From af284c13ebc398127c1fbb49a5567e10ce543651 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:03:34 -0400 Subject: [PATCH 1/7] Adding AdGuard to Loggifly. --- app-configs/rinoa/loggifly/config.yaml.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app-configs/rinoa/loggifly/config.yaml.j2 b/app-configs/rinoa/loggifly/config.yaml.j2 index 0ddb46c..2a458e4 100644 --- a/app-configs/rinoa/loggifly/config.yaml.j2 +++ b/app-configs/rinoa/loggifly/config.yaml.j2 @@ -1,6 +1,10 @@ {% set vault_addr = 'https://vault.trez.wtf' %} {% set secrets_path = 'rinoa-docker/env' %} containers: + adguard: + action_keywords: + - restart: + regex: '\[error\] dnsproxy.*timeout' ghost_blog: action_keywords: - restart: -- 2.52.0 From 3573eb860deeb84d88d7ee5968b3cbdb8138b64c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:03:50 -0400 Subject: [PATCH 2/7] Fixing host_vars for Rinoa. --- host_vars/rinoa.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/host_vars/rinoa.yml b/host_vars/rinoa.yml index 443590a..c57ab13 100644 --- a/host_vars/rinoa.yml +++ b/host_vars/rinoa.yml @@ -1,15 +1,15 @@ appdata_base_path: /home/charish/.docker/config/appdata secrets_path: rinoa-docker/env file_metadata: - "app-configs/rinoa/mongodb/config/keyfile.j2": + "mongodb/config/keyfile.j2": owner: "999" group: "999" mode: "0600" - "app-configs/rinoa/searxng/settings.yml.j2": + "searxng/settings.yml.j2": owner: "977" group: "977" mode: "0644" - "app-configs/rinoa/searxng/uwsgi.ini.j2": + "searxng/uwsgi.ini.j2": owner: "977" group: "977" mode: "0644" \ No newline at end of file -- 2.52.0 From 1415b929c3892eb6bacd3ce48f4bc21f35327b69 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:23:17 -0400 Subject: [PATCH 3/7] Become_pass. --- host_vars/rinoa_vault.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 host_vars/rinoa_vault.yml diff --git a/host_vars/rinoa_vault.yml b/host_vars/rinoa_vault.yml new file mode 100644 index 0000000..54def8a --- /dev/null +++ b/host_vars/rinoa_vault.yml @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +30343838656230336531666139323932353161373838373665333434373538363038373637363335 +3936383639313466323337313962396162323037663866330a366535626236326335376538323531 +66393562653431393332373638383065353632373031323736376636353733373365666361323739 +3639383161646261630a383830616238336164376130316562323433646135373435643761643639 +62353735393532663561366631623465656538353737313761613135663532373933303931666130 +3133346439623831383766393930356361343137376361313530 -- 2.52.0 From 27cb0381561f22945bb80240ee68615111528cfe Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:36:15 -0400 Subject: [PATCH 4/7] Rinoa Vault. --- host_vars/rinoa_vault.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/host_vars/rinoa_vault.yml b/host_vars/rinoa_vault.yml index 54def8a..490ad03 100644 --- a/host_vars/rinoa_vault.yml +++ b/host_vars/rinoa_vault.yml @@ -1,7 +1,7 @@ $ANSIBLE_VAULT;1.1;AES256 -30343838656230336531666139323932353161373838373665333434373538363038373637363335 -3936383639313466323337313962396162323037663866330a366535626236326335376538323531 -66393562653431393332373638383065353632373031323736376636353733373365666361323739 -3639383161646261630a383830616238336164376130316562323433646135373435643761643639 -62353735393532663561366631623465656538353737313761613135663532373933303931666130 -3133346439623831383766393930356361343137376361313530 +64373031363133633233383737653165653034636261616166646130353564343466383933623333 +3064363737373635636232616334663362646138333666650a663461353938333065356431653466 +34616666633563303366343832303165626664613962636366653439376133313731653433646631 +6630663736303433650a363832366136626230353437663231663331363230313336636637383234 +34643964333835613566396465643731623265663063666164373262626330393139353238323839 +6236303734306233633863383664326463636666616331656665 -- 2.52.0 From bf35d8084454861b56c926bbc67eccc2a2561805 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:45:35 -0400 Subject: [PATCH 5/7] Regex tweak for SWAG. --- app-configs/rinoa/loggifly/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-configs/rinoa/loggifly/config.yaml.j2 b/app-configs/rinoa/loggifly/config.yaml.j2 index 2a458e4..bb606e7 100644 --- a/app-configs/rinoa/loggifly/config.yaml.j2 +++ b/app-configs/rinoa/loggifly/config.yaml.j2 @@ -36,7 +36,7 @@ containers: swag: action_keywords: - restart: - regex: '^s6-.