Auto Merge of PR 97 - patchmon-proxy-conf_2026-05-19T15-38-07

Merged by Trez.One
This commit was merged in pull request #97.
This commit is contained in:
2026-07-13 16:31:25 -04:00
61 changed files with 295 additions and 210 deletions
+1
View File
@@ -4,3 +4,4 @@ collections_path = ./collections
host_key_checking = False host_key_checking = False
retry_files_enabled = False retry_files_enabled = False
strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy strategy_plugins = plugins/mitogen-0.3.44/ansible_mitogen/plugins/strategy
strategy = mitogen_free
+7
View File
@@ -0,0 +1,7 @@
{% macro kv2_field(term, field, mount_point) -%}
{{ lookup(
'community.hashi_vault.vault_kv2_get',
term,
engine_mount_point=mount_point
)['secret'][field] }}
{%- endmacro %}
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
name: mariadb-backup name: mariadb-backup
description: "Backup of all databases from MariaDB container" description: "Backup of all databases from MariaDB container"
schedule: "30 23 * * *" schedule: "30 23 * * *"
env: env:
MARIADB_ROOT_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD'] }} MARIADB_ROOT_PASSWORD: \{\{ vault.kv2_field\('env', 'MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD', vault_engine_mount_point) }}
steps: steps:
- name: list-all-databases - name: list-all-databases
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rikku-docker/env' %}
http: http:
pprof: pprof:
@@ -9,7 +9,7 @@ http:
session_ttl: 720h session_ttl: 720h
users: users:
- name: admin - name: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rikku-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }} password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
auth_attempts: 5 auth_attempts: 5
block_auth_min: 15 block_auth_min: 15
http_proxy: "" http_proxy: ""
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
http: http:
pprof: pprof:
@@ -9,7 +9,7 @@ http:
session_ttl: 720h session_ttl: 720h
users: users:
- name: admin - name: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['ADGUARD_BCRYPT'] }} password: \{\{ vault.kv2_field\('env', 'ADGUARD_BCRYPT', vault_engine_mount_point) }}
auth_attempts: 5 auth_attempts: 5
block_auth_min: 15 block_auth_min: 15
http_proxy: "" http_proxy: ""
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
urls: urls:
- gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} - gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
- hassio://192.168.1.252/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_HA_TOKEN'] }} - hassio://192.168.1.252/\{\{ vault.kv2_field\('env', 'APPRISE_HA_TOKEN', vault_engine_mount_point) }}
- mailto://postal-smtp:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@postal-smtp:25?from=noreply@trez.wtf - mailto://postal-smtp:\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}@postal-smtp:25?from=noreply@trez.wtf
+13 -13
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json # yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
--- ---
@@ -64,11 +64,11 @@ authentication_backend:
mail: mail mail: mail
display_name: displayName display_name: displayName
user: uid=authelia,ou=people,dc=trez,dc=wtf user: uid=authelia,ou=people,dc=trez,dc=wtf
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}' password: "{{ vault.kv2_field('env', 'AUTHELIA_AUTH_BIND_LDAP_PASSWORD', vault_engine_mount_point) }}"
refresh_interval: 5m refresh_interval: 5m
identity_validation: identity_validation:
reset_password: reset_password:
jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_JWT_SECRET'] }}' jwt_secret: "{{ vault.kv2_field('env', 'AUTHELIA_JWT_SECRET', vault_engine_mount_point) }}"
password_policy: password_policy:
standard: standard:
enabled: true enabled: true
@@ -92,7 +92,7 @@ access_control:
rules: rules:
- domain_regex: - domain_regex:
- '^trez.wtf$' - '^trez.wtf$'
- ^www.trez.wtf$'' - ^www.trez.wtf$'
policy: bypass policy: bypass
- domain: '*.trez.wtf' - domain: '*.trez.wtf'
policy: bypass policy: bypass
@@ -112,7 +112,7 @@ access_control:
policy: bypass policy: bypass
session: session:
name: authelia_session name: authelia_session
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_SESSION_SECRET'] }}' secret: "{{ vault.kv2_field('env', 'AUTHELIA_SESSION_SECRET', vault_engine_mount_point) }}"
expiration: 1h expiration: 1h
inactivity: 5m inactivity: 5m
remember_me: 1M remember_me: 1M
@@ -124,12 +124,12 @@ session:
port: 6379 port: 6379
database_index: 0 database_index: 0
storage: storage:
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}' encryption_key: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', vault_engine_mount_point) }}"
postgres: postgres:
address: 'tcp://authelia-pg:5432' address: 'tcp://authelia-pg:5432'
database: authelia database: authelia
username: authelia username: authelia
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}' password: "{{ vault.kv2_field('env', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', vault_engine_mount_point) }}"
timeout: '5s' timeout: '5s'
regulation: regulation:
max_retries: 3 max_retries: 3
@@ -140,8 +140,8 @@ notifier:
smtp: smtp:
address: 'smtp://postal-smtp:25' address: 'smtp://postal-smtp:25'
timeout: '5s' timeout: '5s'
username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}' username: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}"
password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}' password: "{{ vault.kv2_field('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
sender: "Authelia <noreply@trez.wtf>" sender: "Authelia <noreply@trez.wtf>"
identifier: 'localhost' identifier: 'localhost'
subject: "[Authelia] {title}" subject: "[Authelia] {title}"
@@ -151,10 +151,10 @@ notifier:
disable_html_emails: false disable_html_emails: false
identity_providers: identity_providers:
oidc: oidc:
hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}' hmac_secret: "{{ vault.kv2_field('env', 'AUTHELIA_OIDC_HMAC_SECRET', vault_engine_mount_point) }}"
jwks: jwks:
- key: | - key: |
{{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }} {{ vault.kv2_field('env', 'AUTHELIA_OIDC_JWKS_KEY', vault_engine_mount_point) | replace("\\n", "\n") | indent(10) }}
cors: cors:
allowed_origins_from_client_redirect_uris: true allowed_origins_from_client_redirect_uris: true
