Merge pull request 'Adding Audiomuse to Homepage.' (#96) from audiomuse-homepage-add_2026-05-18T08-45-42 into main

Reviewed-on: #96

.gitea/workflows/gitea_tar-valon_ansible_deploy.yml

@@ -22,7 +22,7 @@ on:
       - "!renovate.json"
 
 env:
-  TEA_VERSION: "0.10.1"
+  TEA_VERSION: "0.14.0"
   VAULT_VERSION: "1.21.0"
   VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
   VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
@@ -68,7 +68,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        host: [rinoa, rikku, lunafreya, ultima]
+        host: [aranea, lunafreya, rinoa, rikku, ultima]
     env:
       VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
@@ -174,7 +174,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        host: [rinoa, rikku, lunafreya, ultima]
+        host: [aranea, lunafreya, rinoa, rikku, ultima]
     env:
       VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}

app-configs/rinoa/homepage/services.yaml.j2

@@ -31,3 +31,9 @@
             url: http://192.168.1.252:8123
             key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
 
+- Media Library:
+    - Audiomuse:
+        href: https://muse.trez.wtf
+        description: Automatic playlist generation using AI
+        icon: /icons/audiomuseai.png
+        weight: 0

app-configs/rinoa/searxng/limiter.toml

@@ -0,0 +1,55 @@
+[botdetection]
+
+# The prefix defines the number of leading bits in an address that are compared
+# to determine whether or not an address is part of a (client) network.
+
+ipv4_prefix = 32
+ipv6_prefix = 48
+
+# If the request IP is in trusted_proxies list, the client IP address is
+# extracted from the X-Forwarded-For and X-Real-IP headers. This should be
+# used if SearXNG is behind a reverse proxy or load balancer.
+
+trusted_proxies = [
+  '127.0.0.0/8',
+  '::1',
+  '192.168.0.0/16',
+  '172.16.0.0/12',
+  '172.17.0.0/12',
+  '172.18.0.0/12'
+  # '10.0.0.0/8',
+  # 'fd00::/8',
+]
+
+[botdetection.ip_limit]
+
+# To get unlimited access in a local network, by default link-local addresses
+# (networks) are not monitored by the ip_limit
+filter_link_local = false
+
+# activate link_token method in the ip_limit method
+link_token = false
+
+[botdetection.ip_lists]
+
+# In the limiter, the ip_lists method has priority over all other methods -> if
+# an IP is in the pass_ip list, it has unrestricted access and it is also not
+# checked if e.g. the "user agent" suggests a bot (e.g. curl).
+
+block_ip = [
+  # '93.184.216.34',  # IPv4 of example.org
+  # '257.1.1.1',      # invalid IP --> will be ignored, logged in ERROR class
+]
+
+pass_ip = [
+  # '192.168.0.0/16',      # IPv4 private network
+  # 'fe80::/10'            # IPv6 linklocal / wins over botdetection.ip_limit.filter_link_local
+  '192.168.0.0/16',
+  '172.16.0.0/12',
+  '172.17.0.0/12',
+  '172.18.0.0/12'
+]
+
+# Activate passlist of (hardcoded) IPs from the SearXNG organization,
+# e.g. `check.searx.space`.
+pass_searxng_org = true

app-configs/rinoa/searxng/settings.yml.j2

@@ -103,7 +103,7 @@ outgoing:
   # default timeout in seconds, can be override by engine
   request_timeout: 3.0
   # the maximum timeout in seconds
-  # max_request_timeout: 10.0
+  max_request_timeout: 10.0
   # suffix of searxng_useragent, could contain information like an email address
   # to the administrator
   useragent_suffix: ""
@@ -153,7 +153,7 @@ plugins:
     active: true
 
   searx.plugins.infinite_scroll.SXNGPlugin:
-    active: false
+    active: true
 
   searx.plugins.hash_plugin.SXNGPlugin:
     active: true

app-configs/rinoa/swag/nginx/proxy-confs/audiomuse.subdomain.conf

@@ -0,0 +1,47 @@
+## Version 2025/07/18
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
+
+server {
+    listen 443 ssl;
+    #    listen 443 quic;
+    listen [::]:443 ssl;
+    #    listen [::]:443 quic;
+
+    server_name muse.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+    # enable for Tinyauth (requires tinyauth-location.conf in the location block)
+    #include /config/nginx/tinyauth-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+        # enable for Tinyauth (requires tinyauth-server.conf in the server block)
+        #include /config/nginx/tinyauth-location.conf;
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app 192.168.1.248;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}