*: fatal.*$' + regex: 's6-.*: fatal.*$' global_keywords: keywords: - panic -- 2.52.0 From 6edaed29ce8d86404e8e4a4284bfa26876b066e8 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 10:45:55 -0400 Subject: [PATCH 6/7] Passing become_pass for Ansible playbook action. --- .gitea/workflows/gitea_tar-valon_ansible_deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml index 3971d73..728ca27 100644 --- a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml +++ b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml @@ -229,6 +229,7 @@ jobs: options: | --inventory inventory/hosts.yml --limit ${{ matrix.host }} + --ask-become-pass - name: Gotify Notification uses: eikendev/gotify-action@master -- 2.52.0 From 83cce21c43ce516b3914a2ba1f68070ff02dc8a0 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 9 Oct 2025 11:38:05 -0400 Subject: [PATCH 7/7] Fixes for ansible_become. --- .gitea/workflows/gitea_tar-valon_ansible_deploy.yml | 1 - host_vars/rinoa.yml | 9 ++++++++- host_vars/rinoa_vault.yml | 7 ------- tar-valon_config_deploy.yml | 7 +++++++ 4 files changed, 15 insertions(+), 9 deletions(-) delete mode 100644 host_vars/rinoa_vault.yml diff --git a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml index 728ca27..3971d73 100644 --- a/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml +++ b/.gitea/workflows/gitea_tar-valon_ansible_deploy.yml @@ -229,7 +229,6 @@ jobs: options: | --inventory inventory/hosts.yml --limit ${{ matrix.host }} - --ask-become-pass - name: Gotify Notification uses: eikendev/gotify-action@master diff --git a/host_vars/rinoa.yml b/host_vars/rinoa.yml index c57ab13..1cc0934 100644 --- a/host_vars/rinoa.yml +++ b/host_vars/rinoa.yml @@ -1,4 +1,11 @@ appdata_base_path: /home/charish/.docker/config/appdata +ansible_become_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33393031336537653965343539636434613066326131653737396561653031336665633430353837 + 3166363261623634363162626161633831316539643339620a326538663930396335646631356335 + 39643539313531646566353034313734646432626462646530303762323939613833663237316631 + 3134383462306432630a626163356437336331356339353332613265366564323234613732626331 + 64333464306531303163376566393065643136633165373364373733323838616437 secrets_path: rinoa-docker/env file_metadata: "mongodb/config/keyfile.j2": @@ -12,4 +19,4 @@ file_metadata: "searxng/uwsgi.ini.j2": owner: "977" group: "977" - mode: "0644" \ No newline at end of file + mode: "0644" diff --git a/host_vars/rinoa_vault.yml b/host_vars/rinoa_vault.yml deleted file mode 100644 index 490ad03..0000000 --- a/host_vars/rinoa_vault.yml +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64373031363133633233383737653165653034636261616166646130353564343466383933623333 -3064363737373635636232616334663362646138333666650a663461353938333065356431653466 -34616666633563303366343832303165626664613962636366653439376133313731653433646631 -6630663736303433650a363832366136626230353437663231663331363230313336636637383234 -34643964333835613566396465643731623265663063666164373262626330393139353238323839 -6236303734306233633863383664326463636666616331656665 diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml index 90c7800..89dbc9e 100644 --- a/tar-valon_config_deploy.yml +++ b/tar-valon_config_deploy.yml @@ -5,6 +5,8 @@ - rikku - benedikta gather_facts: false + become: true + become_method: sudo vars: default_owner: "1000" @@ -12,6 +14,11 @@ default_mode: "0644" pre_tasks: + - name: Load host-specific vaulted variables if they exist + ansible.builtin.include_vars: + file: "host_vars/{{ inventory_hostname }}_vault.yml" + ignore_errors: true + - name: Get remote user's UID and GID ansible.builtin.command: "id -u && id -g" register: remote_user_info -- 2.52.0