endpoints: endpoints:
@@ -166,7 +166,7 @@ identity_providers:
clients: clients:
- client_id: 'netbird' - client_id: 'netbird'
client_name: 'NetBird' client_name: 'NetBird'
client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}' client_secret: "{{ vault.kv2_field('env', 'AUTHELIA_NETBIRD_CLIENT_SECRET', vault_engine_mount_point) }}"
public: false public: false
authorization_policy: 'two_factor' authorization_policy: 'two_factor'
redirect_uris: redirect_uris:
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
source: journalctl source: journalctl
journalctl_filter: journalctl_filter:
- "--directory=/var/log/host/" - "--directory=/var/log/host/"
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
common: common:
daemonize: false daemonize: false
log_media: stdout log_media: stdout
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
url: http://0.0.0.0:8080 url: http://0.0.0.0:8080
login: localhost login: localhost
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_LOCAL_API_KEY'] }} password: \{\{ vault.kv2_field\('env', 'CROWDSEC_LOCAL_API_KEY', vault_engine_mount_point) }}
@@ -1,6 +1,6 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
url: https://api.crowdsec.net/ url: https://api.crowdsec.net/
login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }} login: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['CROWDSEC_ONLINE_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'CROWDSEC_ONLINE_PASSWORD', vault_engine_mount_point) }}
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
name: default_ip_remediation name: default_ip_remediation
#debug: true #debug: true
+6 -6
View File
@@ -1,15 +1,15 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
EXPLO_SYSTEM: subsonic EXPLO_SYSTEM: subsonic
SYSTEM_URL: http://navidrome:4533 SYSTEM_URL: http://navidrome:4533
SYSTEM_USERNAME: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_USERNAME'] }} SYSTEM_USERNAME: \{\{ vault.kv2_field\('env', 'NAVIDROME_USERNAME', vault_engine_mount_point) }}
SYSTEM_PASSWORD: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }} SYSTEM_PASSWORD: \{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}
DOWNLOAD_DIR: /downloads DOWNLOAD_DIR: /downloads
PLAYLIST_DIR: /playlists PLAYLIST_DIR: /playlists
LISTENBRAINZ_USER: Trez.One LISTENBRAINZ_USER: Trez.One
YOUTUBE_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUTUBE_DATA_API_V3_KEY'] }} YOUTUBE_API_KEY: \{\{ vault.kv2_field\('env', 'YOUTUBE_DATA_API_V3_KEY', vault_engine_mount_point) }}
SLSKD_URL: http://gluetun:5030 SLSKD_URL: http://gluetun:5030
SLSK_API_KEY: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }} SLSK_API_KEY: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
DOWNLOAD_SERVICES: DOWNLOAD_SERVICES:
# Assign a custom path to yt-dlp # Assign a custom path to yt-dlp
# YTDLP_PATH= # YTDLP_PATH=
+3 -3
View File
@@ -9,7 +9,7 @@ compression_level = 10
rpc_bind_addr = "[::]:3901" rpc_bind_addr = "[::]:3901"
rpc_public_addr = "localhost:3901" rpc_public_addr = "localhost:3901"
rpc_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_RPC_SECRET'] }}" rpc_secret = "\{\{ vault.kv2_field\('env', 'GARAGE_RPC_SECRET', vault_engine_mount_point) }}"
[s3_api] [s3_api]
s3_region = "us-east-fh-pln" s3_region = "us-east-fh-pln"
@@ -22,5 +22,5 @@ root_domain = ".garage.trez.wtf"
[admin] [admin]
api_bind_addr = "[::]:3903" api_bind_addr = "[::]:3903"
admin_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_ADMIN_TOKEN'] }}" admin_token = "\{\{ vault.kv2_field\('env', 'GARAGE_ADMIN_TOKEN', vault_engine_mount_point) }}"
metrics_token = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GARAGE_METRICS_TOKEN'] }}" metrics_token = "\{\{ vault.kv2_field\('env', 'GARAGE_METRICS_TOKEN', vault_engine_mount_point) }}"
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
{ {
"url": "blog.trez.wtf", "url": "blog.trez.wtf",
@@ -9,7 +9,7 @@
"host" : "mariadb", "host" : "mariadb",
"port" : 3306, "port" : 3306,
"user" : "ghost", "user" : "ghost",
"password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GHOST_DB_PASSWORD'] }}", "password" : "\{\{ vault.kv2_field\('env', 'GHOST_DB_PASSWORD', vault_engine_mount_point) }}",
"database" : "ghost_db" "database" : "ghost_db"
} }
}, },
@@ -21,8 +21,8 @@
"port": 25, "port": 25,
"secure": false, "secure": false,
"auth": { "auth": {
"user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }}", "user": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}",
"pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}" "pass": "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
} }
} }
}, },
+7 -7
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
APP_NAME = Gitea: Git with a cup of tea APP_NAME = Gitea: Git with a cup of tea
RUN_MODE = prod RUN_MODE = prod
@@ -27,7 +27,7 @@ DISABLE_SSH = false
SSH_PORT = 22 SSH_PORT = 22
SSH_LISTEN_PORT = 22 SSH_LISTEN_PORT = 22
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_LFS_JWT_SECRET'] }} LFS_JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_LFS_JWT_SECRET', vault_engine_mount_point) }}
OFFLINE_MODE = true OFFLINE_MODE = true
[database] [database]
@@ -36,7 +36,7 @@ DB_TYPE = postgres
HOST = gitea-db:5432 HOST = gitea-db:5432
NAME = gitea NAME = gitea
USER = gitea USER = gitea
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_PG_DB_PASSWORD'] }} PASSWD = \{\{ vault.kv2_field\('env', 'GITEA_PG_DB_PASSWORD', vault_engine_mount_point) }}
LOG_SQL = false LOG_SQL = false
SCHEMA = SCHEMA =
SSL_MODE = disable SSL_MODE = disable
@@ -70,7 +70,7 @@ INSTALL_LOCK = true
SECRET_KEY = SECRET_KEY =
REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = * REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_INTERNAL_TOKEN'] }} INTERNAL_TOKEN = \{\{ vault.kv2_field\('env', 'GITEA_INTERNAL_TOKEN', vault_engine_mount_point) }}
PASSWORD_HASH_ALGO = pbkdf2 PASSWORD_HASH_ALGO = pbkdf2
[service] [service]
@@ -89,7 +89,7 @@ NO_REPLY_ADDRESS = noreply@trez.wtf
PATH = /data/git/lfs PATH = /data/git/lfs
[mailer] [mailer]
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} PASSWD = \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
PROTOCOL = smtp PROTOCOL = smtp
ENABLED = true ENABLED = true
