: bypass
|
policy: bypass
|
||||||
- domain: '*.trez.wtf'
|
- domain: '*.trez.wtf'
|
||||||
policy: bypass
|
policy: bypass
|
||||||
@@ -112,7 +112,7 @@ access_control:
|
|||||||
policy: bypass
|
policy: bypass
|
||||||
session:
|
session:
|
||||||
name: authelia_session
|
name: authelia_session
|
||||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
secret: "{{ vault.kv2_field('env', 'AUTHELIA_SESSION_SECRET', vault_engine_mount_point) }}"
|
||||||
expiration: 1h
|
expiration: 1h
|
||||||
inactivity: 5m
|
inactivity: 5m
|
||||||
remember_me: 1M
|
remember_me: 1M
|
||||||
@@ -124,12 +124,12 @@ session:
|
|||||||
port: 6379
|
port: 6379
|
||||||
database_index: 0
|
database_index: 0
|
||||||
storage:
|
storage:
|
||||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
encryption_key: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', vault_engine_mount_point) }}"
|
||||||
postgres:
|
postgres:
|
||||||
address: 'tcp://authelia-pg:5432'
|
address: 'tcp://authelia-pg:5432'
|
||||||
database: authelia
|
database: authelia
|
||||||
username: authelia
|
username: authelia
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
|
password: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', vault_engine_mount_point) }}"
|
||||||
timeout: '5s'
|
timeout: '5s'
|
||||||
regulation:
|
regulation:
|
||||||
max_retries: 3
|
max_retries: 3
|
||||||
@@ -140,8 +140,8 @@ notifier:
|
|||||||
smtp:
|
smtp:
|
||||||
address: 'smtp://postal-smtp:25'
|
address: 'smtp://postal-smtp:25'
|
||||||
timeout: '5s'
|
timeout: '5s'
|
||||||
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
|
username: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}"
|
||||||
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
|
password: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||||
sender: "Authelia <noreply@trez.wtf>"
|
sender: "Authelia <noreply@trez.wtf>"
|
||||||
identifier: 'localhost'
|
identifier: 'localhost'
|
||||||
subject: "[Authelia] {title}"
|
subject: "[Authelia] {title}"
|
||||||
@@ -151,10 +151,10 @@ notifier:
|
|||||||
disable_html_emails: false
|
disable_html_emails: false
|
||||||
identity_providers:
|
identity_providers:
|
||||||
oidc:
|
oidc:
|
||||||
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
|
hmac_secret: "{{ vault.kv2_field('env', 'AUTHELIA_OIDC_HMAC_SECRET', vault_engine_mount_point) }}"
|
||||||
jwks:
|
jwks:
|
||||||
- key: |
|
- key: |
|
||||||
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
|
{{ vault.kv2_field('env', 'AUTHELIA_OIDC_JWKS_KEY', vault_engine_mount_point) | replace("\\n", "\n") | indent(10) }}
|
||||||
cors:
|
cors:
|
||||||
allowed_origins_from_client_redirect_uris: true
|
allowed_origins_from_client_redirect_uris: true
|
||||||
endpoints:
|
endpoints:
|
||||||
@@ -166,7 +166,7 @@ identity_providers:
|
|||||||
clients:
|
clients:
|
||||||
- client_id: 'netbird'
|
- client_id: 'netbird'
|
||||||
client_name: 'NetBird'
|
client_name: 'NetBird'
|
||||||
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
|
client_secret: "{{ vault.kv2_field('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET', vault_engine_mount_point) }}"
|
||||||
public: false
|
public: false
|
||||||
authorization_policy: 'two_factor'
|
authorization_policy: 'two_factor'
|
||||||
redirect_uris:
|
redirect_uris:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
source: journalctl
|
source: journalctl
|
||||||
journalctl_filter:
|
journalctl_filter:
|
||||||
- "--directory=/var/log/host/"
|
- "--directory=/var/log/host/"
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
common:
|
common:
|
||||||
daemonize: false
|
daemonize: false
|
||||||
log_media: stdout
|
log_media: stdout
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
url: http://0.0.0.0:8080
|
url: http://0.0.0.0:8080
|
||||||
login: localhost
|
login: localhost
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_LOCAL_API_KEY'] }}
|
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_LOCAL_API_KEY', vault_engine_mount_point) }}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
url: https://api.crowdsec.net/
|
url: https://api.crowdsec.net/
|
||||||
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
login: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
name: default_ip_remediation
|
name: default_ip_remediation
|
||||||
#debug: true
|
#debug: true
|
||||||
|
|||||||
@@ -1,15 +1,15 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
EXPLO_SYSTEM: subsonic
|
EXPLO_SYSTEM: subsonic
|
||||||
SYSTEM_URL: http://navidrome:4533
|
SYSTEM_URL: http://navidrome:4533
|
||||||
SYSTEM_USERNAME: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_USERNAME'] }}
|
SYSTEM_USERNAME: \{\{ vault.kv2_field\('env', 'NAVIDROME_USERNAME', vault_engine_mount_point) }}
|
||||||
SYSTEM_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}
|
SYSTEM_PASSWORD: \{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}
|
||||||
DOWNLOAD_DIR: /downloads
|
DOWNLOAD_DIR: /downloads
|
||||||
PLAYLIST_DIR: /playlists
|
PLAYLIST_DIR: /playlists
|
||||||
LISTENBRAINZ_USER: Trez.One
|
LISTENBRAINZ_USER: Trez.One
|
||||||
YOUTUBE_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUTUBE_DATA_API_V3_KEY'] }}
|
YOUTUBE_API_KEY: \{\{ vault.kv2_field\('env', 'YOUTUBE_DATA_API_V3_KEY', vault_engine_mount_point) }}
|
||||||
SLSKD_URL: http://gluetun:5030
|
SLSKD_URL: http://gluetun:5030
|
||||||
SLSK_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
SLSK_API_KEY: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||||
DOWNLOAD_SERVICES:
|
DOWNLOAD_SERVICES:
|
||||||
# Assign a custom path to yt-dlp
|
# Assign a custom path to yt-dlp
|
||||||
# YTDLP_PATH=
|
# YTDLP_PATH=
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ compression_level = 10
|
|||||||
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
rpc_bind_addr = "[::]:3901"
|
||||||
rpc_public_addr = "localhost:3901"