app-configs/rinoa/swag/nginx/proxy-confs/dagu.subdomain.conf

@@ -0,0 +1,47 @@
+## Version 2025/07/18
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
+
+server {
+    listen 443 ssl;
+    #    listen 443 quic;
+    listen [::]:443 ssl;
+    #    listen [::]:443 quic;
+
+    server_name cron.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+    # enable for Tinyauth (requires tinyauth-location.conf in the location block)
+    #include /config/nginx/tinyauth-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+        # enable for Tinyauth (requires tinyauth-server.conf in the server block)
+        #include /config/nginx/tinyauth-location.conf;
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app 192.168.1.241;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}

group_vars/all.yml

@@ -5,12 +5,12 @@ template_base_path: "{{ playbook_dir }}/app-configs"
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
     $ANSIBLE_VAULT;1.1;AES256
-    36643236376162313863326163316439326261646532653032393231303237353834373433613832
-    3435376637633532613264373866643663336462636465630a663337373365326661613030363730
-    37376337326563633663373462323137336664313737393264396139636632323935343837303863
-    6634393031366261300a363431393764633566636539363436313564613166353163633663373937
-    33623637626262366530366330373630363237393966646332363034623562623537323563313136
-    32396261326666623238366264386630663633336565363733613761373031376466333961353836
-    36333262313232613237326638383531396564353130333635646564383963376262303935656234
-    33653335396437613362333564363163643462306239626233666135336661646334363036623136
-    3132
+    33356331366463343032656164363437313263623962303365306632336362353038653738336338
+    3261303838386531653661353231343361316566633531300a326637636135383832386466656235
+    32316564653863346336316331306130333739663832613536323264336530383834323461313064
+    6639383633643866310a343332616235343462346436373035636266636239346438346633303932
+    64383135616261326466643661356539346233633639343865303964366236373161393764353838
+    65633631346166323961393532393133353838393332663963383566663136613232383662626165
+    63643838306332373237393938326131633838613331363663653638623830633364373464376463
+    39623034306164393863343133313135653839363236613232663563346334303333313634333334
+    6635

host_vars/aranea.yml

@@ -0,0 +1,9 @@
+appdata_base_path: /home/charish/.config/docker
+ansible_become_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  65303564363831353738376239316665393435363663323231383436366566353534636164656336
+  6661633033623139376338656131353964666232383331660a343933643030383438626661633661
+  39333338306565383435326465386366356164643834303431623961653731303139633332326133
+  6561653432656462330a303966633132366637633235316631353839383331333765336237353135
+  39363465623933393535643862316262303333363038636634326233316636396666
+secrets_path: aranea-docker/env

host_vars/benedikta.yml

@@ -1,2 +0,0 @@
-appdata_base_path: /home/charish/.config/docker
-secrets_path: benedikta-docker/env

host_vars/lunafreya.yml

@@ -0,0 +1,9 @@
+appdata_base_path: /home/charish/.config/docker
+ansible_become_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35396634626231373032376235343761316638376262333766376362363930666364303031306533
+  3664323164363738663965343933643536616135393036350a306161626161303935383434326536
+  66376165623634653966313033613230306365393334663334363730653330313031326231383739
+  3036633032376133370a316463653162633566303363376631383033396234383366633737383066
+  35393931393132323062386262623966646139613838373536313631643330313761
+secrets_path: benedikta-docker/env

inventory/hosts.yml

@@ -1,5 +1,8 @@
 all:
   hosts:
+    aranea:
+      ansible_host: 192.168.1.241
+      ansible_user: charish
     lunafreya:
       ansible_host: 192.168.1.250
       ansible_user: charish

tar-valon_config_deploy.yml

@@ -1,6 +1,7 @@
 ---
 - name: Deploy Docker Service Configurations (Ownership-aware & verbose)
   hosts:
+    - aranea
     - lunafreya
     - rikku
     - rinoa