FROM = '"Gitea" <noreply@trez.wtf>' FROM = '"Gitea" <noreply@trez.wtf>'
@@ -112,7 +112,7 @@ DEFAULT_MERGE_STYLE = merge
DEFAULT_TRUST_MODEL = committer DEFAULT_TRUST_MODEL = committer
[oauth2] [oauth2]
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_OAUTH2_JWT_SECRET'] }} JWT_SECRET = \{\{ vault.kv2_field\('env', 'GITEA_OAUTH2_JWT_SECRET', vault_engine_mount_point) }}
[ui] [ui]
THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto THEMES = gitea-auto,catppuccin-blue-auto,catppuccin-flamingo-auto,catppuccin-green-auto,catppuccin-lavender-auto,catppuccin-mauve-auto,catppuccin-peach-auto,catppuccin-pink-auto,catppuccin-red-auto,catppuccin-rosewater-auto,catppuccin-sapphire-auto,catppuccin-sky-auto,catppuccin-teal-auto,catppuccin-yellow-auto,catppuccin-maroon-auto
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests # Gitea related configuration. Necessary for adding/updating comments on repository pull requests
gitea: gitea:
@@ -9,7 +9,7 @@ gitea:
# Created access token for the user that shall be used as bot account. # Created access token for the user that shall be used as bot account.
# User needs "Read project" permissions with access to "Pull Requests" # User needs "Read project" permissions with access to "Pull Requests"
token: token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}" value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_TOKEN', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# file: /path/to/gitea/token # file: /path/to/gitea/token
@@ -18,7 +18,7 @@ gitea:
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
webhook: webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}" secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# secretFile: /path/to/gitea/webhook/secret # secretFile: /path/to/gitea/webhook/secret
@@ -35,7 +35,7 @@ sonarqube:
# Created access token for the user that shall be used as bot account. # Created access token for the user that shall be used as bot account.
# User needs "Browse on project" permissions # User needs "Browse on project" permissions
token: token:
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}" value: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_TOKEN', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# file: /path/to/sonarqube/token # file: /path/to/sonarqube/token
@@ -45,7 +45,7 @@ sonarqube:
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
# validated. # validated.
webhook: webhook:
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}" secret: "\{\{ vault.kv2_field\('env', 'GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET', vault_engine_mount_point) }}"
# # or path to file containing the plain text secret # # or path to file containing the plain text secret
# secretFile: /path/to/sonarqube/webhook/secret # secretFile: /path/to/sonarqube/webhook/secret
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
+22 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
# For configuration options and examples, please see: # For configuration options and examples, please see:
@@ -20,6 +20,25 @@
# href: http://localhost/ # href: http://localhost/
# description: Homepage is 😎 # description: Homepage is 😎
- System Administration:
- PatchMon
href: https://patch.trez.wtf
description: Patch management for *NIX and Windows
icon: patchmon.svg
weight: 0
widget:
type: customapi
url: http://192.168.1.252:3000/api/v1/gethomepage/stats
headers:
Authorization: Basic \{\{ vault.kv2_field\('env', 'PATCHMON_API_BASE64_CREDS', vault_engine_mount_point) }}
mappings:
- field: total_hosts
label: Total Hosts
- field: hosts_needing_updates
label: Needs Updates
- field: security_updates
label: Security Updates
- Automation: - Automation:
- Home Assistant (Rikku): - Home Assistant (Rikku):
href: https://ha.trez.wtf href: https://ha.trez.wtf
@@ -29,7 +48,7 @@
widget: widget:
type: homeassistant type: homeassistant
url: http://192.168.1.252:8123 url: http://192.168.1.252:8123
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }} key: \{\{ vault.kv2_field\('env', 'HOMEPAGE_HOME_ASSISTANT_API_KEY', vault_engine_mount_point) }}
- Media Library: - Media Library:
- Audiomuse: - Audiomuse:
+4 -4
View File
@@ -1,12 +1,12 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
# For configuration options and examples, please see: # For configuration options and examples, please see:
# https://gethomepage.dev/en/configs/settings # https://gethomepage.dev/en/configs/settings
providers: providers:
openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }} openweathermap: \{\{ vault.kv2_field\('env', 'HOMEPAGE_OPENWEATHERMAP_API_KEY', vault_engine_mount_point) }}
# weatherapi: weatherapiapikey # weatherapi: weatherapiapikey
title: Rinoa Dashboard (trez.WTF) title: Rinoa Dashboard (trez.WTF)
headerStyle: underlined headerStyle: underlined
@@ -23,7 +23,7 @@ provider: duckduckgo
layout: layout:
System Administration: System Administration:
style: row style: row
columns: 5 columns: 4
Infrastructure/App Performance Monitoring: Infrastructure/App Performance Monitoring:
style: row style: row
columns: 5 columns: 5
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
--- ---
# For configuration options and examples, please see: # For configuration options and examples, please see:
+8 -8
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
######################################### #########################################
# #
# Database and other external servers # Database and other external servers
@@ -15,7 +15,7 @@ db:
host: invidious-db host: invidious-db
port: 5432 port: 5432
dbname: invidious dbname: invidious
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PG_DB_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'INVID_PG_DB_PASSWORD', vault_engine_mount_point) }}
## ##
## Database configuration using a single URI. This is an ## Database configuration using a single URI. This is an
@@ -88,7 +88,7 @@ check_tables: true
invidious_companion: invidious_companion:
- private_url: "http://invidious-companion:8282" - private_url: "http://invidious-companion:8282"
# # Uncomment for advanced reverse proxy configuration (see above). # # Uncomment for advanced reverse proxy configuration (see above).