|
rpc_public_addr = "localhost:3901"
|
||||||
rpc_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_RPC_SECRET'] }}"
|
rpc_secret = "\{\{ vault.kv2_field\('env', 'GARAGE_RPC_SECRET', vault_engine_mount_point) }}"
|
||||||
|
|
||||||
[s3_api]
|
[s3_api]
|
||||||
s3_region = "us-east-fh-pln"
|
s3_region = "us-east-fh-pln"
|
||||||
@@ -22,5 +22,5 @@ root_domain = ".garage.trez.wtf"
|
|||||||
|
|
||||||
[admin]
|
[admin]
|
||||||
api_bind_addr = "[::]:3903"
|
api_bind_addr = "[::]:3903"
|
||||||
admin_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_ADMIN_TOKEN'] }}"
|
admin_token = "\{\{ vault.kv2_field\('env', 'GARAGE_ADMIN_TOKEN', vault_engine_mount_point) }}"
|
||||||
metrics_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_METRICS_TOKEN'] }}"
|
metrics_token = "\{\{ vault.kv2_field\('env', 'GARAGE_METRICS_TOKEN', vault_engine_mount_point) }}"
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"url": "blog.trez.wtf",
|
"url": "blog.trez.wtf",
|
||||||
@@ -9,7 +9,7 @@
|
|||||||
"host" : "mariadb",
|
"host" : "mariadb",
|
||||||
"port" : 3306,
|
"port" : 3306,
|
||||||
"user" : "ghost",
|
"user" : "ghost",
|
||||||
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GHOST_DB_PASSWORD'] }}",
|
"password" : "\{\{ vault.kv2_field\('env', 'GHOST_DB_PASSWORD', vault_engine_mount_point) }}",
|
||||||
"database" : "ghost_db"
|
"database" : "ghost_db"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -21,8 +21,8 @@
|
|||||||
"port": 25,
|
"port": 25,
|
||||||
"secure": false,
|
"secure": false,
|
||||||
"auth": {
|
"auth": {
|
||||||
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
|
"user": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}",
|
||||||
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
"pass": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
APP_NAME = Gitea: Git with a cup of tea
|
APP_NAME = Gitea: Git with a cup of tea
|
||||||
RUN_MODE = prod
|
RUN_MODE = prod
|
||||||
@@ -27,7 +27,7 @@ DISABLE_SSH = false
|
|||||||
SSH_PORT = 22
|
SSH_PORT = 22
|
||||||
SSH_LISTEN_PORT = 22
|
SSH_LISTEN_PORT = 22
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_LFS_JWT_SECRET'] }}
|
LFS_JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_LFS_JWT_SECRET', vault_engine_mount_point) }}
|
||||||
OFFLINE_MODE = true
|
OFFLINE_MODE = true
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
@@ -36,7 +36,7 @@ DB_TYPE = postgres
|
|||||||
HOST = gitea-db:5432
|
HOST = gitea-db:5432
|
||||||
NAME = gitea
|
NAME = gitea
|
||||||
USER = gitea
|
USER = gitea
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_PG_DB_PASSWORD'] }}
|
PASSWD = \{\{ vault.kv2_field\('env', 'GITEA_PG_DB_PASSWORD', vault_engine_mount_point) }}
|
||||||
LOG_SQL = false
|
LOG_SQL = false
|
||||||
SCHEMA =
|
SCHEMA =
|
||||||
SSL_MODE = disable
|
SSL_MODE = disable
|
||||||
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
|
|||||||
SECRET_KEY =
|
SECRET_KEY =
|
||||||
REVERSE_PROXY_LIMIT = 1
|
REVERSE_PROXY_LIMIT = 1
|
||||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||||
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_INTERNAL_TOKEN'] }}
|
INTERNAL_TOKEN = \{\{ vault.kv2_field\('env', 'GITEA_INTERNAL_TOKEN', vault_engine_mount_point) }}
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
PASSWORD_HASH_ALGO = pbkdf2
|
||||||
|
|
||||||
[service]
|
[service]
|
||||||
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
|
|||||||
PATH = /data/git/lfs
|
PATH = /data/git/lfs
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
PASSWD = \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||||
PROTOCOL = smtp
|
PROTOCOL = smtp
|
||||||
ENABLED = true
|
ENABLED = true
|
||||||
FROM = '"Gitea" <noreply@trez.wtf>'
|
FROM = '"Gitea" <noreply@trez.wtf>'
|
||||||
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
|
|||||||
DEFAULT_TRUST_MODEL = committer
|
DEFAULT_TRUST_MODEL = committer
|
||||||
|
|
||||||
[oauth2]
|
[oauth2]
|
||||||
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
|
JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_OAUTH2_JWT_SECRET', vault_engine_mount_point) }}
|
||||||
|
|
||||||
[ui]
|
[ui]
|
||||||
THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto
|
THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
||||||
gitea:
|
gitea:
|
||||||
@@ -9,7 +9,7 @@ gitea:
|
|||||||
# Created access token for the user that shall be used as bot account.
|
# Created access token for the user that shall be used as bot account.
|
||||||
# User needs "Read project" permissions with access to "Pull Requests"
|
# User needs "Read project" permissions with access to "Pull Requests"
|
||||||
token:
|
token:
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_TOKEN', vault_engine_mount_point) }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# file: /path/to/gitea/token
|
# file: /path/to/gitea/token
|
||||||
|
|
||||||
@@ -18,7 +18,7 @@ gitea:
|
|||||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
||||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
||||||
webhook:
|
webhook:
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET', vault_engine_mount_point) }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# secretFile: /path/to/gitea/webhook/secret
|
# secretFile: /path/to/gitea/webhook/secret
|
||||||
|
|
||||||
@@ -35,7 +35,7 @@ sonarqube:
|
|||||||
# Created access token for the user that shall be used as bot account.
|
# Created access token for the user that shall be used as bot account.
|
||||||
# User needs "Browse on project" permissions
|
# User needs "Browse on project" permissions
|
||||||
token:
|
token:
|
||||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_TOKEN', vault_engine_mount_point) }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# file: /path/to/sonarqube/token
|
# file: /path/to/sonarqube/token
|
||||||
|
|
||||||
@@ -45,7 +45,7 @@ sonarqube:
|
|||||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
||||||
# validated.
|
# validated.
|
||||||
webhook:
|
webhook:
|
||||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET', vault_engine_mount_point) }}"
|
||||||
# # or path to file containing the plain text secret
|
# # or path to file containing the plain text secret
|
||||||
# secretFile: /path/to/sonarqube/webhook/secret
|
# secretFile: /path/to/sonarqube/webhook/secret
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
---
|
||||||
# For configuration options and examples, please see:
|
# For configuration options and examples, please see:
|
||||||
@@ -20,6 +20,25 @@
|
|||||||
# href: http://localhost/
|
# href: http://localhost/
|
||||||
# description: Homepage is 😎
|
# description: Homepage is 😎
|
||||||
|
|
||||||
|
- System Administration:
|
||||||
|
- PatchMon
|
||||||
|
href: https://patch.trez.wtf
|
||||||
|
description: Patch management for *NIX and Windows
|
||||||
|
icon: patchmon.svg
|
||||||
|
weight: 0
|
||||||
|
widget:
|
||||||
|
type: customapi
|
||||||
|
url: http://192.168.1.252:3000/api/v1/gethomepage/stats
|
||||||
|
headers:
|
||||||
|
Authorization: Basic \{\{ vault.kv2_field\('env', 'PATCHMON_API_BASE64_CREDS', vault_engine_mount_point) }}
|
||||||
|
mappings:
|
||||||
|
- field: total_hosts
|
||||||
|
label: Total Hosts
|
||||||
|
- field: hosts_needing_updates
|
||||||
|
label: Needs Updates
|
||||||
|
- field: security_updates
|
||||||
|
label: Security Updates
|
||||||
|
|
||||||
- Automation:
|
- Automation:
|
||||||
- Home Assistant (Rikku):
|
- Home Assistant (Rikku):
|
||||||
href: https://ha.trez.wtf
|
href: https://ha.trez.wtf
|
||||||
@@ -29,7 +48,7 @@
|
|||||||
widget:
|
widget:
|
||||||
type: homeassistant
|
type: homeassistant
|
||||||
url: http://192.168.1.252:8123
|
url: http://192.168.1.252:8123
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
|
key: \{\{ vault.kv2_field\('env', 'HOMEPAGE_HOME_ASSISTANT_API_KEY', vault_engine_mount_point) }}
|
||||||
|
|
||||||
- Media Library:
|
- Media Library:
|
||||||
- Audiomuse:
|
- Audiomuse:
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
---
|
||||||
# For configuration options and examples, please see:
|
# For configuration options and examples, please see:
|
||||||
# https://gethomepage.dev/en/configs/settings
|
# https://gethomepage.dev/en/configs/settings
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
openweathermap: \{\{ vault.kv2_field\('env', 'HOMEPAGE_OPENWEATHERMAP_API_KEY', vault_engine_mount_point) }}
|
||||||
# weatherapi: weatherapiapikey
|
# weatherapi: weatherapiapikey
|
||||||
title: Rinoa Dashboard (trez.WTF)
|
title: Rinoa Dashboard (trez.WTF)
|
||||||
headerStyle: underlined
|
headerStyle: underlined
|
||||||
@@ -23,7 +23,7 @@ provider: duckduckgo
|
|||||||
layout:
|
layout:
|
||||||
System Administration:
|
System Administration:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 4
|
||||||
Infrastructure/App Performance Monitoring:
|
Infrastructure/App Performance Monitoring:
|
||||||
style: row
|
style: row
|
||||||
columns: 5
|
columns: 5
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
---
|
---
|
||||||
# For configuration options and examples, please see:
|
# For configuration options and examples, please see:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
#########################################
|
#########################################
|
||||||
#
|
#
|
||||||
# Database and other external servers
|
# Database and other external servers
|
||||||
@@ -15,7 +15,7 @@ db:
|
|||||||
host: invidious-db
|
host: invidious-db
|
||||||
port: 5432
|
port: 5432
|
||||||
dbname: invidious
|
dbname: invidious
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PG_DB_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'INVID_PG_DB_PASSWORD', vault_engine_mount_point) }}
|
||||||
|
|
||||||
##
|
##
|
||||||
## Database configuration using a single URI. This is an
|
## Database configuration using a single URI. This is an
|
||||||
@@ -88,7 +88,7 @@ check_tables: true
|
|||||||
invidious_companion:
|
invidious_companion:
|
||||||
- private_url: "http://invidious-companion:8282"
|
- private_url: "http://invidious-companion:8282"