- public_url: https://invid.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MY_TLD'] }}/companion - public_url: https://invid.\{\{ vault.kv2_field\('env', 'MY_TLD', vault_engine_mount_point) }}/companion
## ##
## API key for Invidious companion, used for securing the communication ## API key for Invidious companion, used for securing the communication
@@ -103,7 +103,7 @@ invidious_companion:
## Accepted values: a string (of length 16) ## Accepted values: a string (of length 16)
## Default: <none> ## Default: <none>
## ##
invidious_companion_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_COMPANION_KEY'] }} invidious_companion_key: \{\{ vault.kv2_field\('env', 'INVID_COMPANION_KEY', vault_engine_mount_point) }}
######################################### #########################################
# #
@@ -271,8 +271,8 @@ https_only: false
## Accepted values: String ## Accepted values: String
## Default: <none> ## Default: <none>
## ##
po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_PO_TOKEN'] }} po_token: \{\{ vault.kv2_field\('env', 'INVID_PO_TOKEN', vault_engine_mount_point) }}
visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_VISITOR_DATA'] }} visitor_data: \{\{ vault.kv2_field\('env', 'INVID_VISITOR_DATA', vault_engine_mount_point) }}
# ----------------------------- # -----------------------------
# Logging # Logging
@@ -532,7 +532,7 @@ jobs:
## Accepted values: a string ## Accepted values: a string
## Default: <none> ## Default: <none>
## ##
hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['INVID_HMAC_KEY'] }} hmac_key: \{\{ vault.kv2_field\('env', 'INVID_HMAC_KEY', vault_engine_mount_point) }}
## ##
## List of video IDs where the "download" widget must be ## List of video IDs where the "download" widget must be
@@ -1,9 +1,9 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
# IN application vars # IN application vars
IN_APP_URL=https://biz.trez.wtf IN_APP_URL=https://biz.trez.wtf
IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_APP_KEY'] }} IN_APP_KEY=\{\{ vault.kv2_field\('env', 'IN_APP_KEY', vault_engine_mount_point) }}
IN_APP_DEBUG=true IN_APP_DEBUG=true
IN_REQUIRE_HTTPS=false IN_REQUIRE_HTTPS=false
IN_PHANTOMJS_PDF_GENERATION=false IN_PHANTOMJS_PDF_GENERATION=false
@@ -18,7 +18,7 @@ IN_DB_HOST=mariadb
IN_DB_PORT=3306 IN_DB_PORT=3306
IN_DB_DATABASE=invoice_ninja IN_DB_DATABASE=invoice_ninja
IN_DB_USERNAME=ininja IN_DB_USERNAME=ininja
IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['IN_MYSQL_PASSWORD'] }} IN_DB_PASSWORD=\{\{ vault.kv2_field\('env', 'IN_MYSQL_PASSWORD', vault_engine_mount_point) }}
# Create initial user # Create initial user
# Default to these values if empty # Default to these values if empty
@@ -31,8 +31,8 @@ IN_PASSWORD=
IN_MAIL_MAILER=log IN_MAIL_MAILER=log
IN_MAIL_HOST=postal-smtp IN_MAIL_HOST=postal-smtp
IN_MAIL_PORT=25 IN_MAIL_PORT=25
IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }} IN_MAIL_USERNAME=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} IN_MAIL_PASSWORD=\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
IN_MAIL_ENCRYPTION=null IN_MAIL_ENCRYPTION=null
IN_MAIL_FROM_ADDRESS='noreply@trez.wtf' IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
IN_MAIL_FROM_NAME='Treasured IT' IN_MAIL_FROM_NAME='Treasured IT'
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<Config> <Config>
<BindAddress>*</BindAddress> <BindAddress>*</BindAddress>
@@ -7,7 +7,7 @@
<SslPort>6868</SslPort> <SslPort>6868</SslPort>
<EnableSsl>False</EnableSsl> <EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}</ApiKey> <ApiKey>\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<Branch>master</Branch> <Branch>master</Branch>
<LogLevel>trace</LogLevel> <LogLevel>trace</LogLevel>
+8 -8
View File
@@ -1,13 +1,13 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
{ {
"lidarr_address": "http://lidarr:8686", "lidarr_address": "http://lidarr:8686",
"lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }}", "lidarr_api_key": "\{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}", "spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/music", "root_folder_path": "/data/media/music",
"spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_ID'] }}", "spotify_client_id": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_ID', vault_engine_mount_point) }}",
"spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['YOUR_SPOTIFY_SECRET'] }}", "spotify_client_secret": "\{\{ vault.kv2_field\('env', 'YOUR_SPOTIFY_SECRET', vault_engine_mount_point) }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"lidarr_api_timeout": 120.0, "lidarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
@@ -17,8 +17,8 @@
"app_name": "lidify", "app_name": "lidify",
"app_rev": "0.09", "app_rev": "0.09",
"app_url": "lidify.trez.wtf", "app_url": "lidify.trez.wtf",
"last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}", "last_fm_api_key": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}", "last_fm_api_secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"mode": "LastFM", "mode": "LastFM",
"auto_start": false, "auto_start": false,
"auto_start_delay": 60 "auto_start_delay": 60
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
containers: containers:
# adguard: # adguard:
# action_keywords: # action_keywords:
@@ -44,7 +44,7 @@ global_keywords:
- fatal - fatal
notifications: notifications:
apprise: apprise:
url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki) url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }} # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
# settings are optional because they all have default values # settings are optional because they all have default values
settings: settings:
log_level: INFO # DEBUG, INFO, WARNING, ERROR log_level: INFO # DEBUG, INFO, WARNING, ERROR
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
scheduler: scheduler:
cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC cron: "45 23 * * *" # run every day at 6:00 and 18:00 UTC
retention: 14 # Retains 14 local backups retention: 14 # Retains 14 local backups
timeout: 60 # Operation timeout: 60 minutes timeout: 60 # Operation timeout: 60 minutes
target: target:
uri: mongodb://root:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGO_INITDB_ROOT_PASSWORD'] }}@mongodb:27017/admin?replicaSet=rinoa uri: mongodb://root:\{\{ vault.kv2_field\('env', 'MONGO_INITDB_ROOT_PASSWORD', vault_engine_mount_point) }}@mongodb:27017/admin?replicaSet=rinoa
noGzip: false # Disable gzip compression (false means compression is enabled) noGzip: false # Disable gzip compression (false means compression is enabled)
retry: retry:
@@ -23,8 +23,8 @@ validation:
smtp: smtp:
server: postal-stmp server: postal-stmp
port: 25 port: 25
username: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_USER'] }} username: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_USER', vault_engine_mount_point) }}
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}
from: noreply@trez.wtf from: noreply@trez.wtf
to: to:
- charish.patel@trez.wtf - charish.patel@trez.wtf
+1 -1
View File
@@ -1 +1 @@
{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MONGODB_REPLICA_SET_KEY'] }} \{\{ vault.kv2_field\('env', 'MONGODB_REPLICA_SET_KEY', vault_engine_mount_point) }}
@@ -32,8 +32,8 @@
"name": "lastfmSource", "name": "lastfmSource",
"clients": ["ListenBrainzClient", "malojaClient"], "clients": ["ListenBrainzClient", "malojaClient"],
"data": { "data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}", "apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}", "secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback" "redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
} }
}, },
@@ -43,7 +43,7 @@
"name": "listenBrainzSource", "name": "listenBrainzSource",
"clients": ["lastFmClient", "malojaClient"], "clients": ["lastFmClient", "malojaClient"],
"data": { "data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}", "token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
"username": "Trez.One" "username": "Trez.One"
} }
}, },
@@ -55,7 +55,7 @@
"data": { "data": {
"url": "http://navidrome:4533", "url": "http://navidrome:4533",
"user": "admin", "user": "admin",
"password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['NAVIDROME_PASSWORD'] }}" "password": "\{\{ vault.kv2_field\('env', 'NAVIDROME_PASSWORD', vault_engine_mount_point) }}"
} }
} }
], ],
@@ -66,8 +66,8 @@
"enabled": true, "enabled": true,
"name": "lastFmClient", "name": "lastFmClient",
"data": { "data": {
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_KEY'] }}", "apiKey": "\{\{ vault.kv2_field\('env', 'LASTFM_API_KEY', vault_engine_mount_point) }}",
"secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LASTFM_API_SECRET'] }}", "secret": "\{\{ vault.kv2_field\('env', 'LASTFM_API_SECRET', vault_engine_mount_point) }}",
"redirectUri": "https://scrobble.trez.wtf/lastfm/callback" "redirectUri": "https://scrobble.trez.wtf/lastfm/callback"
} }
}, },
@@ -76,7 +76,7 @@
"enabled": true, "enabled": true,
"name": "ListenBrainzClient", "name": "ListenBrainzClient",
"data": { "data": {
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}", "token": "\{\{ vault.kv2_field\('env', 'MALOJA_LISTENBRAINZ_TOKEN', vault_engine_mount_point) }}",
"username": "Trez.One" "username": "Trez.One"
} }
}, },
@@ -86,7 +86,7 @@
"name": "malojaClient", "name": "malojaClient",
"data": { "data": {
"url": "http://maloja:42010", "url": "http://maloja:42010",
"apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MALOJA_API_KEY'] }}" "apiKey": "\{\{ vault.kv2_field\('env', 'MALOJA_API_KEY', vault_engine_mount_point) }}"
} }
} }
], ],
@@ -96,7 +96,7 @@
"name": "Gotify", "name": "Gotify",
"type": "gotify", "type": "gotify",
"url": "http://gotify", "url": "http://gotify",
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}", "token": "\{\{ vault.kv2_field\('env', 'MULTI_SCROBBLER_GOTIFY_TOKEN', vault_engine_mount_point) }}",
"priorities": { "priorities": {
"info": 5, "info": 5,
"warn": 7, "warn": 7,
+6 -6
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
version: 2 version: 2
@@ -18,13 +18,13 @@ web_server:
main_db: main_db:
host: mariadb host: mariadb
username: postal username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
database: postal database: postal
message_db: message_db:
host: mariadb host: mariadb
username: postal username: postal
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_MYSQL_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'POSTAL_MYSQL_PASSWORD', vault_engine_mount_point) }}
prefix: postal prefix: postal
smtp_server: smtp_server:
@@ -52,11 +52,11 @@ smtp:
host: postal-smtp host: postal-smtp
port: 25 port: 25
username: rinoa/postal-smtp username: rinoa/postal-smtp
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}" password: "\{\{ vault.kv2_field\('env', 'POSTAL_SMTP_AUTH_PASSWORD', vault_engine_mount_point) }}"
from_name: Postal @ Rinoa from_name: Postal @ Rinoa
from_address: noreply@trez.wtf from_address: noreply@trez.wtf
rails: rails:
# This is generated automatically by the config initialization. It should be a random # This is generated automatically by the config initialization. It should be a random
# string unique to your installation. # string unique to your installation.
secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['POSTAL_RAILS_SECRET_KEY'] }}" secret_key: "\{\{ vault.kv2_field\('env', 'POSTAL_RAILS_SECRET_KEY', vault_engine_mount_point) }}"
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<Config> <Config>
<BindAddress>*</BindAddress> <BindAddress>*</BindAddress>
@@ -7,7 +7,7 @@
<SslPort>6969</SslPort> <SslPort>6969</SslPort>
<EnableSsl>False</EnableSsl> <EnableSsl>False</EnableSsl>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PROWLARR_API_KEY'] }}</ApiKey> <ApiKey>\{\{ vault.kv2_field\('env', 'PROWLARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<AuthenticationRequired>Enabled</AuthenticationRequired> <AuthenticationRequired>Enabled</AuthenticationRequired>
<Branch>master</Branch> <Branch>master</Branch>
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
# This is an example configuration file that documents all the options. # This is an example configuration file that documents all the options.