|
||||||
# # Uncomment for advanced reverse proxy configuration (see above).
|
# # Uncomment for advanced reverse proxy configuration (see above).
|
||||||
- public_url: https://invid.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MY_TLD'] }}/companion
|
- public_url: https://invid.\{\{ vault.kv2_field\('env', 'MY_TLD', vault_engine_mount_point) }}/companion
|
||||||
|
|
||||||
##
|
##
|
||||||
## API key for Invidious companion, used for securing the communication
|
## API key for Invidious companion, used for securing the communication
|
||||||
@@ -103,7 +103,7 @@ invidious_companion:
|
|||||||
## Accepted values: a string (of length 16)
|
## Accepted values: a string (of length 16)
|
||||||
## Default: <none>
|
## Default: <none>
|
||||||
##
|
##
|
||||||
invidious_companion_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_COMPANION_KEY'] }}
|
invidious_companion_key: \{\{ vault.kv2_field\('env', 'INVID_COMPANION_KEY', vault_engine_mount_point) }}
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
#
|
#
|
||||||
@@ -271,8 +271,8 @@ https_only: false
|
|||||||
## Accepted values: String
|
## Accepted values: String
|
||||||
## Default: <none>
|
## Default: <none>
|
||||||
##
|
##
|
||||||
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PO_TOKEN'] }}
|
po_token: \{\{ vault.kv2_field\('env', 'INVID_PO_TOKEN', vault_engine_mount_point) }}
|
||||||
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_VISITOR_DATA'] }}
|
visitor_data: \{\{ vault.kv2_field\('env', 'INVID_VISITOR_DATA', vault_engine_mount_point) }}
|
||||||
|
|
||||||
# -----------------------------
|
# -----------------------------
|
||||||
# Logging
|
# Logging
|
||||||
@@ -532,7 +532,7 @@ jobs:
|
|||||||
## Accepted values: a string
|
## Accepted values: a string
|
||||||
## Default: <none>
|
## Default: <none>
|
||||||
##
|
##
|
||||||
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_HMAC_KEY'] }}
|
hmac_key: \{\{ vault.kv2_field\('env', 'INVID_HMAC_KEY', vault_engine_mount_point) }}
|
||||||
|
|
||||||
##
|
##
|
||||||
## List of video IDs where the "download" widget must be
|
## List of video IDs where the "download" widget must be
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# IN application vars
|
# IN application vars
|
||||||
IN_APP_URL=https://biz.trez.wtf
|
IN_APP_URL=https://biz.trez.wtf
|
||||||
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_APP_KEY'] }}
|
IN_APP_KEY=\{\{ vault.kv2_field\('env', 'IN_APP_KEY', vault_engine_mount_point) }}
|
||||||
IN_APP_DEBUG=true
|
IN_APP_DEBUG=true
|
||||||
IN_REQUIRE_HTTPS=false
|
IN_REQUIRE_HTTPS=false
|
||||||
IN_PHANTOMJS_PDF_GENERATION=false
|
IN_PHANTOMJS_PDF_GENERATION=false
|
||||||
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
|
|||||||
IN_DB_PORT=3306
|
IN_DB_PORT=3306
|
||||||
IN_DB_DATABASE=invoice_ninja
|
IN_DB_DATABASE=invoice_ninja
|
||||||
IN_DB_USERNAME=ininja
|
IN_DB_USERNAME=ininja
|
||||||
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_MYSQL_PASSWORD'] }}
|
IN_DB_PASSWORD=\{\{ vault.kv2_field\('env', 'IN_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||||
|
|
||||||
# Create initial user
|
# Create initial user
|
||||||
# Default to these values if empty
|
# Default to these values if empty
|
||||||
@@ -31,8 +31,8 @@ IN_PASSWORD=
|
|||||||
IN_MAIL_MAILER=log
|
IN_MAIL_MAILER=log
|
||||||
IN_MAIL_HOST=postal-smtp
|
IN_MAIL_HOST=postal-smtp
|
||||||
IN_MAIL_PORT=25
|
IN_MAIL_PORT=25
|
||||||
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
IN_MAIL_USERNAME=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
|
||||||
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
IN_MAIL_PASSWORD=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||||
IN_MAIL_ENCRYPTION=null
|
IN_MAIL_ENCRYPTION=null
|
||||||
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
|
||||||
IN_MAIL_FROM_NAME='Treasured IT'
|
IN_MAIL_FROM_NAME='Treasured IT'
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
<Config>
|
||||||
<BindAddress>*</BindAddress>
|
<BindAddress>*</BindAddress>
|
||||||
@@ -7,7 +7,7 @@
|
|||||||
<SslPort>6868</SslPort>
|
<SslPort>6868</SslPort>
|
||||||
<EnableSsl>False</EnableSsl>
|
<EnableSsl>False</EnableSsl>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}</ApiKey>
|
<ApiKey>\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<Branch>master</Branch>
|
<Branch>master</Branch>
|
||||||
<LogLevel>trace</LogLevel>
|
<LogLevel>trace</LogLevel>
|
||||||
|
|||||||
@@ -1,13 +1,13 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"lidarr_address": "http://lidarr:8686",
|
"lidarr_address": "http://lidarr:8686",
|
||||||
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}",
|
"lidarr_api_key": "\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}",
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
|
||||||
"root_folder_path": "/data/media/music",
|
"root_folder_path": "/data/media/music",
|
||||||
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_ID'] }}",
|
"spotify_client_id": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_ID', vault_engine_mount_point) }}",
|
||||||
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}",
|
"spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"lidarr_api_timeout": 120.0,
|
"lidarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
@@ -17,8 +17,8 @@
|
|||||||
"app_name": "lidify",
|
"app_name": "lidify",
|
||||||
"app_rev": "0.09",
|
"app_rev": "0.09",
|
||||||
"app_url": "lidify.trez.wtf",
|
"app_url": "lidify.trez.wtf",
|
||||||
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
"last_fm_api_key": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||||
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
"last_fm_api_secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||||
"mode": "LastFM",
|
"mode": "LastFM",
|
||||||
"auto_start": false,
|
"auto_start": false,
|
||||||
"auto_start_delay": 60
|
"auto_start_delay": 60
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
containers:
|
containers:
|
||||||
# adguard:
|
# adguard:
|
||||||
# action_keywords:
|
# action_keywords:
|
||||||
@@ -44,7 +44,7 @@ global_keywords:
|
|||||||
- fatal
|
- fatal
|
||||||
notifications:
|
notifications:
|
||||||
apprise:
|
apprise:
|
||||||
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
|
||||||
# settings are optional because they all have default values
|