# It will need to be modified for your specific use case. # It will need to be modified for your specific use case.
# These are not default values. You MUST review the config settings and properly configure this EXAMPLE file. # These are not default values. You MUST review the config settings and properly configure this EXAMPLE file.
@@ -25,7 +25,7 @@ qbt:
# Pass environment variables to the config via !ENV tag # Pass environment variables to the config via !ENV tag
host: qbittorrentvpn:8080 host: qbittorrentvpn:8080
user: admin user: admin
pass: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['DELUGEVPN_PASSWORD'] }} pass: \{\{ vault.kv2_field\('env', 'DELUGEVPN_PASSWORD', vault_engine_mount_point) }}
settings: settings:
force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent. force_auto_tmm: False # Will force qBittorrent to enable Automatic Torrent Management for each torrent.
@@ -222,4 +222,4 @@ apprise:
# Mandatory to fill out the url of your apprise API endpoint # Mandatory to fill out the url of your apprise API endpoint
api_url: http://apprise-api:8000 api_url: http://apprise-api:8000
# Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki # Mandatory to fill out the notification url/urls based on the notification services provided by apprise. https://github.com/caronc/apprise/wiki
notify_url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['APPRISE_GOTIFY_TOKEN'] }} notify_url: gotify://gotify/\{\{ vault.kv2_field\('env', 'APPRISE_GOTIFY_TOKEN', vault_engine_mount_point) }}
+4 -4
View File
@@ -1,11 +1,11 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
{ {
"radarr_address": "http://radarr:7878", "radarr_address": "http://radarr:7878",
"radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}", "radarr_api_key": "\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/movies", "root_folder_path": "/data/media/movies",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}", "tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"radarr_api_timeout": 120.0, "radarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<Config> <Config>
<LogLevel>info</LogLevel> <LogLevel>info</LogLevel>
@@ -8,7 +8,7 @@
<SslCertPath></SslCertPath> <SslCertPath></SslCertPath>
<Port>7878</Port> <Port>7878</Port>
<UrlBase></UrlBase> <UrlBase></UrlBase>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['RADARR_API_KEY'] }}</ApiKey> <ApiKey>\{\{ vault.kv2_field\('env', 'RADARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism> <UpdateMechanism>Docker</UpdateMechanism>
<SslPort>9898</SslPort> <SslPort>9898</SslPort>
+6 -6
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
__version__ = 19 __version__ = 19
__encoding__ = utf-8 __encoding__ = utf-8
@@ -22,7 +22,7 @@ host = 0.0.0.0
port = 8080 port = 8080
https_port = 8090 https_port = 8090
username = thetrezuredone username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_PASSWORD'] }} password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_PASSWORD', vault_engine_mount_point) }}
bandwidth_max = 1000M bandwidth_max = 1000M
cache_limit = 1G cache_limit = 1G
web_dir = Glitter web_dir = Glitter
@@ -33,7 +33,7 @@ https_chain = ""
enable_https = 1 enable_https = 1
inet_exposure = 0 inet_exposure = 0
local_ranges = , local_ranges = ,
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_API_KEY'] }} api_key = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_API_KEY', vault_engine_mount_point) }}
nzb_key = 3c0fa874bb2748b58c1bd7512e649946 nzb_key = 3c0fa874bb2748b58c1bd7512e649946
permissions = 775 permissions = 775
download_dir = /storage/downloads/incomplete download_dir = /storage/downloads/incomplete
@@ -342,7 +342,7 @@ host = news.newshosting.com
port = 563 port = 563
timeout = 60 timeout = 60
username = thetrezuredone username = thetrezuredone
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }} password = \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
connections = 8 connections = 8
ssl = 1 ssl = 1
ssl_verify = 3 ssl_verify = 3
@@ -363,7 +363,7 @@ host = news.easynews.com
port = 443 port = 443
timeout = 60 timeout = 60
username = TrezOne username = TrezOne
password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }} password = \{\{ vault.kv2_field\('env', 'SABNZBDVPN_EASYNEWS_PASSWORD', vault_engine_mount_point) }}
connections = 60 connections = 60
ssl = 0 ssl = 0
ssl_verify = 3 ssl_verify = 3
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
bolt-path: /opt/scrutiny/influxdb/influxd.bolt bolt-path: /opt/scrutiny/influxdb/influxd.bolt
engine-path: /opt/scrutiny/influxdb/engine engine-path: /opt/scrutiny/influxdb/engine
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
general: general:
# Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG} # Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG}
@@ -51,7 +51,7 @@ server:
limiter: false limiter: false
public_instance: false public_instance: false
secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SEARXNG_SECRET_KEY'] }} # Is overwritten by ${SEARXNG_SECRET} secret_key: \{\{ vault.kv2_field\('env', 'SEARXNG_SECRET_KEY', vault_engine_mount_point) }} # Is overwritten by ${SEARXNG_SECRET}
image_proxy: true image_proxy: true
http_protocol_version: "1.0" http_protocol_version: "1.0"
method: "POST" method: "POST"
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
[uwsgi] [uwsgi]
# Listening address # Listening address
# default value: [::]:8080 (see Dockerfile) # default value: [::]:8080 (see Dockerfile)
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<?xml version="1.0"?> <?xml version="1.0"?>
<clickhouse> <clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables. <!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<?xml version="1.0"?> <?xml version="1.0"?>
<clickhouse> <clickhouse>
<!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables. <!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<?xml version="1.0"?> <?xml version="1.0"?>
<!-- <!--
NOTE: User and query level settings are set up in "users.xml" file. NOTE: User and query level settings are set up in "users.xml" file.
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<functions> <functions>
<function> <function>
<type>executable</type> <type>executable</type>
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<?xml version="1.0"?> <?xml version="1.0"?>
<clickhouse> <clickhouse>
<storage_configuration> <storage_configuration>
@@ -16,8 +16,8 @@
endpoint should be https://storage.googleapis.com/<bucket-name>/data/ endpoint should be https://storage.googleapis.com/<bucket-name>/data/
--> -->
<endpoint>http://minio:9000/signoz/data</endpoint> <endpoint>http://minio:9000/signoz/data</endpoint>
<access_key_id>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_ACCESS_KEY'] }}</access_key_id> <access_key_id>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_ACCESS_KEY', vault_engine_mount_point) }}</access_key_id>
<secret_access_key>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SIGNOZ_S3_SECRET_KEY'] }}</secret_access_key> <secret_access_key>\{\{ vault.kv2_field\('env', 'SIGNOZ_S3_SECRET_KEY', vault_engine_mount_point) }}</secret_access_key>
<!-- In case of S3, uncomment the below configuration in case you want to read <!-- In case of S3, uncomment the below configuration in case you want to read
AWS credentials from the Environment variables if they exist. --> AWS credentials from the Environment variables if they exist. -->
<!-- <use_environment_credentials>true</use_environment_credentials> --> <!-- <use_environment_credentials>true</use_environment_credentials> -->
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<?xml version="1.0"?> <?xml version="1.0"?>
<clickhouse> <clickhouse>
<!-- See also the files in users.d directory where the settings can be overridden. --> <!-- See also the files in users.d directory where the settings can be overridden. -->
+3 -3
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
<Config> <Config>
<LogLevel>info</LogLevel> <LogLevel>info</LogLevel>
@@ -8,7 +8,7 @@
<SslPort>9898</SslPort> <SslPort>9898</SslPort>
<UrlBase></UrlBase> <UrlBase></UrlBase>
<BindAddress>*</BindAddress> <BindAddress>*</BindAddress>
<ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}</ApiKey> <ApiKey>\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}</ApiKey>
<AuthenticationMethod>Forms</AuthenticationMethod> <AuthenticationMethod>Forms</AuthenticationMethod>
<UpdateMechanism>Docker</UpdateMechanism> <UpdateMechanism>Docker</UpdateMechanism>
<LaunchBrowser>True</LaunchBrowser> <LaunchBrowser>True</LaunchBrowser>
+4 -4
View File
@@ -1,12 +1,12 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
{ {
"sonarr_address": "http://192.168.1.2:8989", "sonarr_address": "http://192.168.1.2:8989",
"sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SONARR_API_KEY'] }}", "sonarr_api_key": "\{\{ vault.kv2_field\('env', 'SONARR_API_KEY', vault_engine_mount_point) }}",
"root_folder_path": "/data/media/shows", "root_folder_path": "/data/media/shows",
"tvdb_api_key": "", "tvdb_api_key": "",
"tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['TMDB_API_KEY'] }}", "tmdb_api_key": "\{\{ vault.kv2_field\('env', 'TMDB_API_KEY', vault_engine_mount_point) }}",
"fallback_to_top_result": false, "fallback_to_top_result": false,
"sonarr_api_timeout": 120.0, "sonarr_api_timeout": 120.0,
"quality_profile_id": 1, "quality_profile_id": 1,
+4 -4
View File
@@ -1,8 +1,8 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
[Lidarr] [Lidarr]
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['LIDARR_API_KEY'] }} api_key = \{\{ vault.kv2_field\('env', 'LIDARR_API_KEY', vault_engine_mount_point) }}
host_url = http://lidarr:8686 host_url = http://lidarr:8686
#This should be the path mounted in lidarr that points to your slskd download directory. #This should be the path mounted in lidarr that points to your slskd download directory.
#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below. #If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
@@ -10,7 +10,7 @@ download_dir = /storage
[Slskd] [Slskd]
#Api key from Slskd. Need to set this up manually. See link to Slskd docs above. #Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }} api_key = \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
host_url = http://gluetun:5030 host_url = http://gluetun:5030
#Slskd download directory. Should have set it up when installing Slskd. #Slskd download directory. Should have set it up when installing Slskd.
download_dir = /app/downloads download_dir = /app/downloads
+5 -5
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
directories: directories:
incomplete: /app/incomplete incomplete: /app/incomplete
@@ -198,15 +198,15 @@ rooms:
web: web:
authentication: authentication:
username: slskd username: slskd
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_WEB_PASSSWORD'] }} password: \{\{ vault.kv2_field\('env', 'SLSKD_WEB_PASSSWORD', vault_engine_mount_point) }}
api_keys: api_keys:
my_api_key: my_api_key:
key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSKD_API_KEY'] }} key: \{\{ vault.kv2_field\('env', 'SLSKD_API_KEY', vault_engine_mount_point) }}
role: readwrite role: readwrite
cidr: 0.0.0.0/0,::/0 cidr: 0.0.0.0/0,::/0
soulseek: soulseek:
address: vps.slsknet.org address: vps.slsknet.org
port: 2271 port: 2271
username: Trez.One username: Trez.One
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['SLSK_USER_PASSWORD'] }} password: \{\{ vault.kv2_field\('env', 'SLSK_USER_PASSWORD', vault_engine_mount_point) }}
diagnostic_level: Info diagnostic_level: Info
@@ -0,0 +1,47 @@
## Version 2025/07/18
# make sure that your <container_name> container is named <container_name>
# make sure that your dns has a cname set for <container_name>
server {
listen 443 ssl;
# listen 443 quic;
listen [::]:443 ssl;
# listen [::]:443 quic;
server_name patch.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth (requires ldap-location.conf in the location block)
#include /config/nginx/ldap-server.conf;
# enable for Authelia (requires authelia-location.conf in the location block)
#include /config/nginx/authelia-server.conf;
# enable for Authentik (requires authentik-location.conf in the location block)
#include /config/nginx/authentik-server.conf;
# enable for Tinyauth (requires tinyauth-location.conf in the location block)
#include /config/nginx/tinyauth-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable for ldap auth (requires ldap-server.conf in the server block)
#include /config/nginx/ldap-location.conf;
# enable for Authelia (requires authelia-server.conf in the server block)
#include /config/nginx/authelia-location.conf;