# settings are optional because they all have default values
|
||||||
settings:
|
settings:
|
||||||
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
log_level: INFO # DEBUG, INFO, WARNING, ERROR
|
||||||
|
|||||||
@@ -1,11 +1,11 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
scheduler:
|
scheduler:
|
||||||
cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC
|
cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC
|
||||||
retention: 14 # Retains 14 local backups
|
retention: 14 # Retains 14 local backups
|
||||||
timeout: 60 # Operation timeout: 60 minutes
|
timeout: 60 # Operation timeout: 60 minutes
|
||||||
target:
|
target:
|
||||||
uri: mongodb://root:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGO_INITDB_ROOT_PASSWORD'] }}@mongodb:27017/admin?replicaSet=rinoa
|
uri: mongodb://root:\{\{ vault.kv2_field\('env', 'MONGO_INITDB_ROOT_PASSWORD', vault_engine_mount_point) }}@mongodb:27017/admin?replicaSet=rinoa
|
||||||
noGzip: false # Disable gzip compression (false means compression is enabled)
|
noGzip: false # Disable gzip compression (false means compression is enabled)
|
||||||
|
|
||||||
retry:
|
retry:
|
||||||
@@ -23,8 +23,8 @@ validation:
|
|||||||
smtp:
|
smtp:
|
||||||
server: postal-stmp
|
server: postal-stmp
|
||||||
port: 25
|
port: 25
|
||||||
username: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
username: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
|
||||||
from: noreply@trez.wtf
|
from: noreply@trez.wtf
|
||||||
to:
|
to:
|
||||||
- charish.patel@trez.wtf
|
- charish.patel@trez.wtf
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGODB_REPLICA_SET_KEY'] }}
|
\{\{ vault.kv2_field\('env', 'MONGODB_REPLICA_SET_KEY', vault_engine_mount_point) }}
|
||||||
@@ -32,8 +32,8 @@
|
|||||||
"name": "lastfmSource",
|
"name": "lastfmSource",
|
||||||
"clients": ["ListenBrainzClient", "malojaClient"],
|
"clients": ["ListenBrainzClient", "malojaClient"],
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -43,7 +43,7 @@
|
|||||||
"name": "listenBrainzSource",
|
"name": "listenBrainzSource",
|
||||||
"clients": ["lastFmClient", "malojaClient"],
|
"clients": ["lastFmClient", "malojaClient"],
|
||||||
"data": {
|
"data": {
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
|
||||||
"username": "Trez.One"
|
"username": "Trez.One"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -55,7 +55,7 @@
|
|||||||
"data": {
|
"data": {
|
||||||
"url": "http://navidrome:4533",
|
"url": "http://navidrome:4533",
|
||||||
"user": "admin",
|
"user": "admin",
|
||||||
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}"
|
"password": "\{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -66,8 +66,8 @@
|
|||||||
"enabled": true,
|
"enabled": true,
|
||||||
"name": "lastFmClient",
|
"name": "lastFmClient",
|
||||||
"data": {
|
"data": {
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}",
|
"apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
|
||||||
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}",
|
"secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
|
||||||
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -76,7 +76,7 @@
|
|||||||
"enabled": true,
|
"enabled": true,
|
||||||
"name": "ListenBrainzClient",
|
"name": "ListenBrainzClient",
|
||||||
"data": {
|
"data": {
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
|
"token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
|
||||||
"username": "Trez.One"
|
"username": "Trez.One"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -86,7 +86,7 @@
|
|||||||
"name": "malojaClient",
|
"name": "malojaClient",
|
||||||
"data": {
|
"data": {
|
||||||
"url": "http://maloja:42010",
|
"url": "http://maloja:42010",
|
||||||
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_API_KEY'] }}"
|
"apiKey": "\{\{ vault.kv2_field\('env', 'MALOJA_API_KEY', vault_engine_mount_point) }}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -96,7 +96,7 @@
|
|||||||
"name": "Gotify",
|
"name": "Gotify",
|
||||||
"type": "gotify",
|
"type": "gotify",
|
||||||
"url": "http://gotify",
|
"url": "http://gotify",
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
|
"token": "\{\{ vault.kv2_field\('env', 'MULTI_SCROBBLER_GOTIFY_TOKEN', vault_engine_mount_point) }}",
|
||||||
"priorities": {
|
"priorities": {
|
||||||
"info": 5,
|
"info": 5,
|
||||||
"warn": 7,
|
"warn": 7,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
version: 2
|
version: 2
|
||||||
|
|
||||||
@@ -18,13 +18,13 @@ web_server:
|
|||||||
main_db:
|
main_db:
|
||||||
host: mariadb
|
host: mariadb
|
||||||
username: postal
|
username: postal
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||||
database: postal
|
database: postal
|
||||||
|
|
||||||
message_db:
|
message_db:
|
||||||
host: mariadb
|
host: mariadb
|
||||||
username: postal
|
username: postal
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
|
||||||
prefix: postal
|
prefix: postal
|
||||||
|
|
||||||
smtp_server:
|
smtp_server:
|
||||||
@@ -52,11 +52,11 @@ smtp:
|
|||||||
host: postal-smtp
|
host: postal-smtp
|
||||||
port: 25
|
port: 25
|
||||||
username: rinoa/postal-smtp
|
username: rinoa/postal-smtp
|
||||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
|
password: "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
|
||||||
from_name: Postal @ Rinoa
|
from_name: Postal @ Rinoa
|
||||||
from_address: noreply@trez.wtf
|
from_address: noreply@trez.wtf
|
||||||
|
|
||||||
rails:
|
rails:
|
||||||
# This is generated automatically by the config initialization. It should be a random
|
# This is generated automatically by the config initialization. It should be a random
|
||||||
# string unique to your installation.
|
# string unique to your installation.
|
||||||
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
|
secret_key: "\{\{ vault.kv2_field\('env', 'POSTAL_RAILS_SECRET_KEY', vault_engine_mount_point) }}"
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
<Config>
|
||||||
<BindAddress>*</BindAddress>
|
<BindAddress>*</BindAddress>
|
||||||
@@ -7,7 +7,7 @@
|
|||||||
<SslPort>6969</SslPort>
|
<SslPort>6969</SslPort>
|
||||||
<EnableSsl>False</EnableSsl>
|
<EnableSsl>False</EnableSsl>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
|
<ApiKey>\{\{ vault.kv2_field\('env', 'PROWLARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