# enable for Authentik (requires authentik-server.conf in the server block)
#include /config/nginx/authentik-location.conf;
# enable for Tinyauth (requires tinyauth-server.conf in the server block)
#include /config/nginx/tinyauth-location.conf;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app 192.168.1.252;
set $upstream_port 3000;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
}
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
{ {
"always_keep_failed_tasks": true, "always_keep_failed_tasks": true,
+2 -2
View File
@@ -1,5 +1,5 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'rinoa-docker/env' %}
ydl_server: # youtube-dl-server specific settings ydl_server: # youtube-dl-server specific settings
port: 8080 # Port youtube-dl-server should listen on port: 8080 # Port youtube-dl-server should listen on
@@ -1,7 +1,7 @@
{% set vault_addr = 'https://vault.trez.wtf' %} {% import 'app-configs/_macros/hashivault_kv2.j2' as vault %}
{% set secrets_path = 'benedikta-docker/env' %}
{ {
"api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='benedikta-docker', url=vault_addr, token=vault_token)['secret']['HOME_ASSISTANT_LONG_LIVED_TOKEN'] }}", "api_key": "{{ vault.kv2_field('env', 'HOME_ASSISTANT_LONG_LIVED_TOKEN', vault_engine_mount_point) }}",
"host": "192.168.1.252:8123", "host": "192.168.1.252:8123",
"__mycroft_skill_firstrun": false "__mycroft_skill_firstrun": false
} }
+18 -10
View File
@@ -3,14 +3,22 @@
template_base_path: "{{ playbook_dir }}/app-configs" template_base_path: "{{ playbook_dir }}/app-configs"
# Vault server address # Vault server address
vault_addr: "https://vault.trez.wtf" vault_addr: "https://vault.trez.wtf"
vault_token: !vault | vault_env: "env"
ansible_hashi_vault_url: "https://vault.trez.wtf"
ansible_hashi_vault_auth_method: "approle"
ansible_hashi_vault_role_id: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
33356331366463343032656164363437313263623962303365306632336362353038653738336338 30363130386561646336636635623233636561653537343264396430646133653162633465656534
3261303838386531653661353231343361316566633531300a326637636135383832386466656235 3530623161663966623438303363313361303833313030610a363831666334666633313437323965
32316564653863346336316331306130333739663832613536323264336530383834323461313064 33666235306361333935316330623830393561636361316635653036636632623637316334616536
6639383633643866310a343332616235343462346436373035636266636239346438346633303932 3662346361333537340a323334386666353265623130343234396565646532303365646236636466
64383135616261326466643661356539346233633639343865303964366236373161393764353838 33393539336230373764363865313863373733313563313966376435383938336635666536643439
65633631346166323961393532393133353838393332663963383566663136613232383662626165 6531303137623765343263303534633562643435393864313662
63643838306332373237393938326131633838613331363663653638623830633364373464376463 ansible_hashi_vault_secret_id: !vault |
39623034306164393863343133313135653839363236613232663563346334303333313634333334 $ANSIBLE_VAULT;1.1;AES256
6635 65303663656662666661663939343535336163366537623261346332353130613664633261376131
6264313136653263333938383866626432633262313764330a393130353566626433333036313965
61666565633561383862373231646462353336316430613561663031383930313232646263623065
3033313738363866390a636539346337333066616434653633333339343961303935643766633034
61356234643138313330313466383462396338306238396230386139396230383131343766313830
3761346335636564373637353364333935653934393532373833
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
39333338306565383435326465386366356164643834303431623961653731303139633332326133 39333338306565383435326465386366356164643834303431623961653731303139633332326133
6561653432656462330a303966633132366637633235316631353839383331333765336237353135 6561653432656462330a303966633132366637633235316631353839383331333765336237353135
39363465623933393535643862316262303333363038636634326233316636396666 39363465623933393535643862316262303333363038636634326233316636396666
secrets_path: aranea-docker/env vault_engine_mount_point: aranea-docker/env
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
66376165623634653966313033613230306365393334663334363730653330313031326231383739 66376165623634653966313033613230306365393334663334363730653330313031326231383739
3036633032376133370a316463653162633566303363376631383033396234383366633737383066 3036633032376133370a316463653162633566303363376631383033396234383366633737383066
35393931393132323062386262623966646139613838373536313631643330313761 35393931393132323062386262623966646139613838373536313631643330313761
secrets_path: benedikta-docker/env vault_engine_mount_point: benedikta-docker/env
+1 -1
View File
@@ -1,2 +1,2 @@
appdata_base_path: /home/pi/.config/docker appdata_base_path: /home/pi/.config/docker
secrets_path: rikku-docker/env vault_engine_mount_point: rikku-docker/env
+1 -1
View File
@@ -6,7 +6,7 @@ ansible_become_password: !vault |
31623863633966303738643733643633353265396264613734333461643862663965663230663437 31623863633966303738643733643633353265396264613734333461643862663965663230663437
6136373035303834630a653263626365623838363236303931643565656232326536643239653238 6136373035303834630a653263626365623838363236303931643565656232326536643239653238
64313034313663653332343464383565383964373438663661346538366636323162 64313034313663653332343464383565383964373438663661346538366636323162
secrets_path: rinoa-docker/env vault_engine_mount_point: rinoa-docker
file_metadata: file_metadata:
"hashicorp-vault/config/vault-config.hcl.j2": "hashicorp-vault/config/vault-config.hcl.j2":
owner: "100" owner: "100"
+1 -1
View File
@@ -6,4 +6,4 @@ ansible_become_password: !vault |
64623239343238363763386466626632383230633062383263323433353634373539373861383038 64623239343238363763386466626632383230633062383263323433353634373539373861383038
3837383436363138330a653566653731653065343538363733353432646136336335643666376133 3837383436363138330a653566653731653065343538363733353432646136336335643666376133
31623634636561636635396136636538613338313862396439376435613337373637 31623634636561636635396136636538613338313862396439376435613337373637
secrets_path: ultima-docker/env vault_engine_mount_point: ultima-docker
+3
View File
@@ -117,6 +117,9 @@
loop_control: loop_control:
label: "{{ item }}" label: "{{ item }}"
- debug:
msg: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker')['secret']['AUTHELIA_SESSION_SECRET'] }}"
- name: Deploy template files - name: Deploy template files
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"