<AuthenticationRequired>Enabled</AuthenticationRequired>
|
||||||
<Branch>master</Branch>
|
<Branch>master</Branch>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
# This is an example configuration file that documents all the options.
|
# This is an example configuration file that documents all the options.
|
||||||
# It will need to be modified for your specific use case.
|
# It will need to be modified for your specific use case.
|
||||||
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
|
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
|
||||||
@@ -25,7 +25,7 @@ qbt:
|
|||||||
# Pass environment variables to the config via !ENV tag
|
# Pass environment variables to the config via !ENV tag
|
||||||
host: qbittorrentvpn:8080
|
host: qbittorrentvpn:8080
|
||||||
user: admin
|
user: admin
|
||||||
pass: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['DELUGEVPN_PASSWORD'] }}
|
pass: \{\{ vault.kv2_field\('env', 'DELUGEVPN_PASSWORD', vault_engine_mount_point) }}
|
||||||
|
|
||||||
settings:
|
settings:
|
||||||
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
|
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
|
||||||
@@ -222,4 +222,4 @@ apprise:
|
|||||||
# Mandatory to fill out the url of your apprise API endpoint
|
# Mandatory to fill out the url of your apprise API endpoint
|
||||||
api_url: http://apprise-api:8000
|
api_url: http://apprise-api:8000
|
||||||
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
|
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
|
||||||
notify_url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }}
|
notify_url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"radarr_address": "http://radarr:7878",
|
"radarr_address": "http://radarr:7878",
|
||||||
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}",
|
"radarr_api_key": "\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}",
|
||||||
"root_folder_path": "/data/media/movies",
|
"root_folder_path": "/data/media/movies",
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
|
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"radarr_api_timeout": 120.0,
|
"radarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
<Config>
|
||||||
<LogLevel>info</LogLevel>
|
<LogLevel>info</LogLevel>
|
||||||
@@ -8,7 +8,7 @@
|
|||||||
<SslCertPath></SslCertPath>
|
<SslCertPath></SslCertPath>
|
||||||
<Port>7878</Port>
|
<Port>7878</Port>
|
||||||
<UrlBase></UrlBase>
|
<UrlBase></UrlBase>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}</ApiKey>
|
<ApiKey>\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
<UpdateMechanism>Docker</UpdateMechanism>
|
||||||
<SslPort>9898</SslPort>
|
<SslPort>9898</SslPort>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
__version__ = 19
|
__version__ = 19
|
||||||
__encoding__ = utf-8
|
__encoding__ = utf-8
|
||||||
@@ -22,7 +22,7 @@ host = 0.0.0.0
|
|||||||
port = 8080
|
port = 8080
|
||||||
https_port = 8090
|
https_port = 8090
|
||||||
username = thetrezuredone
|
username = thetrezuredone
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_PASSWORD'] }}
|
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_PASSWORD', vault_engine_mount_point) }}
|
||||||
bandwidth_max = 1000M
|
bandwidth_max = 1000M
|
||||||
cache_limit = 1G
|
cache_limit = 1G
|
||||||
web_dir = Glitter
|
web_dir = Glitter
|
||||||
@@ -33,7 +33,7 @@ https_chain = ""
|
|||||||
enable_https = 1
|
enable_https = 1
|
||||||
inet_exposure = 0
|
inet_exposure = 0
|
||||||
local_ranges = ,
|
local_ranges = ,
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_API_KEY'] }}
|
api_key = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_API_KEY', vault_engine_mount_point) }}
|
||||||
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
nzb_key = 3c0fa874bb2748b58c1bd7512e649946
|
||||||
permissions = 775
|
permissions = 775
|
||||||
download_dir = /storage/downloads/incomplete
|
download_dir = /storage/downloads/incomplete
|
||||||
@@ -342,7 +342,7 @@ host = news.newshosting.com
|
|||||||
port = 563
|
port = 563
|
||||||
timeout = 60
|
timeout = 60
|
||||||
username = thetrezuredone
|
username = thetrezuredone
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
|
password = \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
|
||||||
connections = 8
|
connections = 8
|
||||||
ssl = 1
|
ssl = 1
|
||||||
ssl_verify = 3
|
ssl_verify = 3
|
||||||
@@ -363,7 +363,7 @@ host = news.easynews.com
|
|||||||
port = 443
|
port = 443
|
||||||
timeout = 60
|
timeout = 60
|
||||||
username = TrezOne
|
username = TrezOne
|
||||||
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
|
password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_EASYNEWS_PASSWORD', vault_engine_mount_point) }}
|
||||||
connections = 60
|
connections = 60
|
||||||
ssl = 0
|
ssl = 0
|
||||||
ssl_verify = 3
|
ssl_verify = 3
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
bolt-path: /opt/scrutiny/influxdb/influxd.bolt
|
bolt-path: /opt/scrutiny/influxdb/influxd.bolt
|
||||||
engine-path: /opt/scrutiny/influxdb/engine
|
engine-path: /opt/scrutiny/influxdb/engine
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
general:
|
general:
|
||||||
# Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
|
# Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
|
||||||
@@ -51,7 +51,7 @@ server:
|
|||||||
limiter: false
|
limiter: false
|
||||||
public_instance: false
|
public_instance: false
|
||||||
|
|
||||||
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET}
|
secret_key: \{\{ vault.kv2_field\('env', 'SEARXNG_SECRET_KEY', vault_engine_mount_point) }} # Is overwritten by ${SEARXNG_SECRET}
|
||||||
image_proxy: true
|
image_proxy: true
|
||||||
http_protocol_version: "1.0"
|
http_protocol_version: "1.0"
|
||||||
method: "POST"
|
method: "POST"
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
[uwsgi]
|
[uwsgi]
|
||||||
# Listening address
|
# Listening address
|
||||||
# default value: [::]:8080 (see Dockerfile)
|
# default value: [::]:8080 (see Dockerfile)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<clickhouse>
|
<clickhouse>
|
||||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<clickhouse>
|
<clickhouse>
|
||||||
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<!--
|
<!--
|
||||||
NOTE: User and query level settings are set up in "users.xml" file.
|
NOTE: User and query level settings are set up in "users.xml" file.
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<functions>
|
<functions>
|
||||||
<function>
|
<function>
|
||||||
<type>executable</type>
|
<type>executable</type>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<clickhouse>
|
<clickhouse>
|
||||||
<storage_configuration>
|
<storage_configuration>
|
||||||
@@ -16,8 +16,8 @@
|
|||||||
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
|
endpoint should be https://storage.googleapis.com/<bucket-name>/data/
|
||||||
-->
|
-->
|
||||||
<endpoint>http://minio:9000/signoz/data</endpoint>
|
<endpoint>http://minio:9000/signoz/data</endpoint>
|
||||||
<access_key_id>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_ACCESS_KEY'] }}</access_key_id>
|
<access_key_id>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_ACCESS_KEY', vault_engine_mount_point) }}</access_key_id>
|
||||||
<secret_access_key>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_SECRET_KEY'] }}</secret_access_key>
|
<secret_access_key>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_SECRET_KEY', vault_engine_mount_point) }}</secret_access_key>
|
||||||
<!-- In case of S3, uncomment the below configuration in case you want to read
|
<!-- In case of S3, uncomment the below configuration in case you want to read
|
||||||
AWS credentials from the Environment variables if they exist. -->
|
AWS credentials from the Environment variables if they exist. -->
|
||||||
<!-- <use_environment_credentials>true</use_environment_credentials> -->
|
<!-- <use_environment_credentials>true</use_environment_credentials> -->
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<clickhouse>
|
<clickhouse>
|
||||||
<!-- See also the files in users.d directory where the settings can be overridden. -->
|
<!-- See also the files in users.d directory where the settings can be overridden. -->
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<Config>
|
<Config>
|
||||||
<LogLevel>info</LogLevel>
|
<LogLevel>info</LogLevel>
|
||||||
@@ -8,7 +8,7 @@
|
|||||||
<SslPort>9898</SslPort>
|
<SslPort>9898</SslPort>
|
||||||
<UrlBase></UrlBase>
|
<UrlBase></UrlBase>
|
||||||
<BindAddress>*</BindAddress>
|
<BindAddress>*</BindAddress>
|
||||||
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}</ApiKey>
|
<ApiKey>\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
|
||||||
<AuthenticationMethod>Forms</AuthenticationMethod>
|
<AuthenticationMethod>Forms</AuthenticationMethod>
|
||||||
<UpdateMechanism>Docker</UpdateMechanism>
|
<UpdateMechanism>Docker</UpdateMechanism>
|
||||||
<LaunchBrowser>True</LaunchBrowser>
|
<LaunchBrowser>True</LaunchBrowser>
|
||||||
|
|||||||
@@ -1,12 +1,12 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"sonarr_address": "http://192.168.1.2:8989",
|
"sonarr_address": "http://192.168.1.2:8989",
|
||||||
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}",
|
"sonarr_api_key": "\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}",
|
||||||
"root_folder_path": "/data/media/shows",
|
"root_folder_path": "/data/media/shows",
|
||||||
"tvdb_api_key": "",
|
"tvdb_api_key": "",
|
||||||
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}",
|
"tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
|
||||||
"fallback_to_top_result": false,
|
"fallback_to_top_result": false,
|
||||||
"sonarr_api_timeout": 120.0,
|
"sonarr_api_timeout": 120.0,
|
||||||
"quality_profile_id": 1,
|
"quality_profile_id": 1,
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
[Lidarr]
|
[Lidarr]
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}
|
api_key = \{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}
|
||||||
host_url = http://lidarr:8686
|
host_url = http://lidarr:8686
|
||||||
#This should be the path mounted in lidarr that points to your slskd download directory.
|
#This should be the path mounted in lidarr that points to your slskd download directory.
|
||||||
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
|
||||||
@@ -10,7 +10,7 @@ download_dir = /storage
|
|||||||
|
|
||||||
[Slskd]
|
[Slskd]
|
||||||
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
|
||||||
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
api_key = \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||||
host_url = http://gluetun:5030
|
host_url = http://gluetun:5030
|
||||||
#Slskd download directory. Should have set it up when installing Slskd.
|
#Slskd download directory. Should have set it up when installing Slskd.
|
||||||
download_dir = /app/downloads
|
download_dir = /app/downloads
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
directories:
|
directories:
|
||||||
incomplete: /app/incomplete
|
incomplete: /app/incomplete
|
||||||
@@ -198,15 +198,15 @@ rooms:
|
|||||||
web:
|
web:
|
||||||
authentication:
|
authentication:
|
||||||
username: slskd
|
username: slskd
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_WEB_PASSSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'SLSKD_WEB_PASSSWORD', vault_engine_mount_point) }}
|
||||||
api_keys:
|
api_keys:
|
||||||
my_api_key:
|
my_api_key:
|
||||||
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }}
|
key: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
|
||||||
role: readwrite
|
role: readwrite
|
||||||
cidr: 0.0.0.0/0,::/0
|
cidr: 0.0.0.0/0,::/0
|
||||||
soulseek:
|
soulseek:
|
||||||
address: vps.slsknet.org
|
address: vps.slsknet.org
|
||||||
port: 2271
|
port: 2271
|
||||||
username: Trez.One
|
username: Trez.One
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }}
|
password: \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
|
||||||
diagnostic_level: Info
|
diagnostic_level: Info
|
||||||
|
|||||||
@@ -0,0 +1,47 @@
|
|||||||
|
## Version 2025/07/18
|
||||||
|
# make sure that your <container_name> container is named <container_name>
|
||||||
|
# make sure that your dns has a cname set for <container_name>
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
# listen 443 quic;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
# listen [::]:443 quic;
|
||||||
|
|
||||||
|
server_name patch.*;
|
||||||
|
|
||||||
|
include /config/nginx/ssl.conf;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
# enable for ldap auth (requires ldap-location.conf in the location block)
|
||||||
|
#include /config/nginx/ldap-server.conf;
|
||||||
|
|
||||||
|
# enable for Authelia (requires authelia-location.conf in the location block)
|
||||||
|
#include /config/nginx/authelia-server.conf;
|
||||||
|
# enable for Authentik (requires authentik-location.conf in the location block)
|
||||||
|
#include /config/nginx/authentik-server.conf;
|
||||||
|
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
|
||||||
|
#include /config/nginx/tinyauth-server.conf;
|
||||||
|
location / {
|
||||||
|
# enable the next two lines for http auth
|
||||||
|
#auth_basic "Restricted";
|
||||||
|
#auth_basic_user_file /config/nginx/.htpasswd;
|
||||||
|
|
||||||
|
# enable for ldap auth (requires ldap-server.conf in the server block)
|
||||||
|
#include /config/nginx/ldap-location.conf;
|
||||||
|
|
||||||
|
# enable for Authelia (requires authelia-server.conf in the server block)
|
||||||
|
#include /config/nginx/authelia-location.conf;
|
||||||
|
# enable for Authentik (requires authentik-server.conf in the server block)
|
||||||
|
#include /config/nginx/authentik-location.conf;
|
||||||
|
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
|
||||||
|
#include /config/nginx/tinyauth-location.conf;
|
||||||
|
include /config/nginx/proxy.conf;
|
||||||
|
include /config/nginx/resolver.conf;
|
||||||
|
set $upstream_app 192.168.1.252;
|
||||||
|
set $upstream_port 3000;
|
||||||
|
set $upstream_proto http;
|
||||||
|
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
"always_keep_failed_tasks": true,
|
"always_keep_failed_tasks": true,
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
ydl_server: # youtube-dl-server specific settings
|
ydl_server: # youtube-dl-server specific settings
|
||||||
port: 8080 # Port youtube-dl-server should listen on
|
port: 8080 # Port youtube-dl-server should listen on
|
||||||
|
|||||||
+3
-3
@@ -1,7 +1,7 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
{% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
|
||||||
{% set secrets_path = 'benedikta-docker/env' %}
|
|
||||||
{
|
{
|
||||||
"api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='benedikta-docker', url=vault_addr, token=vault_token)['secret']['HOME_ASSISTANT_LONG_LIVED_TOKEN'] }}",
|
"api_key": "{{ vault.kv2_field('env', 'HOME_ASSISTANT_LONG_LIVED_TOKEN', vault_engine_mount_point) }}",
|
||||||
"host": "192.168.1.252:8123",
|
"host": "192.168.1.252:8123",
|
||||||
"__mycroft_skill_firstrun": false
|
"__mycroft_skill_firstrun": false
|
||||||
}
|
}
|
||||||
+18
-10
@@ -3,14 +3,22 @@
|
|||||||
template_base_path: "{{ playbook_dir }}/app-configs"
|
template_base_path: "{{ playbook_dir }}/app-configs"
|
||||||
# Vault server address
|
# Vault server address
|
||||||
vault_addr: "https://vault.trez.wtf"
|
vault_addr: "https://vault.trez.wtf"
|
||||||
vault_token: !vault |
|
vault_env: "env"
|
||||||
|
ansible_hashi_vault_url: "https://vault.trez.wtf"
|
||||||
|
ansible_hashi_vault_auth_method: "approle"
|
||||||
|
ansible_hashi_vault_role_id: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
33356331366463343032656164363437313263623962303365306632336362353038653738336338
|
30363130386561646336636635623233636561653537343264396430646133653162633465656534
|
||||||
3261303838386531653661353231343361316566633531300a326637636135383832386466656235
|
3530623161663966623438303363313361303833313030610a363831666334666633313437323965
|
||||||
32316564653863346336316331306130333739663832613536323264336530383834323461313064
|
33666235306361333935316330623830393561636361316635653036636632623637316334616536
|
||||||
6639383633643866310a343332616235343462346436373035636266636239346438346633303932
|
3662346361333537340a323334386666353265623130343234396565646532303365646236636466
|
||||||
64383135616261326466643661356539346233633639343865303964366236373161393764353838
|
33393539336230373764363865313863373733313563313966376435383938336635666536643439
|
||||||
65633631346166323961393532393133353838393332663963383566663136613232383662626165
|
6531303137623765343263303534633562643435393864313662
|
||||||
63643838306332373237393938326131633838613331363663653638623830633364373464376463
|
ansible_hashi_vault_secret_id: !vault |
|
||||||
39623034306164393863343133313135653839363236613232663563346334303333313634333334
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
6635
|
65303663656662666661663939343535336163366537623261346332353130613664633261376131
|
||||||
|
6264313136653263333938383866626432633262313764330a393130353566626433333036313965
|
||||||
|
61666565633561383862373231646462353336316430613561663031383930313232646263623065
|
||||||
|
3033313738363866390a636539346337333066616434653633333339343961303935643766633034
|
||||||
|
61356234643138313330313466383462396338306238396230386139396230383131343766313830
|
||||||
|
3761346335636564373637353364333935653934393532373833
|
||||||
|
|||||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
|||||||
39333338306565383435326465386366356164643834303431623961653731303139633332326133
|
39333338306565383435326465386366356164643834303431623961653731303139633332326133
|
||||||
6561653432656462330a303966633132366637633235316631353839383331333765336237353135
|
6561653432656462330a303966633132366637633235316631353839383331333765336237353135
|
||||||
39363465623933393535643862316262303333363038636634326233316636396666
|
39363465623933393535643862316262303333363038636634326233316636396666
|
||||||
secrets_path: aranea-docker/env
|
vault_engine_mount_point: aranea-docker/env
|
||||||
|
|||||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
|||||||
66376165623634653966313033613230306365393334663334363730653330313031326231383739
|
66376165623634653966313033613230306365393334663334363730653330313031326231383739
|
||||||
3036633032376133370a316463653162633566303363376631383033396234383366633737383066
|
3036633032376133370a316463653162633566303363376631383033396234383366633737383066
|
||||||
35393931393132323062386262623966646139613838373536313631643330313761
|
35393931393132323062386262623966646139613838373536313631643330313761
|
||||||
secrets_path: benedikta-docker/env
|
vault_engine_mount_point: benedikta-docker/env
|
||||||
|
|||||||
+1
-1
@@ -1,2 +1,2 @@
|
|||||||
appdata_base_path: /home/pi/.config/docker
|
appdata_base_path: /home/pi/.config/docker
|
||||||
secrets_path: rikku-docker/env
|
vault_engine_mount_point: rikku-docker/env
|
||||||
|
|||||||
+1
-1
@@ -6,7 +6,7 @@ ansible_become_password: !vault |
|
|||||||
31623863633966303738643733643633353265396264613734333461643862663965663230663437
|
31623863633966303738643733643633353265396264613734333461643862663965663230663437
|
||||||
6136373035303834630a653263626365623838363236303931643565656232326536643239653238
|
6136373035303834630a653263626365623838363236303931643565656232326536643239653238
|
||||||
64313034313663653332343464383565383964373438663661346538366636323162
|
64313034313663653332343464383565383964373438663661346538366636323162
|
||||||
secrets_path: rinoa-docker/env
|
vault_engine_mount_point: rinoa-docker
|
||||||
file_metadata:
|
file_metadata:
|
||||||
"hashicorp-vault/config/vault-config.hcl.j2":
|
"hashicorp-vault/config/vault-config.hcl.j2":
|
||||||
owner: "100"
|
owner: "100"
|
||||||
|
|||||||
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
|
|||||||
64623239343238363763386466626632383230633062383263323433353634373539373861383038
|
64623239343238363763386466626632383230633062383263323433353634373539373861383038
|
||||||
3837383436363138330a653566653731653065343538363733353432646136336335643666376133
|
3837383436363138330a653566653731653065343538363733353432646136336335643666376133
|
||||||
31623634636561636635396136636538613338313862396439376435613337373637
|
31623634636561636635396136636538613338313862396439376435613337373637
|
||||||
secrets_path: ultima-docker/env
|
vault_engine_mount_point: ultima-docker
|
||||||
|
|||||||
@@ -117,6 +117,9 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item }}"
|
label: "{{ item }}"
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker')['secret']['AUTHELIA_SESSION_SECRET'] }}"
|
||||||
|
|
||||||
- name: Deploy template files
|
- name: Deploy template files
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user